Joshua Drake
0882838491
ensure binary mode when opening files, whitespace fixes
...
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:33:07 +00:00
Joshua Drake
b5aac2860c
add DEP bypass targets for XPSP2 and 2k3SP1, add 2k3 SP0 target
...
git-svn-id: file:///home/svn/framework3/trunk@9632 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-28 16:01:23 +00:00
Joshua Drake
2c91164494
allow x64 payloads to be used with psexec
...
git-svn-id: file:///home/svn/framework3/trunk@9565 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-21 03:49:39 +00:00
Joshua Drake
a8186ae6ae
add suggestion when auto-targeting fails, see #2022
...
git-svn-id: file:///home/svn/framework3/trunk@9396 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-02 16:29:14 +00:00
Steve Tornio
365f13551b
added refs. I think all the auxiliary and exploit modules should now be covered.
...
git-svn-id: file:///home/svn/framework3/trunk@9298 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-13 16:53:50 +00:00
HD Moore
d65146ae0c
Downgrade MS04_011 to Great, as we have better exploits
...
git-svn-id: file:///home/svn/framework3/trunk@9291 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-12 16:36:45 +00:00
Joshua Drake
128e0515ef
stop perpetuating the ambiguity!
...
git-svn-id: file:///home/svn/framework3/trunk@9262 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-09 17:45:00 +00:00
Joshua Drake
0ea6eca4bc
big module whitespace/formatting cleanup pass
...
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 08:40:19 +00:00
Tod Beardsley
bd94145d8d
Allows reporting auth credentials to be optional with exploit/windows/smb/psexec. Sometimes you don't want this, especially if you already have an auth credential via smb_login.
...
For auxiliary/scanner/smb/smb_login, if a password hash is used instead of a password, record it as a :hash instead of a :pass when reporting to the DB.
git-svn-id: file:///home/svn/framework3/trunk@9116 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-22 17:23:29 +00:00
Joshua Drake
d03eacc386
move exploit specific stuff back to exploit method
...
git-svn-id: file:///home/svn/framework3/trunk@9094 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 05:30:27 +00:00
Joshua Drake
74a344ce7a
unbreak the module, oops
...
git-svn-id: file:///home/svn/framework3/trunk@9093 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 05:10:36 +00:00
Joshua Drake
a402a69de6
make error more friendly and clean up whitespace
...
git-svn-id: file:///home/svn/framework3/trunk@9092 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 04:51:08 +00:00
HD Moore
7af2fdf42e
Remove silly cases of print_good
...
git-svn-id: file:///home/svn/framework3/trunk@9021 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-05 23:34:10 +00:00
HD Moore
22cb5a6bea
1.9 compatibility fixes for lpd exploits, clarification in the print messages that we are *trying* to exploit something, not absolutely doing so
...
git-svn-id: file:///home/svn/framework3/trunk@8916 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-25 14:52:35 +00:00
James Lee
a27c941714
targ_host -> target_host
...
git-svn-id: file:///home/svn/framework3/trunk@8909 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-25 01:09:04 +00:00
Stephen Fewer
b4339930e7
rename this module with the updated MSB and swap out the hard coded kernel stager for the new kernel stager mixin.
...
git-svn-id: file:///home/svn/framework3/trunk@8656 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 13:42:17 +00:00
Joshua Drake
81f93d48e7
add german target from contributor, thx!
...
git-svn-id: file:///home/svn/framework3/trunk@8601 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-23 17:23:05 +00:00
HD Moore
7aa7995da9
Autodetect and exploit 2003 SP0
...
git-svn-id: file:///home/svn/framework3/trunk@8479 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 20:04:24 +00:00
Joshua Drake
57fd341f4a
added auto targeting, XPSP1 target, updated 2ksp4 target, notes, description
...
git-svn-id: file:///home/svn/framework3/trunk@8023 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 19:22:43 +00:00
HD Moore
922cef26fa
Store the domain name in the SMB client object, along with other fields provided by NTLMSSP responses. Show the domain name and netbios name in the version scanner. Update MS06-070 to remove the default target, use the domain name from the server response, and use a more reliable return address for 2000 SP4.
...
git-svn-id: file:///home/svn/framework3/trunk@8022 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 14:00:49 +00:00
Joshua Drake
6170998ba3
add exploit module for cve-2006-4691
...
git-svn-id: file:///home/svn/framework3/trunk@8021 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 05:13:57 +00:00
HD Moore
364880fb4d
Bump the session wait to 10 seconds
...
git-svn-id: file:///home/svn/framework3/trunk@8004 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 14:27:33 +00:00
HD Moore
92c703ba6f
Wait a second before deleting the file, catch an exception on delete, combined these reduce some of the issues around psexec
...
git-svn-id: file:///home/svn/framework3/trunk@7954 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-23 04:02:59 +00:00
James Lee
b933f49ec3
this exploit always uses an exe, so default EXITFUNC to process so we don't leave processes lying around
...
git-svn-id: file:///home/svn/framework3/trunk@7950 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-23 01:29:16 +00:00
Joshua Drake
6219116ebf
removed exit calls
...
git-svn-id: file:///home/svn/framework3/trunk@7940 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 23:03:03 +00:00
James Lee
2570fcee15
get rid of some more ^Ms
...
git-svn-id: file:///home/svn/framework3/trunk@7880 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:47:29 +00:00
Joshua Drake
21cbb87fac
fixup whitespace
...
git-svn-id: file:///home/svn/framework3/trunk@7804 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 18:07:16 +00:00
Joshua Drake
d8a4926a22
add framework tag comments to top
...
git-svn-id: file:///home/svn/framework3/trunk@7803 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 17:35:40 +00:00
Joshua Drake
6c98f3c03d
add exploit module for cve-2009-1394
...
git-svn-id: file:///home/svn/framework3/trunk@7797 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 08:24:37 +00:00
Joshua Drake
ff83f1cd2f
add ranking to every exploit module, pfew!
...
git-svn-id: file:///home/svn/framework3/trunk@7724 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:50:37 +00:00
HD Moore
9ebcd40a4e
Updated references to work better with NeXpose integration
...
git-svn-id: file:///home/svn/framework3/trunk@7683 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-03 15:27:29 +00:00
Joshua Drake
e3a1a7958e
cleaned up the descriptions
...
git-svn-id: file:///home/svn/framework3/trunk@7615 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 20:05:18 +00:00
HD Moore
bd28e044f0
Handle instances where the pipe does not exist gracefully
...
git-svn-id: file:///home/svn/framework3/trunk@7531 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 15:20:50 +00:00
HD Moore
aa09862813
Fixes #401 . Ends up Windows NT doesn't like DCERPC requests to be partially written by SMB writes, this patches the min write size to be at least as big as the DCERPC request. The DCERPC::max_frag_size parameter can still be used for more evasion.
...
[*] Started reverse handler
[*] Detected a Windows NT 4.0 target
[*] Adjusting the SMB/DCERPC parameters for Windows NT
[*] Binding to 4b324fc8-1670-01d3-1278-5a47bf6ee188:3.0@ncacn_np:192.168.0.128[\BROWSER] ...
[*] Bound to 4b324fc8-1670-01d3-1278-5a47bf6ee188:3.0@ncacn_np:192.168.0.128[\BROWSER] ...
[*] Building the stub data...
[*] Calling the vulnerable function...
[*] Sending stage (719360 bytes)
[*] Meterpreter session 1 opened (192.168.0.136:4444 -> 192.168.0.128:1485)
meterpreter > sysinfo
Computer: VMNT4
OS : Windows NT 4.0 (Build 1381, Service Pack 6).
Arch : x86
Language: en_US
git-svn-id: file:///home/svn/framework3/trunk@7296 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-28 16:37:18 +00:00
HD Moore
e3f68f2639
Another large number of warnings fixed by Yoann Guillot
...
git-svn-id: file:///home/svn/framework3/trunk@7248 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 17:18:23 +00:00
HD Moore
b38a74c961
Another mega-patch from Yoann Guillot: fixes warnings generated by method calls with a space betwee the method and the parans, corrects a problem with the alpha encoders that causes them to overwrite the allowed charset, hardcodes the metasm output size of some modules in order to reduce load time, more to come
...
git-svn-id: file:///home/svn/framework3/trunk@7246 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 16:40:19 +00:00
HD Moore
a0fbc2914f
Remove the milw0rm references, as the links are no longer valid.
...
git-svn-id: file:///home/svn/framework3/trunk@7237 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-24 18:13:07 +00:00
HD Moore
5ea99ac421
Remove from the db_autopwn set for now
...
git-svn-id: file:///home/svn/framework3/trunk@7183 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-18 09:31:17 +00:00
HD Moore
d3aa513773
Fixes #339 . Cleans up author names for the most part - there are still some stragglers, but this should fix up the frequent contributors
...
git-svn-id: file:///home/svn/framework3/trunk@7173 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-17 05:55:15 +00:00
HD Moore
07efe98f6d
Whitespace and svn properties set
...
git-svn-id: file:///home/svn/framework3/trunk@7087 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-28 10:54:07 +00:00
Stephen Fewer
360cdaab2e
rename the smb2 module to something more specific.
...
git-svn-id: file:///home/svn/framework3/trunk@7086 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-28 10:23:28 +00:00
Stephen Fewer
50bd91688c
Add coverage for the SMBv2 vuln.
...
git-svn-id: file:///home/svn/framework3/trunk@7085 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-28 08:12:30 +00:00
HD Moore
71d644e72e
Fix the Payload->Space to match the new max size limit for the EXE generator. Thanks for catching it MC
...
git-svn-id: file:///home/svn/framework3/trunk@7022 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 21:23:11 +00:00
HD Moore
876a80f601
Updated osvdb references from Steve Tornio, updated capture/eth_spoof modules
...
git-svn-id: file:///home/svn/framework3/trunk@6907 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-27 14:05:23 +00:00
kris
d3e65b3363
svn:keywords run
...
git-svn-id: file:///home/svn/framework3/trunk@6876 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 02:55:51 +00:00
HD Moore
4c4a8a764c
Let the XP SP0/SP1 and 2000 targets automatically run
...
git-svn-id: file:///home/svn/framework3/trunk@6865 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-22 12:59:08 +00:00
Mario Ceballos
4691f2b0e5
added exploit module netidentity_xtierrpcpipe.rb
...
git-svn-id: file:///home/svn/framework3/trunk@6850 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-21 01:04:48 +00:00
HD Moore
f8c2a203fd
OSVDB references updates from Steve Tornio
...
git-svn-id: file:///home/svn/framework3/trunk@6812 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-16 16:02:24 +00:00
HD Moore
2ec7693d94
Fix up the modules to pass in the framework object into the new API call
...
git-svn-id: file:///home/svn/framework3/trunk@6687 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 18:18:04 +00:00
HD Moore
2283e0ffe4
Update executable template and API
...
git-svn-id: file:///home/svn/framework3/trunk@6682 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 17:42:17 +00:00