infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,013 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

173 Commits (18b96c6f3bccf53b57dbe09a48edf4da4a176d84)

Author SHA1 Message Date
HD Moore 1bb9470e59 Adds the ability to set the cookies, authentication, and arbitrary headers 
git-svn-id: file:///home/svn/framework3/trunk@13195 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-16 13:29:28 +00:00
James Lee c32ac59580 explicitly return the resultant session 
git-svn-id: file:///home/svn/framework3/trunk@13172 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-14 19:42:03 +00:00
Matt Weeks bcfbcfec30 Because Program Files (x86) has spaces in it. 
git-svn-id: file:///home/svn/framework3/trunk@13163 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-13 21:54:22 +00:00
Tod Beardsley b9c5835b5e Touching up the ssh key login module to be smarter about duplicate user names, not be so chatty in its messaging to the console, deal with whitespace, and avoid storing duplicate keys when we don't need to. 
git-svn-id: file:///home/svn/framework3/trunk@13162 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-13 20:51:18 +00:00
Tod Beardsley dc84ee6aab More fixups for ssh_login_pubkey and special handlers for long strings of keys. 
git-svn-id: file:///home/svn/framework3/trunk@13156 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-12 20:58:25 +00:00
HD Moore 90ced404b3 Updates to the jtr code, supports ruby 1.8.7 now, fixes #4908 
git-svn-id: file:///home/svn/framework3/trunk@13149 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-11 01:07:46 +00:00
HD Moore 7754f0d8f2 This commit adds a basic "analyzer" module for creds 
git-svn-id: file:///home/svn/framework3/trunk@13136 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-09 02:14:24 +00:00
Tod Beardsley 238d256ecb Works around a race condition that sometimes triggers when running multiple AuthBrute modules concurrently. 
git-svn-id: file:///home/svn/framework3/trunk@13078 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-30 19:24:14 +00:00
Tod Beardsley 0818a856b6 Some fixups for some new AuthBrute hotness. 
git-svn-id: file:///home/svn/framework3/trunk@13075 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-30 06:52:52 +00:00
Tod Beardsley 824022fde3 Adds a more universal print_error message for :abort in auth_brute.rb 
git-svn-id: file:///home/svn/framework3/trunk@13005 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-22 20:53:51 +00:00
Tod Beardsley 6827495d17 Adds a # of passwords per username limiter to authbrute. 
git-svn-id: file:///home/svn/framework3/trunk@12970 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-18 04:14:06 +00:00
Tod Beardsley db1619d035 Rejiggers the max credentials limiter a little, and adds a max time limiter per service. 
git-svn-id: file:///home/svn/framework3/trunk@12967 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-17 22:40:25 +00:00
Tod Beardsley 70f185f76e Whitespace adjustments on auth_brute. 
git-svn-id: file:///home/svn/framework3/trunk@12960 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-16 22:33:08 +00:00
Tod Beardsley ab37580056 Refactored the AuthBrute mixin some to make the each_user_pass function a little cleaner and easier to maintain. 
And maintain it I shall! Added in a standardized print_brute method to normalize the AuthBrute output to always include host, port, proto, and number of guesses over number remaining.

Also adds support for a MaxGuessesPerService datastore option for AuthBrute modules.

Currently, only ssh_login supports the new stuff, but now it's just a conversion matter. Will get to that in a bit.




git-svn-id: file:///home/svn/framework3/trunk@12958 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-16 22:08:45 +00:00
HD Moore c5c679cdb7 Remove all calls to framework.db.sync and make this method a no-op now that the task manager is no longer used. 
git-svn-id: file:///home/svn/framework3/trunk@12708 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-25 00:30:03 +00:00
Tod Beardsley 81e1b41840 Fixes #4578. If the user has Nokogiri of a reasonable version installed, use that to parse Nmap-created XML documents. Otherwise, fall back to the existing REXML parser. 
git-svn-id: file:///home/svn/framework3/trunk@12702 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-24 19:40:50 +00:00
Tod Beardsley 056cde292f Deprecate the exploited_host table. Vulns that indicate a successful exploit without opening a session should set the :exploited_at timestamp. 
git-svn-id: file:///home/svn/framework3/trunk@12623 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-15 22:19:00 +00:00
HD Moore 1904e446b2 Change this back to cooincide with autoload revert 
git-svn-id: file:///home/svn/framework3/trunk@12602 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-12 20:11:43 +00:00
HD Moore 9ce47c01bd Reverting the autoload changes until we can upgrade to a new ActiveSupport library or find a workaround 
git-svn-id: file:///home/svn/framework3/trunk@12600 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-12 20:03:55 +00:00
HD Moore 95d802754b Rework to avoid a warning 
git-svn-id: file:///home/svn/framework3/trunk@12598 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-12 19:26:11 +00:00
Joshua Drake fd4e6db85d Fixes 4373, Migrates lib/msf to use autoload instead of require (first try) 
git-svn-id: file:///home/svn/framework3/trunk@12596 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-12 19:07:35 +00:00
James Lee 06779bc8c0 remove unnecessary requires for stuff in rex. autoload and a high-level require 'rex' in lib/msf/core.rb should take care of everything. see #4371, #4373, r12587, and r12554. 
git-svn-id: file:///home/svn/framework3/trunk@12588 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-12 00:53:33 +00:00
HD Moore d98f8dfd89 Make it clear that all Rex::IO::Stream implementations must accept a second parameter called opts for the read, write, and put methods 
git-svn-id: file:///home/svn/framework3/trunk@12515 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-02 21:39:09 +00:00
James Lee 178ae10e22 make sure telnet sessions use crlf for write() as well as put() 
git-svn-id: file:///home/svn/framework3/trunk@12494 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-01 23:56:57 +00:00
Tod Beardsley 905044b03b Sources credentials gained from exploits by a session ID directly, rather than going through the ExploitedHost table. 
git-svn-id: file:///home/svn/framework3/trunk@12435 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-25 21:01:24 +00:00
HD Moore 07fb337ad9 Fix the actual thread cap 
git-svn-id: file:///home/svn/framework3/trunk@12378 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-20 17:56:38 +00:00
Tod Beardsley 8b5d004997 Adding an nmap version checker so NSE modules can tell if it's okay to run or not. 
git-svn-id: file:///home/svn/framework3/trunk@12357 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-18 19:52:13 +00:00
HD Moore f3717302cd Fixes #4073 by applying a patch from Francois Ropert for parsing DMVPN keys from Cisco configuration files 
git-svn-id: file:///home/svn/framework3/trunk@12248 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-05 15:45:01 +00:00
Tod Beardsley 46dfafa81f Fixes #3987. Don't raise on the attr set, raise when the command actually wants to get run. 
git-svn-id: file:///home/svn/framework3/trunk@12063 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-21 20:52:08 +00:00
David Rude cf04b2f387 fix a stack trace if nmap is not installed 
git-svn-id: file:///home/svn/framework3/trunk@12062 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-21 20:11:12 +00:00
Tod Beardsley f2057f54a8 De-dup'ed get_link_filter() in the crawler module. Added some comment 
docs on crawler_process_page(). Nothing exciting.



git-svn-id: file:///home/svn/framework3/trunk@12010 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-17 21:21:21 +00:00
Tod Beardsley ecb89c785b Actually use the API for appending command line arguments for nmap. 
git-svn-id: file:///home/svn/framework3/trunk@11970 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-15 21:59:35 +00:00
Tod Beardsley 292f357f7a Moving requires from oracle_login to nmap. Duh. 
git-svn-id: file:///home/svn/framework3/trunk@11966 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-15 20:46:03 +00:00
Tod Beardsley 9e15c487b5 Adding pid info for nmap. 
git-svn-id: file:///home/svn/framework3/trunk@11964 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-15 18:31:17 +00:00
Tod Beardsley 6e0e23f5ba Fixups on the Oracle/Nmap stuff. Adding back in the Scanner module, since it has some handy process mgmt functions. 
git-svn-id: file:///home/svn/framework3/trunk@11960 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-14 22:13:57 +00:00
Tod Beardsley e073a3a01c Fixes #3941. This should deal with the path problems I ran into on Windows. otherwise, works like a champ, so resolving. 
git-svn-id: file:///home/svn/framework3/trunk@11951 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-14 03:31:40 +00:00
Tod Beardsley b68396351a See #3941. This is a first attempt at supporting driving nmap via a metasploit module. It's a somewhat hefty checkin that includes the Nmap auxiliary mixin as well as an oracle login bruteforce module that uses it. 
This definitely needs to be tested on Win32 before it can be called f i x e d, due to the differences between the nmap binaries and the way files are created and used.

Also, the oracle_login scanner could use another once-over for error handling -- don't rely on that yet.

Once this all works the way I expect, I'll document the procedure more thoroghly so people can take advantage.



git-svn-id: file:///home/svn/framework3/trunk@11948 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-13 22:52:50 +00:00
HD Moore 424adcd74d Remove the near-worthless loot report message 
git-svn-id: file:///home/svn/framework3/trunk@11839 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-26 18:07:48 +00:00
HD Moore c204f38e84 Remove the near-worthless loot report message 
git-svn-id: file:///home/svn/framework3/trunk@11838 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-26 18:07:25 +00:00
HD Moore 9bc2a2cd3a Store keystrokes as loot 
git-svn-id: file:///home/svn/framework3/trunk@11835 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-26 04:54:45 +00:00
Tod Beardsley 57966c66d8 This allows for blank usernames in the normal case, as well as a domain/<blank> sort of construct for smb logins. 
git-svn-id: file:///home/svn/framework3/trunk@11820 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-24 20:42:14 +00:00
Jonathan Cran a8de0591b2 vhost should be used when it's available 
git-svn-id: file:///home/svn/framework3/trunk@11761 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-17 02:16:20 +00:00
et d26e955e69 Test unique forms wmap 
git-svn-id: file:///home/svn/framework3/trunk@11747 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-13 04:36:00 +00:00
Tod Beardsley 749e9215bc Adding smcintyre's patch for allowing for AuthBrute to automatically generate a password the same as a username. Thanks! 
git-svn-id: file:///home/svn/framework3/trunk@11731 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-09 01:46:27 +00:00
HD Moore 070f48e16a Work around some weirdness between report_website and report_host not accepting hostnames as :host by forcing :host to be the address 
git-svn-id: file:///home/svn/framework3/trunk@11723 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-08 17:32:37 +00:00
et baab86fc52 WMAP 1.0 and first pass on some modules 
git-svn-id: file:///home/svn/framework3/trunk@11709 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-04 05:57:26 +00:00
James Lee de7ad3f111 unbreak store_loot 
git-svn-id: file:///home/svn/framework3/trunk@11677 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-30 19:11:27 +00:00
James Lee 1ee9b205b8 session -> address is now taken care of by the underlying db.rb, don't bother in Auxiliary::Report 
git-svn-id: file:///home/svn/framework3/trunk@11667 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-29 02:44:32 +00:00
James Lee 5429c73b3b don't try to store to the database if there isn't one. fixes #3540 
git-svn-id: file:///home/svn/framework3/trunk@11594 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-17 23:41:01 +00:00
Joshua Drake 40fa5eebaf Don't convert the timeout to an integer, it makes 0.1 -> 0 svn status eek. See #3483 
git-svn-id: file:///home/svn/framework3/trunk@11536 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-10 19:42:58 +00:00