Commit Graph

14429 Commits (57fd9b8c18a6b155b46167b1c16746feefc00b31)

Author SHA1 Message Date
Daniel Miller ed43418156 Fix unused ADDR_DST option in fuzz_beacon
auxiliary/fuzzers/wifi/fuzz_beacon offers ADDR_DST option, probably
copy-pasted from some other wifi modules, but does not use it, likely
because beacons are meant to be sent to broadcast address only. Since
this is a fuzzer, changing the destination address may be desirable.
Used the option in building the frame to be sent.
2012-08-10 16:14:50 -05:00
Daniel Miller db4f31de76 Fix use of URI option for glassfish_login
auxiliary/scanner/http/glassfish_login offers URI option to set the path
where Glassfish is installed, but it doesn't work. Replaced it with
TARGETURI and call target_uri.path to get a base path.
2012-08-10 15:44:53 -05:00
James Lee 67cdea1788 Fix load order issues (again)
This is getting annoying.  Some day we'll have autoload and never have
to deal with this.
2012-08-10 13:52:54 -06:00
HD Moore 9c0703f488 Merge pull request #682 from bonsaiviking/persistence-type
Fix handling of PAYLOAD_TYPE in persistence
2012-08-10 11:42:05 -07:00
Daniel Miller c8b8d7b8db Fix handling of PAYLOAD_TYPE in persistence
post/windows/manage/persistence incorrectly checked the STARTUP option
to set the payload, which meant it was always the default (reverse_tcp).
Changed to check PAYLOAD_TYPE instead, as intended.
2012-08-10 13:34:09 -05:00
James Lee ce94bc2628 Add posix bins for previous commits
This includes 2 bug fixes:
1) Returning a handle with execute
2) Bug in process_channel_read that caused the following to always
return nil or a single byte:
  p = client.sys.process.execute("id", "-u", "Channelized"=>true)
  p.channel.read

[SeeRM #7005][See #681]
2012-08-09 18:35:01 -06:00
James Lee 9d2c1e36dd Store the value, not the comparison
Fixes client.sys.process.execute for posix, which previously (since
2010!) would always return nil, or a single byte. This makes sense
considering the value of bytesRead would always be either 0 or 1 because
it was being assigned the result of the comparison instead of the return
value of read().

[Fixes #681]
2012-08-09 18:18:45 -06:00
James Lee c19102c6f1 Return the PID as handle in posix
Fixes some TypeError exceptions when attempting most operations on
spawned processes, e.g.:

  p = client.sys.process.execute("/bin/sh", nil, "Channelized"=>true)
  p.close
  # raises TypeError: can't convert nil into Integer

[FIXRM #7005]
2012-08-08 15:23:00 -06:00
sinn3r b4b860f356 Correct MC's name 2012-08-08 14:16:02 -05:00
sinn3r 9473d9f7c4 Merge branch 'osx_keychain' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-osx_keychain 2012-08-08 14:09:22 -05:00
sinn3r 880491c52f Update description 2012-08-08 14:07:51 -05:00
sinn3r 8a787f8342 typo 2012-08-08 14:04:49 -05:00
sinn3r 0fe385138f Merge branch 'netdecision_tftp_exploit' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-netdecision_tftp_exploit 2012-08-08 13:44:49 -05:00
sinn3r 5f46a1e239 Based on #676, with some changes 2012-08-08 12:44:39 -05:00
sinn3r 7cff1365a2 Merge branch 'master' of https://github.com/ipwnstuff/metasploit-framework into osx_keychain 2012-08-08 11:12:07 -05:00
Erran Carey 189a4ffb78 Edited spaceing 2012-08-08 10:40:33 -05:00
jvazquez-r7 8587ff535a Added exploit module for CVE-2009-1730 2012-08-08 16:28:03 +02:00
jvazquez-r7 d04fdc9382 Added aux module for CVE-2009-1730 2012-08-08 16:26:41 +02:00
Erran Carey bb588d338b Add Keychain Enumeration Mac OS X Post Module
Based off my `Keyjacker` script this module runs through an account's
keychains and returns internet accounts associated.
Setting the GETPASS option to true will return both many plain text
passwords given that the user allows their system to use the keychain
when prompted.
2012-08-08 03:03:19 -05:00
sinn3r b46fb260a6 Comply with msftidy
*Knock, knock!*  Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
sinn3r 7221420267 When it hangs, it's actually the correct behavior, not a failure. 2012-08-07 15:00:08 -05:00
Tod Beardsley 955a5af8cf Adding OSVDB ref 2012-08-07 12:56:29 -05:00
sinn3r dc47551a5c Merge branch 'scrutinizer_add_admin' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-scrutinizer_add_admin 2012-08-07 12:40:04 -05:00
sinn3r ddcee6fee0 And the war between spaces and tabs goes on.... 2012-08-07 12:36:53 -05:00
sinn3r 540f6253ef Merge branch 'pbot_exec' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-pbot_exec 2012-08-07 12:26:07 -05:00
sinn3r 57c32c9c7b Slip Plixer's name in there, because it's their product. 2012-08-07 12:20:44 -05:00
jvazquez-r7 fb452d75a3 Added module for pbot RCE 2012-08-07 19:20:32 +02:00
sinn3r 0f37c1704d Add vendor's name in there fore better searching 2012-08-07 12:17:41 -05:00
sinn3r f26053c2c3 Add vendor's name in there for easier searching 2012-08-07 12:16:52 -05:00
sinn3r 614ae02a26 Add CVE-2012-2626 Scrutinizer add-user aux mod 2012-08-07 12:13:25 -05:00
sinn3r 747a8aa54a Merge branch 'scrutinizer_upload' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-scrutinizer_upload 2012-08-07 11:02:40 -05:00
sinn3r 5f4297a68a I tested it 9.5.2 too 2012-08-07 11:01:08 -05:00
sinn3r 3ba73c4f7f Fix check() function 2012-08-07 11:00:12 -05:00
Tod Beardsley 1485f74670 Out of 4.4.0, and into 4.5.0-dev 2012-08-07 09:53:01 -05:00
sinn3r 6b4ae94dce Add CVE-2012-3951 Scrutinizer NetFlow and sFlow Analyzer exploit
This uses a default MySQL admin credential to write a php file to
the web directory, extracts our malicious executable, and then
finally execute it. We get SYSTEM.
2012-08-07 03:19:44 -05:00
RageLtMan 1d5af3d825 Alex' patch to Rex::Oui 2012-08-06 21:34:36 -04:00
RageLtMan a65e3b22ba Revert "Fix report_note fail @ L77 when vendor MAC is not in OUI list"
This reverts commit 4dd0c2e368caf77873302d34ccf6faf7bd882fad.
2012-08-06 21:34:36 -04:00
RageLtMan 061b60e3e1 Fix report_note fail @ L77 when vendor MAC is not in OUI list 2012-08-06 21:34:36 -04:00
jvazquez-r7 44dd8b0cc5 Merge branch 'update_juan_author' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-update_juan_author 2012-08-06 19:04:26 +02:00
jvazquez-r7 c2cc4b3b15 juan author name updated 2012-08-06 18:59:16 +02:00
sinn3r 349c841f6b Blah, OSVDB ref shouldn't be a link 2012-08-06 11:57:59 -05:00
sinn3r e31e7e8afe Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-08-06 11:56:06 -05:00
sinn3r 647b587f75 Merge branch 'Meatballs1-uplay' 2012-08-06 11:54:51 -05:00
sinn3r 69ff9e7c1c Lots of changes before commit. 2012-08-06 11:54:08 -05:00
sinn3r 25b2b2de68 Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay 2012-08-06 11:33:27 -05:00
Tod Beardsley 58ce6fbac4 Adding author info for juan 2012-08-06 08:55:54 -05:00
sinn3r 99d3ee6fc4 Merge branch 'webpagetest_traversal' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest_traversal 2012-08-06 03:15:16 -05:00
sinn3r 13aca3fe4c Merge branch 'oracle_autovue_setmarkupmode' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_autovue_setmarkupmode 2012-08-06 03:13:27 -05:00
sinn3r f1e7ef06cc Add webpagetest dir traversal module
How did I forget this while writing the exploit?
2012-08-06 03:11:07 -05:00
HD Moore b3d32edcc8 Merge pull request #667 from swtornio/ref-updates
Ref updates
2012-08-05 18:19:40 -07:00