986807e525
Add CVE-2012-0201 IBM Personal Communications .ws buffer overflow
2012-02-28 19:01:54 -06:00
5560087006
Add OSVDB 79438 Asus Net4Switch ActiveX Buffer Overflow
2012-02-28 18:58:28 -06:00
e69c8ca422
LHOST should be OptAddress, not OptAddressRange
2012-02-28 08:16:06 -07:00
bf07a6a027
Added auxiliary/scanner/mongodb/mongodb_login module
...
MongoDB login utility + brute force attack
2012-02-28 16:06:30 +02:00
2f201cdf78
Merge pull request #198 from jduck/master
...
Fixes #6308
2012-02-26 11:52:47 -08:00
3ff5c91c24
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-26 09:53:04 -06:00
ef4cdb516d
add osvdb ref
2012-02-26 07:13:13 -06:00
139136e033
Fix a handful of typos in the regex/parsing code
2012-02-26 02:10:06 -06:00
65ed4bfa8b
Fixes #6308 : Fall back to 127.0.0.1 when SocketError is raised from the resolver
2012-02-25 13:00:48 -06:00
91a7a44f02
Merge branch 'gather-firefox_creds-osx-fix' of https://github.com/gregory-m/metasploit-framework into gregory-m-gather-firefox_creds-osx-fix
2012-02-24 16:03:42 -06:00
7281a0ebdd
Add CVE-2011-0923: HP Data Protector CMD_EXEC module (submitted by wireghoul)
2012-02-24 12:06:47 -06:00
8a158c3a00
Added OSX support to post/multi/gather/firefox_creds
...
Tested on OSX 10.7.3 and FF 9.0.1
2012-02-24 16:44:42 +02:00
bc2e12f7b5
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-23 17:34:10 -06:00
339fb8d266
eh, I mean Win2k3 SP0 to SP1
2012-02-23 17:33:49 -06:00
cb9cc1a69e
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-23 17:22:55 -06:00
a6b10862bd
Adds a lantronix telnet discovery module
2012-02-23 17:22:32 -06:00
9ddca81ab5
Fix test that always evals to false
...
Meterpreter does not respond_to? extension names, they're magic.
2012-02-23 14:52:48 -07:00
e262d7a7ff
Add CVE-2012-0500 Sun Java Web Start exploit
2012-02-23 13:30:45 -06:00
08fb03276f
add osvdb ref
2012-02-23 07:39:31 -06:00
144fa0dc0e
Comment what \x0b\x04 is for
2012-02-22 22:59:43 -06:00
92c801d936
Merge branch 'ssh-creds-fix' of https://github.com/gregory-m/metasploit-framework into gregory-m-ssh-creds-fix
2012-02-22 19:49:26 -06:00
291e083d65
Add CVE-2011-5001: TrendMicro Control Manager 5.5 CmdProcessor Stack Bof
2012-02-22 19:44:47 -06:00
4ee1f989a6
Merge branch 'CVE-2008-1602_orbit_download_failed_bof' of https://github.com/juanvazquez/metasploit-framework
2012-02-22 19:40:56 -06:00
8d212849dc
Fix typos that result in stack traces when matching the response codes
2012-02-22 16:04:24 -06:00
ace28a8388
1.9 compatibility fix
...
Strings in ruby 1.9 doesn't have #each method
2012-02-22 18:01:17 +02:00
66fa56cc49
Fixed post/multi/gather/ssh_creds to work with shell session
2012-02-22 15:16:11 +02:00
3fecda95be
Fix 1.8 compatibility issue
2012-02-22 02:05:44 -06:00
5e6c40edfd
Remove unnecessary space restrictions.
...
This allows using the full range of PHP payloads
2012-02-21 23:21:07 -07:00
464cf7f65f
Normalize service names
...
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes #6437 ]
2012-02-21 22:59:20 -07:00
7ca573a1b4
Give these two old modules a chance to work by setting a proper arch
...
These must have been broken for quite some time. =/ They should
probably both be ARCH_PHP but I'm reluctant to make that big of a change
without having the target software to test.
2012-02-21 22:59:20 -07:00
4932a9ca25
Dont dump an HTML document to the console
2012-02-21 23:45:25 -06:00
d3fad51f3a
Fix my screwup in winscp for servicename
2012-02-21 20:31:52 -06:00
dcf3f3579d
Fix to the awful sname in this module
2012-02-21 20:28:27 -06:00
02d6089893
Fix a stack trace when an unexpected response from the server
...
Caused by a typo
2012-02-21 18:57:27 -07:00
acb4446e45
Fix #6407 by treating redirects as successful authentication
2012-02-21 16:02:21 -06:00
d6310829ea
Added module for CVE-2008-1602
2012-02-21 22:36:57 +01:00
4a631e463c
Module title normalization
...
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/
The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
bce1c08623
Update modules/auxiliary/server/capture/http_javascript_keylogger.rb
2012-02-21 04:46:56 -06:00
7c1d48d6aa
Merge in MJC's javascript keylogger
2012-02-21 04:25:15 -06:00
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
ab92e38628
Small cosmetic change to module descriptions
2012-02-20 19:29:51 -06:00
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
bb55b4e54f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-20 14:22:23 -06:00
f09ce04b00
Show where store_loot() saves the info
2012-02-20 14:22:05 -06:00
89e0842b1e
Add vim_soap to the mixins list.
...
Fixes an issue where a different module load order would result in one
of the vmware modules failing to load be cause vim_soap hadn't been
required yet. Thanks d0rm0us3 for having a weird system and spotting
stuff like this.
2012-02-20 13:17:45 -07:00
cda9166180
This module should show where store_loot() saves the results
2012-02-20 14:15:55 -06:00
779e3cdcda
Correct more post modules for naming style consistency
2012-02-20 13:49:23 -06:00
fd283dd95b
Correct naming style
2012-02-20 12:38:43 -06:00
3180d75168
Correct naming style
2012-02-20 12:38:31 -06:00
22e40d9da4
Change naming style for consistency
2012-02-20 12:35:53 -06:00
300558e009
Correct post module naming style
2012-02-20 12:34:35 -06:00
a8d56afda6
Use store_loot() to save data to local disk
2012-02-20 01:30:11 -06:00
fccb338e29
Merge branch 'master' of github-r7:rapid7/metasploit-framework
2012-02-19 23:01:14 -06:00
e0a75c1b2c
Merge branch 'release/4.2-stable'
...
Conflicts:
lib/msf/core/model/host.rb
2012-02-19 22:57:22 -06:00
ea698864bd
Add aux module to disclose IIS internal IP (Feature #6405 )
2012-02-19 22:44:30 -06:00
95fa97cbd7
This module should be using store_loot() to save downloaded data
2012-02-19 20:48:00 -06:00
6037a2fc7a
Correct type and name for store_loot
2012-02-19 20:20:44 -06:00
f92ddb2475
Revert "Cleanup to the module output for vmware_http_login.rb"
...
This reverts commit 08d91aebdb
2012-02-19 18:55:49 -06:00
a25475fac0
Revert "Add a new vmauthd_version scanner (also pulls in the SSL cert if"
...
This reverts commit c4ea27d32b
2012-02-19 18:53:03 -06:00
d761265b93
Revert "Cosmetic cleanup to the module output for vmauthd_login"
...
This reverts commit 87e7bf4934
2012-02-19 18:52:39 -06:00
648686002b
Cosmetic cleanup of the vmware_http_login module
2012-02-19 18:51:16 -06:00
2521bd7b59
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:34:35 -06:00
00d2497a42
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:32:36 -06:00
c4ea27d32b
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:28:06 -06:00
87e7bf4934
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:16:54 -06:00
08d91aebdb
Cleanup to the module output for vmware_http_login.rb
2012-02-19 18:16:05 -06:00
825ea01f79
Correct report_web_vuln
2012-02-19 16:37:42 -06:00
199e9c518b
Add Generic HTTP Directory Traversal Utility (Feature #6338 )
2012-02-19 00:30:18 -06:00
6ced540e0b
Merge branch 'vmware-api' into vmware-stable
2012-02-18 18:38:20 -06:00
36dc0fee50
Better dynamic soap generation for all the vmware stuff
2012-02-18 18:29:46 -06:00
ef2c261ce9
Change print() to print_line()
2012-02-18 00:22:02 -06:00
1f34c1ffd2
Correct print() and sleep() to print_line and select()
2012-02-18 00:20:52 -06:00
ebd5438984
Add POST to method
2012-02-17 22:36:33 -06:00
bb5e4a1600
Modules don't need to register VERBOSE, because it's already there
2012-02-17 21:07:44 -06:00
dc4bade78c
Use OptEnum to validate delivery method
2012-02-17 21:03:05 -06:00
79ce43e3fe
This condition should never trigger, because OptEnum should automatically take care of it
2012-02-17 19:16:07 -06:00
e23f17cac2
Again, validate using OptEnum
2012-02-17 19:14:38 -06:00
d58b8c7b69
Use OptEnum to validate enumeration method
2012-02-17 19:12:47 -06:00
3390bdf312
Validate METHOD with OptEnum
2012-02-17 18:54:53 -06:00
974aea3521
Validate 'METHOD' using OptEnum
2012-02-17 18:46:56 -06:00
36bc31d677
Damn, the indent level is nuts in this thing
2012-02-17 18:43:47 -06:00
ec58b4669e
This module only handles GET, so that's the only option we'll allow
2012-02-17 18:20:16 -06:00
9e17b09632
This module is only meant to handle GET and PUT, so let's be strict on that
2012-02-17 18:17:28 -06:00
7ae58bfd9d
Make sure the HTTP method is always upper-case to make Apache happy
2012-02-17 18:15:23 -06:00
ddb43774c9
Some metadata fixes
2012-02-17 12:21:38 -06:00
ae57a8d9fd
Make sure the HTTP method is always uppercase so we don't get a 501
2012-02-17 03:34:39 -06:00
afe6bce1c6
More documentation on the file format
2012-02-16 21:58:12 -06:00
2a97e61457
Merge branch 'droplnk' of https://github.com/NoVAHA/metasploit-framework into NoVAHA-droplnk
2012-02-16 21:20:58 -06:00
5bb9afe789
Correct disclosure date format
2012-02-16 18:15:51 -06:00
c38ad92ade
Post module to upload shortcut (LNK) files with UNC path ICONs for post exploitation
2012-02-16 18:34:19 +00:00
01a6b02c3e
Add exploit for CVE-2012-0209, thx eromang!
2012-02-16 03:10:55 -06:00
d2444e1cf6
fix a few typos
2012-02-16 03:10:22 -06:00
a0dac593bc
Merge branch 'vmware-api' of github.com:rapid7/metasploit-framework into vmware-api
2012-02-16 02:22:31 -06:00
e9b2e060d6
Permissions scanner for vmware
...
Fixed the way loot was getting stored to set a propper type
2012-02-16 02:19:33 -06:00
8d7ddab2af
Some minor bug fixes
...
Added vm_tag module for 'flag planting'
2012-02-16 00:45:48 -06:00
c5ae56a147
Adding User Enumeration Scanner for vmware
2012-02-15 22:55:11 -06:00
95f54413d8
Create a stable branch of vmware-api
...
Just to pick up the soap library and the esx_fingerprint stuff.
2012-02-15 21:25:56 -06:00
bf9ed96155
Fixes up esx_fingerprint and the host model to ID vmware correctly
...
Uses the proper host.normalize_os methods to fix up the normalization of
ESX servers.
2012-02-15 20:31:51 -06:00
a2778ea297
minor fixes to multi-session terminate
2012-02-15 16:50:12 -06:00
082b4acca8
Changed terminate session module to handle multiple sessions per run
2012-02-15 16:47:02 -06:00
c9cf47bd4c
Add Terminate Session module and some extra goodness to enum sessions
2012-02-15 16:39:13 -06:00
e69037959f
Added CVE-2010-0842
2012-02-15 23:32:31 +01:00
67ba39cc3e
Adds a scanner to pull active login sessions off servers
2012-02-15 02:27:25 -06:00
e0f11992af
Gah screwed up that commit, accidentally chunked out the rescues.
2012-02-15 02:12:06 -06:00
6b539036c9
Fix fingerprinting in the vmware_http_login module
2012-02-15 01:54:34 -06:00
e67e9ab34f
Adds a power off vm aux module
2012-02-14 20:52:45 -06:00
a256a6fb0b
Adds a power on vm module
2012-02-14 20:44:11 -06:00
ab65a1ad8c
Name caps and readability for new post modules
2012-02-14 16:23:12 -06:00
bbca09458f
Workaround for report_host/service issue
...
See #6370
2012-02-14 11:19:38 -06:00
03884ddb46
Fix to title from copy pasted init section.
2012-02-14 10:36:15 -06:00
ad0594ee5f
Cleanup and add debug for fingerprint_vmware
2012-02-13 19:07:26 -06:00
8c1581567c
Cleanup on the vmware fingerprinting.
...
Add in some new OS constants and seperate out the fingerprinting
function from the connection function in order to avoid having errors
swallowed by a rescue.
2012-02-13 16:40:44 -06:00
727cde00c6
Taking David's version of vmware_http_login over mine
2012-02-13 14:54:47 -06:00
d036da627a
Clear lots of whitespace
2012-02-13 14:13:43 -06:00
31f001ed54
Improved vmware enumerate vm modules
...
now with screenshots!
2012-02-13 12:07:28 -06:00
8c305e1a28
VMWare Web service finerprinting and OS detection.
...
VMWare Screenshot stealer
Improvemenets to the mixin
fix to check method for the login scanner
2012-02-13 12:05:32 -06:00
a758462a32
Remove some whitespace
2012-02-13 11:01:26 -06:00
7129ec8e3a
Change indent level for the metadata
2012-02-12 17:33:03 -06:00
e9ceed1236
Merge branch 'fetchmailrc_creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-fetchmailrc_creds
2012-02-12 17:30:30 -06:00
49bf9435c2
Post module to loot creds from .fetchmailrc
2012-02-12 11:24:21 -08:00
abb1548d9a
Fix extraneous print_status
2012-02-11 20:09:43 -06:00
676a0c53a0
Working Screenshot capability!
2012-02-11 03:51:18 -06:00
829040d527
A bunch of msftidy fixes, no functional changes.
2012-02-10 19:44:03 -06:00
daca3e93a5
add osvdb ref
2012-02-10 07:05:42 -06:00
782fcb040d
add osvdb ref
2012-02-10 07:05:26 -06:00
1a240648fa
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-10 06:51:02 -06:00
fe69a27bf1
Fix indent level and type
2012-02-10 03:22:51 -06:00
4b47a9e66f
Be gone, whitespace.
2012-02-10 03:16:37 -06:00
52e7743b41
Merge branch 'ipv6_logging' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-ipv6_logging
2012-02-10 03:13:18 -06:00
85e644ed4c
Merge branch 'railgun_defs' of https://github.com/NoVAHA/metasploit-framework into NoVAHA-railgun_defs
2012-02-10 01:17:07 -06:00
5ea20a332b
Clearly I had the wrong disclosure date. This one is based on Adobe's security bulletin.
2012-02-10 00:13:39 -06:00
e5ea2961f5
Add CVE-2011-2140 Adobe Flash SequenceParameterSetNALUnit (mp4) bof
2012-02-10 00:10:28 -06:00
2bd330da33
Add ZDI-12-009 Citrix Provisioning Services 5.6 streamprocess buffer overflow exploit
2012-02-10 00:06:48 -06:00
1f1e67cb16
Moved railgun function definitions into central storage and out of individual modules where possible
2012-02-09 04:56:13 +00:00
adafe6f722
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-08 13:32:51 -06:00
29b99aa7b4
Fix up titles/add boundary check for reporting external host
2012-02-08 12:23:46 -06:00
705c436ede
added more multicast addresses from wikipedia
2012-02-07 11:45:20 +01:00
e8aa624a16
Added todb's validator over to this working branch
2012-02-06 10:15:05 -06:00
8ad9beef75
Removing javascript_keylogger from master.
2012-02-06 09:37:16 -06:00
91820ad1c3
logging to notes
2012-02-06 08:56:35 +01:00
858401463d
add exec timeout
2012-02-05 14:52:38 -05:00
53ec982385
download_exec_fix
2012-02-05 14:35:44 -05:00
1b7fffbf8a
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-05 07:30:08 -06:00
b2ae8a24dc
Fix go cow art (tabs are bad to align chars)
2012-02-05 02:20:31 -06:00
0dd3ad0efb
Remove naughty trailing commas
2012-02-05 02:03:49 -06:00
26f89f65bd
Fix the bug that causes store_loot() to run twice. Also, other minor format changes.
2012-02-05 02:00:03 -06:00
c2d1f64472
Merge branch 'master' of https://github.com/threatagent/metasploit-framework
2012-02-05 01:44:53 -06:00
db1e400dff
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-05 01:27:21 -06:00
e4faa33517
Fix a typo introduce in the usb dumper
2012-02-04 00:03:20 -06:00
0737ccb8e2
Remove nulls from the unicode drive name
2012-02-04 00:03:03 -06:00
sinn3r
James Lee
Gregory Man
sinn3r
Joshua J. Drake
Steve Tornio
HD Moore
David Maloney
HD Moore
juan
Tod Beardsley
Matt Buck
Rob Fuller
Jon Hart
bperry-r7
m-1-k-3
RageLtMan