Rick Flores (nanotechz9l)
db8881966e
Merge remote-tracking branch 'upstream/master'
2013-09-18 12:02:01 -07:00
jvazquez-r7
68647c7363
Add module for MS13-071
2013-09-18 13:40:35 -05:00
jvazquez-r7
accad24f31
Use payload.encoded because BadChars are defined
2013-09-18 13:03:35 -05:00
jvazquez-r7
61ab0e245c
Add Context to rex sockets plus track them with add_socket
2013-09-18 12:39:08 -05:00
jvazquez-r7
1988085a94
Fix possible port conflict
2013-09-18 12:24:36 -05:00
Tod Beardsley
8728a9a3b7
Bumping out deprecation date
...
Pray I don't alter the deprecation date further.
2013-09-18 11:00:35 -05:00
dummys
bc57c9c6ec
corrected some codes requested by Meatballs
2013-09-18 17:55:36 +02:00
dummys
3366c3aa77
CVE-2013-5696 RCE for GLPI
2013-09-18 16:11:32 +02:00
xistence
adc1bd9c65
changes made to astium_sqli_upload based on suggestions
2013-09-18 16:52:31 +07:00
xistence
65ee8c7d5c
changed openemr_sqli_privesc_upload according to suggestions
2013-09-18 12:38:20 +07:00
Rick Flores (nanotechz9l)
6cbe371381
minor change
2013-09-17 20:33:46 -07:00
xistence
d6a1182bd4
changes to arkeia_upload_exec to comply with r7 suggestions #2
2013-09-18 08:24:40 +07:00
xistence
24a671b530
changes to arkeia_upload_exec to comply with r7 suggestions
2013-09-18 08:10:58 +07:00
Rick Flores (nanotechz9l)
0052f9712b
Updated hard tabs per new requirement
2013-09-17 17:42:01 -07:00
James Lee
9a555d8701
Fix the modules added since the branch
2013-09-17 18:25:12 -05:00
James Lee
150f0f644e
Merge branch 'rapid7' into bug/osx-mods-load-order
...
Conflicts:
modules/post/windows/gather/enum_dirperms.rb
2013-09-17 18:21:13 -05:00
Meatballs
02044e8b5e
Land #2373 , Corrects x64 reverse_https alignment
...
It appears that testing of the original submit was performed
on VMWare which worked. On a non virtualized machine the
payload would crash.
[Closes #2373 ] [FixRm #8271 ]
2013-09-17 22:50:04 +01:00
Meatballs
6bf0d9b761
Cleanup
2013-09-17 21:46:38 +01:00
OJ
0dcc0a9a6d
Land #2378 , meterpreter DLL suffix
...
Tested in the following configurations:
* WinXP SP0 x86 - reverse_http, reverse_tcp, ms08-067, ms03-026
* Win7 x64 fully patched - reverse_https, reverse_tcp, x64/reverse_tcp
Tested with all public extensions. Behaviour matches that of the currently released MSF.
x64 binaries no longer show up in auto-complete for x86.
2013-09-17 17:35:24 +10:00
xistence
82aa3f97b0
added Astium confweb 25399 RCE
2013-09-17 12:32:10 +07:00
James Lee
21055f6856
Add x86 to meterpreter's binary suffix
...
This makes x86 more consistent with x64.
Also replaces a bunch of instances of:
File.join(Msf::Config.install_root, 'data', ...)
with the simpler
File.join(Msf::Config.data_directory, ...)
[See rapid7/meterpreter#19 ]
2013-09-16 21:52:04 -05:00
Joe Vennix
a641bc41a8
Kill unnecessary comment.
2013-09-16 21:35:53 -05:00
Joe Vennix
5fc724bced
Kill explanatory comment.
2013-09-16 21:34:38 -05:00
Joe Vennix
f954e5299f
Now working on windows even.
2013-09-16 21:34:12 -05:00
Joe Vennix
2c47e56d90
Adds module for yaml code exec.
2013-09-16 21:33:57 -05:00
Rick Flores (nanotechz9l)
52a1b5fa57
updated pcman_stor_msf.rb module with community feedback.
2013-09-16 17:43:10 -07:00
Rick Flores (nanotechz9l)
226a75b5da
updated pcman_stor_msf.rb module with community feedback.
2013-09-16 17:37:29 -07:00
Brandon Turner
74fd80d01e
Land #2372 - module description updates
2013-09-16 16:17:57 -05:00
Tod Beardsley
bf18e5c37f
Land #2356 , temp fix for meterpreter.rb
...
@jlee-r7 is working on something more perfect, but would really like to
ship this this week to get around existing problems.
2013-09-16 15:58:42 -05:00
Tod Beardsley
b4b7cecaf4
Various minor desc fixes, also killed some tabs.
2013-09-16 15:50:00 -05:00
Ryan Wincey
fe86325fd4
Fixed memory alignment for x64 reverse_http stager
2013-09-16 16:43:20 -04:00
Tod Beardsley
f89af79223
Correct OSVDB for sophos sblistpack exploit
2013-09-16 15:41:50 -05:00
Rick Flores (nanotechz9l)
d4f2e72b9c
updated module to include msftidy.rb
2013-09-16 12:46:13 -07:00
Rick Flores (nanotechz9l)
82e3910959
added PCMan's FTP Server Crafted Multiple Command Handling Remote Buffer Overflow (OSVDB 94624)
2013-09-16 12:40:36 -07:00
Rick Flores (nanotechz9l)
92cf886e49
updated module to include msftidy.rb
2013-09-16 12:38:00 -07:00
Rick Flores
4c83336944
Delete pcman_stor_msf.rb
...
delete because of commit issues.
2013-09-16 12:25:39 -07:00
Joe Vennix
2d936fb67c
Bail from payload if require() is not available.
...
* TODO: test on windows
2013-09-16 14:05:26 -05:00
RageLtMan
08f0abafd6
Add nodejs single payloads, thanks to RageLtMan.
2013-09-16 13:38:42 -05:00
Joe Vennix
e1e1cab797
Module gets me a shell, yay
2013-09-16 13:37:16 -05:00
Rick Flores (nanotechz9l)
f657f4d145
added PCMan's FTP Server Crafted Multiple Command Handling Remote Buffer Overflow (OSVDB 94624)
2013-09-16 09:57:27 -07:00
jvazquez-r7
c18c41d8ea
Don't hidde exceptions
2013-09-16 09:26:13 -05:00
jvazquez-r7
86e5163cad
Fix Indentation and cleanup
2013-09-16 09:19:26 -05:00
jvazquez-r7
62cf9cb07c
Retab changes for PR #2188
2013-09-16 09:09:16 -05:00
jvazquez-r7
842dba20b9
Merge for retab
2013-09-16 09:08:36 -05:00
jvazquez-r7
299860b09d
Land #2329 , @kaospunk auxiliary module to enumerate ntlm info
2013-09-16 08:16:30 -05:00
jvazquez-r7
4040fe4b6b
Fix style
2013-09-16 08:15:46 -05:00
xistence
af873b7349
added OpenEMR 4.1.1 Patch 14 SQLi Privesc Upload RCE
2013-09-16 16:19:35 +07:00
xistence
b2b629f932
added WD Arkeia Appliance RCE
2013-09-16 14:38:50 +07:00
sinn3r
67cd62f306
Land #2366 - HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
2013-09-16 01:44:23 -05:00
sinn3r
b993a4bda9
Land #2367 - HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload
2013-09-16 01:43:07 -05:00
jvazquez-r7
2741983158
Update description
2013-09-13 18:31:11 -05:00
jvazquez-r7
40aeaf445b
Add auxiliary module for HP SNAC Auth Bypass
2013-09-13 18:29:57 -05:00
jvazquez-r7
54e9cd81f3
Add module for ZDI-13-226
2013-09-13 17:31:51 -05:00
jvazquez-r7
10303a8c2a
Delete debug print_status
2013-09-13 17:05:23 -05:00
jvazquez-r7
dca4351303
Add check function
2013-09-13 16:51:14 -05:00
jvazquez-r7
f7c4e081bb
Add module for ZDI-13-225
2013-09-13 16:40:28 -05:00
Tod Beardsley
813290cd68
Land #2357
2013-09-13 14:26:30 -05:00
Tod Beardsley
b2ba4b445f
Land #2362 , update description
2013-09-13 12:56:04 -05:00
sinn3r
4847976995
Update information about original discovery
...
Update info about original discovoery. See #2337 too.
2013-09-13 10:42:11 -05:00
jvazquez-r7
c665f41cd6
Fix description
2013-09-13 09:09:14 -05:00
Joe Vennix
84f015320a
Probably helps to use the right alternate exploit name.
2013-09-12 16:16:49 -05:00
Joe Vennix
14577441ca
Deprecates windows persistence post module.
2013-09-12 16:10:48 -05:00
Tod Beardsley
76f27ecde8
Require the deprecation mixin in all modules
...
Because rememberin to require it, and hoping against a race is not how we
roll any more.
2013-09-12 15:49:33 -05:00
Tod Beardsley
761042f14b
require the deprecated mixin
2013-09-12 15:42:01 -05:00
Tod Beardsley
968f299772
Deprecate A-PDF exploit for filename change
...
See PT 56796034
See PT 56795804
2013-09-12 15:30:26 -05:00
sinn3r
ac90cd1263
Land #2248 - Fix dlink upnp exec noauth
2013-09-12 15:10:20 -05:00
sinn3r
149312a4c0
Correct wordpress_login_enum for #2301
...
tabassassin created a mess and I failed to resolve it properly.
Attempt #2 . See #2301 .
2013-09-12 14:56:46 -05:00
sinn3r
91b8ca8f22
Merge branch 'pr2301' into upstream-master
...
Conflicts:
modules/auxiliary/scanner/http/wordpress_login_enum.rb
2013-09-12 14:52:34 -05:00
James Lee
58b634dd27
Remove unnecessary requires from post mods
2013-09-12 14:36:01 -05:00
MosDefAssassin
b7dec23a1d
Update meterpreter.rb
...
Meterpreter Error: Uninitialized Constant Error Prevents a 32bit Meterpreter session from migrating to a 64bit process.
Discovered: September 9th 2013
Fixed: September 11th 2013 By MosDefAssassin
Contact:ara1212@gmail.com
Tested on Windows 2008 R2 SP1 Running as a Domain Controller
Issue:
An issue has been discovered when you have created a simple 32bit windows/meterpreter/reverse_tcp payload and have launched the payload on the victim to obtain a remote meterpreter session. While in this session you attempt to migrate your 32bit process over to a 64bit process in order to take advantage of tools like hashdump or mimikatz or obtain system level access under a 64bit process that runs as system such as dns.exe. However when you attempt to migrate to a 64bit process you receive the following error:
Error running command migrate: NameError uninitialized constant Msf::Payload::Windows::ReflectiveDllInject_x64
Cause and Resolution:
This issue occurs because the meterpreter.rb file that is being called from within
“/opt/metasploit/apps/pro/msf3/modules/payloads/stages/windows/” folder
does not contain the following classes:
require 'msf/core/payload/windows/x64/reflectivedllinject'
require 'msf/base/sessions/meterpreter_x64_win'
Once you add these two classes to the meterpreter.rb file, you will be able to migrate to 64bit processes from a basic msfpayload generated 32bit meterpreter payload.
2013-09-12 14:32:13 -05:00
sinn3r
34383661cb
Land #2351 - Agnitum Outpost Internet Security Local Privilege Escalation
2013-09-12 14:21:05 -05:00
sinn3r
5aa6a0dd6b
Land #2346 - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
2013-09-12 14:19:02 -05:00
sinn3r
f42e6e8bca
Land #2345 - Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
2013-09-12 14:17:24 -05:00
sinn3r
8db66aeb98
Yes, clearly it is.
2013-09-12 14:16:34 -05:00
sinn3r
d781f447db
Merge branch 'pr2345' into upstream-master
2013-09-12 14:15:18 -05:00
sinn3r
d006ee52b1
Land #2344 - Sophos Web Protection Appliance patience.cgi Directory Traversal
2013-09-12 14:13:32 -05:00
Tod Beardsley
d47de46d94
Deprecate brightstor/tape_engine_8A
...
This module is getting renamed to 8a, instead of 8A.
2013-09-12 13:59:44 -05:00
James Lee
41f23d5268
Fix merge fail
...
The whitespace fixes from @tabassassin somehow hosed this change.
See
845bf7146b
and
6daa90a4a5
2013-09-11 16:22:35 -05:00
jvazquez-r7
9ad1be7318
Make junk easier
2013-09-11 09:33:01 -05:00
jvazquez-r7
825eb9d1ca
Add module for OSVDB 96208
2013-09-11 00:11:00 -05:00
jvazquez-r7
4f1db80c24
Fix requires in new post modules
2013-09-10 11:13:07 -05:00
jvazquez-r7
df3aae0cae
Land #2341 , @todb-r7's grammar fixes
2013-09-10 09:20:29 -05:00
jvazquez-r7
02a073a8fe
Change module filename
2013-09-09 23:30:37 -05:00
jvazquez-r7
64348dc020
Update information
2013-09-09 23:29:48 -05:00
jvazquez-r7
bf40dc02ce
Add module for CVE-2013-4984
2013-09-09 23:27:24 -05:00
jvazquez-r7
c3ff9a03d8
Add module for CVE-2013-4983
2013-09-09 23:26:10 -05:00
HD Moore
06f7abc552
Helps to put the rand() wrapper in
2013-09-09 20:26:11 -05:00
HD Moore
baff3577e5
FixRM #8034 Pick a valid certificate expiration
2013-09-09 20:24:52 -05:00
Tod Beardsley
93c0b02b3b
Land #2342 , fix for smb_enumshares Array-ness
2013-09-09 16:55:01 -05:00
James Lee
f73c18ccd9
Store the Array, not human-readable version
...
[SeeRM #8389 ]
2013-09-09 16:44:47 -05:00
Tod Beardsley
aff35a615b
Grammar fixes in descriptions
2013-09-09 15:09:53 -05:00
jvazquez-r7
2252aee398
Fix ltype on store_loot
2013-09-09 14:02:28 -05:00
jvazquez-r7
ce769b0c78
Add module for CVE-2013-2641
2013-09-09 13:56:45 -05:00
jvazquez-r7
791b6f69c2
Land #2337 , @wchen-r7's exploit for MS13-055
2013-09-09 11:12:03 -05:00
sinn3r
0ee0168556
Retabbed
...
One kills a man, one is an assassin; one kills millions, one is a
conqueror; one kills a tab, one is a Metasploit dev.
2013-09-09 10:01:01 -05:00
sinn3r
6ab905e9e0
Less alignment
2013-09-09 09:39:02 -05:00
sinn3r
992bdcf530
Not from the future
2013-09-09 00:36:28 -05:00
sinn3r
ae659507d2
Land #2336 - GE Proficy Cimplicity WebView Directory Traversal
2013-09-08 23:05:57 -05:00
jvazquez-r7
3d48ba5cda
Escape dot on regex
2013-09-08 20:26:20 -05:00
sinn3r
47147444af
Land #2327 HP SiteScope Remote Code Execution
2013-09-08 20:14:27 -05:00
sinn3r
c3db41334b
Add MS13-055 Internet Explorer Use-After-Free Vulnerability
...
In IE8 standards mode, it's possible to cause a use-after-free condition by first
creating an illogical table tree, where a CPhraseElement comes after CTableRow,
with the final node being a sub table element. When the CPhraseElement's outer
content is reset by using either outerText or outerHTML through an event handler,
this triggers a free of its child element (in this case, a CAnchorElement, but
some other objects apply too), but a reference is still kept in function
SRunPointer::SpanQualifier. This function will then pass on the invalid reference
to the next functions, eventually used in mshtml!CElement::Doc when it's trying to
make a call to the object's SecurityContext virtual function at offset +0x70, which
results a crash. An attacker can take advantage of this by first creating an
CAnchorElement object, let it free, and then replace the freed memory with another
fake object. Successfully doing so may allow arbitrary code execution under the
context of the user.
This bug is specific to Internet Explorer 8 only. It was originally discovered by
Orange Tsai at Hitcon 2013, but was silently patched in the July 2013 update, so
no CVE as of now.
2013-09-08 20:02:23 -05:00
jvazquez-r7
02cc53e893
Land #2298 , @dzruyk's DoS aux module for CVE-2013-4124
2013-09-07 16:11:49 -05:00
jvazquez-r7
a40e0ba704
Clean up read_nttrans_ea_list
2013-09-07 16:11:00 -05:00
jvazquez-r7
be9b0da595
Update print message
2013-09-06 16:09:38 -05:00
Joe Vennix
3da9c4a685
Cleans up timeouts, wait before dropping payload, actually call #cleanup#super to kill the dropped file
2013-09-06 13:05:17 -05:00
jvazquez-r7
830bc2ae64
Update OSVDB reference
2013-09-06 13:01:39 -05:00
jvazquez-r7
4e3d4994c3
Update description
2013-09-06 12:58:54 -05:00
jvazquez-r7
45821a505b
Add module for CVE-2013-0653
2013-09-06 12:42:34 -05:00
jvazquez-r7
ffa600ff8b
Fix really the check method
2013-09-06 10:21:18 -05:00
jvazquez-r7
9b9e1592fd
Retab changes
2013-09-06 10:13:38 -05:00
jvazquez-r7
a64f960bfc
Merge for retab
2013-09-06 10:12:55 -05:00
jvazquez-r7
d9fed860a5
Fix check method
2013-09-06 10:11:06 -05:00
jvazquez-r7
94cc3f0e49
Retab changes
2013-09-06 09:51:14 -05:00
jvazquez-r7
73a66819ea
Merge for retab
2013-09-06 09:50:37 -05:00
jvazquez-r7
7ce9d38eba
Fix module
2013-09-06 09:49:52 -05:00
Tyler Krpata
2aed293d9a
Handle locked date and time preference pane
...
If the date and time preference pane is locked, effects are:
1. systemsetup takes 30 seconds to return
added a 30-second timeout to cmd_exec
2. Unable to change system date and time settings
added additional check to see if date change was successful
2013-09-06 10:17:09 -04:00
jvazquez-r7
7d4bf0c739
Retab changes for PR #2327
2013-09-05 23:25:41 -05:00
jvazquez-r7
34b499588b
Merge for retab
2013-09-05 23:24:22 -05:00
jvazquez-r7
eb745af12f
Land #1054 , @Meatballs1 exploit for IPsec Keying and more
2013-09-05 16:53:20 -05:00
Meatballs
473f08bbb6
Register cleanup and update check
2013-09-05 22:43:26 +01:00
Meatballs
400b433267
Sort out exception handling
2013-09-05 22:21:44 +01:00
James Lee
adfb31e30a
Land #2316 , don't modify datastore in authbrute
2013-09-05 16:04:15 -05:00
Tyler Krpata
07060e4e69
Add return in check
2013-09-05 16:57:47 -04:00
Tab Assassin
2e9096d427
Retab changes for PR #1734
2013-09-05 14:59:41 -05:00
Tab Assassin
322ed35bb4
Merge for retab
2013-09-05 14:59:34 -05:00
Tab Assassin
2846a5d680
Retab changes for PR #1770
2013-09-05 14:57:40 -05:00
Tab Assassin
269c1a26cb
Merge for retab
2013-09-05 14:57:32 -05:00
Meatballs
d4043a6646
Spaces and change to filedropper
2013-09-05 20:41:37 +01:00
Meatballs
c5daf939d1
Stabs tabassassin
2013-09-05 20:36:52 +01:00
Tab Assassin
f780a41f87
Retab changes for PR #2248
2013-09-05 14:12:24 -05:00
Tab Assassin
554d1868ce
Merge for retab
2013-09-05 14:12:18 -05:00
Tab Assassin
f5a4c05dbc
Retab changes for PR #2267
2013-09-05 14:11:03 -05:00
Tab Assassin
4703a10b64
Merge for retab
2013-09-05 14:10:58 -05:00
Meatballs
9787bb80e7
Address @jlee-r7's feedback
2013-09-05 19:57:05 +01:00
Tab Assassin
597f337d1b
Retab changes for PR #2298
2013-09-05 13:52:10 -05:00
Tab Assassin
acfef429c2
Merge for retab
2013-09-05 13:52:05 -05:00
jvazquez-r7
206b52ea30
Land #2325 , @jlee-r7's Linux PrependFork addition
2013-09-05 13:50:59 -05:00
Tab Assassin
845bf7146b
Retab changes for PR #2304
2013-09-05 13:41:25 -05:00
Tab Assassin
adf9ff356c
Merge for retab
2013-09-05 13:41:23 -05:00
jvazquez-r7
86ceadc53d
Fix target description
2013-09-05 13:37:01 -05:00
jvazquez-r7
d43326d0f4
Check 302 while checking too
2013-09-05 13:36:35 -05:00
jvazquez-r7
ab83a12354
Check 302 on anonymous access too
2013-09-05 13:35:52 -05:00
Tab Assassin
abb52a086c
Retab changes for PR #2316
2013-09-05 13:33:59 -05:00
Tab Assassin
8665de0261
Merge for retab
2013-09-05 13:33:49 -05:00
Tab Assassin
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
Tab Assassin
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00
Tab Assassin
c9c6f84668
Retab changes for PR #2328
2013-09-05 13:16:15 -05:00
Tab Assassin
9bdc274904
Merge for retab
2013-09-05 13:15:07 -05:00
Tab Assassin
0a1a202fb5
Retab changes for PR #2329
2013-09-05 13:04:23 -05:00
Tab Assassin
760943af2f
Merge for retab
2013-09-05 13:02:51 -05:00
James Lee
50c6f26329
Don't deregister PrependFork
2013-09-05 10:50:36 -05:00
jvazquez-r7
c44be42cf5
Merge the check for Sentry in just one request
2013-09-05 10:41:20 -05:00
jvazquez-r7
d280d45964
Revert "Updated module - 1 req action"
...
This reverts commit f85b9aa780
.
2013-09-05 10:35:13 -05:00
Karn Ganeshen
f85b9aa780
Updated module - 1 req action
...
Modified the code to have it work with 1 request instead of 3. Thanks Meatballs1!
2013-09-05 20:04:02 +05:30
kaospunk
9f628b8b63
Add URI where information was discovered
...
This adds the URI where the information was enumerated from to the
scanner output.
One more place where target_uri was being used was also corrected.
2013-09-05 10:06:11 -04:00
kaospunk
afaab5e0a6
Fixes issues raised by jvazquez-r7
...
This commit fixes the following issues raised by jvazquez-r7:
* The local target_uri variable has been renamed to test_uri
* Logic to prepend a "/" to the uri has been removed
* The timeout of 10 for send_request_cgi has been removed to use the
default
2013-09-05 09:34:35 -04:00
jvazquez-r7
5c06a471f9
Get the call result
2013-09-05 08:33:35 -05:00
jvazquez-r7
3681955f68
Use Msf::Config.data_directory
2013-09-05 08:28:50 -05:00
jvazquez-r7
6b1d7545d6
Refactor, avoid duplicate code
2013-09-05 08:26:49 -05:00
kaospunk
533643fe2c
Host Information Enumeration via NTLM Authentication
...
This aux module makes requests to resources on the target server in
an attempt to find resources which permit NTLM authentication. For
resources which permit NTLM authentication a blank NTLM type 1 message
is sent to enumerate a a type 2 message from the target server. The type
2 message is then parsed for information such as the Active Directory
domain and NetBIOS name.
The user can provide their own TARGETURIS file which contains URIs
to request to attempt to get a 401 with NTLM. This PR also includes
a list of URLs that can be used as the default.
2013-09-04 21:39:02 -04:00
jgor
84e4b42f6b
allow 302 redirects
2013-09-04 16:59:42 -05:00
jgor
66d5af5a11
remove dependency on tmpl=component
2013-09-04 16:58:49 -05:00
jvazquez-r7
b6245eea72
Update target info
2013-09-04 16:43:26 -05:00
jvazquez-r7
34b3ee5e17
Update ranking and description
2013-09-04 16:10:15 -05:00
jvazquez-r7
94125a434b
Add module for ZDI-13-205
2013-09-04 15:57:22 -05:00
Tab Assassin
9f3a5dc5d0
Retab new modules
2013-09-04 12:32:53 -05:00
Tab Assassin
999b802468
Merge branch 'master' into retab/rumpus
2013-09-04 12:32:05 -05:00
James Lee
b913fcf1a7
Add a proper PrependFork for linux
...
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
Meatballs
3066e7e19d
ReverseConnectRetries ftw
2013-09-04 00:16:19 +01:00
Meatballs
a8e77c56bd
Updates
2013-09-03 22:46:20 +01:00
William Vu
cc838401fb
Land #2314 , metasploit_pcaplog title correction
2013-09-03 15:21:00 -06:00
William Vu
b9ceed0c53
Land #2313 , lockout_keylogger title correction
2013-09-03 15:20:20 -06:00
Meatballs
ac0c493cf9
Merge branch 'master' of github.com:rapid7/metasploit-framework into local_win_priv_keyring
2013-09-03 21:33:11 +01:00
Tab Assassin
cbb9984358
Merge branch 'master' into retab/rumpus
2013-09-03 14:11:16 -05:00
Tab Assassin
84aaf2334a
Retab new material
2013-09-03 11:47:26 -05:00
Brandon Turner
4259bc6211
Merge pull request #2323 from jvazquez-r7/fix_python_load
...
Fix require on Python bind_tcp stager
2013-09-03 09:47:06 -07:00
Tab Assassin
0c1e6546af
Update from master
2013-09-03 11:45:39 -05:00
jvazquez-r7
ff6ee5b145
Fix require
2013-09-03 10:52:52 -05:00
Tod Beardsley
6daa90a4a5
Msftidy: use binary on File.open always
...
msftidy is complaining, here:
keylog_recorder.rb:116 - [WARNING] File.open without binary mode
Not sure how this managed to hit upstream/master with msftidy warnings.
Protip, use an msftidy pre-commit hook. We have just such a hook script
in tools/dev, as a matter of fact, so it's just a symlink away:
https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
2013-09-03 10:35:50 -05:00
Boris
a23c1f1ad4
added additional "include"
2013-09-03 19:34:37 +04:00
Tod Beardsley
8acabe457c
Trailing whitespace fixup
2013-09-03 10:32:48 -05:00
Tod Beardsley
ca8dacb93b
Minor module description updates for grammar.
2013-09-03 10:31:45 -05:00
Karn Ganeshen
3786376b42
Aux module for Sentry CDU enum
2013-09-03 14:44:03 +05:30
Boris
9a33c674aa
RHOST, RPORT removed, Tries option added
2013-09-01 22:58:22 +04:00
jvazquez-r7
560d384633
Do first modification to Auxiliary::Login and Auxiliary::AuthBrute
2013-08-31 23:38:04 -05:00
sinn3r
ac0b14e793
Add the missing CVE reference
...
Was looking at all the 2013 exploit modules for missing CVE references
2013-08-31 18:54:16 -05:00
sinn3r
bcc0152274
Correct metasploit_pcaplog's naming style
...
The naming style nazi is in town. ph33r.
2013-08-31 18:25:06 -05:00
sinn3r
a4bcc1f82f
Correct module naming style
...
You know what it is.
2013-08-31 18:17:06 -05:00
Boris
28ca62d60f
New option added. Names now random. Dos check added
2013-08-31 13:18:22 +04:00
sinn3r
0736677a01
Land #2299 - Add powershell support & removes ADODB.Stream requirement
2013-08-31 00:32:23 -05:00
sinn3r
c4aa557364
Land #2292 - Fix the way to get a session over a telnet connection
2013-08-31 00:29:25 -05:00
Tab Assassin
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
jvazquez-r7
5b32c63a42
Land #2308 , @wchen-r7's exploit for MS13-059
2013-08-30 10:59:36 -05:00
jvazquez-r7
ea8cd2dc46
Update authors list
2013-08-30 10:52:39 -05:00
sinn3r
a283f1d4fa
Correct module title
2013-08-30 10:50:35 -05:00
sinn3r
f4e09100bd
Correct file name
2013-08-30 10:50:05 -05:00
sinn3r
38dbab9dd0
Fix typos
2013-08-30 10:43:26 -05:00
Meatballs
1ea3d91f48
Lands #2244 Python Meterpreter
...
[Closes #2244 ]
2013-08-30 14:33:35 +01:00
sinn3r
7401f83d8e
Land #2305 - HP LoadRunner lrFileIOService ActiveX WriteFileString Bug
2013-08-30 03:23:47 -05:00
sinn3r
0a1b078bd8
Add CVE-2013-3184 (MS13-058) CFlatMarkupPointer Use After Free
...
Please see module description for more info.
2013-08-30 03:16:28 -05:00
jvazquez-r7
2176f0b91c
Land #2303 , @todb-r7's patch to avoid loading order issues on sudo_password_bypass
2013-08-29 14:52:17 -05:00
jvazquez-r7
657be3a3d9
Fix typo
2013-08-29 14:42:59 -05:00
jvazquez-r7
4a6bf1da7f
Add module for ZDI-13-207
2013-08-29 14:09:45 -05:00
James Lee
63adde2429
Fix load order in posts, hopefully forever
2013-08-29 13:37:50 -05:00
Tod Beardsley
7b9314763c
Add the require boilerplate
...
Fixes a bug that sometimes comes up with load order on this module. I
know @jlee-r7 is working on a better overall solution but this should
solve for the short term.
Note, since the problem is practically machine-specific. @jlee-r7
suggested rm'ing all modules but the one under test. Doing that exposes
the bug, and I've verified this fix in that way.
2013-08-29 13:03:11 -05:00
rbsec
a574b548b2
Updated wordpress_login_enum auxilary module.
...
Update wordoress_login_enum to work when the wordpress site redirects
to /author/[authorname]/ rather than displaying the author's name in
the page contents.
2013-08-29 15:28:46 +01:00
jvazquez-r7
66886eed7a
Land #2283 , @bmerinofe's post module for PortProxy Port Forwarding
2013-08-28 17:34:14 -05:00
jvazquez-r7
f477711268
Provide more information about installing IPv6
2013-08-28 17:22:50 -05:00
jvazquez-r7
43badfaa1c
Move the check_ipv6 call to the run metod
2013-08-28 17:20:11 -05:00
jvazquez-r7
05863cb1cc
Delete vague exception handling only done on one place
2013-08-28 17:17:05 -05:00
jvazquez-r7
6b8c7cbe24
Omit parentheses for method call with no args
2013-08-28 17:15:28 -05:00
jvazquez-r7
c04e6b2b14
Reduce code complexity on check_ipv6
2013-08-28 17:13:21 -05:00
jvazquez-r7
f339510816
Use OptPort
2013-08-28 17:10:22 -05:00
jvazquez-r7
ad8b6ec1ef
Avoid redefine builtin datastore options
2013-08-28 17:08:22 -05:00
jvazquez-r7
ad1b9fbaef
Use datastore options to avoid complex logic around args
2013-08-28 17:00:10 -05:00
jvazquez-r7
c68986e6eb
Favor unless over if not
2013-08-28 16:50:44 -05:00
jvazquez-r7
3a2a2a9cc0
Beautify metadata
2013-08-28 16:48:36 -05:00
Meatballs
a12f5092dd
Encode the powershell cmd
2013-08-28 22:37:11 +01:00
Meatballs
aa0563244b
Update unsafe scripting module
2013-08-28 22:30:46 +01:00
Boris
b3ec8f741f
File moved to auxiliary with some bug fixes
2013-08-29 00:11:34 +04:00
Boris
d71b2bd3a4
Samba CVE 2013-4124 integer overflow exploit added
2013-08-28 23:05:26 +04:00
bmerinofe
c31a2332be
Juan changes applied
2013-08-28 19:53:54 +02:00
James Lee
feae4a41e7
I don't like end-of-line comments
2013-08-28 12:42:26 -05:00
sinn3r
57c7d0679a
Land #2295 - Add platform info
2013-08-28 10:38:50 -05:00
jvazquez-r7
1042dbe56a
Land #2108 , @jiuweigui's post module to get info from prefetch files
2013-08-28 10:01:06 -05:00
jvazquez-r7
0fbe411be7
Ensure use Ruby File
2013-08-28 09:55:21 -05:00
jvazquez-r7
5c32bb4a8e
Beautify metadata
2013-08-28 09:32:23 -05:00
jvazquez-r7
4f8ba82d02
Make gather_pf_info return a prefetch entry
2013-08-28 09:29:49 -05:00
jvazquez-r7
904bd12663
Fix print over nil or empty string
2013-08-28 09:27:18 -05:00
jvazquez-r7
ef3085823c
Use default timeout value
2013-08-28 09:26:46 -05:00
jvazquez-r7
8ac82b8b18
Beautify timezone_key_values function
2013-08-28 09:25:49 -05:00
jvazquez-r7
bc593aab4f
Avoid confusion between variable and method name
2013-08-28 09:24:32 -05:00
jvazquez-r7
26531dbaa7
Land #2100 , @ddouhine's exploit for OSVDB 83543
2013-08-28 08:55:59 -05:00
jvazquez-r7
ab572d7d72
Fix Authors metadata section
2013-08-28 08:53:48 -05:00
Vlatko Kosturjak
b702a0d353
Fix "A payload has not been selected."
...
Since platform definition is missing, exploitation fails.
2013-08-28 12:53:08 +02:00
Joe Vennix
f823290a4c
Add nc check. Prints successful binary match.
...
* kills session nil check
2013-08-27 17:21:18 -05:00
sinn3r
13996b98cf
Correct action description for recording
...
The correct description is recording
2013-08-27 12:39:46 -05:00
sinn3r
a91b38cbf4
Land #2276 - osx webcam and record_mic post modules
2013-08-27 12:28:14 -05:00
Joe Vennix
067b8f3c59
Adds session existence check. Moves error log path to datastore option.
2013-08-27 11:44:21 -05:00
Joe Vennix
8a8f80e097
Move error log path to datastore option.
2013-08-27 11:43:20 -05:00
jvazquez-r7
0bfc12ada1
Fix the way to get a session over a telnet connection
2013-08-27 11:38:49 -05:00
sinn3r
728d0a0e65
Land #2240 - OSX keylogger
2013-08-27 11:36:58 -05:00
sinn3r
a9459ef703
Update module title for naming style consistency
2013-08-27 11:36:26 -05:00
sinn3r
16ace44f2d
Move keylogger.rb to post/osx/capture/keylog_recorder
...
To match the naming consistency with Windows
2013-08-27 11:35:00 -05:00
Joe Vennix
5cc4ef09d1
Move previous error log path to method. Renames the #check method.
2013-08-27 11:25:00 -05:00
sinn3r
e4a567b2b5
Land #2284 - Fix description
2013-08-27 11:20:58 -05:00
sinn3r
b0226cab79
Land #2290 - HP LoadRunner lrFileIOService ActiveX Vulnerability
2013-08-27 11:19:43 -05:00
sinn3r
2e4e3fdbe6
Land #2237 - Fix check function
2013-08-27 11:11:54 -05:00
jvazquez-r7
997c5e5516
Land #2291 , @todb-r7's patch for oracle_endeca_exec's requires
2013-08-27 11:01:21 -05:00
Tod Beardsley
15b741bb5f
Require the powershell mixin explicitly
2013-08-27 10:36:51 -05:00