ffc41bf265
removed unneeded dependency
2012-03-14 18:26:53 -03:00
c38aaede03
duplicate of enum_users_history.rb
2012-03-14 16:07:49 -05:00
5c74b7741b
locates installed 3rd part av, fws, etc
2012-03-14 13:30:16 -04:00
d1efb40d2d
Fix bad path for Windows (bug #6523 ) - Thanks Francesco
2012-03-14 12:27:40 -05:00
3b880359fe
Change module name to better describe the purpose of it. Also some cosmetic corrections.
2012-03-14 11:44:03 -05:00
704f8e391d
Remove the line that's commented out
2012-03-14 11:37:43 -05:00
60b3ee7b16
Added user specific tasks to enum_users, removed bash_hist from enum_sys, added disk space info to enum_system
2012-03-14 09:06:51 -04:00
50f8b6088b
Fix cosmetic problems
2012-03-14 05:20:19 -05:00
4872e80385
Cleanup whitespace and author format
2012-03-14 05:18:00 -05:00
9d7e22876c
Merge branch 'my-branch' of https://github.com/ohdae/metasploit-framework
2012-03-14 05:14:33 -05:00
ecb1fda682
Add OSVDB-79651: NetDecision 4.5 HTTP Server Buffer Overflow
2012-03-14 05:13:22 -05:00
fbd076e749
removed old/ folder
2012-03-13 22:49:01 -04:00
b86fa5c85b
Combined network tasks into enum_network.rb, Combined user/system tasks into enum_system.rb
2012-03-13 22:24:49 -04:00
0fe26780b9
Merge branch 'my-branch' of github.com:ohdae/metasploit-framework into my-branch
2012-03-13 22:20:59 -04:00
96fb9fd458
Combined network tasks into one module, Combined system/user tasks into one module
2012-03-13 22:18:24 -04:00
f79bda2dc7
Update modules/post/linux/gather/enum_linux.rb
2012-03-13 21:15:47 -03:00
3260bc6b65
Update modules/post/linux/gather/enum_linux.rb
2012-03-13 21:14:49 -03:00
bd5950ea52
added active connections, iwconfig, if-up/down, open ports
2012-03-13 20:09:41 -04:00
4b7e380581
Linux post ssh enum, Linux post network info
2012-03-13 17:27:21 -04:00
81248f35c4
Changing H.323 constant for H323_STATUS_FACILITY
...
However, it's not actually being used in the module anywhere, so this
change appears cosmetic more than anything right now. However, I'm
inclined to believe Ricky's suggestions when it comes to H.323.
Corroborated by this 2003 post to the Ethereal mailing list:
http://www.ethereal.com/lists/ethereal-users/200311/msg00001.html
[See #6521 ]
2012-03-13 12:26:03 -05:00
b0ba10f79c
Added afp_login module.
2012-03-13 10:01:42 +02:00
5b13b7d1d9
Extracted common AFP functionality to mixin
2012-03-13 09:56:03 +02:00
1cf25e58d5
merge description change
2012-03-12 17:22:01 -05:00
7d95132eab
Use a cleaner way to calculate JRE ROP's NEG value
2012-03-11 17:27:47 -05:00
6c19466de8
Change output style
2012-03-11 13:59:18 -05:00
25a1552fbd
Dynamic VirtualProtect dwSize. Change output style.
2012-03-11 13:49:46 -05:00
b0e7c048c9
This module fits the GoodRanking description
2012-03-10 00:50:41 -06:00
1d5bad469c
Add Windows 7 SP1 target
2012-03-10 00:11:25 -06:00
1ae779157d
Disable Nops so we don't get an ugly crash after getting a shell
2012-03-08 18:56:58 -06:00
1e4d4a5ba0
Removing EncoderType from flash module
...
Also not very useful
2012-03-08 16:57:41 -06:00
302a42a495
Fixing up print statements
...
Dropping the ROP prints since they're not all that useful.
2012-03-08 16:56:44 -06:00
1396fc19bd
Fixup bad merge on flash mp4
2012-03-08 16:52:53 -06:00
cb04e47304
Attempt #2 : there's no cli in get_payload
2012-03-08 16:47:49 -06:00
3563fe1b36
The encoder "issue" was just a misconfig on my side. Also there's no cli in get_payload.
2012-03-08 16:41:32 -06:00
fee2e1eff9
Minor spray size change
2012-03-08 16:19:51 -06:00
12395c719f
Remove debugging code
2012-03-08 16:16:42 -06:00
87274987c1
Remove the now obsolete text about SWF_PLAYER
2012-03-08 16:16:13 -06:00
181fdb7365
A small title change
2012-03-08 16:10:16 -06:00
1271368b6f
Redirect to a trailing slash to make sure relative resources load
...
properly
2012-03-08 15:37:06 -06:00
b0db18674c
Test out new player code
2012-03-08 15:05:12 -06:00
eb847a3dfb
Add a nicer prefix to the target selection message
2012-03-08 13:46:14 -06:00
5b566b43b4
Catching an update from @hdmoore-r7
...
wrt the nuclear option.
2012-03-08 12:08:39 -06:00
edb3f19c12
A little more padding for Win Vista target
2012-03-08 12:04:04 -06:00
18962e1180
Checking in the new Flash exploit to the release
...
Using the checkout master directly:
git checkout master external/source/exploits/CVE-2012-0754/Exploit.as
git checkout master
modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
2012-03-08 11:55:01 -06:00
86fc45810b
Remove the resource during cleanup
2012-03-07 23:04:53 -06:00
b4e0daf3ca
Small tweaks to the adobe mp4 exploit
2012-03-07 22:53:47 -06:00
8d93e3ad44
Actually use the password we were given...
2012-03-08 10:17:39 -07:00
9ece7b08fc
Add vendor's advisory as a reference
2012-03-08 00:46:34 -06:00
5f92bff697
Make sure no encoder will break the exploit again
2012-03-08 00:44:57 -06:00
2e94b97c82
Fix description
2012-03-07 23:59:51 -06:00
57376a976d
Fixes descriptions on new modules.
...
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:18:47 -06:00
d9788db7bb
Merge pull request #222 from jduck/master
...
Fixes #6483
2012-03-07 18:11:48 -08:00
0550b77522
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-07 20:04:04 -06:00
3b4ed13aee
Fix typo
2012-03-07 20:03:46 -06:00
33460b6bf4
Fixups on the Adobe Flash exploit description
...
Massaged the lines about the phishing campagin use in the wild.
2012-03-07 19:37:49 -06:00
c76f43c066
Add CVE-2012-0754: Adobe Flash Player MP4 cprt overflow
2012-03-07 19:24:00 -06:00
f97dc8dee7
Fix spelling of the IBM product iSeries
...
Was I-Series.
2012-03-07 15:24:15 -06:00
7dfba9c00d
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-07 14:51:39 -06:00
0ee7788028
Add a check to detect the vulnerable version of Sysax SSH
2012-03-07 14:51:21 -06:00
ab01a19f92
Fixes #6483 : Correct the include for the handler (was copypasta)
2012-03-07 11:23:44 -06:00
ba2bf194fd
Fixes descriptions on new modules.
...
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:17:22 -06:00
02ea38516f
Add a check method for tomcat_mgr_deploy
2012-03-06 23:22:44 -07:00
2b9acb61ad
Clean up some incosistent verbosity
...
Modules should use `vprint_*` instead of `print... if
datastore["VERBOSE"]` or similar constructs
2012-03-06 12:01:20 -07:00
003fa3e22c
Apply patch for #6495
2012-03-06 11:43:28 -06:00
22a12a6dfc
Add Lotus CMS exploit (OSVDB-75095)
2012-03-06 11:36:28 -06:00
99177e9d5e
Small commit to fix bad reference and old comment
2012-03-06 01:44:26 -06:00
461a59e28d
modified description and lowered the number of required requests
2012-03-06 00:48:54 -05:00
0f17bbdfdd
squid pivot scanning module
2012-03-06 00:30:30 -05:00
70162fde73
A few more author typos
2012-03-05 13:28:46 -07:00
82c23e95d3
Module author typo
2012-03-05 13:28:46 -07:00
3a33434867
Fix a couple of typos that throw off module authors
2012-03-05 13:28:46 -07:00
afd1af6377
Merge branch 'apf-info' of https://github.com/gregory-m/metasploit-framework into gregory-m-apf-info
2012-03-05 11:18:23 -06:00
1005de0523
Port should not contain a non-numeric value or even empty when assigned to :port
2012-03-05 11:10:16 -06:00
6726f07dbc
afp_server_info fixes and improvements
...
1.9 compatibility, timeouts, reporting
2012-03-05 14:57:59 +02:00
d9f0453ee9
Added auxiliary/scanner/afp/afp_server_info module
2012-03-02 21:58:40 +02:00
7447052b38
Convert WMAP constant name to the new format.
2012-03-02 10:18:32 -06:00
302853f5a4
Unpolluting SVN Revision keyword
...
Sometimes Revision keywords get expanded, too. Fix those.
2012-03-02 10:18:32 -06:00
3626d48db2
Un-polluting SVN Id keyword
...
Sometimes the SVN Id keyword sneaks back into the github repo already
expanded.
2012-03-02 10:18:32 -06:00
36a3341acd
Fix body cero.
2012-03-02 10:18:32 -06:00
6fba0698e5
Adding another detection method for blind sqli
2012-03-02 10:18:32 -06:00
02f6e3fcb2
Improving report on blind sqli module
2012-03-02 10:18:32 -06:00
126a6133cd
Improving blind sql inj. detection
2012-03-02 10:18:32 -06:00
b608aeeeb7
Migrating modules to use report_web_vulns and minor fixes
2012-03-02 10:18:32 -06:00
1a09a49f69
Starting getting rid of report_note to use report_web_vuln on all http aux modules
2012-03-02 10:18:32 -06:00
2ce7dc9331
One more module.
2012-03-02 10:18:32 -06:00
9c6fec3c33
First step on module cleaning.
2012-03-02 10:18:32 -06:00
eaecdb487c
Fix sname in report_ calls to check the use of ssl and report http or
...
https
2012-03-02 10:18:31 -06:00
6d80aa0a44
Renaming duh.
2012-03-02 10:18:31 -06:00
3cb65e24a1
Fix blind sqli module description and bug with http_method
2012-03-02 10:18:31 -06:00
6938b91d07
Execute tests agains a specific path and bug fix in blind sqli module
2012-03-02 10:18:31 -06:00
a2e5a4d9d5
New wmap version 1.5. Plugin and mixin changes. Modules edited to adjust to naming convention
2012-03-02 10:18:31 -06:00
8f30e5548c
Fix bug: "TypeError can't convert nil into String" when fd.read can be nil
2012-03-02 02:18:07 -06:00
67f788768d
Fix tabs
2012-03-01 22:31:08 -06:00
fd2d9ae0ea
Add MP4 file generating function. Update the description regarding exploit usage.
2012-03-01 22:24:35 -06:00
b1b2ec2c7d
Merge branch 'CVE-2008-5036_vlc_realtext' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-5036_vlc_realtext
2012-03-01 21:13:33 -06:00
8bad0033d3
Update description
2012-03-01 19:16:29 -06:00
0bc26c1665
Add CVE-2009-4656: DJ Studio .pls buffer overflow
2012-03-01 19:09:25 -06:00
d06848ba56
Default to token impersonation before migrating to a different process
2012-03-01 18:31:33 -06:00
687c50d0cd
Indent level fix
2012-03-01 16:14:29 -06:00
f1a6d8f535
Added exploit module for CVE-2008-5036
2012-03-01 23:06:40 +01:00
5a5e5eab95
Add msvcrt ROP target for IE8
2012-03-01 15:23:41 -06:00
1bc99646e7
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-01 15:14:05 -06:00
2d802750e3
fix osvdb ref
2012-03-01 08:07:11 -06:00
256fee3626
add osvdb ref
2012-03-01 08:06:53 -06:00
a32bcc44f2
Merge branch 'post-apple-ios-backup-osx-fix' of https://github.com/gregory-m/metasploit-framework
2012-03-01 00:43:17 -06:00
e9df9d6c2c
Increase default depth
2012-02-29 16:24:18 -06:00
4369f73c7a
Msftidy fixes on new modules
...
Dropped a cryptic year reference from jducks' java module, found a
spurious space in thelightcosine's telnet module.
2012-02-29 10:42:43 -06:00
74cdb5dabc
It's a two-space tab, not one space. OMG.
2012-02-29 10:13:29 -06:00
eaf41769ed
Fixed gather/apple_ios_backup to work with OSX
...
Also moved it to post/multi/gather
2012-02-29 10:31:26 +02:00
278f394552
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-29 01:37:36 -06:00
6321ff7cb4
Change output message
2012-02-29 01:36:38 -06:00
bc8480715f
Add references to metadata. Do report_auth_info() when a credential is found. Plus other minor changes.
2012-02-29 01:32:21 -06:00
4c39cfd98a
Small tweak to the format of the type
2012-02-28 23:52:48 -06:00
4b1e67f94f
Add ROP target for Win2k3 SP1 and SP2
2012-03-04 17:18:34 -06:00
8f93a5abbb
add osvdb ref
2012-03-03 12:28:30 -06:00
fa916d863d
Add Sysax SSH buffer overflow exploit
2012-03-03 10:11:51 -06:00
6c0f8636ec
Merge pull request #217 from rapid7/reverse-http-randomness
...
Reverse http randomness
2012-03-02 16:36:26 -08:00
b70b41091b
Tested fairly well - this randomizes the URLs and removes the user-agent string from the request
2012-03-02 17:44:23 -06:00
9258cda144
Change :info and file name so it's easier to identify it's a Firefox profile
2012-03-02 16:45:42 -06:00
96e03d2556
Merge pull request #44 from linuxgeek247/armle-bind-shell
...
Adding armle bind shellcode based on existing reverse shellcode
2012-03-02 14:25:43 -08:00
f3e0b46e5c
Post mods should use session_host when reporting
...
target_host probably never worked anyway
2012-02-28 18:40:17 -07:00
624e19fd8b
Merge session-host-rework branch back to master
...
Squashed commit of the following:
commit 2f4e8df33c5b4baa8d6fd67b400778a3f93482aa
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:31:03 2012 -0700
Clean up some rdoc comments
This adds categories for the various interfaces that meterpreter and
shell sessions implement so they are grouped logically in the docs.
commit 9d31bc1b35845f7279148412f49bda56a39c9d9d
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 13:00:25 2012 -0700
Combine the docs into one output dir
There's really no need to separate the API sections into their own
directory. Combining them makes it much easier to read.
commit eadd7fc136a9e7e4d9652d55dfb86e6f318332e0
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:27:22 2012 -0700
Keep the order of iface attributes the same accross rubies
1.8 doesn't maintain insertion order for Hash keys like 1.9 does so we
end up with ~random order for the display with the previous technique.
Switch to an Array instead of a Hash so it's always the same.
commit 6f66dd40f39959711f9bacbda99717253a375d21
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:23:35 2012 -0700
Fix a few more compiler warnings
commit f39cb536a80c5000a5b9ca1fec5902300ae4b440
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:17:39 2012 -0700
Fix a type-safety warning
commit 1e52785f38146515409da3724f858b9603d19454
Author: James Lee <egypt@metasploit.com>
Date: Mon Feb 27 15:21:36 2012 -0700
LHOST should be OptAddress, not OptAddressRange
commit acef978aa4233c7bd0b00ef63646eb4da5457f67
Author: James Lee <egypt@metasploit.com>
Date: Sun Feb 26 17:45:59 2012 -0700
Fix a couple of warnings and a typo
commit 29d87f88790aa1b3e5db6df650ecfb3fb93c675b
Author: HD Moore <hdm@digitaloffense.net>
Date: Mon Feb 27 11:54:29 2012 -0600
Fix ctype vs content_type typo
commit 83b5400356c47dd1973e6be3aa343084dfd09c73
Author: Gregory Man <man.gregory@gmail.com>
Date: Sun Feb 26 15:38:33 2012 +0200
Fixed scripts/meterpreter/enum_firefox to work with firefox > 3.6.x
commit 49c2c80b347820d02348d694cc71f1b3028b4365
Author: Steve Tornio <swtornio@gmail.com>
Date: Sun Feb 26 07:13:13 2012 -0600
add osvdb ref
commit e18e1fe97b89c3a2b8c22bc6c18726853d2c2bee
Author: Matt Andreko <mandreko@gmail.com>
Date: Sat Feb 25 18:02:56 2012 -0500
Added aspx target to msfvenom. This in turn added it to msfencode as well.
Ref: https://github.com/rapid7/metasploit-framework/pull/188
Tested on winxp with IIS in .net 1.1 and 2.0 modes
commit e6aa5072112d79bbf8a4d2289cf8d301db3932f5
Author: Joshua J. Drake <github.jdrake@qoop.org>
Date: Sat Feb 25 13:00:48 2012 -0600
Fixes #6308 : Fall back to 127.0.0.1 when SocketError is raised from the resolver
commit b3371e8bfeea4d84f9d0cba100352b57d7e9e78b
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 17:07:42 2012 -0700
Simplify logic for whether an inner iface has the same address
commit 5417419f35a40d1c08ca11ca40744722692d3b0d
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:58:16 2012 -0700
Whitespace
commit 9036875c2918439ae23e11ee7b958e30ccc29545
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:53:45 2012 -0700
Set session info before worrying about address
get_interfaces can take a while on Linux, grab uid and hostname earlier
so we can give the user an idea of what they popped as soon as possible.
commit f34b51c6291031ab25b5bfb1ac6307a516ab0ee9
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:48:42 2012 -0700
Clean up rdoc
commit e61a0663454400ec66f59a80d18b0baff4cb8cd9
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:54:45 2012 -0600
Ensure the architecture is only the first word (not the full WOW64
message in some cases)
commit 4c701610976a92298c1182eecc9291a1b301e43b
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:49:17 2012 -0600
More paranoia code, just in case RHOST is set to whitespace
commit c5ff89fe3dc9061e0fa9f761e6530f6571989d28
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:47:01 2012 -0600
A few more small bug fixes to handle cases with an empty string target
host resulting in a bad address
commit 462d0188a1298f29ac83b10349aec6737efc5b19
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 03:55:10 2012 -0600
Fix up the logic (reversed by accident)
commit 2b2b0adaec2448423dbd3ec54d90a5721965e2df
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 23:29:52 2012 -0600
Automatically parse system information and populate the db, identify and
report NAT when detected, show the real session_host in the sessions -l
listing
commit 547a4ab4c62dc3248f847dd5d305ad3b74157348
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:16:03 2012 -0600
Fix typo introduced
commit 27a7b7961e61894bdecd55310a8f45d0917c5a5c
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:11:38 2012 -0600
More session.session_host tweaks
commit e447302a1a9915795e89b5e29c89ff2ab9b6209b
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:08:20 2012 -0600
Additional tunnel_peer changes
commit 93369fcffaf8c6b00d992526b4083acfce036bb3
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:06:21 2012 -0600
Additional changes to session.session_host
commit c3552f66d158685909e2c8b51dfead7c240c4f40
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:00:19 2012 -0600
Merge changes into the new branch
2012-02-28 18:29:39 -07:00
af4551d8dc
Merge branch 'auxiliary-scanner-mongodb' of https://github.com/gregory-m/metasploit-framework into gregory-m-auxiliary-scanner-mongodb
2012-02-28 19:07:21 -06:00
986807e525
Add CVE-2012-0201 IBM Personal Communications .ws buffer overflow
2012-02-28 19:01:54 -06:00
5560087006
Add OSVDB 79438 Asus Net4Switch ActiveX Buffer Overflow
2012-02-28 18:58:28 -06:00
e69c8ca422
LHOST should be OptAddress, not OptAddressRange
2012-02-28 08:16:06 -07:00
bf07a6a027
Added auxiliary/scanner/mongodb/mongodb_login module
...
MongoDB login utility + brute force attack
2012-02-28 16:06:30 +02:00
2f201cdf78
Merge pull request #198 from jduck/master
...
Fixes #6308
2012-02-26 11:52:47 -08:00
3ff5c91c24
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-26 09:53:04 -06:00
ef4cdb516d
add osvdb ref
2012-02-26 07:13:13 -06:00
139136e033
Fix a handful of typos in the regex/parsing code
2012-02-26 02:10:06 -06:00
65ed4bfa8b
Fixes #6308 : Fall back to 127.0.0.1 when SocketError is raised from the resolver
2012-02-25 13:00:48 -06:00
91a7a44f02
Merge branch 'gather-firefox_creds-osx-fix' of https://github.com/gregory-m/metasploit-framework into gregory-m-gather-firefox_creds-osx-fix
2012-02-24 16:03:42 -06:00
7281a0ebdd
Add CVE-2011-0923: HP Data Protector CMD_EXEC module (submitted by wireghoul)
2012-02-24 12:06:47 -06:00
8a158c3a00
Added OSX support to post/multi/gather/firefox_creds
...
Tested on OSX 10.7.3 and FF 9.0.1
2012-02-24 16:44:42 +02:00
bc2e12f7b5
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-23 17:34:10 -06:00
339fb8d266
eh, I mean Win2k3 SP0 to SP1
2012-02-23 17:33:49 -06:00
cb9cc1a69e
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-23 17:22:55 -06:00
a6b10862bd
Adds a lantronix telnet discovery module
2012-02-23 17:22:32 -06:00
9ddca81ab5
Fix test that always evals to false
...
Meterpreter does not respond_to? extension names, they're magic.
2012-02-23 14:52:48 -07:00
e262d7a7ff
Add CVE-2012-0500 Sun Java Web Start exploit
2012-02-23 13:30:45 -06:00
08fb03276f
add osvdb ref
2012-02-23 07:39:31 -06:00
144fa0dc0e
Comment what \x0b\x04 is for
2012-02-22 22:59:43 -06:00
92c801d936
Merge branch 'ssh-creds-fix' of https://github.com/gregory-m/metasploit-framework into gregory-m-ssh-creds-fix
2012-02-22 19:49:26 -06:00
291e083d65
Add CVE-2011-5001: TrendMicro Control Manager 5.5 CmdProcessor Stack Bof
2012-02-22 19:44:47 -06:00
4ee1f989a6
Merge branch 'CVE-2008-1602_orbit_download_failed_bof' of https://github.com/juanvazquez/metasploit-framework
2012-02-22 19:40:56 -06:00
8d212849dc
Fix typos that result in stack traces when matching the response codes
2012-02-22 16:04:24 -06:00
ace28a8388
1.9 compatibility fix
...
Strings in ruby 1.9 doesn't have #each method
2012-02-22 18:01:17 +02:00
66fa56cc49
Fixed post/multi/gather/ssh_creds to work with shell session
2012-02-22 15:16:11 +02:00
3fecda95be
Fix 1.8 compatibility issue
2012-02-22 02:05:44 -06:00
5e6c40edfd
Remove unnecessary space restrictions.
...
This allows using the full range of PHP payloads
2012-02-21 23:21:07 -07:00
464cf7f65f
Normalize service names
...
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes #6437 ]
2012-02-21 22:59:20 -07:00
7ca573a1b4
Give these two old modules a chance to work by setting a proper arch
...
These must have been broken for quite some time. =/ They should
probably both be ARCH_PHP but I'm reluctant to make that big of a change
without having the target software to test.
2012-02-21 22:59:20 -07:00
4932a9ca25
Dont dump an HTML document to the console
2012-02-21 23:45:25 -06:00
d3fad51f3a
Fix my screwup in winscp for servicename
2012-02-21 20:31:52 -06:00
dcf3f3579d
Fix to the awful sname in this module
2012-02-21 20:28:27 -06:00
02d6089893
Fix a stack trace when an unexpected response from the server
...
Caused by a typo
2012-02-21 18:57:27 -07:00
acb4446e45
Fix #6407 by treating redirects as successful authentication
2012-02-21 16:02:21 -06:00
d6310829ea
Added module for CVE-2008-1602
2012-02-21 22:36:57 +01:00
4a631e463c
Module title normalization
...
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/
The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
bce1c08623
Update modules/auxiliary/server/capture/http_javascript_keylogger.rb
2012-02-21 04:46:56 -06:00
7c1d48d6aa
Merge in MJC's javascript keylogger
2012-02-21 04:25:15 -06:00
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
ab92e38628
Small cosmetic change to module descriptions
2012-02-20 19:29:51 -06:00
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
bb55b4e54f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-20 14:22:23 -06:00
f09ce04b00
Show where store_loot() saves the info
2012-02-20 14:22:05 -06:00
89e0842b1e
Add vim_soap to the mixins list.
...
Fixes an issue where a different module load order would result in one
of the vmware modules failing to load be cause vim_soap hadn't been
required yet. Thanks d0rm0us3 for having a weird system and spotting
stuff like this.
2012-02-20 13:17:45 -07:00
cda9166180
This module should show where store_loot() saves the results
2012-02-20 14:15:55 -06:00
779e3cdcda
Correct more post modules for naming style consistency
2012-02-20 13:49:23 -06:00
fd283dd95b
Correct naming style
2012-02-20 12:38:43 -06:00
3180d75168
Correct naming style
2012-02-20 12:38:31 -06:00
22e40d9da4
Change naming style for consistency
2012-02-20 12:35:53 -06:00
300558e009
Correct post module naming style
2012-02-20 12:34:35 -06:00
a8d56afda6
Use store_loot() to save data to local disk
2012-02-20 01:30:11 -06:00
fccb338e29
Merge branch 'master' of github-r7:rapid7/metasploit-framework
2012-02-19 23:01:14 -06:00
e0a75c1b2c
Merge branch 'release/4.2-stable'
...
Conflicts:
lib/msf/core/model/host.rb
2012-02-19 22:57:22 -06:00
ea698864bd
Add aux module to disclose IIS internal IP (Feature #6405 )
2012-02-19 22:44:30 -06:00
95fa97cbd7
This module should be using store_loot() to save downloaded data
2012-02-19 20:48:00 -06:00
6037a2fc7a
Correct type and name for store_loot
2012-02-19 20:20:44 -06:00
f92ddb2475
Revert "Cleanup to the module output for vmware_http_login.rb"
...
This reverts commit 08d91aebdb
2012-02-19 18:55:49 -06:00
a25475fac0
Revert "Add a new vmauthd_version scanner (also pulls in the SSL cert if"
...
This reverts commit c4ea27d32b
2012-02-19 18:53:03 -06:00
d761265b93
Revert "Cosmetic cleanup to the module output for vmauthd_login"
...
This reverts commit 87e7bf4934
2012-02-19 18:52:39 -06:00
648686002b
Cosmetic cleanup of the vmware_http_login module
2012-02-19 18:51:16 -06:00
2521bd7b59
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:34:35 -06:00
00d2497a42
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:32:36 -06:00
c4ea27d32b
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:28:06 -06:00
87e7bf4934
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:16:54 -06:00
08d91aebdb
Cleanup to the module output for vmware_http_login.rb
2012-02-19 18:16:05 -06:00
825ea01f79
Correct report_web_vuln
2012-02-19 16:37:42 -06:00
199e9c518b
Add Generic HTTP Directory Traversal Utility (Feature #6338 )
2012-02-19 00:30:18 -06:00
6ced540e0b
Merge branch 'vmware-api' into vmware-stable
2012-02-18 18:38:20 -06:00
36dc0fee50
Better dynamic soap generation for all the vmware stuff
2012-02-18 18:29:46 -06:00
ef2c261ce9
Change print() to print_line()
2012-02-18 00:22:02 -06:00
1f34c1ffd2
Correct print() and sleep() to print_line and select()
2012-02-18 00:20:52 -06:00
ebd5438984
Add POST to method
2012-02-17 22:36:33 -06:00
bb5e4a1600
Modules don't need to register VERBOSE, because it's already there
2012-02-17 21:07:44 -06:00
dc4bade78c
Use OptEnum to validate delivery method
2012-02-17 21:03:05 -06:00
79ce43e3fe
This condition should never trigger, because OptEnum should automatically take care of it
2012-02-17 19:16:07 -06:00
e23f17cac2
Again, validate using OptEnum
2012-02-17 19:14:38 -06:00
ohdae
Jonathan Cran
sinn3r
Tod Beardsley
Gregory Man
HD Moore
James Lee
sinn3r
Joshua J. Drake
Willis Vandevanter
Efrain Torres
juan
Steve Tornio
Tod Beardsley
HD Moore
David Maloney
Matt Buck