infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,340 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

3738 Commits (665f6c3e35ea431b9472db5c95300680ef539765)

Author SHA1 Message Date
jvazquez-r7 aa6a24da1b Add module template 2013-10-19 00:27:57 -05:00
jvazquez-r7 be1d6ee0d3 Support Windows CMD generic payload 2013-10-17 14:07:27 -05:00
Tod Beardsley 07ab53ab39
Merge from master to clear conflict 
Conflicts:
	modules/exploits/windows/brightstor/tape_engine_8A.rb
	modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
 2013-10-17 13:29:24 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Karn Ganeshen cc42fbc59e Added ext .rb 
... ext .rb why you no save.
 2013-10-17 01:40:05 +05:30
Karn Ganeshen f3d4229ed4 Updated code 
msftidy compliant now. Have run it thru retab.rb, hence the indent like this.
 2013-10-17 01:36:26 +05:30
Tod Beardsley 2833d58387
Add OSVDB for vbulletin exploit 2013-10-16 15:01:28 -05:00
Tod Beardsley 3c2dddd7aa
Update reference with a non-plagarised source 2013-10-16 14:44:18 -05:00
Tod Beardsley 5d86ab4ab8
Catch mis-formatted bracket comments. 2013-10-15 14:52:12 -05:00
Tod Beardsley ed0b84b7f7
Another round of re-splatting. 2013-10-15 14:14:15 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
Tod Beardsley d0b1479d5b
Use the real timeout option for DCERPC 2013-10-14 17:41:51 -05:00
Tod Beardsley e8d0292118
Use read_response class method 
Looks like this was never implemented in other modules, but it collects
data from the socket in the usual get_once sort of way.
 2013-10-14 17:24:22 -05:00
Tod Beardsley 14be85ea5d
Land #2511, fix up NoMethodError and hanging connx 2013-10-14 16:30:19 -05:00
Meatballs a3af5d681b
Ensure TCP connection is closed 2013-10-14 21:53:22 +01:00
Tod Beardsley 63e40f9fba
Release time fixes to modules 
* Period at the end of a description.
  * Methods shouldn't be meth_name! unless the method is destructive.
  * "Setup" is a noun, "set up" is a verb.
  * Use the clunky post module naming convention.
 2013-10-14 15:17:39 -05:00
kaospunk 4b4804538f Fixes issues based on feedback 
This commit addresses comments made by @jvazquez-r7.
 2013-10-14 16:02:29 -04:00
sinn3r 2a1ade2541 Add disclosure date and some explanation about it 2013-10-13 19:29:51 -05:00
jvazquez-r7 e2c5e6c19f Fix email format 2013-10-13 18:28:35 -05:00
jvazquez-r7 008f787627 Add module for the dlink user-agent backdoor 2013-10-13 14:42:45 -05:00
Meatballs 988ac68074
Dont define the NDR syntax 2013-10-12 19:56:52 +01:00
Meatballs 765b55182e
Randomize client variables 
Also tidyup indents and use predefined UUID syntax.
 2013-10-12 19:52:15 +01:00
Meatballs cad717a186
Use NDR 32bit syntax. 
Compatible with both x86 and x64 systems.
Tidy up the module...
 2013-10-12 18:52:45 +01:00
darknight007 7b82c64983 ms12-020 stack print resolve 2013-10-12 16:49:03 +05:00
darknight007 e1b9f1a3c4 modified ms12-020 module to resolve stack print 2013-10-12 16:36:37 +05:00
darknight007 291b90405d Merge branch 'master' of https://github.com/darknight007/metasploit-framework 
Conflicts:
	modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids.rb
 2013-10-12 16:23:09 +05:00
darknight007 602fd276bc using theirs 2013-10-12 16:20:26 +05:00
darknight007 4e50c574c5 Update ms12_020_maxchannelids.rb 
ms12_020_maxchannelids.rb produces a call stack when the connection is timed out. 

To reproduct, just run the module against a system having no RDP enabled.
 2013-10-12 15:39:13 +05:00
Tod Beardsley 876d4e0aa8
Land #1420, WDS scanner 2013-10-11 16:53:25 -05:00
Tod Beardsley a1cf9619d9
Be clear this is 64-bit only in the desc. 2013-10-11 16:52:50 -05:00
Tod Beardsley 181606e7cc
Single byte description update. Adds a period. 2013-10-11 15:04:25 -05:00
jvazquez-r7 75c5e885f2 Land #2142, @morisson's exploit for CVE-2013-3319 2013-10-11 09:17:58 -05:00
jvazquez-r7 63349e4664 Add OSVDB and BID references 2013-10-11 09:14:59 -05:00
Bruno Morisson b26085457f Trying to prevent @jvazquez-r7 from crying when reading my code: 
- Documented fields in the several tables;
- Fixed the "remote" field location on the fs_table (changed due to REXML parsing);
- Fixed Total Memory field on os_table  (bug?);
 2013-10-11 11:29:27 +01:00
Tod Beardsley cad7329f2d
Minor updates to vbulletin admin exploit 2013-10-10 22:09:38 -05:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir 
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
 2013-10-10 19:55:26 +01:00
jvazquez-r7 09f0db7fdf Switch to rexml parsing, add some comments and cleanup 2013-10-10 13:19:10 -05:00
jvazquez-r7 9516bc5cf7 Retab changes for PR #2142 2013-10-10 11:02:51 -05:00
jvazquez-r7 cdc7b75a78 Merge for retab 2013-10-10 11:02:16 -05:00
Bruno Morisson c264480651 Code cleanup, tried to implement suggestions from @jvazquez-r7. Hopefully is much more readable. 2013-10-10 11:58:33 +01:00
jvazquez-r7 4f3bbaffd1 Clean module and add reporting 2013-10-09 13:54:28 -05:00
jvazquez-r7 5c36533742 Add module for the vbulletin exploit in the wild 2013-10-09 13:12:57 -05:00
sinn3r c10f0253bc Land #2472 - Clean up the way Apple Safari UXSS aux module does data collection 2013-10-07 15:47:28 -05:00
Tod Beardsley 293927aff0
msftidy fix for coldfusion exploit 2013-10-07 12:22:48 -05:00
joev 47e7a2de83 Kill stray debugger statement. 2013-10-06 19:32:22 -05:00
joev c2a81907ba Clean up the way Apple Safari UXSS aux module does data collection. 
[FIXRM #7918]
 2013-10-06 19:28:16 -05:00
James Lee 813013fef5 Make defaults sane for the lockoutable smb_login 
See #2376
 2013-10-04 15:53:16 -05:00
jvazquez-r7 db11e88255
Land #2321, @juushya's aux module for Sentry CDU enumeration 2013-10-04 08:35:54 -05:00
Karn Ganeshen 37e1e6533c changed default options 
Updated these default options to false:
      'DB_ALL_CREDS'    => false
      'BLANK_PASSWORDS' => false
 2013-10-04 02:48:42 +05:30
Karn Ganeshen 8aac3922f3 add radware_appdirector_enum 
This module scans for Radware AppDirector's web login portal, and performs login brute force to identify valid credentials.

- mstidy.tb & retab.rb run done
- stop_on_success is set to true. Important, otherwise the app starts dropping bf source.
- slowing down brute force speed seems to work though, but can take a long time if more creds to check &| more targets
- better to run bf with 2-3 creds against range, & then come back with more creds if needed
 2013-10-03 20:15:52 +05:30
jvazquez-r7 1fe0c50df0 Ignore unexpected answers 2013-10-02 20:41:02 -05:00
Tabassassin 773abf0567
Pow, tab assassinated. 2013-10-02 17:16:38 -05:00
Meatballs c460f943f7
Merge branch 'master' into data_dir 
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
 2013-10-02 20:17:11 +01:00
sinn3r 7118f7dc4c Land #2422 - rm methods peer & rport 
Because they're already defined in the HttpClient mixin
 2013-09-30 16:01:59 -05:00
Tod Beardsley 9ada96ac51
Fix sqlmap accidental codepoint 
See http://www.ruby-doc.org/core-1.9.3/String.html#method-i-3C-3C

Apparently, String#<< uses Integer#chr, not Integer#to_s. News to me.

Fixed originally by @TsCl in PR #2435, but fixing seperately in order to
avoid screwing up his downstream tracking. Note, this isn't a merge, so
using Closes tag on the commit message.

[Closes #2435]
 2013-09-30 11:23:17 -05:00
darknight007 f1ab7b51b1 Update ms12_020_maxchannelids.rb 
ms12_020_maxchannelids.rb produces a call stack when the connection is timed out. 

To reproduct, just run the module against a system having no RDP enabled.
 2013-09-30 13:43:26 +05:00
Tod Beardsley 7cc2ad55a6
Land #1770, unattend.xml snarfing modules 2013-09-27 16:04:38 -05:00
Tod Beardsley 63d638888d Get rid of interior tabs 2013-09-27 16:04:03 -05:00
Tod Beardsley 5e77dccd48 Add a ref to an example unattend.xml 2013-09-27 15:45:57 -05:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
Tod Beardsley 8696b5d2dc
Fix bug on missing hosts for SunRPC Portmap 
Also cleans up and normalizes the print messages to follow the
conventions of "host:port - proto - message"

[FixRM #8409], reported by Chris F.
 2013-09-26 09:42:38 -05:00
FireFart 09fa7b7692 remove rport methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:50:34 +02:00
FireFart 84ec2cbf11 remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:42:44 +02:00
jvazquez-r7 58d4096e0f Resolv conflicts on #2267 2013-09-25 13:06:14 -05:00
FireFart 34b829abef bugfix 2013-09-25 09:15:07 +02:00
FireFart aeb663a5d4 fix output 2013-09-24 10:48:38 +02:00
FireFart dc8f94bac1 Added wordpress version detection 2013-09-24 08:59:56 +02:00
jamcut dff26ac9ff Used default timeout 
forgot an additional default timeout in my previous commit
 2013-09-17 11:28:46 -04:00
jamcut 4aeb754112 Minor Changes 
changed print calls to print_line
removed trailing \n's
used default timeout for send_request_cgi
 2013-09-17 11:20:45 -04:00
jamcut ea367d218c dded Jenkins vulnerability scanner 2013-09-17 10:47:59 -04:00
Tod Beardsley b4b7cecaf4 Various minor desc fixes, also killed some tabs. 2013-09-16 15:50:00 -05:00
jvazquez-r7 299860b09d Land #2329, @kaospunk auxiliary module to enumerate ntlm info 2013-09-16 08:16:30 -05:00
jvazquez-r7 4040fe4b6b Fix style 2013-09-16 08:15:46 -05:00
jvazquez-r7 2741983158 Update description 2013-09-13 18:31:11 -05:00
jvazquez-r7 40aeaf445b Add auxiliary module for HP SNAC Auth Bypass 2013-09-13 18:29:57 -05:00
sinn3r 149312a4c0 Correct wordpress_login_enum for #2301 
tabassassin created a mess and I failed to resolve it properly.
Attempt #2. See #2301.
 2013-09-12 14:56:46 -05:00
sinn3r 91b8ca8f22 Merge branch 'pr2301' into upstream-master 
Conflicts:
	modules/auxiliary/scanner/http/wordpress_login_enum.rb
 2013-09-12 14:52:34 -05:00
sinn3r d006ee52b1 Land #2344 - Sophos Web Protection Appliance patience.cgi Directory Traversal 2013-09-12 14:13:32 -05:00
jvazquez-r7 02a073a8fe Change module filename 2013-09-09 23:30:37 -05:00
jvazquez-r7 64348dc020 Update information 2013-09-09 23:29:48 -05:00
Tod Beardsley 93c0b02b3b
Land #2342, fix for smb_enumshares Array-ness 2013-09-09 16:55:01 -05:00
James Lee f73c18ccd9 Store the Array, not human-readable version 
[SeeRM #8389]
 2013-09-09 16:44:47 -05:00
jvazquez-r7 2252aee398 Fix ltype on store_loot 2013-09-09 14:02:28 -05:00
jvazquez-r7 ce769b0c78 Add module for CVE-2013-2641 2013-09-09 13:56:45 -05:00
sinn3r ae659507d2 Land #2336 - GE Proficy Cimplicity WebView Directory Traversal 2013-09-08 23:05:57 -05:00
jvazquez-r7 3d48ba5cda Escape dot on regex 2013-09-08 20:26:20 -05:00
jvazquez-r7 02cc53e893 Land #2298, @dzruyk's DoS aux module for CVE-2013-4124 2013-09-07 16:11:49 -05:00
jvazquez-r7 a40e0ba704 Clean up read_nttrans_ea_list 2013-09-07 16:11:00 -05:00
jvazquez-r7 be9b0da595 Update print message 2013-09-06 16:09:38 -05:00
jvazquez-r7 830bc2ae64 Update OSVDB reference 2013-09-06 13:01:39 -05:00
jvazquez-r7 4e3d4994c3 Update description 2013-09-06 12:58:54 -05:00
jvazquez-r7 45821a505b Add module for CVE-2013-0653 2013-09-06 12:42:34 -05:00
jvazquez-r7 94cc3f0e49 Retab changes 2013-09-06 09:51:14 -05:00
jvazquez-r7 73a66819ea Merge for retab 2013-09-06 09:50:37 -05:00
jvazquez-r7 7ce9d38eba Fix module 2013-09-06 09:49:52 -05:00
Tab Assassin 8bc83f4922 Retab changes for PR #1420 2013-09-05 16:21:26 -05:00
Tab Assassin d6a7ce5328 Merge for retab 2013-09-05 16:21:13 -05:00
Tab Assassin 2846a5d680 Retab changes for PR #1770 2013-09-05 14:57:40 -05:00
Tab Assassin 269c1a26cb Merge for retab 2013-09-05 14:57:32 -05:00