Commit Graph

25078 Commits (6e80481384ed124e3a16dde80a215a6660705a34)

Author SHA1 Message Date
James Lee cc1e81ecb7
Add sqlite3 to Gemfile
Fixes all the post modules that require it to parse pilfered sqlite DB
files.
2014-05-27 10:29:55 -05:00
jvazquez-r7 69e8286838 Fix title 2014-05-27 10:29:32 -05:00
jvazquez-r7 1316365c2f Fix description 2014-05-27 10:22:39 -05:00
jvazquez-r7 abe1d6ffc7
Land #3190, @Karmanovskii's module to fingerprint MyBB database 2014-05-27 10:20:24 -05:00
jvazquez-r7 86221de10e Fix message 2014-05-27 10:18:27 -05:00
jvazquez-r7 b96c2dd0ca Change module filename 2014-05-27 10:15:39 -05:00
jvazquez-r7 1d8c46155b Do last code cleaning 2014-05-27 10:14:55 -05:00
Tom Sellers ae1b7e564b Update powershell.rb 2014-05-27 05:18:00 -05:00
William Vu 704e4d78ca
Fix typo in client_request.rb comment 2014-05-26 23:55:48 -05:00
William Vu 0133e861f8
Fix typo 2014-05-26 23:55:20 -05:00
William Vu 352e14c21a
Land #3391, all vars_get msftidy warning fixes 2014-05-26 23:41:46 -05:00
William Vu 936c29e69b
Land #3387, some Set-Cookie msftidy warning fixes 2014-05-26 23:37:33 -05:00
Karmanovskii eacf70af83 Update mybb_get_type_db.rb
26.05.2014  23:26
I deleted mimicking IE11
2014-05-26 23:26:28 +04:00
Meatballs 1914e0abd3
Land 3393, Add session and framework vars to irb 2014-05-26 18:50:20 +01:00
jvazquez-r7 994891e9c5
Land #3383, @wchen-r7's [FixRM #8804] Fix / URIPATH for BrowserExploitServer 2014-05-25 19:51:30 -05:00
jvazquez-r7 217a14e4d7
Land #3366, @jholgui's module for CVE-2013-4074 2014-05-25 18:53:30 -05:00
jvazquez-r7 33ba134147 Clean msftidy warnings and metadata 2014-05-25 18:52:01 -05:00
jvazquez-r7 d3c17d8e3e Delete wireshark_capwap_dos 2014-05-25 18:39:53 -05:00
Spencer McIntyre 77e70d8bbe Add 2 more variables for meterpreter irb 2014-05-25 16:28:40 -04:00
Spencer McIntyre c559483176
Land #3392, @TomSellers patch to use python constants 2014-05-25 16:18:42 -04:00
Tom Sellers 77f66f8510 Update reverse_tcp.rb 2014-05-25 14:04:54 -05:00
Tom Sellers b5c567c462 Update bind_tcp.rb 2014-05-25 14:03:45 -05:00
Christian Mehlmauer da0a9f66ea
Resolved all msftidy vars_get warnings 2014-05-25 19:29:39 +02:00
Tom Sellers 42a17cc085 Update powershell.rb
To be clear, the shell that was tested with was 'windows/shell_reverse_tcp' delivered via 'exploit/windows/smb/psexec'

Additional changes required to fix regex to support the multiline output.  Also, InstanceId uses a lower case 'D' on the platforms I tested - PowerShell 2.0 on Windows 2003, Windows 7, Windows 2008 R2 as well as PowerShell 4.0 on Windows 2012 R2.

This method doesn't appear to be used anywhere in the Metasploit codebase currently.
2014-05-25 08:59:42 -05:00
Tom Sellers 76b9273f10 Improve reliability of have_powershell
I have a case where on a Windows 2008 R2 host with PowerShell 2.0 the 'have_powershell' method times out.  When I interactively run the command I find that the output stops after the PowerShell command and the token from 'cmd_exec' is NOT displayed.  When I hit return the shell then processes the '&echo <randomstring>' and generates the token that 'cmd_exec' was looking for.  I tried various versions of the PowerShell command string such as 'Get-Host;Exit(0)', '$PSVErsionTable.PSVersion', and '-Command Get-Host' but was unable to change the behavior.  I found that adding 'echo. | ' simulated pressing enter and did not disrupt the results on this host or on another host where the 'have_powershell' method functioned as expected.

There may be a better solution, but this was the only one that I could find.
2014-05-25 08:07:38 -05:00
Lutz Wolf 2b75a53c93 Add basic rspec for portspec_to_portlist 2014-05-24 23:46:26 +02:00
Lutz Wolf fc5436417b Simplification 2014-05-24 23:45:21 +02:00
Lutz Wolf 4fc6e402dc Allow port 0 2014-05-24 23:44:50 +02:00
JoseMi 9f166b87f6 Changed the description 2014-05-24 18:58:36 +01:00
JoseMi 71e2d19040 Adapted to auxiliary modules structure 2014-05-24 18:53:10 +01:00
Christian Mehlmauer df97c66ff5
Fixed check 2014-05-24 00:37:52 +02:00
Christian Mehlmauer 8d4d40b8ba
Resolved some Set-Cookie warnings 2014-05-24 00:34:46 +02:00
Tod Beardsley 1aee0f3305
Warn if it's not UPPERCASE method (@wchen-r7)
See the discussion on f7bfab5a26, PR #3386
2014-05-23 17:10:27 -05:00
Tod Beardsley 9f78bec457
Use normalize_uri (@wchen-r7)
Instead of editing the datastore['PATH'], use normalize_uri.

Since the purpose of this module is quite fuzz-like, I didn't want to
apply the normalize_uri to the whole uri -- the original code merely
applied to datastore['PATH'] (which seems like it should be
datastore['URI'] really) and then added on a bunch of other stuff to
test for traversals.
2014-05-23 15:43:50 -05:00
Tod Beardsley f7bfab5a26
HTTP traversal shouldnt upcase METHOD (@wchen-r7)
If the user wants to use downcased or mixed case HTTP methods, heck,
more power to them. If it doesn't work, it doesn't work. No other HTTP
module makes this call.
2014-05-23 15:32:04 -05:00
Tod Beardsley 7f59cf5035
Ora XID HTTP needn't edit DBUSER (@cellabosm)
Looks like copypasta artifacts. DBUSER and DBPASS aren't ever set as
options in the module, and the module doesn't include MC's
Exploit::ORACLE mixin. It's also from four years ago and doesn't
report_auth or anything useful like that, but that's out of scope for
this branch.
2014-05-23 15:20:46 -05:00
Tod Beardsley efffbf751a
PHP module shouldnt zap CMD option (@wchen-r7)
As far as I can tell, there is no purpose for this cleanup. No other CMD
exec module takes pains to clear out CMD after run, and it looks like a
bad idea -- what happens when you rexploit?
2014-05-23 15:09:18 -05:00
Tod Beardsley f189033e8a
OWA bruteforce shouldnt edit datastore (@wchen-r7)
This module was written in an era where the defaults for bruteforcing
included a lot of lock-inducing behavior, thus, it was quite serious
about setting datastore options directly. Also, there was apparently a
bug in USER_AS_PASS that this module attempted to avoid by setting the
datastore directly, rather than fixing the bug directly. As far as I
know, this bug has been long since resolved.
2014-05-23 15:08:19 -05:00
Michael Messner b85c0b7543 rop to system with telnetd 2014-05-23 20:51:25 +02:00
joev ae3c334232 Getting closer. Still something f'd with local answerer.html. 2014-05-22 17:14:35 -05:00
William Vu dc7ec450da
Land #3384, AIX ibstat exploit interface detection 2014-05-22 16:25:06 -05:00
mercd 28459299b2 Update ibstat_path.rb
Add interface detection, defaulting to en0.
2014-05-22 14:16:04 -07:00
sinn3r 1dbe972377 Fix URIPATH / for BrowserExploitServer
[SeeRM #8804] Fix URIPATH / for BrowserExploitServer
2014-05-22 12:18:49 -05:00
William Vu ebd70cbd8f
Land #3382, references for IBM Sametime modules 2014-05-22 12:12:18 -05:00
William Vu d31908b72e
Land #3374, RPC deadlock fix
[FixRM #8794]
2014-05-22 12:07:23 -05:00
Tod Beardsley fa353e6bd9
Add CVE, IBM ref for SameTime modules 2014-05-22 11:34:04 -05:00
Tod Beardsley d9fbf861d2
Add an environment option to suppress info msgs
It's often you want counts of just WARN and ERROR messages, and don't
want to spam yourself with INFO messages that you don't intend to
address anyway. This is most often the case with CI, such as with

https://travis-ci.org/todb-r7/metasploit-framework
2014-05-21 16:20:57 -05:00
Tod Beardsley 765419627b
Demote datastore edits to info status
SeeRM #8498
2014-05-21 16:18:36 -05:00
joev 14b796acbf First stab at refactoring webrtc mixin. 2014-05-21 15:32:29 -05:00
Spencer McIntyre e3630278ce
Land #3379, [FixRM #8803] - Improve fb_cnct_group check 2014-05-21 11:39:10 -04:00