Tod Beardsley
57376a976d
Fixes descriptions on new modules.
...
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:18:47 -06:00
sinn3r
d9788db7bb
Merge pull request #222 from jduck/master
...
Fixes #6483
2012-03-07 18:11:48 -08:00
sinn3r
0550b77522
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-07 20:04:04 -06:00
sinn3r
3b4ed13aee
Fix typo
2012-03-07 20:03:46 -06:00
Tod Beardsley
33460b6bf4
Fixups on the Adobe Flash exploit description
...
Massaged the lines about the phishing campagin use in the wild.
2012-03-07 19:37:49 -06:00
sinn3r
c76f43c066
Add CVE-2012-0754: Adobe Flash Player MP4 cprt overflow
2012-03-07 19:24:00 -06:00
Tod Beardsley
f97dc8dee7
Fix spelling of the IBM product iSeries
...
Was I-Series.
2012-03-07 15:24:15 -06:00
sinn3r
7dfba9c00d
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-07 14:51:39 -06:00
sinn3r
0ee7788028
Add a check to detect the vulnerable version of Sysax SSH
2012-03-07 14:51:21 -06:00
Joshua J. Drake
ab01a19f92
Fixes #6483 : Correct the include for the handler (was copypasta)
2012-03-07 11:23:44 -06:00
Tod Beardsley
ba2bf194fd
Fixes descriptions on new modules.
...
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:17:22 -06:00
James Lee
02ea38516f
Add a check method for tomcat_mgr_deploy
2012-03-06 23:22:44 -07:00
James Lee
2b9acb61ad
Clean up some incosistent verbosity
...
Modules should use `vprint_*` instead of `print... if
datastore["VERBOSE"]` or similar constructs
2012-03-06 12:01:20 -07:00
sinn3r
003fa3e22c
Apply patch for #6495
2012-03-06 11:43:28 -06:00
sinn3r
22a12a6dfc
Add Lotus CMS exploit (OSVDB-75095)
2012-03-06 11:36:28 -06:00
HD Moore
99177e9d5e
Small commit to fix bad reference and old comment
2012-03-06 01:44:26 -06:00
Willis Vandevanter
461a59e28d
modified description and lowered the number of required requests
2012-03-06 00:48:54 -05:00
Willis Vandevanter
0f17bbdfdd
squid pivot scanning module
2012-03-06 00:30:30 -05:00
James Lee
70162fde73
A few more author typos
2012-03-05 13:28:46 -07:00
James Lee
82c23e95d3
Module author typo
2012-03-05 13:28:46 -07:00
James Lee
3a33434867
Fix a couple of typos that throw off module authors
2012-03-05 13:28:46 -07:00
sinn3r
afd1af6377
Merge branch 'apf-info' of https://github.com/gregory-m/metasploit-framework into gregory-m-apf-info
2012-03-05 11:18:23 -06:00
sinn3r
1005de0523
Port should not contain a non-numeric value or even empty when assigned to :port
2012-03-05 11:10:16 -06:00
Gregory Man
6726f07dbc
afp_server_info fixes and improvements
...
1.9 compatibility, timeouts, reporting
2012-03-05 14:57:59 +02:00
Gregory Man
d9f0453ee9
Added auxiliary/scanner/afp/afp_server_info module
2012-03-02 21:58:40 +02:00
Tod Beardsley
7447052b38
Convert WMAP constant name to the new format.
2012-03-02 10:18:32 -06:00
Tod Beardsley
302853f5a4
Unpolluting SVN Revision keyword
...
Sometimes Revision keywords get expanded, too. Fix those.
2012-03-02 10:18:32 -06:00
Tod Beardsley
3626d48db2
Un-polluting SVN Id keyword
...
Sometimes the SVN Id keyword sneaks back into the github repo already
expanded.
2012-03-02 10:18:32 -06:00
Efrain Torres
36a3341acd
Fix body cero.
2012-03-02 10:18:32 -06:00
Efrain Torres
6fba0698e5
Adding another detection method for blind sqli
2012-03-02 10:18:32 -06:00
Efrain Torres
02f6e3fcb2
Improving report on blind sqli module
2012-03-02 10:18:32 -06:00
Efrain Torres
126a6133cd
Improving blind sql inj. detection
2012-03-02 10:18:32 -06:00
Efrain Torres
b608aeeeb7
Migrating modules to use report_web_vulns and minor fixes
2012-03-02 10:18:32 -06:00
Efrain Torres
1a09a49f69
Starting getting rid of report_note to use report_web_vuln on all http aux modules
2012-03-02 10:18:32 -06:00
Efrain Torres
2ce7dc9331
One more module.
2012-03-02 10:18:32 -06:00
Efrain Torres
9c6fec3c33
First step on module cleaning.
2012-03-02 10:18:32 -06:00
Efrain Torres
eaecdb487c
Fix sname in report_ calls to check the use of ssl and report http or
...
https
2012-03-02 10:18:31 -06:00
Efrain Torres
6d80aa0a44
Renaming duh.
2012-03-02 10:18:31 -06:00
Efrain Torres
3cb65e24a1
Fix blind sqli module description and bug with http_method
2012-03-02 10:18:31 -06:00
Efrain Torres
6938b91d07
Execute tests agains a specific path and bug fix in blind sqli module
2012-03-02 10:18:31 -06:00
Efrain Torres
a2e5a4d9d5
New wmap version 1.5. Plugin and mixin changes. Modules edited to adjust to naming convention
2012-03-02 10:18:31 -06:00
sinn3r
8f30e5548c
Fix bug: "TypeError can't convert nil into String" when fd.read can be nil
2012-03-02 02:18:07 -06:00
sinn3r
67f788768d
Fix tabs
2012-03-01 22:31:08 -06:00
sinn3r
fd2d9ae0ea
Add MP4 file generating function. Update the description regarding exploit usage.
2012-03-01 22:24:35 -06:00
sinn3r
b1b2ec2c7d
Merge branch 'CVE-2008-5036_vlc_realtext' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-5036_vlc_realtext
2012-03-01 21:13:33 -06:00
sinn3r
8bad0033d3
Update description
2012-03-01 19:16:29 -06:00
sinn3r
0bc26c1665
Add CVE-2009-4656: DJ Studio .pls buffer overflow
2012-03-01 19:09:25 -06:00
sinn3r
d06848ba56
Default to token impersonation before migrating to a different process
2012-03-01 18:31:33 -06:00
sinn3r
687c50d0cd
Indent level fix
2012-03-01 16:14:29 -06:00
juan
f1a6d8f535
Added exploit module for CVE-2008-5036
2012-03-01 23:06:40 +01:00
sinn3r
5a5e5eab95
Add msvcrt ROP target for IE8
2012-03-01 15:23:41 -06:00
sinn3r
1bc99646e7
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-01 15:14:05 -06:00
Steve Tornio
2d802750e3
fix osvdb ref
2012-03-01 08:07:11 -06:00
Steve Tornio
256fee3626
add osvdb ref
2012-03-01 08:06:53 -06:00
sinn3r
a32bcc44f2
Merge branch 'post-apple-ios-backup-osx-fix' of https://github.com/gregory-m/metasploit-framework
2012-03-01 00:43:17 -06:00
sinn3r
e9df9d6c2c
Increase default depth
2012-02-29 16:24:18 -06:00
Tod Beardsley
4369f73c7a
Msftidy fixes on new modules
...
Dropped a cryptic year reference from jducks' java module, found a
spurious space in thelightcosine's telnet module.
2012-02-29 10:42:43 -06:00
sinn3r
74cdb5dabc
It's a two-space tab, not one space. OMG.
2012-02-29 10:13:29 -06:00
Gregory Man
eaf41769ed
Fixed gather/apple_ios_backup to work with OSX
...
Also moved it to post/multi/gather
2012-02-29 10:31:26 +02:00
sinn3r
278f394552
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-29 01:37:36 -06:00
sinn3r
6321ff7cb4
Change output message
2012-02-29 01:36:38 -06:00
sinn3r
bc8480715f
Add references to metadata. Do report_auth_info() when a credential is found. Plus other minor changes.
2012-02-29 01:32:21 -06:00
HD Moore
4c39cfd98a
Small tweak to the format of the type
2012-02-28 23:52:48 -06:00
sinn3r
4b1e67f94f
Add ROP target for Win2k3 SP1 and SP2
2012-03-04 17:18:34 -06:00
Steve Tornio
8f93a5abbb
add osvdb ref
2012-03-03 12:28:30 -06:00
sinn3r
fa916d863d
Add Sysax SSH buffer overflow exploit
2012-03-03 10:11:51 -06:00
Tod Beardsley
6c0f8636ec
Merge pull request #217 from rapid7/reverse-http-randomness
...
Reverse http randomness
2012-03-02 16:36:26 -08:00
HD Moore
b70b41091b
Tested fairly well - this randomizes the URLs and removes the user-agent string from the request
2012-03-02 17:44:23 -06:00
sinn3r
9258cda144
Change :info and file name so it's easier to identify it's a Firefox profile
2012-03-02 16:45:42 -06:00
Tod Beardsley
96e03d2556
Merge pull request #44 from linuxgeek247/armle-bind-shell
...
Adding armle bind shellcode based on existing reverse shellcode
2012-03-02 14:25:43 -08:00
James Lee
f3e0b46e5c
Post mods should use session_host when reporting
...
target_host probably never worked anyway
2012-02-28 18:40:17 -07:00
James Lee
624e19fd8b
Merge session-host-rework branch back to master
...
Squashed commit of the following:
commit 2f4e8df33c5b4baa8d6fd67b400778a3f93482aa
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:31:03 2012 -0700
Clean up some rdoc comments
This adds categories for the various interfaces that meterpreter and
shell sessions implement so they are grouped logically in the docs.
commit 9d31bc1b35845f7279148412f49bda56a39c9d9d
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 13:00:25 2012 -0700
Combine the docs into one output dir
There's really no need to separate the API sections into their own
directory. Combining them makes it much easier to read.
commit eadd7fc136a9e7e4d9652d55dfb86e6f318332e0
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:27:22 2012 -0700
Keep the order of iface attributes the same accross rubies
1.8 doesn't maintain insertion order for Hash keys like 1.9 does so we
end up with ~random order for the display with the previous technique.
Switch to an Array instead of a Hash so it's always the same.
commit 6f66dd40f39959711f9bacbda99717253a375d21
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:23:35 2012 -0700
Fix a few more compiler warnings
commit f39cb536a80c5000a5b9ca1fec5902300ae4b440
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 08:17:39 2012 -0700
Fix a type-safety warning
commit 1e52785f38146515409da3724f858b9603d19454
Author: James Lee <egypt@metasploit.com>
Date: Mon Feb 27 15:21:36 2012 -0700
LHOST should be OptAddress, not OptAddressRange
commit acef978aa4233c7bd0b00ef63646eb4da5457f67
Author: James Lee <egypt@metasploit.com>
Date: Sun Feb 26 17:45:59 2012 -0700
Fix a couple of warnings and a typo
commit 29d87f88790aa1b3e5db6df650ecfb3fb93c675b
Author: HD Moore <hdm@digitaloffense.net>
Date: Mon Feb 27 11:54:29 2012 -0600
Fix ctype vs content_type typo
commit 83b5400356c47dd1973e6be3aa343084dfd09c73
Author: Gregory Man <man.gregory@gmail.com>
Date: Sun Feb 26 15:38:33 2012 +0200
Fixed scripts/meterpreter/enum_firefox to work with firefox > 3.6.x
commit 49c2c80b347820d02348d694cc71f1b3028b4365
Author: Steve Tornio <swtornio@gmail.com>
Date: Sun Feb 26 07:13:13 2012 -0600
add osvdb ref
commit e18e1fe97b89c3a2b8c22bc6c18726853d2c2bee
Author: Matt Andreko <mandreko@gmail.com>
Date: Sat Feb 25 18:02:56 2012 -0500
Added aspx target to msfvenom. This in turn added it to msfencode as well.
Ref: https://github.com/rapid7/metasploit-framework/pull/188
Tested on winxp with IIS in .net 1.1 and 2.0 modes
commit e6aa5072112d79bbf8a4d2289cf8d301db3932f5
Author: Joshua J. Drake <github.jdrake@qoop.org>
Date: Sat Feb 25 13:00:48 2012 -0600
Fixes #6308 : Fall back to 127.0.0.1 when SocketError is raised from the resolver
commit b3371e8bfeea4d84f9d0cba100352b57d7e9e78b
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 17:07:42 2012 -0700
Simplify logic for whether an inner iface has the same address
commit 5417419f35a40d1c08ca11ca40744722692d3b0d
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:58:16 2012 -0700
Whitespace
commit 9036875c2918439ae23e11ee7b958e30ccc29545
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:53:45 2012 -0700
Set session info before worrying about address
get_interfaces can take a while on Linux, grab uid and hostname earlier
so we can give the user an idea of what they popped as soon as possible.
commit f34b51c6291031ab25b5bfb1ac6307a516ab0ee9
Author: James Lee <egypt@metasploit.com>
Date: Tue Feb 28 16:48:42 2012 -0700
Clean up rdoc
commit e61a0663454400ec66f59a80d18b0baff4cb8cd9
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:54:45 2012 -0600
Ensure the architecture is only the first word (not the full WOW64
message in some cases)
commit 4c701610976a92298c1182eecc9291a1b301e43b
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:49:17 2012 -0600
More paranoia code, just in case RHOST is set to whitespace
commit c5ff89fe3dc9061e0fa9f761e6530f6571989d28
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 04:47:01 2012 -0600
A few more small bug fixes to handle cases with an empty string target
host resulting in a bad address
commit 462d0188a1298f29ac83b10349aec6737efc5b19
Author: HD Moore <hd_moore@rapid7.com>
Date: Tue Feb 28 03:55:10 2012 -0600
Fix up the logic (reversed by accident)
commit 2b2b0adaec2448423dbd3ec54d90a5721965e2df
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 23:29:52 2012 -0600
Automatically parse system information and populate the db, identify and
report NAT when detected, show the real session_host in the sessions -l
listing
commit 547a4ab4c62dc3248f847dd5d305ad3b74157348
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:16:03 2012 -0600
Fix typo introduced
commit 27a7b7961e61894bdecd55310a8f45d0917c5a5c
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:11:38 2012 -0600
More session.session_host tweaks
commit e447302a1a9915795e89b5e29c89ff2ab9b6209b
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:08:20 2012 -0600
Additional tunnel_peer changes
commit 93369fcffaf8c6b00d992526b4083acfce036bb3
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:06:21 2012 -0600
Additional changes to session.session_host
commit c3552f66d158685909e2c8b51dfead7c240c4f40
Author: HD Moore <hd_moore@rapid7.com>
Date: Mon Feb 27 22:00:19 2012 -0600
Merge changes into the new branch
2012-02-28 18:29:39 -07:00
sinn3r
af4551d8dc
Merge branch 'auxiliary-scanner-mongodb' of https://github.com/gregory-m/metasploit-framework into gregory-m-auxiliary-scanner-mongodb
2012-02-28 19:07:21 -06:00
sinn3r
986807e525
Add CVE-2012-0201 IBM Personal Communications .ws buffer overflow
2012-02-28 19:01:54 -06:00
sinn3r
5560087006
Add OSVDB 79438 Asus Net4Switch ActiveX Buffer Overflow
2012-02-28 18:58:28 -06:00
James Lee
e69c8ca422
LHOST should be OptAddress, not OptAddressRange
2012-02-28 08:16:06 -07:00
Gregory Man
bf07a6a027
Added auxiliary/scanner/mongodb/mongodb_login module
...
MongoDB login utility + brute force attack
2012-02-28 16:06:30 +02:00
sinn3r
2f201cdf78
Merge pull request #198 from jduck/master
...
Fixes #6308
2012-02-26 11:52:47 -08:00
Joshua J. Drake
3ff5c91c24
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-26 09:53:04 -06:00
Steve Tornio
ef4cdb516d
add osvdb ref
2012-02-26 07:13:13 -06:00
HD Moore
139136e033
Fix a handful of typos in the regex/parsing code
2012-02-26 02:10:06 -06:00
Joshua J. Drake
65ed4bfa8b
Fixes #6308 : Fall back to 127.0.0.1 when SocketError is raised from the resolver
2012-02-25 13:00:48 -06:00
sinn3r
91a7a44f02
Merge branch 'gather-firefox_creds-osx-fix' of https://github.com/gregory-m/metasploit-framework into gregory-m-gather-firefox_creds-osx-fix
2012-02-24 16:03:42 -06:00
sinn3r
7281a0ebdd
Add CVE-2011-0923: HP Data Protector CMD_EXEC module (submitted by wireghoul)
2012-02-24 12:06:47 -06:00
Gregory Man
8a158c3a00
Added OSX support to post/multi/gather/firefox_creds
...
Tested on OSX 10.7.3 and FF 9.0.1
2012-02-24 16:44:42 +02:00
sinn3r
bc2e12f7b5
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-23 17:34:10 -06:00
sinn3r
339fb8d266
eh, I mean Win2k3 SP0 to SP1
2012-02-23 17:33:49 -06:00
David Maloney
cb9cc1a69e
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-23 17:22:55 -06:00
David Maloney
a6b10862bd
Adds a lantronix telnet discovery module
2012-02-23 17:22:32 -06:00
James Lee
9ddca81ab5
Fix test that always evals to false
...
Meterpreter does not respond_to? extension names, they're magic.
2012-02-23 14:52:48 -07:00
Joshua J. Drake
e262d7a7ff
Add CVE-2012-0500 Sun Java Web Start exploit
2012-02-23 13:30:45 -06:00
Steve Tornio
08fb03276f
add osvdb ref
2012-02-23 07:39:31 -06:00
sinn3r
144fa0dc0e
Comment what \x0b\x04 is for
2012-02-22 22:59:43 -06:00
sinn3r
92c801d936
Merge branch 'ssh-creds-fix' of https://github.com/gregory-m/metasploit-framework into gregory-m-ssh-creds-fix
2012-02-22 19:49:26 -06:00
sinn3r
291e083d65
Add CVE-2011-5001: TrendMicro Control Manager 5.5 CmdProcessor Stack Bof
2012-02-22 19:44:47 -06:00
sinn3r
4ee1f989a6
Merge branch 'CVE-2008-1602_orbit_download_failed_bof' of https://github.com/juanvazquez/metasploit-framework
2012-02-22 19:40:56 -06:00
HD Moore
8d212849dc
Fix typos that result in stack traces when matching the response codes
2012-02-22 16:04:24 -06:00
Gregory Man
ace28a8388
1.9 compatibility fix
...
Strings in ruby 1.9 doesn't have #each method
2012-02-22 18:01:17 +02:00
Gregory Man
66fa56cc49
Fixed post/multi/gather/ssh_creds to work with shell session
2012-02-22 15:16:11 +02:00
HD Moore
3fecda95be
Fix 1.8 compatibility issue
2012-02-22 02:05:44 -06:00
James Lee
5e6c40edfd
Remove unnecessary space restrictions.
...
This allows using the full range of PHP payloads
2012-02-21 23:21:07 -07:00
James Lee
464cf7f65f
Normalize service names
...
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes #6437 ]
2012-02-21 22:59:20 -07:00
James Lee
7ca573a1b4
Give these two old modules a chance to work by setting a proper arch
...
These must have been broken for quite some time. =/ They should
probably both be ARCH_PHP but I'm reluctant to make that big of a change
without having the target software to test.
2012-02-21 22:59:20 -07:00
HD Moore
4932a9ca25
Dont dump an HTML document to the console
2012-02-21 23:45:25 -06:00
David Maloney
d3fad51f3a
Fix my screwup in winscp for servicename
2012-02-21 20:31:52 -06:00
David Maloney
dcf3f3579d
Fix to the awful sname in this module
2012-02-21 20:28:27 -06:00
James Lee
02d6089893
Fix a stack trace when an unexpected response from the server
...
Caused by a typo
2012-02-21 18:57:27 -07:00
HD Moore
acb4446e45
Fix #6407 by treating redirects as successful authentication
2012-02-21 16:02:21 -06:00
juan
d6310829ea
Added module for CVE-2008-1602
2012-02-21 22:36:57 +01:00
Tod Beardsley
4a631e463c
Module title normalization
...
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/
The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
HD Moore
bce1c08623
Update modules/auxiliary/server/capture/http_javascript_keylogger.rb
2012-02-21 04:46:56 -06:00
HD Moore
7c1d48d6aa
Merge in MJC's javascript keylogger
2012-02-21 04:25:15 -06:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
HD Moore
ab92e38628
Small cosmetic change to module descriptions
2012-02-20 19:29:51 -06:00
HD Moore
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
sinn3r
bb55b4e54f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-20 14:22:23 -06:00
sinn3r
f09ce04b00
Show where store_loot() saves the info
2012-02-20 14:22:05 -06:00
James Lee
89e0842b1e
Add vim_soap to the mixins list.
...
Fixes an issue where a different module load order would result in one
of the vmware modules failing to load be cause vim_soap hadn't been
required yet. Thanks d0rm0us3 for having a weird system and spotting
stuff like this.
2012-02-20 13:17:45 -07:00
sinn3r
cda9166180
This module should show where store_loot() saves the results
2012-02-20 14:15:55 -06:00
sinn3r
779e3cdcda
Correct more post modules for naming style consistency
2012-02-20 13:49:23 -06:00
sinn3r
fd283dd95b
Correct naming style
2012-02-20 12:38:43 -06:00
sinn3r
3180d75168
Correct naming style
2012-02-20 12:38:31 -06:00
sinn3r
22e40d9da4
Change naming style for consistency
2012-02-20 12:35:53 -06:00
sinn3r
300558e009
Correct post module naming style
2012-02-20 12:34:35 -06:00
sinn3r
a8d56afda6
Use store_loot() to save data to local disk
2012-02-20 01:30:11 -06:00
Matt Buck
fccb338e29
Merge branch 'master' of github-r7:rapid7/metasploit-framework
2012-02-19 23:01:14 -06:00
Matt Buck
e0a75c1b2c
Merge branch 'release/4.2-stable'
...
Conflicts:
lib/msf/core/model/host.rb
2012-02-19 22:57:22 -06:00
sinn3r
ea698864bd
Add aux module to disclose IIS internal IP (Feature #6405 )
2012-02-19 22:44:30 -06:00
sinn3r
95fa97cbd7
This module should be using store_loot() to save downloaded data
2012-02-19 20:48:00 -06:00
sinn3r
6037a2fc7a
Correct type and name for store_loot
2012-02-19 20:20:44 -06:00
HD Moore
f92ddb2475
Revert "Cleanup to the module output for vmware_http_login.rb"
...
This reverts commit 08d91aebdb
.
2012-02-19 18:55:49 -06:00
HD Moore
a25475fac0
Revert "Add a new vmauthd_version scanner (also pulls in the SSL cert if"
...
This reverts commit c4ea27d32b
.
2012-02-19 18:53:03 -06:00
HD Moore
d761265b93
Revert "Cosmetic cleanup to the module output for vmauthd_login"
...
This reverts commit 87e7bf4934
.
2012-02-19 18:52:39 -06:00
HD Moore
648686002b
Cosmetic cleanup of the vmware_http_login module
2012-02-19 18:51:16 -06:00
HD Moore
2521bd7b59
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:34:35 -06:00
HD Moore
00d2497a42
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:32:36 -06:00
HD Moore
c4ea27d32b
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:28:06 -06:00
HD Moore
87e7bf4934
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:16:54 -06:00
HD Moore
08d91aebdb
Cleanup to the module output for vmware_http_login.rb
2012-02-19 18:16:05 -06:00
sinn3r
825ea01f79
Correct report_web_vuln
2012-02-19 16:37:42 -06:00
sinn3r
199e9c518b
Add Generic HTTP Directory Traversal Utility (Feature #6338 )
2012-02-19 00:30:18 -06:00
David Maloney
6ced540e0b
Merge branch 'vmware-api' into vmware-stable
2012-02-18 18:38:20 -06:00
David Maloney
36dc0fee50
Better dynamic soap generation for all the vmware stuff
2012-02-18 18:29:46 -06:00
sinn3r
ef2c261ce9
Change print() to print_line()
2012-02-18 00:22:02 -06:00
sinn3r
1f34c1ffd2
Correct print() and sleep() to print_line and select()
2012-02-18 00:20:52 -06:00
sinn3r
ebd5438984
Add POST to method
2012-02-17 22:36:33 -06:00
sinn3r
bb5e4a1600
Modules don't need to register VERBOSE, because it's already there
2012-02-17 21:07:44 -06:00
sinn3r
dc4bade78c
Use OptEnum to validate delivery method
2012-02-17 21:03:05 -06:00
sinn3r
79ce43e3fe
This condition should never trigger, because OptEnum should automatically take care of it
2012-02-17 19:16:07 -06:00
sinn3r
e23f17cac2
Again, validate using OptEnum
2012-02-17 19:14:38 -06:00
sinn3r
d58b8c7b69
Use OptEnum to validate enumeration method
2012-02-17 19:12:47 -06:00
sinn3r
3390bdf312
Validate METHOD with OptEnum
2012-02-17 18:54:53 -06:00
sinn3r
974aea3521
Validate 'METHOD' using OptEnum
2012-02-17 18:46:56 -06:00
sinn3r
36bc31d677
Damn, the indent level is nuts in this thing
2012-02-17 18:43:47 -06:00
sinn3r
ec58b4669e
This module only handles GET, so that's the only option we'll allow
2012-02-17 18:20:16 -06:00
sinn3r
9e17b09632
This module is only meant to handle GET and PUT, so let's be strict on that
2012-02-17 18:17:28 -06:00
sinn3r
7ae58bfd9d
Make sure the HTTP method is always upper-case to make Apache happy
2012-02-17 18:15:23 -06:00
David Maloney
ddb43774c9
Some metadata fixes
2012-02-17 12:21:38 -06:00
sinn3r
ae57a8d9fd
Make sure the HTTP method is always uppercase so we don't get a 501
2012-02-17 03:34:39 -06:00
sinn3r
afe6bce1c6
More documentation on the file format
2012-02-16 21:58:12 -06:00
sinn3r
2a97e61457
Merge branch 'droplnk' of https://github.com/NoVAHA/metasploit-framework into NoVAHA-droplnk
2012-02-16 21:20:58 -06:00
sinn3r
5bb9afe789
Correct disclosure date format
2012-02-16 18:15:51 -06:00
Rob Fuller
c38ad92ade
Post module to upload shortcut (LNK) files with UNC path ICONs for post exploitation
2012-02-16 18:34:19 +00:00
Joshua J. Drake
01a6b02c3e
Add exploit for CVE-2012-0209, thx eromang!
2012-02-16 03:10:55 -06:00
Joshua J. Drake
d2444e1cf6
fix a few typos
2012-02-16 03:10:22 -06:00
David Maloney
a0dac593bc
Merge branch 'vmware-api' of github.com:rapid7/metasploit-framework into vmware-api
2012-02-16 02:22:31 -06:00
David Maloney
e9b2e060d6
Permissions scanner for vmware
...
Fixed the way loot was getting stored to set a propper type
2012-02-16 02:19:33 -06:00
David Maloney
8d7ddab2af
Some minor bug fixes
...
Added vm_tag module for 'flag planting'
2012-02-16 00:45:48 -06:00
David Maloney
c5ae56a147
Adding User Enumeration Scanner for vmware
2012-02-15 22:55:11 -06:00
Tod Beardsley
95f54413d8
Create a stable branch of vmware-api
...
Just to pick up the soap library and the esx_fingerprint stuff.
2012-02-15 21:25:56 -06:00
Tod Beardsley
bf9ed96155
Fixes up esx_fingerprint and the host model to ID vmware correctly
...
Uses the proper host.normalize_os methods to fix up the normalization of
ESX servers.
2012-02-15 20:31:51 -06:00
David Maloney
a2778ea297
minor fixes to multi-session terminate
2012-02-15 16:50:12 -06:00
David Maloney
082b4acca8
Changed terminate session module to handle multiple sessions per run
2012-02-15 16:47:02 -06:00
David Maloney
c9cf47bd4c
Add Terminate Session module and some extra goodness to enum sessions
2012-02-15 16:39:13 -06:00
juan
e69037959f
Added CVE-2010-0842
2012-02-15 23:32:31 +01:00
David Maloney
67ba39cc3e
Adds a scanner to pull active login sessions off servers
2012-02-15 02:27:25 -06:00
David Maloney
e0f11992af
Gah screwed up that commit, accidentally chunked out the rescues.
2012-02-15 02:12:06 -06:00
David Maloney
6b539036c9
Fix fingerprinting in the vmware_http_login module
2012-02-15 01:54:34 -06:00
David Maloney
e67e9ab34f
Adds a power off vm aux module
2012-02-14 20:52:45 -06:00
David Maloney
a256a6fb0b
Adds a power on vm module
2012-02-14 20:44:11 -06:00
Tod Beardsley
ab65a1ad8c
Name caps and readability for new post modules
2012-02-14 16:23:12 -06:00
David Maloney
bbca09458f
Workaround for report_host/service issue
...
See #6370
2012-02-14 11:19:38 -06:00
David Maloney
03884ddb46
Fix to title from copy pasted init section.
2012-02-14 10:36:15 -06:00
Tod Beardsley
ad0594ee5f
Cleanup and add debug for fingerprint_vmware
2012-02-13 19:07:26 -06:00
Tod Beardsley
8c1581567c
Cleanup on the vmware fingerprinting.
...
Add in some new OS constants and seperate out the fingerprinting
function from the connection function in order to avoid having errors
swallowed by a rescue.
2012-02-13 16:40:44 -06:00
Tod Beardsley
727cde00c6
Taking David's version of vmware_http_login over mine
2012-02-13 14:54:47 -06:00
sinn3r
d036da627a
Clear lots of whitespace
2012-02-13 14:13:43 -06:00
David Maloney
31f001ed54
Improved vmware enumerate vm modules
...
now with screenshots!
2012-02-13 12:07:28 -06:00
David Maloney
8c305e1a28
VMWare Web service finerprinting and OS detection.
...
VMWare Screenshot stealer
Improvemenets to the mixin
fix to check method for the login scanner
2012-02-13 12:05:32 -06:00
sinn3r
a758462a32
Remove some whitespace
2012-02-13 11:01:26 -06:00
sinn3r
7129ec8e3a
Change indent level for the metadata
2012-02-12 17:33:03 -06:00
sinn3r
e9ceed1236
Merge branch 'fetchmailrc_creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-fetchmailrc_creds
2012-02-12 17:30:30 -06:00
Jon Hart
49bf9435c2
Post module to loot creds from .fetchmailrc
2012-02-12 11:24:21 -08:00
bperry-r7
abb1548d9a
Fix extraneous print_status
2012-02-11 20:09:43 -06:00
David Maloney
676a0c53a0
Working Screenshot capability!
2012-02-11 03:51:18 -06:00
Tod Beardsley
829040d527
A bunch of msftidy fixes, no functional changes.
2012-02-10 19:44:03 -06:00
Steve Tornio
daca3e93a5
add osvdb ref
2012-02-10 07:05:42 -06:00
Steve Tornio
782fcb040d
add osvdb ref
2012-02-10 07:05:26 -06:00
Steve Tornio
1a240648fa
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-10 06:51:02 -06:00
sinn3r
fe69a27bf1
Fix indent level and type
2012-02-10 03:22:51 -06:00
sinn3r
4b47a9e66f
Be gone, whitespace.
2012-02-10 03:16:37 -06:00
sinn3r
52e7743b41
Merge branch 'ipv6_logging' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-ipv6_logging
2012-02-10 03:13:18 -06:00
sinn3r
85e644ed4c
Merge branch 'railgun_defs' of https://github.com/NoVAHA/metasploit-framework into NoVAHA-railgun_defs
2012-02-10 01:17:07 -06:00
sinn3r
5ea20a332b
Clearly I had the wrong disclosure date. This one is based on Adobe's security bulletin.
2012-02-10 00:13:39 -06:00
sinn3r
e5ea2961f5
Add CVE-2011-2140 Adobe Flash SequenceParameterSetNALUnit (mp4) bof
2012-02-10 00:10:28 -06:00
sinn3r
2bd330da33
Add ZDI-12-009 Citrix Provisioning Services 5.6 streamprocess buffer overflow exploit
2012-02-10 00:06:48 -06:00
Rob Fuller
1f1e67cb16
Moved railgun function definitions into central storage and out of individual modules where possible
2012-02-09 04:56:13 +00:00
Steve Tornio
adafe6f722
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-08 13:32:51 -06:00
HD Moore
29b99aa7b4
Fix up titles/add boundary check for reporting external host
2012-02-08 12:23:46 -06:00
m-1-k-3
705c436ede
added more multicast addresses from wikipedia
2012-02-07 11:45:20 +01:00
David Maloney
e8aa624a16
Added todb's validator over to this working branch
2012-02-06 10:15:05 -06:00
Tod Beardsley
8ad9beef75
Removing javascript_keylogger from master.
2012-02-06 09:37:16 -06:00
m-1-k-3
91820ad1c3
logging to notes
2012-02-06 08:56:35 +01:00
RageLtMan
858401463d
add exec timeout
2012-02-05 14:52:38 -05:00
RageLtMan
53ec982385
download_exec_fix
2012-02-05 14:35:44 -05:00
Steve Tornio
1b7fffbf8a
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-05 07:30:08 -06:00
sinn3r
b2ae8a24dc
Fix go cow art (tabs are bad to align chars)
2012-02-05 02:20:31 -06:00
sinn3r
0dd3ad0efb
Remove naughty trailing commas
2012-02-05 02:03:49 -06:00
sinn3r
26f89f65bd
Fix the bug that causes store_loot() to run twice. Also, other minor format changes.
2012-02-05 02:00:03 -06:00
sinn3r
c2d1f64472
Merge branch 'master' of https://github.com/threatagent/metasploit-framework
2012-02-05 01:44:53 -06:00
sinn3r
db1e400dff
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-05 01:27:21 -06:00
HD Moore
e4faa33517
Fix a typo introduce in the usb dumper
2012-02-04 00:03:20 -06:00
HD Moore
0737ccb8e2
Remove nulls from the unicode drive name
2012-02-04 00:03:03 -06:00
David Maloney
df401f4c94
more fixes to backend stuff, plus updated vmware http login module to use
...
the correct mixin method now.
2012-02-03 15:44:41 -06:00
Tod Beardsley
af506240cf
http_fingerprint reports service info
...
Service info once again is reported when http_fingerprint is run against
a target, along with http status codes.
2012-02-03 12:15:11 -06:00
Patroklos Argyroudis
ed34fd70fd
Modified (and tested) to work on Lion 10.7.2 and 10.7.3
2012-02-03 12:39:22 +02:00
Tod Beardsley
786d75493c
Fix up VMWware webscan to not false positive
...
Checks to see if a target is actually vmware based on the provided
cookie, using the http_fingerprint() function from HttpClient.
[Fixes #6340 ]
2012-02-02 22:19:57 -06:00
Marcus J. Carey
c06b0f7e72
cleaning up an editor glitch.
2012-02-02 17:59:51 -06:00
sinn3r
bd407d2e01
Merge branch 'master' of https://github.com/threatagent/metasploit-framework
2012-02-02 16:53:23 -06:00
Marcus J. Carey
1a278c55b5
a bit more cleanup
2012-02-02 16:19:21 -06:00
Marcus J. Carey
45b58bea06
got rid of bmp generation
2012-02-02 16:07:27 -06:00
Marcus J. Carey
e96eceb145
Editing Javascript keylogger
2012-02-02 15:01:22 -06:00
Marcus J. Carey
7b3262958d
Merge branch 'master' of github.com:threatagent/metasploit-framework
...
Conflicts:
modules/auxiliary/server/capture/javascript_keylogger.rb
2012-02-02 14:58:23 -06:00
Marcus J. Carey
59a44f75ec
Updated Javascript Keylogger
2012-02-02 14:42:13 -06:00
Steve Tornio
d90fe9b9b7
add osvdb ref
2012-02-02 13:43:03 -06:00
sinn3r
aa44eb955e
Correct author e-mail format
2012-02-02 11:27:43 -06:00
sinn3r
1676bd3c4f
Add MSF License header. Use print once to print the whole table instead of running print multiple times. Show where the results are save.
2012-02-02 11:13:08 -06:00
Marcus J. Carey
f45528ec68
Update modules/auxiliary/server/capture/javascript_keylogger.rb
2012-02-02 10:33:33 -06:00
Marcus J. Carey
3bfb8b3c9d
Adding Javascript Keylogger
2012-02-02 10:30:55 -06:00
sinn3r
d230eeedc0
Merge branch 'mount.smbfs-creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-mount.smbfs-creds
2012-02-02 10:21:21 -06:00
Marcus J. Carey
e70f9151e5
Merge remote-tracking branch 'upstream/master'
2012-02-02 07:13:03 -06:00
sinn3r
6b29af5c23
Add user-agent check. Auto-migrate.
2012-02-02 03:11:10 -06:00
sinn3r
6be65acfe2
Merge branch 'CVE-2008-2551_c6_DownloaderActiveX' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-2551_c6_DownloaderActiveX
2012-02-02 02:54:02 -06:00
sinn3r
de675c349a
Upgrade exploit rank, because it fits the description
2012-02-02 02:49:06 -06:00
sinn3r
28b4f4b60d
Add Sunway ForceControl NetDBServer.exe Buffer Overflow (Feature #6331 )
2012-02-02 02:43:32 -06:00
juan
82eacbe2fd
Added module for CVE-2008-2551
2012-02-01 23:26:28 +01:00
David Maloney
36e37e04fb
Fixes to post module cred reporting.
...
call to session.db_record.id would error if no db
was connected.
Fixes #6325
2012-02-01 12:26:35 -06:00
David Maloney
3f48e626a2
Adding a bunch of new VIM API auxiliary stuff
...
Work in progress.
2012-02-01 12:05:20 -06:00
Tod Beardsley
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
Jon Hart
4aa52203da
Renamed, switched partially to store_loot
2012-02-01 08:50:50 -08:00