Commit Graph

157 Commits (56ea22716ed4d7f6c4033e286bb63f59c27c589b)

Author SHA1 Message Date
Joshua Drake 0882838491 ensure binary mode when opening files, whitespace fixes
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:33:07 +00:00
Joshua Drake b5aac2860c add DEP bypass targets for XPSP2 and 2k3SP1, add 2k3 SP0 target
git-svn-id: file:///home/svn/framework3/trunk@9632 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-28 16:01:23 +00:00
Joshua Drake 2c91164494 allow x64 payloads to be used with psexec
git-svn-id: file:///home/svn/framework3/trunk@9565 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-21 03:49:39 +00:00
Joshua Drake a8186ae6ae add suggestion when auto-targeting fails, see #2022
git-svn-id: file:///home/svn/framework3/trunk@9396 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-02 16:29:14 +00:00
Steve Tornio 365f13551b added refs. I think all the auxiliary and exploit modules should now be covered.
git-svn-id: file:///home/svn/framework3/trunk@9298 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-13 16:53:50 +00:00
HD Moore d65146ae0c Downgrade MS04_011 to Great, as we have better exploits
git-svn-id: file:///home/svn/framework3/trunk@9291 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-12 16:36:45 +00:00
Joshua Drake 128e0515ef stop perpetuating the ambiguity!
git-svn-id: file:///home/svn/framework3/trunk@9262 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-09 17:45:00 +00:00
Joshua Drake 0ea6eca4bc big module whitespace/formatting cleanup pass
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 08:40:19 +00:00
Tod Beardsley bd94145d8d Allows reporting auth credentials to be optional with exploit/windows/smb/psexec. Sometimes you don't want this, especially if you already have an auth credential via smb_login.
For auxiliary/scanner/smb/smb_login, if a password hash is used instead of a password, record it as a :hash instead of a :pass when reporting to the DB.



git-svn-id: file:///home/svn/framework3/trunk@9116 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-22 17:23:29 +00:00
Joshua Drake d03eacc386 move exploit specific stuff back to exploit method
git-svn-id: file:///home/svn/framework3/trunk@9094 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 05:30:27 +00:00
Joshua Drake 74a344ce7a unbreak the module, oops
git-svn-id: file:///home/svn/framework3/trunk@9093 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 05:10:36 +00:00
Joshua Drake a402a69de6 make error more friendly and clean up whitespace
git-svn-id: file:///home/svn/framework3/trunk@9092 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 04:51:08 +00:00
HD Moore 7af2fdf42e Remove silly cases of print_good
git-svn-id: file:///home/svn/framework3/trunk@9021 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-05 23:34:10 +00:00
HD Moore 22cb5a6bea 1.9 compatibility fixes for lpd exploits, clarification in the print messages that we are *trying* to exploit something, not absolutely doing so
git-svn-id: file:///home/svn/framework3/trunk@8916 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-25 14:52:35 +00:00
James Lee a27c941714 targ_host -> target_host
git-svn-id: file:///home/svn/framework3/trunk@8909 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-25 01:09:04 +00:00
Stephen Fewer b4339930e7 rename this module with the updated MSB and swap out the hard coded kernel stager for the new kernel stager mixin.
git-svn-id: file:///home/svn/framework3/trunk@8656 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 13:42:17 +00:00
Joshua Drake 81f93d48e7 add german target from contributor, thx!
git-svn-id: file:///home/svn/framework3/trunk@8601 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-23 17:23:05 +00:00
HD Moore 7aa7995da9 Autodetect and exploit 2003 SP0
git-svn-id: file:///home/svn/framework3/trunk@8479 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 20:04:24 +00:00
Joshua Drake 57fd341f4a added auto targeting, XPSP1 target, updated 2ksp4 target, notes, description
git-svn-id: file:///home/svn/framework3/trunk@8023 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 19:22:43 +00:00
HD Moore 922cef26fa Store the domain name in the SMB client object, along with other fields provided by NTLMSSP responses. Show the domain name and netbios name in the version scanner. Update MS06-070 to remove the default target, use the domain name from the server response, and use a more reliable return address for 2000 SP4.
git-svn-id: file:///home/svn/framework3/trunk@8022 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 14:00:49 +00:00
Joshua Drake 6170998ba3 add exploit module for cve-2006-4691
git-svn-id: file:///home/svn/framework3/trunk@8021 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 05:13:57 +00:00
HD Moore 364880fb4d Bump the session wait to 10 seconds
git-svn-id: file:///home/svn/framework3/trunk@8004 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 14:27:33 +00:00
HD Moore 92c703ba6f Wait a second before deleting the file, catch an exception on delete, combined these reduce some of the issues around psexec
git-svn-id: file:///home/svn/framework3/trunk@7954 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-23 04:02:59 +00:00
James Lee b933f49ec3 this exploit always uses an exe, so default EXITFUNC to process so we don't leave processes lying around
git-svn-id: file:///home/svn/framework3/trunk@7950 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-23 01:29:16 +00:00
Joshua Drake 6219116ebf removed exit calls
git-svn-id: file:///home/svn/framework3/trunk@7940 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 23:03:03 +00:00
James Lee 2570fcee15 get rid of some more ^Ms
git-svn-id: file:///home/svn/framework3/trunk@7880 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:47:29 +00:00
Joshua Drake 21cbb87fac fixup whitespace
git-svn-id: file:///home/svn/framework3/trunk@7804 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 18:07:16 +00:00
Joshua Drake d8a4926a22 add framework tag comments to top
git-svn-id: file:///home/svn/framework3/trunk@7803 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 17:35:40 +00:00
Joshua Drake 6c98f3c03d add exploit module for cve-2009-1394
git-svn-id: file:///home/svn/framework3/trunk@7797 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 08:24:37 +00:00
Joshua Drake ff83f1cd2f add ranking to every exploit module, pfew!
git-svn-id: file:///home/svn/framework3/trunk@7724 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:50:37 +00:00
HD Moore 9ebcd40a4e Updated references to work better with NeXpose integration
git-svn-id: file:///home/svn/framework3/trunk@7683 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-03 15:27:29 +00:00
Joshua Drake e3a1a7958e cleaned up the descriptions
git-svn-id: file:///home/svn/framework3/trunk@7615 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 20:05:18 +00:00
HD Moore bd28e044f0 Handle instances where the pipe does not exist gracefully
git-svn-id: file:///home/svn/framework3/trunk@7531 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 15:20:50 +00:00
HD Moore aa09862813 Fixes #401. Ends up Windows NT doesn't like DCERPC requests to be partially written by SMB writes, this patches the min write size to be at least as big as the DCERPC request. The DCERPC::max_frag_size parameter can still be used for more evasion.
[*] Started reverse handler
[*] Detected a Windows NT 4.0 target
[*] Adjusting the SMB/DCERPC parameters for Windows NT
[*] Binding to 4b324fc8-1670-01d3-1278-5a47bf6ee188:3.0@ncacn_np:192.168.0.128[\BROWSER] ...
[*] Bound to 4b324fc8-1670-01d3-1278-5a47bf6ee188:3.0@ncacn_np:192.168.0.128[\BROWSER] ...
[*] Building the stub data...
[*] Calling the vulnerable function...
[*] Sending stage (719360 bytes)
[*] Meterpreter session 1 opened (192.168.0.136:4444 -> 192.168.0.128:1485)

meterpreter > sysinfo
Computer: VMNT4
OS      : Windows NT 4.0 (Build 1381, Service Pack 6).
Arch    : x86
Language: en_US



git-svn-id: file:///home/svn/framework3/trunk@7296 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-28 16:37:18 +00:00
HD Moore e3f68f2639 Another large number of warnings fixed by Yoann Guillot
git-svn-id: file:///home/svn/framework3/trunk@7248 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 17:18:23 +00:00
HD Moore b38a74c961 Another mega-patch from Yoann Guillot: fixes warnings generated by method calls with a space betwee the method and the parans, corrects a problem with the alpha encoders that causes them to overwrite the allowed charset, hardcodes the metasm output size of some modules in order to reduce load time, more to come
git-svn-id: file:///home/svn/framework3/trunk@7246 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 16:40:19 +00:00
HD Moore a0fbc2914f Remove the milw0rm references, as the links are no longer valid.
git-svn-id: file:///home/svn/framework3/trunk@7237 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-24 18:13:07 +00:00
HD Moore 5ea99ac421 Remove from the db_autopwn set for now
git-svn-id: file:///home/svn/framework3/trunk@7183 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-18 09:31:17 +00:00
HD Moore d3aa513773 Fixes #339. Cleans up author names for the most part - there are still some stragglers, but this should fix up the frequent contributors
git-svn-id: file:///home/svn/framework3/trunk@7173 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-17 05:55:15 +00:00
HD Moore 07efe98f6d Whitespace and svn properties set
git-svn-id: file:///home/svn/framework3/trunk@7087 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-28 10:54:07 +00:00
Stephen Fewer 360cdaab2e rename the smb2 module to something more specific.
git-svn-id: file:///home/svn/framework3/trunk@7086 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-28 10:23:28 +00:00
Stephen Fewer 50bd91688c Add coverage for the SMBv2 vuln.
git-svn-id: file:///home/svn/framework3/trunk@7085 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-28 08:12:30 +00:00
HD Moore 71d644e72e Fix the Payload->Space to match the new max size limit for the EXE generator. Thanks for catching it MC
git-svn-id: file:///home/svn/framework3/trunk@7022 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 21:23:11 +00:00
HD Moore 876a80f601 Updated osvdb references from Steve Tornio, updated capture/eth_spoof modules
git-svn-id: file:///home/svn/framework3/trunk@6907 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-27 14:05:23 +00:00
kris d3e65b3363 svn:keywords run
git-svn-id: file:///home/svn/framework3/trunk@6876 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 02:55:51 +00:00
HD Moore 4c4a8a764c Let the XP SP0/SP1 and 2000 targets automatically run
git-svn-id: file:///home/svn/framework3/trunk@6865 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-22 12:59:08 +00:00
Mario Ceballos 4691f2b0e5 added exploit module netidentity_xtierrpcpipe.rb
git-svn-id: file:///home/svn/framework3/trunk@6850 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-21 01:04:48 +00:00
HD Moore f8c2a203fd OSVDB references updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6812 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-16 16:02:24 +00:00
HD Moore 2ec7693d94 Fix up the modules to pass in the framework object into the new API call
git-svn-id: file:///home/svn/framework3/trunk@6687 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 18:18:04 +00:00
HD Moore 2283e0ffe4 Update executable template and API
git-svn-id: file:///home/svn/framework3/trunk@6682 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 17:42:17 +00:00