Commit Graph

5510 Commits (461352f24f40023b162a4e264889f756331afe81)

Author SHA1 Message Date
sinn3r 890885d034 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-01 03:42:27 -06:00
sinn3r 98fbf84dac Module should inform where the files are saved 2012-02-01 03:41:19 -06:00
HD Moore 0c2a18d765 Fix up reverse_tcp ipv6 stager for freebsd 2012-02-01 01:41:24 -06:00
HD Moore 29d8feaa24 Use the ADDR6 type, not ADDR 2012-02-01 00:58:08 -06:00
HD Moore aed27a2f82 Add missing trailing quote 2012-02-01 00:54:42 -06:00
HD Moore 45a785fde0 Adds BSD IPv6 payloads and stagers 2012-02-01 00:54:42 -06:00
sinn3r 06f7165ee6 Add Metasploit license header (it's already MSF licensed) 2012-02-01 00:49:45 -06:00
sinn3r f23ebbc7b5 Change how creds are displayed and saved 2012-02-01 00:48:14 -06:00
sinn3r 187f630283 Merge branch 'netrc-creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-netrc-creds 2012-01-31 22:45:47 -06:00
Jonathan Cran c3bd151197 add a ranking 2012-01-31 20:43:32 -06:00
Jonathan Cran 47c7f47f4e Merge branch 'master' of r7.github.com:rapid7/metasploit-framework 2012-01-31 20:38:30 -06:00
Jonathan Cran d9ee43d3dc add disclosure date 2012-01-31 20:38:05 -06:00
Jonathan Cran a814a9dce7 add disclosure date 2012-01-31 20:35:58 -06:00
Oliver-Tobias Ripka 0ba7557865 Fix typo in seattlelab_pass.rb exploit.
Also remove the $ from the end of the regex which stopped
the exploit from being executed.
2012-01-31 21:09:51 +01:00
Steve Tornio e392958d90 add osvdb ref 2012-01-31 07:06:33 -06:00
HD Moore 0b8987f2af Merge results initialization fix 2012-01-31 01:29:44 -06:00
HD Moore ec5fd723ba Merge in additional IPv6 support for PHP payloads 2012-01-31 01:11:55 -06:00
Jon Hart b0df29c3ff Switch to store_loot, since report_auth_info only works with Host
objects or IPs, currently (see
https://dev.metasploit.com/redmine/issues/6313)
2012-01-30 23:08:02 -08:00
sinn3r 25fbe1c7d0 Merge branch 'master' of https://github.com/darkoperator/metasploit-framework 2012-01-30 19:57:29 -06:00
Tod Beardsley 6068580813 Should fix the report_auth_info call -- needs a host, not a session. Be nice if it handled a session, though.
[See #146]
2012-01-30 19:23:05 -06:00
sinn3r bfd4734cbf Forgot to add CMD as a datastore option, here it is 2012-01-30 17:34:58 -06:00
Carlos Perez 24747e18e3 The directory path for the accounts.xml was not set properly for windows systems 2012-01-30 18:19:17 -04:00
sinn3r 08134ad600 Add Exploit-DB reference 2012-01-30 16:17:25 -06:00
sinn3r f3c340a9ab Add vBSEO proc_deutf() Remote Code Execution (Feature #6307) 2012-01-30 16:15:27 -06:00
sinn3r 1dec4c0c45 These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE'] 2012-01-30 13:08:35 -06:00
sinn3r fed0df3552 Merge branch 'osx_x64_exec' of https://github.com/argp/metasploit-framework into argp-osx_x64_exec 2012-01-30 11:01:03 -06:00
sinn3r a0ac4125cd Add aux module CMS400 default pass scanner (feature #6301) 2012-01-30 10:40:59 -06:00
Jon Hart 1b03a48540 Use desired [at] format for email 2012-01-30 08:21:58 -08:00
Jon Hart 16610d8852 Update email address to use desired [at] format 2012-01-30 08:05:08 -08:00
Patroklos Argyroudis 4e1029ae8b Execute (execve) arbitrary command payload for Mac OS X x64 2012-01-30 11:01:57 +02:00
sinn3r 21a05ce1d6 Fix bug: NoMethodError undefined method `report_vm' (#6298) 2012-01-30 00:44:45 -06:00
sinn3r ce7f93f5d9 Merge pull request #138 from claudijd/master
Added Sequence Filters and MSF Exploit Capture to BNAT Scan
2012-01-29 22:07:25 -08:00
Jon Hart 37d467ea79 Loot .netrc files, generic enum_user_directories 2012-01-29 14:03:57 -08:00
Jon Hart 5294fb57a4 Add post module to obtain SMB credentials stored for mount.smbfs 2012-01-29 12:04:26 -08:00
HD Moore dda3453ac7 Correct a typo 2012-01-28 23:33:26 -06:00
HD Moore 774862508e Handle another common error type 2012-01-28 23:31:20 -06:00
Jonathan Claudius 88298cf847 Added Sequence Filters and MSF Exploit Capture
-Sequence Filters (No More False Positives)
-Msf::Exploit::Capture (Use built-in MSF libs over manual threading)
-Immediate Feedback (Don't need to wait until complete to print results)
-Timeout (Includes user configurable timeout)
2012-01-28 22:44:12 -06:00
Jonathan Cran 54ffb01080 This module should use the default list of tomcat users 2012-01-28 18:13:34 -06:00
David Maloney ca7aa21202 Removed schema features from database hashdump modules
now that there are dedicated schemadump modules.
2012-01-28 16:55:39 -06:00
HD Moore 5a095e8ef5 Fixes for PCA modules 2012-01-28 14:35:07 -06:00
HD Moore c63c7393e3 Print status output 2012-01-28 13:52:38 -06:00
HD Moore f3eb78199b Add TCP-based PCA probe 2012-01-28 13:52:38 -06:00
sinn3r fbac9a7239 Forgot to remove this comment 2012-01-28 13:18:15 -06:00
HD Moore 2d7852ddef Merge PCA scans into udp_sweep/udp_probe 2012-01-28 13:05:24 -06:00
David Maloney 4cd38c5555 Adds login scanner module for VMware Server and ESX 2012-01-27 16:23:56 -06:00
sinn3r 7b866eee86 Use the proper function for verbose prints 2012-01-27 12:50:01 -06:00
HD Moore a2d20e25d3 Fix a regression in the workspace inclusion code (only affected
non-DB-connected instances). Add a PCA UDP scanner
2012-01-27 12:36:13 -06:00
sinn3r 64651e52a8 Credit Shane of X-Force for the discovery 2012-01-27 11:18:34 -06:00
David Maloney c5e667a1dc Post Module to enumerate VirtualBox VMs for the current user. 2012-01-27 11:12:59 -06:00
David Maloney 0e0aa33c47 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-27 11:12:35 -06:00
David Maloney 56be45f3a4 A few minor fixes to the find vmx module 2012-01-27 11:12:17 -06:00
HD Moore b4e2228404 Fix exitfunc option name 2012-01-27 09:15:31 -06:00
sinn3r 298b94d397 Add MS12-004 MIDI Heap Overflow Remote Code Execution Exploit (CVE-2012-003) 2012-01-27 03:48:39 -06:00
sinn3r a4c876a424 No need to manually add VERBOSE as an option, it already is (built-in) 2012-01-27 02:17:59 -06:00
sinn3r 3f4dbd9df6 Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework 2012-01-27 01:58:42 -06:00
Stephen Haywood efda420e5f Updates to enum_artifacts 2012-01-26 19:35:39 -05:00
sinn3r 9b78b6bd17 Hmm, the indent level of the description looks a bit funny. Fixing. 2012-01-26 17:24:05 -06:00
David Maloney 494c37c659 Adds a Multi-System post module for finding VMWare Virtual Machines 2012-01-26 16:25:50 -06:00
Tod Beardsley 5afc164c39 Merge branch 'vm-stuff' 2012-01-26 13:04:44 -06:00
Tod Beardsley fe22090a12 Correct e-mail format 2012-01-26 13:04:38 -06:00
Tod Beardsley 33c53b1f3f Updates vm checking 2012-01-26 13:02:39 -06:00
sinn3r 3952a06292 Minor changes 2012-01-26 11:35:43 -06:00
Tod Beardsley 8ce4ad49de Correct e-mail format 2012-01-26 11:24:38 -06:00
sinn3r 67274e2e85 Merge branch 'hp_magentservice' of https://github.com/linuxgeek247/metasploit-framework into linuxgeek247-hp_magentservice 2012-01-26 11:00:36 -06:00
David Maloney d0d964d8ab Adds an error message if the module couldn't conenct to the target.
Fixes #6278
2012-01-26 10:56:07 -06:00
Joshua J. Drake 31fb7e7b28 Fallback to writing a new file if resuming fails 2012-01-25 14:49:30 -06:00
Christopher McBee 1af6740b24 Initial checking of hp_magentservice module 2012-01-25 13:04:30 -05:00
Dave Hull 76ebbc48ec Update modules/post/windows/gather/dumplinks.rb 2012-01-24 23:16:40 -06:00
Marcus J. Carey 49be9996bc Merge remote-tracking branch 'upstream/master' 2012-01-24 20:23:58 -06:00
Marcus J. Carey 35de6a593b Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:14:10 -06:00
Marcus J. Carey 2e2726c3c0 Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:06:49 -06:00
Marcus J. Carey 88b1cd6891 Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:03:33 -06:00
Marcus J. Carey 71648159a8 Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:00:47 -06:00
Marcus J. Carey a20bd78f75 Adding html_frame_payload.rb 2012-01-24 16:56:32 -06:00
Tod Beardsley f6a6963726 Msftidy run over the recent changed+added modules 2012-01-24 15:52:41 -06:00
Jon Hart 7ec5f98480 Adding jhart's natpimp libary and modules.
Made some minor corrections -- dropped the #vim splats, switched to msf
constants for service open etc, namely.

[See #106]
2012-01-24 10:32:30 -06:00
Tod Beardsley 2f3e976173 Actually fix ruby loop syntax on d20pass 2012-01-24 10:08:19 -06:00
sinn3r fc00398330 Yup, that's better 2012-01-23 16:02:35 -06:00
sinn3r 39a2a894ee Fix fh, trailing comma, and ruby loop syntax 2012-01-23 15:15:49 -06:00
sinn3r ea9e9852cf ah man, typo! 2012-01-23 11:59:13 -06:00
sinn3r 621567dcc8 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-23 11:56:50 -06:00
sinn3r afc547e0fb Improve: Proper use of cmd_exec() and correct cmd path. More error handling for exec and rm. Fix bug with path setting, etc. 2012-01-23 11:54:19 -06:00
James Lee 455bcda6e8 Print the port so we know which http service 2012-01-23 10:17:32 -07:00
sinn3r 60d5f6d0bd Merge branch 'download_and_execute' of https://github.com/sempervictus/metasploit-framework into sempervictus-download_and_execute 2012-01-23 10:28:27 -06:00
Patroklos Argyroudis c6eb104132 bug fix for hardcoded max command length 2012-01-23 10:24:22 +02:00
RageLtMan 5671e2f691 Downloand and execute (railgun) 2012-01-22 23:25:49 -05:00
David Maloney 34491970b3 Adds a new VMWare Authentication Daemon login scanner module. 2012-01-22 15:39:53 -06:00
David Maloney bcb19ab0a3 Fixes an issue with smb_login not properly dealing with abritrary guest access
on Samba.
2012-01-22 01:35:36 -06:00
David Maloney 06b1bffcea Addresses an issue with udp sweep module that recorded services
from non-specified hosts when they respond to broadcast probes.
2012-01-20 15:34:15 -06:00
sinn3r be906023dc one register_options() should be fine. 2012-01-20 13:02:54 -06:00
sinn3r d6566aa818 Add CVE-2011-4050 7-Technologies IGSS 9 IGSSdataServer.exe DoS module (Feature #6267) 2012-01-20 12:57:13 -06:00
sinn3r bbb4205683 Set default maxpage to 1, because it's faster. 2012-01-20 11:09:38 -06:00
sinn3r 5631774d92 Fix bug: NoMethodError undefined method `each' for nil:NilClass (line 155) 2012-01-20 10:58:02 -06:00
sinn3r 9e5d2ff60e Improve URI, plus some other minor changes. 2012-01-19 13:26:25 -06:00
sinn3r ca51492079 Merge branch 'master' of https://github.com/joernchen/metasploit-framework into joernchen-master 2012-01-19 13:17:06 -06:00
Joshua J. Drake 292332d355 Add some error handling for tns_version method 2012-01-19 13:03:19 -06:00
joernchen of Phenoelit 2199cd18d7 fine tuning thx to sinn3r 2012-01-19 19:50:30 +01:00
joernchen of Phenoelit df9380500a disclosure date added 2012-01-19 19:19:53 +01:00
Tod Beardsley 8ce47ab832 Changing license for KillBill module
Talked with Solar Eclipse, and he's consented to change his module
license from GPL to BSD, thus striking a blow for freedom. Thanks!
2012-01-19 11:39:56 -06:00
Tod Beardsley a75b373d7a Fixing e-mail format for antispam 2012-01-19 10:58:25 -06:00
Tod Beardsley ed3191bcfe Adding d20pass module 2012-01-19 10:58:16 -06:00
joernchen of Phenoelit 197eb16f72 gitorious remote command exec exploit 2012-01-19 11:36:08 +01:00
HD Moore bb035bfec2 Fix up API option names so they can be set globally 2012-01-18 15:05:39 -06:00
Tod Beardsley ad6f8257e1 MSFTidy fixes. 2012-01-18 15:01:32 -06:00
sinn3r d6e8f0b54d Add Felipe as an author (plus a reference) because looks like the PoC originally came from him. 2012-01-18 13:33:27 -06:00
sinn3r 064a71fb1d Add CVE-2011-3167 HP OpenView NNM exploit (Feature #6245) 2012-01-18 12:05:18 -06:00
scriptjunkie 9fe18cdc86 Add x64 LoadLibraryA payload. Because it should exist. 2012-01-17 21:16:26 -06:00
sinn3r e4ed3c968d Add OSVDB and BID references 2012-01-17 18:16:47 -06:00
sinn3r 75f543f3eb Hilarious, I forgot to change the disclosure date. 2012-01-17 18:11:18 -06:00
sinn3r 7d9ba6f5e9 Fix bug #6256: uninitialized class variable error 2012-01-17 17:58:53 -06:00
sinn3r 2e8122dc88 Better MSF style compliance 2012-01-17 14:54:50 -06:00
sinn3r a682e68073 Add CVE-2011-4786 HP Easy Printer Care XMLCacheMgr exploit (Feature #6246) 2012-01-17 12:28:47 -06:00
sinn3r 4f16caed0f Change naming style for MS type bug 2012-01-17 03:00:07 -06:00
sinn3r 5761035371 This payload shouldn't be in here. Instead of adding a new one, exec.rb should be fixed 2012-01-16 22:41:27 -06:00
sinn3r d5443159d7 Merge pull request #110 from jhartftw/soap_xml_6249
Improvements to auxiiliary/scanner/http/soap_xml to (#6249)
2012-01-16 18:19:33 -08:00
sinn3r 7b8bfd401e Merge branch 'argp-osx_mozilla_mchannel' 2012-01-16 20:02:35 -06:00
sinn3r eb5641820f Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-16 19:56:10 -06:00
sinn3r 618097ba3d Whitespace and keyword cleanup 2012-01-16 19:55:27 -06:00
sinn3r 17ffc06f60 Merge branch 'osx_mozilla_mchannel' of https://github.com/argp/metasploit-framework into argp-osx_mozilla_mchannel 2012-01-16 19:35:29 -06:00
sinn3r d2dbf6007e Merge pull request #111 from jhartftw/arp_poisoning_6250
Bug #6250
2012-01-16 17:34:11 -08:00
sinn3r c15e7da0b8 Add ZDI-12-012 McAfee SaaS ShowReport code execution 2012-01-16 18:44:11 -06:00
Jon Hart fe901b3fb2 Clean up error messages when LOCALSIP isn't defined. Remove
now-duplicated code is_ipv4?, clarify SMAC error messages.
2012-01-16 14:32:15 -08:00
sinn3r 4689421201 Correct variable naming style 2012-01-16 16:03:48 -06:00
Jon Hart 6a057560fa Improvements to auxiiliary/scanner/http/soap_xml to:
* Detect additional SOAP faults to reduce false positives
* More obviously support SSL
* Report http/https
* Make it obvious when a SOAP endpoint falls over mid-scan
* Add a few more nouns/verbs
* Add an optional SLEEP to play nice with old/slow SOAP endpoints

https://dev.metasploit.com/redmine/issues/6249
2012-01-16 12:27:17 -08:00
Tod Beardsley 11fc423339 Merge pull request #102 from cbgabriel/bsplayer-m3u
modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-16 11:24:48 -08:00
sinn3r 14a35da0fd Merge pull request #104 from swtornio/master
add osvdb ref
2012-01-13 13:26:24 -08:00
Tod Beardsley 4ac6c0c3ee A great big pile of fixes to the ssh scanners
Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have been merged in prior to
just now.
2012-01-13 13:49:21 -06:00
Steve Tornio bd31f3f480 add osvdb ref 2012-01-13 13:21:33 -06:00
Tod Beardsley d52df50a77 Drop a spurious print_error line from smtp_version 2012-01-13 11:46:56 -06:00
sinn3r 2eb35728f6 Randomize nops 2012-01-12 18:37:25 -06:00
root ffe81584d1 updated author 2012-01-12 19:02:34 -05:00
sinn3r e42e0004a9 Merge branch 'ms05_054_onload' of https://github.com/SamSharps/metasploit-framework into SamSharps-ms05_054_onload 2012-01-12 17:46:50 -06:00
root a8ef3417b5 Fixed the date 2012-01-12 20:54:55 -06:00
Sam Sharps e75e23b963 Removed more unused variables and fixed some formatting 2012-01-12 18:13:28 -06:00
Sam Sharps f22f54034a Removed unused variables 2012-01-12 18:05:54 -06:00
Sam Sharps 87ee6905df Modified exploit to not need egg hunter shellcode 2012-01-12 18:01:22 -06:00
Stephen Haywood 6ad2eda24c Windows artifacts module 2012-01-12 17:26:35 -06:00
sinn3r 02bd1f3407 Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework 2012-01-12 17:06:14 -06:00
root ad0b745b31 new file: modules/exploits/windows/fileformat/bsplayer_m3u.rb 2012-01-12 16:12:43 -05:00
David Maloney 6234d13f7c Added Schema Dump Module for Postgres 2012-01-12 15:20:46 -05:00
Stephen Haywood cb146f9021 Used msf library for digest, fixed name. 2012-01-12 12:49:50 -05:00
David Maloney a3749f1d80 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-11 12:17:11 -08:00
David Maloney 52be1c3a7a Add schemadump module for MySql 2012-01-11 12:16:22 -08:00
Tod Beardsley 500cfa6dd1 Removing telnet_encrypt_keyid_bruteforce.rb to unstable
can't ship for a few problems, will be fixed up soonish but
about to release a build.
2012-01-11 14:00:42 -06:00
David Maloney 1a03777538 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-11 09:11:48 -08:00
David Maloney 8c594798d7 Fix to the AIX jtr module title. 2012-01-11 09:11:23 -08:00
Tod Beardsley 092b226cce Updating tns_auth_sesskey to use a user-supplied SID
Applying the patch suggested by Lukas, here: http://mail.metasploit.com/pipermail/framework/2012-January/008374.html
2012-01-11 07:31:36 -06:00
David Maloney 13069990eb Added module for dumping schema information from Microsoft SQL Server
and storing it as loot and notes.
2012-01-10 15:32:09 -08:00
Tod Beardsley 7e25f9a6cc Death to unicode
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.

Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
David Maloney ed0dbad243 Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.
Fixes #6066
2012-01-10 12:32:47 -08:00
sinn3r bc9014e912 Add new v3.4 target by Michael Coppola (Feature #6207) 2012-01-09 23:51:11 -06:00
sinn3r b76767669c Update Nenad's author name and e-mail 2012-01-09 20:14:47 -06:00
sinn3r 90eb2b9a75 Add CVE-2011-4862 encrypt_key_id using the brute-force method (Feature #6202) 2012-01-09 19:35:06 -06:00
sinn3r 8eee54d1d0 Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb) 2012-01-09 14:23:37 -06:00
Tod Beardsley eeb3a442de whitespace correctly smtp_version.rb 2012-01-09 14:11:10 -06:00
Tod Beardsley 15990efd85 Removing useless (?) begin/rescue from smtp_version
Let the scanner mixin handle the exceptions.
2012-01-09 14:11:10 -06:00
Tod Beardsley e7d7302644 Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal. 2012-01-09 11:22:44 -06:00
David Maloney e12d5588c6 Set data on webdav scanner notes to include webdav path.
'Enabled' in the data field was useless since the note existing
already tells you webdav is enabled.
The path that webdav was running on wasn't kept anywhere though.
2012-01-09 08:33:45 -08:00
Patroklos Argyroudis 5a20b7d7ac Fixed small typo 2012-01-09 14:19:00 +02:00
Patroklos Argyroudis 9a62b41ab7 Mac OS X x86 payload that executes Calculator.app 2012-01-09 12:12:20 +02:00
Patroklos Argyroudis 5d359785ae Firefox 3.6.16 mChannel exploit for Mac OS X 10.6.8, 10.6.7 and 10.6.6 2012-01-09 12:10:25 +02:00
sinn3r 03a39f7fe8 Whitespace cleanup, also change print_status usage when verbose 2012-01-09 02:21:39 -06:00
sinn3r 2f9d563067 Update reference 2012-01-09 02:14:29 -06:00
Tod Beardsley a1668f2b23 Adds SSHKey gem and some other ssh goodies
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.

Squashed commit of the following:

commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 22:23:32 2012 -0600

    Updates ssh credentials to easily find common keys

    Instead of making the modules do all the work of cross-checking keys,
    this introduces a few new methods to the Cred model to make this more
    universal.

    Also includes the long-overdue workspace() method for credentials.

    So far, nothing actually implements it, but it's nice that it's there
    now.

commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 20:10:40 2012 -0600

    Adding back cross-checking for privkeys.

    Needs to test to see if anything depends on order, but should
    be okay to mark up the privkey proof with this as well.

commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 16:49:56 2012 -0600

    Add SSHKey gem, convert PEM pubkeys to SSH pubkeys

commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 13:51:55 2012 -0600

    Store pubkeys as loot for reuse.

    Yanked cross checking for now, will drop back in before pushing.

commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 02:10:12 2012 -0600

    Fixes up a couple typos in ssh_identify_pubkeys

commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sat Jan 7 17:18:33 2012 -0600

    Updates to ssh_identify_pubkeys and friends

    Switches reporting to cred-based rather than note-based, accurately deal
    with DSA keys, adds disable_agent option to other ssh modules, and
    reports successful ssh_login attempts pubkey fingerprints as well.

    This last thing Leads to some double accounting of creds, so I'm not
    super-thrilled, but it sure makes searching for ssh_pubkey types a lot
    easier.... maybe a better solution is to just have a special method for
    the cred model, though.
2012-01-08 22:28:37 -06:00
sinn3r 243dbe50f0 Correct author name. Unfortunately not all editors can print unicode correctly. 2012-01-07 15:18:25 -06:00
sinn3r 181fe2d925 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-07 15:14:30 -06:00
sinn3r 4e858aba89 Add CVE-2012-0262 Op5 welcome.php Remote Code Execution 2012-01-07 15:13:45 -06:00
sinn3r 4645c1c2b9 Add CVE-2012-0261 Op5 license.php Remote Code Execution 2012-01-07 15:12:49 -06:00
HD Moore b12baccc49 Quick update, added a research option 2012-01-07 01:13:23 -06:00
sinn3r 6d401b48d1 Fix typo 2012-01-07 00:02:51 -06:00
sinn3r b7e29191f5 Add Drupal 'Views' module username enumeration (Feature #6194) 2012-01-06 23:51:32 -06:00
David Maloney 40a1d8bcc8 Fixed issue with a missing nil check in ftp_login 2012-01-06 20:51:58 -08:00
David Maloney 81acfd2126 Adds hashdump and cracking modules for AIX 2012-01-06 20:31:22 -08:00
David Maloney 8e017fd4db Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-06 20:30:25 -08:00
David Maloney bf425a6744 Fixed bug that prevented telnet sessions from opening with good creds 2012-01-06 16:59:08 -08:00
Stephen Haywood 2e60d2e01a Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2012-01-06 17:46:42 -05:00
Stephen Haywood 72072c4ef3 Added enum_artifacts 2012-01-06 17:43:50 -05:00
sinn3r 6ceb2f04a3 Add CVE-2011-2474 Sybase EAServer directory traversal vulnerability 2012-01-06 14:24:49 -06:00
David Maloney 9cf2af6a94 Adds exploit/windows/htt/xampp_webdav_upload_php
This exploit abuses weak default passwords on XAMPP
for windows to uplaod a php payload and execute it.

Fixes #2170
2012-01-06 12:00:14 -08:00
Sam Sharps 06414c2413 changed author to my actual name 2012-01-06 01:03:20 -06:00
HD Moore 7b26e33e19 Initial version 2012-01-06 00:53:50 -06:00
Sam Sharps b26ed37467 Added description, urls, and another author 2012-01-06 00:47:01 -06:00
Sam Sharps 5c05cebaf7 Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790 2012-01-06 00:16:45 -06:00
sam f3a9bc2dad Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790 2012-01-06 00:12:28 -06:00
David Maloney ba86e8a04f Added PROPFIND support to http_login
This allows http_login to test against WebDAV.
Also added XAMPP default usernames and passwords to default wordlists
2012-01-05 12:10:53 -08:00
HD Moore 8315709fb6 Correct typo and set the disclosure date 2012-01-04 19:46:56 -06:00
Tod Beardsley 7b692aa0b9 Adding references to vss modules. 2012-01-04 12:10:03 -06:00
sinn3r 8cced0a91e Add CVE-2011-2462 Adobe Reader U3D exploit 2012-01-04 03:49:49 -06:00
David Maloney 12221b0433 UAC will disrupt these modules
Added checks for UAC.
UAC must be bypassed before using these modules.
2012-01-03 12:07:38 -08:00
Joshua J. Drake 958ffe6e1d Fix stack trace from unknown agents 2012-01-02 03:41:49 -06:00
Steve Tornio 7bfdc9eff4 add osvdb ref 2012-01-01 09:10:10 -06:00
David Maloney dd0b07b2cc Adds mixin and post modules to manipulate Volume shadowcopy Service(VSS) 2011-12-30 15:03:04 -08:00
sinn3r d9db03dba6 Add CoCSoft StreamDown buffer overflow (Feature #6168; no CVE or OSVDB ref) 2011-12-30 10:16:29 -06:00
Tod Beardsley bc22b7de99 MSFConsole should display hostless loot, also typo fix.
Fixes the console to display loot not associated with a host, as when
the CorpWatch modules save loot. Also fixes a typo on
corpwatch_lookup_id.rb

Fixes #6177
2011-12-29 15:11:15 -06:00
sinn3r b202c29153 Correct e-mail format 2011-12-29 11:27:10 -06:00
sinn3r d484e18300 Add e-mail for tecr0c 2011-12-29 11:14:15 -06:00
sinn3r 9972f42953 Add e-mail for mr_me for consistency 2011-12-29 11:01:38 -06:00
sinn3r b5b2c57b9f Correct e-mail format 2011-12-29 10:57:00 -06:00
sinn3r a330a5c63a Add e-mail for Brandon 2011-12-29 10:53:39 -06:00
Steve Tornio 778d396bc6 add osvdb ref 2011-12-29 07:54:15 -06:00
Steve Tornio 6d72dbb609 add osvdb ref 2011-12-29 07:54:01 -06:00
Steve Tornio a00dad32fe Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2011-12-29 07:50:33 -06:00
Steve Tornio 27d1601028 add osvdb ref 2011-12-29 07:49:16 -06:00
Brandon Perry c88b582f97 Add CorpWatch Name lookup module by bperry 2011-12-28 15:43:21 -06:00
Brandon Perry d896f128e5 Add CorpWatch ID Lookup module by bperry 2011-12-28 15:41:28 -06:00
Tod Beardsley 0e3370f1fe Grammar and spelling on splunk and oracle exploits 2011-12-28 13:42:56 -06:00
David Maloney 9e1e87508f Fix to boundary validation for when no db is present
Fixes #6171
2011-12-28 08:47:22 -08:00
HD Moore 5dc647a125 Make it clear that this exploit is for RHEL 3 (White Box 3 uses the same
packages)
2011-12-28 02:02:03 -06:00
HD Moore 5d67bd2a5e Phew. Exhaustive test of all i386 FreeBSD versions complete 2011-12-28 01:38:55 -06:00
HD Moore 1ff0cb2eef More testing - looks like 5.5 is not exploitable, at least not the same
way
2011-12-28 01:30:25 -06:00
HD Moore e071944a1a Allow ff in payloads but double them back up 2011-12-28 00:04:24 -06:00
HD Moore edb9843ef9 Add Linux exploit with one sample target (Whitebox Linux 3) 2011-12-28 00:00:10 -06:00
HD Moore 79103074cb Add credit for Dan's advice 2011-12-27 23:39:02 -06:00
HD Moore f9224d6010 Adds basic coverage for CVE-2011-4862. Ported from Jaime Penalba
Estebanez's code, mostly written by Brandon Perry, exploit method (jmp
edx) by Dan Rosenberg, and general mangling/targets by hdm.
2011-12-27 23:37:30 -06:00
HD Moore 2ad5c56d48 Typo in comment 2011-12-27 19:11:09 -06:00
HD Moore 617f3250cf Handle patched systems accurately (requires actually triggering the bug) 2011-12-27 19:04:34 -06:00
HD Moore f8e3119215 Add references 2011-12-27 17:50:06 -06:00
David Maloney a2760b219d Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-27 11:34:36 -08:00
David Maloney 9b995bc0a5 Adds boundary validation to the framework
enforces boudnary checking on netbios probes
2011-12-27 11:33:52 -08:00
sinn3r 101eba6aa5 Add CVE-2011-3587 Plone/Zope Remote CMD Injection (Feature #6151) 2011-12-27 00:59:26 -06:00
David Maloney 05f3af1e77 Fixed typo in the windows autlogin post module 2011-12-26 11:17:17 -08:00
sinn3r a00937b4d8 Fix typo. 2011-12-24 15:32:08 -06:00
sinn3r 87cf4cefea Fix bug #6164 2011-12-24 15:26:20 -06:00
sinn3r 062f661991 Fix bug #6161 - Must explicitly convert e to e.to_s 2011-12-24 15:11:26 -06:00
sinn3r 8a705c9223 Fix bug #6158 - session.db_record might return nil but wasn't checked 2011-12-24 15:06:43 -06:00
sinn3r dcb66307be Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-24 14:58:40 -06:00
sinn3r 2e2e28afb8 Fix bug #6160 - undefined method '[] for nil:NilClass' due to an invalid path 2011-12-24 14:57:46 -06:00
Tod Beardsley 06077a37f8 Fixes typo, variable name is paths not path. 2011-12-24 14:39:08 -06:00
Steve Tornio 4215ef3ae1 add osvdb ref 2011-12-24 06:54:39 -06:00
sinn3r 3fe076bcd6 Check nil before using .empty? 2011-12-23 17:42:58 -06:00
steponequit 69570dada6 Add CVE-2008-2161 OpenTFTP SP 1.4 Buffer Overflow by steponequit 2011-12-23 16:28:36 -06:00
steponequit 84c6739921 added initial opentftp 1.4 windows exploit 2011-12-23 11:27:11 -06:00
sinn3r 41697440c7 Add Oracle Job Scheduler Command Execution (CreateProcessA) - Feature #6079 2011-12-23 01:22:39 -06:00
sinn3r ce6b1d6b8c Improve:
- Use 'Actions' to configure which OWA version to try
- Fix a bug where the USER_AS_PASS option might overwrite PASSWORD (and not restoring it) even though a password is already set.
- Increase timeout to 25
- Update description
2011-12-22 16:26:02 -06:00
sinn3r b5b24a1fbf Add a check. I decided not to try to login in the check function in order to remain non-malicious.
However, this decision doesn't represent how modules should write their own check.
2011-12-22 13:16:54 -06:00
sinn3r 262fe75e0a Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129) 2011-12-22 13:04:37 -06:00
Tod Beardsley a03f5e32f8 Merge branch 'master' of github_r7:rapid7/metasploit-framework 2011-12-22 11:11:29 -06:00
Tod Beardsley 2f55f08ebe Actually describe the module in the title/description 2011-12-22 11:10:24 -06:00
David Maloney 5e1efdcd73 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-22 10:49:53 -05:00
David Maloney 30141f3008 Fix typo in the oracle enum aux module
The password grace time query was not checking the right value,
spotted by user bNull in the IRC channel.
2011-12-22 10:47:57 -05:00
Tod Beardsley 743a0546f1 Don't blow up if the user doesn't set a filename
Can't actually require FILENAME or REMOTE_FILENAME because I don't know
if you're going to upload or download. However, there shouldn't be a
stacktrace when you just try to go with neither.
2011-12-21 16:26:29 -06:00
Tod Beardsley 2db697cd7a Fixup on checkpoint firewall module
get() should get get_once() (intent is to get 4 bytes,
not timeout after 4 seconds), no need to escape equals
signs in regexes, no need to newline the unexpected
responses.
2011-12-21 11:21:46 -06:00
Tod Beardsley c6297458e6 Adding ref/disclosure date to checkpoint module
Talked with patrick, this all looks correct now.
2011-12-21 10:59:02 -06:00
Tod Beardsley 1128c3ec6b Checkpoint error msg should use res.inspect
Otherwise your terminal will go all wonky.
2011-12-20 15:46:31 -06:00
Tod Beardsley a58ddcae1b Adds reporting to Patrick's Checkpoint module
Also refers to port 264/TCP as the SecuRemote service instead of the
Topology service (I believe this is correct)

Reporting is initially conservative -- if we don't get something for
fw_hostname, then don't bother reporting at all; assume we're
mis-identifying the target.
2011-12-20 15:44:05 -06:00
sinn3r baaa1f6c82 Add US-Cert references to all these SCADA modules. The refers are based on this list:
http://www.scadahacker.com/resources/msf-scada.html
2011-12-20 14:07:29 -06:00
sinn3r d439390aa2 Fix typo 2011-12-20 12:19:34 -06:00
sinn3r c2d59f0307 Fix issue #6133 2011-12-20 11:32:33 -06:00
Tod Beardsley c83c3d5128 TFTP forgot to commit my rename.
Fixes #5291 for real.
2011-12-20 10:45:29 -06:00
Tod Beardsley 1a396ba955 Merge pull request #70 from rapid7/tftp_client
Tftp client
2011-12-20 08:42:42 -08:00
Tod Beardsley 11a27a1e61 Renaming TFTP transfer util.
See #5291. Just renaming the file.
2011-12-20 10:06:44 -06:00
Tod Beardsley 24d53efa7c Final touches on TFTP client
See #5291. Adds an option to mess with the block size in case someone
wants to write a fuzzer or exploit that leverages that. Adds a cleanup
method to the module (pretty much required, it turns out). Looking
nearly final, just need to rename the module and I think we're good to
push to master.
2011-12-20 10:03:04 -06:00
sinn3r 0200b6367a Add OKI Scanner (Feature #6125) 2011-12-20 03:09:09 -06:00
Tod Beardsley 677cb4b152 Handle empty data sends sanely for TFTP.
Don't just hang forever -- let the user know they just send empty data.
TFTP servers don't like this of course.
2011-12-19 21:56:03 -06:00
Tod Beardsley 2b3e3725ac TFTP adding comment docs, ability to send w/out a file.
Commenting the tricksy parts a little better for general usage.

Adding the ability to set FILEDATA instead of FILENAME, in case
only short bits of data are desired and the user doesn't want
to go to the trouble of creating a source file to upload.
2011-12-19 18:15:19 -06:00
Tod Beardsley 431ef826c9 TFTP client now uses constants, preserves trailing spaces/nulls in data
See #5291, just rediscovered the bug on this.
2011-12-19 16:33:25 -06:00
Tod Beardsley 5eaf2e7535 Adding download and loot functionality.
Still need to deal with the use case of not passing a block; blocks
should not be required, it should be okay to invoke and just wait for
the complete attribute to be true. You'll miss out on error messages but
eh, maybe those should be return values.
2011-12-19 15:50:50 -06:00
Tod Beardsley aecde6fea4 Updating TFTP client. Now with grown-up thread handling.
No longer blocks on successful connections.
2011-12-19 12:14:40 -06:00
Tod Beardsley 902d7f5ea7 Adding more to TFTP. Still need a read tho
Adds error checking and some helpful messaging in the event of an error.
In the event of a failed transfer the module exits immediately, but in
success, I'm still hanging around for several seconds after. Not a deal
breaker but can be annoying.

Also, need to implement a read as well as a write and store it as loot,
to be actually useful for most TFTP checking.
2011-12-18 21:05:27 -06:00
Tod Beardsley 23aadd04f7 Fixing merge conflict cruft
Dangit teach me to merge quickly. TFTP module now loads again.
2011-12-18 13:28:52 -06:00
sinn3r b58097a2a7 Remove junk() because it's never used 2011-12-17 01:28:07 -06:00
Tod Beardsley 1201d7fbf2 Merge branch 'tftp_client' of github_r7:rapid7/metasploit-framework into tftp_client
Conflicts:
	modules/auxiliary/admin/tftp/tftp_upload_file.rb
2011-12-16 22:41:22 -06:00
Tod Beardsley 0b8914021c Switch to vprint_status, also add skeletal cleanup def. 2011-12-16 21:06:10 -06:00
Tod Beardsley 50fa10679b First draft of a TFTP client.
Could use some actual error checking and also needs to expose
more options.
2011-12-16 18:41:55 -06:00
Tod Beardsley a6867ef128 First draft of a TFTP client.
Could use some actual error checking and also needs to expose
more options.
2011-12-16 18:39:09 -06:00
sinn3r fae80f8d49 typo 2011-12-16 11:10:46 -06:00
Patrick Webster 205637892b Added checkpoint_hostname aux module. 2011-12-16 10:54:34 -06:00
sinn3r e0c4afbf9e Merge pull request #60 from darkoperator/master
Typo in the file opening option
2011-12-16 08:44:22 -08:00
sinn3r 208b93ce74 Merge pull request #58 from swtornio/master
add osvdb refs
2011-12-16 08:44:02 -08:00
Carlos Perez 3c08836f51 Typo on the file opening mode 2011-12-16 01:13:06 -04:00
sinn3r bb2ea62de8 Add CVE-2008-0926: Novell eDirectory eMBox Unauthenticated Access (Feature #2729) 2011-12-15 23:09:26 -06:00
sinn3r e991094bd2 Fix host info for report_auth_info(). Change print_status vs print_line order 2011-12-15 13:05:03 -06:00
sinn3r 2648e533a2 nil bug fix 2011-12-15 12:58:21 -06:00
sinn3r 829d96ffbe Add Windows Gather RazorSQL cred collector (Feature #6117) 2011-12-15 11:15:44 -06:00
Steve Tornio 1712f2aa22 add osvdb ref 2011-12-14 07:23:11 -06:00
Steve Tornio 85caabbf5d add osvdb ref 2011-12-14 07:19:34 -06:00
HD Moore 8dc85f1cc5 Fix up some nascent typos 2011-12-14 00:30:31 -06:00
HD Moore 866e2b6bf3 Additional IPv6 payload support 2011-12-14 00:27:38 -06:00
HD Moore 86b3409d47 Actually return 2011-12-13 20:01:13 -06:00
HD Moore cb456337a0 Handle invalid http responses better, see #6113 2011-12-13 19:54:10 -06:00
sinn3r fea4bfb85c Repair dead milw0rm link to exploit-db 2011-12-13 16:13:53 -06:00
sinn3r c1a4c4e584 Repair dead milw0rm link to exploit-db 2011-12-13 16:13:34 -06:00
sinn3r acef9de711 Repair dead milw0rm link to exploit-db 2011-12-13 16:13:15 -06:00
sinn3r e7ab48693c Repair dead milw0rm link to exploit-db 2011-12-13 16:12:57 -06:00
sinn3r 94b736c76c Repair dead milw0rm link to exploit-db 2011-12-13 16:12:38 -06:00
sinn3r 97b74101fb Repair dead milw0rm link to exploit-db 2011-12-13 16:12:11 -06:00
sinn3r 7b2a1dc791 Repair dead milw0rm link to exploit-db 2011-12-13 16:11:33 -06:00
sinn3r a5189917da Add CVE-2005-4832: Oracle Database Server DBMS_CDC_SUBSCRIBE SUBSCRIPTION_NAME SQL Injection (Feature #6094) 2011-12-13 15:44:39 -06:00
sinn3r d246bfa4da Credit Luigi Auriemma for the original discovery/poc, not Celil 2011-12-13 15:20:26 -06:00
sinn3r d87d8d5799 Add CVE-2011-4453 (PmWiki Remote code exeuction - Feature #6103) 2011-12-13 11:45:24 -06:00
HD Moore a9e4474eda Add missing require, fix load error on invalid constant 2011-12-12 23:24:03 -06:00
sinn3r cd0679ab5d Increase timeout for cmd_exec() 2011-12-12 21:15:28 -06:00
sinn3r 6e8fdf1ce1 Apply patch #6081 2011-12-12 19:51:02 -06:00
Tod Beardsley a8fad72fce Merge branch 'msftidy_fixup'
Merging a local msftidy cleanup branch, adding a new optional msftidy
test to check for 1.8 compat and cleaning up some whitespace /
file.open()'s.
2011-12-12 17:55:21 -06:00
Tod Beardsley f402b8598b Whitespace and File.open binary mode cleanups.
Fixes some recent modules: dns_fuzzer, shodan_search,
avidphoneticindexer, and win_privs.
2011-12-12 17:31:28 -06:00
sinn3r 32c8301c19 Add feature #6082 (Traq 2.3 Auth bypass remote code execution) 2011-12-12 15:45:19 -06:00
sinn3r bacdbb90d7 ugh, stack overflow != stack buffer overflow. Also, metadata format fix. 2011-12-12 15:23:32 -06:00
sinn3r 5af5137241 Add CoDeSys SCADA bof module (#6083) 2011-12-12 15:21:15 -06:00
sinn3r 5ba5bbf077 Apply feature #6074 2011-12-12 12:03:34 -06:00
sinn3r 4e95eb5d34 Update description (Feature #6080) 2011-12-12 11:33:17 -06:00
Tod Beardsley b4f58ef8fd Trailing commas kill 1.8. dangit.
Fixed dns_fuzzer to knock that off.
2011-12-12 10:26:53 -06:00
HD Moore 4736cb1cbe Merge pull request #48 from swtornio/master
add osvdb ref
2011-12-11 20:37:43 -08:00
HD Moore 17cc89ebad Add IPv6 specific HTTP(S) handlers and payloads (simplifies
options/usage)
2011-12-11 13:26:48 -06:00
HD Moore 2d3064c1ec Default the scope ID to 0, explicitly 2011-12-10 13:46:16 -06:00
HD Moore 1ae12e3a23 Remove the default target, since module doesn't fingerprint the service
pack, this can only end in tears.
2011-12-10 13:31:05 -06:00
HD Moore a9db05e53b Fix regular expression 2011-12-10 13:24:58 -06:00
HD Moore cd4d7d3c47 Handle IPv6 properly (host header parsing) 2011-12-10 13:24:58 -06:00
Steve Tornio 25685c4c74 add osvdb ref 2011-12-10 08:07:21 -06:00
Steve Tornio b521602d82 add osvdb ref 2011-12-10 07:49:50 -06:00
Tod Beardsley 8ccb68c9df Adding an add_socket() to dhcp and rftp as lauched with a survice
when succesful.

Closing the related pull reuquest for this one.
2011-12-10 03:39:25 -06:00
Tod Beardsley e52436e7ad Drop the incorrect Id keyword from h323_version 2011-12-09 14:29:55 -06:00
sinn3r e043fb52c2 Incrase timeout 2011-12-08 11:21:03 -06:00
sinn3r d6d9ac17d2 use store_loot() instead of store_local() 2011-12-08 11:10:31 -06:00
sinn3r c366e652b9 Revert "Using store_local() to store stuff for dir traversal bugs feels much better than store_loot()"
This reverts commit d37daa4934.
2011-12-08 10:11:09 -06:00
sinn3r d37daa4934 Using store_local() to store stuff for dir traversal bugs feels much better than store_loot() 2011-12-07 19:08:24 -06:00
sinn3r aa5c0c46b6 Fix indent level 2011-12-07 18:44:49 -06:00
sinn3r feab7f5077 Add CVE-2011-4350 2011-12-07 18:42:52 -06:00
sinn3r b7ccbcd6b5 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-07 12:23:23 -06:00
sinn3r 84682b3615 Apply patch #6072 2011-12-07 12:22:58 -06:00
HD Moore b8767d5f57 Fix typo on 1.8.7 2011-12-07 10:45:23 -06:00
sinn3r 5afba20c21 Merge pull request #43 from jduck/master
Clear up how to use native payloads for tomcat_mgr_deploy
2011-12-06 23:01:53 -08:00
sinn3r 1694e22e74 Merge pull request #42 from chao-mu/master
Fix for issue #6012;  post/windows/manage/enable_rdp broken
2011-12-06 23:01:20 -08:00
sinn3r 0e2101e4c1 Correct author name 2011-12-07 00:24:16 -06:00
sinn3r fd1935b3de show is_admin 2011-12-07 00:23:06 -06:00
sinn3r edec6b98ee Add feature #6067 Family Connections CMS 2.7.1 exploit 2011-12-07 00:00:56 -06:00
David Maloney 8fdfd9f97b Additional verbosity on WLAN error message
to explain that the modules will error if the
Wireless Zero Configuration Service is turned off.
2011-12-06 20:42:11 -05:00
David Maloney 459eafd96d Fix to WLAN mdoules for when wLAN not installed on target
The modules did not close out properly when WLAN was determined not to be
installed on the host. This fix corrects that.

fixes #6070
2011-12-06 20:22:47 -05:00
sinn3r 92c1065508 Add CVE-2004-1626 (Ability FTP Server). OSCP l337-fu :-) 2011-12-06 18:52:42 -06:00
Tod Beardsley f1950c2fe1 Adding back bitstruct (current upstream) and dns_fuzzer module
Fixes #3289.

This commit adds back the bit-struct library because in the end,
it is useful for some modules, especially pello's. It's small
and it has a nice license, so why not. After all, it /is/
useful for quicky application headers. Eventually, should
be replaced by StructFu, but that requires some doc work
on my part to get that transition in place.

This also adds pello's DNS fuzzer module which makes use of
BitStruct to create sometimes malformed-on-purpose DNS headers.

Tested against 3 different DNS servers, caused one to reboot,
so I'd say it works.
2011-12-06 17:03:36 -06:00
sinn3r 0bbbcd549d Add port information, and allow search in data 2011-12-05 22:22:36 -06:00
Tod Beardsley 84af4647db Merge branch 'issue_1083_oracle' 2011-12-05 17:39:46 -06:00
Christopher McBee 100d8803f6 Adding armle bind shellcode based on existing reverse shellcode 2011-12-05 18:16:02 -05:00
Tod Beardsley 4da2c32734 Minor update to xdb_side_brute, see #1083
Adds a typo fix and adds an explicit VERBOSE option.
2011-12-05 15:11:09 -06:00
HD Moore dbd00efefe Merge branch '4.3-schema' 2011-12-05 15:04:35 -06:00
sinn3r 37516134f0 FILTER shouldn't be case-sensitive 2011-12-05 13:19:04 -06:00
HD Moore 97087d88fa Mark portscan modules as v6 incompatible 2011-12-05 13:07:36 -06:00
HD Moore cf28713f9a Mark specific modules as incompatible due to use of quad-dot code 2011-12-05 13:07:36 -06:00
sinn3r fd2eb200fb Add Shodan Search Module (Feature #5451) 2011-12-05 12:50:21 -06:00
Joshua J. Drake ac7edc268a Add some more clear documentation for selecting payloads for this module. 2011-12-05 00:35:11 -06:00
sinn3r e524215b55 WTH, the date format is wrong 2011-12-04 15:23:31 -06:00
sinn3r 679ef457d8 Correct spelling, thx bannedit 2011-12-04 14:59:54 -06:00
sinn3r f26447e021 Correct my own weird grammar 2011-12-04 14:50:53 -06:00
sinn3r e07868d613 Catch possible exception if WTSGetActiveConsoleSessionId isn't available on the target machine 2011-12-04 14:48:45 -06:00
chao-mu e52ebd602f Encorporating patch submitted by Boris Lukashev to fix issue 6012 (Post module enable rdp broken and fixed (here)). Fix was to have the module include Msf::Post::Windows::WindowsServices, make service_change_startup available 2011-12-04 15:26:43 -05:00
sinn3r 3cd2caca1a Fix #6052 2011-12-04 13:49:13 -06:00
sinn3r 89ed25978d Add feature #6048 2011-12-04 13:44:21 -06:00
Steve Tornio f63a616739 add osvdb ref 2011-12-04 07:48:48 -06:00
sinn3r 950b4a54a0 Fix bug #6050 2011-12-03 22:00:48 -06:00
sinn3r 2720572a37 Add IPSwitch Whatsup Gold TFTP directory traversal module 2011-12-03 18:46:34 -06:00
HD Moore 27974c4c27 Merge branch 'master' of github.com:rapid7/metasploit-framework into fastlib
Conflicts:
	modules/auxiliary/scanner/http/axis_login.rb
	modules/exploits/multi/http/axis2_deployer.rb
	modules/post/multi/gather/thunderbird_creds.rb
	modules/post/windows/gather/credentials/imvu.rb
	msfopcode
2011-12-03 14:07:09 -06:00
Steve Tornio b75799d18d =add osvdb ref 2011-12-02 16:50:42 -06:00
Steve Tornio 83f12c6fe0 =add osvdb ref 2011-12-02 16:46:01 -06:00
sinn3r c8634390b7 Add CCMPlayer m3u exploit (Feature #6029) 2011-12-02 16:27:59 -06:00
sinn3r 30e3607ec0 The SUCCESS message may not be constant across foreign language verions according to jduck, chaning back to the old way 2011-12-02 15:11:27 -06:00
sinn3r f4b755c319 Add License comment (author already put 'MSF_LICENSE' in there). Also drop rank, because it doesn't cover so many targets 2011-12-02 15:00:39 -06:00
sinn3r cd2bb027bf Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-02 14:54:53 -06:00
sinn3r 895a509bd3 Add Avid Media Composer 5.5 (Feature #6035) 2011-12-02 14:53:26 -06:00
Steve Tornio 2bb97791f7 Update OSVDF refs for servu module.
* Added osvdb ref to servu module.
* Fixed rhino entry in osvdb, removed comment from module.

Squashed commit of the following:

commit 80ce65253f51e07a0bcb8900402a1b3d59eaeaa1
Author: Steve Tornio <swtornio@gmail.com>
Date:   Fri Dec 2 07:44:28 2011 -0600

    add osvdb ref

commit 558f20d84dd705b57b7f807a5ea3815e17b6f9f5
Author: Steve Tornio <swtornio@gmail.com>
Date:   Wed Nov 30 08:15:20 2011 -0600

    fixed in osvdb

[Closes #39]
2011-12-02 13:21:41 -05:00
HD Moore dbe7e6aecf Remove a leftover debugging statement 2011-12-02 00:06:04 -06:00
sinn3r 2d320b1828 Fix bug: table being saved while empty 2011-12-01 22:47:42 -06:00
sinn3r 608a5586b2 Actually, don't really have a good reason for that exception handling anymore. I think. 2011-12-01 22:47:42 -06:00
sinn3r 0eb3b5a49b Fix undefined method 'cmd_exec' bug. Thx Boris. 2011-12-01 22:47:42 -06:00
sinn3r 19fae182da Add Thunderbird credential collector (Feature #6014) 2011-12-01 22:47:42 -06:00
James Lee a91926716d don't dup the last part of the key, fixes #6036 2011-12-01 15:24:58 -07:00
HD Moore 9f99cfc757 Convert the h323 module to MSF_LICENSE (backport from Pro) 2011-12-01 16:01:01 -06:00
HD Moore 3e5e9a910e Add h323 scanner 2011-12-01 16:01:01 -06:00
sinn3r d0db88d35d Make key_base an instance var so other functions can access it. Bug #6036 2011-12-01 14:41:44 -06:00
David Maloney 57f12cb2d8 Merge branch 'servu_sploit' 2011-12-01 11:21:32 -08:00
sinn3r 93a419c76b Having nothing on the webpage may probably confuse some novice users. But I do like stealth. 2011-12-01 03:02:35 -06:00
sinn3r 8399ce6e41 Fix bug #6031 2011-11-30 15:22:52 -06:00
David Maloney 40ab37fa10 Merge branch 'iss5979' 2011-11-30 12:16:33 -08:00
David Maloney 2858cae296 Some quick corrections to tidy things up 2011-11-29 19:57:08 -08:00
David Maloney be88f483a3 More Accurate Vulnerability Check 2011-11-29 18:38:00 -08:00
David Maloney 0dda948265 New Exploit for the Serv-U FTP Buffer overflow
from CVE 2004-2111
2011-11-29 17:34:01 -08:00
sinn3r f26f6da74b Add CVE-2011-3544 (feature #6023) Java Rhino exploit 2011-11-29 18:05:20 -06:00
Rob Fuller e439aba779 switched %USERPROFILE% to %APPDATA% to make the code a bit more universal 2011-11-29 20:08:44 +00:00
sinn3r 897731f3a5 Check creds (feature #6025). Also bringing the 'Inbox' regex back 2011-11-29 11:01:39 -06:00
sinn3r 6f5d64f6de Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-29 03:31:15 -06:00
sinn3r 34a933d499 Feature #5610 2011-11-29 03:30:49 -06:00
Tod Beardsley f503bd9488 Fixes #5749 by converting to unix-style linefeeds and forcing jtr modules to read files as binary, and updating msftidy to allow for r+b as a ghetto append. 2011-11-28 17:52:34 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
sinn3r 3a84c31326 Using a better regex for a successful login. Thanks Borys. 2011-11-28 14:29:42 -06:00
sinn3r bc541c118d Apply patch #6020 2011-11-28 14:16:24 -06:00
sinn3r 5165865560 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-28 14:07:19 -06:00
sinn3r 59ab0c3a18 Fix bug #6021, Thanks Borys 2011-11-28 14:06:56 -06:00
Tod Beardsley 44a47f9913 Fixing up OWA bruteforce module to conform with the usual print_status
messages.
2011-11-28 13:31:54 -06:00
sinn3r a578db7f56 Apply fix for #6019 2011-11-28 01:12:18 -06:00
sinn3r ebfe269698 Apply patch for #5824 2011-11-26 16:52:12 -06:00
sinn3r 5e08c93ac9 Apply patch #5580 2011-11-26 15:32:43 -06:00
sinn3r b7950a752e Add feature #4929 (MS09-053) 2011-11-26 13:30:35 -06:00
sinn3r 82a5da866a Fix bug: table being saved while empty 2011-11-25 00:54:17 -06:00
sinn3r ec3c37d963 Actually, don't really have a good reason for that exception handling anymore. I think. 2011-11-25 00:41:28 -06:00
sinn3r 3e7c821119 Fix undefined method 'cmd_exec' bug. Thx Boris. 2011-11-25 00:34:33 -06:00
sinn3r 7571466014 Add Thunderbird credential collector (Feature #6014) 2011-11-24 19:39:34 -06:00
David Maloney 900232fb60 HTTP login scanners need to set duplicate_ok to true
or different web applications on the same server
may wipe eachother's creds out.
2011-11-23 23:05:51 -06:00
David Maloney 53b3e96af4 Added a check to the Axis login scanner to ensure
that the supplied url is valid.
Need this because we don't currently have a way to fingerprint
for Axis2 so we are relying on Tomcat fingerpinting.
2011-11-23 23:05:51 -06:00
sinn3r 3954030963 Apply patch #6004 2011-11-23 23:05:51 -06:00
David Maloney d1c44160dd Fix to the axis2 Deployer exploit to add Default Target 2011-11-23 23:05:51 -06:00
David Maloney d3887d20e5 Consolidation of the Axis2 Deployer Exploits
Fixes #5276
2011-11-23 23:05:51 -06:00
David Maloney c61d02686a HTTP login scanners need to set duplicate_ok to true
or different web applications on the same server
may wipe eachother's creds out.
2011-11-22 13:04:10 -08:00
David Maloney 9d7f7b1f0e Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-22 11:53:14 -08:00
David Maloney 9e40fac8b1 Added a check to the Axis login scanner to ensure
that the supplied url is valid.
Need this because we don't currently have a way to fingerprint
for Axis2 so we are relying on Tomcat fingerpinting.
2011-11-22 11:52:06 -08:00
sinn3r 8b729b59f8 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-22 13:08:08 -06:00
sinn3r 25f4b45bd1 Apply patch #6004 2011-11-22 13:07:46 -06:00
David Maloney 4a22df4014 Fix to the axis2 Deployer exploit to add Default Target 2011-11-22 10:27:38 -08:00
David Maloney 30d1451159 Consolidation of the Axis2 Deployer Exploits
Fixes #5276
2011-11-22 08:47:53 -08:00
David Maloney 4ef7c373e9 Fix to typo in the tables being pushed. 2011-11-22 00:06:58 -06:00
David Maloney f81567fb6f Fix to typo in the tables being pushed. 2011-11-21 15:49:57 -08:00
sinn3r e11ca43c37 Add feature #5680 2011-11-21 12:39:45 -06:00
sinn3r 76846aa578 Add MS10-038 (CVE-2010-0822) exploit 2011-11-21 11:36:47 -06:00
sinn3r 28a079f308 Add credit to the appropriate researcher 2011-11-20 02:32:45 -06:00
sinn3r 95d639ccf7 Change target index and names. Also retested on XP all the way to Win 7, IE 6 to IE8. 2011-11-20 01:44:52 -06:00
sinn3r 980cd4c888 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-19 20:41:29 -06:00
sinn3r 9c2fab0921 Add CVE-2010-0356 (Viscom Movie Player Pro) by tecr0c 2011-11-19 20:40:04 -06:00
James Lee 67120d4263 msftidy on aux modules, see #5749 2011-11-20 13:12:07 +11:00
James Lee f35b6c5269 msftidy on post modules for spaces at EOL 2011-11-20 12:53:25 +11:00
sinn3r a4cadf0d53 remove the extra comment that's not used 2011-11-19 12:48:39 -06:00
sinn3r 30f13984ea Add wireshark console.lua exploit (CVE-2011-3360) 2011-11-18 21:24:48 -06:00
David Maloney ff22246119 Attempt to fix #5979 2011-11-18 12:53:35 -08:00
Tod Beardsley eca1253439 updating sudo 2011-11-18 10:17:43 -06:00
Tod Beardsley 356e0e6fb5 Moving sudo from linux to multi, because it is. 2011-11-18 10:16:57 -06:00
Tod Beardsley fa77909c67 whitespace fix 2011-11-18 08:51:07 -06:00
Tod Beardsley 55367fad4f Merge pull request #25 from rapid7/post_module_sudo
Post module sudo
2011-11-18 06:30:40 -08:00
David Maloney 11c1f0983f Fixes #5993 2011-11-17 18:05:36 -08:00
David Maloney 77cba9de7c Merge branch 'cbdfix'
Conflicts:
	modules/post/windows/gather/credentials/imvu.rb
	modules/post/windows/gather/forensics/duqu_check.rb
	modules/post/windows/recon/computer_browser_discovery.rb
2011-11-17 14:55:20 -08:00
Tod Beardsley d8b77564ef Tidying up, fixing csh echo behavior 2011-11-17 16:29:02 -06:00
David Maloney 3bfe7e9b98 fix to comptuer browser discovery to output properly and sotre as loot
added additional option to save detected hosts in the db.
2011-11-17 14:17:28 -08:00
Tod Beardsley 9878517f80 Cleanup and light refactoring, deal with slowpoke linux telnet cmd_exec() 2011-11-17 13:19:13 -06:00
Tod Beardsley 84fb5b441a Cleaning up some names and descs 2011-11-17 07:47:26 -06:00
David Maloney 4c90b68b4f Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-16 19:10:53 -08:00
David Maloney eae171b216 Addresses issue #5984 2011-11-16 19:07:56 -08:00
Tod Beardsley 93a133d5de Always try both export and setenv. Fixups to allow for correct reading from echoy nix shells. Fixes is_root? to not treat an empty string as 0 2011-11-16 16:48:19 -06:00
sinn3r fea42dbdee Add feature #5872 2011-11-16 12:26:54 -06:00
Tod Beardsley 725431dbdb Simpler method for setenv vs export. Tested on csh, ksh, zsh, sh, bash 2011-11-15 19:31:15 -06:00
Tod Beardsley d969006268 Adding zsh 2011-11-15 19:10:25 -06:00
Tod Beardsley 5cdab2ef41 Less repetitive error messages 2011-11-15 18:17:25 -06:00
Tod Beardsley 26659d8b17 Adding a sudo post module for easier automation 2011-11-15 17:38:45 -06:00
David Maloney d8347a1245 Fixes to post modules that store creds as loot.
All post modules that store creds as loot now store in
a CSV format with User and then Password always as the
first two columns.
2011-11-15 14:13:51 -08:00
David Maloney f6b0ffd630 Cleanup of the stack traces in the pidgin and filezilla client cred modules 2011-11-15 12:19:15 -08:00
David Maloney 8d47883af0 Moving the wlan directory up a level. It makes more sense in it's own area
instead of under gather.
2011-11-15 08:29:13 -08:00
David Maloney c8142043e9 Fixes to credential handling to downcase usernames whenever they are not case sensitive.
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
2011-11-14 22:50:52 -08:00
Tod Beardsley 96d2209ca2 Minor fixups for trace report_note patch 2011-11-14 10:40:11 -06:00
andurin 5d5c9464cc Do some report_note while TRACE detection 2011-11-14 12:10:53 +01:00
sinn3r 2536cf0308 Add feature #5779 2011-11-14 01:49:26 -06:00
andurin 5856112797 Quickfix: missing require in post/windows/escalate/getsystem.rb
Resolves:
[-] WARNING! The following modules could not be loaded!
[-]     contrib/metasploit-framework/modules/post/windows/escalate/getsystem.rb: NameError uninitialized constant Msf::Post::Windows
2011-11-13 14:25:31 +01:00
Andurin 71599f5ef9 Fix sqlmap aux to work with actual sqlmap.py
Commit relates to IssueID #5807
2011-11-13 09:18:33 +01:00
HD Moore 4f177acf88 Merge pull request #9 from swtornio/master
Add osvdb ref
2011-11-12 11:35:24 -08:00
sinn3r e4ebb890d8 Apply patch for bug #5963 2011-11-12 13:17:26 -06:00
sinn3r 41d746a07a Add Support Incident Tracker (Feature #5964) by Juan 2011-11-12 12:36:21 -06:00
Steve Tornio a0c9297500 add osvdb ref 2011-11-12 06:01:41 -06:00
sinn3r 170c4f5451 Fix author email format 2011-11-12 01:53:25 -06:00
sinn3r b8b8732d85 Correct disclosure date 2011-11-12 01:12:28 -06:00
sinn3r ed5bae6441 oops, I don't need that extra comment 2011-11-12 01:04:00 -06:00
sinn3r 84c5268ab4 Add Aviosoft DTV exploit 2011-11-12 01:02:40 -06:00
HD Moore 2ec21858c6 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-11 16:20:27 -06:00
HD Moore 65fc693c66 Add a getsystem post module for automation 2011-11-11 16:19:49 -06:00
sinn3r 62fdbd549c no need to register VERBOSE, because it's already a standard option in all modules. Thanks egyp7 for the reminder. 2011-11-11 15:37:47 -06:00
sinn3r 2d940e2c91 Apply patch #5952 2011-11-11 14:58:17 -06:00
Tod Beardsley 2f6c9d6d08 Removing a hated semi-colon, noting that the rescue does nothing 2011-11-11 13:59:14 -06:00
sinn3r e1cea699a7 yo, format police is in town for some law and order around here 2011-11-11 11:39:13 -06:00
sinn3r 35f84f5e42 yo, ruby 1.8 fix 2011-11-11 11:38:28 -06:00
sinn3r fdef66f2bf yo, ruby 1.8 fix 2011-11-11 11:38:08 -06:00
sinn3r 6f050d624f Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-11 11:24:55 -06:00
sinn3r e972234629 yo, owa bruteforce utility in the house (Feature #4725) 2011-11-11 11:23:35 -06:00
Tod Beardsley 184eee0e64 Merge branch 'duqu' 2011-11-11 10:22:12 -06:00
Tod Beardsley e03b6d27d2 Adding a colon to Request keyword mostly just to test local changes 2011-11-11 10:20:52 -06:00
Marcus J. Carey ef1a86e839 adding email address 2011-11-11 09:44:18 -06:00
David Maloney 6ae8bbb6ce Fixes #5832 2011-11-10 21:57:24 -08:00
Marcus J. Carey 5a75a67830 cleaning up tabs and rename variables for clarity 2011-11-10 23:26:19 -06:00
David Maloney c30d98093f Merge branch 'iss5426' 2011-11-10 20:39:48 -08:00
David Maloney c984ea41d1 Quick fix to cred sourcing to eliminate spaces in the source type 2011-11-10 20:39:13 -08:00
HD Moore 17150b7e0b Merge pull request #5 from aushack/master
Added BID ref for amlibweb module.
2011-11-10 18:22:00 -08:00
HD Moore 43fa2c3d1b Add a gitignore and delete the broken file_autopwn code. Fixes #4964 2011-11-10 20:11:53 -06:00
Patrick Webster f54b622ad3 Added BID ref for amlibweb module. 2011-11-11 12:04:40 +11:00
sinn3r 7191542503 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-10 18:09:55 -06:00
sinn3r 457b7cb6d1 sinn3r: *knock, knock* Whitespace: who's there? sinn3r:Me, I kill you 2011-11-10 18:08:28 -06:00
wchen-r7 0675def3d4 Whitespace, I kill you. 2011-11-10 18:00:50 -06:00
Marcus J. Carey e140361ffd change keys to array instead of comma delimited string 2011-11-10 16:11:11 -06:00
wchen-r7 3a328e1a1c Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-10 16:09:35 -06:00
wchen-r7 b761c6a9cc Add feature #5933 2011-11-10 16:09:03 -06:00
HD Moore d75e4aead3 Cosmetic changes 2011-11-10 15:45:02 -06:00
Marcus J. Carey 7348a71c24 adding duqu_check.rb 2011-11-10 15:20:48 -06:00
Steve Tornio 0c36915dae add osvdb ref 2011-11-10 13:24:26 -06:00
wchen-r7 453082678f Add CVE-2010-1871 (Feature #5922) 2011-11-10 10:21:17 -06:00
wchen-r7 a9ebfbd604 Add feature #5912 2011-11-10 03:13:57 -06:00
wchen-r7 3ff1449995 Do report_note() 2011-11-10 02:16:25 -06:00
wchen-r7 c569ec4a33 Don't really need a revision # in source 2011-11-09 22:10:52 -06:00
Wei Chen 32bb3af298 Add feature #5946 2011-11-09 21:49:34 -06:00
Matt Buck 16f45fc894 Add empty directories from svn repo. 2011-11-09 18:41:40 -06:00
Wei Chen 9ff5eabb4b Fix #4915
git-svn-id: file:///home/svn/framework3/trunk@14201 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 08:51:47 +00:00
David Maloney a88f954640 More Cred Sourcing
git-svn-id: file:///home/svn/framework3/trunk@14197 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 01:49:57 +00:00
Matt Weeks fdf13e5e0e Fixes #5927
git-svn-id: file:///home/svn/framework3/trunk@14196 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 21:45:17 +00:00
David Maloney aa4f6c1cae More cred sourcing fixes
git-svn-id: file:///home/svn/framework3/trunk@14193 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 18:45:47 +00:00
David Maloney cdbe7bc587 Multiple fixes to cred reporting on this module
git-svn-id: file:///home/svn/framework3/trunk@14192 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 17:25:39 +00:00
Wei Chen 16fc275853 whitespace cleanup
git-svn-id: file:///home/svn/framework3/trunk@14191 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 16:09:31 +00:00
Carlos Perez 3ac11b7d44 Whitespace clean up
git-svn-id: file:///home/svn/framework3/trunk@14190 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 15:48:04 +00:00
Carlos Perez 4490bb4683 handle better certain options that may use = sign
git-svn-id: file:///home/svn/framework3/trunk@14189 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 15:14:00 +00:00
Wei Chen c4fa5b4674 Fix #5937. Vista is currently taken down because it's not stable enough.
git-svn-id: file:///home/svn/framework3/trunk@14188 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 09:35:18 +00:00
David Maloney 2d80d1e144 Fixes Cred Sourcing in report_auth_info() for post modules.
git-svn-id: file:///home/svn/framework3/trunk@14187 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 03:34:49 +00:00
Carlos Perez 28c2408fdd handle better certain options that may use = sign
git-svn-id: file:///home/svn/framework3/trunk@14186 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 03:22:54 +00:00