Royce Davis
9a970415bc
Module uses store_loot now instead of logdir which has been removed
2013-03-11 20:05:23 -05:00
Royce Davis
aa4cc11640
Removed Scanner class running as stand-alone single target module now
2013-03-11 13:39:47 -05:00
Royce Davis
a96753e9df
Added licensing stuff at the top
2013-03-10 20:07:04 -05:00
Royce Davis
bf9a2e4f52
Fixed module to use psexec mixin
2013-03-10 15:15:50 -05:00
Royce Davis
907983db4a
updating with r7-msf
2013-03-10 14:19:20 -05:00
James Lee
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
J.Townsend
db1f4d7e1d
added license info
2013-03-07 00:20:02 +00:00
J.Townsend
e8c1899dc2
added license info
2013-03-07 00:18:32 +00:00
J.Townsend
3946cdf91e
added license info
2013-03-07 00:17:55 +00:00
J.Townsend
1b493d0e4c
added license info
2013-03-07 00:16:26 +00:00
J.Townsend
9e89d9608f
added license info
2013-03-07 00:11:45 +00:00
J.Townsend
56639e7f15
added license info
2013-03-07 00:10:46 +00:00
Royce Davis
1d8c759a34
yeah
2013-03-06 16:01:36 -06:00
James Lee
ca43900a7c
Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7
2013-03-05 16:34:11 -06:00
James Lee
27727df415
Merge branch 'R3dy-psexec-mixin2' into rapid7
2013-03-05 14:36:55 -06:00
David Maloney
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
Royce Davis
ac50c32d51
Tested, works on server 2k8
2013-02-20 10:02:50 -06:00
James Lee
4703278183
Move SMB mixins into their own directory
2013-02-19 12:55:06 -06:00
James Lee
ede804e6af
Make psexec mixin a bit better
...
* Removes copy-pasted code from psexec_command module and uses the mixin
instead
* Uses the SMB protocol to delete files rather than psexec'ing to call
cmd.exe and del
* Replaces several instances of "rescue StandardError" with better
exception handling so we don't accidentally swallow things like
NoMethodError
* Moves file reading and existence checking into the Exploit::SMB mixin
2013-02-19 12:33:19 -06:00
jvazquez-r7
ec5c8e3a88
Merge branch 'dlink-dir300-600-execution' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink-dir300-600-execution
2013-02-16 19:12:42 +01:00
Jeff Jarmoc
c2f8e4adbd
Minor - Note Rails 3.1.11 patch in Description.
2013-02-13 22:30:54 -06:00
jvazquez-r7
d1784babea
little cleanup plus msftidy compliant
2013-02-13 20:24:49 +01:00
jvazquez-r7
0ae473b010
info updated with rails information
2013-02-13 09:52:17 +01:00
jvazquez-r7
f46eda2fa9
Merge branch 'rails_devise_pw_reset' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-rails_devise_pw_reset
2013-02-13 09:51:37 +01:00
jvazquez-r7
799beb5adc
minor cleanup
2013-02-13 01:00:25 +01:00
Jeff Jarmoc
1d5d33f306
use normalize_uri()
2013-02-12 14:58:07 -06:00
Jeff Jarmoc
c6a7a4e68d
/URIPATH/TARGETURI/g
2013-02-12 14:50:10 -06:00
Jeff Jarmoc
c7719bf4cb
Verify response is non-nil.
2013-02-12 13:41:21 -06:00
Jeff Jarmoc
9e1f106a87
msftidy cleanup
2013-02-12 13:38:58 -06:00
jvazquez-r7
766257d26a
pointed by @m-1-k-3 while working on #1472
2013-02-11 21:21:43 +01:00
Jeff Jarmoc
5f0a3c6b9e
Removes pry, oops.
2013-02-11 14:02:46 -06:00
Jeff Jarmoc
753fa2c853
Handles error when TARGETEMAIL is invalid.
2013-02-11 13:58:56 -06:00
Jeff Jarmoc
61ffcedbfd
Address HD's other comments, fixes mismatched var name in last commit.
2013-02-11 11:17:26 -06:00
Jeff Jarmoc
e72dc47448
Uses REXML for encoding of password.
2013-02-11 11:12:29 -06:00
Jeff Jarmoc
43a1fbb6f2
Make msftiday happy.
2013-02-10 21:13:18 -06:00
Jeff Jarmoc
55cba56591
Aux module for joernchen's devise vuln - CVE-2013-0233
2013-02-10 21:10:00 -06:00
m-1-k-3
63c6791473
return
2013-02-09 11:17:02 +01:00
m-1-k-3
6cccf86a00
Merge branch 'master' of git://github.com/rapid7/metasploit-framework into dlink-dir300-600-execution
2013-02-09 11:09:56 +01:00
Tod Beardsley
5357e23675
Fixups to the Linksys module
...
Professionalizes the description a little, but more importantly, handles
LANIP better, I think. Instead of faking a 1.1.1.1 address, just detect
if it's set or not in a method and return the right thing accordingly.
Please test this before landing, obviously. I think it's what's
intended.
2013-02-06 12:46:50 -06:00
Tod Beardsley
faeaa74a49
Msftidy whitespace
2013-02-06 11:06:13 -06:00
m-1-k-3
43f3bb4fe6
small updates
2013-02-05 13:54:10 +01:00
m-1-k-3
5ca0e45388
initial commit
2013-02-04 08:44:12 +01:00
jvazquez-r7
2bf2d4d8a4
Merge branch 'netgear_sph200d_traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear_sph200d_traversal
2013-02-03 23:35:29 +01:00
jvazquez-r7
c24c926ffa
add aditional check to detect valid device
2013-02-01 20:55:06 +01:00
jvazquez-r7
996ee06b0f
fix another print_ call
2013-02-01 20:43:54 +01:00
jvazquez-r7
152f397a1f
first module cleanup
2013-02-01 20:38:11 +01:00
m-1-k-3
988761a6de
more updates, BID, Exploit-DB
2013-02-01 20:18:53 +01:00
m-1-k-3
fdd5fe77c1
more updates ...
2013-02-01 19:59:19 +01:00
m-1-k-3
0e22ee73b5
updates ...
2013-02-01 19:26:34 +01:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
m-1-k-3
ea5e993bf3
initial
2013-01-29 22:02:29 +01:00
sinn3r
690ef85ac1
Fix trailing slash problem
...
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.
Related to: [SeeRM: #7727 ]
2013-01-28 13:19:31 -06:00
Brandon McCann
15253f23bf
added RHOSTS funct
2013-01-24 15:29:35 -06:00
jvazquez-r7
1fc747994e
cleanup for linksys_wrt54gl_exec
2013-01-24 17:50:14 +01:00
m-1-k-3
3a5e92ba6f
hopefully all fixex included
2013-01-23 12:15:34 +01:00
Royce Davis
c601ceba3c
Fixed error deleting ntds and sys files
2013-01-22 09:42:49 -06:00
Royce Davis
ed3b886b61
working with psexec mixin
2013-01-22 09:36:43 -06:00
m-1-k-3
11c13500be
small fix
2013-01-21 13:41:42 +01:00
m-1-k-3
62ff52280a
initial linksys OS command injection
2013-01-21 13:19:29 +01:00
lmercer
a89db93891
psexec_command - Unable to execute specified command: can't convert nil into Integer
...
Patched as described in Redmine bug #7680
2013-01-14 15:54:40 -05:00
Royce Davis
ff9ef80cc6
Fixed terrible tab issues that occured because of an evil vimrc filegit add ntdsgrab.rb
2013-01-07 12:49:58 -06:00
Royce Davis
e4546b13f3
Creating new pull request to beat Travis build strange errors...
2013-01-07 12:21:59 -06:00
Royce Davis
c1f0e1172b
Still fighing with Travis build errors
2013-01-07 11:52:37 -06:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Royce Davis
ac2182c69b
Edited to fix Travis build process
2013-01-07 11:10:21 -06:00
Royce Davis
44e07c8577
Created psexec mixin to get rid of ugly copy-paste
2013-01-04 09:58:48 -06:00
Christian Mehlmauer
4d8a2a0885
msftidy: remove $Revision$
2013-01-03 01:01:18 +01:00
Christian Mehlmauer
95948b9d7c
msftidy: remove $Revision$
2013-01-03 00:58:09 +01:00
Christian Mehlmauer
ca890369b1
msftidy: remove $Id$
2013-01-03 00:54:48 +01:00
Royce Davis
321a4ecb74
Escaped quotes in windows command
2012-12-29 13:46:22 -06:00
Royce Davis
02bbcb5803
surrounded ntdspath in a space
2012-12-29 13:33:32 -06:00
Royce Davis
174e6e8f17
Fixed array instantiation
2012-12-29 13:31:54 -06:00
sinn3r
0344c568fd
Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes
2012-12-18 11:38:14 -06:00
Tod Beardsley
10511e8281
Merge remote branch 'origin/bug/fix-double-slashes'
...
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
Royce Davis
2eb01168c8
Cleaned build junk
2012-12-14 10:44:53 -06:00
Royce Davis
82a6519dc4
cleaned up print_status and print_errors
2012-12-14 10:41:40 -06:00
Royce Davis
1b26036028
removed junk
2012-12-14 09:23:26 -06:00
Royce Davis
ae663b2a08
removed | from author section
2012-12-14 09:02:19 -06:00
Royce Davis
27ca43c915
Added to create new pull request
2012-12-14 08:53:22 -06:00
sinn3r
d2885d9045
Correct US Cert references
2012-12-13 14:19:53 -06:00
sinn3r
c66777d028
Merge branch 'command' of git://github.com/R3dy/metasploit-framework into R3dy-command
2012-12-06 16:08:04 -06:00
Royce Davis
205276c38f
Update modules/auxiliary/admin/smb/psexec_command.rb
...
Fixed static path to Windows directory. This causes problems with directory is 'WINNT' for example.
2012-12-06 16:03:44 -06:00
jvazquez-r7
3dada00f43
fix typo accor ding to redmine 7550
2012-12-04 22:37:08 +01:00
Alexandre Maloteaux
c0c3dff4e6
Several fixes for smb, mainly win 8 compatibility
2012-11-28 22:49:40 +01:00
sinn3r
319fa04c16
Fix Ruby 1.8 comma of death
2012-11-26 16:45:43 -06:00
jvazquez-r7
414fd052c1
final cleanup
2012-11-24 15:03:14 +01:00
jvazquez-r7
f7fb8bb862
change module filename
2012-11-23 11:43:34 +01:00
jvazquez-r7
cb7e98ea29
Cleanup for command module
2012-11-23 11:42:59 +01:00
Royce Davis
e16cea6db8
Fixed execerror, redundant if statement, and poor exception handling
2012-11-20 18:46:07 -06:00
Royce Davis
795ea5bec2
Fix randomize of dislayname and removed filename from command.rb
2012-11-19 14:34:06 -06:00
Royce Davis
7fa8717860
Fixed cleanup method to report an Error on command.rb
2012-11-19 13:59:58 -06:00
Royce Davis
f9b4971fc3
Fixed hard coded paths in psexec on command.rb
2012-11-13 10:28:16 -06:00
Royce Davis
683bcd4b82
Added disconnect method to command.rb
2012-11-12 11:25:12 -06:00
Royce Davis
e57275d3f6
added check cleanup method to command.rb
2012-11-12 09:46:02 -06:00
Chris John Riley
cffedd0c97
Set back to target_uri.path
2012-11-11 12:04:31 +01:00
Royce Davis
6e257d5f57
Simplify main method
2012-11-09 08:50:09 -06:00
Chris John Riley
0dd4f4d03d
Formatting
2012-11-08 17:51:06 +01:00
Chris John Riley
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
HD Moore
4d2147f392
Adds normalize_uri() and fixes double-slash typos
2012-11-08 07:16:51 -06:00
Royce Davis
22ecd6afa9
Edit command.rb
2012-11-07 15:17:13 -06:00