940d045029
Correctly report rport
2015-06-15 03:23:39 -05:00
308b1a3d7f
Don't deregister username & password
2015-06-15 03:21:09 -05:00
ebce415957
Land #5507 , Update nessus_xmlrpc_logic to use the new creds API
2015-06-15 02:59:01 -05:00
c20cf15104
Msut have last_attempted_at key
2015-06-15 02:58:31 -05:00
17b8ddc68a
Land #5524 , adobe_flash_pixel_bender_bof in flash renderer
2015-06-15 02:42:16 -05:00
c7cda25582
Empty lines removed at line 624 and line 721.
...
Empty lines removed at line 624 and line 721.
2015-06-13 14:54:10 +01:00
7f0e334d78
Added Windows 2003 SP1 & SP2 French targets
...
msf exploit(ms08_067_netap) > show targets
Exploit targets:
Id Name
-- ----
0 Automatic Targeting
1 Windows 2000 Universal
2 Windows XP SP0/SP1 Universal
3 Windows 2003 SP0 Universal
4 Windows XP SP2 English (AlwaysOn NX)
[...]
62 Windows 2003 SP1 French (NX)
63 Windows 2003 SP2 English (NO NX)
[...]
71 Windows 2003 SP2 French (NO NX)
72 Windows 2003 SP2 French (NX)
2015-06-13 13:30:02 +01:00
6dcc9b7dab
More inconsistencies
2015-06-12 21:59:15 +01:00
e628d71261
Land #5397 , @espreto's module for WordPress Simple Backup File Read Vulnerability
2015-06-12 15:32:06 -05:00
184c20cd46
Do minor cleanup
2015-06-12 15:31:42 -05:00
a53ca53a6a
Fix inconstancy - multi/handler
2015-06-12 21:23:51 +01:00
f279c6ca3f
Land #5252 , @espreto's module for WordPress Front-end Editor File Upload Vuln
2015-06-12 15:11:10 -05:00
89d03a1472
Symbol to String
2015-06-12 15:02:36 -05:00
20170bd630
Report as hash
2015-06-12 13:55:32 -05:00
8f4a44ac97
Land #5474 , @wchen-r7 Updates pptpd_chap_secrets to use the new cred API
2015-06-12 11:41:59 -05:00
8ed13b1d1b
Add linux support for CVE-2014-0515
2015-06-11 16:18:50 -05:00
ae21b0c260
Land #5523 , adobe_flash_domain_memory_uaf in the flash renderer
2015-06-10 16:59:19 -05:00
4c5b1fbcef
Land #5522 , adobe_flash_worker_byte_array_uaf in the flash renderer
2015-06-10 14:49:41 -05:00
6c7ee10520
Update to use the new flash Exploiter
2015-06-10 13:52:43 -05:00
8dad739c76
Land #5508 , Get Ready to Move VMware modules to the VMware directory
2015-06-10 11:59:40 -05:00
d622c782ef
Land #5519 , adobe_flash_uncompress_zlib_uninitialized in the flash renderer
2015-06-10 11:52:47 -05:00
667db8bc30
Land #5517 , adobe_flash_casi32_int_overflow (exec from the flash renderer)
2015-06-10 11:39:13 -05:00
b23647d5ae
Land #5521 , @todb-r7's module cleanup
2015-06-10 11:29:41 -05:00
dc2fec76a9
Land #5509 , remove msfencode and msfpayload
...
Fixes #4326
Thanks @wchen-r7!
2015-06-10 11:15:35 -05:00
0d979f61ae
Minor fixups on newish modules
2015-06-10 11:09:42 -05:00
fb531d0069
Update version coverage
2015-06-10 09:38:00 -05:00
a6fe383852
Use AS Exploiter
2015-06-10 09:32:52 -05:00
7cb82f594b
Add ftp port for service
2015-06-10 14:24:05 +05:00
3ffe006e09
Update titan_ftp_admin_pwd to use the new creds API
2015-06-10 13:36:26 +05:00
3fe6ddd10a
Change credential status from untried to successful
2015-06-10 10:09:57 +05:00
78a6e1bc90
Change credential status from untried to successful
2015-06-10 10:07:33 +05:00
1b3f911f84
Change credential status from untried to successful
2015-06-10 09:54:10 +05:00
e5d6c9a3cb
Make last code cleanup
2015-06-09 16:01:57 -05:00
cf8c6b510b
Debug version working
2015-06-09 15:46:21 -05:00
9fa423464c
Fix #5224 , comma fixes
...
My fault for missing these.
2015-06-09 14:28:01 -05:00
8a69704d3e
Fix up commas
2015-06-09 14:27:35 -05:00
d31a59cd22
Fix #5224 , altered option description
2015-06-09 14:15:58 -05:00
cc8650f98a
Fix TMPPATH description
2015-06-09 14:15:18 -05:00
9c97da3b7c
Land #5224 , ProFTPD mod_copy exploit
2015-06-09 14:11:27 -05:00
5ab882a8d4
Clean up module
2015-06-09 14:10:46 -05:00
b7f0fad72f
Modify CVE-2014-0569 to use the flash exploitation code
2015-06-09 11:31:39 -05:00
49e4820c57
Add depcrecated note to the existing modules
2015-06-09 10:42:53 +05:00
bb56f6043e
explicitly use windows\temp
...
instead of using the user temp directory
trying to get around some intermittant permissions
issues
MSP-12358
2015-06-08 13:17:18 -05:00
2a474c8375
Merge branch 'master' into feature/MSP-12358/ntds-dump-module
2015-06-08 11:42:03 -05:00
5a6a16c4ec
Resolve #4326 , remove msfpayload & msfencode. Use msfvenom instead!
...
msfpayload and msfencode are no longer in metasploit. Please use
msfvenom instead.
Resolves #4326
2015-06-08 11:30:04 -05:00
3279518bbd
Move VMware modules to the VMware directory
2015-06-08 14:58:22 +05:00
245c76374d
Update nessus_xmlrpc_logic to use the new creds API
2015-06-08 14:40:15 +05:00
a39539f8ef
Land #5457 , @wchen-r7 updates spark_im to use the new cred API
2015-06-07 20:45:42 -05:00
25aa96cfc1
Land #5456 , removes obsolete comment
2015-06-07 14:25:23 -05:00
1f11cd5470
Lands #5446 , support for 64-bit native powershell payloads
2015-06-07 14:16:19 -05:00
c80017992a
A dirty patch for a number of Net::DNS/dns_enum issues
2015-06-06 13:48:52 -05:00
dca2607d54
Land #5452 , @wchen-r7 Update tortoisesvn to use the new cred API
2015-06-06 01:35:40 -05:00
bf35b9bdf4
Minor fix
2015-06-06 01:35:09 -05:00
135958a225
Cleanup the udp_(sweep|probe) SNMP generators
2015-06-06 00:54:08 -05:00
6b05302059
Fixes #5459 , refactors LoginScanner::SNMP
2015-06-06 00:50:55 -05:00
c3437dab2a
Land #5451 , @wchen-r7 Update filezilla_client_cred to use the new cred API
2015-06-05 16:39:31 -05:00
57b7d10ec5
Land #5449 , @wchen-r7 updates total_commander to use the new cred API
2015-06-05 16:28:32 -05:00
318f67fcda
update descriptions
2015-06-05 09:01:20 -05:00
3ec6d9b7aa
Update owa_login to use new cred API
2015-06-05 15:41:07 +05:00
b6936febbe
Update pcanywhere_login to use the new cred API
2015-06-05 12:16:00 +05:00
71a8487091
Correct Flash version in the module description
...
There is no 11.2.202.404, mang.
2015-06-04 23:46:41 -05:00
02181addc5
Update CVE-2014-0556
2015-06-04 18:23:50 -05:00
874e090aa1
Update wordpress_login_enum to use the new cred API
2015-06-04 18:16:14 -05:00
d4f418fe3f
Style corrections
...
See #5480
2015-06-04 15:52:07 -05:00
23df66bf3a
Land #5481 , no powershell. exec shellcode from the renderer process.
2015-06-04 15:45:09 -05:00
487cc15b0b
Land #5476 , multi-platform update for adobe_flash_net_connection_confusion
2015-06-04 12:32:42 -05:00
ab68d8429b
Add more targets
2015-06-04 12:11:53 -05:00
744baf2d44
Update kloxo_sqli to use the new cred API
2015-06-03 23:28:35 -05:00
80cb70cacf
Add support for Windows 8.1/Firefox
2015-06-03 22:46:04 -05:00
78e4677bb1
Oops it blew up
2015-06-03 20:10:01 -05:00
a0aa6135c5
Update ca_arcserve_rpc_authbypass to use the new cred API
2015-06-03 20:02:07 -05:00
d3c3741478
Use run_host so that we can use THREADS
...
- The refactor left the module using run_batch even though the
features of the code that made this desirable were removed (i.e.,
it was no longer doing one batch per community string). By now
switching back to run_host, we can again take advantage of the
built-in metasploit multithreading capabilities.
- Also, added back in the display of the result.proof field. This
aids in identifying false positives (which have a blank response)
and is functionality worth keeping.
2015-06-03 18:08:38 -04:00
74117a7a52
Allow to execute payload from the flash renderer
2015-06-03 16:33:41 -05:00
39d38f1641
Update pptpd_chap_secrets to use the new cred API
2015-06-03 16:33:10 -05:00
656f64d9bd
Update razorsql to use the new cred API
2015-06-03 13:49:06 -05:00
b305fa62f4
Changed vprint_error when nothing was downloaded.
2015-06-03 14:46:59 -03:00
24ec3b2fb5
Changed vprint_error to fail_with method.
2015-06-03 13:46:59 -03:00
a6467f49ec
Update description
2015-06-03 22:17:25 +10:00
455a3b6b9d
Add butchered version of CVE-2015-1701
2015-06-03 21:48:23 +10:00
b038760be7
Update razer_synapse to use the new cred API
2015-06-03 01:44:20 -05:00
ef0d6490da
Update smartermail to use the new cred API
2015-06-03 00:48:52 -05:00
c64f025c4e
Add module_fullname: fullname
2015-06-02 12:35:06 -05:00
e43163135b
Add module_fullname: fullname,
2015-06-02 12:33:34 -05:00
dddbf3886b
Updated payload spec to be in the correct order and updated payload cached size
2015-06-02 18:33:06 +01:00
63708f2bba
Add module_fullname: fullname
2015-06-02 12:27:35 -05:00
28556ea6e2
Update spark_im to use the new cred API
2015-06-02 12:16:07 -05:00
aac2db826f
Remove comment about report_auth_info
...
This module isn't using report_auth_info, so this comment is no
longer needed.
2015-06-02 10:24:55 -05:00
ac2a52b522
fix android/java reverse_tcp
2015-06-02 10:54:49 +01:00
7485cf776e
Remove unnecessary spaces
2015-06-02 14:18:36 +05:00
b4cfe93977
Add creds API
2015-06-02 14:16:16 +05:00
1ae9265fb9
Update tortoisesvn to use the new cred API
2015-06-02 00:52:43 -05:00
b98cc89f0c
Update filezilla_client_cred to use the new cred API
2015-06-02 00:22:17 -05:00
c721cb6f4e
Land #5448 , fix author name typo
2015-06-02 05:08:48 +01:00
c3e15059a7
Update total_commander to use the new cred API
2015-06-01 21:17:58 -05:00
d03ee5667b
Remove assigned but unused local vars
2015-06-01 16:45:36 -05:00
7133f0a68e
Fix typo in author's name
2015-06-01 16:45:09 -05:00
449ce32f07
update for new UUID namespace
2015-06-01 15:16:04 -05:00
9d1a7cead4
New modules to support 64bit process powershell.
2015-06-01 16:11:23 +01:00
64e86165ef
remove android meterpreter bins, update to payloads 1.0.2
...
This switches us to using the Android payload files from the
metasploit-payloads gem
2015-06-01 09:14:31 -05:00
70ef1b83f9
Merge branch 'master' into land-5366-android
2015-06-01 09:07:55 -05:00
7a9e875a25
use uuid aware generate_uri_uuid_mode
2015-05-22 05:21:08 +01:00
b4a6cdbad0
Remove new line in vprint_line.
2015-05-21 12:33:09 -03:00
0135b3639f
Add WordPress Simple Backup File Read Vulnerability.
2015-05-21 12:23:24 -03:00
bdf30dd383
Land #5374 , --smallest option in msfvenom
2015-05-20 21:06:10 -05:00
a4df3468de
unique: should be update:, include uri in data hash
2015-05-20 16:20:09 -05:00
c85b82e8a7
Merge branch 'master' into land-5358-notes
2015-05-20 16:02:59 -05:00
23c77adc68
Land #5377 , Update cred reporting method for http_ntlm
2015-05-20 11:57:42 -05:00
96a30118e2
add https cert validation
2015-05-20 07:27:59 +01:00
c1b8cee315
Land #5369 , @dmaloney-r7's snmp_login fixes
2015-05-19 10:39:03 -05:00
ebd20fbedd
fix http
2015-05-19 16:25:46 +01:00
e7c8a3b56c
add support for SessionRetryTotal and SessionRetryWait on Android
2015-05-19 16:16:04 +01:00
55c07b1bdd
Report credentials with create_credential_login
2015-05-19 00:14:55 -05:00
448736989d
Merge branch 'master' into feature/msfvenom-smallest
2015-05-18 18:41:44 -05:00
5d085a3e13
Land #5351 , use 32-bit registry view when detecting epo_sql
2015-05-18 15:48:14 -05:00
79db696c15
fix EOL character
2015-05-18 15:46:55 -05:00
093ca31c7d
The InvalidPayloadSizeException wasn't actually defined anywhere
2015-05-18 15:36:15 -05:00
b0a8c77127
Switch RuntimeError -> EncodingError
2015-05-18 15:33:01 -05:00
7989a29203
Switch to the stock EncodingError exception
2015-05-18 15:27:31 -05:00
5c31586c68
Switch to the correct exception class
2015-05-18 15:25:26 -05:00
69a7a89936
use the correct print_error message
...
vrpint_error feeds through the old authbrute mixin
which does not behave properly anymore. use
print_error instead
5266
2015-05-18 13:51:23 -05:00
09d735e855
remove proof from failure message
...
the snmp login scanner will only have
proof on success, not on failure. remove it from
the failure message for cleaner formatting
5266
2015-05-18 13:45:01 -05:00
e1eed6e9d9
single quotes and slashes..
2015-05-18 16:33:57 +02:00
7d65095472
fix quotes
2015-05-18 12:20:42 +02:00
30f7c651c9
use REGISTRY_VIEW_32_BIT
2015-05-18 10:19:32 +02:00
d804f5fe49
update to metasploit-payloads 0.0.7
2015-05-17 10:06:38 -05:00
79b9ef008a
Bugfix
2015-05-17 13:55:56 +01:00
829f8420e2
Update static payload sizes for metasploit-payloads-0.0.6
2015-05-15 18:43:47 -05:00
fd1a24d6f9
some more minor cleanup noise
...
apparently we standardized on using get_env
instead of expand_path in these cases. Not sure
on the effective difference here but no big deal
MSP-12358
2015-05-15 13:33:48 -05:00
dd5060e08c
Land #5340 , @wchen-r7's change to the symantec_web_gateway_login writing style
2015-05-15 13:18:35 -05:00
cf5fa6752e
Use parenthesis
2015-05-15 13:17:54 -05:00
d05cae5faf
Land #5329 , @wchen-r7's add configurable options to jenkins_login
2015-05-15 11:38:21 -05:00
631dfc0a0e
increase timeout on ntdsutil
...
default timeout is 15 seconds. we'll give it 90
seconds for now. This may still be too short for
really really large domains, but too long of a timeout
can create other issues
MSP-12358
2015-05-15 11:19:35 -05:00
a3d91dff0b
clean up ntds.dit file when done
...
delete the ntds.dit file we copied when
we are done
MSP-12358
2015-05-15 11:13:19 -05:00
2882374582
Land #5276 , @lanjelot fixes #4243 and improves java_jdwp_debugger
2015-05-15 11:12:10 -05:00
a46975f1f0
Fix read_reply to use get_once correctly
2015-05-15 11:11:25 -05:00
ac04b8d1e7
a little bit of cleanup
...
constantise some of the magic numbers in
the NTDS Account class
MSP-12358
2015-05-15 10:47:31 -05:00
2721be946a
also check Wow6432Node keys
2015-05-15 14:28:12 +02:00
724b7c6f16
save the ntlm hases as creds
...
the last step is now complete. the current and historical
hashes are all saved to the database for cracking and/or
replay
MSP-12358
2015-05-14 13:52:11 -05:00
24a989b8a3
Land #5249 , Add Module for Enum on InfluxDB database
2015-05-14 11:22:54 -05:00
005c36b2a6
If data is empty, don't save (or even continue)
2015-05-14 11:22:10 -05:00
452fc6b149
Merge branch 'feature/MSP-12357/meterp-ntds' into feature/MSP-12358/ntds-dump-module
2015-05-14 10:31:28 -05:00
83fbd41970
Merge branch 'upstream/master' into multi-transport-support
...
Conflicts:
Gemfile.lock
modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb
2015-05-14 14:50:25 +10:00
5f3947312d
Lands #5327 , SSL support + refactor for PowerShell
2015-05-13 23:25:15 -05:00
0e666d5732
gaurd against arch mismatch
...
this will not work from an x86 proc
on an x64 machine, so guard against that.
MSP-12358
2015-05-13 15:28:11 -05:00
9308da7956
2003 code path working
...
using VSS directly on server 2003 and repairing
the database with esentutl is now working
MSP-12358
2015-05-13 12:25:44 -05:00
36aa136091
missing require
2015-05-13 17:36:45 +01:00
1f294eac0b
Updated to remove dup code
2015-05-13 17:26:21 +01:00
e9e3d9c1e4
Update payloads gem, and updated payload sizes
2015-05-13 15:37:09 +10:00
ac0e4e747a
Change writing style of symantec_web_gateway_login
2015-05-13 00:23:37 -05:00
7148e45bfc
Fix incorrect reference to data path for linux meterpreter stage
2015-05-13 14:21:22 +10:00
202c5e0121
Land #5333 , HTML Title Grabber
2015-05-12 11:19:06 -05:00
faec5844cb
Some fixes
2015-05-12 11:18:21 -05:00
a5267ab77e
Land #4940 , @dnkolegov's modules for F5 BIG-IP devices
2015-05-12 09:59:21 -05:00
f0048b9a6d
Apparently you don't quote the keys with the new syntax
2015-05-12 11:00:18 +01:00
7c81adbd89
MSFTidy is now quiet and happy
2015-05-12 10:47:49 +01:00
1f6bd3e2be
Updated to new ruby hash syntax and removed <> from title
2015-05-12 10:43:32 +01:00
237827bfdc
Fix up payload cached sizes again
...
This time it's against the currently "installed" version of Meterpeter
binaries. When Meterpreter is landed down the track we'll need to make
sure that the payload sizes are updated again.
2015-05-12 12:44:34 +10:00
836feaa2d8
Fix uuid setting, fix reverse_https x64 payload
...
The payload changes in this PR will be fixed up/removed in the
update-x64-stagers PR.
2015-05-12 10:24:11 +10:00
0fb21af247
Verify deletion at on_new_session moment
2015-05-11 18:56:18 -05:00
69d2b8ffb1
Various code format, style changes, file moves
...
As per Egypt's suggestions.
2015-05-12 09:43:41 +10:00
a40af79ed9
Delete dummy test case
2015-05-11 17:15:13 -05:00
fe51f552b8
Make stageless, and reverse_tcp x64 non-dynamic
2015-05-12 07:37:12 +10:00
518e28674e
Removed CGI dependency (@hmoore-r7, @wchen-r7)
2015-05-11 21:10:18 +01:00
3cba27e461
Add test case
2015-05-11 15:03:05 -05:00
21004046c1
begin parsing of the database
...
clean up and begin aprsing the database
after we have copied it
MSP-12358
2015-05-11 14:48:12 -05:00
78e310562b
Readability style change
2015-05-11 19:48:12 +01:00
8e3d803e74
Updated style as per @void-in's comments
2015-05-11 19:46:10 +01:00
62d67469da
Updated code style as per @hmoore-r7's instructions
2015-05-11 19:34:23 +01:00
b8f7c80fd2
Rubocop
2015-05-11 18:50:03 +01:00
8308c2a925
Added check for nonsensical options
2015-05-11 18:48:55 +01:00
99133deabb
Reran tests, sorted out strip problem
2015-05-11 18:29:44 +01:00
c25a5d3859
Fixed a bunch of rubocop errors
2015-05-11 18:14:37 +01:00
34cf90af59
Removed unnecessary include
2015-05-11 17:31:31 +01:00
c001f014ce
HTML Title Grabber
2015-05-11 17:29:22 +01:00
d8cc2c19d3
Fix #5315 , User configurable options for jenkins_login
...
Fix #5315 . This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
a97f24a12d
Update payload cached sizes
2015-05-11 10:00:14 +01:00
c0388a770e
Update cached sizes
2015-05-10 22:01:30 +01:00
c916021fc5
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
efb226a55c
Fixed some minor errors
2015-05-10 02:59:57 -04:00
cc87df9123
Land #5323 , default creds fix for NETGEAR dirtrav
2015-05-09 14:36:00 -05:00
eeb87a3489
Polish up module
2015-05-09 14:33:41 -05:00
fe907dfe98
Fix the disclosure date
2015-05-09 10:44:28 -05:00
d2e1fdbbc3
Land #5324 , fixes #5318
...
Fixes enum_domain_group_users when running as SYSTEM.
2015-05-09 10:49:05 +01:00
028f9dd43b
Tidy and rubocop
2015-05-09 10:48:07 +01:00
e9dc93f345
Use cmd_exec
2015-05-09 10:44:02 +01:00
cb51bcc776
Land #5147 , @lightsey's exploit for CVE-2015-1592 MovableType deserialization
2015-05-09 01:56:38 -05:00
89bc405c54
Do minor code cleanup
2015-05-09 01:54:05 -05:00
a8adcda941
Redo port checks
2015-05-08 15:29:30 -05:00
156aac1dff
Use timeout options
2015-05-08 15:23:08 -05:00
bf9ca1f88f
Change module filename
2015-05-08 15:08:59 -05:00
f56115552f
Do code cleanup
2015-05-08 14:56:39 -05:00
b73241882b
Use datastore option
2015-05-08 14:48:19 -05:00
b5f5bacb8c
Use the connect/read timeout as used by the HTTPClient mixin
2015-05-08 14:46:08 -05:00
8c3a97667a
use get_env instead of client.sys.config.getenv
2015-05-08 15:25:20 -04:00
9fdbfd7031
Use vprint_error
2015-05-08 14:21:36 -05:00
017ae463ed
Fix description style
2015-05-08 14:18:29 -05:00
2e01eb519d
Do minor fixes
2015-05-08 14:04:44 -05:00
5588ad36b3
Print status message
2015-05-08 13:51:00 -05:00
7e62ba85a1
Do code cleanup
2015-05-08 13:33:28 -05:00
60c2c7a7cd
Delete unused variable
2015-05-08 13:19:39 -05:00
wchen-r7
0xFFFFFF
g0tmi1k
jvazquez-r7
William Vu
Tod Beardsley
root
David Maloney
HD Moore
John Sherwood
Roberto Soares
OJ
benpturner
Tim
James Lee
Brent Cook
Donny Maasland (Fox-IT)
Stuart Morgan
Denis Kolegov
Meatballs
rwhitcroft