infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
28,824 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

793 Commits (6e1cdfde369abb6052e3e19b31a3def12206836e)

Author SHA1 Message Date
jvazquez-r7 f42797fc5c Fix indentation 2013-08-16 14:19:37 -05:00
Tod Beardsley f7339f4f77 Cleanup various style issues 
* Unset default username and password
  * Register SSL as a DefaultOption instead of redefining it
  * Use the HttpClient mixin `ssl` instead of datastore.
  * Unless is better than if !
  * Try to store loot even if you can't cleanup the site ID.
 2013-08-16 14:03:59 -05:00
jvazquez-r7 dfa1310304 Commas in the author array 2013-08-16 13:54:46 -05:00
Tod Beardsley 24b8fb0d7b Whitespace retab, add rport 3780 as default 2013-08-16 13:31:05 -05:00
Tod Beardsley e436d31d23 Use SSL by defailt 2013-08-16 11:32:10 -05:00
Tod Beardsley 60a229c71a Use rhost and rport, not local host and port 2013-08-16 11:12:39 -05:00
Tod Beardsley 646d55b638 Description should be present tense 2013-08-16 11:06:34 -05:00
Tod Beardsley f0237f07d6 Correct author and references 2013-08-16 11:04:51 -05:00
Brandon Perry 46d6fb3b42 Add module for xxe 2013-08-16 10:51:05 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff 
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
 2013-07-29 21:47:52 -05:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Tod Beardsley 147d432b1d Move from DLink to D-Link 2013-07-23 14:11:16 -05:00
jvazquez-r7 4367a9ae49 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 15:09:35 -05:00
jvazquez-r7 70900cfe5e Final cleanup for foreman_openstack_satellite_priv_esc 2013-07-22 14:59:23 -05:00
Ramon de C Valle b6c9fd4723 Add foreman_openstack_satellite_priv_esc.rb 
This module exploits a mass assignment vulnerability in the 'create'
action of 'users' controller of Foreman and Red Hat OpenStack/Satellite
(Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator
account.
 2013-07-22 15:24:25 -03:00
Rich Lundeen 12e48e252f one more logdir fix, tested 2013-07-20 10:40:06 -07:00
Rich Lundeen 5fd8d53378 fixed bug with default logdir 2013-07-20 10:35:25 -07:00
Rich Lundeen 183cd7337d added ability to execute larger scripts 2013-07-19 15:24:51 -07:00
jvazquez-r7 52079c960f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 12:52:42 -05:00
Tod Beardsley 3ac2ae6098 Disambiguate the module title from existing psexec 2013-07-17 17:11:56 -05:00
jvazquez-r7 7ab4d4dcc4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 17:34:29 -05:00
jvazquez-r7 5c265c99d2 Clean jboss_seam_exec @cmaruti's collab 2013-06-25 14:09:30 -05:00
Cristiano Maruti f78b4d8874 modified according to jvazquez-r7 feedback 2013-06-20 16:29:42 +02:00
Cristiano Maruti 4846a680db modified according to jvazquez-r7 feedback 2013-06-20 16:19:43 +02:00
Cristiano Maruti 8e64bf3d16 modified according to jvazquez-r7 feedback 2013-06-20 16:15:28 +02:00
Cristiano Maruti a5332e5ed2 Module was updated to support WebSphere AS running seam-2. 
msf auxiliary(jboss_seam_exec) > run

[*] Found right index at [0] - getRuntime
[*] Index [1]
[*] Index [2]
[*] Index [3]
[*] Index [4]
[*] Index [5]
[*] Found right index at [6] - exec
[*] Index [7]
[*] Index [8]
[*] Index [9]
[*] Index [10]
[*] Index [11]
[*] Index [12]
[*] Index [13]
[*] Index [14]
[*] Index [15]
[*] Index [16]
[*] Index [17]
[*] Index [18]
[*] Index [19]
[*] Index [20]
[*] Index [21]
[*] Index [22]
[*] Index [23]
[*] Index [24]
[*] Target appears VULNERABLE!
[*] Sending remote command:pwd
[*] Exploited successfully
[*] Auxiliary module execution completed
 2013-06-20 12:17:07 +02:00
jvazquez-r7 66ea59b03f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-28 15:22:46 -05:00
darknight007 6f2ddb3704 Update mssql_findandsampledata.rb 2013-05-25 11:33:57 +05:00
jvazquez-r7 011b0bb741 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-15 09:07:47 -05:00
jvazquez-r7 649a8829d3 Add modules for Mutiny vulnerabilities 2013-05-15 09:02:25 -05:00
jvazquez-r7 51a532e8b4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-12 17:39:58 -05:00
jvazquez-r7 feac292d85 Clean up for dlink_dsl320b_password_extractor 2013-05-12 17:35:59 -05:00
jvazquez-r7 ee46771de5 Land #1799, @m-1-k-3's auth bypass module for Dlink DSL320 2013-05-12 17:34:08 -05:00
m-1-k-3 e3582887cf OSVDB, Base64 2013-05-07 08:28:48 +02:00
m-1-k-3 0f2a3fc2d4 dsl320b authentication bypass - password extract 2013-05-06 14:31:47 +02:00
jvazquez-r7 7bf4aa317f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-25 10:31:51 -05:00
jvazquez-r7 b67fcd3219 Add OSVDB ref to sap_configservlet_exec_noauth 2013-04-25 08:13:32 -05:00
jvazquez-r7 96b66d3856 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-22 21:49:59 -05:00
jvazquez-r7 1529dff3f3 Do final cleanup for sap_configservlet_exec_noauth 2013-04-22 21:43:41 -05:00
jvazquez-r7 8c9715c2ed Land #1751, @andrewkabai's SAP Portal remote OS command exec 2013-04-22 21:41:53 -05:00
jvazquez-r7 5f5e772f7c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-22 21:31:16 -05:00
Andras Kabai 79eb2ff62d add EDB ID to references 2013-04-22 18:37:28 +02:00
Andras Kabai 15b06c43aa sap_configservlet_exec_noauth auxiliary module 
the final module was moved from my master branch to here because of the
pull request needs
 2013-04-22 17:40:27 +02:00
Andras Kabai b4f1f3efbb remove aux module from master branch 2013-04-22 17:34:01 +02:00
Antoine 0115833724 SyntaxError fixes 2013-04-21 20:22:41 +00:00
Andras Kabai 49b055e5fd make msftidy happy 2013-04-20 00:26:04 +02:00
Andras Kabai e4d9c45ce9 remove unnecessary rank rating 2013-04-20 00:23:55 +02:00
Andras Kabai 763d1ac2f1 remove unnecessary option declaration 2013-04-19 21:42:28 +02:00
Andras Kabai 85932a2445 improve URI path and parameter handling 
switch from PATH to TARGETURI datastore;
use normalize_uri to build uri;
use query in send_request_cgi to to prepare query string (instead of
vars_get that escapes the necessary semicolons)
 2013-04-19 21:37:39 +02:00
Andras Kabai c52588f579 remove Scanner mixin 
remove Scanner mixin because this module is not a scanner modul
 2013-04-19 20:28:44 +02:00
Andras Kabai 8f76c436d6 SAP ConfigServlet OS Command Execution module 
This module allows execution of operating system commands throug the
SAP ConfigServlet without any authentication.
 2013-04-18 20:26:48 +02:00
jvazquez-r7 070fd399f2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-31 20:23:08 +02:00
m-1-k-3 587170ae52 fixed author details - next try 2013-03-30 12:43:55 +01:00
m-1-k-3 1d6184cd63 fixed author details 2013-03-30 12:41:31 +01:00
jvazquez-r7 393d5d8bf5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-25 19:09:42 +01:00
jvazquez-r7 fdd06c923a cleanup for dlink_dir_645_password_extractor 2013-03-25 18:04:12 +01:00
jvazquez-r7 a9a5a3f64f Merge branch 'dlink-dir645-password-extractor' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink-dir645-password-extractor 2013-03-25 18:02:51 +01:00
sinn3r 0d56da0511 Merge branch 'netgear-sph200d' of github.com:m-1-k-3/metasploit-framework into m-1-k-3-netgear-sph200d 2013-03-25 11:45:40 -05:00
jvazquez-r7 2d5a0d6916 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-25 17:08:23 +01:00
m-1-k-3 98ac6e8090 feedback included 2013-03-24 21:01:30 +01:00
m-1-k-3 d90de54891 reporting and feedback 2013-03-24 15:00:18 +01:00
m-1-k-3 9f8ec37060 store loot 2013-03-24 11:48:49 +01:00
m-1-k-3 71708c4bc3 dir 645 password extractor - initial commit 2013-03-24 11:44:24 +01:00
jvazquez-r7 49ac3ac1a3 cleanup for linksys_e1500_e2500_exec 2013-03-23 23:30:49 +01:00
jvazquez-r7 98be5d97b8 Merge branch 'linksys-e1500-e2500-exec' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-e1500-e2500-exec 2013-03-23 23:30:14 +01:00
m-1-k-3 b2bf1df098 fixed encoding and set telnetd as default cmd 2013-03-23 22:56:15 +01:00
m-1-k-3 47d458a294 replacement of the netgear-sph200d module 2013-03-23 22:40:32 +01:00
jvazquez-r7 cb56b2de4b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-23 20:06:05 +01:00
m-1-k-3 270f64acc2 feedback included 2013-03-23 15:54:34 +01:00
sinn3r f22c18e026 Merge branch 'module-psexec_command-file_prefix' of github.com:kn0/metasploit-framework into kn0-module-psexec_command-file_prefix 2013-03-22 13:08:13 -05:00
m-1-k-3 dcd2aebdcd feedback included 2013-03-20 21:34:30 +01:00
jvazquez-r7 44f07cef19 Merge branch 'linksys-e1500-e2500-exec' of https://github.com/m-1-k-3/metasploit-framework 2013-03-20 00:47:31 +01:00
jvazquez-r7 80d218b284 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-19 19:55:51 +01:00
m-1-k-3 9fc0f9a927 initial commit 2013-03-19 17:31:01 +01:00
sinn3r 116f5b87f0 Merge branch 'axigen_file_access' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-axigen_file_access 2013-03-19 08:33:58 -05:00
jvazquez-r7 d3a78db77a Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-14 14:12:11 +01:00
jvazquez-r7 7403239de7 cleanup for psexec_ntdsgrab 2013-03-14 13:40:45 +01:00
Trenton Ivey 97023413cb Added advanced option for temp filenames prefix 2013-03-14 01:50:52 -05:00
Royce Davis abbb3b248d methods that use @ip now reference it directly instead of being passed in as paramaters 2013-03-13 19:35:53 -05:00
Royce Davis 462ffb78c1 Simplified copy_ntds & copy_sys check on line 91 2013-03-13 19:31:36 -05:00
Royce Davis 4e9af74763 All print statements now use #{peer} 2013-03-13 19:28:09 -05:00
Royce Davis edf2804bb5 Added simple.disconnect to end of cleanup_after method 2013-03-13 19:23:22 -05:00
Royce Davis 8eba71ebe2 Added simple.disconnect to end of download_sys_hive method 2013-03-13 19:20:58 -05:00
jvazquez-r7 e5f7c08d6f Added module for CVE-2012-4940 2013-03-13 11:52:54 +01:00
jvazquez-r7 91fbeda062 up to date 2013-03-12 17:04:27 +01:00
jvazquez-r7 6055438476 up to date 2013-03-12 17:04:27 +01:00
Royce Davis 9a970415bc Module uses store_loot now instead of logdir which has been removed 2013-03-11 20:05:23 -05:00
Royce Davis aa4cc11640 Removed Scanner class running as stand-alone single target module now 2013-03-11 13:39:47 -05:00
Royce Davis a96753e9df Added licensing stuff at the top 2013-03-10 20:07:04 -05:00
Royce Davis bf9a2e4f52 Fixed module to use psexec mixin 2013-03-10 15:15:50 -05:00
Royce Davis 907983db4a updating with r7-msf 2013-03-10 14:19:20 -05:00
James Lee 2160718250 Fix file header comment 
[See #1555]
 2013-03-07 17:53:19 -06:00
J.Townsend db1f4d7e1d added license info 2013-03-07 00:20:02 +00:00
J.Townsend e8c1899dc2 added license info 2013-03-07 00:18:32 +00:00
J.Townsend 3946cdf91e added license info 2013-03-07 00:17:55 +00:00
J.Townsend 1b493d0e4c added license info 2013-03-07 00:16:26 +00:00
J.Townsend 9e89d9608f added license info 2013-03-07 00:11:45 +00:00
J.Townsend 56639e7f15 added license info 2013-03-07 00:10:46 +00:00
Royce Davis 1d8c759a34 yeah 2013-03-06 16:01:36 -06:00
James Lee ca43900a7c Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7 2013-03-05 16:34:11 -06:00
James Lee 27727df415 Merge branch 'R3dy-psexec-mixin2' into rapid7 2013-03-05 14:36:55 -06:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
Royce Davis ac50c32d51 Tested, works on server 2k8 2013-02-20 10:02:50 -06:00
James Lee 4703278183 Move SMB mixins into their own directory 2013-02-19 12:55:06 -06:00
James Lee ede804e6af Make psexec mixin a bit better 
* Removes copy-pasted code from psexec_command module and uses the mixin
  instead

* Uses the SMB protocol to delete files rather than psexec'ing to call
  cmd.exe and del

* Replaces several instances of "rescue StandardError" with better
  exception handling so we don't accidentally swallow things like
  NoMethodError

* Moves file reading and existence checking into the Exploit::SMB mixin
 2013-02-19 12:33:19 -06:00
jvazquez-r7 ec5c8e3a88 Merge branch 'dlink-dir300-600-execution' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink-dir300-600-execution 2013-02-16 19:12:42 +01:00
Jeff Jarmoc c2f8e4adbd Minor - Note Rails 3.1.11 patch in Description. 2013-02-13 22:30:54 -06:00
jvazquez-r7 d1784babea little cleanup plus msftidy compliant 2013-02-13 20:24:49 +01:00
jvazquez-r7 0ae473b010 info updated with rails information 2013-02-13 09:52:17 +01:00
jvazquez-r7 f46eda2fa9 Merge branch 'rails_devise_pw_reset' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-rails_devise_pw_reset 2013-02-13 09:51:37 +01:00
jvazquez-r7 799beb5adc minor cleanup 2013-02-13 01:00:25 +01:00
Jeff Jarmoc 1d5d33f306 use normalize_uri() 2013-02-12 14:58:07 -06:00
Jeff Jarmoc c6a7a4e68d /URIPATH/TARGETURI/g 2013-02-12 14:50:10 -06:00
Jeff Jarmoc c7719bf4cb Verify response is non-nil. 2013-02-12 13:41:21 -06:00
Jeff Jarmoc 9e1f106a87 msftidy cleanup 2013-02-12 13:38:58 -06:00
jvazquez-r7 766257d26a pointed by @m-1-k-3 while working on #1472 2013-02-11 21:21:43 +01:00
Jeff Jarmoc 5f0a3c6b9e Removes pry, oops. 2013-02-11 14:02:46 -06:00
Jeff Jarmoc 753fa2c853 Handles error when TARGETEMAIL is invalid. 2013-02-11 13:58:56 -06:00
Jeff Jarmoc 61ffcedbfd Address HD's other comments, fixes mismatched var name in last commit. 2013-02-11 11:17:26 -06:00
Jeff Jarmoc e72dc47448 Uses REXML for encoding of password. 2013-02-11 11:12:29 -06:00
Jeff Jarmoc 43a1fbb6f2 Make msftiday happy. 2013-02-10 21:13:18 -06:00
Jeff Jarmoc 55cba56591 Aux module for joernchen's devise vuln - CVE-2013-0233 2013-02-10 21:10:00 -06:00
m-1-k-3 63c6791473 return 2013-02-09 11:17:02 +01:00
m-1-k-3 6cccf86a00 Merge branch 'master' of git://github.com/rapid7/metasploit-framework into dlink-dir300-600-execution 2013-02-09 11:09:56 +01:00
Tod Beardsley 5357e23675 Fixups to the Linksys module 
Professionalizes the description a little, but more importantly, handles
LANIP better, I think. Instead of faking a 1.1.1.1 address, just detect
if it's set or not in a method and return the right thing accordingly.

Please test this before landing, obviously. I think it's what's
intended.
 2013-02-06 12:46:50 -06:00
Tod Beardsley faeaa74a49 Msftidy whitespace 2013-02-06 11:06:13 -06:00
m-1-k-3 43f3bb4fe6 small updates 2013-02-05 13:54:10 +01:00
m-1-k-3 5ca0e45388 initial commit 2013-02-04 08:44:12 +01:00
jvazquez-r7 2bf2d4d8a4 Merge branch 'netgear_sph200d_traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear_sph200d_traversal 2013-02-03 23:35:29 +01:00
jvazquez-r7 c24c926ffa add aditional check to detect valid device 2013-02-01 20:55:06 +01:00
jvazquez-r7 996ee06b0f fix another print_ call 2013-02-01 20:43:54 +01:00
jvazquez-r7 152f397a1f first module cleanup 2013-02-01 20:38:11 +01:00
m-1-k-3 988761a6de more updates, BID, Exploit-DB 2013-02-01 20:18:53 +01:00
m-1-k-3 fdd5fe77c1 more updates ... 2013-02-01 19:59:19 +01:00
m-1-k-3 0e22ee73b5 updates ... 2013-02-01 19:26:34 +01:00
sinn3r c174e6a208 Correctly use normalize_uri() 
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
 2013-01-30 23:23:41 -06:00
m-1-k-3 ea5e993bf3 initial 2013-01-29 22:02:29 +01:00
sinn3r 690ef85ac1 Fix trailing slash problem 
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.

Related to: [SeeRM: #7727]
 2013-01-28 13:19:31 -06:00
Brandon McCann 15253f23bf added RHOSTS funct 2013-01-24 15:29:35 -06:00
jvazquez-r7 1fc747994e cleanup for linksys_wrt54gl_exec 2013-01-24 17:50:14 +01:00
m-1-k-3 3a5e92ba6f hopefully all fixex included 2013-01-23 12:15:34 +01:00
Royce Davis c601ceba3c Fixed error deleting ntds and sys files 2013-01-22 09:42:49 -06:00
Royce Davis ed3b886b61 working with psexec mixin 2013-01-22 09:36:43 -06:00
m-1-k-3 11c13500be small fix 2013-01-21 13:41:42 +01:00
m-1-k-3 62ff52280a initial linksys OS command injection 2013-01-21 13:19:29 +01:00
lmercer a89db93891 psexec_command - Unable to execute specified command: can't convert nil into Integer 
Patched as described in Redmine bug #7680
 2013-01-14 15:54:40 -05:00
Royce Davis ff9ef80cc6 Fixed terrible tab issues that occured because of an evil vimrc filegit add ntdsgrab.rb 2013-01-07 12:49:58 -06:00
Royce Davis e4546b13f3 Creating new pull request to beat Travis build strange errors... 2013-01-07 12:21:59 -06:00
Royce Davis c1f0e1172b Still fighing with Travis build errors 2013-01-07 11:52:37 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes 
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
 2013-01-07 11:16:58 -06:00
Royce Davis ac2182c69b Edited to fix Travis build process 2013-01-07 11:10:21 -06:00
Royce Davis 44e07c8577 Created psexec mixin to get rid of ugly copy-paste 2013-01-04 09:58:48 -06:00
Christian Mehlmauer 4d8a2a0885 msftidy: remove $Revision$ 2013-01-03 01:01:18 +01:00
Christian Mehlmauer 95948b9d7c msftidy: remove $Revision$ 2013-01-03 00:58:09 +01:00
Christian Mehlmauer ca890369b1 msftidy: remove $Id$ 2013-01-03 00:54:48 +01:00
Royce Davis 321a4ecb74 Escaped quotes in windows command 2012-12-29 13:46:22 -06:00
Royce Davis 02bbcb5803 surrounded ntdspath in a space 2012-12-29 13:33:32 -06:00
Royce Davis 174e6e8f17 Fixed array instantiation 2012-12-29 13:31:54 -06:00
sinn3r 0344c568fd Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes 2012-12-18 11:38:14 -06:00
Tod Beardsley 10511e8281 Merge remote branch 'origin/bug/fix-double-slashes' 
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
 2012-12-17 13:29:19 -06:00
Royce Davis 2eb01168c8 Cleaned build junk 2012-12-14 10:44:53 -06:00
Royce Davis 82a6519dc4 cleaned up print_status and print_errors 2012-12-14 10:41:40 -06:00
Royce Davis 1b26036028 removed junk 2012-12-14 09:23:26 -06:00
Royce Davis ae663b2a08 removed | from author section 2012-12-14 09:02:19 -06:00
Royce Davis 27ca43c915 Added to create new pull request 2012-12-14 08:53:22 -06:00
sinn3r d2885d9045 Correct US Cert references 2012-12-13 14:19:53 -06:00
sinn3r c66777d028 Merge branch 'command' of git://github.com/R3dy/metasploit-framework into R3dy-command 2012-12-06 16:08:04 -06:00
Royce Davis 205276c38f Update modules/auxiliary/admin/smb/psexec_command.rb 
Fixed static path to Windows directory.  This causes problems with directory is 'WINNT' for example.
 2012-12-06 16:03:44 -06:00
jvazquez-r7 3dada00f43 fix typo accor ding to redmine 7550 2012-12-04 22:37:08 +01:00
Alexandre Maloteaux c0c3dff4e6 Several fixes for smb, mainly win 8 compatibility 2012-11-28 22:49:40 +01:00
sinn3r 319fa04c16 Fix Ruby 1.8 comma of death 2012-11-26 16:45:43 -06:00
jvazquez-r7 414fd052c1 final cleanup 2012-11-24 15:03:14 +01:00
jvazquez-r7 f7fb8bb862 change module filename 2012-11-23 11:43:34 +01:00
jvazquez-r7 cb7e98ea29 Cleanup for command module 2012-11-23 11:42:59 +01:00
Royce Davis e16cea6db8 Fixed execerror, redundant if statement, and poor exception handling 2012-11-20 18:46:07 -06:00
Royce Davis 795ea5bec2 Fix randomize of dislayname and removed filename from command.rb 2012-11-19 14:34:06 -06:00
Royce Davis 7fa8717860 Fixed cleanup method to report an Error on command.rb 2012-11-19 13:59:58 -06:00
Royce Davis f9b4971fc3 Fixed hard coded paths in psexec on command.rb 2012-11-13 10:28:16 -06:00
Royce Davis 683bcd4b82 Added disconnect method to command.rb 2012-11-12 11:25:12 -06:00
Royce Davis e57275d3f6 added check cleanup method to command.rb 2012-11-12 09:46:02 -06:00
Chris John Riley cffedd0c97 Set back to target_uri.path 2012-11-11 12:04:31 +01:00
Royce Davis 6e257d5f57 Simplify main method 2012-11-09 08:50:09 -06:00
Chris John Riley 0dd4f4d03d Formatting 2012-11-08 17:51:06 +01:00
Chris John Riley f88ec5cbc8 Add normalize_uri to modules that may have 
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> https://github.com/rapid7/metasploit-framework/pull/1045
 2012-11-08 17:42:48 +01:00
HD Moore 4d2147f392 Adds normalize_uri() and fixes double-slash typos 2012-11-08 07:16:51 -06:00
Royce Davis 22ecd6afa9 Edit command.rb 2012-11-07 15:17:13 -06:00
Royce Davis 18aab8bcc7 Remove extrat comment lines from command.rb 2012-11-07 15:09:57 -06:00
Royce Davis d159aa6f9f Changed error handeling of command.rb module 2012-11-07 15:03:31 -06:00
Royce Davis ac518f7091 Removed double lines in Author field and general URLs 2012-11-07 08:22:09 -06:00
Royce Davis aec4d99549 ran msftidy on command.rb 2012-11-06 16:33:47 -06:00
Royce Davis 9f87b7b674 Removed smb_exec from this branch 2012-11-06 16:18:38 -06:00
Royce Davis 0b940d8087 New module command.rb 2012-11-05 12:03:51 -06:00
Royce Davis aa6e8c7437 smb_exec 2012-11-05 11:46:39 -06:00
Royce Davis a9db705b60 New module for submission smb_exec 2012-11-05 11:45:03 -06:00
sinn3r 2c4273e478 Correct some modules with res nil 2012-10-29 04:41:30 -05:00
sinn3r f1423bf0b4 If a message is clearly a warning, then use print_warning 2012-10-24 00:44:53 -05:00
Michael Schierl 910644400d References EDB cleanup 
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
 2012-10-23 21:02:09 +02:00
Michael Schierl 04a6021631 Privileged cleanup: auxiliary modules can't 2012-10-22 20:36:49 +02:00
Michael Schierl 39e81d3e53 Arch/Platform cleanup: aux modules need neither 2012-10-22 20:28:02 +02:00
sinn3r ae690f5fd3 Remove that extra "," that breaks Ruby 1.8 2012-10-20 02:11:49 -05:00
jvazquez-r7 7b1c35624e Merge branch 'mssql_ntlm_stealer' of https://github.com/nullbind/metasploit-framework into nullbind-mssql_ntlm_stealer 2012-10-17 22:50:54 +02:00
jvazquez-r7 1f55e02535 minor cleanup 2012-10-17 22:21:28 +02:00
jvazquez-r7 12e2ff9bb5 proposed cleanup 2012-10-17 19:03:28 +02:00
nullbind c52b834f50 updated name and description 2012-10-16 14:37:02 -05:00
nullbind d8c2aa9796 added mssql ntlm stealer for sqli 2012-10-16 14:26:10 -05:00
nullbind fafa6e49ce address comments from jvazquez 2012-10-16 12:10:37 -05:00
nullbind 553ce82e79 added mssql ntlm stealer 2012-10-15 13:29:51 -05:00
sinn3r 54ed60e24e Forgot to remove the second require 2012-09-24 18:50:53 -05:00
sinn3r 6bd450e114 Make Ruby 1.8 happy 2012-09-24 18:49:41 -05:00
David Maloney f75ff8987c updated all my authour refs to use an alias 2012-09-19 21:46:14 -05:00
Tod Beardsley c83b49ad58 Unix linefeeds, not windows 
That's what I get for just committing willy-nilly with a fresh install
of Gvim for Windows.

Also, this is an experiment to see if linefeeds are being respected in
this editor Window. I doubt it will be, given GitHub's resistence to
50/72 as a sensible default.
 2012-09-16 18:10:35 -05:00
Tod Beardsley 2fc34e0073 Auth successful, not successfully 
Just fixing up some adverb versus adjective grammar.
 2012-09-16 17:51:00 -05:00
jvazquez-r7 63d2d60c68 delete don't needed line 2012-09-15 23:56:38 +02:00
jvazquez-r7 ff2e9fc157 add changes proposed by sinn3r 2012-09-15 23:55:55 +02:00
jvazquez-r7 70ff7621d6 added module for CVE-2012-2983 2012-09-15 15:11:12 +02:00
jvazquez-r7 6771466cb7 Added module for CVE-2011-2750 2012-09-13 17:24:16 +02:00
Tod Beardsley 32e2232de3 Disambiguating hkm from hdm 
Having an author name of "hkm" really looks like a typo for "hdm," but
it's not.
 2012-09-11 11:13:20 -05:00
Tod Beardsley aaf7fcd5e9 Closing bracket doh 2012-09-07 08:57:27 -05:00
Tod Beardsley 53e4818c2e Humble-desser, not humble-dresser 2012-09-07 08:49:27 -05:00
Tod Beardsley ff97b1da00 Whitespace EOL 2012-09-05 14:04:20 -05:00
Tod Beardsley b8132cae5c Add the redistribution comment splat 2012-09-04 15:58:43 -05:00
Tod Beardsley 15f1dd8525 Moving greetz to Author fields 2012-09-04 15:58:43 -05:00
Tod Beardsley 6e7cbe793c Spamguard e-mail addresses, make auth name consistent 2012-09-04 15:58:43 -05:00
Tod Beardsley f80abaf0d1 Dropping trailing whitespace 2012-09-04 15:58:42 -05:00
nullbind 114ade6bea applied todb requested fixes, and added sql 2k support 2012-09-04 15:58:42 -05:00
nullbind 6cd6f9d5d1 minor comment updates 2012-09-04 15:58:42 -05:00
nullbind 7e168f2e5c Modified module to write query results to a file with report/loot options 2012-09-04 15:58:42 -05:00
nullbind 522fb401e9 Find data on a SQL Server, sample it, and write it to a CSV file. 2012-09-04 15:58:42 -05:00
sinn3r b4b860f356 Correct MC's name 2012-08-08 14:16:02 -05:00
sinn3r b46fb260a6 Comply with msftidy 
*Knock, knock!*  Who's there? Me, the msftidy nazi!
 2012-08-07 15:59:01 -05:00
sinn3r f26053c2c3 Add vendor's name in there for easier searching 2012-08-07 12:16:52 -05:00
sinn3r 614ae02a26 Add CVE-2012-2626 Scrutinizer add-user aux mod 2012-08-07 12:13:25 -05:00
Tod Beardsley d5b165abbb Msftidy.rb cleanup on recent modules. 
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
 2012-08-04 12:18:00 -05:00
Rob Fuller 76fee330ee Squashed commit of the following: 
commit dadb717f5e17851a85183847f3fdb01e45e6caaa
Author: James Lee <egypt@metasploit.com>
Date:   Fri Aug 3 18:48:53 2012 -0600

    Rescue SMB errors

    Prevents backtraces and gives the user some idea of what happened.
    Specifically useful for STATUS_ACCESS_DENIED and STATUS_LOGON_FAILURE.

commit aba203ead75eec22606f52d7eb67f1581c44c4df
Author: Rob Fuller <jd.mubix@gmail.com>
Date:   Fri Jul 20 03:24:26 2012 -0400

    add SMB list directory module

[Closes #628]
 2012-08-03 19:00:11 -06:00
sinn3r 981ba60fee Fix exception handlings 
Two things:
1. Make msftidy happy
2. Exception handling shouldn't be used to shut errors up.
 2012-07-18 12:05:14 -05:00
Rory McCune 464df4ed1d Oraenum - added error handling 
The oraenum module has errror handling to catch instances where the user used to run the checks doesn't have the appropriate rights, however in one place (The default password check) the error handling code isn't included.  This patch just adds the same check for that code.
 2012-07-18 09:22:22 +01:00
sinn3r 78edf15a86 Improve module 2012-07-17 08:39:56 -05:00
sinn3r dde2254f29 rename file 2012-07-17 08:36:02 -05:00
sinn3r d5711efd26 Merge branch 'master' of https://github.com/j0hnf/metasploit-framework into j0hnf-master 2012-07-17 08:35:49 -05:00
sinn3r e5dd6fc672 Update milw0rm references. 
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links.  Change to exploit-db instead.
 2012-06-28 14:27:12 -05:00
Tod Beardsley 97974d9241 Shorten title for display 2012-06-27 10:19:46 -05:00
j0hn__f 7d20f14525 exec SQL from file 2012-06-26 12:40:34 +01:00
j0hn__f 83260c9c89 module to exe SQL queries from a file 2012-06-26 12:15:30 +01:00
sinn3r f93658b37a Minor name change 2012-06-25 15:51:02 -05:00
sinn3r 637edc21ce Add CVE-2010-2731 2012-06-25 15:48:36 -05:00
Tod Beardsley 302ab963d1 Adding ref for intersil module 2012-06-20 15:05:56 -05:00
James Lee 7c417fa977 Add a select command for the various SQL modules 2012-06-18 23:59:57 -06:00
sinn3r e72303a922 Add Intersil HTTP Basic auth pass reset (originally #453) 
The modified version of pull request #453. This addresses a couple
of things including:
* Change the description to better explain what the vulnerability is.
  The advisory focuses the problem as an auth bypass, not DoS,
  although it can end up dosing the server.
* The title and filename are changed as a result of matching that
  advisory's description.
* Use 'TARGETURI' option instead of 'URI'.
* The reset attempt needs to check if the directory actually has
  401 in place, otherwise this may result a false-positive.
* The last HTTP request needs to check a possible nil return value.
* More verbose outputs.
 2012-06-16 21:14:57 -05:00
sinn3r 72cdd67cd0 Remove function cleanup() 
There is no point of having this function, because there's nothing
in it.
 2012-06-06 00:54:04 -05:00
sinn3r 3f0431cf51 Massive whitespace destruction 
Remove whitespace found at the end of the line
 2012-06-06 00:36:17 -05:00
sinn3r c30af98b53 Massive whitespace destruction 
Remove all the lines that have nothing but whitespace
 2012-06-06 00:22:36 -05:00
sinn3r 0fcc53b0a2 Handle nil for get_once 2012-06-04 15:31:10 -05:00
sinn3r 01803c4a33 Fix possible nil res. Bug #6939. Part 1. 2012-06-04 13:11:47 -05:00
Christian Mehlmauer 3752c10ccf Adding FireFart's RPORT(80) cleanup 
This was tested by creating a resource script to load every changed
module and displaying the options, like so:

````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````

...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.

Thanks FireFart!

Squashed commit of the following:

commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date:   Fri May 25 22:09:42 2012 +0200

    Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
 2012-06-02 09:53:19 -05:00
sinn3r 86ba759c07 Oops, I left one more anonymous out. 2012-05-26 15:30:20 -05:00
sinn3r c606896122 Multiple fixes and improvements: 
* Make session ID configurable based on feature #6894's suggestion.
* Fix a potential bug when res is nil.
* Use print_error() to make the error message more readable.
 2012-05-24 02:16:29 -05:00
James Lee 22601180f3 Save the pilfered file as loot 2012-05-23 18:07:13 -06:00
Tod Beardsley 336a00bc54 Fixing CVE reference 2012-05-16 14:34:04 -05:00
Tod Beardsley 82885cc6e5 Fixing author tags 
Ensuring a space between name and email.
 2012-05-15 15:45:07 -05:00
James Lee bc6ec537f9 Fix a ruby 1.8 compat error 
Can't have commas at the end of argument lists.
 2012-05-15 11:53:49 -06:00
sinn3r 8b06835109 Make changes to proper API usage, whitespace, and extra characters. 2012-05-15 01:26:42 -05:00
pyoor a8b534ddec Cisco Secure ACS Module - Updated error handling 2012-05-14 20:03:26 -04:00
pyoor 2e49e56126 Made suggested changes 2012-05-14 19:50:34 -04:00
pyoor 6b6dc60b25 Cisco Secure ACS Auth Bypass Module 2012-05-13 16:16:18 -04:00
Tod Beardsley aa3930fcb9 Typo on fixed tftp module 2012-05-10 21:42:33 -05:00
Tod Beardsley 36c805c5ff Move the context setting to the module 
Apparently you can't hit the framework object before running the module
any more. Bummer.

[Fixes #6843]
 2012-05-10 21:21:32 -05:00
HD Moore 5151a4c530 Cosmetic 2012-05-03 00:33:09 -05:00
HD Moore 99d7b2601c Cosmetic 2012-05-03 00:31:50 -05:00
sinn3r 91763dd063 Fix 1.8 compatibility 2012-04-25 15:54:42 -05:00
sinn3r b0a76a1aa1 Add wake-on-lan module 2012-04-21 03:29:49 -05:00
Tod Beardsley dfe2bbc958 Use rport for modicon_password recovery, not 21. 2012-04-07 13:03:43 -05:00
Tod Beardsley 461352f24f Don't need to require net/ftp anymore 
Nothing actually used it anyway.
 2012-04-06 10:35:28 -05:00
Tod Beardsley 9c8e6ac9da Ruby 1.8 compat for the SCADA modules. 
But really, you should be using Ruby 1.9 by now.
 2012-04-05 17:05:03 -05:00
Tod Beardsley 14d9953634 Adding DigitalBond SCADA modules 2012-04-05 12:35:48 -05:00
Tod Beardsley 0df4a8a63d Rogue period, DELETED. 2012-03-28 14:29:31 -06:00
Jonathan Cran 2c3e296b36 remove trailing comma, thanks troulouliou 2012-03-28 14:29:31 -06:00
Tod Beardsley 47493af103 Merge pull request #259 from todb-r7/edb-2 
Convert Exploit-DB references to first-tier "EDB-12345" references
 2012-03-23 12:09:07 -07:00
sinn3r 10733f6a1c Update description 2012-03-23 13:05:40 -05:00
sinn3r 41bc8ded3d Add HP Data Protector aux module for executing commands on Windows 2012-03-23 07:57:13 -05:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs 
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
 2012-03-21 16:43:21 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
sinn3r 7c77fe20cc Some variables don't need to be in a double-quote. 2012-03-17 20:37:42 -05:00
David Maloney 6011da7db8 More Virtualisation SSL fixes 2012-03-15 19:06:48 -05:00
James Lee 2b9acb61ad Clean up some incosistent verbosity 
Modules should use `vprint_*` instead of `print... if
datastore["VERBOSE"]` or similar constructs
 2012-03-06 12:01:20 -07:00
James Lee 3a33434867 Fix a couple of typos that throw off module authors 2012-03-05 13:28:46 -07:00
Tod Beardsley 302853f5a4 Unpolluting SVN Revision keyword 
Sometimes Revision keywords get expanded, too. Fix those.
 2012-03-02 10:18:32 -06:00
Tod Beardsley 3626d48db2 Un-polluting SVN Id keyword 
Sometimes the SVN Id keyword sneaks back into the github repo already
expanded.
 2012-03-02 10:18:32 -06:00
Efrain Torres b608aeeeb7 Migrating modules to use report_web_vulns and minor fixes 2012-03-02 10:18:32 -06:00
Efrain Torres a2e5a4d9d5 New wmap version 1.5. Plugin and mixin changes. Modules edited to adjust to naming convention 2012-03-02 10:18:31 -06:00
James Lee 464cf7f65f Normalize service names 
Downcases lots and standardizes a few.  Notably, modules that reported a
service name of "TNS" are now "oracle".  Modules that report http
now check for SSL and report https instead.

[Fixes #6437]
 2012-02-21 22:59:20 -07:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
James Lee 89e0842b1e Add vim_soap to the mixins list. 
Fixes an issue where a different module load order would result in one
of the vmware modules failing to load be cause vim_soap hadn't been
required yet. Thanks d0rm0us3 for having a weird system and spotting
stuff like this.
 2012-02-20 13:17:45 -07:00
sinn3r a8d56afda6 Use store_loot() to save data to local disk 2012-02-20 01:30:11 -06:00
Matt Buck e0a75c1b2c Merge branch 'release/4.2-stable' 
Conflicts:
	lib/msf/core/model/host.rb
 2012-02-19 22:57:22 -06:00
David Maloney 36dc0fee50 Better dynamic soap generation for all the vmware stuff 2012-02-18 18:29:46 -06:00
sinn3r bb5e4a1600 Modules don't need to register VERBOSE, because it's already there 2012-02-17 21:07:44 -06:00
David Maloney 8d7ddab2af Some minor bug fixes 
Added vm_tag module for 'flag planting'
 2012-02-16 00:45:48 -06:00
David Maloney a2778ea297 minor fixes to multi-session terminate 2012-02-15 16:50:12 -06:00
David Maloney 082b4acca8 Changed terminate session module to handle multiple sessions per run 2012-02-15 16:47:02 -06:00
David Maloney c9cf47bd4c Add Terminate Session module and some extra goodness to enum sessions 2012-02-15 16:39:13 -06:00