Commit Graph

10878 Commits (681db6cb4164df18006e006a10a33f81d7d61078)

Author SHA1 Message Date
jvazquez-r7 2741983158 Update description 2013-09-13 18:31:11 -05:00
jvazquez-r7 40aeaf445b Add auxiliary module for HP SNAC Auth Bypass 2013-09-13 18:29:57 -05:00
jvazquez-r7 54e9cd81f3 Add module for ZDI-13-226 2013-09-13 17:31:51 -05:00
jvazquez-r7 10303a8c2a Delete debug print_status 2013-09-13 17:05:23 -05:00
jvazquez-r7 dca4351303 Add check function 2013-09-13 16:51:14 -05:00
jvazquez-r7 f7c4e081bb Add module for ZDI-13-225 2013-09-13 16:40:28 -05:00
Tod Beardsley 813290cd68
Land #2357 2013-09-13 14:26:30 -05:00
Tod Beardsley b2ba4b445f
Land #2362, update description 2013-09-13 12:56:04 -05:00
sinn3r 4847976995 Update information about original discovery
Update info about original discovoery. See #2337 too.
2013-09-13 10:42:11 -05:00
jvazquez-r7 c665f41cd6 Fix description 2013-09-13 09:09:14 -05:00
Joe Vennix 84f015320a Probably helps to use the right alternate exploit name. 2013-09-12 16:16:49 -05:00
Joe Vennix 14577441ca Deprecates windows persistence post module. 2013-09-12 16:10:48 -05:00
Tod Beardsley 76f27ecde8 Require the deprecation mixin in all modules
Because rememberin to require it, and hoping against a race is not how we
roll any more.
2013-09-12 15:49:33 -05:00
Tod Beardsley 761042f14b require the deprecated mixin 2013-09-12 15:42:01 -05:00
Tod Beardsley 968f299772 Deprecate A-PDF exploit for filename change
See PT 56796034
See PT 56795804
2013-09-12 15:30:26 -05:00
sinn3r ac90cd1263 Land #2248 - Fix dlink upnp exec noauth 2013-09-12 15:10:20 -05:00
sinn3r 149312a4c0 Correct wordpress_login_enum for #2301
tabassassin created a mess and I failed to resolve it properly.
Attempt #2. See #2301.
2013-09-12 14:56:46 -05:00
sinn3r 91b8ca8f22 Merge branch 'pr2301' into upstream-master
Conflicts:
	modules/auxiliary/scanner/http/wordpress_login_enum.rb
2013-09-12 14:52:34 -05:00
James Lee 58b634dd27 Remove unnecessary requires from post mods 2013-09-12 14:36:01 -05:00
MosDefAssassin b7dec23a1d Update meterpreter.rb
Meterpreter Error: Uninitialized Constant Error Prevents a 32bit Meterpreter session from migrating to a 64bit process.
Discovered: September 9th 2013
Fixed: September 11th 2013 By MosDefAssassin
Contact:ara1212@gmail.com
Tested on Windows 2008 R2 SP1 Running as a Domain Controller

Issue:
An issue has been discovered when you have created a simple 32bit windows/meterpreter/reverse_tcp payload and have launched the payload on the victim to obtain a remote meterpreter session. While in this session you attempt to migrate your 32bit process over to a 64bit process in order to take advantage of tools like hashdump or mimikatz or obtain system level access under a 64bit process that runs as system such as dns.exe. However when you attempt to migrate to a 64bit process you receive the following error:
 
Error running command migrate: NameError uninitialized constant Msf::Payload::Windows::ReflectiveDllInject_x64

Cause and Resolution:
This issue occurs because the meterpreter.rb file that is being called from within
“/opt/metasploit/apps/pro/msf3/modules/payloads/stages/windows/” folder
does not contain the following classes:
require 'msf/core/payload/windows/x64/reflectivedllinject'
require 'msf/base/sessions/meterpreter_x64_win'
Once you add these two classes to the meterpreter.rb file, you will be able to migrate to 64bit processes from a basic msfpayload generated 32bit meterpreter payload.
2013-09-12 14:32:13 -05:00
sinn3r 34383661cb Land #2351 - Agnitum Outpost Internet Security Local Privilege Escalation 2013-09-12 14:21:05 -05:00
sinn3r 5aa6a0dd6b Land #2346 - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution 2013-09-12 14:19:02 -05:00
sinn3r f42e6e8bca Land #2345 - Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation 2013-09-12 14:17:24 -05:00
sinn3r 8db66aeb98 Yes, clearly it is. 2013-09-12 14:16:34 -05:00
sinn3r d781f447db Merge branch 'pr2345' into upstream-master 2013-09-12 14:15:18 -05:00
sinn3r d006ee52b1 Land #2344 - Sophos Web Protection Appliance patience.cgi Directory Traversal 2013-09-12 14:13:32 -05:00
Tod Beardsley d47de46d94 Deprecate brightstor/tape_engine_8A
This module is getting renamed to 8a, instead of 8A.
2013-09-12 13:59:44 -05:00
James Lee 41f23d5268 Fix merge fail
The whitespace fixes from @tabassassin somehow hosed this change.

See
845bf7146b
and
6daa90a4a5
2013-09-11 16:22:35 -05:00
jvazquez-r7 9ad1be7318 Make junk easier 2013-09-11 09:33:01 -05:00
jvazquez-r7 825eb9d1ca Add module for OSVDB 96208 2013-09-11 00:11:00 -05:00
jvazquez-r7 4f1db80c24 Fix requires in new post modules 2013-09-10 11:13:07 -05:00
jvazquez-r7 df3aae0cae Land #2341, @todb-r7's grammar fixes 2013-09-10 09:20:29 -05:00
jvazquez-r7 02a073a8fe Change module filename 2013-09-09 23:30:37 -05:00
jvazquez-r7 64348dc020 Update information 2013-09-09 23:29:48 -05:00
jvazquez-r7 bf40dc02ce Add module for CVE-2013-4984 2013-09-09 23:27:24 -05:00
jvazquez-r7 c3ff9a03d8 Add module for CVE-2013-4983 2013-09-09 23:26:10 -05:00
HD Moore 06f7abc552 Helps to put the rand() wrapper in 2013-09-09 20:26:11 -05:00
HD Moore baff3577e5 FixRM #8034 Pick a valid certificate expiration 2013-09-09 20:24:52 -05:00
Tod Beardsley 93c0b02b3b
Land #2342, fix for smb_enumshares Array-ness 2013-09-09 16:55:01 -05:00
James Lee f73c18ccd9 Store the Array, not human-readable version
[SeeRM #8389]
2013-09-09 16:44:47 -05:00
Tod Beardsley aff35a615b Grammar fixes in descriptions 2013-09-09 15:09:53 -05:00
jvazquez-r7 2252aee398 Fix ltype on store_loot 2013-09-09 14:02:28 -05:00
jvazquez-r7 ce769b0c78 Add module for CVE-2013-2641 2013-09-09 13:56:45 -05:00
jvazquez-r7 791b6f69c2 Land #2337, @wchen-r7's exploit for MS13-055 2013-09-09 11:12:03 -05:00
sinn3r 0ee0168556 Retabbed
One kills a man, one is an assassin; one kills millions, one is a
conqueror; one kills a tab, one is a Metasploit dev.
2013-09-09 10:01:01 -05:00
sinn3r 6ab905e9e0 Less alignment 2013-09-09 09:39:02 -05:00
sinn3r 992bdcf530 Not from the future 2013-09-09 00:36:28 -05:00
sinn3r ae659507d2 Land #2336 - GE Proficy Cimplicity WebView Directory Traversal 2013-09-08 23:05:57 -05:00
jvazquez-r7 3d48ba5cda Escape dot on regex 2013-09-08 20:26:20 -05:00
sinn3r 47147444af Land #2327 HP SiteScope Remote Code Execution 2013-09-08 20:14:27 -05:00
sinn3r c3db41334b Add MS13-055 Internet Explorer Use-After-Free Vulnerability
In IE8 standards mode, it's possible to cause a use-after-free condition by first
creating an illogical table tree, where a CPhraseElement comes after CTableRow,
with the final node being a sub table element. When the CPhraseElement's outer
content is reset by using either outerText or outerHTML through an event handler,
this triggers a free of its child element (in this case, a CAnchorElement, but
some other objects apply too), but a reference is still kept in function
SRunPointer::SpanQualifier. This function will then pass on the invalid reference
to the next functions, eventually used in mshtml!CElement::Doc when it's trying to
make a call to the object's SecurityContext virtual function at offset +0x70, which
results a crash. An attacker can take advantage of this by first creating an
CAnchorElement object, let it free, and then replace the freed memory with another
fake object. Successfully doing so may allow arbitrary code execution under the
context of the user.

This bug is specific to Internet Explorer 8 only. It was originally discovered by
Orange Tsai at Hitcon 2013, but was silently patched in the July 2013 update, so
no CVE as of now.
2013-09-08 20:02:23 -05:00
jvazquez-r7 02cc53e893 Land #2298, @dzruyk's DoS aux module for CVE-2013-4124 2013-09-07 16:11:49 -05:00
jvazquez-r7 a40e0ba704 Clean up read_nttrans_ea_list 2013-09-07 16:11:00 -05:00
jvazquez-r7 be9b0da595 Update print message 2013-09-06 16:09:38 -05:00
Joe Vennix 3da9c4a685 Cleans up timeouts, wait before dropping payload, actually call #cleanup#super to kill the dropped file 2013-09-06 13:05:17 -05:00
jvazquez-r7 830bc2ae64 Update OSVDB reference 2013-09-06 13:01:39 -05:00
jvazquez-r7 4e3d4994c3 Update description 2013-09-06 12:58:54 -05:00
jvazquez-r7 45821a505b Add module for CVE-2013-0653 2013-09-06 12:42:34 -05:00
jvazquez-r7 ffa600ff8b Fix really the check method 2013-09-06 10:21:18 -05:00
jvazquez-r7 9b9e1592fd Retab changes 2013-09-06 10:13:38 -05:00
jvazquez-r7 a64f960bfc Merge for retab 2013-09-06 10:12:55 -05:00
jvazquez-r7 d9fed860a5 Fix check method 2013-09-06 10:11:06 -05:00
jvazquez-r7 94cc3f0e49 Retab changes 2013-09-06 09:51:14 -05:00
jvazquez-r7 73a66819ea Merge for retab 2013-09-06 09:50:37 -05:00
jvazquez-r7 7ce9d38eba Fix module 2013-09-06 09:49:52 -05:00
Tyler Krpata 2aed293d9a Handle locked date and time preference pane
If the date and time preference pane is locked, effects are:
1. systemsetup takes 30 seconds to return
    added a 30-second timeout to cmd_exec
2. Unable to change system date and time settings
    added additional check to see if date change was successful
2013-09-06 10:17:09 -04:00
jvazquez-r7 7d4bf0c739 Retab changes for PR #2327 2013-09-05 23:25:41 -05:00
jvazquez-r7 34b499588b Merge for retab 2013-09-05 23:24:22 -05:00
jvazquez-r7 eb745af12f Land #1054, @Meatballs1 exploit for IPsec Keying and more 2013-09-05 16:53:20 -05:00
Meatballs 473f08bbb6 Register cleanup and update check 2013-09-05 22:43:26 +01:00
Meatballs 400b433267 Sort out exception handling 2013-09-05 22:21:44 +01:00
James Lee adfb31e30a Land #2316, don't modify datastore in authbrute 2013-09-05 16:04:15 -05:00
Tyler Krpata 07060e4e69 Add return in check 2013-09-05 16:57:47 -04:00
Tab Assassin 2e9096d427 Retab changes for PR #1734 2013-09-05 14:59:41 -05:00
Tab Assassin 322ed35bb4 Merge for retab 2013-09-05 14:59:34 -05:00
Tab Assassin 2846a5d680 Retab changes for PR #1770 2013-09-05 14:57:40 -05:00
Tab Assassin 269c1a26cb Merge for retab 2013-09-05 14:57:32 -05:00
Meatballs d4043a6646 Spaces and change to filedropper 2013-09-05 20:41:37 +01:00
Meatballs c5daf939d1 Stabs tabassassin 2013-09-05 20:36:52 +01:00
Tab Assassin f780a41f87 Retab changes for PR #2248 2013-09-05 14:12:24 -05:00
Tab Assassin 554d1868ce Merge for retab 2013-09-05 14:12:18 -05:00
Tab Assassin f5a4c05dbc Retab changes for PR #2267 2013-09-05 14:11:03 -05:00
Tab Assassin 4703a10b64 Merge for retab 2013-09-05 14:10:58 -05:00
Meatballs 9787bb80e7 Address @jlee-r7's feedback 2013-09-05 19:57:05 +01:00
Tab Assassin 597f337d1b Retab changes for PR #2298 2013-09-05 13:52:10 -05:00
Tab Assassin acfef429c2 Merge for retab 2013-09-05 13:52:05 -05:00
jvazquez-r7 206b52ea30 Land #2325, @jlee-r7's Linux PrependFork addition 2013-09-05 13:50:59 -05:00
Tab Assassin 845bf7146b Retab changes for PR #2304 2013-09-05 13:41:25 -05:00
Tab Assassin adf9ff356c Merge for retab 2013-09-05 13:41:23 -05:00
jvazquez-r7 86ceadc53d Fix target description 2013-09-05 13:37:01 -05:00
jvazquez-r7 d43326d0f4 Check 302 while checking too 2013-09-05 13:36:35 -05:00
jvazquez-r7 ab83a12354 Check 302 on anonymous access too 2013-09-05 13:35:52 -05:00
Tab Assassin abb52a086c Retab changes for PR #2316 2013-09-05 13:33:59 -05:00
Tab Assassin 8665de0261 Merge for retab 2013-09-05 13:33:49 -05:00
Tab Assassin 896bb129cd Retab changes for PR #2325 2013-09-05 13:24:09 -05:00
Tab Assassin 5ff25d8b96 Merge for retab 2013-09-05 13:23:25 -05:00
Tab Assassin c9c6f84668 Retab changes for PR #2328 2013-09-05 13:16:15 -05:00
Tab Assassin 9bdc274904 Merge for retab 2013-09-05 13:15:07 -05:00
Tab Assassin 0a1a202fb5 Retab changes for PR #2329 2013-09-05 13:04:23 -05:00
Tab Assassin 760943af2f Merge for retab 2013-09-05 13:02:51 -05:00
James Lee 50c6f26329 Don't deregister PrependFork 2013-09-05 10:50:36 -05:00
jvazquez-r7 c44be42cf5 Merge the check for Sentry in just one request 2013-09-05 10:41:20 -05:00
jvazquez-r7 d280d45964 Revert "Updated module - 1 req action"
This reverts commit f85b9aa780.
2013-09-05 10:35:13 -05:00
Karn Ganeshen f85b9aa780 Updated module - 1 req action
Modified the code to have it work with 1 request instead of 3. Thanks Meatballs1!
2013-09-05 20:04:02 +05:30
kaospunk 9f628b8b63 Add URI where information was discovered
This adds the URI where the information was enumerated from to the
scanner output.

One more place where target_uri was being used was also corrected.
2013-09-05 10:06:11 -04:00
kaospunk afaab5e0a6 Fixes issues raised by jvazquez-r7
This commit fixes the following issues raised by jvazquez-r7:
* The local target_uri variable has been renamed to test_uri
* Logic to prepend a "/" to the uri has been removed
* The timeout of 10 for send_request_cgi has been removed to use the
  default
2013-09-05 09:34:35 -04:00
jvazquez-r7 5c06a471f9 Get the call result 2013-09-05 08:33:35 -05:00
jvazquez-r7 3681955f68 Use Msf::Config.data_directory 2013-09-05 08:28:50 -05:00
jvazquez-r7 6b1d7545d6 Refactor, avoid duplicate code 2013-09-05 08:26:49 -05:00
kaospunk 533643fe2c Host Information Enumeration via NTLM Authentication
This aux module makes requests to resources on the target server in
an attempt to find resources which permit NTLM authentication. For
resources which permit NTLM authentication a blank NTLM type 1 message
is sent to enumerate a a type 2 message from the target server. The type
2 message is then parsed for information such as the Active Directory
domain and NetBIOS name.

The user can provide their own TARGETURIS file which contains URIs
to request to attempt to get a 401 with NTLM. This PR also includes
a list of URLs that can be used as the default.
2013-09-04 21:39:02 -04:00
jgor 84e4b42f6b allow 302 redirects 2013-09-04 16:59:42 -05:00
jgor 66d5af5a11 remove dependency on tmpl=component 2013-09-04 16:58:49 -05:00
jvazquez-r7 b6245eea72 Update target info 2013-09-04 16:43:26 -05:00
jvazquez-r7 34b3ee5e17 Update ranking and description 2013-09-04 16:10:15 -05:00
jvazquez-r7 94125a434b Add module for ZDI-13-205 2013-09-04 15:57:22 -05:00
Tab Assassin 9f3a5dc5d0 Retab new modules 2013-09-04 12:32:53 -05:00
Tab Assassin 999b802468 Merge branch 'master' into retab/rumpus 2013-09-04 12:32:05 -05:00
James Lee b913fcf1a7 Add a proper PrependFork for linux
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
Meatballs 3066e7e19d ReverseConnectRetries ftw 2013-09-04 00:16:19 +01:00
Meatballs a8e77c56bd Updates 2013-09-03 22:46:20 +01:00
William Vu cc838401fb Land #2314, metasploit_pcaplog title correction 2013-09-03 15:21:00 -06:00
William Vu b9ceed0c53 Land #2313, lockout_keylogger title correction 2013-09-03 15:20:20 -06:00
Meatballs ac0c493cf9 Merge branch 'master' of github.com:rapid7/metasploit-framework into local_win_priv_keyring 2013-09-03 21:33:11 +01:00
Tab Assassin cbb9984358 Merge branch 'master' into retab/rumpus 2013-09-03 14:11:16 -05:00
Tab Assassin 84aaf2334a Retab new material 2013-09-03 11:47:26 -05:00
Brandon Turner 4259bc6211 Merge pull request #2323 from jvazquez-r7/fix_python_load
Fix require on Python bind_tcp stager
2013-09-03 09:47:06 -07:00
Tab Assassin 0c1e6546af Update from master 2013-09-03 11:45:39 -05:00
jvazquez-r7 ff6ee5b145 Fix require 2013-09-03 10:52:52 -05:00
Tod Beardsley 6daa90a4a5 Msftidy: use binary on File.open always
msftidy is complaining, here:

keylog_recorder.rb:116 - [WARNING] File.open without binary mode

Not sure how this managed to hit upstream/master with msftidy warnings.
Protip, use an msftidy pre-commit hook. We have just such a hook script
in tools/dev, as a matter of fact, so it's just a symlink away:

https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
2013-09-03 10:35:50 -05:00
Boris a23c1f1ad4 added additional "include" 2013-09-03 19:34:37 +04:00
Tod Beardsley 8acabe457c Trailing whitespace fixup 2013-09-03 10:32:48 -05:00
Tod Beardsley ca8dacb93b Minor module description updates for grammar. 2013-09-03 10:31:45 -05:00
Karn Ganeshen 3786376b42 Aux module for Sentry CDU enum 2013-09-03 14:44:03 +05:30
Boris 9a33c674aa RHOST, RPORT removed, Tries option added 2013-09-01 22:58:22 +04:00
jvazquez-r7 560d384633 Do first modification to Auxiliary::Login and Auxiliary::AuthBrute 2013-08-31 23:38:04 -05:00
sinn3r ac0b14e793 Add the missing CVE reference
Was looking at all the 2013 exploit modules for missing CVE references
2013-08-31 18:54:16 -05:00
sinn3r bcc0152274 Correct metasploit_pcaplog's naming style
The naming style nazi is in town. ph33r.
2013-08-31 18:25:06 -05:00
sinn3r a4bcc1f82f Correct module naming style
You know what it is.
2013-08-31 18:17:06 -05:00
Boris 28ca62d60f New option added. Names now random. Dos check added 2013-08-31 13:18:22 +04:00
sinn3r 0736677a01 Land #2299 - Add powershell support & removes ADODB.Stream requirement 2013-08-31 00:32:23 -05:00
sinn3r c4aa557364 Land #2292 - Fix the way to get a session over a telnet connection 2013-08-31 00:29:25 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
jvazquez-r7 5b32c63a42 Land #2308, @wchen-r7's exploit for MS13-059 2013-08-30 10:59:36 -05:00
jvazquez-r7 ea8cd2dc46 Update authors list 2013-08-30 10:52:39 -05:00
sinn3r a283f1d4fa Correct module title 2013-08-30 10:50:35 -05:00
sinn3r f4e09100bd Correct file name 2013-08-30 10:50:05 -05:00
sinn3r 38dbab9dd0 Fix typos 2013-08-30 10:43:26 -05:00
Meatballs 1ea3d91f48 Lands #2244 Python Meterpreter
[Closes #2244]
2013-08-30 14:33:35 +01:00
sinn3r 7401f83d8e Land #2305 - HP LoadRunner lrFileIOService ActiveX WriteFileString Bug 2013-08-30 03:23:47 -05:00
sinn3r 0a1b078bd8 Add CVE-2013-3184 (MS13-058) CFlatMarkupPointer Use After Free
Please see module description for more info.
2013-08-30 03:16:28 -05:00
jvazquez-r7 2176f0b91c Land #2303, @todb-r7's patch to avoid loading order issues on sudo_password_bypass 2013-08-29 14:52:17 -05:00
jvazquez-r7 657be3a3d9 Fix typo 2013-08-29 14:42:59 -05:00
jvazquez-r7 4a6bf1da7f Add module for ZDI-13-207 2013-08-29 14:09:45 -05:00
James Lee 63adde2429 Fix load order in posts, hopefully forever 2013-08-29 13:37:50 -05:00
Tod Beardsley 7b9314763c Add the require boilerplate
Fixes a bug that sometimes comes up with load order on this module. I
know @jlee-r7 is working on a better overall solution but this should
solve for the short term.

Note, since the problem is practically machine-specific. @jlee-r7
suggested rm'ing all modules but the one under test. Doing that exposes
the bug, and I've verified this fix in that way.
2013-08-29 13:03:11 -05:00
rbsec a574b548b2 Updated wordpress_login_enum auxilary module.
Update wordoress_login_enum to work when the wordpress site redirects
to /author/[authorname]/ rather than displaying the author's name in
the page contents.
2013-08-29 15:28:46 +01:00
jvazquez-r7 66886eed7a Land #2283, @bmerinofe's post module for PortProxy Port Forwarding 2013-08-28 17:34:14 -05:00
jvazquez-r7 f477711268 Provide more information about installing IPv6 2013-08-28 17:22:50 -05:00
jvazquez-r7 43badfaa1c Move the check_ipv6 call to the run metod 2013-08-28 17:20:11 -05:00
jvazquez-r7 05863cb1cc Delete vague exception handling only done on one place 2013-08-28 17:17:05 -05:00
jvazquez-r7 6b8c7cbe24 Omit parentheses for method call with no args 2013-08-28 17:15:28 -05:00
jvazquez-r7 c04e6b2b14 Reduce code complexity on check_ipv6 2013-08-28 17:13:21 -05:00
jvazquez-r7 f339510816 Use OptPort 2013-08-28 17:10:22 -05:00
jvazquez-r7 ad8b6ec1ef Avoid redefine builtin datastore options 2013-08-28 17:08:22 -05:00
jvazquez-r7 ad1b9fbaef Use datastore options to avoid complex logic around args 2013-08-28 17:00:10 -05:00
jvazquez-r7 c68986e6eb Favor unless over if not 2013-08-28 16:50:44 -05:00
jvazquez-r7 3a2a2a9cc0 Beautify metadata 2013-08-28 16:48:36 -05:00
Meatballs a12f5092dd Encode the powershell cmd 2013-08-28 22:37:11 +01:00
Meatballs aa0563244b Update unsafe scripting module 2013-08-28 22:30:46 +01:00
Boris b3ec8f741f File moved to auxiliary with some bug fixes 2013-08-29 00:11:34 +04:00
Boris d71b2bd3a4 Samba CVE 2013-4124 integer overflow exploit added 2013-08-28 23:05:26 +04:00
bmerinofe c31a2332be Juan changes applied 2013-08-28 19:53:54 +02:00
James Lee feae4a41e7 I don't like end-of-line comments 2013-08-28 12:42:26 -05:00
sinn3r 57c7d0679a Land #2295 - Add platform info 2013-08-28 10:38:50 -05:00
jvazquez-r7 1042dbe56a Land #2108, @jiuweigui's post module to get info from prefetch files 2013-08-28 10:01:06 -05:00
jvazquez-r7 0fbe411be7 Ensure use Ruby File 2013-08-28 09:55:21 -05:00
jvazquez-r7 5c32bb4a8e Beautify metadata 2013-08-28 09:32:23 -05:00
jvazquez-r7 4f8ba82d02 Make gather_pf_info return a prefetch entry 2013-08-28 09:29:49 -05:00
jvazquez-r7 904bd12663 Fix print over nil or empty string 2013-08-28 09:27:18 -05:00
jvazquez-r7 ef3085823c Use default timeout value 2013-08-28 09:26:46 -05:00
jvazquez-r7 8ac82b8b18 Beautify timezone_key_values function 2013-08-28 09:25:49 -05:00
jvazquez-r7 bc593aab4f Avoid confusion between variable and method name 2013-08-28 09:24:32 -05:00
jvazquez-r7 26531dbaa7 Land #2100, @ddouhine's exploit for OSVDB 83543 2013-08-28 08:55:59 -05:00
jvazquez-r7 ab572d7d72 Fix Authors metadata section 2013-08-28 08:53:48 -05:00
Vlatko Kosturjak b702a0d353 Fix "A payload has not been selected."
Since platform definition is missing, exploitation fails.
2013-08-28 12:53:08 +02:00
Joe Vennix f823290a4c Add nc check. Prints successful binary match.
* kills session nil check
2013-08-27 17:21:18 -05:00
sinn3r 13996b98cf Correct action description for recording
The correct description is recording
2013-08-27 12:39:46 -05:00
sinn3r a91b38cbf4 Land #2276 - osx webcam and record_mic post modules 2013-08-27 12:28:14 -05:00
Joe Vennix 067b8f3c59 Adds session existence check. Moves error log path to datastore option. 2013-08-27 11:44:21 -05:00
Joe Vennix 8a8f80e097 Move error log path to datastore option. 2013-08-27 11:43:20 -05:00
jvazquez-r7 0bfc12ada1 Fix the way to get a session over a telnet connection 2013-08-27 11:38:49 -05:00
sinn3r 728d0a0e65 Land #2240 - OSX keylogger 2013-08-27 11:36:58 -05:00
sinn3r a9459ef703 Update module title for naming style consistency 2013-08-27 11:36:26 -05:00
sinn3r 16ace44f2d Move keylogger.rb to post/osx/capture/keylog_recorder
To match the naming consistency with Windows
2013-08-27 11:35:00 -05:00
Joe Vennix 5cc4ef09d1 Move previous error log path to method. Renames the #check method. 2013-08-27 11:25:00 -05:00
sinn3r e4a567b2b5 Land #2284 - Fix description 2013-08-27 11:20:58 -05:00
sinn3r b0226cab79 Land #2290 - HP LoadRunner lrFileIOService ActiveX Vulnerability 2013-08-27 11:19:43 -05:00
sinn3r 2e4e3fdbe6 Land #2237 - Fix check function 2013-08-27 11:11:54 -05:00
jvazquez-r7 997c5e5516 Land #2291, @todb-r7's patch for oracle_endeca_exec's requires 2013-08-27 11:01:21 -05:00
Tod Beardsley 15b741bb5f Require the powershell mixin explicitly 2013-08-27 10:36:51 -05:00
jvazquez-r7 f59f57e148 Randomize object id 2013-08-27 10:35:06 -05:00
jvazquez-r7 66fa1b41aa Fix logic to spray correctly IE9 2013-08-27 09:57:55 -05:00
g0tmi1k 7efe85dbd6 php_include - added @wchen-r7's code improvements 2013-08-27 14:00:13 +01:00
Joe Vennix 87c03237a9 Fix discrepencies between unix/osx with whereis cmd. 2013-08-27 03:17:14 -05:00
Joe Vennix 98b21471ed fix some bugs in cups_root_file_read module. 2013-08-27 03:03:08 -05:00
jvazquez-r7 93c46c4be5 Complete the Author metadata 2013-08-26 23:29:16 -05:00
jvazquez-r7 8efe2d9206 Land #2289, @jlee-r7's exploit for CVE-2013-1662 2013-08-26 23:27:19 -05:00
jvazquez-r7 e1e889131b Add references and comments 2013-08-26 23:26:13 -05:00
James Lee 63786f9e86 Add local exploit for taviso's vmware privesc 2013-08-26 21:06:40 -05:00
sinn3r 7a4d781538 Land #2274 - Firefox XMLSerializer Use After Free 2013-08-26 20:53:42 -05:00
jvazquez-r7 b9360b9de6 Land #2286, @wchen-r7's patch for undefined method errors 2013-08-26 20:46:05 -05:00
violet 4cbdf38377 updated contact info
MASTER OF DISASTER

ULTRA LASER

:::::::-.  :::::::..        :::::::-.      ...         ...     .        :
 ;;,   `';,;;;;``;;;;        ;;,   `';, .;;;;;;;.   .;;;;;;;.  ;;,.    ;;;
 `[[     [[ [[[,/[[['        `[[     [[,[[     \[[,,[[     \[[,[[[[, ,[[[[,
  $$,    $$ $$$$$$c           $$,    $$$$$,     $$$$$$,     $$$$$$$$$$$"$$$
  888_,o8P' 888b "88bo,d8b    888_,o8P'"888,_ _,88P"888,_ _,88P888 Y88" 888o
  MMMMP"`   MMMM   "W" YMP    MMMMP"`    "YMMMMMP"   "YMMMMMP" MMM  M'  "MMM
2013-08-26 16:14:49 -07:00
sinn3r 85ed9167f2 Print target endpoint
If a module consistently print the target endpoint in all its print
functions, then we'll follow that.
2013-08-26 17:51:43 -05:00
sinn3r 9f8051161f Properly implement normalize_uri 2013-08-26 17:18:00 -05:00
sinn3r 7fad26968c More fix to jboss_seam_exec 2013-08-26 17:16:15 -05:00
jvazquez-r7 c660279963 Land #2259, @wchen-r7's patch for [SeeRM #8319] 2013-08-26 16:36:45 -05:00
jvazquez-r7 a58750fbbb Land #2266, @wchen-r7's patch forn [SeeRM #8345] and [SeeRM #8344] 2013-08-26 16:14:50 -05:00
Tod Beardsley 6b15a079ea Update for grammar in descriptions on new modules. 2013-08-26 14:52:51 -05:00
Tod Beardsley 5b4890f5b9 Fix caps on typo3_winstaller module 2013-08-26 14:47:42 -05:00
sinn3r 3769da2722 Better fixes 2013-08-26 14:02:45 -05:00
sinn3r 6b8feaff8c Type conversion 2013-08-26 13:56:11 -05:00
sinn3r 8c7f4b3e1f Avoid using inline rescue 2013-08-26 13:54:06 -05:00
jvazquez-r7 252f48aeee Land #2272, @jvennix-r7's exploit for CVE-2013-1775 2013-08-26 13:21:58 -05:00
jvazquez-r7 0baaf989fb Delete on_new_session cleanup, as discusses with @jlee-r7 2013-08-26 13:20:43 -05:00
jvazquez-r7 9cb8ec950f Fix module description 2013-08-26 11:40:05 -05:00
bmerinofe 2b577552a2 OptEnum option changed 2013-08-26 15:25:23 +02:00
bmerinofe 64d21c7216 added portproxy post meterpreter module 2013-08-26 14:44:41 +02:00
jvazquez-r7 f8d1d29648 Add module for ZDI-13-182 2013-08-25 23:07:08 -05:00
Joe Vennix 34404ee067 Commit cups module. Tested on osx 10.7, 10.8, and unpatched ubuntu 12.0.4. 2013-08-25 14:30:11 -05:00
Christian Mehlmauer 45ad043102 moderated comments are now also working (even for unauthenticated users) 2013-08-25 11:02:15 +02:00
Christian Mehlmauer 035258389f use feed first before trying to bruteforce 2013-08-25 10:16:43 +02:00
Joe Vennix bf89c956c4 Just the one file, please 2013-08-24 14:53:51 -05:00
Joe Vennix 757886bece Remove some extra wip files. 2013-08-24 14:52:52 -05:00
Joe Vennix 29320f5b7f Fix vn refs. Add juan as an @author. 2013-08-24 13:07:35 -05:00
jvazquez-r7 5b812b0c22 Add references 2013-08-24 12:12:21 -05:00
jvazquez-r7 b4ad8c8867 Beautify module 2013-08-24 12:08:38 -05:00
Joe Vennix 0e116730a1 Polishing module. Tested on 10.8, 10.8.2, and 10.8.4. 2013-08-24 12:01:38 -05:00
Christian Mehlmauer 5f7ccf1cbe naming..again 2013-08-24 18:58:00 +02:00
Christian Mehlmauer 9af1341179 consistent naming 2013-08-24 18:51:07 +02:00
Christian Mehlmauer 7cd150b850 another module 2013-08-24 18:42:22 +02:00
jvazquez-r7 b13d357000 Add ranking 2013-08-24 11:35:35 -05:00
jiuweigui 2ebfdcc84b Fix to description 2013-08-24 19:32:01 +03:00
jvazquez-r7 3ce23ffb49 Make a test before running the payload 2013-08-24 11:20:47 -05:00
jiuweigui 73f4259156 Fix based on suggestions 2013-08-24 19:14:48 +03:00
jvazquez-r7 ab293d2ad9 Make msftidy happy 2013-08-24 10:51:19 -05:00
jvazquez-r7 82cf812311 Switch to PrependMigrate 2013-08-24 10:46:04 -05:00
jvazquez-r7 480794a9ab Make small fixes 2013-08-24 10:40:08 -05:00
Christian Mehlmauer 9e4a760576 Update payload 2013-08-24 17:30:16 +02:00
jvazquez-r7 832fa8838b Change the command to launch after background the payload job 2013-08-24 09:57:33 -05:00
jvazquez-r7 4532474309 Allow cleanup from the new session 2013-08-24 09:47:40 -05:00
Joe Vennix 3cdc6abec6 Clean up some code, get CMD working. 2013-08-23 20:19:21 -05:00
Joe Vennix 140d8ae42f Need to set timezone first. 2013-08-23 20:09:18 -05:00
Joe Vennix a4c2ba04f3 Pass cmd through /bin/sh to set default /Users/joe/.rvm/gems/ruby-1.9.3-p392@pro-dev/bin /Users/joe/.rvm/gems/ruby-1.9.3-p392@global/bin /Users/joe/.rvm/rubies/ruby-1.9.3-p392/bin /Users/joe/.rvm/bin /usr/local/sbin /usr/local/bin /usr/bin /bin /usr/sbin /sbin /usr/X11/bin /opt/bin /opt/X11/bin. CMD and native payloads now working. 2013-08-23 19:39:21 -05:00
jvazquez-r7 fc91380ebc Add work code 2013-08-23 17:54:21 -05:00
Joe Vennix 2d3f599498 Moves ruby_dl helpers to proper place in repo.
* Adds fail_with methods and moves timeouts to constants.
2013-08-23 17:17:19 -05:00
Christian Mehlmauer c40252e0b3 bugfixing 2013-08-24 00:04:16 +02:00
Joe Vennix ba00395cfd Set filename to osx_mic_rec instead of webcam. 2013-08-23 15:52:24 -05:00
sinn3r 7b5e98d57e Land #2269 - Oracle Endeca Server Remote Command Execution 2013-08-23 15:40:31 -05:00
Joe Vennix 6c4ad6a976 Move modules to post/osx/manage. 2013-08-23 15:38:58 -05:00
Christian Mehlmauer e9eb6b2427 simplification 2013-08-23 22:29:31 +02:00
Christian Mehlmauer 576ae50b73 more feedback implemented 2013-08-23 22:22:56 +02:00
Joe Vennix c3b98262bf Seriously ,stop writing things to my desktop. 2013-08-23 15:16:41 -05:00
jvazquez-r7 a5c9f8d670 Beautify targets metadata 2013-08-23 15:15:04 -05:00
jvazquez-r7 f3415f4147 Make msftidy compliant 2013-08-23 15:14:13 -05:00
jvazquez-r7 413474f417 Move module to the correct path 2013-08-23 15:08:25 -05:00
Joe Vennix 7ebe6635ea Finish fixing ruby 1.8.7 regressions. Works on 10.8 and 10.7. 2013-08-23 15:06:48 -05:00
Christian Mehlmauer de3fc1fa6c first feedback implemented 2013-08-23 21:59:36 +02:00
Joe Vennix ba27eab0d6 Comment out ctrl-z hax. 2013-08-23 19:44:39 +00:00
jvazquez-r7 ad214da3de Switch to powershell to exec payload 2013-08-23 14:39:29 -05:00
jvazquez-r7 a45f49e3b7 Use a new Ranking 2013-08-23 08:49:58 -05:00
jvazquez-r7 ff6ad30be0 Add module for ZDI-13-006 2013-08-22 18:15:35 -05:00
Christian Mehlmauer 556f17c47e Move modules 2013-08-22 17:33:35 +02:00
Christian Mehlmauer 8456d2c0ec remove target_uri 2013-08-22 00:48:42 +02:00
Christian Mehlmauer 959553583f -) revert last commit
-) split into seperate modules
2013-08-22 00:45:22 +02:00
Christian Mehlmauer 009d8796f6 wordpress is now a module, not a mixin 2013-08-22 00:05:58 +02:00
jvazquez-r7 965e2d88fe Use normalize_uri 2013-08-21 16:49:24 -05:00
Christian Mehlmauer 2e9a579a08 implement @limhoff-r7 feedback 2013-08-21 21:05:52 +02:00
Spencer McIntyre ffac6478cc Un typo a client and server socket mixup. 2013-08-21 14:59:30 -04:00
jiuweigui 514d2b4721 Fix to make msftidy happy. 2013-08-21 21:46:44 +03:00
jvazquez-r7 b72566b8aa Add module for ZDI-13-190 2013-08-21 12:47:47 -05:00
Christian Mehlmauer ffdd057f10 -) Documentation
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
jiuweigui 0cc499faf7 Minor deletes related to filetime change. 2013-08-21 14:47:50 +03:00
Christian Mehlmauer 49ec0d464a msftidy 2013-08-21 13:15:21 +02:00
Christian Mehlmauer 655e2dcf6c more methods 2013-08-21 13:13:41 +02:00
Christian Mehlmauer 11ef8d077c -) added wordpress mixin
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
jiuweigui 3a2433dac9 Remove unneeded filetime read 2013-08-21 12:18:07 +03:00
sinn3r 50e7d8015a Validate datastore option "YEAR"
The YEAR option is a numeric value, so should be OptInt in order to
go through validation.

[FixRM #8345]
[FixRM #8344]
2013-08-21 01:38:16 -05:00
sinn3r 89753a6390 Fix undefined method error
[FixRM #8323]
2013-08-21 01:22:27 -05:00
sinn3r 92752de651 Fix undefined method error
[FixRM #8324]
2013-08-21 01:20:57 -05:00
sinn3r 77942f0d29 Fix undefined method error
[FixRM #8325]
2013-08-21 01:20:03 -05:00
sinn3r 2fa75e0133 Fix undefined method error
[FixRM #8325]
2013-08-21 01:16:49 -05:00
sinn3r be29e44788 Fix undefined method error
[FixRM #8328]
2013-08-21 01:15:07 -05:00
sinn3r ae8c40c8f7 Fix undefined method error
[FixRM #8329]
2013-08-21 01:10:46 -05:00
sinn3r 42a7766f1b Fix undefined method error
[FixRM #8330]
2013-08-21 01:09:24 -05:00
sinn3r 0f85fa21b4 Fix undefined method error
[FixRM #8331]
2013-08-21 01:08:19 -05:00
sinn3r 8eeb66f96d Fix undefined method error
[FixRM #8332]
2013-08-21 01:06:54 -05:00
sinn3r 785f633d1d Fix undefined method error
[FixRM #8334]
[FixRM #8333]
2013-08-21 01:01:53 -05:00
sinn3r 0561928b92 Fix undefined method error
[FixRM #8336]
2013-08-21 00:54:08 -05:00
sinn3r 2597c71831 Fix undefined method error
[FixRM #8338]
[FixRM #8337]
2013-08-21 00:52:33 -05:00
sinn3r 092b43cbfa Fix undefined method error
[FixRM #8339]
2013-08-21 00:50:37 -05:00