Commit Graph

11424 Commits (4cd329a943d79eaa5cee86381e06b17823c29a63)

Author SHA1 Message Date
sinn3r 062f661991 Fix bug #6161 - Must explicitly convert e to e.to_s 2011-12-24 15:11:26 -06:00
sinn3r 8a705c9223 Fix bug #6158 - session.db_record might return nil but wasn't checked 2011-12-24 15:06:43 -06:00
sinn3r dcb66307be Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-24 14:58:40 -06:00
sinn3r 2e2e28afb8 Fix bug #6160 - undefined method '[] for nil:NilClass' due to an invalid path 2011-12-24 14:57:46 -06:00
Tod Beardsley 06077a37f8 Fixes typo, variable name is paths not path. 2011-12-24 14:39:08 -06:00
Tod Beardsley c44e6701f3 Merge pull request #81 from swtornio/master
add osvdb ref
2011-12-24 09:22:15 -08:00
Steve Tornio 4215ef3ae1 add osvdb ref 2011-12-24 06:54:39 -06:00
sinn3r 3fe076bcd6 Check nil before using .empty? 2011-12-23 17:42:58 -06:00
steponequit 69570dada6 Add CVE-2008-2161 OpenTFTP SP 1.4 Buffer Overflow by steponequit 2011-12-23 16:28:36 -06:00
sinn3r 3b0b02fdcd Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-23 16:26:18 -06:00
Michael Boman 1102d56a27 Incorporating mboman's save credentials
I don't think the use of the constant is a show stopper since it is
identical to the existing Nessus plugin scheme as well. It doesn't make
it right but it's not a reason to block. Both should be fixed some time.

Made a handful of minor edits regarding file handle management, and also
noted that the act of saving nexpose credentials will always cause the
SSL nag screen to not display.

Thanks for the implementation, mboman!

[Closes #57] [Fixes #6156]

Squashed commit of the following:

commit 8d421ab8e3004bcb67e156b45f1355a608e0320c
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:55:35 2011 -0600

    Adds a comment note about bypassing the SSL verify warning

commit fd956b380f14bbb394f36b0a3c565906f9aed869
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:53:29 2011 -0600

    Changing file write mode from w+ to wb.

commit d884c87482b033b7200d5045ba5f9b2d910f4aa8
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:15:46 2011 -0600

    ::File instead of File throughout

commit 6d72f87e8f175f088ac7beeb80742d50ab01b38a
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:14:54 2011 -0600

    Space change

commit f6f3527595379ba11b3be4341a0c620b06340fbb
Merge: a978d19 2335614
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:13:12 2011 -0600

    Merge branch 'master' of github_r7:rapid7/metasploit-framework into mboman_nexpose

commit a978d1962f756f507fdabb988380a7ecf3ce76bb
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 23 15:12:51 2011 -0600

    Minor fixups mostly around ::File handling.

commit bddd0249b956c3e2c960b0bd6028b88e6e99eac5
Merge: 2ddc161 bb2ea62
Author: Michael Boman <michael@michaelboman.org>
Date:   Fri Dec 16 08:39:10 2011 +0100

    Merge branch 'master' of git://github.com/rapid7/metasploit-framework into nexpose

commit 2ddc1616714b37e89415195b2a9ef9c569e4065e
Author: Michael Boman <michael@michaelboman.org>
Date:   Wed Dec 14 11:44:29 2011 +0100

    msftidy cleanup (whitespace after EOL)

commit b202c7ff3a61ac450c181d4f60b01923bad9625f
Author: Michael Boman <michael@michaelboman.org>
Date:   Wed Dec 14 11:28:13 2011 +0100

    Removed a ncusage call

commit 45da9728d1867b04ce557521650abbc41753165e
Author: Michael Boman <michael@michaelboman.org>
Date:   Wed Dec 14 09:19:58 2011 +0100

    Fixed indenting, removed ncusage function until later...

commit e9f03aafba7db0d907c431eca3a3b55672437ea4
Merge: 41d3fae 8dc85f1
Author: Michael Boman <michael@michaelboman.org>
Date:   Wed Dec 14 07:35:17 2011 +0100

    Merge branch 'master' of git://github.com/rapid7/metasploit-framework into nexpose

commit 41d3fae61b9501179d5b474de018ea370ae90192
Merge: 63b6f38 d87d8d5
Author: Michael Boman <michael@michaelboman.org>
Date:   Tue Dec 13 20:07:34 2011 +0100

    Merge branch 'master' of git://github.com/rapid7/metasploit-framework into nexpose

commit 63b6f3873d466b7c6e4f3be5f0cea0a2a72e46f9
Merge: b3b7be4 cfa128a
Author: Michael Boman <michael@michaelboman.org>
Date:   Tue Dec 13 17:01:06 2011 +0100

    Merge branch 'master' of git://github.com/rapid7/metasploit-framework into nexpose

commit b3b7be4594eedbb82424e89ad44372dd71a0c507
Author: Michael Boman <michael@michaelboman.org>
Date:   Tue Dec 13 16:54:54 2011 +0100

    Nexpose plugin can now save/load credentials
2011-12-23 16:12:34 -06:00
Tod Beardsley 23356141fb Merge branch 'master' of github_r7:rapid7/metasploit-framework 2011-12-23 12:25:54 -06:00
scriptjunkie 1e811aed02 Adds scriptjunkie's multilingual admin fie for pxexploit
Also removes duplicated code between external/source/exploits/pxesploit
and external/source/pxesploit.

[Closes #63]

Squashed commit of the following:

commit 325f52527233ded1bf6506c366ec8cb9efdc2610
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date:   Fri Dec 16 12:14:18 2011 -0600

    Jetzt auf Deutsch! y español! 中國人!
    [update pxexploit to resolve administrators' group name rather than assume the English 'Administrators']
    Also remove duplicate/old pxexploit source code from the tree.
2011-12-23 12:24:45 -06:00
steponequit 84c6739921 added initial opentftp 1.4 windows exploit 2011-12-23 11:27:11 -06:00
sinn3r 41697440c7 Add Oracle Job Scheduler Command Execution (CreateProcessA) - Feature #6079 2011-12-23 01:22:39 -06:00
Tod Beardsley 35e868f705 Merge pull request #67 from kernelsmith/railgun-add_const_reverse_lookup
Add const_reverse_lookup and error_lookup to railgun (redmine 6128)
2011-12-22 14:43:24 -08:00
sinn3r ce6b1d6b8c Improve:
- Use 'Actions' to configure which OWA version to try
- Fix a bug where the USER_AS_PASS option might overwrite PASSWORD (and not restoring it) even though a password is already set.
- Increase timeout to 25
- Update description
2011-12-22 16:26:02 -06:00
Tod Beardsley db90989db4 Merge pull request #76 from kernelsmith/lab_tab_complete
lab_load now tab completes from data/lab (lab plugin), for real tho
2011-12-22 13:21:11 -08:00
Jonathan Cran 5cec44bc43 Merge pull request #77 from rapid7/lab_temp2
squashed lab upload commit
2011-12-22 13:00:26 -08:00
Jonathan Cran e48031cf22 squashed lab upload commit 2011-12-22 14:56:45 -06:00
Tod Beardsley 9b45b9523e Merge branch 'master' of github_r7:rapid7/metasploit-framework 2011-12-22 13:25:02 -06:00
sinn3r b5b24a1fbf Add a check. I decided not to try to login in the check function in order to remain non-malicious.
However, this decision doesn't represent how modules should write their own check.
2011-12-22 13:16:54 -06:00
Tod Beardsley b6d56e8410 Fixes VBS executable creator util
Fixes #6152, using booleans instead of ints.

Tip o' the hat to cloder for the MSDN ref:
http://msdn.microsoft.com/en-us/library/aa265018%28v=vs.60%29.aspx

Tested works on winxp and win7 targets via the persistence meterpreter
script.
2011-12-22 13:13:34 -06:00
sinn3r 262fe75e0a Add CVE-2011-4642 - Splunk Remote Code Execution (Feature #6129) 2011-12-22 13:04:37 -06:00
Tod Beardsley a03f5e32f8 Merge branch 'master' of github_r7:rapid7/metasploit-framework 2011-12-22 11:11:29 -06:00
Tod Beardsley 2f55f08ebe Actually describe the module in the title/description 2011-12-22 11:10:24 -06:00
David Maloney 5e1efdcd73 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-22 10:49:53 -05:00
David Maloney 30141f3008 Fix typo in the oracle enum aux module
The password grace time query was not checking the right value,
spotted by user bNull in the IRC channel.
2011-12-22 10:47:57 -05:00
HD Moore 5f72a0a092 Add -n <process.exe> argument for compatibility 2011-12-22 01:46:35 -06:00
Joshua Smith ee94e3e697 lab_load now tab completes from data/lab (lab plugin), for real tho 2011-12-22 01:25:43 -05:00
Tod Beardsley 743a0546f1 Don't blow up if the user doesn't set a filename
Can't actually require FILENAME or REMOTE_FILENAME because I don't know
if you're going to upload or download. However, there shouldn't be a
stacktrace when you just try to go with neither.
2011-12-21 16:26:29 -06:00
Tod Beardsley ed4c6ded2c Fixup on checkpoint firewall module
get() should get get_once() (intent is to get 4 bytes,
not timeout after 4 seconds), no need to escape equals
signs in regexes, no need to newline the unexpected
responses.
2011-12-21 11:23:04 -06:00
Tod Beardsley f9471d6009 Adding ref/disclosure date to checkpoint module
Talked with patrick, this all looks correct now.
2011-12-21 11:22:58 -06:00
Tod Beardsley 2db697cd7a Fixup on checkpoint firewall module
get() should get get_once() (intent is to get 4 bytes,
not timeout after 4 seconds), no need to escape equals
signs in regexes, no need to newline the unexpected
responses.
2011-12-21 11:21:46 -06:00
Tod Beardsley c6297458e6 Adding ref/disclosure date to checkpoint module
Talked with patrick, this all looks correct now.
2011-12-21 10:59:02 -06:00
HD Moore d27e05e2d2 Merge pull request #72 from mbevand-r7/nexpose-pth-bugfix
Fix Nexpose plugin bug to allow pass the hash to work
2011-12-20 21:48:15 -08:00
Marc Bevand 2dc4319bba Fix Nexpose plugin bug to allow pass the hash to work 2011-12-20 17:51:47 -06:00
Tod Beardsley cfa3e9818e Merge pull request #68 from averagesecurityguy/master
Cosmetic changes to openvas plugin output. Replaced puts with print_line.
2011-12-20 15:37:09 -08:00
Tod Beardsley 1429de6edc Checkpoint error msg should use res.inspect
Otherwise your terminal will go all wonky.
2011-12-20 16:01:13 -06:00
Tod Beardsley 99556da7ef Adds reporting to Patrick's Checkpoint module
Also refers to port 264/TCP as the SecuRemote service instead of the
Topology service (I believe this is correct)

Reporting is initially conservative -- if we don't get something for
fw_hostname, then don't bother reporting at all; assume we're
mis-identifying the target.
2011-12-20 16:01:00 -06:00
Tod Beardsley 27d3edea63 Merge pull request #71 from rapid7/checkpoint_report
Checkpoint report
2011-12-20 13:54:47 -08:00
Tod Beardsley 1128c3ec6b Checkpoint error msg should use res.inspect
Otherwise your terminal will go all wonky.
2011-12-20 15:46:31 -06:00
Tod Beardsley a58ddcae1b Adds reporting to Patrick's Checkpoint module
Also refers to port 264/TCP as the SecuRemote service instead of the
Topology service (I believe this is correct)

Reporting is initially conservative -- if we don't get something for
fw_hostname, then don't bother reporting at all; assume we're
mis-identifying the target.
2011-12-20 15:44:05 -06:00
sinn3r baaa1f6c82 Add US-Cert references to all these SCADA modules. The refers are based on this list:
http://www.scadahacker.com/resources/msf-scada.html
2011-12-20 14:07:29 -06:00
sinn3r d439390aa2 Fix typo 2011-12-20 12:19:34 -06:00
sinn3r c2d59f0307 Fix issue #6133 2011-12-20 11:32:33 -06:00
Tod Beardsley f997a7fc31 Adding TFTP client and lib to the next release
Squashed commit of the following:

commit 11a27a1e61
Author: Tod Beardsley <todb@metasploit.com>
Date:   Tue Dec 20 10:06:44 2011 -0600

    Renaming TFTP transfer util.

    See #5291. Just renaming the file.

commit 24d53efa7c
Author: Tod Beardsley <todb@metasploit.com>
Date:   Tue Dec 20 10:03:04 2011 -0600

    Final touches on TFTP client

    See #5291. Adds an option to mess with the block size in case someone
    wants to write a fuzzer or exploit that leverages that. Adds a cleanup
    method to the module (pretty much required, it turns out). Looking
    nearly final, just need to rename the module and I think we're good to
    push to master.

commit 677cb4b152
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Dec 19 21:56:03 2011 -0600

    Handle empty data sends sanely for TFTP.

    Don't just hang forever -- let the user know they just send empty data.
    TFTP servers don't like this of course.

commit 2b3e3725ac
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Dec 19 18:15:19 2011 -0600

    TFTP adding comment docs, ability to send w/out a file.

    Commenting the tricksy parts a little better for general usage.

    Adding the ability to set FILEDATA instead of FILENAME, in case
    only short bits of data are desired and the user doesn't want
    to go to the trouble of creating a source file to upload.

commit 431ef826c9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Dec 19 16:33:25 2011 -0600

    TFTP client now uses constants, preserves trailing spaces/nulls in data

    See #5291, just rediscovered the bug on this.

commit 5eaf2e7535
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Dec 19 15:50:50 2011 -0600

    Adding download and loot functionality.

    Still need to deal with the use case of not passing a block; blocks
    should not be required, it should be okay to invoke and just wait for
    the complete attribute to be true. You'll miss out on error messages but
    eh, maybe those should be return values.

commit aecde6fea4
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Dec 19 12:14:40 2011 -0600

    Updating TFTP client. Now with grown-up thread handling.

    No longer blocks on successful connections.

commit 902d7f5ea7
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Dec 18 21:05:27 2011 -0600

    Adding more to TFTP. Still need a read tho

    Adds error checking and some helpful messaging in the event of an error.
    In the event of a failed transfer the module exits immediately, but in
    success, I'm still hanging around for several seconds after. Not a deal
    breaker but can be annoying.

    Also, need to implement a read as well as a write and store it as loot,
    to be actually useful for most TFTP checking.

commit 23aadd04f7
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Dec 18 13:28:52 2011 -0600

    Fixing merge conflict cruft

    Dangit teach me to merge quickly. TFTP module now loads again.

commit 1201d7fbf2
Merge: 0b89140 a6867ef
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 16 22:41:22 2011 -0600

    Merge branch 'tftp_client' of github_r7:rapid7/metasploit-framework into tftp_client

    Conflicts:
    	modules/auxiliary/admin/tftp/tftp_upload_file.rb

commit 0b8914021c
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 16 21:06:10 2011 -0600

    Switch to vprint_status, also add skeletal cleanup def.

commit 50fa10679b
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 16 18:39:09 2011 -0600

    First draft of a TFTP client.

    Could use some actual error checking and also needs to expose
    more options.

commit a6867ef128
Author: Tod Beardsley <todb@metasploit.com>
Date:   Fri Dec 16 18:39:09 2011 -0600

    First draft of a TFTP client.

    Could use some actual error checking and also needs to expose
    more options.
2011-12-20 11:25:08 -06:00
Tod Beardsley c83c3d5128 TFTP forgot to commit my rename.
Fixes #5291 for real.
2011-12-20 10:45:29 -06:00
Tod Beardsley 1a396ba955 Merge pull request #70 from rapid7/tftp_client
Tftp client
2011-12-20 08:42:42 -08:00
Tod Beardsley 11a27a1e61 Renaming TFTP transfer util.
See #5291. Just renaming the file.
2011-12-20 10:06:44 -06:00