sinn3r
3def2afb46
Correct e-mail format
2012-07-17 04:24:54 -05:00
HD Moore
b3eb7b1358
Clean up unicode names
2012-07-17 00:46:28 -05:00
HD Moore
c887e0aaff
Re-add AFP changes due to mangled merge
2012-07-17 00:42:49 -05:00
HD Moore
f62e0b1cca
AFP fixes and JTR typo fix
2012-07-16 21:45:45 -05:00
HD Moore
bc2edeace2
Cleanup AFP module output
2012-07-16 21:02:40 -05:00
James Lee
efe478f847
Merge branch 'master' into omg-post-exploits
2012-07-16 09:20:23 -06:00
Patrik Karlsson
88275620ab
removed JtR support due to bugs in cracking module.
2012-07-16 15:59:43 +02:00
Patrik Karlsson
25a78e6ab0
change so that both Cain and JTR hashes can be stored at the same time and
...
added username report_auth_info
2012-07-16 14:13:35 +02:00
Patrik Karlsson
4859e0809e
add missing username to john hash
2012-07-16 09:14:44 +02:00
HD Moore
8fef1479ed
Trim string fields at first null
2012-07-15 23:12:40 -05:00
HD Moore
a57e712630
Be less verbose
2012-07-15 22:19:12 -05:00
HD Moore
b133428bc1
Better error handling in two web app modules
2012-07-15 21:56:00 -05:00
HD Moore
10db74d480
Show the IP address in the output
2012-07-15 21:35:43 -05:00
HD Moore
7f3aeca501
Put lipstick on this pig for the time being
2012-07-15 21:35:29 -05:00
James Lee
7091d1c65b
Add an exploit for sock_sendpage
...
Unfortunately, adds a dep on bionic for runtime compilation.
Gets ring0, sets the (res)uid to 0 and jumps to the payload. Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into. Single payloads work fine, though.
Also cleans up and improves local exploits' ability to compile C.
[SEERM #3038 ]
2012-07-15 20:29:48 -06:00
HD Moore
6c058d9a9a
Skip blank usernames (corner case)
2012-07-15 21:14:55 -05:00
HD Moore
44e56c87f1
Make super sure that blank creds are not reported
2012-07-15 20:56:31 -05:00
Patrik Karlsson
8889d89eea
msftidy cleanup
2012-07-16 02:07:45 +02:00
Patrik Karlsson
6331c33472
add MySQL password capturing module
...
This module provides a fake MySQL service that is designed to
capture authentication credentials. It captures challenge and
response pairs that can be supplied to Cain or JTR for
cracking.
2012-07-16 01:55:22 +02:00
jvazquez-r7
8cf08c6ca3
Target W7 updated
2012-07-15 17:45:58 +02:00
sinn3r
e1ff6b0cef
Nicer cleanup
2012-07-14 17:57:32 -05:00
jvazquez-r7
bdf009d7a8
Review of pull request #606
2012-07-15 00:20:12 +02:00
HD Moore
6cdd044e10
Remove a buggy payload that doesn't have NX support
2012-07-12 12:15:57 -05:00
jvazquez-r7
2da984d700
Added module for OSVDB 83275
2012-07-12 13:12:31 +02:00
jvazquez-r7
6c8ee443c8
datastore cleanup according to sinn3r
2012-07-12 09:31:22 +02:00
jvazquez-r7
65d15df9f9
Merge branch 'jboss-revision' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-revision
2012-07-12 09:25:37 +02:00
jvazquez-r7
b12f13f837
Review of Pull request #594
2012-07-12 00:46:24 +02:00
jvazquez-r7
16cd847e5a
Merge branch 'mssql_review' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-mssql_review
2012-07-12 00:36:54 +02:00
jvazquez-r7
a840ff8cf8
Review of pull request #598
2012-07-12 00:34:17 +02:00
jvazquez-r7
f933d98d38
Review of #595
2012-07-12 00:19:27 +02:00
h0ng10
87f5002516
added datastore cleanup
2012-07-11 12:56:23 -04:00
h0ng10
0d38a7e45f
switched to Rex::Text.encode_base64()
2012-07-11 12:52:09 -04:00
LittleLightLittleFire
32fa8bdfcf
Fixed typo in Stefan's last name
2012-07-11 14:53:26 +10:00
h0ng10
61ec07a10c
additional targets, meterpreter, bugfixes
2012-07-10 13:33:28 -04:00
sinn3r
06974cbc43
This bug is now patched
2012-07-10 12:28:46 -05:00
Alexandre Maloteaux
81ba60169f
ipv6 and arp_scanner fix
2012-07-10 18:28:24 +01:00
jvazquez-r7
4af75ff7ed
Added module for CVE-2011-4542
2012-07-10 18:40:18 +02:00
sinn3r
6f97b330e7
Merge branch 'LittleLightLittleFire-module-cve-2012-1723'
2012-07-10 00:50:31 -05:00
sinn3r
5b7d1f17c0
Correct juan's name and comments
2012-07-10 00:43:46 -05:00
sinn3r
54576a9bbd
Last touch-up
...
The contents of this pull request are very similar to what the msf
dev had in private, so everybody is credited for the effort.
2012-07-10 00:37:07 -05:00
sinn3r
64709be909
Merge branch 'module-cve-2012-1723' of https://github.com/LittleLightLittleFire/metasploit-framework into LittleLightLittleFire-module-cve-2012-1723
2012-07-10 00:27:36 -05:00
HD Moore
c532d4307a
Use the right failure reason
2012-07-10 00:26:14 -05:00
LittleLightLittleFire
e9ac90f7b0
added CVE-2012-1723
2012-07-10 12:20:37 +10:00
sinn3r
b817070545
Merge branch 'mac_oui' of https://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-mac_oui
2012-07-09 20:14:25 -05:00
Alexandre Maloteaux
e509c72574
better handle company name
2012-07-10 00:24:30 +01:00
Alexandre Maloteaux
e949b8c2c8
mac_oui
2012-07-09 23:46:57 +01:00
sinn3r
81b4cb737d
Merge branch 'zenworks_preboot_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-zenworks_preboot_fileaccess
2012-07-09 11:14:56 -05:00
jvazquez-r7
73fcf73419
Added module for CVE-2011-2657
2012-07-09 18:03:16 +02:00
jvazquez-r7
b33220bf90
Added module for CVE-2012-2215
2012-07-09 17:32:55 +02:00
sinn3r
0fbfa8e6f7
Merge branch 'enum_unattend_ii' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-enum_unattend_ii
2012-07-09 10:14:30 -05:00
sinn3r
5586aa6c1b
Move some code around
2012-07-09 09:44:22 -05:00
sinn3r
5db26beef7
Add more features
...
Please see the following ticket:
http://dev.metasploit.com/redmine/issues/7041
2012-07-09 05:17:40 -05:00
James Lee
6d6b4bfa92
Merge remote branch 'rapid7/master' into omg-post-exploits
2012-07-08 17:32:39 -06:00
sinn3r
d626de66f7
Print out where the scheme info is stored.
...
This module needs to print out where the scheme is stored so the
user knows where it is, see complaint:
https://community.rapid7.com/message/4448
2012-07-08 18:24:18 -05:00
HD Moore
442eccd1d6
Merge pull request #578 from claudijd/master
...
Bug Fix to "Stamp Out" LM and NTLM Hash Corruption in Hashdump Code
2012-07-08 12:24:46 -07:00
Jonathan Claudius
5938771e6c
Bug Fix to "Stamp Out" LM and NTLM Hash Corruption
...
-This commit Addresses Metasploit Bug #4402 that notes corrupted (aka:
incorrect) hashes yielded from hashdump
-Fail case can be reliably reproduced on a Windows system where (1) a
user is not storing an LM hash and (2) password histories are enabled
on the system
-This issue along with other extraction tools that are affected in a
similar way will be discussed at BlackHat USA 2012 and DEFCON 20 in 2
weeks.
If you have questions, please let us know.
-Jonathan Claudius (@claudijd)
-Ryan Reynolds (@reynoldsrb)
2012-07-08 14:02:22 -05:00
sinn3r
87bac91d71
Apply additional changes from #549
...
From pull request #549 . Changes include:
* Use OptEnum to enforce the use of wpad.dat or proxy.pac
* Remove cli.peerhost:cli.peerport, the API does that already
* cleanup function to restore uripath datastore option
* More friendly error when the user doesn't have enough permission
to bind to port 80, that way they don't blame it's a bug on msf.
* Remove unnecessary SVN stuff in modinfo
2012-07-07 15:59:16 -05:00
sinn3r
4e90da002d
Merge branch 'master' of https://github.com/efraintorres/wmap-metasploit into wpad
2012-07-07 15:44:05 -05:00
Steve Tornio
44290c2c89
add osvdb ref
2012-07-07 08:40:25 -05:00
sinn3r
70c718a5ed
Fix indent level
2012-07-06 12:44:03 -05:00
sinn3r
24c57b61a8
Add juan as an author too for improving the module a lot
2012-07-06 10:41:06 -05:00
jvazquez-r7
9fecc80459
User of TARGETURI plus improve of description
2012-07-06 15:47:25 +02:00
jvazquez-r7
7751c54a52
references updates
2012-07-06 11:56:03 +02:00
jvazquez-r7
f8ca5b4234
Revision of pull request #562
2012-07-06 11:52:43 +02:00
sinn3r
1e6c4301b6
We worked on it, so we got credit
2012-07-06 02:12:10 -05:00
sinn3r
f8123ef316
Add a "#" in the end after the payload
2012-07-06 02:09:31 -05:00
sinn3r
187731f2cb
Add a check function to detect the vuln
2012-07-06 01:58:01 -05:00
sinn3r
dcddc712d2
Missing a "&"
2012-07-06 01:50:18 -05:00
sinn3r
3c8a836091
Add lcashdol's module from #568
...
Initial version being worked on by sinn3r & juan
2012-07-06 01:41:34 -05:00
sinn3r
ecb4e20c92
Instead of deleting the "/", here's a different approach
2012-07-06 01:23:41 -05:00
sinn3r
7876d7fd60
Delete the extra "/"
2012-07-06 01:20:31 -05:00
sinn3r
686f176a99
Correct path
2012-07-06 01:12:47 -05:00
sinn3r
0c18662d46
Make msftidy happy and change the traversal option
2012-07-06 01:10:39 -05:00
sinn3r
3b7e1cd73a
Add Dillion's module for Wangkongbao
2012-07-06 00:54:55 -05:00
sinn3r
260cea934d
Add more reference
2012-07-05 16:48:43 -05:00
sinn3r
850242e733
Remove the extra comma and a tab char
2012-07-05 14:05:23 -05:00
jvazquez-r7
aee7d1a966
Added module for CVE-2012-0911
2012-07-05 20:58:27 +02:00
Meatballs1
fc58e485c3
Added further protection to enum_dcs method to prevent crashes
2012-07-05 14:27:45 +01:00
Meatballs1
a513b41283
Couple of readability changes suggested by TLC
2012-07-05 14:19:41 +01:00
jvazquez-r7
ff4a0bc3aa
poisonivy_bof description updated
2012-07-05 00:18:13 +02:00
jvazquez-r7
8bdf3b56f5
tries updated
2012-07-04 15:48:32 +02:00
jvazquez-r7
d8a5af7084
last changes done by gal, added RANDHEADER to single_exploit
2012-07-04 15:25:12 +02:00
jvazquez-r7
644d5029d5
add bruteforce target as optional
2012-07-04 13:02:47 +02:00
jvazquez-r7
7214a6c969
check function updated
2012-07-04 12:16:30 +02:00
jvazquez-r7
c531bd264b
brute force version of the exploit
2012-07-04 11:37:36 +02:00
jvazquez-r7
da2105787d
no rop versio of the exploit, metadata used, check and description fixed
2012-07-04 10:54:35 +02:00
Loic Jaquemet
cadbeafc4b
match dot and not any character
2012-07-03 20:41:03 -03:00
Loic Jaquemet
5bba81b738
or something equivalent... if enum_dcs returns nil
2012-07-03 20:38:26 -03:00
jvazquez-r7
8bcc0ba440
Review of pull request #559
2012-07-03 23:49:47 +02:00
Meatballs1
c30b2de35b
Removed comments in code!
2012-07-03 21:34:33 +01:00
Meatballs1
9998ca928d
msftidy, bugfixes, and protection to prevent DNS style domains going into the DC enumeration (which causes a meterpreter crash)
2012-07-03 21:28:45 +01:00
Meatballs1
bdd9364fa4
Refactored registry DC enumeration to occur by default, fixed nil DomainCaches exception
2012-07-03 21:08:12 +01:00
jvazquez-r7
600ca5b1dd
Added module for CVE-2012-0708
2012-07-03 19:03:58 +02:00
Loic Jaquemet
f74fe39280
fix error message to a more helpful one.
2012-07-03 12:54:02 -03:00
Loic Jaquemet
12e24dbd99
failback to target's PDC to get policies
2012-07-03 12:49:34 -03:00
sinn3r
7cfb7c1915
Update description
2012-07-03 10:26:02 -05:00
Loic Jaquemet
5fff195eba
DomainCache is a list of domainName = dnsDomainName
2012-07-03 12:20:00 -03:00
sinn3r
77d6fe16f0
Merge branch 'Winlog-CVE-resource' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-Winlog-CVE-resource
2012-07-02 16:04:02 -05:00
sinn3r
7262faac57
Correct a typo
2012-07-02 16:02:14 -05:00
sinn3r
fa0422c88a
Must respect the PlainText field to extract password info properly
2012-07-02 15:56:25 -05:00
sinn3r
e2a2789f78
Support Ruby 1.8 syntax. Thanks M M.
2012-07-02 14:15:14 -05:00
m-1-k-3
e06ca8e654
Winlog-CVE-resource
2012-07-02 20:33:15 +02:00
jvazquez-r7
9d49052c52
hp_dataprotector_new_folder: added support for hpdp 6
2012-07-02 18:32:19 +02:00
efraintorres
4c68cdd584
Actions removed.
2012-07-02 10:57:32 -05:00
Meatballs1
4eec5a5288
msftidy
2012-07-02 16:51:15 +01:00
Meatballs1
261989dddf
Fixed get_domain_reg where value returned was '.'
2012-07-02 16:46:02 +01:00
Meatballs1
bd2368d6ab
Added specific details for each policy type to output table, modified REX:Ui:Table to prevent sorting when SortIndex == -1
2012-07-02 11:47:44 +01:00
Meatballs1
299ed9d1d5
Local loot storage of retrieved XML files with option to disable storage
2012-07-02 10:48:04 +01:00
Meatballs1
5c2c1ccc39
Added extra logic and fixes for user supplied domains option
2012-07-02 10:15:58 +01:00
HD Moore
3bb7405b09
Only report auth if the username is not blank
2012-07-02 04:11:29 -05:00
Meatballs1
b549c9b767
Added a number of registry locations to enumerate the domain as this was inconsistant across testing environments
2012-07-02 09:35:47 +01:00
Meatballs1
994074948a
Removed @enumed_domains which inadvertantly skipped processing after the first file on a domain
2012-07-02 09:17:29 +01:00
Meatballs1
21776697b2
Merged with upstream
2012-07-02 08:57:54 +01:00
sinn3r
1b02f17d52
Shamelessly add my name too, because I made a lot of changes.
2012-07-01 19:23:34 -05:00
sinn3r
e1c43c31bd
Title change
2012-07-01 16:43:25 -05:00
sinn3r
326230b34b
Don't need to print the xml path twice
2012-07-01 13:58:04 -05:00
sinn3r
fcf5e02708
Be aware of bad XML format
2012-07-01 13:50:43 -05:00
sinn3r
ac52b0cc9f
Filter out 'AdministratorPassword' and 'Password'
2012-07-01 13:45:12 -05:00
sinn3r
61983b21b9
Add documentation about unattend.xml's specs
2012-07-01 04:15:11 -05:00
sinn3r
bf03995e30
Add veritysr's unattend.xml collector. See #548 .
2012-07-01 04:08:18 -05:00
efraintorres
be666fde89
Full msftidy compliant
2012-06-30 22:08:10 -05:00
efraintorres
cad749d495
More formatting.
2012-06-30 21:21:56 -05:00
efraintorres
22b47e32fe
Fixed wrapping of module description
2012-06-30 21:12:01 -05:00
efraintorres
f8aacc3482
All fixes applied to wpad module.
2012-06-30 20:57:59 -05:00
sinn3r
a3d74f5b10
Correct dead milw0rm references
2012-06-30 16:50:04 -05:00
sinn3r
2874768539
Also add juan as author. And links to the vulnerable setup.
2012-06-30 13:12:13 -05:00
jvazquez-r7
5dbfb7b9aa
last cleanup
2012-06-30 14:18:25 +02:00
jvazquez-r7
19d476122b
versions affected corrected
2012-06-29 20:23:17 +02:00
jvazquez-r7
533111c6da
irfanview_jpeg2000_bof: review of pull req #543
2012-06-29 20:13:02 +02:00
sinn3r
196e1b7f70
Update title & description to match what ZDI has.
...
ZDI publishes a new advisory that's closer to what we actually
see in a debugger. So we update the reference, as well as the
description + title to better match up theirs.
2012-06-29 11:10:28 -05:00
sinn3r
19b6ebbfbf
Merge branch 'apple_quicktime_texml_zdi' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apple_quicktime_texml_zdi
2012-06-29 10:59:11 -05:00
sinn3r
0e87238e58
Space space
2012-06-29 10:56:12 -05:00
jvazquez-r7
c79312547a
Added module for CVE-2012-0124
2012-06-29 17:50:21 +02:00
jvazquez-r7
5efb459616
updated zdi reference
2012-06-29 16:36:11 +02:00
sinn3r
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
sinn3r
e37a71192d
Make msftidy happy
2012-06-28 12:10:38 -05:00
Rob Fuller
77326edc45
fixed tcpnetstat table displaying
2012-06-28 12:56:29 -04:00
Rob Fuller
6f37ccbcae
tcp netstat post module via railgun
2012-06-28 09:17:05 -04:00
sinn3r
7c9a8ba699
Add OSVDB reference
2012-06-28 02:09:12 -05:00
sinn3r
cf9a6d58cc
Update missing OSVDB ref
2012-06-28 00:44:01 -05:00
sinn3r
f63a3959e0
Update web app module references
2012-06-28 00:37:37 -05:00
sinn3r
869aec5e3e
Update CVE/OSVDB/Milw0rm references for browser modules
2012-06-28 00:26:20 -05:00
sinn3r
7dcdd205bb
Update CVEs for fileformat exploits
2012-06-28 00:21:03 -05:00
sinn3r
b83c02d8e3
Update CVE reference
2012-06-28 00:06:41 -05:00
sinn3r
d85ce8db5c
Update CVEs for HTTP exploits
2012-06-28 00:00:53 -05:00
sinn3r
e8102284ff
Add missing CVEs for misc exploit modules
2012-06-27 22:17:34 -05:00
sinn3r
f5faccfa07
Add missing CVEs for SCADA modules
2012-06-27 22:10:24 -05:00
sinn3r
7c258d7aa9
Merge branch 'jvazquez-r7-atlassian_crowd'
2012-06-27 17:12:00 -05:00
sinn3r
68c582873b
Add the MSF license text
2012-06-27 17:11:00 -05:00
sinn3r
6c80fd9b42
Merge branch 'atlassian_crowd' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-atlassian_crowd
2012-06-27 17:09:25 -05:00