Patrik Karlsson
88275620ab
removed JtR support due to bugs in cracking module.
2012-07-16 15:59:43 +02:00
Patrik Karlsson
25a78e6ab0
change so that both Cain and JTR hashes can be stored at the same time and
...
added username report_auth_info
2012-07-16 14:13:35 +02:00
Patrik Karlsson
4859e0809e
add missing username to john hash
2012-07-16 09:14:44 +02:00
HD Moore
8fef1479ed
Trim string fields at first null
2012-07-15 23:12:40 -05:00
HD Moore
a57e712630
Be less verbose
2012-07-15 22:19:12 -05:00
HD Moore
b133428bc1
Better error handling in two web app modules
2012-07-15 21:56:00 -05:00
HD Moore
10db74d480
Show the IP address in the output
2012-07-15 21:35:43 -05:00
HD Moore
7f3aeca501
Put lipstick on this pig for the time being
2012-07-15 21:35:29 -05:00
James Lee
7091d1c65b
Add an exploit for sock_sendpage
...
Unfortunately, adds a dep on bionic for runtime compilation.
Gets ring0, sets the (res)uid to 0 and jumps to the payload. Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into. Single payloads work fine, though.
Also cleans up and improves local exploits' ability to compile C.
[SEERM #3038 ]
2012-07-15 20:29:48 -06:00
HD Moore
4509c11916
Fingerprint dd-wrt even when auth is required
2012-07-15 21:21:13 -05:00
HD Moore
6c058d9a9a
Skip blank usernames (corner case)
2012-07-15 21:14:55 -05:00
HD Moore
f111ae097e
Bail early if the user did not configure an injection parameter
2012-07-15 21:14:39 -05:00
HD Moore
44e56c87f1
Make super sure that blank creds are not reported
2012-07-15 20:56:31 -05:00
Patrik Karlsson
8889d89eea
msftidy cleanup
2012-07-16 02:07:45 +02:00
Patrik Karlsson
6331c33472
add MySQL password capturing module
...
This module provides a fake MySQL service that is designed to
capture authentication credentials. It captures challenge and
response pairs that can be supplied to Cain or JTR for
cracking.
2012-07-16 01:55:22 +02:00
HD Moore
0230ef60f6
Cosmetic
2012-07-15 15:46:54 -05:00
HD Moore
d6c6a3d0c5
Correct an issue with payload recalc during iteration
2012-07-15 15:45:25 -05:00
jvazquez-r7
8cf08c6ca3
Target W7 updated
2012-07-15 17:45:58 +02:00
sinn3r
e1ff6b0cef
Nicer cleanup
2012-07-14 17:57:32 -05:00
jvazquez-r7
bdf009d7a8
Review of pull request #606
2012-07-15 00:20:12 +02:00
HD Moore
6cdd044e10
Remove a buggy payload that doesn't have NX support
2012-07-12 12:15:57 -05:00
jvazquez-r7
2da984d700
Added module for OSVDB 83275
2012-07-12 13:12:31 +02:00
jvazquez-r7
6c8ee443c8
datastore cleanup according to sinn3r
2012-07-12 09:31:22 +02:00
jvazquez-r7
65d15df9f9
Merge branch 'jboss-revision' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-revision
2012-07-12 09:25:37 +02:00
jvazquez-r7
b12f13f837
Review of Pull request #594
2012-07-12 00:46:24 +02:00
jvazquez-r7
16cd847e5a
Merge branch 'mssql_review' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-mssql_review
2012-07-12 00:36:54 +02:00
jvazquez-r7
a840ff8cf8
Review of pull request #598
2012-07-12 00:34:17 +02:00
jvazquez-r7
f933d98d38
Review of #595
2012-07-12 00:19:27 +02:00
h0ng10
87f5002516
added datastore cleanup
2012-07-11 12:56:23 -04:00
h0ng10
0d38a7e45f
switched to Rex::Text.encode_base64()
2012-07-11 12:52:09 -04:00
HD Moore
2254086dbe
Replace event handler with a straightforward filter
2012-07-11 03:00:44 -05:00
HD Moore
eb8aa566b0
Merge pull request #597 from LittleLightLittleFire/cve-1723-typo-fix
...
Fix typo in Stefan's last name (for cve-2012-1723)
2012-07-11 00:24:23 -07:00
HD Moore
975d8004d3
Remove protected operator, not useful
2012-07-11 02:08:56 -05:00
HD Moore
430351fe79
Better handle of module cache when db_connect is run manually
2012-07-10 23:56:48 -05:00
LittleLightLittleFire
32fa8bdfcf
Fixed typo in Stefan's last name
2012-07-11 14:53:26 +10:00
HD Moore
a7d1a61af2
Handle non-failure module exits as well
2012-07-10 19:55:43 -05:00
sinn3r
3d4449c1e7
Merge branch 'm-1-k-3-autoexploit' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-m-1-k-3-autoexploit
2012-07-10 16:11:46 -05:00
sinn3r
ce107fbd6f
Rewrite how each mode is handled
2012-07-10 16:06:07 -05:00
m-1-k-3
b449c0e21c
new parameter
2012-07-10 20:04:03 +02:00
h0ng10
61ec07a10c
additional targets, meterpreter, bugfixes
2012-07-10 13:33:28 -04:00
sinn3r
06974cbc43
This bug is now patched
2012-07-10 12:28:46 -05:00
Alexandre Maloteaux
81ba60169f
ipv6 and arp_scanner fix
2012-07-10 18:28:24 +01:00
jvazquez-r7
4af75ff7ed
Added module for CVE-2011-4542
2012-07-10 18:40:18 +02:00
m-1-k-3
5b526de09d
bla
2012-07-10 13:21:32 +02:00
sinn3r
6f97b330e7
Merge branch 'LittleLightLittleFire-module-cve-2012-1723'
2012-07-10 00:50:31 -05:00
sinn3r
5b7d1f17c0
Correct juan's name and comments
2012-07-10 00:43:46 -05:00
sinn3r
54576a9bbd
Last touch-up
...
The contents of this pull request are very similar to what the msf
dev had in private, so everybody is credited for the effort.
2012-07-10 00:37:07 -05:00
sinn3r
64709be909
Merge branch 'module-cve-2012-1723' of https://github.com/LittleLightLittleFire/metasploit-framework into LittleLightLittleFire-module-cve-2012-1723
2012-07-10 00:27:36 -05:00
HD Moore
c532d4307a
Use the right failure reason
2012-07-10 00:26:14 -05:00
HD Moore
64e8956319
More small tweaks to import/export of attempts
2012-07-10 00:18:06 -05:00