Commit Graph

4634 Commits (3628a3d3c61ff92f6cde4b6da62ce8cb9e831f82)

Author SHA1 Message Date
HD Moore aa09862813 Fixes #401. Ends up Windows NT doesn't like DCERPC requests to be partially written by SMB writes, this patches the min write size to be at least as big as the DCERPC request. The DCERPC::max_frag_size parameter can still be used for more evasion.
[*] Started reverse handler
[*] Detected a Windows NT 4.0 target
[*] Adjusting the SMB/DCERPC parameters for Windows NT
[*] Binding to 4b324fc8-1670-01d3-1278-5a47bf6ee188:3.0@ncacn_np:192.168.0.128[\BROWSER] ...
[*] Bound to 4b324fc8-1670-01d3-1278-5a47bf6ee188:3.0@ncacn_np:192.168.0.128[\BROWSER] ...
[*] Building the stub data...
[*] Calling the vulnerable function...
[*] Sending stage (719360 bytes)
[*] Meterpreter session 1 opened (192.168.0.136:4444 -> 192.168.0.128:1485)

meterpreter > sysinfo
Computer: VMNT4
OS      : Windows NT 4.0 (Build 1381, Service Pack 6).
Arch    : x86
Language: en_US



git-svn-id: file:///home/svn/framework3/trunk@7296 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-28 16:37:18 +00:00
HD Moore bffb98ba9f Add XP SP3 target for WarFTPD.
git-svn-id: file:///home/svn/framework3/trunk@7295 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-28 10:29:41 +00:00
HD Moore 9141d4e967 Condense the lorcon2 each_packet method, the queue isnt necessary after testing
git-svn-id: file:///home/svn/framework3/trunk@7294 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-28 01:41:17 +00:00
HD Moore 31276e1626 Fixes #427. Finally found a solution that works for 1.8 and 1.9, this allows lorcon modules to run in the background or foreground and handle interrupts from the console gracefully. Its still a hack
git-svn-id: file:///home/svn/framework3/trunk@7293 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-28 00:19:17 +00:00
HD Moore 7b22b2cc04 Mostly working codebase, still hanging on some instances, depends on latest svn of lorcon2. See #427
git-svn-id: file:///home/svn/framework3/trunk@7292 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-27 20:13:20 +00:00
HD Moore 5234fe8ff8 Fixes 416. Adds the rm/del commands to meterpreter, fixes build problems triggered by the POSIX code merge
git-svn-id: file:///home/svn/framework3/trunk@7291 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-27 02:31:07 +00:00
HD Moore 276a3f8052 Use _WIN32 instead of __WIN32__ to be consistent
git-svn-id: file:///home/svn/framework3/trunk@7290 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-27 01:13:35 +00:00
HD Moore 6dcffd0373 Catch attempts to migrate to a name vs a pid
git-svn-id: file:///home/svn/framework3/trunk@7289 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-27 00:56:56 +00:00
HD Moore 8d8bc45dfd Adds a shortcut for getting a shell (execute -f cmd -c -i -H) is now just "shell"
git-svn-id: file:///home/svn/framework3/trunk@7288 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-27 00:47:00 +00:00
HD Moore 3b99a513ec Fixes #352 and fixes #350. Can no longer reproduce memory corruption or packet loss with this code
git-svn-id: file:///home/svn/framework3/trunk@7287 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 22:49:43 +00:00
HD Moore b662d044a6 Fixes #412. Still an issue with lorcon not yielding back when there is no traffic, but this is a different bug
git-svn-id: file:///home/svn/framework3/trunk@7286 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 22:36:24 +00:00
HD Moore ddeb80e0da See #412. Fix compile warnings and errors on 1.9, still needs testing
git-svn-id: file:///home/svn/framework3/trunk@7285 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 21:09:40 +00:00
HD Moore e1559b1ab4 Fixes #408. Trims leads spaces, adds trailing space, prevents line wipe when tab completing is done
git-svn-id: file:///home/svn/framework3/trunk@7284 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 20:33:55 +00:00
HD Moore 5eed9deb2d Adds the joomla TinyMCE file upload exploit from spinbad.
git-svn-id: file:///home/svn/framework3/trunk@7283 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 20:00:39 +00:00
HD Moore 5e137e92fd Fixes #381. To scan for TLSv1 only services, set SSLVersion TLS1
git-svn-id: file:///home/svn/framework3/trunk@7282 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 19:48:15 +00:00
HD Moore 478a7ce8ab Fixes #410. Calls the real _close function, not the best solution, but will do until we fix the IO::Stream override.
git-svn-id: file:///home/svn/framework3/trunk@7281 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 19:06:50 +00:00
HD Moore 91dd38550f Fixes #398. Allow globals to override local defaults, but fallthrough to local defaults if no global or local is set
git-svn-id: file:///home/svn/framework3/trunk@7280 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 18:48:06 +00:00
HD Moore bbb85ceb2c Updated userguide and latex file to match copyright and links
git-svn-id: file:///home/svn/framework3/trunk@7279 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 18:04:49 +00:00
HD Moore 32f7d742b3 Fixes #328. Crafty little bug -- if asm was "" vs nil, the stage would try to compile as metasm instead of using the raw payload.
git-svn-id: file:///home/svn/framework3/trunk@7278 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 17:44:43 +00:00
HD Moore e7638ef887 Fixes #397. Webrick requires :BindAddress but msfweb only passed in :Host, likely an api change was missed during a rails upgrade.
git-svn-id: file:///home/svn/framework3/trunk@7277 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 17:33:05 +00:00
James Lee 0a6bb91cb9 keywords
git-svn-id: file:///home/svn/framework3/trunk@7276 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 15:14:28 +00:00
James Lee 127b5f8608 keywords, maybe?
git-svn-id: file:///home/svn/framework3/trunk@7275 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 15:12:05 +00:00
Mario Ceballos 3d3e031690 fixes ticket 419
git-svn-id: file:///home/svn/framework3/trunk@7274 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 11:21:23 +00:00
James Lee 232c218475 raise instead of return
git-svn-id: file:///home/svn/framework3/trunk@7273 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 06:02:14 +00:00
James Lee cf25726236 killav usage
git-svn-id: file:///home/svn/framework3/trunk@7272 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 05:50:02 +00:00
James Lee adece18fd5 keylogrecorder usage; spacing; don't try to migrate into the process we're currently running in
git-svn-id: file:///home/svn/framework3/trunk@7271 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 05:26:08 +00:00
James Lee 6e85ba4393 hostedit usage
git-svn-id: file:///home/svn/framework3/trunk@7270 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 04:56:55 +00:00
James Lee 198bf48735 gettelnet usage and spacing
git-svn-id: file:///home/svn/framework3/trunk@7269 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 04:49:01 +00:00
James Lee bf48e39532 get_local_subnets usage
git-svn-id: file:///home/svn/framework3/trunk@7268 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 04:43:59 +00:00
James Lee 0a074b294f getgui option parsing; usage; spacing
git-svn-id: file:///home/svn/framework3/trunk@7267 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 04:41:51 +00:00
HD Moore 7d7c565a37 Merge in the POSIX stdapi extension, still some work left to finish
git-svn-id: file:///home/svn/framework3/trunk@7266 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 04:34:20 +00:00
James Lee 1aa9d1b662 fix some spacing; better option parsing; don't write a file if we don't have to
git-svn-id: file:///home/svn/framework3/trunk@7265 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 04:33:53 +00:00
HD Moore 6da0013b91 See #378. Additional fix for batch mode
git-svn-id: file:///home/svn/framework3/trunk@7264 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 03:54:44 +00:00
HD Moore 8328bf654b Fixes #358. Adds progress reporting at 10% intervals (min granularity is thread count)
git-svn-id: file:///home/svn/framework3/trunk@7263 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 03:49:07 +00:00
et 7a24a5495e Fix #414 globaly defined datastore values are now rewriten before RHOSTS, RPORT, SSL are set. Support of hostnames instead of ips. Minor version changes
git-svn-id: file:///home/svn/framework3/trunk@7262 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 22:20:59 +00:00
HD Moore 6dfaaef295 Remove the bogus puts()
git-svn-id: file:///home/svn/framework3/trunk@7261 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 21:55:59 +00:00
Mario Ceballos 131adc4c3a fixed cve reference number.
git-svn-id: file:///home/svn/framework3/trunk@7260 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 21:19:27 +00:00
James Lee cadb1c9337 add -h and usage to get_local_subnets
git-svn-id: file:///home/svn/framework3/trunk@7259 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 21:03:42 +00:00
HD Moore b0a38b1cfa Fix bad uses of puts() and add raise Rex::Script::Completed where appropriate. These still need a major overhaul to fix tab indents and other problems
git-svn-id: file:///home/svn/framework3/trunk@7258 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 20:57:23 +00:00
HD Moore f9f690b0e7 Updated prefetch script and creation of Rex::Script::Completed as a clean way to exit meterpreter scripts
git-svn-id: file:///home/svn/framework3/trunk@7257 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 20:50:07 +00:00
HD Moore e94360f7cf The script now downloads this as needed
git-svn-id: file:///home/svn/framework3/trunk@7256 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 20:47:16 +00:00
James Lee e93995fdab add -h to credcollect
git-svn-id: file:///home/svn/framework3/trunk@7255 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 19:52:40 +00:00
James Lee 5fd8dc748a add -h and usage to checkvm
git-svn-id: file:///home/svn/framework3/trunk@7254 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 18:53:43 +00:00
James Lee 134c8d75d7 better option handling, beginnings of universal -h support
git-svn-id: file:///home/svn/framework3/trunk@7253 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 18:36:47 +00:00
James Lee e836e6373a add Id to scripts; remove shebang since they should never run from commandline
git-svn-id: file:///home/svn/framework3/trunk@7252 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 18:04:39 +00:00
James Lee daed2d5d8f spaces --> tabs
git-svn-id: file:///home/svn/framework3/trunk@7251 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 17:56:01 +00:00
James Lee cdc042d49b keywords
git-svn-id: file:///home/svn/framework3/trunk@7250 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 17:45:34 +00:00
James Lee 15f8538e1c spaces --> tabs
git-svn-id: file:///home/svn/framework3/trunk@7249 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 17:44:53 +00:00
HD Moore e3f68f2639 Another large number of warnings fixed by Yoann Guillot
git-svn-id: file:///home/svn/framework3/trunk@7248 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 17:18:23 +00:00
HD Moore 9904861e94 Prevent rails from overloading require, another big speed boost from Yoann, and it looks like we can avoid it
git-svn-id: file:///home/svn/framework3/trunk@7247 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 17:07:48 +00:00