Commit Graph

5510 Commits (461352f24f40023b162a4e264889f756331afe81)

Author SHA1 Message Date
Tod Beardsley 57376a976d Fixes descriptions on new modules.
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:18:47 -06:00
sinn3r d9788db7bb Merge pull request #222 from jduck/master
Fixes #6483
2012-03-07 18:11:48 -08:00
sinn3r 0550b77522 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-03-07 20:04:04 -06:00
sinn3r 3b4ed13aee Fix typo 2012-03-07 20:03:46 -06:00
Tod Beardsley 33460b6bf4 Fixups on the Adobe Flash exploit description
Massaged the lines about the phishing campagin use in the wild.
2012-03-07 19:37:49 -06:00
sinn3r c76f43c066 Add CVE-2012-0754: Adobe Flash Player MP4 cprt overflow 2012-03-07 19:24:00 -06:00
Tod Beardsley f97dc8dee7 Fix spelling of the IBM product iSeries
Was I-Series.
2012-03-07 15:24:15 -06:00
sinn3r 7dfba9c00d Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-03-07 14:51:39 -06:00
sinn3r 0ee7788028 Add a check to detect the vulnerable version of Sysax SSH 2012-03-07 14:51:21 -06:00
Joshua J. Drake ab01a19f92 Fixes #6483: Correct the include for the handler (was copypasta) 2012-03-07 11:23:44 -06:00
Tod Beardsley ba2bf194fd Fixes descriptions on new modules.
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:17:22 -06:00
James Lee 02ea38516f Add a check method for tomcat_mgr_deploy 2012-03-06 23:22:44 -07:00
James Lee 2b9acb61ad Clean up some incosistent verbosity
Modules should use `vprint_*` instead of `print... if
datastore["VERBOSE"]` or similar constructs
2012-03-06 12:01:20 -07:00
sinn3r 003fa3e22c Apply patch for #6495 2012-03-06 11:43:28 -06:00
sinn3r 22a12a6dfc Add Lotus CMS exploit (OSVDB-75095) 2012-03-06 11:36:28 -06:00
HD Moore 99177e9d5e Small commit to fix bad reference and old comment 2012-03-06 01:44:26 -06:00
Willis Vandevanter 461a59e28d modified description and lowered the number of required requests 2012-03-06 00:48:54 -05:00
Willis Vandevanter 0f17bbdfdd squid pivot scanning module 2012-03-06 00:30:30 -05:00
James Lee 70162fde73 A few more author typos 2012-03-05 13:28:46 -07:00
James Lee 82c23e95d3 Module author typo 2012-03-05 13:28:46 -07:00
James Lee 3a33434867 Fix a couple of typos that throw off module authors 2012-03-05 13:28:46 -07:00
sinn3r afd1af6377 Merge branch 'apf-info' of https://github.com/gregory-m/metasploit-framework into gregory-m-apf-info 2012-03-05 11:18:23 -06:00
sinn3r 1005de0523 Port should not contain a non-numeric value or even empty when assigned to :port 2012-03-05 11:10:16 -06:00
Gregory Man 6726f07dbc afp_server_info fixes and improvements
1.9 compatibility, timeouts, reporting
2012-03-05 14:57:59 +02:00
Gregory Man d9f0453ee9 Added auxiliary/scanner/afp/afp_server_info module 2012-03-02 21:58:40 +02:00
Tod Beardsley 7447052b38 Convert WMAP constant name to the new format. 2012-03-02 10:18:32 -06:00
Tod Beardsley 302853f5a4 Unpolluting SVN Revision keyword
Sometimes Revision keywords get expanded, too. Fix those.
2012-03-02 10:18:32 -06:00
Tod Beardsley 3626d48db2 Un-polluting SVN Id keyword
Sometimes the SVN Id keyword sneaks back into the github repo already
expanded.
2012-03-02 10:18:32 -06:00
Efrain Torres 36a3341acd Fix body cero. 2012-03-02 10:18:32 -06:00
Efrain Torres 6fba0698e5 Adding another detection method for blind sqli 2012-03-02 10:18:32 -06:00
Efrain Torres 02f6e3fcb2 Improving report on blind sqli module 2012-03-02 10:18:32 -06:00
Efrain Torres 126a6133cd Improving blind sql inj. detection 2012-03-02 10:18:32 -06:00
Efrain Torres b608aeeeb7 Migrating modules to use report_web_vulns and minor fixes 2012-03-02 10:18:32 -06:00
Efrain Torres 1a09a49f69 Starting getting rid of report_note to use report_web_vuln on all http aux modules 2012-03-02 10:18:32 -06:00
Efrain Torres 2ce7dc9331 One more module. 2012-03-02 10:18:32 -06:00
Efrain Torres 9c6fec3c33 First step on module cleaning. 2012-03-02 10:18:32 -06:00
Efrain Torres eaecdb487c Fix sname in report_ calls to check the use of ssl and report http or
https
2012-03-02 10:18:31 -06:00
Efrain Torres 6d80aa0a44 Renaming duh. 2012-03-02 10:18:31 -06:00
Efrain Torres 3cb65e24a1 Fix blind sqli module description and bug with http_method 2012-03-02 10:18:31 -06:00
Efrain Torres 6938b91d07 Execute tests agains a specific path and bug fix in blind sqli module 2012-03-02 10:18:31 -06:00
Efrain Torres a2e5a4d9d5 New wmap version 1.5. Plugin and mixin changes. Modules edited to adjust to naming convention 2012-03-02 10:18:31 -06:00
sinn3r 8f30e5548c Fix bug: "TypeError can't convert nil into String" when fd.read can be nil 2012-03-02 02:18:07 -06:00
sinn3r 67f788768d Fix tabs 2012-03-01 22:31:08 -06:00
sinn3r fd2d9ae0ea Add MP4 file generating function. Update the description regarding exploit usage. 2012-03-01 22:24:35 -06:00
sinn3r b1b2ec2c7d Merge branch 'CVE-2008-5036_vlc_realtext' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-5036_vlc_realtext 2012-03-01 21:13:33 -06:00
sinn3r 8bad0033d3 Update description 2012-03-01 19:16:29 -06:00
sinn3r 0bc26c1665 Add CVE-2009-4656: DJ Studio .pls buffer overflow 2012-03-01 19:09:25 -06:00
sinn3r d06848ba56 Default to token impersonation before migrating to a different process 2012-03-01 18:31:33 -06:00
sinn3r 687c50d0cd Indent level fix 2012-03-01 16:14:29 -06:00
juan f1a6d8f535 Added exploit module for CVE-2008-5036 2012-03-01 23:06:40 +01:00
sinn3r 5a5e5eab95 Add msvcrt ROP target for IE8 2012-03-01 15:23:41 -06:00
sinn3r 1bc99646e7 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-03-01 15:14:05 -06:00
Steve Tornio 2d802750e3 fix osvdb ref 2012-03-01 08:07:11 -06:00
Steve Tornio 256fee3626 add osvdb ref 2012-03-01 08:06:53 -06:00
sinn3r a32bcc44f2 Merge branch 'post-apple-ios-backup-osx-fix' of https://github.com/gregory-m/metasploit-framework 2012-03-01 00:43:17 -06:00
sinn3r e9df9d6c2c Increase default depth 2012-02-29 16:24:18 -06:00
Tod Beardsley 4369f73c7a Msftidy fixes on new modules
Dropped a cryptic year reference from jducks' java module, found a
spurious space in thelightcosine's telnet module.
2012-02-29 10:42:43 -06:00
sinn3r 74cdb5dabc It's a two-space tab, not one space. OMG. 2012-02-29 10:13:29 -06:00
Gregory Man eaf41769ed Fixed gather/apple_ios_backup to work with OSX
Also moved it to post/multi/gather
2012-02-29 10:31:26 +02:00
sinn3r 278f394552 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-29 01:37:36 -06:00
sinn3r 6321ff7cb4 Change output message 2012-02-29 01:36:38 -06:00
sinn3r bc8480715f Add references to metadata. Do report_auth_info() when a credential is found. Plus other minor changes. 2012-02-29 01:32:21 -06:00
HD Moore 4c39cfd98a Small tweak to the format of the type 2012-02-28 23:52:48 -06:00
sinn3r 4b1e67f94f Add ROP target for Win2k3 SP1 and SP2 2012-03-04 17:18:34 -06:00
Steve Tornio 8f93a5abbb add osvdb ref 2012-03-03 12:28:30 -06:00
sinn3r fa916d863d Add Sysax SSH buffer overflow exploit 2012-03-03 10:11:51 -06:00
Tod Beardsley 6c0f8636ec Merge pull request #217 from rapid7/reverse-http-randomness
Reverse http randomness
2012-03-02 16:36:26 -08:00
HD Moore b70b41091b Tested fairly well - this randomizes the URLs and removes the user-agent string from the request 2012-03-02 17:44:23 -06:00
sinn3r 9258cda144 Change :info and file name so it's easier to identify it's a Firefox profile 2012-03-02 16:45:42 -06:00
Tod Beardsley 96e03d2556 Merge pull request #44 from linuxgeek247/armle-bind-shell
Adding armle bind shellcode based on existing reverse shellcode
2012-03-02 14:25:43 -08:00
James Lee f3e0b46e5c Post mods should use session_host when reporting
target_host probably never worked anyway
2012-02-28 18:40:17 -07:00
James Lee 624e19fd8b Merge session-host-rework branch back to master
Squashed commit of the following:

commit 2f4e8df33c5b4baa8d6fd67b400778a3f93482aa
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:31:03 2012 -0700

    Clean up some rdoc comments

    This adds categories for the various interfaces that meterpreter and
    shell sessions implement so they are grouped logically in the docs.

commit 9d31bc1b35845f7279148412f49bda56a39c9d9d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 13:00:25 2012 -0700

    Combine the docs into one output dir

    There's really no need to separate the API sections into their own
    directory.  Combining them makes it much easier to read.

commit eadd7fc136a9e7e4d9652d55dfb86e6f318332e0
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:27:22 2012 -0700

    Keep the order of iface attributes the same accross rubies

    1.8 doesn't maintain insertion order for Hash keys like 1.9 does so we
    end up with ~random order for the display with the previous technique.
    Switch to an Array instead of a Hash so it's always the same.

commit 6f66dd40f39959711f9bacbda99717253a375d21
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:23:35 2012 -0700

    Fix a few more compiler warnings

commit f39cb536a80c5000a5b9ca1fec5902300ae4b440
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:17:39 2012 -0700

    Fix a type-safety warning

commit 1e52785f38146515409da3724f858b9603d19454
Author: James Lee <egypt@metasploit.com>
Date:   Mon Feb 27 15:21:36 2012 -0700

    LHOST should be OptAddress, not OptAddressRange

commit acef978aa4233c7bd0b00ef63646eb4da5457f67
Author: James Lee <egypt@metasploit.com>
Date:   Sun Feb 26 17:45:59 2012 -0700

    Fix a couple of warnings and a typo

commit 29d87f88790aa1b3e5db6df650ecfb3fb93c675b
Author: HD Moore <hdm@digitaloffense.net>
Date:   Mon Feb 27 11:54:29 2012 -0600

    Fix ctype vs content_type typo

commit 83b5400356c47dd1973e6be3aa343084dfd09c73
Author: Gregory Man <man.gregory@gmail.com>
Date:   Sun Feb 26 15:38:33 2012 +0200

    Fixed scripts/meterpreter/enum_firefox to work with firefox > 3.6.x

commit 49c2c80b347820d02348d694cc71f1b3028b4365
Author: Steve Tornio <swtornio@gmail.com>
Date:   Sun Feb 26 07:13:13 2012 -0600

    add osvdb ref

commit e18e1fe97b89c3a2b8c22bc6c18726853d2c2bee
Author: Matt Andreko <mandreko@gmail.com>
Date:   Sat Feb 25 18:02:56 2012 -0500

    Added aspx target to msfvenom.  This in turn added it to msfencode as well.
    Ref: https://github.com/rapid7/metasploit-framework/pull/188
    Tested on winxp with IIS in .net 1.1 and 2.0 modes

commit e6aa5072112d79bbf8a4d2289cf8d301db3932f5
Author: Joshua J. Drake <github.jdrake@qoop.org>
Date:   Sat Feb 25 13:00:48 2012 -0600

    Fixes #6308: Fall back to 127.0.0.1 when SocketError is raised from the resolver

commit b3371e8bfeea4d84f9d0cba100352b57d7e9e78b
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 17:07:42 2012 -0700

    Simplify logic for whether an inner iface has the same address

commit 5417419f35a40d1c08ca11ca40744722692d3b0d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:58:16 2012 -0700

    Whitespace

commit 9036875c2918439ae23e11ee7b958e30ccc29545
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:53:45 2012 -0700

    Set session info before worrying about address

    get_interfaces can take a while on Linux, grab uid and hostname earlier
    so we can give the user an idea of what they popped as soon as possible.

commit f34b51c6291031ab25b5bfb1ac6307a516ab0ee9
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:48:42 2012 -0700

    Clean up rdoc

commit e61a0663454400ec66f59a80d18b0baff4cb8cd9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:54:45 2012 -0600

    Ensure the architecture is only the first word (not the full WOW64
    message in some cases)

commit 4c701610976a92298c1182eecc9291a1b301e43b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:49:17 2012 -0600

    More paranoia code, just in case RHOST is set to whitespace

commit c5ff89fe3dc9061e0fa9f761e6530f6571989d28
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:47:01 2012 -0600

    A few more small bug fixes to handle cases with an empty string target
    host resulting in a bad address

commit 462d0188a1298f29ac83b10349aec6737efc5b19
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 03:55:10 2012 -0600

    Fix up the logic (reversed by accident)

commit 2b2b0adaec2448423dbd3ec54d90a5721965e2df
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 23:29:52 2012 -0600

    Automatically parse system information and populate the db, identify and
    report NAT when detected, show the real session_host in the sessions -l
    listing

commit 547a4ab4c62dc3248f847dd5d305ad3b74157348
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:16:03 2012 -0600

    Fix typo introduced

commit 27a7b7961e61894bdecd55310a8f45d0917c5a5c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:11:38 2012 -0600

    More session.session_host tweaks

commit e447302a1a9915795e89b5e29c89ff2ab9b6209b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:08:20 2012 -0600

    Additional tunnel_peer changes

commit 93369fcffaf8c6b00d992526b4083acfce036bb3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:06:21 2012 -0600

    Additional changes to session.session_host

commit c3552f66d158685909e2c8b51dfead7c240c4f40
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:00:19 2012 -0600

    Merge changes into the new branch
2012-02-28 18:29:39 -07:00
sinn3r af4551d8dc Merge branch 'auxiliary-scanner-mongodb' of https://github.com/gregory-m/metasploit-framework into gregory-m-auxiliary-scanner-mongodb 2012-02-28 19:07:21 -06:00
sinn3r 986807e525 Add CVE-2012-0201 IBM Personal Communications .ws buffer overflow 2012-02-28 19:01:54 -06:00
sinn3r 5560087006 Add OSVDB 79438 Asus Net4Switch ActiveX Buffer Overflow 2012-02-28 18:58:28 -06:00
James Lee e69c8ca422 LHOST should be OptAddress, not OptAddressRange 2012-02-28 08:16:06 -07:00
Gregory Man bf07a6a027 Added auxiliary/scanner/mongodb/mongodb_login module
MongoDB login utility + brute force attack
2012-02-28 16:06:30 +02:00
sinn3r 2f201cdf78 Merge pull request #198 from jduck/master
Fixes #6308
2012-02-26 11:52:47 -08:00
Joshua J. Drake 3ff5c91c24 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-26 09:53:04 -06:00
Steve Tornio ef4cdb516d add osvdb ref 2012-02-26 07:13:13 -06:00
HD Moore 139136e033 Fix a handful of typos in the regex/parsing code 2012-02-26 02:10:06 -06:00
Joshua J. Drake 65ed4bfa8b Fixes #6308: Fall back to 127.0.0.1 when SocketError is raised from the resolver 2012-02-25 13:00:48 -06:00
sinn3r 91a7a44f02 Merge branch 'gather-firefox_creds-osx-fix' of https://github.com/gregory-m/metasploit-framework into gregory-m-gather-firefox_creds-osx-fix 2012-02-24 16:03:42 -06:00
sinn3r 7281a0ebdd Add CVE-2011-0923: HP Data Protector CMD_EXEC module (submitted by wireghoul) 2012-02-24 12:06:47 -06:00
Gregory Man 8a158c3a00 Added OSX support to post/multi/gather/firefox_creds
Tested on OSX 10.7.3 and FF 9.0.1
2012-02-24 16:44:42 +02:00
sinn3r bc2e12f7b5 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-23 17:34:10 -06:00
sinn3r 339fb8d266 eh, I mean Win2k3 SP0 to SP1 2012-02-23 17:33:49 -06:00
David Maloney cb9cc1a69e Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-23 17:22:55 -06:00
David Maloney a6b10862bd Adds a lantronix telnet discovery module 2012-02-23 17:22:32 -06:00
James Lee 9ddca81ab5 Fix test that always evals to false
Meterpreter does not respond_to? extension names, they're magic.
2012-02-23 14:52:48 -07:00
Joshua J. Drake e262d7a7ff Add CVE-2012-0500 Sun Java Web Start exploit 2012-02-23 13:30:45 -06:00
Steve Tornio 08fb03276f add osvdb ref 2012-02-23 07:39:31 -06:00
sinn3r 144fa0dc0e Comment what \x0b\x04 is for 2012-02-22 22:59:43 -06:00
sinn3r 92c801d936 Merge branch 'ssh-creds-fix' of https://github.com/gregory-m/metasploit-framework into gregory-m-ssh-creds-fix 2012-02-22 19:49:26 -06:00
sinn3r 291e083d65 Add CVE-2011-5001: TrendMicro Control Manager 5.5 CmdProcessor Stack Bof 2012-02-22 19:44:47 -06:00
sinn3r 4ee1f989a6 Merge branch 'CVE-2008-1602_orbit_download_failed_bof' of https://github.com/juanvazquez/metasploit-framework 2012-02-22 19:40:56 -06:00
HD Moore 8d212849dc Fix typos that result in stack traces when matching the response codes 2012-02-22 16:04:24 -06:00
Gregory Man ace28a8388 1.9 compatibility fix
Strings in ruby 1.9 doesn't have #each method
2012-02-22 18:01:17 +02:00
Gregory Man 66fa56cc49 Fixed post/multi/gather/ssh_creds to work with shell session 2012-02-22 15:16:11 +02:00
HD Moore 3fecda95be Fix 1.8 compatibility issue 2012-02-22 02:05:44 -06:00
James Lee 5e6c40edfd Remove unnecessary space restrictions.
This allows using the full range of PHP payloads
2012-02-21 23:21:07 -07:00
James Lee 464cf7f65f Normalize service names
Downcases lots and standardizes a few.  Notably, modules that reported a
service name of "TNS" are now "oracle".  Modules that report http
now check for SSL and report https instead.

[Fixes #6437]
2012-02-21 22:59:20 -07:00
James Lee 7ca573a1b4 Give these two old modules a chance to work by setting a proper arch
These must have been broken for quite some time.  =/  They should
probably both be ARCH_PHP but I'm reluctant to make that big of a change
without having the target software to test.
2012-02-21 22:59:20 -07:00
HD Moore 4932a9ca25 Dont dump an HTML document to the console 2012-02-21 23:45:25 -06:00
David Maloney d3fad51f3a Fix my screwup in winscp for servicename 2012-02-21 20:31:52 -06:00
David Maloney dcf3f3579d Fix to the awful sname in this module 2012-02-21 20:28:27 -06:00
James Lee 02d6089893 Fix a stack trace when an unexpected response from the server
Caused by a typo
2012-02-21 18:57:27 -07:00
HD Moore acb4446e45 Fix #6407 by treating redirects as successful authentication 2012-02-21 16:02:21 -06:00
juan d6310829ea Added module for CVE-2008-1602 2012-02-21 22:36:57 +01:00
Tod Beardsley 4a631e463c Module title normalization
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/

The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
HD Moore bce1c08623 Update modules/auxiliary/server/capture/http_javascript_keylogger.rb 2012-02-21 04:46:56 -06:00
HD Moore 7c1d48d6aa Merge in MJC's javascript keylogger 2012-02-21 04:25:15 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
HD Moore ab92e38628 Small cosmetic change to module descriptions 2012-02-20 19:29:51 -06:00
HD Moore af56807668 Cleanup the titles of many exploit modules 2012-02-20 19:25:55 -06:00
sinn3r bb55b4e54f Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-20 14:22:23 -06:00
sinn3r f09ce04b00 Show where store_loot() saves the info 2012-02-20 14:22:05 -06:00
James Lee 89e0842b1e Add vim_soap to the mixins list.
Fixes an issue where a different module load order would result in one
of the vmware modules failing to load be cause vim_soap hadn't been
required yet. Thanks d0rm0us3 for having a weird system and spotting
stuff like this.
2012-02-20 13:17:45 -07:00
sinn3r cda9166180 This module should show where store_loot() saves the results 2012-02-20 14:15:55 -06:00
sinn3r 779e3cdcda Correct more post modules for naming style consistency 2012-02-20 13:49:23 -06:00
sinn3r fd283dd95b Correct naming style 2012-02-20 12:38:43 -06:00
sinn3r 3180d75168 Correct naming style 2012-02-20 12:38:31 -06:00
sinn3r 22e40d9da4 Change naming style for consistency 2012-02-20 12:35:53 -06:00
sinn3r 300558e009 Correct post module naming style 2012-02-20 12:34:35 -06:00
sinn3r a8d56afda6 Use store_loot() to save data to local disk 2012-02-20 01:30:11 -06:00
Matt Buck fccb338e29 Merge branch 'master' of github-r7:rapid7/metasploit-framework 2012-02-19 23:01:14 -06:00
Matt Buck e0a75c1b2c Merge branch 'release/4.2-stable'
Conflicts:
	lib/msf/core/model/host.rb
2012-02-19 22:57:22 -06:00
sinn3r ea698864bd Add aux module to disclose IIS internal IP (Feature #6405) 2012-02-19 22:44:30 -06:00
sinn3r 95fa97cbd7 This module should be using store_loot() to save downloaded data 2012-02-19 20:48:00 -06:00
sinn3r 6037a2fc7a Correct type and name for store_loot 2012-02-19 20:20:44 -06:00
HD Moore f92ddb2475 Revert "Cleanup to the module output for vmware_http_login.rb"
This reverts commit 08d91aebdb.
2012-02-19 18:55:49 -06:00
HD Moore a25475fac0 Revert "Add a new vmauthd_version scanner (also pulls in the SSL cert if"
This reverts commit c4ea27d32b.
2012-02-19 18:53:03 -06:00
HD Moore d761265b93 Revert "Cosmetic cleanup to the module output for vmauthd_login"
This reverts commit 87e7bf4934.
2012-02-19 18:52:39 -06:00
HD Moore 648686002b Cosmetic cleanup of the vmware_http_login module 2012-02-19 18:51:16 -06:00
HD Moore 2521bd7b59 Add a new vmauthd_version scanner (also pulls in the SSL cert if
available)
2012-02-19 18:34:35 -06:00
HD Moore 00d2497a42 Cosmetic cleanup to the module output for vmauthd_login 2012-02-19 18:32:36 -06:00
HD Moore c4ea27d32b Add a new vmauthd_version scanner (also pulls in the SSL cert if
available)
2012-02-19 18:28:06 -06:00
HD Moore 87e7bf4934 Cosmetic cleanup to the module output for vmauthd_login 2012-02-19 18:16:54 -06:00
HD Moore 08d91aebdb Cleanup to the module output for vmware_http_login.rb 2012-02-19 18:16:05 -06:00
sinn3r 825ea01f79 Correct report_web_vuln 2012-02-19 16:37:42 -06:00
sinn3r 199e9c518b Add Generic HTTP Directory Traversal Utility (Feature #6338) 2012-02-19 00:30:18 -06:00
David Maloney 6ced540e0b Merge branch 'vmware-api' into vmware-stable 2012-02-18 18:38:20 -06:00
David Maloney 36dc0fee50 Better dynamic soap generation for all the vmware stuff 2012-02-18 18:29:46 -06:00
sinn3r ef2c261ce9 Change print() to print_line() 2012-02-18 00:22:02 -06:00
sinn3r 1f34c1ffd2 Correct print() and sleep() to print_line and select() 2012-02-18 00:20:52 -06:00
sinn3r ebd5438984 Add POST to method 2012-02-17 22:36:33 -06:00
sinn3r bb5e4a1600 Modules don't need to register VERBOSE, because it's already there 2012-02-17 21:07:44 -06:00
sinn3r dc4bade78c Use OptEnum to validate delivery method 2012-02-17 21:03:05 -06:00
sinn3r 79ce43e3fe This condition should never trigger, because OptEnum should automatically take care of it 2012-02-17 19:16:07 -06:00
sinn3r e23f17cac2 Again, validate using OptEnum 2012-02-17 19:14:38 -06:00
sinn3r d58b8c7b69 Use OptEnum to validate enumeration method 2012-02-17 19:12:47 -06:00
sinn3r 3390bdf312 Validate METHOD with OptEnum 2012-02-17 18:54:53 -06:00
sinn3r 974aea3521 Validate 'METHOD' using OptEnum 2012-02-17 18:46:56 -06:00
sinn3r 36bc31d677 Damn, the indent level is nuts in this thing 2012-02-17 18:43:47 -06:00
sinn3r ec58b4669e This module only handles GET, so that's the only option we'll allow 2012-02-17 18:20:16 -06:00
sinn3r 9e17b09632 This module is only meant to handle GET and PUT, so let's be strict on that 2012-02-17 18:17:28 -06:00
sinn3r 7ae58bfd9d Make sure the HTTP method is always upper-case to make Apache happy 2012-02-17 18:15:23 -06:00
David Maloney ddb43774c9 Some metadata fixes 2012-02-17 12:21:38 -06:00
sinn3r ae57a8d9fd Make sure the HTTP method is always uppercase so we don't get a 501 2012-02-17 03:34:39 -06:00
sinn3r afe6bce1c6 More documentation on the file format 2012-02-16 21:58:12 -06:00
sinn3r 2a97e61457 Merge branch 'droplnk' of https://github.com/NoVAHA/metasploit-framework into NoVAHA-droplnk 2012-02-16 21:20:58 -06:00
sinn3r 5bb9afe789 Correct disclosure date format 2012-02-16 18:15:51 -06:00
Rob Fuller c38ad92ade Post module to upload shortcut (LNK) files with UNC path ICONs for post exploitation 2012-02-16 18:34:19 +00:00
Joshua J. Drake 01a6b02c3e Add exploit for CVE-2012-0209, thx eromang! 2012-02-16 03:10:55 -06:00
Joshua J. Drake d2444e1cf6 fix a few typos 2012-02-16 03:10:22 -06:00
David Maloney a0dac593bc Merge branch 'vmware-api' of github.com:rapid7/metasploit-framework into vmware-api 2012-02-16 02:22:31 -06:00
David Maloney e9b2e060d6 Permissions scanner for vmware
Fixed the way loot was getting stored to set a propper type
2012-02-16 02:19:33 -06:00
David Maloney 8d7ddab2af Some minor bug fixes
Added vm_tag module for 'flag planting'
2012-02-16 00:45:48 -06:00
David Maloney c5ae56a147 Adding User Enumeration Scanner for vmware 2012-02-15 22:55:11 -06:00
Tod Beardsley 95f54413d8 Create a stable branch of vmware-api
Just to pick up the soap library and the esx_fingerprint stuff.
2012-02-15 21:25:56 -06:00
Tod Beardsley bf9ed96155 Fixes up esx_fingerprint and the host model to ID vmware correctly
Uses the proper host.normalize_os methods to fix up the normalization of
ESX servers.
2012-02-15 20:31:51 -06:00
David Maloney a2778ea297 minor fixes to multi-session terminate 2012-02-15 16:50:12 -06:00
David Maloney 082b4acca8 Changed terminate session module to handle multiple sessions per run 2012-02-15 16:47:02 -06:00
David Maloney c9cf47bd4c Add Terminate Session module and some extra goodness to enum sessions 2012-02-15 16:39:13 -06:00
juan e69037959f Added CVE-2010-0842 2012-02-15 23:32:31 +01:00
David Maloney 67ba39cc3e Adds a scanner to pull active login sessions off servers 2012-02-15 02:27:25 -06:00
David Maloney e0f11992af Gah screwed up that commit, accidentally chunked out the rescues. 2012-02-15 02:12:06 -06:00
David Maloney 6b539036c9 Fix fingerprinting in the vmware_http_login module 2012-02-15 01:54:34 -06:00
David Maloney e67e9ab34f Adds a power off vm aux module 2012-02-14 20:52:45 -06:00
David Maloney a256a6fb0b Adds a power on vm module 2012-02-14 20:44:11 -06:00
Tod Beardsley ab65a1ad8c Name caps and readability for new post modules 2012-02-14 16:23:12 -06:00
David Maloney bbca09458f Workaround for report_host/service issue
See #6370
2012-02-14 11:19:38 -06:00
David Maloney 03884ddb46 Fix to title from copy pasted init section. 2012-02-14 10:36:15 -06:00
Tod Beardsley ad0594ee5f Cleanup and add debug for fingerprint_vmware 2012-02-13 19:07:26 -06:00
Tod Beardsley 8c1581567c Cleanup on the vmware fingerprinting.
Add in some new OS constants and seperate out the fingerprinting
function from the connection function in order to avoid having errors
swallowed by a rescue.
2012-02-13 16:40:44 -06:00
Tod Beardsley 727cde00c6 Taking David's version of vmware_http_login over mine 2012-02-13 14:54:47 -06:00
sinn3r d036da627a Clear lots of whitespace 2012-02-13 14:13:43 -06:00
David Maloney 31f001ed54 Improved vmware enumerate vm modules
now with screenshots!
2012-02-13 12:07:28 -06:00
David Maloney 8c305e1a28 VMWare Web service finerprinting and OS detection.
VMWare Screenshot stealer
Improvemenets to the mixin
fix to check method for the login scanner
2012-02-13 12:05:32 -06:00
sinn3r a758462a32 Remove some whitespace 2012-02-13 11:01:26 -06:00
sinn3r 7129ec8e3a Change indent level for the metadata 2012-02-12 17:33:03 -06:00
sinn3r e9ceed1236 Merge branch 'fetchmailrc_creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-fetchmailrc_creds 2012-02-12 17:30:30 -06:00
Jon Hart 49bf9435c2 Post module to loot creds from .fetchmailrc 2012-02-12 11:24:21 -08:00
bperry-r7 abb1548d9a Fix extraneous print_status 2012-02-11 20:09:43 -06:00
David Maloney 676a0c53a0 Working Screenshot capability! 2012-02-11 03:51:18 -06:00
Tod Beardsley 829040d527 A bunch of msftidy fixes, no functional changes. 2012-02-10 19:44:03 -06:00
Steve Tornio daca3e93a5 add osvdb ref 2012-02-10 07:05:42 -06:00
Steve Tornio 782fcb040d add osvdb ref 2012-02-10 07:05:26 -06:00
Steve Tornio 1a240648fa Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2012-02-10 06:51:02 -06:00
sinn3r fe69a27bf1 Fix indent level and type 2012-02-10 03:22:51 -06:00
sinn3r 4b47a9e66f Be gone, whitespace. 2012-02-10 03:16:37 -06:00
sinn3r 52e7743b41 Merge branch 'ipv6_logging' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-ipv6_logging 2012-02-10 03:13:18 -06:00
sinn3r 85e644ed4c Merge branch 'railgun_defs' of https://github.com/NoVAHA/metasploit-framework into NoVAHA-railgun_defs 2012-02-10 01:17:07 -06:00
sinn3r 5ea20a332b Clearly I had the wrong disclosure date. This one is based on Adobe's security bulletin. 2012-02-10 00:13:39 -06:00
sinn3r e5ea2961f5 Add CVE-2011-2140 Adobe Flash SequenceParameterSetNALUnit (mp4) bof 2012-02-10 00:10:28 -06:00
sinn3r 2bd330da33 Add ZDI-12-009 Citrix Provisioning Services 5.6 streamprocess buffer overflow exploit 2012-02-10 00:06:48 -06:00
Rob Fuller 1f1e67cb16 Moved railgun function definitions into central storage and out of individual modules where possible 2012-02-09 04:56:13 +00:00
Steve Tornio adafe6f722 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2012-02-08 13:32:51 -06:00
HD Moore 29b99aa7b4 Fix up titles/add boundary check for reporting external host 2012-02-08 12:23:46 -06:00
m-1-k-3 705c436ede added more multicast addresses from wikipedia 2012-02-07 11:45:20 +01:00
David Maloney e8aa624a16 Added todb's validator over to this working branch 2012-02-06 10:15:05 -06:00
Tod Beardsley 8ad9beef75 Removing javascript_keylogger from master. 2012-02-06 09:37:16 -06:00
m-1-k-3 91820ad1c3 logging to notes 2012-02-06 08:56:35 +01:00
RageLtMan 858401463d add exec timeout 2012-02-05 14:52:38 -05:00
RageLtMan 53ec982385 download_exec_fix 2012-02-05 14:35:44 -05:00
Steve Tornio 1b7fffbf8a Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2012-02-05 07:30:08 -06:00
sinn3r b2ae8a24dc Fix go cow art (tabs are bad to align chars) 2012-02-05 02:20:31 -06:00
sinn3r 0dd3ad0efb Remove naughty trailing commas 2012-02-05 02:03:49 -06:00
sinn3r 26f89f65bd Fix the bug that causes store_loot() to run twice. Also, other minor format changes. 2012-02-05 02:00:03 -06:00
sinn3r c2d1f64472 Merge branch 'master' of https://github.com/threatagent/metasploit-framework 2012-02-05 01:44:53 -06:00
sinn3r db1e400dff Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-05 01:27:21 -06:00
HD Moore e4faa33517 Fix a typo introduce in the usb dumper 2012-02-04 00:03:20 -06:00
HD Moore 0737ccb8e2 Remove nulls from the unicode drive name 2012-02-04 00:03:03 -06:00
David Maloney df401f4c94 more fixes to backend stuff, plus updated vmware http login module to use
the correct mixin method now.
2012-02-03 15:44:41 -06:00
Tod Beardsley af506240cf http_fingerprint reports service info
Service info once again is reported when http_fingerprint is run against
a target, along with http status codes.
2012-02-03 12:15:11 -06:00
Patroklos Argyroudis ed34fd70fd Modified (and tested) to work on Lion 10.7.2 and 10.7.3 2012-02-03 12:39:22 +02:00
Tod Beardsley 786d75493c Fix up VMWware webscan to not false positive
Checks to see if a target is actually vmware based on the provided
cookie, using the http_fingerprint() function from HttpClient.

[Fixes #6340]
2012-02-02 22:19:57 -06:00
Marcus J. Carey c06b0f7e72 cleaning up an editor glitch. 2012-02-02 17:59:51 -06:00
sinn3r bd407d2e01 Merge branch 'master' of https://github.com/threatagent/metasploit-framework 2012-02-02 16:53:23 -06:00
Marcus J. Carey 1a278c55b5 a bit more cleanup 2012-02-02 16:19:21 -06:00
Marcus J. Carey 45b58bea06 got rid of bmp generation 2012-02-02 16:07:27 -06:00
Marcus J. Carey e96eceb145 Editing Javascript keylogger 2012-02-02 15:01:22 -06:00
Marcus J. Carey 7b3262958d Merge branch 'master' of github.com:threatagent/metasploit-framework
Conflicts:
	modules/auxiliary/server/capture/javascript_keylogger.rb
2012-02-02 14:58:23 -06:00
Marcus J. Carey 59a44f75ec Updated Javascript Keylogger 2012-02-02 14:42:13 -06:00
Steve Tornio d90fe9b9b7 add osvdb ref 2012-02-02 13:43:03 -06:00
sinn3r aa44eb955e Correct author e-mail format 2012-02-02 11:27:43 -06:00
sinn3r 1676bd3c4f Add MSF License header. Use print once to print the whole table instead of running print multiple times. Show where the results are save. 2012-02-02 11:13:08 -06:00
Marcus J. Carey f45528ec68 Update modules/auxiliary/server/capture/javascript_keylogger.rb 2012-02-02 10:33:33 -06:00
Marcus J. Carey 3bfb8b3c9d Adding Javascript Keylogger 2012-02-02 10:30:55 -06:00
sinn3r d230eeedc0 Merge branch 'mount.smbfs-creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-mount.smbfs-creds 2012-02-02 10:21:21 -06:00
Marcus J. Carey e70f9151e5 Merge remote-tracking branch 'upstream/master' 2012-02-02 07:13:03 -06:00
sinn3r 6b29af5c23 Add user-agent check. Auto-migrate. 2012-02-02 03:11:10 -06:00
sinn3r 6be65acfe2 Merge branch 'CVE-2008-2551_c6_DownloaderActiveX' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-2551_c6_DownloaderActiveX 2012-02-02 02:54:02 -06:00
sinn3r de675c349a Upgrade exploit rank, because it fits the description 2012-02-02 02:49:06 -06:00
sinn3r 28b4f4b60d Add Sunway ForceControl NetDBServer.exe Buffer Overflow (Feature #6331) 2012-02-02 02:43:32 -06:00
juan 82eacbe2fd Added module for CVE-2008-2551 2012-02-01 23:26:28 +01:00
David Maloney 36e37e04fb Fixes to post module cred reporting.
call to session.db_record.id would error if no db
was connected.
Fixes #6325
2012-02-01 12:26:35 -06:00
David Maloney 3f48e626a2 Adding a bunch of new VIM API auxiliary stuff
Work in progress.
2012-02-01 12:05:20 -06:00
Tod Beardsley e371f0f64c MSFTidy commits
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.

Squashed commit of the following:

commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:58:53 2012 -0600

    Break up the multiline SOAP thing

commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:48:16 2012 -0600

    More whitespace and indent

commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:39:36 2012 -0600

    Whitespace fixes

commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:35:37 2012 -0600

    Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
Jon Hart 4aa52203da Renamed, switched partially to store_loot 2012-02-01 08:50:50 -08:00