9cf896ffa1
Pre-release fixups on titles and grammar
...
Fixing squid_pivot_scanning and enum_xchat
2012-04-02 11:24:49 -05:00
7b0ee58d9f
Fixing bug spotted by troulouliou in ipv6_neighbor
...
Just check for nilness, not the :symbol.
2012-04-02 10:02:59 -05:00
bd5f43c918
Add another good reference by @mihi42
2012-04-01 01:30:50 -05:00
bab4cddd83
Add Jeroen Frijters for finding/reporting the bug
2012-03-31 03:01:09 -05:00
1853f8b0c2
Merge pull request #291 from wchen-r7/enum_xchat
...
Add post module enum_xchat.rb
2012-03-31 00:42:15 -07:00
543f5ebfe2
Only display the retry message when necessary
2012-03-31 02:40:24 -05:00
4215030eb3
Set a limit to how many times we can retry
2012-03-31 02:38:46 -05:00
6e4ccaae6b
Add post module to collect xchat's configs and chat logs
2012-03-31 00:15:21 -05:00
cc54a260f5
Merge remote branch 'upstream/master'
2012-03-30 14:31:12 -06:00
0547369966
Add bap support for flash mp4 and new java bug
...
Also fixes a silly issue where adobe_flash_mp4_cprt was adding the
/test.mp4 resource after every request instead of just once at startup.
2012-03-30 12:59:07 -06:00
e723704a32
Merge pull request #289 from wchen-r7/enum_colloquy
...
Add post module enum_colloquy.rb to collect chatlogs and the plist
2012-03-30 09:24:32 -07:00
18a13a4bfb
Correct description
2012-03-30 11:22:55 -05:00
ae21c05e69
add osvdb ref
2012-03-30 07:26:07 -05:00
e018c6604f
Modify CVE-2012-0507
2012-03-30 02:06:56 -05:00
8d2a58dfd8
Add post module enum_colloquy.rb to collect chatlogs and the preferences list
2012-03-29 16:24:43 -05:00
f069a32223
Merge pull request #288 from wchen-r7/cve_2012_0507
...
Adding sinn3r and juan's exploit for CVE-2012-0507. Blog post coming soon.
2012-03-29 08:46:49 -07:00
791ebdb679
Add CVE-2012-0507 (Java)
2012-03-29 10:31:14 -05:00
bd4819e8f2
Merge pull request #238 from mak/linux-x64-find-port
...
linux/x64/shell_find_port payload
2012-03-29 05:54:54 -07:00
220ad7875f
Merge pull request #285 from wvandevanter-r7/squid_pivot_scanning
...
Squid pivot scanning
2012-03-29 05:02:05 -07:00
f5e05461f6
changed the false positive check IP to a user set variable
2012-03-28 22:18:56 -04:00
0fcab521d2
fixed print_bad
2012-03-28 02:32:03 -04:00
5248ec87b5
Fixing EDB reference
2012-03-27 16:49:47 -05:00
b1683c94ef
Merge pull request #281 from jlee-r7/module-tests
...
Module tests
2012-03-27 10:23:20 -07:00
812457fed0
Rename enum_user_dirs
2012-03-27 10:52:16 -06:00
5f9000efb3
Merge pull request #280 from wchen-r7/osx_airport
...
Add OSX Gather Airport post module
2012-03-27 05:48:26 -07:00
e44f9d06ec
Remove the extra 'require'
2012-03-27 01:24:12 -05:00
670e15b40f
Add OSX Gather Airport post module
2012-03-27 01:18:38 -05:00
fb9163caf9
Merge pull request #278 from wchen-r7/manageengine_deviceexpert
...
Add OSVDB-80262 ManageEngine DeviceExpert
2012-03-26 14:42:36 -07:00
7a74cc7694
Quoting "Chicken of the VNC"
...
Otherwise, this looks like a nonsense string to people not familiar with
this application.
2012-03-26 16:26:40 -05:00
8fbf4cf6d9
Grammar on dns_txt_query_exec payload name and desc
2012-03-26 16:23:54 -05:00
d95d60670e
Fix up desc again on enum_dns
2012-03-26 16:20:00 -05:00
14b45f9fb1
More fixes to enum_dns.rb
...
* Should use 'and', not & (bitwise AND)
* Made capitalization sane for Anglophones. See: http://owl.english.purdue.edu/owl/resource/592/1/
2012-03-26 16:14:04 -05:00
dc6f76eb20
Style fixes for enum_dns.rb
...
* Use a dotted.notation for note types
* Changed title to something more descriptive
* Expanded description
* Other trivial changes
2012-03-26 16:08:39 -05:00
79d74b8768
ADD OSVDB-80262
2012-03-26 12:58:18 -05:00
19fc8d9883
Add OSVDB-80262
2012-03-26 12:42:24 -05:00
507dd423ce
Rogue period, DELETED.
2012-03-26 10:54:26 -05:00
182f3744de
Cosmetic cleanup
2012-03-26 09:23:14 -05:00
ad32911b1a
probably safer to use regex
2012-03-26 09:01:40 -05:00
e2606764cb
forgot to add renamed module
2012-03-25 09:08:38 -07:00
7ea37253a0
modifications recommended by sinn3r
2012-03-25 09:04:35 -07:00
d8ddb19b56
cve-2008-0610 windows exploit module
2012-03-25 00:14:19 -07:00
135cf7ba04
remove trailing comma, thanks troulouliou
2012-03-23 17:00:04 -05:00
e1783acd6f
Adding newline to end of ricoh_dl_bof.rb
2012-03-23 16:31:11 -05:00
2bcf259301
Setting correct LFs on freepbx_callmenum.rb
2012-03-23 16:29:42 -05:00
71462bc73d
Merging in freepbx_callmenum.rb and ricoh_dl_bof.rb
...
[Closes #266 ]
2012-03-23 16:23:36 -05:00
fbfd308d79
This actually shouldn't go it now because it's still being code reviewed
2012-03-23 15:32:24 -05:00
47493af103
Merge pull request #259 from todb-r7/edb-2
...
Convert Exploit-DB references to first-tier "EDB-12345" references
2012-03-23 12:09:07 -07:00
6f0f9041c8
Merge pull request #267 from wchen-r7/hp_data_protector_win_cmd
...
Add HP Data Protector aux module for executing commands on Windows
2012-03-23 11:06:52 -07:00
10733f6a1c
Update description
2012-03-23 13:05:40 -05:00
fef1e31e2a
Merge branch 'olliwolli-3cdaemonsp3'
2012-03-23 08:52:19 -05:00
e30623a2c9
Merge pull request #264 from wchen-r7/ricoh_dc_exploit
...
Add Ricoh DC DL-10 FTP Buffer Overflow
2012-03-23 06:45:02 -07:00
20f0a58c6a
Minor fixes
2012-03-23 08:23:30 -05:00
41bc8ded3d
Add HP Data Protector aux module for executing commands on Windows
2012-03-23 07:57:13 -05:00
30a3d8bb96
Add Windows SP3 to targets.
2012-03-23 13:52:18 +01:00
17a044db89
Print the full URI
...
Makes everything obvious from output alone, don't need to show options
to see what RHOST is.
2012-03-22 18:44:55 -06:00
6625d97599
Add Ricoh DC DL-10 FTP Buffer Overflow
2012-03-22 15:30:00 -05:00
3dc0e97998
Updating description and refs to Patrick's module
...
There was some weirdness with the commit log on this module but it
should all be kosher now.
[Closes #260 ]
2012-03-22 10:30:25 -05:00
2d29184adc
Use interpolation to ensure LPORT is a string for gsub
...
[Fixes #6542 ]
2012-03-21 21:05:05 -06:00
ddacf1dde8
Merge pull request #258 from wchen-r7/ms10_002_ie
...
Add CVE-2010-0248 Internet Explorer Object Handling Use After Free
2012-03-21 17:20:27 -07:00
0a24c354db
Update ms10-002 with dyphens
2012-03-21 19:19:20 -05:00
7d12a3ad3a
Manual fixup on remaining exploit-db references
2012-03-21 16:43:21 -05:00
2f3bbdc00c
Sed replacement of exploit-db links with EDB refs
...
This is the result of:
find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/ \([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
2c16eb29b6
Add CVE-2010-0248 Internet Explorer Object Handling Use After Free exploit
2012-03-21 16:11:26 -05:00
31228ed65a
Comment indentation
2012-03-21 15:21:10 -05:00
482a1a8511
Merge pull request #253 from corelanc0d3r/dnspayload
...
rewrote DNS TXT query out-of-band payload delivery shellcode
2012-03-21 13:19:55 -07:00
8f17cc3f5c
MS12-020 not MS12-002
2012-03-21 13:58:18 -05:00
23c9c51014
Fixing CVE format on sit_file_upload.
2012-03-21 09:59:20 -05:00
b09d91d1c7
Removing enum_bing_url
...
Moving this over to unstable until the described http request problem
gets resolved.
2012-03-21 09:33:31 -05:00
89d7363a8f
fixed crash
2012-03-21 10:39:05 +01:00
c64226f4b8
Fix regex
2012-03-21 04:31:49 -05:00
056985625d
damn comma
2012-03-21 04:06:54 -05:00
e973da7c6d
Add Chicken of the VNC client profile collector module
2012-03-21 04:04:35 -05:00
f81730a7e1
changes to the way jmp to payload is done
2012-03-21 09:52:22 +01:00
45ef7fc35d
reset author
2012-03-20 20:43:56 +01:00
ed542e2b6c
Change dns_enum to enum_dns for naming style consistency
2012-03-20 14:11:04 -05:00
b8b5c79957
No need for net/http
2012-03-20 14:09:40 -05:00
777e221232
Add Bing URL enumerator by Royce (Feature #6499 )
2012-03-20 14:07:42 -05:00
da963fc8b2
Adding OSVDB for dell_webcam_crazytalk.rb
2012-03-20 07:52:50 -05:00
e325469f6e
Grammar fix for dell_webcam_crazytalk module
2012-03-20 07:43:02 -05:00
f4dac59894
Add Dell Webcam CrazyTalk component BackImage overflow exploit
2012-03-20 03:46:37 -05:00
a3035dc6d0
Adding corelandc0d3r's http/https/ftp payload
...
Picks up the one http/https/ftp payload, but not the other two DNS
payloads listed as part of the original pull request.
[Closes #173 ]
2012-03-19 16:50:59 -05:00
bff860c62d
s/brute force/bruteforce
...
This is the preferred spelling in Metasploit, at least, according to
grep consensus:
./metasploit-framework$ grep -ri "brute force" . | wc -l
111
./metasploit-framework$ grep -ri "bruteforce" . | wc -l
183
2012-03-19 16:14:00 -05:00
4391c24d2f
Trivial touchups on RDP DoS module.
...
Dropping a line about what it can't do, adding freenode comment.
2012-03-19 14:27:27 -05:00
3a851ef2c2
Fix typo
2012-03-19 13:20:59 -05:00
3d72d52625
Add reporting to MS12-020
2012-03-19 13:18:51 -05:00
fa4504e1f6
Let's make this clear, it's just a DoS
2012-03-19 13:00:29 -05:00
13f16daca7
Actually, that date is way off. Corrected.
2012-03-19 12:58:52 -05:00
d8be328b89
Ported Daniel/Alex/jduck's MS12-020 PoC as a Metasploit module
2012-03-19 12:53:34 -05:00
cdd7a16603
Apply egypt's fix for "\n"
2012-03-19 10:19:10 -05:00
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
7c77fe20cc
Some variables don't need to be in a double-quote.
2012-03-17 20:37:42 -05:00
acac3fa38d
Add back enum_protections with some new changes
2012-03-17 16:00:20 -05:00
14d427fa87
Added fix for enum_protections
2012-03-17 13:28:31 -04:00
78331bb4c1
A bunch of fixes
2012-03-17 03:14:26 -05:00
4a0c75f4b3
Merge branch 'post-mods' of https://github.com/ohdae/metasploit-framework
2012-03-17 02:38:35 -05:00
ff093c3f93
The comments in get_chatlogs need an update
2012-03-17 00:28:05 -05:00
39cfa43250
Correct license format
2012-03-17 00:25:41 -05:00
3479a314e3
Add enum_adium.rb post module
2012-03-17 00:22:03 -05:00
c3f98fe284
Changed store_note to store_loot. Fixed local/remote file retrieval
2012-03-16 16:54:36 -03:00
d3a87b59aa
This module is not ready, yanked.
2012-03-16 11:49:31 -05:00
ba6928cbf1
sockso_traversal 1.8 compatibility fix
2012-03-16 18:12:09 +02:00
c5a4dc39c3
fix
2012-03-16 09:17:35 -04:00
9b4ecc2777
Merge branch 'post-mods' of github.com:ohdae/metasploit-framework into post-mods
2012-03-16 09:15:47 -04:00
b635019d56
saves each config to loot instead of notes
2012-03-16 09:14:48 -04:00
9f0a293a53
Correct variable name
2012-03-16 01:17:39 -05:00
13b92b97e9
Fixed incorrect variable within get_sql_history
2012-03-16 01:40:12 -03:00
f6a2e2b890
Enumerate important and interesting configuration files
2012-03-15 22:59:42 -04:00
6011da7db8
More Virtualisation SSL fixes
2012-03-15 19:06:48 -05:00
e4778c2ba4
Default SSL to true for esx_fingerprint module
2012-03-15 18:15:29 -05:00
e3f2610985
Msftidy run through on the easy stuff.
...
Still have some hits, but that requires a little more code contortion to
fix.
2012-03-15 17:06:20 -05:00
9144c33345
MSFTidy check for capitalization in modules
...
And also fixes up a dozen or so failing modules.
2012-03-15 16:38:12 -05:00
46dbaf8283
Fix typos and output
2012-03-15 16:10:05 -05:00
81b3eaa482
Fix typo
2012-03-15 15:56:24 -05:00
db4538389c
Add sockso dir traversal
2012-03-15 15:55:54 -05:00
74e40763d6
Fix syntax error in 1.8, thanks Jun Koi for the patch
2012-03-15 14:32:16 -06:00
e53938b9d7
Merge branch 'ohdae-post-mods'
2012-03-15 14:30:23 -05:00
2770199d28
enum_protections is now find_apps
2012-03-15 14:27:40 -05:00
e5c420b676
File rename, as well as design and cosmetic changes
2012-03-15 14:22:23 -05:00
8b91cc54c3
Merge branch 'post-mods' of https://github.com/ohdae/metasploit-framework into ohdae-post-mods
2012-03-15 13:50:43 -05:00
7e7b220b70
added report_note, removed store_loot function, cleaned up info/author
2012-03-15 15:29:52 -03:00
d5f83be2d0
Cosmetic changes
2012-03-15 11:21:41 -05:00
0389e47dfe
fix little mistake
2012-03-15 16:21:00 +01:00
b88af39f74
fixed output newline issue
2012-03-15 12:18:29 -03:00
9928b102b5
Added rails_mass_assignment module.
2012-03-15 16:56:38 +02:00
5250b179c8
Add CVE and OSVDB ref
2012-03-15 04:40:27 -05:00
32002c595d
fixed save line
2012-03-15 01:05:35 -03:00
c165b7b7c2
removed unneeded comments
2012-03-15 01:02:07 -03:00
58b2d570c9
fixed output issue
2012-03-15 01:00:55 -03:00
65bde7ec99
Add OSVDB-79863 NetDecision Directory Traversal
2012-03-14 16:50:54 -05:00
f91b894375
added posibilities for generating payload from asm to more arch's
...
added linux/x64/shell_find_port payload
2012-03-14 22:39:56 +01:00
ffc41bf265
removed unneeded dependency
2012-03-14 18:26:53 -03:00
c38aaede03
duplicate of enum_users_history.rb
2012-03-14 16:07:49 -05:00
5c74b7741b
locates installed 3rd part av, fws, etc
2012-03-14 13:30:16 -04:00
d1efb40d2d
Fix bad path for Windows (bug #6523 ) - Thanks Francesco
2012-03-14 12:27:40 -05:00
3b880359fe
Change module name to better describe the purpose of it. Also some cosmetic corrections.
2012-03-14 11:44:03 -05:00
704f8e391d
Remove the line that's commented out
2012-03-14 11:37:43 -05:00
60b3ee7b16
Added user specific tasks to enum_users, removed bash_hist from enum_sys, added disk space info to enum_system
2012-03-14 09:06:51 -04:00
50f8b6088b
Fix cosmetic problems
2012-03-14 05:20:19 -05:00
4872e80385
Cleanup whitespace and author format
2012-03-14 05:18:00 -05:00
9d7e22876c
Merge branch 'my-branch' of https://github.com/ohdae/metasploit-framework
2012-03-14 05:14:33 -05:00
ecb1fda682
Add OSVDB-79651: NetDecision 4.5 HTTP Server Buffer Overflow
2012-03-14 05:13:22 -05:00
fbd076e749
removed old/ folder
2012-03-13 22:49:01 -04:00
b86fa5c85b
Combined network tasks into enum_network.rb, Combined user/system tasks into enum_system.rb
2012-03-13 22:24:49 -04:00
0fe26780b9
Merge branch 'my-branch' of github.com:ohdae/metasploit-framework into my-branch
2012-03-13 22:20:59 -04:00
96fb9fd458
Combined network tasks into one module, Combined system/user tasks into one module
2012-03-13 22:18:24 -04:00
f79bda2dc7
Update modules/post/linux/gather/enum_linux.rb
2012-03-13 21:15:47 -03:00
3260bc6b65
Update modules/post/linux/gather/enum_linux.rb
2012-03-13 21:14:49 -03:00
bd5950ea52
added active connections, iwconfig, if-up/down, open ports
2012-03-13 20:09:41 -04:00
4b7e380581
Linux post ssh enum, Linux post network info
2012-03-13 17:27:21 -04:00
81248f35c4
Changing H.323 constant for H323_STATUS_FACILITY
...
However, it's not actually being used in the module anywhere, so this
change appears cosmetic more than anything right now. However, I'm
inclined to believe Ricky's suggestions when it comes to H.323.
Corroborated by this 2003 post to the Ethereal mailing list:
http://www.ethereal.com/lists/ethereal-users/200311/msg00001.html
[See #6521 ]
2012-03-13 12:26:03 -05:00
b0ba10f79c
Added afp_login module.
2012-03-13 10:01:42 +02:00
5b13b7d1d9
Extracted common AFP functionality to mixin
2012-03-13 09:56:03 +02:00
1cf25e58d5
merge description change
2012-03-12 17:22:01 -05:00
7d95132eab
Use a cleaner way to calculate JRE ROP's NEG value
2012-03-11 17:27:47 -05:00
6c19466de8
Change output style
2012-03-11 13:59:18 -05:00
25a1552fbd
Dynamic VirtualProtect dwSize. Change output style.
2012-03-11 13:49:46 -05:00
b0e7c048c9
This module fits the GoodRanking description
2012-03-10 00:50:41 -06:00
1d5bad469c
Add Windows 7 SP1 target
2012-03-10 00:11:25 -06:00
1ae779157d
Disable Nops so we don't get an ugly crash after getting a shell
2012-03-08 18:56:58 -06:00
1e4d4a5ba0
Removing EncoderType from flash module
...
Also not very useful
2012-03-08 16:57:41 -06:00
302a42a495
Fixing up print statements
...
Dropping the ROP prints since they're not all that useful.
2012-03-08 16:56:44 -06:00
1396fc19bd
Fixup bad merge on flash mp4
2012-03-08 16:52:53 -06:00
cb04e47304
Attempt #2 : there's no cli in get_payload
2012-03-08 16:47:49 -06:00
3563fe1b36
The encoder "issue" was just a misconfig on my side. Also there's no cli in get_payload.
2012-03-08 16:41:32 -06:00
fee2e1eff9
Minor spray size change
2012-03-08 16:19:51 -06:00
12395c719f
Remove debugging code
2012-03-08 16:16:42 -06:00
87274987c1
Remove the now obsolete text about SWF_PLAYER
2012-03-08 16:16:13 -06:00
181fdb7365
A small title change
2012-03-08 16:10:16 -06:00
1271368b6f
Redirect to a trailing slash to make sure relative resources load
...
properly
2012-03-08 15:37:06 -06:00
b0db18674c
Test out new player code
2012-03-08 15:05:12 -06:00
eb847a3dfb
Add a nicer prefix to the target selection message
2012-03-08 13:46:14 -06:00
5b566b43b4
Catching an update from @hdmoore-r7
...
wrt the nuclear option.
2012-03-08 12:08:39 -06:00
edb3f19c12
A little more padding for Win Vista target
2012-03-08 12:04:04 -06:00
18962e1180
Checking in the new Flash exploit to the release
...
Using the checkout master directly:
git checkout master external/source/exploits/CVE-2012-0754/Exploit.as
git checkout master
modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
2012-03-08 11:55:01 -06:00
86fc45810b
Remove the resource during cleanup
2012-03-07 23:04:53 -06:00
b4e0daf3ca
Small tweaks to the adobe mp4 exploit
2012-03-07 22:53:47 -06:00
8d93e3ad44
Actually use the password we were given...
2012-03-08 10:17:39 -07:00
9ece7b08fc
Add vendor's advisory as a reference
2012-03-08 00:46:34 -06:00
5f92bff697
Make sure no encoder will break the exploit again
2012-03-08 00:44:57 -06:00
2e94b97c82
Fix description
2012-03-07 23:59:51 -06:00
57376a976d
Fixes descriptions on new modules.
...
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:18:47 -06:00
d9788db7bb
Merge pull request #222 from jduck/master
...
Fixes #6483
2012-03-07 18:11:48 -08:00
0550b77522
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-07 20:04:04 -06:00
3b4ed13aee
Fix typo
2012-03-07 20:03:46 -06:00
33460b6bf4
Fixups on the Adobe Flash exploit description
...
Massaged the lines about the phishing campagin use in the wild.
2012-03-07 19:37:49 -06:00
c76f43c066
Add CVE-2012-0754: Adobe Flash Player MP4 cprt overflow
2012-03-07 19:24:00 -06:00
f97dc8dee7
Fix spelling of the IBM product iSeries
...
Was I-Series.
2012-03-07 15:24:15 -06:00
7dfba9c00d
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-07 14:51:39 -06:00
0ee7788028
Add a check to detect the vulnerable version of Sysax SSH
2012-03-07 14:51:21 -06:00
ab01a19f92
Fixes #6483 : Correct the include for the handler (was copypasta)
2012-03-07 11:23:44 -06:00
ba2bf194fd
Fixes descriptions on new modules.
...
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:17:22 -06:00
02ea38516f
Add a check method for tomcat_mgr_deploy
2012-03-06 23:22:44 -07:00
2b9acb61ad
Clean up some incosistent verbosity
...
Modules should use `vprint_*` instead of `print... if
datastore["VERBOSE"]` or similar constructs
2012-03-06 12:01:20 -07:00
003fa3e22c
Apply patch for #6495
2012-03-06 11:43:28 -06:00
22a12a6dfc
Add Lotus CMS exploit (OSVDB-75095)
2012-03-06 11:36:28 -06:00
99177e9d5e
Small commit to fix bad reference and old comment
2012-03-06 01:44:26 -06:00
461a59e28d
modified description and lowered the number of required requests
2012-03-06 00:48:54 -05:00
0f17bbdfdd
squid pivot scanning module
2012-03-06 00:30:30 -05:00
70162fde73
A few more author typos
2012-03-05 13:28:46 -07:00
82c23e95d3
Module author typo
2012-03-05 13:28:46 -07:00
3a33434867
Fix a couple of typos that throw off module authors
2012-03-05 13:28:46 -07:00
afd1af6377
Merge branch 'apf-info' of https://github.com/gregory-m/metasploit-framework into gregory-m-apf-info
2012-03-05 11:18:23 -06:00
1005de0523
Port should not contain a non-numeric value or even empty when assigned to :port
2012-03-05 11:10:16 -06:00
6726f07dbc
afp_server_info fixes and improvements
...
1.9 compatibility, timeouts, reporting
2012-03-05 14:57:59 +02:00
d9f0453ee9
Added auxiliary/scanner/afp/afp_server_info module
2012-03-02 21:58:40 +02:00
7447052b38
Convert WMAP constant name to the new format.
2012-03-02 10:18:32 -06:00
302853f5a4
Unpolluting SVN Revision keyword
...
Sometimes Revision keywords get expanded, too. Fix those.
2012-03-02 10:18:32 -06:00
3626d48db2
Un-polluting SVN Id keyword
...
Sometimes the SVN Id keyword sneaks back into the github repo already
expanded.
2012-03-02 10:18:32 -06:00
36a3341acd
Fix body cero.
2012-03-02 10:18:32 -06:00
6fba0698e5
Adding another detection method for blind sqli
2012-03-02 10:18:32 -06:00
02f6e3fcb2
Improving report on blind sqli module
2012-03-02 10:18:32 -06:00
126a6133cd
Improving blind sql inj. detection
2012-03-02 10:18:32 -06:00
b608aeeeb7
Migrating modules to use report_web_vulns and minor fixes
2012-03-02 10:18:32 -06:00
1a09a49f69
Starting getting rid of report_note to use report_web_vuln on all http aux modules
2012-03-02 10:18:32 -06:00
2ce7dc9331
One more module.
2012-03-02 10:18:32 -06:00
9c6fec3c33
First step on module cleaning.
2012-03-02 10:18:32 -06:00
eaecdb487c
Fix sname in report_ calls to check the use of ssl and report http or
...
https
2012-03-02 10:18:31 -06:00
6d80aa0a44
Renaming duh.
2012-03-02 10:18:31 -06:00
3cb65e24a1
Fix blind sqli module description and bug with http_method
2012-03-02 10:18:31 -06:00
6938b91d07
Execute tests agains a specific path and bug fix in blind sqli module
2012-03-02 10:18:31 -06:00
a2e5a4d9d5
New wmap version 1.5. Plugin and mixin changes. Modules edited to adjust to naming convention
2012-03-02 10:18:31 -06:00
8f30e5548c
Fix bug: "TypeError can't convert nil into String" when fd.read can be nil
2012-03-02 02:18:07 -06:00
67f788768d
Fix tabs
2012-03-01 22:31:08 -06:00
fd2d9ae0ea
Add MP4 file generating function. Update the description regarding exploit usage.
2012-03-01 22:24:35 -06:00
b1b2ec2c7d
Merge branch 'CVE-2008-5036_vlc_realtext' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-5036_vlc_realtext
2012-03-01 21:13:33 -06:00
8bad0033d3
Update description
2012-03-01 19:16:29 -06:00
0bc26c1665
Add CVE-2009-4656: DJ Studio .pls buffer overflow
2012-03-01 19:09:25 -06:00
d06848ba56
Default to token impersonation before migrating to a different process
2012-03-01 18:31:33 -06:00
687c50d0cd
Indent level fix
2012-03-01 16:14:29 -06:00
f1a6d8f535
Added exploit module for CVE-2008-5036
2012-03-01 23:06:40 +01:00
5a5e5eab95
Add msvcrt ROP target for IE8
2012-03-01 15:23:41 -06:00
1bc99646e7
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-01 15:14:05 -06:00
2d802750e3
fix osvdb ref
2012-03-01 08:07:11 -06:00
256fee3626
add osvdb ref
2012-03-01 08:06:53 -06:00
a32bcc44f2
Merge branch 'post-apple-ios-backup-osx-fix' of https://github.com/gregory-m/metasploit-framework
2012-03-01 00:43:17 -06:00
e9df9d6c2c
Increase default depth
2012-02-29 16:24:18 -06:00
4369f73c7a
Msftidy fixes on new modules
...
Dropped a cryptic year reference from jducks' java module, found a
spurious space in thelightcosine's telnet module.
2012-02-29 10:42:43 -06:00
74cdb5dabc
It's a two-space tab, not one space. OMG.
2012-02-29 10:13:29 -06:00
eaf41769ed
Fixed gather/apple_ios_backup to work with OSX
...
Also moved it to post/multi/gather
2012-02-29 10:31:26 +02:00
278f394552
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-29 01:37:36 -06:00
6321ff7cb4
Change output message
2012-02-29 01:36:38 -06:00
bc8480715f
Add references to metadata. Do report_auth_info() when a credential is found. Plus other minor changes.
2012-02-29 01:32:21 -06:00
4c39cfd98a
Small tweak to the format of the type
2012-02-28 23:52:48 -06:00
4b1e67f94f
Add ROP target for Win2k3 SP1 and SP2
2012-03-04 17:18:34 -06:00
8f93a5abbb
add osvdb ref
2012-03-03 12:28:30 -06:00
fa916d863d
Add Sysax SSH buffer overflow exploit
2012-03-03 10:11:51 -06:00
6c0f8636ec
Merge pull request #217 from rapid7/reverse-http-randomness
...
Reverse http randomness
2012-03-02 16:36:26 -08:00
b70b41091b
Tested fairly well - this randomizes the URLs and removes the user-agent string from the request
2012-03-02 17:44:23 -06:00
9258cda144
Change :info and file name so it's easier to identify it's a Firefox profile
2012-03-02 16:45:42 -06:00
96e03d2556
Merge pull request #44 from linuxgeek247/armle-bind-shell
...
Adding armle bind shellcode based on existing reverse shellcode
2012-03-02 14:25:43 -08:00
f3e0b46e5c
Post mods should use session_host when reporting
...
target_host probably never worked anyway
2012-02-28 18:40:17 -07:00
624e19fd8b
Merge session-host-rework branch back to master
...
Squashed commit of the following:
commit 2f4e8df33c5b4baa8d6fd67b400778a3f93482aa
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:31:03 2012 -0700
Clean up some rdoc comments
This adds categories for the various interfaces that meterpreter and
shell sessions implement so they are grouped logically in the docs.
commit 9d31bc1b35845f7279148412f49bda56a39c9d9d
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 13:00:25 2012 -0700
Combine the docs into one output dir
There's really no need to separate the API sections into their own
directory. Combining them makes it much easier to read.
commit eadd7fc136a9e7e4d9652d55dfb86e6f318332e0
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:27:22 2012 -0700
Keep the order of iface attributes the same accross rubies
1.8 doesn't maintain insertion order for Hash keys like 1.9 does so we
end up with ~random order for the display with the previous technique.
Switch to an Array instead of a Hash so it's always the same.
commit 6f66dd40f39959711f9bacbda99717253a375d21
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:23:35 2012 -0700
Fix a few more compiler warnings
commit f39cb536a80c5000a5b9ca1fec5902300ae4b440
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:17:39 2012 -0700
Fix a type-safety warning
commit 1e52785f38146515409da3724f858b9603d19454
Author: James Lee <egypt@metasploit.com>
Date: Mon Feb 27 15:21:36 2012 -0700
LHOST should be OptAddress, not OptAddressRange
commit acef978aa4233c7bd0b00ef63646eb4da5457f67
Author: James Lee <egypt@metasploit.com>
Date: Sun Feb 26 17:45:59 2012 -0700
Fix a couple of warnings and a typo
commit 29d87f88790aa1b3e5db6df650ecfb3fb93c675b
Author: HD Moore <hdm@digitaloffense.net>
Date: Mon Feb 27 11:54:29 2012 -0600
Fix ctype vs content_type typo
commit 83b5400356c47dd1973e6be3aa343084dfd09c73
Author: Gregory Man <man.gregory@gmail.com>
Date: Sun Feb 26 15:38:33 2012 +0200
Fixed scripts/meterpreter/enum_firefox to work with firefox > 3.6.x
commit 49c2c80b347820d02348d694cc71f1b3028b4365
Author: Steve Tornio <swtornio@gmail.com>
Date: Sun Feb 26 07:13:13 2012 -0600
add osvdb ref
commit e18e1fe97b89c3a2b8c22bc6c18726853d2c2bee
Author: Matt Andreko <mandreko@gmail.com>
Date: Sat Feb 25 18:02:56 2012 -0500
Added aspx target to msfvenom. This in turn added it to msfencode as well.
Ref: https://github.com/rapid7/metasploit-framework/pull/188
Tested on winxp with IIS in .net 1.1 and 2.0 modes
commit e6aa5072112d79bbf8a4d2289cf8d301db3932f5
Author: Joshua J. Drake <github.jdrake@qoop.org>
Date: Sat Feb 25 13:00:48 2012 -0600
Fixes #6308 : Fall back to 127.0.0.1 when SocketError is raised from the resolver
commit b3371e8bfeea4d84f9d0cba100352b57d7e9e78b
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 17:07:42 2012 -0700
Simplify logic for whether an inner iface has the same address
commit 5417419f35a40d1c08ca11ca40744722692d3b0d
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:58:16 2012 -0700
Whitespace
commit 9036875c2918439ae23e11ee7b958e30ccc29545
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:53:45 2012 -0700
Set session info before worrying about address
get_interfaces can take a while on Linux, grab uid and hostname earlier
so we can give the user an idea of what they popped as soon as possible.
commit f34b51c6291031ab25b5bfb1ac6307a516ab0ee9
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:48:42 2012 -0700
Clean up rdoc
commit e61a0663454400ec66f59a80d18b0baff4cb8cd9
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:54:45 2012 -0600
Ensure the architecture is only the first word (not the full WOW64
message in some cases)
commit 4c701610976a92298c1182eecc9291a1b301e43b
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:49:17 2012 -0600
More paranoia code, just in case RHOST is set to whitespace
commit c5ff89fe3dc9061e0fa9f761e6530f6571989d28
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:47:01 2012 -0600
A few more small bug fixes to handle cases with an empty string target
host resulting in a bad address
commit 462d0188a1298f29ac83b10349aec6737efc5b19
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 03:55:10 2012 -0600
Fix up the logic (reversed by accident)
commit 2b2b0adaec2448423dbd3ec54d90a5721965e2df
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 23:29:52 2012 -0600
Automatically parse system information and populate the db, identify and
report NAT when detected, show the real session_host in the sessions -l
listing
commit 547a4ab4c62dc3248f847dd5d305ad3b74157348
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:16:03 2012 -0600
Fix typo introduced
commit 27a7b7961e61894bdecd55310a8f45d0917c5a5c
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:11:38 2012 -0600
More session.session_host tweaks
commit e447302a1a9915795e89b5e29c89ff2ab9b6209b
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:08:20 2012 -0600
Additional tunnel_peer changes
commit 93369fcffaf8c6b00d992526b4083acfce036bb3
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:06:21 2012 -0600
Additional changes to session.session_host
commit c3552f66d158685909e2c8b51dfead7c240c4f40
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:00:19 2012 -0600
Merge changes into the new branch
2012-02-28 18:29:39 -07:00
af4551d8dc
Merge branch 'auxiliary-scanner-mongodb' of https://github.com/gregory-m/metasploit-framework into gregory-m-auxiliary-scanner-mongodb
2012-02-28 19:07:21 -06:00
986807e525
Add CVE-2012-0201 IBM Personal Communications .ws buffer overflow
2012-02-28 19:01:54 -06:00
5560087006
Add OSVDB 79438 Asus Net4Switch ActiveX Buffer Overflow
2012-02-28 18:58:28 -06:00
e69c8ca422
LHOST should be OptAddress, not OptAddressRange
2012-02-28 08:16:06 -07:00
bf07a6a027
Added auxiliary/scanner/mongodb/mongodb_login module
...
MongoDB login utility + brute force attack
2012-02-28 16:06:30 +02:00
2f201cdf78
Merge pull request #198 from jduck/master
...
Fixes #6308
2012-02-26 11:52:47 -08:00
3ff5c91c24
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-26 09:53:04 -06:00
ef4cdb516d
add osvdb ref
2012-02-26 07:13:13 -06:00
139136e033
Fix a handful of typos in the regex/parsing code
2012-02-26 02:10:06 -06:00
65ed4bfa8b
Fixes #6308 : Fall back to 127.0.0.1 when SocketError is raised from the resolver
2012-02-25 13:00:48 -06:00
91a7a44f02
Merge branch 'gather-firefox_creds-osx-fix' of https://github.com/gregory-m/metasploit-framework into gregory-m-gather-firefox_creds-osx-fix
2012-02-24 16:03:42 -06:00
7281a0ebdd
Add CVE-2011-0923: HP Data Protector CMD_EXEC module (submitted by wireghoul)
2012-02-24 12:06:47 -06:00
8a158c3a00
Added OSX support to post/multi/gather/firefox_creds
...
Tested on OSX 10.7.3 and FF 9.0.1
2012-02-24 16:44:42 +02:00
bc2e12f7b5
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-23 17:34:10 -06:00
339fb8d266
eh, I mean Win2k3 SP0 to SP1
2012-02-23 17:33:49 -06:00
cb9cc1a69e
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-23 17:22:55 -06:00
a6b10862bd
Adds a lantronix telnet discovery module
2012-02-23 17:22:32 -06:00
9ddca81ab5
Fix test that always evals to false
...
Meterpreter does not respond_to? extension names, they're magic.
2012-02-23 14:52:48 -07:00
e262d7a7ff
Add CVE-2012-0500 Sun Java Web Start exploit
2012-02-23 13:30:45 -06:00
08fb03276f
add osvdb ref
2012-02-23 07:39:31 -06:00
144fa0dc0e
Comment what \x0b\x04 is for
2012-02-22 22:59:43 -06:00
92c801d936
Merge branch 'ssh-creds-fix' of https://github.com/gregory-m/metasploit-framework into gregory-m-ssh-creds-fix
2012-02-22 19:49:26 -06:00
291e083d65
Add CVE-2011-5001: TrendMicro Control Manager 5.5 CmdProcessor Stack Bof
2012-02-22 19:44:47 -06:00
4ee1f989a6
Merge branch 'CVE-2008-1602_orbit_download_failed_bof' of https://github.com/juanvazquez/metasploit-framework
2012-02-22 19:40:56 -06:00
8d212849dc
Fix typos that result in stack traces when matching the response codes
2012-02-22 16:04:24 -06:00
ace28a8388
1.9 compatibility fix
...
Strings in ruby 1.9 doesn't have #each method
2012-02-22 18:01:17 +02:00
66fa56cc49
Fixed post/multi/gather/ssh_creds to work with shell session
2012-02-22 15:16:11 +02:00
3fecda95be
Fix 1.8 compatibility issue
2012-02-22 02:05:44 -06:00
5e6c40edfd
Remove unnecessary space restrictions.
...
This allows using the full range of PHP payloads
2012-02-21 23:21:07 -07:00
464cf7f65f
Normalize service names
...
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes #6437 ]
2012-02-21 22:59:20 -07:00
7ca573a1b4
Give these two old modules a chance to work by setting a proper arch
...
These must have been broken for quite some time. =/ They should
probably both be ARCH_PHP but I'm reluctant to make that big of a change
without having the target software to test.
2012-02-21 22:59:20 -07:00
4932a9ca25
Dont dump an HTML document to the console
2012-02-21 23:45:25 -06:00
d3fad51f3a
Fix my screwup in winscp for servicename
2012-02-21 20:31:52 -06:00
dcf3f3579d
Fix to the awful sname in this module
2012-02-21 20:28:27 -06:00
02d6089893
Fix a stack trace when an unexpected response from the server
...
Caused by a typo
2012-02-21 18:57:27 -07:00
acb4446e45
Fix #6407 by treating redirects as successful authentication
2012-02-21 16:02:21 -06:00
d6310829ea
Added module for CVE-2008-1602
2012-02-21 22:36:57 +01:00
4a631e463c
Module title normalization
...
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/
The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
bce1c08623
Update modules/auxiliary/server/capture/http_javascript_keylogger.rb
2012-02-21 04:46:56 -06:00
7c1d48d6aa
Merge in MJC's javascript keylogger
2012-02-21 04:25:15 -06:00
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
ab92e38628
Small cosmetic change to module descriptions
2012-02-20 19:29:51 -06:00
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
bb55b4e54f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-20 14:22:23 -06:00
f09ce04b00
Show where store_loot() saves the info
2012-02-20 14:22:05 -06:00
89e0842b1e
Add vim_soap to the mixins list.
...
Fixes an issue where a different module load order would result in one
of the vmware modules failing to load be cause vim_soap hadn't been
required yet. Thanks d0rm0us3 for having a weird system and spotting
stuff like this.
2012-02-20 13:17:45 -07:00
cda9166180
This module should show where store_loot() saves the results
2012-02-20 14:15:55 -06:00
779e3cdcda
Correct more post modules for naming style consistency
2012-02-20 13:49:23 -06:00
fd283dd95b
Correct naming style
2012-02-20 12:38:43 -06:00
3180d75168
Correct naming style
2012-02-20 12:38:31 -06:00
22e40d9da4
Change naming style for consistency
2012-02-20 12:35:53 -06:00
300558e009
Correct post module naming style
2012-02-20 12:34:35 -06:00
a8d56afda6
Use store_loot() to save data to local disk
2012-02-20 01:30:11 -06:00
fccb338e29
Merge branch 'master' of github-r7:rapid7/metasploit-framework
2012-02-19 23:01:14 -06:00
e0a75c1b2c
Merge branch 'release/4.2-stable'
...
Conflicts:
lib/msf/core/model/host.rb
2012-02-19 22:57:22 -06:00
ea698864bd
Add aux module to disclose IIS internal IP (Feature #6405 )
2012-02-19 22:44:30 -06:00
95fa97cbd7
This module should be using store_loot() to save downloaded data
2012-02-19 20:48:00 -06:00
6037a2fc7a
Correct type and name for store_loot
2012-02-19 20:20:44 -06:00
f92ddb2475
Revert "Cleanup to the module output for vmware_http_login.rb"
...
This reverts commit 08d91aebdb
2012-02-19 18:55:49 -06:00
a25475fac0
Revert "Add a new vmauthd_version scanner (also pulls in the SSL cert if"
...
This reverts commit c4ea27d32b
2012-02-19 18:53:03 -06:00
d761265b93
Revert "Cosmetic cleanup to the module output for vmauthd_login"
...
This reverts commit 87e7bf4934
2012-02-19 18:52:39 -06:00
648686002b
Cosmetic cleanup of the vmware_http_login module
2012-02-19 18:51:16 -06:00
2521bd7b59
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:34:35 -06:00
00d2497a42
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:32:36 -06:00
c4ea27d32b
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:28:06 -06:00
87e7bf4934
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:16:54 -06:00
08d91aebdb
Cleanup to the module output for vmware_http_login.rb
2012-02-19 18:16:05 -06:00
825ea01f79
Correct report_web_vuln
2012-02-19 16:37:42 -06:00
199e9c518b
Add Generic HTTP Directory Traversal Utility (Feature #6338 )
2012-02-19 00:30:18 -06:00
6ced540e0b
Merge branch 'vmware-api' into vmware-stable
2012-02-18 18:38:20 -06:00
36dc0fee50
Better dynamic soap generation for all the vmware stuff
2012-02-18 18:29:46 -06:00
ef2c261ce9
Change print() to print_line()
2012-02-18 00:22:02 -06:00
1f34c1ffd2
Correct print() and sleep() to print_line and select()
2012-02-18 00:20:52 -06:00
ebd5438984
Add POST to method
2012-02-17 22:36:33 -06:00
bb5e4a1600
Modules don't need to register VERBOSE, because it's already there
2012-02-17 21:07:44 -06:00
dc4bade78c
Use OptEnum to validate delivery method
2012-02-17 21:03:05 -06:00
79ce43e3fe
This condition should never trigger, because OptEnum should automatically take care of it
2012-02-17 19:16:07 -06:00
e23f17cac2
Again, validate using OptEnum
2012-02-17 19:14:38 -06:00
d58b8c7b69
Use OptEnum to validate enumeration method
2012-02-17 19:12:47 -06:00
3390bdf312
Validate METHOD with OptEnum
2012-02-17 18:54:53 -06:00
974aea3521
Validate 'METHOD' using OptEnum
2012-02-17 18:46:56 -06:00
36bc31d677
Damn, the indent level is nuts in this thing
2012-02-17 18:43:47 -06:00
ec58b4669e
This module only handles GET, so that's the only option we'll allow
2012-02-17 18:20:16 -06:00
9e17b09632
This module is only meant to handle GET and PUT, so let's be strict on that
2012-02-17 18:17:28 -06:00
7ae58bfd9d
Make sure the HTTP method is always upper-case to make Apache happy
2012-02-17 18:15:23 -06:00
ddb43774c9
Some metadata fixes
2012-02-17 12:21:38 -06:00
ae57a8d9fd
Make sure the HTTP method is always uppercase so we don't get a 501
2012-02-17 03:34:39 -06:00
afe6bce1c6
More documentation on the file format
2012-02-16 21:58:12 -06:00
2a97e61457
Merge branch 'droplnk' of https://github.com/NoVAHA/metasploit-framework into NoVAHA-droplnk
2012-02-16 21:20:58 -06:00
5bb9afe789
Correct disclosure date format
2012-02-16 18:15:51 -06:00
c38ad92ade
Post module to upload shortcut (LNK) files with UNC path ICONs for post exploitation
2012-02-16 18:34:19 +00:00
01a6b02c3e
Add exploit for CVE-2012-0209, thx eromang!
2012-02-16 03:10:55 -06:00
d2444e1cf6
fix a few typos
2012-02-16 03:10:22 -06:00
a0dac593bc
Merge branch 'vmware-api' of github.com:rapid7/metasploit-framework into vmware-api
2012-02-16 02:22:31 -06:00
e9b2e060d6
Permissions scanner for vmware
...
Fixed the way loot was getting stored to set a propper type
2012-02-16 02:19:33 -06:00
8d7ddab2af
Some minor bug fixes
...
Added vm_tag module for 'flag planting'
2012-02-16 00:45:48 -06:00
c5ae56a147
Adding User Enumeration Scanner for vmware
2012-02-15 22:55:11 -06:00
95f54413d8
Create a stable branch of vmware-api
...
Just to pick up the soap library and the esx_fingerprint stuff.
2012-02-15 21:25:56 -06:00
bf9ed96155
Fixes up esx_fingerprint and the host model to ID vmware correctly
...
Uses the proper host.normalize_os methods to fix up the normalization of
ESX servers.
2012-02-15 20:31:51 -06:00
a2778ea297
minor fixes to multi-session terminate
2012-02-15 16:50:12 -06:00
082b4acca8
Changed terminate session module to handle multiple sessions per run
2012-02-15 16:47:02 -06:00
c9cf47bd4c
Add Terminate Session module and some extra goodness to enum sessions
2012-02-15 16:39:13 -06:00
e69037959f
Added CVE-2010-0842
2012-02-15 23:32:31 +01:00
67ba39cc3e
Adds a scanner to pull active login sessions off servers
2012-02-15 02:27:25 -06:00
e0f11992af
Gah screwed up that commit, accidentally chunked out the rescues.
2012-02-15 02:12:06 -06:00
6b539036c9
Fix fingerprinting in the vmware_http_login module
2012-02-15 01:54:34 -06:00
e67e9ab34f
Adds a power off vm aux module
2012-02-14 20:52:45 -06:00
a256a6fb0b
Adds a power on vm module
2012-02-14 20:44:11 -06:00
ab65a1ad8c
Name caps and readability for new post modules
2012-02-14 16:23:12 -06:00
bbca09458f
Workaround for report_host/service issue
...
See #6370
2012-02-14 11:19:38 -06:00
03884ddb46
Fix to title from copy pasted init section.
2012-02-14 10:36:15 -06:00
ad0594ee5f
Cleanup and add debug for fingerprint_vmware
2012-02-13 19:07:26 -06:00
8c1581567c
Cleanup on the vmware fingerprinting.
...
Add in some new OS constants and seperate out the fingerprinting
function from the connection function in order to avoid having errors
swallowed by a rescue.
2012-02-13 16:40:44 -06:00
727cde00c6
Taking David's version of vmware_http_login over mine
2012-02-13 14:54:47 -06:00
d036da627a
Clear lots of whitespace
2012-02-13 14:13:43 -06:00
31f001ed54
Improved vmware enumerate vm modules
...
now with screenshots!
2012-02-13 12:07:28 -06:00
8c305e1a28
VMWare Web service finerprinting and OS detection.
...
VMWare Screenshot stealer
Improvemenets to the mixin
fix to check method for the login scanner
2012-02-13 12:05:32 -06:00
a758462a32
Remove some whitespace
2012-02-13 11:01:26 -06:00
7129ec8e3a
Change indent level for the metadata
2012-02-12 17:33:03 -06:00
e9ceed1236
Merge branch 'fetchmailrc_creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-fetchmailrc_creds
2012-02-12 17:30:30 -06:00
49bf9435c2
Post module to loot creds from .fetchmailrc
2012-02-12 11:24:21 -08:00
abb1548d9a
Fix extraneous print_status
2012-02-11 20:09:43 -06:00
676a0c53a0
Working Screenshot capability!
2012-02-11 03:51:18 -06:00
829040d527
A bunch of msftidy fixes, no functional changes.
2012-02-10 19:44:03 -06:00
daca3e93a5
add osvdb ref
2012-02-10 07:05:42 -06:00
782fcb040d
add osvdb ref
2012-02-10 07:05:26 -06:00
1a240648fa
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-10 06:51:02 -06:00
fe69a27bf1
Fix indent level and type
2012-02-10 03:22:51 -06:00
4b47a9e66f
Be gone, whitespace.
2012-02-10 03:16:37 -06:00
52e7743b41
Merge branch 'ipv6_logging' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-ipv6_logging
2012-02-10 03:13:18 -06:00
85e644ed4c
Merge branch 'railgun_defs' of https://github.com/NoVAHA/metasploit-framework into NoVAHA-railgun_defs
2012-02-10 01:17:07 -06:00
5ea20a332b
Clearly I had the wrong disclosure date. This one is based on Adobe's security bulletin.
2012-02-10 00:13:39 -06:00
e5ea2961f5
Add CVE-2011-2140 Adobe Flash SequenceParameterSetNALUnit (mp4) bof
2012-02-10 00:10:28 -06:00
2bd330da33
Add ZDI-12-009 Citrix Provisioning Services 5.6 streamprocess buffer overflow exploit
2012-02-10 00:06:48 -06:00
1f1e67cb16
Moved railgun function definitions into central storage and out of individual modules where possible
2012-02-09 04:56:13 +00:00
adafe6f722
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-08 13:32:51 -06:00
29b99aa7b4
Fix up titles/add boundary check for reporting external host
2012-02-08 12:23:46 -06:00
705c436ede
added more multicast addresses from wikipedia
2012-02-07 11:45:20 +01:00
e8aa624a16
Added todb's validator over to this working branch
2012-02-06 10:15:05 -06:00
8ad9beef75
Removing javascript_keylogger from master.
2012-02-06 09:37:16 -06:00
91820ad1c3
logging to notes
2012-02-06 08:56:35 +01:00
858401463d
add exec timeout
2012-02-05 14:52:38 -05:00
53ec982385
download_exec_fix
2012-02-05 14:35:44 -05:00
1b7fffbf8a
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-05 07:30:08 -06:00
b2ae8a24dc
Fix go cow art (tabs are bad to align chars)
2012-02-05 02:20:31 -06:00
0dd3ad0efb
Remove naughty trailing commas
2012-02-05 02:03:49 -06:00
26f89f65bd
Fix the bug that causes store_loot() to run twice. Also, other minor format changes.
2012-02-05 02:00:03 -06:00
c2d1f64472
Merge branch 'master' of https://github.com/threatagent/metasploit-framework
2012-02-05 01:44:53 -06:00
db1e400dff
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-05 01:27:21 -06:00
e4faa33517
Fix a typo introduce in the usb dumper
2012-02-04 00:03:20 -06:00
0737ccb8e2
Remove nulls from the unicode drive name
2012-02-04 00:03:03 -06:00
df401f4c94
more fixes to backend stuff, plus updated vmware http login module to use
...
the correct mixin method now.
2012-02-03 15:44:41 -06:00
af506240cf
http_fingerprint reports service info
...
Service info once again is reported when http_fingerprint is run against
a target, along with http status codes.
2012-02-03 12:15:11 -06:00
ed34fd70fd
Modified (and tested) to work on Lion 10.7.2 and 10.7.3
2012-02-03 12:39:22 +02:00
786d75493c
Fix up VMWware webscan to not false positive
...
Checks to see if a target is actually vmware based on the provided
cookie, using the http_fingerprint() function from HttpClient.
[Fixes #6340 ]
2012-02-02 22:19:57 -06:00
c06b0f7e72
cleaning up an editor glitch.
2012-02-02 17:59:51 -06:00
bd407d2e01
Merge branch 'master' of https://github.com/threatagent/metasploit-framework
2012-02-02 16:53:23 -06:00
1a278c55b5
a bit more cleanup
2012-02-02 16:19:21 -06:00
45b58bea06
got rid of bmp generation
2012-02-02 16:07:27 -06:00
e96eceb145
Editing Javascript keylogger
2012-02-02 15:01:22 -06:00
7b3262958d
Merge branch 'master' of github.com:threatagent/metasploit-framework
...
Conflicts:
modules/auxiliary/server/capture/javascript_keylogger.rb
2012-02-02 14:58:23 -06:00
59a44f75ec
Updated Javascript Keylogger
2012-02-02 14:42:13 -06:00
d90fe9b9b7
add osvdb ref
2012-02-02 13:43:03 -06:00
aa44eb955e
Correct author e-mail format
2012-02-02 11:27:43 -06:00
1676bd3c4f
Add MSF License header. Use print once to print the whole table instead of running print multiple times. Show where the results are save.
2012-02-02 11:13:08 -06:00
f45528ec68
Update modules/auxiliary/server/capture/javascript_keylogger.rb
2012-02-02 10:33:33 -06:00
3bfb8b3c9d
Adding Javascript Keylogger
2012-02-02 10:30:55 -06:00
d230eeedc0
Merge branch 'mount.smbfs-creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-mount.smbfs-creds
2012-02-02 10:21:21 -06:00
e70f9151e5
Merge remote-tracking branch 'upstream/master'
2012-02-02 07:13:03 -06:00
6b29af5c23
Add user-agent check. Auto-migrate.
2012-02-02 03:11:10 -06:00
6be65acfe2
Merge branch 'CVE-2008-2551_c6_DownloaderActiveX' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-2551_c6_DownloaderActiveX
2012-02-02 02:54:02 -06:00
de675c349a
Upgrade exploit rank, because it fits the description
2012-02-02 02:49:06 -06:00
28b4f4b60d
Add Sunway ForceControl NetDBServer.exe Buffer Overflow (Feature #6331 )
2012-02-02 02:43:32 -06:00
82eacbe2fd
Added module for CVE-2008-2551
2012-02-01 23:26:28 +01:00
36e37e04fb
Fixes to post module cred reporting.
...
call to session.db_record.id would error if no db
was connected.
Fixes #6325
2012-02-01 12:26:35 -06:00
3f48e626a2
Adding a bunch of new VIM API auxiliary stuff
...
Work in progress.
2012-02-01 12:05:20 -06:00
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
4aa52203da
Renamed, switched partially to store_loot
2012-02-01 08:50:50 -08:00
890885d034
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-01 03:42:27 -06:00
98fbf84dac
Module should inform where the files are saved
2012-02-01 03:41:19 -06:00
0c2a18d765
Fix up reverse_tcp ipv6 stager for freebsd
2012-02-01 01:41:24 -06:00
29d8feaa24
Use the ADDR6 type, not ADDR
2012-02-01 00:58:08 -06:00
aed27a2f82
Add missing trailing quote
2012-02-01 00:54:42 -06:00
45a785fde0
Adds BSD IPv6 payloads and stagers
2012-02-01 00:54:42 -06:00
06f7165ee6
Add Metasploit license header (it's already MSF licensed)
2012-02-01 00:49:45 -06:00
f23ebbc7b5
Change how creds are displayed and saved
2012-02-01 00:48:14 -06:00
187f630283
Merge branch 'netrc-creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-netrc-creds
2012-01-31 22:45:47 -06:00
c3bd151197
add a ranking
2012-01-31 20:43:32 -06:00
47c7f47f4e
Merge branch 'master' of r7.github.com:rapid7/metasploit-framework
2012-01-31 20:38:30 -06:00
d9ee43d3dc
add disclosure date
2012-01-31 20:38:05 -06:00
a814a9dce7
add disclosure date
2012-01-31 20:35:58 -06:00
0ba7557865
Fix typo in seattlelab_pass.rb exploit.
...
Also remove the $ from the end of the regex which stopped
the exploit from being executed.
2012-01-31 21:09:51 +01:00
e392958d90
add osvdb ref
2012-01-31 07:06:33 -06:00
0b8987f2af
Merge results initialization fix
2012-01-31 01:29:44 -06:00
ec5fd723ba
Merge in additional IPv6 support for PHP payloads
2012-01-31 01:11:55 -06:00
b0df29c3ff
Switch to store_loot, since report_auth_info only works with Host
...
objects or IPs, currently (see
https://dev.metasploit.com/redmine/issues/6313 )
2012-01-30 23:08:02 -08:00
25fbe1c7d0
Merge branch 'master' of https://github.com/darkoperator/metasploit-framework
2012-01-30 19:57:29 -06:00
6068580813
Should fix the report_auth_info call -- needs a host, not a session. Be nice if it handled a session, though.
...
[See #146 ]
2012-01-30 19:23:05 -06:00
bfd4734cbf
Forgot to add CMD as a datastore option, here it is
2012-01-30 17:34:58 -06:00
24747e18e3
The directory path for the accounts.xml was not set properly for windows systems
2012-01-30 18:19:17 -04:00
08134ad600
Add Exploit-DB reference
2012-01-30 16:17:25 -06:00
f3c340a9ab
Add vBSEO proc_deutf() Remote Code Execution (Feature #6307 )
2012-01-30 16:15:27 -06:00
1dec4c0c45
These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE']
2012-01-30 13:08:35 -06:00
fed0df3552
Merge branch 'osx_x64_exec' of https://github.com/argp/metasploit-framework into argp-osx_x64_exec
2012-01-30 11:01:03 -06:00
a0ac4125cd
Add aux module CMS400 default pass scanner (feature #6301 )
2012-01-30 10:40:59 -06:00
1b03a48540
Use desired [at] format for email
2012-01-30 08:21:58 -08:00
16610d8852
Update email address to use desired [at] format
2012-01-30 08:05:08 -08:00
4e1029ae8b
Execute (execve) arbitrary command payload for Mac OS X x64
2012-01-30 11:01:57 +02:00
21a05ce1d6
Fix bug: NoMethodError undefined method `report_vm' ( #6298 )
2012-01-30 00:44:45 -06:00
ce7f93f5d9
Merge pull request #138 from claudijd/master
...
Added Sequence Filters and MSF Exploit Capture to BNAT Scan
2012-01-29 22:07:25 -08:00
37d467ea79
Loot .netrc files, generic enum_user_directories
2012-01-29 14:03:57 -08:00
5294fb57a4
Add post module to obtain SMB credentials stored for mount.smbfs
2012-01-29 12:04:26 -08:00
dda3453ac7
Correct a typo
2012-01-28 23:33:26 -06:00
774862508e
Handle another common error type
2012-01-28 23:31:20 -06:00
88298cf847
Added Sequence Filters and MSF Exploit Capture
...
-Sequence Filters (No More False Positives)
-Msf::Exploit::Capture (Use built-in MSF libs over manual threading)
-Immediate Feedback (Don't need to wait until complete to print results)
-Timeout (Includes user configurable timeout)
2012-01-28 22:44:12 -06:00
54ffb01080
This module should use the default list of tomcat users
2012-01-28 18:13:34 -06:00
ca7aa21202
Removed schema features from database hashdump modules
...
now that there are dedicated schemadump modules.
2012-01-28 16:55:39 -06:00
5a095e8ef5
Fixes for PCA modules
2012-01-28 14:35:07 -06:00
c63c7393e3
Print status output
2012-01-28 13:52:38 -06:00
f3eb78199b
Add TCP-based PCA probe
2012-01-28 13:52:38 -06:00
fbac9a7239
Forgot to remove this comment
2012-01-28 13:18:15 -06:00
2d7852ddef
Merge PCA scans into udp_sweep/udp_probe
2012-01-28 13:05:24 -06:00
4cd38c5555
Adds login scanner module for VMware Server and ESX
2012-01-27 16:23:56 -06:00
7b866eee86
Use the proper function for verbose prints
2012-01-27 12:50:01 -06:00
a2d20e25d3
Fix a regression in the workspace inclusion code (only affected
...
non-DB-connected instances). Add a PCA UDP scanner
2012-01-27 12:36:13 -06:00
64651e52a8
Credit Shane of X-Force for the discovery
2012-01-27 11:18:34 -06:00
c5e667a1dc
Post Module to enumerate VirtualBox VMs for the current user.
2012-01-27 11:12:59 -06:00
0e0aa33c47
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-27 11:12:35 -06:00
56be45f3a4
A few minor fixes to the find vmx module
2012-01-27 11:12:17 -06:00
b4e2228404
Fix exitfunc option name
2012-01-27 09:15:31 -06:00
298b94d397
Add MS12-004 MIDI Heap Overflow Remote Code Execution Exploit (CVE-2012-003)
2012-01-27 03:48:39 -06:00
a4c876a424
No need to manually add VERBOSE as an option, it already is (built-in)
2012-01-27 02:17:59 -06:00
3f4dbd9df6
Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework
2012-01-27 01:58:42 -06:00
efda420e5f
Updates to enum_artifacts
2012-01-26 19:35:39 -05:00
9b78b6bd17
Hmm, the indent level of the description looks a bit funny. Fixing.
2012-01-26 17:24:05 -06:00
494c37c659
Adds a Multi-System post module for finding VMWare Virtual Machines
2012-01-26 16:25:50 -06:00
5afc164c39
Merge branch 'vm-stuff'
2012-01-26 13:04:44 -06:00
fe22090a12
Correct e-mail format
2012-01-26 13:04:38 -06:00
33c53b1f3f
Updates vm checking
2012-01-26 13:02:39 -06:00
3952a06292
Minor changes
2012-01-26 11:35:43 -06:00
8ce4ad49de
Correct e-mail format
2012-01-26 11:24:38 -06:00
67274e2e85
Merge branch 'hp_magentservice' of https://github.com/linuxgeek247/metasploit-framework into linuxgeek247-hp_magentservice
2012-01-26 11:00:36 -06:00
d0d964d8ab
Adds an error message if the module couldn't conenct to the target.
...
Fixes #6278
2012-01-26 10:56:07 -06:00
31fb7e7b28
Fallback to writing a new file if resuming fails
2012-01-25 14:49:30 -06:00
1af6740b24
Initial checking of hp_magentservice module
2012-01-25 13:04:30 -05:00
76ebbc48ec
Update modules/post/windows/gather/dumplinks.rb
2012-01-24 23:16:40 -06:00
49be9996bc
Merge remote-tracking branch 'upstream/master'
2012-01-24 20:23:58 -06:00
35de6a593b
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:14:10 -06:00
2e2726c3c0
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:06:49 -06:00
88b1cd6891
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:03:33 -06:00
71648159a8
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:00:47 -06:00
a20bd78f75
Adding html_frame_payload.rb
2012-01-24 16:56:32 -06:00
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00
7ec5f98480
Adding jhart's natpimp libary and modules.
...
Made some minor corrections -- dropped the #vim splats, switched to msf
constants for service open etc, namely.
[See #106 ]
2012-01-24 10:32:30 -06:00
2f3e976173
Actually fix ruby loop syntax on d20pass
2012-01-24 10:08:19 -06:00
fc00398330
Yup, that's better
2012-01-23 16:02:35 -06:00
39a2a894ee
Fix fh, trailing comma, and ruby loop syntax
2012-01-23 15:15:49 -06:00
ea9e9852cf
ah man, typo!
2012-01-23 11:59:13 -06:00
621567dcc8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-23 11:56:50 -06:00
afc547e0fb
Improve: Proper use of cmd_exec() and correct cmd path. More error handling for exec and rm. Fix bug with path setting, etc.
2012-01-23 11:54:19 -06:00
455bcda6e8
Print the port so we know which http service
2012-01-23 10:17:32 -07:00
60d5f6d0bd
Merge branch 'download_and_execute' of https://github.com/sempervictus/metasploit-framework into sempervictus-download_and_execute
2012-01-23 10:28:27 -06:00
c6eb104132
bug fix for hardcoded max command length
2012-01-23 10:24:22 +02:00
5671e2f691
Downloand and execute (railgun)
2012-01-22 23:25:49 -05:00
34491970b3
Adds a new VMWare Authentication Daemon login scanner module.
2012-01-22 15:39:53 -06:00
bcb19ab0a3
Fixes an issue with smb_login not properly dealing with abritrary guest access
...
on Samba.
2012-01-22 01:35:36 -06:00
06b1bffcea
Addresses an issue with udp sweep module that recorded services
...
from non-specified hosts when they respond to broadcast probes.
2012-01-20 15:34:15 -06:00
be906023dc
one register_options() should be fine.
2012-01-20 13:02:54 -06:00
d6566aa818
Add CVE-2011-4050 7-Technologies IGSS 9 IGSSdataServer.exe DoS module (Feature #6267 )
2012-01-20 12:57:13 -06:00
bbb4205683
Set default maxpage to 1, because it's faster.
2012-01-20 11:09:38 -06:00
5631774d92
Fix bug: NoMethodError undefined method `each' for nil:NilClass (line 155)
2012-01-20 10:58:02 -06:00
9e5d2ff60e
Improve URI, plus some other minor changes.
2012-01-19 13:26:25 -06:00
ca51492079
Merge branch 'master' of https://github.com/joernchen/metasploit-framework into joernchen-master
2012-01-19 13:17:06 -06:00
292332d355
Add some error handling for tns_version method
2012-01-19 13:03:19 -06:00
2199cd18d7
fine tuning thx to sinn3r
2012-01-19 19:50:30 +01:00
df9380500a
disclosure date added
2012-01-19 19:19:53 +01:00
8ce47ab832
Changing license for KillBill module
...
Talked with Solar Eclipse, and he's consented to change his module
license from GPL to BSD, thus striking a blow for freedom. Thanks!
2012-01-19 11:39:56 -06:00
a75b373d7a
Fixing e-mail format for antispam
2012-01-19 10:58:25 -06:00
ed3191bcfe
Adding d20pass module
2012-01-19 10:58:16 -06:00
197eb16f72
gitorious remote command exec exploit
2012-01-19 11:36:08 +01:00
bb035bfec2
Fix up API option names so they can be set globally
2012-01-18 15:05:39 -06:00
ad6f8257e1
MSFTidy fixes.
2012-01-18 15:01:32 -06:00
d6e8f0b54d
Add Felipe as an author (plus a reference) because looks like the PoC originally came from him.
2012-01-18 13:33:27 -06:00
064a71fb1d
Add CVE-2011-3167 HP OpenView NNM exploit (Feature #6245 )
2012-01-18 12:05:18 -06:00
9fe18cdc86
Add x64 LoadLibraryA payload. Because it should exist.
2012-01-17 21:16:26 -06:00
e4ed3c968d
Add OSVDB and BID references
2012-01-17 18:16:47 -06:00
75f543f3eb
Hilarious, I forgot to change the disclosure date.
2012-01-17 18:11:18 -06:00
7d9ba6f5e9
Fix bug #6256 : uninitialized class variable error
2012-01-17 17:58:53 -06:00
2e8122dc88
Better MSF style compliance
2012-01-17 14:54:50 -06:00
a682e68073
Add CVE-2011-4786 HP Easy Printer Care XMLCacheMgr exploit (Feature #6246 )
2012-01-17 12:28:47 -06:00
4f16caed0f
Change naming style for MS type bug
2012-01-17 03:00:07 -06:00
5761035371
This payload shouldn't be in here. Instead of adding a new one, exec.rb should be fixed
2012-01-16 22:41:27 -06:00
d5443159d7
Merge pull request #110 from jhartftw/soap_xml_6249
...
Improvements to auxiiliary/scanner/http/soap_xml to (#6249 )
2012-01-16 18:19:33 -08:00
7b8bfd401e
Merge branch 'argp-osx_mozilla_mchannel'
2012-01-16 20:02:35 -06:00
eb5641820f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-16 19:56:10 -06:00
618097ba3d
Whitespace and keyword cleanup
2012-01-16 19:55:27 -06:00
17ffc06f60
Merge branch 'osx_mozilla_mchannel' of https://github.com/argp/metasploit-framework into argp-osx_mozilla_mchannel
2012-01-16 19:35:29 -06:00
d2dbf6007e
Merge pull request #111 from jhartftw/arp_poisoning_6250
...
Bug #6250
2012-01-16 17:34:11 -08:00
c15e7da0b8
Add ZDI-12-012 McAfee SaaS ShowReport code execution
2012-01-16 18:44:11 -06:00
fe901b3fb2
Clean up error messages when LOCALSIP isn't defined. Remove
...
now-duplicated code is_ipv4?, clarify SMAC error messages.
2012-01-16 14:32:15 -08:00
4689421201
Correct variable naming style
2012-01-16 16:03:48 -06:00
6a057560fa
Improvements to auxiiliary/scanner/http/soap_xml to:
...
* Detect additional SOAP faults to reduce false positives
* More obviously support SSL
* Report http/https
* Make it obvious when a SOAP endpoint falls over mid-scan
* Add a few more nouns/verbs
* Add an optional SLEEP to play nice with old/slow SOAP endpoints
https://dev.metasploit.com/redmine/issues/6249
2012-01-16 12:27:17 -08:00
11fc423339
Merge pull request #102 from cbgabriel/bsplayer-m3u
...
modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-16 11:24:48 -08:00
14a35da0fd
Merge pull request #104 from swtornio/master
...
add osvdb ref
2012-01-13 13:26:24 -08:00
4ac6c0c3ee
A great big pile of fixes to the ssh scanners
...
Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have been merged in prior to
just now.
2012-01-13 13:49:21 -06:00
bd31f3f480
add osvdb ref
2012-01-13 13:21:33 -06:00
d52df50a77
Drop a spurious print_error line from smtp_version
2012-01-13 11:46:56 -06:00
2eb35728f6
Randomize nops
2012-01-12 18:37:25 -06:00
ffe81584d1
updated author
2012-01-12 19:02:34 -05:00
e42e0004a9
Merge branch 'ms05_054_onload' of https://github.com/SamSharps/metasploit-framework into SamSharps-ms05_054_onload
2012-01-12 17:46:50 -06:00
a8ef3417b5
Fixed the date
2012-01-12 20:54:55 -06:00
e75e23b963
Removed more unused variables and fixed some formatting
2012-01-12 18:13:28 -06:00
f22f54034a
Removed unused variables
2012-01-12 18:05:54 -06:00
87ee6905df
Modified exploit to not need egg hunter shellcode
2012-01-12 18:01:22 -06:00
6ad2eda24c
Windows artifacts module
2012-01-12 17:26:35 -06:00
02bd1f3407
Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework
2012-01-12 17:06:14 -06:00
ad0b745b31
new file: modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-12 16:12:43 -05:00
6234d13f7c
Added Schema Dump Module for Postgres
2012-01-12 15:20:46 -05:00
cb146f9021
Used msf library for digest, fixed name.
2012-01-12 12:49:50 -05:00
a3749f1d80
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-11 12:17:11 -08:00
52be1c3a7a
Add schemadump module for MySql
2012-01-11 12:16:22 -08:00
500cfa6dd1
Removing telnet_encrypt_keyid_bruteforce.rb to unstable
...
can't ship for a few problems, will be fixed up soonish but
about to release a build.
2012-01-11 14:00:42 -06:00
1a03777538
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-11 09:11:48 -08:00
8c594798d7
Fix to the AIX jtr module title.
2012-01-11 09:11:23 -08:00
092b226cce
Updating tns_auth_sesskey to use a user-supplied SID
...
Applying the patch suggested by Lukas, here: http://mail.metasploit.com/pipermail/framework/2012-January/008374.html
2012-01-11 07:31:36 -06:00
13069990eb
Added module for dumping schema information from Microsoft SQL Server
...
and storing it as loot and notes.
2012-01-10 15:32:09 -08:00
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
ed0dbad243
Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.
...
Fixes #6066
2012-01-10 12:32:47 -08:00
bc9014e912
Add new v3.4 target by Michael Coppola (Feature #6207 )
2012-01-09 23:51:11 -06:00
b76767669c
Update Nenad's author name and e-mail
2012-01-09 20:14:47 -06:00
90eb2b9a75
Add CVE-2011-4862 encrypt_key_id using the brute-force method (Feature #6202 )
2012-01-09 19:35:06 -06:00
8eee54d1d0
Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb)
2012-01-09 14:23:37 -06:00
eeb3a442de
whitespace correctly smtp_version.rb
2012-01-09 14:11:10 -06:00
15990efd85
Removing useless (?) begin/rescue from smtp_version
...
Let the scanner mixin handle the exceptions.
2012-01-09 14:11:10 -06:00
e7d7302644
Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal.
2012-01-09 11:22:44 -06:00
e12d5588c6
Set data on webdav scanner notes to include webdav path.
...
'Enabled' in the data field was useless since the note existing
already tells you webdav is enabled.
The path that webdav was running on wasn't kept anywhere though.
2012-01-09 08:33:45 -08:00
5a20b7d7ac
Fixed small typo
2012-01-09 14:19:00 +02:00
9a62b41ab7
Mac OS X x86 payload that executes Calculator.app
2012-01-09 12:12:20 +02:00
5d359785ae
Firefox 3.6.16 mChannel exploit for Mac OS X 10.6.8, 10.6.7 and 10.6.6
2012-01-09 12:10:25 +02:00
03a39f7fe8
Whitespace cleanup, also change print_status usage when verbose
2012-01-09 02:21:39 -06:00
2f9d563067
Update reference
2012-01-09 02:14:29 -06:00
a1668f2b23
Adds SSHKey gem and some other ssh goodies
...
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.
Squashed commit of the following:
commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 22:23:32 2012 -0600
Updates ssh credentials to easily find common keys
Instead of making the modules do all the work of cross-checking keys,
this introduces a few new methods to the Cred model to make this more
universal.
Also includes the long-overdue workspace() method for credentials.
So far, nothing actually implements it, but it's nice that it's there
now.
commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 20:10:40 2012 -0600
Adding back cross-checking for privkeys.
Needs to test to see if anything depends on order, but should
be okay to mark up the privkey proof with this as well.
commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 16:49:56 2012 -0600
Add SSHKey gem, convert PEM pubkeys to SSH pubkeys
commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 13:51:55 2012 -0600
Store pubkeys as loot for reuse.
Yanked cross checking for now, will drop back in before pushing.
commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 02:10:12 2012 -0600
Fixes up a couple typos in ssh_identify_pubkeys
commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date: Sat Jan 7 17:18:33 2012 -0600
Updates to ssh_identify_pubkeys and friends
Switches reporting to cred-based rather than note-based, accurately deal
with DSA keys, adds disable_agent option to other ssh modules, and
reports successful ssh_login attempts pubkey fingerprints as well.
This last thing Leads to some double accounting of creds, so I'm not
super-thrilled, but it sure makes searching for ssh_pubkey types a lot
easier.... maybe a better solution is to just have a special method for
the cred model, though.
2012-01-08 22:28:37 -06:00
243dbe50f0
Correct author name. Unfortunately not all editors can print unicode correctly.
2012-01-07 15:18:25 -06:00
181fe2d925
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-07 15:14:30 -06:00
4e858aba89
Add CVE-2012-0262 Op5 welcome.php Remote Code Execution
2012-01-07 15:13:45 -06:00
4645c1c2b9
Add CVE-2012-0261 Op5 license.php Remote Code Execution
2012-01-07 15:12:49 -06:00
b12baccc49
Quick update, added a research option
2012-01-07 01:13:23 -06:00
6d401b48d1
Fix typo
2012-01-07 00:02:51 -06:00
Tod Beardsley
sinn3r
sinn3r
James Lee
Steve Tornio
Tod Beardsley
Willis Vandevanter
corelanc0d3r
Kurtis Miller
Jonathan Cran
Oliver-Tobias Ripka
Patrick Webster
ohdae
Gregory Man
David Maloney
Maciej Kotowicz
HD Moore
Joshua J. Drake
Efrain Torres
juan
HD Moore
Matt Buck
Rob Fuller
Jon Hart
bperry-r7
m-1-k-3
RageLtMan
Patroklos Argyroudis
Marcus J. Carey
Marcus J. Carey
Oliver-Tobias Ripka
Carlos Perez
Jonathan Claudius
Stephen Haywood
Christopher McBee
Dave Hull
joernchen of Phenoelit
scriptjunkie
root
root
Sam Sharps