Commit Graph

11692 Commits (2d7852ddef1ab774ffaa7cbbb5584724d1e99770)

Author SHA1 Message Date
HD Moore f9224d6010 Adds basic coverage for CVE-2011-4862. Ported from Jaime Penalba
Estebanez's code, mostly written by Brandon Perry, exploit method (jmp
edx) by Dan Rosenberg, and general mangling/targets by hdm.
2011-12-27 23:37:30 -06:00
chao-mu ffcf5af9b0 Merge remote branch 'upstream/master' 2011-12-27 22:06:51 -05:00
HD Moore 2ad5c56d48 Typo in comment 2011-12-27 19:11:09 -06:00
HD Moore 617f3250cf Handle patched systems accurately (requires actually triggering the bug) 2011-12-27 19:04:34 -06:00
HD Moore f8e3119215 Add references 2011-12-27 17:50:06 -06:00
David Maloney a2760b219d Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-27 11:34:36 -08:00
David Maloney 9b995bc0a5 Adds boundary validation to the framework
enforces boudnary checking on netbios probes
2011-12-27 11:33:52 -08:00
Jonathan Cran b409560088 bring up to date with master 2011-12-27 11:33:08 -06:00
sinn3r 101eba6aa5 Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151) 2011-12-27 00:59:26 -06:00
James Lee 80603e03cb grab the appropriate shell from mult-platform meterpreters and use /bin/sh instead of /bin/bash for linux to improve compatibility, fixes #5996 2011-12-26 14:41:24 -07:00
David Maloney 05f3af1e77 Fixed typo in the windows autlogin post module 2011-12-26 11:17:17 -08:00
alhazred 39b365702f rename non existent local variable 'options' to correct session.options 2011-12-26 21:40:46 +13:00
sinn3r a00937b4d8 Fix typo. 2011-12-24 15:32:08 -06:00
sinn3r 87cf4cefea Fix bug #6164 2011-12-24 15:26:20 -06:00
sinn3r 062f661991 Fix bug #6161 - Must explicitly convert e to e.to_s 2011-12-24 15:11:26 -06:00
sinn3r 8a705c9223 Fix bug #6158 - session.db_record might return nil but wasn't checked 2011-12-24 15:06:43 -06:00
chao-mu 1604162ba3 A place to add railgun convenience code for use in modules 2011-12-24 15:59:46 -05:00
sinn3r dcb66307be Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-24 14:58:40 -06:00
sinn3r 2e2e28afb8 Fix bug #6160 - undefined method '[] for nil:NilClass' due to an invalid path 2011-12-24 14:57:46 -06:00
Tod Beardsley 06077a37f8 Fixes typo, variable name is paths not path. 2011-12-24 14:39:08 -06:00
Tod Beardsley c44e6701f3 Merge pull request #81 from swtornio/master
add osvdb ref
2011-12-24 09:22:15 -08:00
Steve Tornio 4215ef3ae1 add osvdb ref 2011-12-24 06:54:39 -06:00
sinn3r 3fe076bcd6 Check nil before using .empty? 2011-12-23 17:42:58 -06:00
steponequit 69570dada6 Add CVE-2008-2161 OpenTFTP SP 1.4 Buffer Overflow by steponequit 2011-12-23 16:28:36 -06:00
sinn3r 3b0b02fdcd Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-23 16:26:18 -06:00
Michael Boman 1102d56a27 Incorporating mboman's save credentials
I don't think the use of the constant is a show stopper since it is
identical to the existing Nessus plugin scheme as well. It doesn't make
it right but it's not a reason to block. Both should be fixed some time.

Made a handful of minor edits regarding file handle management, and also
noted that the act of saving nexpose credentials will always cause the
SSL nag screen to not display.

Thanks for the implementation, mboman!

[Closes #57] [Fixes #6156]

Squashed commit of the following:

commit 8d421ab8e3004bcb67e156b45f1355a608e0320c
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:55:35 2011 -0600

    Adds a comment note about bypassing the SSL verify warning

commit fd956b380f14bbb394f36b0a3c565906f9aed869
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:53:29 2011 -0600

    Changing file write mode from w+ to wb.

commit d884c87482b033b7200d5045ba5f9b2d910f4aa8
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:15:46 2011 -0600

    ::File instead of File throughout

commit 6d72f87e8f175f088ac7beeb80742d50ab01b38a
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:14:54 2011 -0600

    Space change

commit f6f3527595379ba11b3be4341a0c620b06340fbb
Merge: a978d19 2335614
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:13:12 2011 -0600

    Merge branch 'master' of github_r7:rapid7/metasploit-framework into mboman_nexpose

commit a978d1962f756f507fdabb988380a7ecf3ce76bb
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:12:51 2011 -0600

    Minor fixups mostly around ::File handling.

commit bddd0249b956c3e2c960b0bd6028b88e6e99eac5
Merge: 2ddc161 bb2ea62
Author: Michael Boman <michael@michaelboman.org>
Date:   Fri Dec 16 08:39:10 2011 +0100

    Merge branch 'master' of git://github.com/rapid7/metasploit-framework into nexpose

commit 2ddc1616714b37e89415195b2a9ef9c569e4065e
Author: Michael Boman <michael@michaelboman.org>
Date:   Wed Dec 14 11:44:29 2011 +0100

    msftidy cleanup (whitespace after EOL)

commit b202c7ff3a61ac450c181d4f60b01923bad9625f
Author: Michael Boman <michael@michaelboman.org>
Date:   Wed Dec 14 11:28:13 2011 +0100

    Removed a ncusage call

commit 45da9728d1867b04ce557521650abbc41753165e
Author: Michael Boman <michael@michaelboman.org>
Date:   Wed Dec 14 09:19:58 2011 +0100

    Fixed indenting, removed ncusage function until later...

commit e9f03aafba7db0d907c431eca3a3b55672437ea4
Merge: 41d3fae 8dc85f1
Author: Michael Boman <michael@michaelboman.org>
Date:   Wed Dec 14 07:35:17 2011 +0100

    Merge branch 'master' of git://github.com/rapid7/metasploit-framework into nexpose

commit 41d3fae61b9501179d5b474de018ea370ae90192
Merge: 63b6f38 d87d8d5
Author: Michael Boman <michael@michaelboman.org>
Date:   Tue Dec 13 20:07:34 2011 +0100

    Merge branch 'master' of git://github.com/rapid7/metasploit-framework into nexpose

commit 63b6f3873d466b7c6e4f3be5f0cea0a2a72e46f9
Merge: b3b7be4 cfa128a
Author: Michael Boman <michael@michaelboman.org>
Date:   Tue Dec 13 17:01:06 2011 +0100

    Merge branch 'master' of git://github.com/rapid7/metasploit-framework into nexpose

commit b3b7be4594eedbb82424e89ad44372dd71a0c507
Author: Michael Boman <michael@michaelboman.org>
Date:   Tue Dec 13 16:54:54 2011 +0100

    Nexpose plugin can now save/load credentials
2011-12-23 16:12:34 -06:00
Tod Beardsley 23356141fb Merge branch 'master' of github_r7:rapid7/metasploit-framework 2011-12-23 12:25:54 -06:00
scriptjunkie 1e811aed02 Adds scriptjunkie's multilingual admin fie for pxexploit
Also removes duplicated code between external/source/exploits/pxesploit
and external/source/pxesploit.

[Closes #63]

Squashed commit of the following:

commit 325f52527233ded1bf6506c366ec8cb9efdc2610
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date:   Fri Dec 16 12:14:18 2011 -0600

    Jetzt auf Deutsch! y español! 中國人!
    [update pxexploit to resolve administrators' group name rather than assume the English 'Administrators']
    Also remove duplicate/old pxexploit source code from the tree.
2011-12-23 12:24:45 -06:00
steponequit 84c6739921 added initial opentftp 1.4 windows exploit 2011-12-23 11:27:11 -06:00
sinn3r 41697440c7 Add Oracle Job Scheduler Command Execution (CreateProcessA) - Feature #6079 2011-12-23 01:22:39 -06:00
Tod Beardsley 35e868f705 Merge pull request #67 from kernelsmith/railgun-add_const_reverse_lookup
Add const_reverse_lookup and error_lookup to railgun (redmine 6128)
2011-12-22 14:43:24 -08:00
sinn3r ce6b1d6b8c Improve:
- Use 'Actions' to configure which OWA version to try
- Fix a bug where the USER_AS_PASS option might overwrite PASSWORD (and not restoring it) even though a password is already set.
- Increase timeout to 25
- Update description
2011-12-22 16:26:02 -06:00
Tod Beardsley db90989db4 Merge pull request #76 from kernelsmith/lab_tab_complete
lab_load now tab completes from data/lab (lab plugin), for real tho
2011-12-22 13:21:11 -08:00
Jonathan Cran 5cec44bc43 Merge pull request #77 from rapid7/lab_temp2
squashed lab upload commit
2011-12-22 13:00:26 -08:00
Jonathan Cran e48031cf22 squashed lab upload commit 2011-12-22 14:56:45 -06:00
Tod Beardsley 9b45b9523e Merge branch 'master' of github_r7:rapid7/metasploit-framework 2011-12-22 13:25:02 -06:00
sinn3r b5b24a1fbf Add a check. I decided not to try to login in the check function in order to remain non-malicious.
However, this decision doesn't represent how modules should write their own check.
2011-12-22 13:16:54 -06:00
Tod Beardsley b6d56e8410 Fixes VBS executable creator util
Fixes #6152, using booleans instead of ints.

Tip o' the hat to cloder for the MSDN ref:
http://msdn.microsoft.com/en-us/library/aa265018%28v=vs.60%29.aspx

Tested works on winxp and win7 targets via the persistence meterpreter
script.
2011-12-22 13:13:34 -06:00
sinn3r 262fe75e0a Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129) 2011-12-22 13:04:37 -06:00
Tod Beardsley a03f5e32f8 Merge branch 'master' of github_r7:rapid7/metasploit-framework 2011-12-22 11:11:29 -06:00
Tod Beardsley 2f55f08ebe Actually describe the module in the title/description 2011-12-22 11:10:24 -06:00
David Maloney 5e1efdcd73 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-22 10:49:53 -05:00
David Maloney 30141f3008 Fix typo in the oracle enum aux module
The password grace time query was not checking the right value,
spotted by user bNull in the IRC channel.
2011-12-22 10:47:57 -05:00
HD Moore 5f72a0a092 Add -n <process.exe> argument for compatibility 2011-12-22 01:46:35 -06:00
Joshua Smith ee94e3e697 lab_load now tab completes from data/lab (lab plugin), for real tho 2011-12-22 01:25:43 -05:00
Tod Beardsley 743a0546f1 Don't blow up if the user doesn't set a filename
Can't actually require FILENAME or REMOTE_FILENAME because I don't know
if you're going to upload or download. However, there shouldn't be a
stacktrace when you just try to go with neither.
2011-12-21 16:26:29 -06:00
Tod Beardsley ed4c6ded2c Fixup on checkpoint firewall module
get() should get get_once() (intent is to get 4 bytes,
not timeout after 4 seconds), no need to escape equals
signs in regexes, no need to newline the unexpected
responses.
2011-12-21 11:23:04 -06:00
Tod Beardsley f9471d6009 Adding ref/disclosure date to checkpoint module
Talked with patrick, this all looks correct now.
2011-12-21 11:22:58 -06:00
Tod Beardsley 2db697cd7a Fixup on checkpoint firewall module
get() should get get_once() (intent is to get 4 bytes,
not timeout after 4 seconds), no need to escape equals
signs in regexes, no need to newline the unexpected
responses.
2011-12-21 11:21:46 -06:00
Tod Beardsley c6297458e6 Adding ref/disclosure date to checkpoint module
Talked with patrick, this all looks correct now.
2011-12-21 10:59:02 -06:00