Gabor Seljan
9be95eacb8
Use %Q for double-quoted string
2014-12-22 07:37:32 +01:00
jvazquez-r7
60d4525632
Add specs for Msf::Kerberos::Client::Pac
2014-12-21 17:49:36 -06:00
sgabe
bb33a91110
Update description to be a little more descriptive
2014-12-21 19:31:58 +01:00
Jon Hart
74783b1c78
Remove ruby and telnet requirement
2014-12-21 10:06:06 -08:00
sgabe
cd02e61a57
Add module for OSVDB-114279
2014-12-21 17:00:45 +01:00
Jon Hart
31f320c901
Add mercurial debugging
2014-12-20 20:00:12 -08:00
Jon Hart
3da1152743
Add better logging. Split out git support in prep for mercurial
2014-12-20 19:34:55 -08:00
Jon Hart
58d5b15141
Add another useful URL. Use a more git-like URIPATH
2014-12-20 19:11:56 -08:00
jvazquez-r7
9f1403a63e
Add initial specs for Msf::Kerberos::Client::TgsResponse
2014-12-20 20:29:00 -06:00
sgabe
9f97b55a4b
Add module for CVE-2014-2973
2014-12-20 18:38:22 +01:00
Jon Hart
f41d0fe3ac
Randomize most everything about the malicious commit
2014-12-19 19:31:00 -08:00
Jon Hart
805241064a
Create a partially capitalized .git directory
2014-12-19 19:07:45 -08:00
Jon Hart
f7630c05f8
Use payload.encoded
2014-12-19 18:52:34 -08:00
jvazquez-r7
b0ac68fbc3
Create build_subkey method
2014-12-19 19:46:57 -06:00
jvazquez-r7
4a106089b9
Move options to build_tgs_request_body
2014-12-19 19:12:17 -06:00
jvazquez-r7
e6781fcbea
Build AuthorizationData from the module
2014-12-19 18:59:39 -06:00
jvazquez-r7
9bd454d288
Build PAC extensions from the module
2014-12-19 18:47:41 -06:00
jvazquez-r7
def1695e80
Use options by call
2014-12-19 18:23:11 -06:00
jvazquez-r7
f332860c19
Clean creation of client and server principal names
2014-12-19 18:16:22 -06:00
jvazquez-r7
bd85723a9d
Build pre auth array out of the mixin
2014-12-19 18:10:14 -06:00
Jon Hart
7f2247f86d
Add description and URL
2014-12-19 15:50:16 -08:00
Jon Hart
9b815ea0df
Some style cleanup
2014-12-19 15:35:09 -08:00
Jon Hart
4d0b5d1a50
Add some vprints and use a sane URIPATH
2014-12-19 15:33:26 -08:00
Tod Beardsley
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart
48444a27af
Remove debugging pp
2014-12-19 15:27:06 -08:00
Jon Hart
1c7fb7cc7d
Mostly working exploit for CVE-2014-9390
2014-12-19 15:24:27 -08:00
jvazquez-r7
d058bd5259
Refact extraction of kerberos cache credentials
2014-12-19 15:53:24 -06:00
Jon Hart
4888ebe68d
Initial commit of POC module for CVE-2013-9390 ( #4435 )
2014-12-19 12:58:02 -08:00
HD Moore
fffa8cfdd1
Lands #4426 by cleaning up the module description
2014-12-19 14:54:17 -06:00
HD Moore
9ede2c2ca5
Lands #4429 by fixing windows/messagebox with EXITFUNC=none
2014-12-19 14:51:57 -06:00
jvazquez-r7
fad08d7fca
Add specs for Rex Kerberos client
2014-12-19 12:14:33 -06:00
Joe Vennix
e45af903d9
Add patch discovery date.
2014-12-19 12:04:41 -06:00
sinn3r
2c0c732967
Fix #4414 & #4415 - exitfunc and proper null-terminated string
...
This patch fixes the following for messagebox.rb
Issue 1 (#4415 )
When exitfunc is none, the payload will not be able to generate
due to an "invalid opcode" error.
Issue 2: (#4414 )
After "user32.dll" is pushed onto the stack for the LoadLibrary
call, the payload does not actually ensure bl is a null byte, it
just assumes it is and uses it to modify the stack to get a
null-terminated string.
Fix #4414
Fix #4415
2014-12-19 03:19:06 -06:00
Joe Vennix
25313b1712
Use the hash to pass the script.
2014-12-19 02:30:37 -06:00
Jon Hart
8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222
2014-12-18 17:21:26 -08:00
jvazquez-r7
f325d2f60e
Add support for cache credentials in the mixin
2014-12-18 16:31:46 -06:00
Tod Beardsley
c15bad44a6
Be clearer on backslash usage.
...
See #4282
2014-12-18 16:16:02 -06:00
jvazquez-r7
9a58617387
Add dummy test module
2014-12-17 19:57:10 -06:00
sinn3r
6b0a98b69c
Resolve #4408 - bad uncaught nil get_once
2014-12-17 14:02:42 -06:00
Meatballs
6a822cca61
Move code out of begin/rescue block
2014-12-17 06:45:00 +00:00
Meatballs
dd63d793e5
Bring in @darkoperator's filters
2014-12-17 06:14:21 +00:00
Meatballs
8c7ff728ef
Gather some more info
2014-12-17 05:46:01 +00:00
Joe Vennix
84ea628284
Add Android cookie theft attack.
2014-12-16 19:12:01 -06:00
William Vu
f6af86a06d
Land #4402 , ms12_020_check NilClass fix
2014-12-16 15:34:25 -06:00
David Maloney
f237c56a13
This oracle scheduler exploit hangs if not vuln
...
When this exploit gets run against a system that isn't vulnerable
it can hang for a signifigant ammount of time. This change uses the check
method on the exploit to see whether it should proceed. Don't try to exploit
the host if it's not vulnerable.
2014-12-16 09:42:42 -06:00
William Vu
2604746fb7
Land #4361 , Kippo detector
2014-12-15 14:54:48 -06:00
William Vu
8394cc13a8
Perform final cleanup of detect_kippo
2014-12-15 14:38:38 -06:00
sinn3r
c611249723
Take full advantage of the check command
2014-12-15 12:50:59 -06:00
sinn3r
9edb2b4fab
Fix #4378 - Do exception handling
...
Fix #4378
2014-12-15 12:37:36 -06:00
Jon Hart
effb5b966f
Land #4328 , @bcoles' exploit for ActualAnalyzer < 2.81 'ant' code execution
2014-12-15 09:57:27 -08:00
Jon Hart
025c0771f8
Have exploit call check. Have check report_vuln
2014-12-15 09:53:11 -08:00
sinn3r
4c714b3eaf
Land #4386 - Fix issue #3852 (support for other languages for enable_rdp)
2014-12-15 11:37:05 -06:00
Jon Hart
f521e7d234
Use newer Ruby hash syntax
2014-12-15 09:17:32 -08:00
Jon Hart
c93dc04a52
Resolve address before storing the working cred
2014-12-15 09:11:12 -08:00
Brent Cook
c24fdb81b5
Land #4389 , Meatballs1's fix for enum_ad_* post module regressions
...
Fixes #4387 by adjusting for the new return type from ADSI queries.
2014-12-15 10:45:12 -06:00
Jon Hart
5ca8f187b3
Merge remote-tracking branch 'upstream/pr/4328' into temp
2014-12-15 08:15:51 -08:00
root
6480ae2c03
Show message at the end
2014-12-15 16:26:39 +01:00
root
288954afa0
recvfrom allocation changed
2014-12-14 18:58:48 +01:00
Sean Verity
9a0ed723d1
Adds error handling for drive letter enumeration
2014-12-14 12:56:20 -05:00
Brendan Coles
4530066187
return nil
2014-12-15 01:04:39 +11:00
Brendan Coles
55d9e9cff6
Use list of potential analytics hosts
2014-12-14 23:15:41 +11:00
Meatballs
00b802cc68
Reindent description
2014-12-14 10:04:18 +00:00
rcnunez
223d6b7923
Merged with Fr330wn4g3's changes
2014-12-14 13:08:19 +08:00
Sean Verity
0c5f4ce4ee
Removed the handler-ish code
2014-12-13 22:18:41 -05:00
Sean Verity
2addd0fdc4
Fixed name, removed tabs, updated license
2014-12-13 20:37:19 -05:00
HD Moore
e3943682a2
Improves linux/armle payloads, lands #3315
2014-12-13 18:27:14 -06:00
HD Moore
6ea5ed1a82
Shrinks windows payloads, lands #4391
2014-12-13 17:41:50 -06:00
HD Moore
f67a32ef9c
Add missing commits from #3770 , lands #4393
2014-12-13 17:36:26 -06:00
Meatballs
6ecf537f40
Grab user creds to database
2014-12-13 20:30:20 +00:00
Brandon Perry
eb47ca593e
update desc to include domain admin information
2014-12-13 13:01:41 -06:00
Brandon Perry
2e94280cba
mv bmc to scanner/http
2014-12-13 12:58:16 -06:00
HD Moore
5a645c5eba
Stagers updated from source
2014-12-13 12:50:47 -06:00
Meatballs
e914061745
Gsub out funny character when storing to database
2014-12-13 18:35:31 +00:00
Meatballs
316710329b
Fix field.value
2014-12-13 18:31:29 +00:00
HD Moore
92490ab5e8
Singles updated from the source
2014-12-13 12:22:07 -06:00
Meatballs
d3d744a7cb
Make sure we get the field :value
2014-12-13 18:13:36 +00:00
Brandon Perry
8c6b95c39c
Merge branch 'landing-4359' of https://github.com/jhart-r7/metasploit-framework into bmc_trackit
2014-12-13 11:37:57 -06:00
Brandon Perry
cd1e61a201
Merge branch 'master' into bmc_trackit
2014-12-13 11:36:30 -06:00
Andrew Morris
8dd5da9d64
added blog post reference
2014-12-12 18:53:26 -08:00
jvazquez-r7
b1453afb52
Land #4297 , fixes #4293 , Use OperatingSystems::Match::WINDOWS
...
* instead of Msf::OperatingSystems::WINDOWS
2014-12-12 18:19:58 -06:00
jvazquez-r7
5eb510f7bc
Use the correct variable for the filename
2014-12-12 17:40:26 -06:00
jvazquez-r7
27323bcaa5
Fix #3852 , make enable_rdp with other languages
2014-12-12 17:30:14 -06:00
HD Moore
f676b72767
Add Kademlia scanner, lands #4210
2014-12-12 16:40:58 -06:00
HD Moore
338cce02c9
Downcase the service name for consistency
2014-12-12 16:40:42 -06:00
HD Moore
4fc4866fd8
Merge code in from #2395
2014-12-12 16:22:51 -06:00
Tod Beardsley
488f46c8a1
Land #4324 , payload_exe rightening.
...
Fixes #4323 , but /not/ #4246 .
2014-12-12 15:04:57 -06:00
Tod Beardsley
9908e0e35b
Land #4384 , fix typo.
2014-12-12 14:39:47 -06:00
HD Moore
50b734f996
Add Portuguese target, lands #3961 (also reorders targets)
2014-12-12 14:23:02 -06:00
Andrew Morris
f5374d1552
Added report_service method for database support, added port number in the print_status output, removed arbitrary comments, fixed some spacing. Ready for another review from msf devs
2014-12-12 11:57:35 -08:00
jvazquez-r7
008c33ff51
Fix description
2014-12-12 13:36:28 -06:00
Tod Beardsley
183acb9582
Land #4383 to handle Dutch correctly.
2014-12-12 13:32:21 -06:00
Tod Beardsley
81460198b0
Add openssl payload to distcc exploit
...
This is required to test #4274
2014-12-12 13:25:55 -06:00
wez3
3b6e92726c
Update outlook rb, "NL" to "nl_NL"
...
Update outlook rb, "NL" to "nl_NL"
2014-12-12 20:09:34 +01:00
jvazquez-r7
c683e7bc67
Fix banner
2014-12-12 13:01:51 -06:00
jvazquez-r7
b1f7682713
Make msftidy happy
2014-12-12 12:59:00 -06:00
jvazquez-r7
493034ad10
Land #3305 , @claudijd Cisco SSL VPN Privilege Escalation exploit
2014-12-12 12:57:00 -06:00
jvazquez-r7
047bc3d752
Make msftidi happy
2014-12-12 12:49:12 -06:00
jvazquez-r7
a1876ce6fc
Land #4282 , @pedrib's module for CVE-2014-5445, NetFlow Analyzer arbitrary download
2014-12-12 12:47:50 -06:00
jvazquez-r7
b334e7e0c6
Land #4322 , @FireFart's wordpress exploit for download-manager plugin
2014-12-12 12:41:59 -06:00
jvazquez-r7
aaed7fe957
Make the timeout for the calling payload request lower
2014-12-12 12:41:06 -06:00
Jon Hart
00f66b6050
Correct named captures
2014-12-12 10:22:14 -08:00
jvazquez-r7
98dca6161c
Delete unused variable
2014-12-12 12:03:32 -06:00
jvazquez-r7
810bf598b1
Use fail_with
2014-12-12 12:03:12 -06:00
Jon Hart
1e6bbc5be8
Use blank?
2014-12-12 09:51:08 -08:00
jvazquez-r7
4f3ac430aa
Land #4341 , @EgiX's module for tuleap PHP Unserialize CVE-2014-8791
2014-12-12 11:48:25 -06:00
jvazquez-r7
64f529dcb0
Modify default timeout for the exploiting request
2014-12-12 11:47:49 -06:00
Jon Hart
24f1b916e0
Minor ruby style cleanup
2014-12-12 09:47:35 -08:00
Jon Hart
1d1aa5838f
Use Gem::Version to compare versions in check
2014-12-12 09:47:01 -08:00
jvazquez-r7
d01a07b1c7
Add requirement to description
2014-12-12 11:42:45 -06:00
jvazquez-r7
fd09b5c2f6
Fix title
2014-12-12 10:52:18 -06:00
jvazquez-r7
4871228816
Do minor cleanup
2014-12-12 10:52:06 -06:00
jvazquez-r7
a0b181b698
Land #4335 , @us3r777 JBoss DeploymentFileRepository aux module
2014-12-12 10:40:03 -06:00
jvazquez-r7
3059cafbcb
Do minor cleanup
2014-12-12 10:37:50 -06:00
Jon Hart
751bc7a366
Revert "Move to a more appropriate location"
...
This reverts commit 6c82529266
.
2014-12-12 07:42:22 -08:00
Jon Hart
6c82529266
Move to a more appropriate location
2014-12-12 07:40:37 -08:00
Christian Mehlmauer
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
Jon Hart
65b316cd8c
Land #4372
2014-12-11 18:48:16 -08:00
Jon Hart
e5e40307e6
Land #4373
2014-12-11 18:45:53 -08:00
Jon Hart
3c2a33a316
Allow new password to be specified as an option
2014-12-11 17:26:42 -08:00
Jon Hart
a013dbf536
Correct and add more prints
2014-12-11 17:16:43 -08:00
Jon Hart
48dcfd9809
Use random security Q/A
2014-12-11 17:10:33 -08:00
Jon Hart
f208f31a33
Use correct username/domain in report_vuln
...
It would be nice if 'vulns' showed this
2014-12-11 16:59:21 -08:00
Jon Hart
70fce0bb33
Report the changed password
2014-12-11 16:56:22 -08:00
Jon Hart
f64a3be742
Avoid death by a thousand functions
2014-12-11 16:53:36 -08:00
Jon Hart
0627f708a2
Better handling of failed requests
2014-12-11 16:51:41 -08:00
Jon Hart
f2bda05d42
Correct last of the print_
2014-12-11 16:28:08 -08:00
Jon Hart
9486f67fbc
report_vuln upon exploitation with more specific details
2014-12-11 16:28:08 -08:00
Jon Hart
37d0959fd6
Include info in report_vuln. More style
2014-12-11 16:28:08 -08:00
Jon Hart
cfb02fe909
Add check support
2014-12-11 16:28:07 -08:00
Jon Hart
44818ba623
Minor style and usage updates as a result of Scanner
2014-12-11 16:28:07 -08:00
Jon Hart
0a29326ce7
Mixin Scanner. Yay speed!
2014-12-11 16:28:07 -08:00
Jon Hart
c9acd7a233
Remove unnecessary RPORT, which comes from HttpClient
2014-12-11 16:28:07 -08:00
Jon Hart
f8c25d83e5
Use get_cookies instead
2014-12-11 16:26:51 -08:00
Christian Mehlmauer
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
Christian Mehlmauer
de88908493
code style
2014-12-11 23:30:20 +01:00
Tod Beardsley
af9979d30b
Ruby style on methods please
...
Introduced in #4220 . This ain't no JavaScript!
2014-12-11 15:24:30 -06:00
dmaloney-r7
47c38ed04e
Merge pull request #4364 from todb-r7/bug/bruteforce-speed-3904
...
Modules should respect bruteforce_speed again
2014-12-11 13:19:42 -06:00
Tod Beardsley
51762e1194
Explicitly include the HTTP Login scanner
...
This should be the last commit that fixes #3904 .
2014-12-11 11:08:08 -06:00
Tod Beardsley
b533f74024
Add a bruteforce_speed option to all LoginScanners
2014-12-11 11:06:32 -06:00
Jon Hart
24dbc28521
Land #4356
2014-12-11 09:03:18 -08:00
Brandon Perry
54e8254a82
Update bmc_trackit_passwd_reset.rb
2014-12-11 10:59:43 -06:00
Andrew Morris
7afa87f168
screwed up formatting. updated indention at the end. ok seriously, going to bed now
2014-12-11 01:05:56 -08:00
Andrew Morris
291166e1ff
forgot to run through msftidy.rb. made a few minor corrections
2014-12-11 00:47:39 -08:00
Andrew Morris
a1624c15ae
Addressed some recommendations made by wvu-r7. Need to remove some comments, add reporting, etc.
2014-12-11 00:40:20 -08:00
Andrew Morris
22c9db5818
added detect_kippo.rb
2014-12-10 19:37:35 -08:00
Brandon Perry
67cf3e74c0
Update bmc_trackit_passwd_reset.rb
2014-12-10 20:45:54 -06:00
Brandon Perry
90cc9a9bed
Update bmc_trackit_passwd_reset.rb
2014-12-10 19:05:46 -06:00
Brandon Perry
f37dc13a19
Create bmc_trackit_passwd_reset.rb
2014-12-10 18:54:37 -06:00
Tod Beardsley
0eea9a02a1
Land #3144 , psexec refactoring
2014-12-10 17:30:39 -06:00
Meatballs
c813c117db
Use DNS names
2014-12-10 22:25:44 +00:00
Marc Wickenden
245b76477e
Fix issue with execution of perl due to gsub not matching across newlines
2014-12-10 21:38:04 +00:00
Spencer McIntyre
86ae104580
Land #4325 , consistent mssql module names
2014-12-09 21:52:05 -05:00
sinn3r
87c83cbb1d
Another round of name corrections
2014-12-09 20:16:24 -06:00
Jonathan Claudius
e89a399f95
Merge remote-tracking branch 'upstream/master' into add_cisco_ssl_vpn_priv_esc
2014-12-09 20:55:01 -05:00
Tod Beardsley
09617f990b
Implement BRUTEFORCE_SPEED respect (telnet)
...
This implements just for telnet, but assuming this strategy is kosher,
it's not too painful to add for the rest of the LoginScanner using the
old defaults used by `AuthBrute`.
See #3904 , @dmaloney-r7 or @jlee-r7
2014-12-09 15:40:43 -06:00
HD Moore
176296681a
Fix heartbleed cert parsing, lands #4338 , closes #4309
2014-12-09 14:58:27 -06:00
sinn3r
bb8dfdb15f
Ensure consistency for mssql modules
2014-12-09 10:28:45 -06:00
EgiX
700ccc71e7
Create tuleap_unserialize_exec.rb
2014-12-09 10:15:46 +01:00
Christian Mehlmauer
916503390d
use get_data
2014-12-08 22:49:02 +01:00
Christian Mehlmauer
fb9724e89d
fix heartbleed cert parsing, fix #4309
2014-12-08 21:58:38 +01:00
us3r777
4abfb84cfc
Upload WAR through Jboss DeploymentFileRepository
2014-12-08 19:02:51 +01:00
Tod Beardsley
909971e0bf
Margins on description, PowerShell not Powershell
2014-12-08 10:57:49 -06:00
Tod Beardsley
80dc781625
Email over E-mail
...
While I believe "e-mail" is the actually correct spelling, we tend to
say "email" everywhere else. See:
````
todb@mazikeen:~/git/rapid7/metasploit-framework$ grep -ri "print.*email"
modules/ | wc -l
19
[ruby-2.1.5@metasploit-framework](fixup-grammar)
todb@mazikeen:~/git/rapid7/metasploit-framework$ grep -ri
"print.*e-mail" modules/ | wc -l
1
````
2014-12-08 10:55:26 -06:00
Christian Mehlmauer
738fc78883
Land #4220 , outlook gather post module
2014-12-07 22:41:28 +01:00
Pedro Ribeiro
98e416f6ec
Correct OSVDB id
2014-12-07 17:54:31 +00:00
Pedro Ribeiro
e474ecc9cf
Add OSVDB id
2014-12-07 17:41:35 +00:00
jvazquez-r7
54705eee48
Fix option parsing
2014-12-06 21:50:54 -06:00
jvazquez-r7
21742b6469
Test #3729
2014-12-06 21:20:52 -06:00
Brendan Coles
42744e5650
Add actualanalyzer_ant_cookie_exec exploit
2014-12-06 19:09:20 +00:00
Christian Mehlmauer
cc63d435c7
another whitespace
2014-12-06 09:32:22 +01:00
Christian Mehlmauer
f0a47f98bc
final formatting
2014-12-06 00:38:05 +01:00
Christian Mehlmauer
f1f743804e
more formatting
2014-12-06 00:31:38 +01:00
Christian Mehlmauer
9187a409ec
outlook post module fixes
2014-12-06 00:28:44 +01:00
William Vu
2f98a46241
Land #4314 , @todb-r7's module cleanup
2014-12-05 14:05:09 -06:00
sinn3r
4b06334455
Minor title change for mssql_enum_domain_accounts_sqli
...
We don't really do "-" for naming
Kind of stands up on a list
2014-12-05 11:42:08 -06:00
sinn3r
7ae786a53b
Add a comment as an excuse to tag the issue
...
Fix #4246
... so it will automatically close the ticket.
2014-12-05 11:26:26 -06:00
sinn3r
f25e3ebaaf
Fix #4246 - More undef 'payload_exe' in other modules
...
Root cause: payload_exe is an accessor in the TFPT command stager
mixin, you need stager_instance in order to retreive that info.
2014-12-05 11:19:58 -06:00
headlesszeke
8d1ca872d8
Now with logging of command response output
2014-12-05 10:58:40 -06:00
Christian Mehlmauer
5ea062bb9c
fix bug
2014-12-05 11:30:45 +01:00
Christian Mehlmauer
55b8d6720d
add wordpress download-manager exploit
2014-12-05 11:17:54 +01:00
sinn3r
e3f7398acd
Fix #4246 - Access payload_exe information correctly
...
This fixes an undef method 'payload_exe' error. We broke this when
all modules started using Msf::Exploit::CmdStager as the only source
to get a command stager payload. The problem with that is "payload_exe"
is an accessor in CmdStagerTFTP, not in CmdStager, so when the module
wants to access that, we trigger the undef method error.
To be exact, this is the actual commit that broke it:
7ced5927d8
Fix #4246
2014-12-05 02:08:13 -06:00
Jon Hart
85e0d72711
Land #4229 , @tatehansen's module for CVE-2014-7992
2014-12-04 17:20:49 -08:00
Jon Hart
f0cfcd4faf
Update dlsw_leak_capture name and print_
...
This makes it more obvious exactly what is being scanned for
2014-12-04 17:20:01 -08:00
Pedro Ribeiro
e5bdf225a9
Update netflow_file_download.rb
2014-12-04 21:32:19 +00:00
Jon Hart
52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT
2014-12-04 13:26:16 -08:00
Jon Hart
6bd56ac225
Update any modules that deregistered NETMASK
2014-12-04 13:22:06 -08:00
Meatballs
e471271231
Move comment
2014-12-04 20:24:37 +00:00
Meatballs
c14ba11e79
If extapi dont stage payload
2014-12-04 20:17:48 +00:00
Tod Beardsley
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
wez3
7c62fa5c95
Add Windows post module for reading/searching Outlook e-mail #8
2014-12-04 14:28:40 +01:00
tate
3aecd3a10e
added DLSw v1 and v2 check, added check for \x00 in leak segment
2014-12-03 23:27:11 -07:00
sinn3r
2fcbcc0c26
Resolve merge conflict for ie_setmousecapture_uaf ( #4213 )
...
Conflicts:
modules/exploits/windows/browser/ie_setmousecapture_uaf.rb
2014-12-03 14:12:15 -06:00
wez3
3cadcb942a
Add Windows post module for reading/searching Outlook e-mail #7
2014-12-03 18:30:22 +01:00
William Vu
3a978e1147
Land #4280 , frontpage_login improvements
2014-12-02 14:56:57 -06:00
sinn3r
a631ee65f6
Fix #4293 - Use OperatingSystems::Match::WINDOWS
...
Fix #4293 . Modules should use OperatingSystems::Match::WINDOWS
instead of Msf::OperatingSystems::WINDOWS, because the second
won't match anything anymore.
2014-12-02 13:46:27 -06:00
HD Moore
b29e53984e
Merge master with merge of PR #4225
2014-12-02 11:58:30 -06:00
HD Moore
fc96d011ab
Python reverse_http stager, lands #4225
2014-12-02 11:47:31 -06:00
HD Moore
7fe72fd118
Cosmetic tweaks for #4225
2014-12-02 11:47:14 -06:00
wez3
611e8c72eb
Add Windows post module for reading/searching Outlook e-mail #6
2014-12-02 14:05:08 +01:00
sinn3r
a88ee0911a
Fix os detection
...
See #3373
2014-12-02 01:15:55 -06:00
sinn3r
a42c7a81e7
Fix os detection
...
See #4283
2014-12-02 01:13:51 -06:00
headlesszeke
564488acb4
Changed and to &&
2014-12-02 00:02:53 -06:00
headlesszeke
280e10db55
Add module for Arris VAP2500 Remote Command Execution
2014-12-01 23:07:56 -06:00
William Vu
394d132d33
Land #2756 , tincd post-auth BOF exploit
2014-12-01 12:13:37 -06:00
jvazquez-r7
0ab2e99419
Delete version from title
2014-12-01 10:24:12 -06:00
jvazquez-r7
d1e8b160c7
Land #4271 , @espreto's module for CVE-2014-7816 WildFly's Traversal
...
* Issue in the web server JBoss Undertow
2014-12-01 10:22:47 -06:00
jvazquez-r7
f4e20284a4
Change mixin include order
2014-12-01 10:22:20 -06:00
jvazquez-r7
d85aabfed9
Use vprint by default
2014-12-01 10:20:12 -06:00
jvazquez-r7
e0cb0f7966
Fix description
2014-12-01 10:19:14 -06:00
jvazquez-r7
fa07b466d6
Use single quote and minor cosmetic changes
2014-12-01 09:57:29 -06:00
jvazquez-r7
d5888a7f6f
Fix module options
2014-12-01 09:55:36 -06:00
jvazquez-r7
47acf3487d
Do minor cleanup
...
* Prepend peer
* Use print_good when file downloaded
2014-12-01 09:53:00 -06:00
sinn3r
0f973fdf2b
Fix #4284 - Typo "neline" causing the exploit to break
...
"neline" isn't supposed to be there at all.
2014-12-01 01:24:30 -06:00
Tim
5c50a07c0f
futex_requeue
2014-12-01 03:49:22 +00:00
jvazquez-r7
7a2c9c4c0d
Land #4263 , @jvennix-r7's OSX Mavericks root privilege escalation
...
* Msf module for the Ian Beer exploit
2014-11-30 21:13:07 -06:00
jvazquez-r7
b357fd88a7
Add comment
2014-11-30 21:08:38 -06:00
jvazquez-r7
0ab99549bd
Change ranking
2014-11-30 21:08:12 -06:00
jvazquez-r7
7772da5e3f
Change paths, add makefile and compile
2014-11-30 21:06:11 -06:00
Roberto Soares Espreto
e4b3ee2811
Changed the module name.
2014-12-01 01:00:14 -02:00
Roberto Soares Espreto
ecbce679a8
Remove timeout on line 59.
2014-12-01 00:51:12 -02:00
Roberto Soares Espreto
f3957ea428
FILEPATH changed from false to true.
2014-12-01 00:48:47 -02:00
Roberto Soares Espreto
97ee975235
Deleted checking on line 48.
2014-12-01 00:46:58 -02:00
jvazquez-r7
d7d1b72bce
Rename local_variables
2014-11-30 20:40:55 -06:00
Roberto Soares Espreto
84ce573227
Deleted line 61 which returns the server status code.
2014-12-01 00:39:05 -02:00
jvazquez-r7
d77c02fe43
Delete unnecessary metadata
2014-11-30 20:37:34 -06:00
jvazquez-r7
ff30a272f3
Windows paths need 2 backslashes
2014-11-30 18:54:41 -06:00
jvazquez-r7
223bc340e4
Prepend peer
2014-11-30 18:46:15 -06:00
jvazquez-r7
5ad3cc6296
Make FILEPATH mandatory
2014-11-30 18:45:23 -06:00
jvazquez-r7
b1b10cf4e5
Use Rex::ConnectionError
2014-11-30 18:44:25 -06:00
jvazquez-r7
a549cbbef8
Beautify metadata
2014-11-30 18:44:03 -06:00
Deral Heiland
0887127264
Fixed several recommended changes by jvazquez-r7 and jlee-r7
2014-11-30 00:53:24 -05:00
Pedro Ribeiro
26d9ef4edd
Explain about Windows back slashes on option
2014-11-30 00:15:44 +00:00
Pedro Ribeiro
2fb38ec7bb
Create exploit for CVE-2014-5445
2014-11-30 00:12:37 +00:00
Tiago Sintra
6f6274735f
Update frontpage_login.rb
...
Vhost is now used if specified.
Added X-Vermeer-Content-Type header, which seems to be required for the RPC service otherwise server responds with:
method=
status=
status=262147
osstatus=0
msg=No "CONTENT_TYPE" on CGI environment.
osmsg=
2014-11-28 17:21:47 +00:00
sinn3r
f7f4a191c1
Land #4255 - CVE-2014-6332 Internet Explorer
2014-11-28 10:12:27 -06:00
sinn3r
2a7d4ed963
Touchup
2014-11-28 10:12:05 -06:00
OJ
48904c2d63
Land #4277 - vmware-mount configurable directory
2014-11-28 08:05:42 +10:00
Rasta Mouse
985838e999
Suggestions from OJ
2014-11-27 21:38:50 +00:00
HD Moore
10a05a393c
Add format_all_drives payload, lands #4268
2014-11-27 11:44:44 -06:00
HackSys Team
4a4608adbc
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 23:06:54 +05:30
Rasta Mouse
25ecf73d7d
Add configurable directory, rather than relying on the session working
...
directory.
2014-11-27 17:12:37 +00:00
HackSys Team
8473ed144a
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 14:13:49 +05:30
Roberto Soares Espreto
d75ffc36da
Changed the description of FILEPATH
2014-11-27 00:50:34 -02:00
Roberto Soares Espreto
f8dc366f42
Add CVE-2014-7816 Directory Traversal for WildFly 8 Application
2014-11-27 00:13:29 -02:00
peregrino
84bb5b5215
Rex::Socket.to_sockaddr changed
2014-11-26 17:51:38 +01:00
peregrino
16b64ff42a
Rex::Socket.to_sockaddr changed
2014-11-26 17:51:05 +01:00
Joe Vennix
cc33566ca8
Land #4265 , @shuckins-r7 fix for RPORT error on UDP sweep.
2014-11-26 10:27:15 -06:00
Jon Hart
79b2b5e231
RPORT is required by UDPScanner; deregister instead
2014-11-26 07:39:14 -08:00
HackSys Team
f5633ba3c3
Add format_all_drives shellcode for Windows x86_x64
2014-11-26 20:29:25 +05:30
peregrino
16a9450d43
session.tunnel_peer changed by session.session_host. Other minor changes
2014-11-26 12:08:54 +01:00
OJ
75e5553cd4
Change to in exploit
2014-11-26 16:53:30 +10:00
jvazquez-r7
9524efa383
Fix banner
2014-11-25 23:14:20 -06:00
jvazquez-r7
16ed90db88
Delete return keyword
2014-11-25 23:11:53 -06:00
jvazquez-r7
85926e1a07
Improve check
2014-11-25 23:11:32 -06:00
jvazquez-r7
5a2d2914a9
Fail on upload errors
2014-11-25 22:48:57 -06:00
jvazquez-r7
b24e641e97
Modify exploit logic
2014-11-25 22:11:43 -06:00
jvazquez-r7
4bbadc44d6
Use Msf::Exploit::FileDropper
2014-11-25 22:00:42 -06:00
jvazquez-r7
7fbd5b63b1
Delete the Rex::MIME::Message gsub
2014-11-25 21:54:50 -06:00
jvazquez-r7
eaa41e9a94
Added reference
2014-11-25 21:37:04 -06:00
jvazquez-r7
2c207597dc
Use single quotes
2014-11-25 18:30:25 -06:00
jvazquez-r7
674ceeed40
Do minor cleanup
2014-11-25 18:26:41 -06:00
jvazquez-r7
6ceb47619a
Change module filename
2014-11-25 18:09:15 -06:00
jvazquez-r7
1305d56901
Update from upstream master
2014-11-25 18:07:13 -06:00
jvazquez-r7
5615d65aee
Do minor cleanup
2014-11-25 17:35:07 -06:00
jvazquez-r7
d4e5cd25e1
Report credentials for new login level 15
2014-11-25 16:35:16 -06:00
jvazquez-r7
dc253efa19
Use Rex::Text.rand_text*
2014-11-25 16:35:06 -06:00
jvazquez-r7
f20afff1a8
Do return instead of abort
2014-11-25 16:34:57 -06:00
jvazquez-r7
d876efaa0f
Delete ssh_socket attribute
2014-11-25 16:34:47 -06:00
jvazquez-r7
5091bc76ad
Do minor cleanup
2014-11-25 16:34:22 -06:00
jvazquez-r7
c92a26e967
Update from upstream master
2014-11-25 16:30:45 -06:00
jvazquez-r7
5f4760c58e
Print final results in a table
2014-11-25 14:01:29 -06:00
jvazquez-r7
d998d97aaa
Refactor build_user_sid
2014-11-25 13:58:47 -06:00
jvazquez-r7
aad860a310
Make conditional easier
2014-11-25 13:54:08 -06:00
jvazquez-r7
ba57bc55b0
Don't report service
2014-11-25 13:52:22 -06:00
jvazquez-r7
059b0e91da
Don't report service
...
* The mssql could be in a third host, not rhost
2014-11-25 13:50:42 -06:00
jvazquez-r7
b467bda2d6
Reuse local variable
2014-11-25 13:49:24 -06:00
jvazquez-r7
31a84ef6ff
Make ternary operator more readable
2014-11-25 13:44:50 -06:00
jvazquez-r7
be566e5ad3
Use a lower fuzz number by default
2014-11-25 13:42:47 -06:00
jvazquez-r7
cd43f83cd7
Delete unnecessary comments
...
* No need to comment every step, just relevant
comments to undrestad code.
2014-11-25 13:40:57 -06:00
jvazquez-r7
f93dbc6deb
Use the target domain name
2014-11-25 13:36:48 -06:00
jvazquez-r7
7c87603b0e
Add progress information
2014-11-25 13:23:36 -06:00
jvazquez-r7
8e5b37ea6e
Fix reporting
2014-11-25 13:20:31 -06:00
jvazquez-r7
93539ae4c6
Use shorter variable name
2014-11-25 13:04:31 -06:00
jvazquez-r7
271f982f34
Use peer
2014-11-25 13:03:48 -06:00
jvazquez-r7
c549508abb
Use vprint
2014-11-25 13:03:18 -06:00
jvazquez-r7
249fb79a21
Fix print_* calls
2014-11-25 13:02:53 -06:00
jvazquez-r7
87cfd7c321
Dont use disconnect
2014-11-25 13:00:53 -06:00
jvazquez-r7
fb8372f505
Fix metadata
2014-11-25 12:59:11 -06:00
jvazquez-r7
71f35f5cd6
Update from upstream master
2014-11-25 12:46:44 -06:00
Joe Vennix
3a5de9970f
Update description, rename xnu_ver -> osx_ver.
2014-11-25 12:38:29 -06:00
Joe Vennix
7a3fb12124
Add an OSX privilege escalation from Google's Project Zero.
2014-11-25 12:34:16 -06:00
nullbind
4bd579bc1c
added mssql_enum_domain_accounts_sqli
2014-11-25 09:57:20 -06:00
wez3
5294594379
dd Windows post module for reading/searching Outlook e-mail #5 Add DE
2014-11-25 14:36:14 +01:00
William Vu
64f2b45ef4
Land #4258 , release fixes
2014-11-24 21:44:14 -06:00
jvazquez-r7
71669b9f9e
Change module filename
2014-11-24 20:34:12 -06:00
jvazquez-r7
5c4b1b0283
Output some information
2014-11-24 20:31:26 -06:00
jvazquez-r7
6e9cd331b3
Modify description
2014-11-24 20:28:38 -06:00
jvazquez-r7
261da9306e
Use store_loot
2014-11-24 20:22:21 -06:00
jvazquez-r7
cf52dd895f
Refactor search
2014-11-24 20:20:37 -06:00
jvazquez-r7
2fa5223d3b
move check out of the begin block
2014-11-24 19:28:53 -06:00
jvazquez-r7
90bdc770b5
Use literal creation notation
2014-11-24 19:27:50 -06:00
jvazquez-r7
2c4caeed29
Clean metadata
2014-11-24 19:26:12 -06:00
jvazquez-r7
443dd7b6c0
Use constants
2014-11-24 19:04:02 -06:00
jvazquez-r7
250250beb0
Fix indentation
2014-11-24 18:58:07 -06:00
jvazquez-r7
88ccffacb4
Update from upstream master
2014-11-24 18:32:35 -06:00
Jon Hart
0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
...
All of the work is done in rex. The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
Tod Beardsley
bd948eb346
Normalize author name
...
From #4061 , please don't decorate author names with URLs.
2014-11-24 13:03:42 -06:00
jvazquez-r7
343a0d78bc
Delete admin check
2014-11-24 12:28:19 -06:00
jvazquez-r7
7164c4e038
Use shorter filename
2014-11-24 12:10:08 -06:00
jvazquez-r7
021b27dd83
Clean reporting
2014-11-24 12:01:09 -06:00
jvazquez-r7
f74ab34881
Delente unnecessary check
2014-11-24 11:50:41 -06:00
jvazquez-r7
3c858c793a
Use vprint
2014-11-24 11:49:36 -06:00
spdfire
583494c0db
use BrowserExploitServer
2014-11-24 18:49:27 +01:00
jvazquez-r7
4a169210ab
Use vprint
2014-11-24 11:48:16 -06:00
jvazquez-r7
ecb74c543a
Beautify description
2014-11-24 11:27:32 -06:00
jvazquez-r7
c52104e91d
Beautify metadata
2014-11-24 11:24:41 -06:00
jvazquez-r7
fcb4bea3c1
Fix code comments
2014-11-24 11:23:27 -06:00
Tod Beardsley
77b1f2d2f0
Fixup for release
...
Fixes the grammar on the SMTP enumeration module and the Cisco CDP
module, and adds a more informative description and reference for the
CDP module introduced on PR #4061 .
2014-11-24 10:50:43 -06:00
jvazquez-r7
10d0305cb2
Update from upstream master
2014-11-24 09:48:43 -06:00
Jon Hart
e9750e2df8
Minor style/usability cleanups
2014-11-24 06:57:31 -08:00
spdfire
08a67d78c5
module for CVE-2014-6332.
2014-11-24 08:25:18 +01:00
sinn3r
57419bb0fc
Fix #4253 - Print access level for snmp_login
...
Fix #4253 - module should print the access level
2014-11-22 23:09:15 -06:00
tate
9828598cb7
removing timeout method and option
2014-11-22 00:28:56 -07:00
tate
57b04f96a7
working with DLSw protocol check
2014-11-21 23:54:00 -07:00
tate
b9a274f869
improving DLSw detection
2014-11-21 18:58:02 -07:00
wez3
53b69583f4
Add Windows post module for reading/searching Outlook e-mail #4
2014-11-21 20:00:30 +01:00
jvazquez-r7
3ac1f7d4fb
Land #4242 , @Meatballs1 fix for sap_service_discovery report_note
...
* I cannot reproduce @Meatballs1 issue
* But I noticed report_note should :update with :unique_data
* Fixed the :update
2014-11-21 10:16:08 -06:00
jvazquez-r7
e30ee9fee2
Update with :unique_data
2014-11-21 10:14:39 -06:00
HD Moore
99a23ada5c
Module cleanup, error handling, and reporting
2014-11-20 16:18:20 -06:00
Jon Hart
e255db9429
Partial commit
2014-11-20 13:49:36 -08:00
Jon Hart
94e5ba13a4
YARD and spec cleanup
2014-11-20 13:28:01 -08:00
Jon Hart
df36ac910d
Mostly complete Kademlia PING / BOOTSTRAP scanner
2014-11-20 13:28:01 -08:00
Jon Hart
ab49d01a1b
Add beginnings of Kademlia gather module and protocol support
2014-11-20 13:28:00 -08:00
HD Moore
2f6c4a9ba4
Slight tweak to description/author email formatting
2014-11-20 14:53:52 -06:00
Meatballs
ee15179441
Fix service discovery errors
2014-11-20 18:22:33 +00:00
Rich Whitcroft
8306d739e3
add scanner module to extract domain from NTLM challenge
2014-11-20 11:02:21 -05:00
Mark Schloesser
8e7e5590c9
rename SHELLARG to ARGV0 because that's really what it is
2014-11-19 22:14:24 +01:00
mschloesser-r7
ac4c11ca39
work on linux/armle/shell_bind/tcp
...
same changes as to shell_reverse_tcp
2014-11-19 21:53:23 +01:00
mschloesser-r7
fd7248b3c0
work on linux/armle/shell_reverse_tcp
...
shorten the execve code, remove exit, grow argv[0] space
2014-11-19 21:53:23 +01:00
Mark Schloesser
9e9954e831
fix placeholder to show the firmware version I used
2014-11-19 21:23:39 +01:00
Mark Schloesser
a718e6f83e
add exploit for r7-2014-18 / CVE-2014-4880
2014-11-19 21:07:02 +01:00
Tod Beardsley
6a58774dd6
Land #4234 , crediting @jduck
2014-11-19 12:43:04 -06:00
tate
a4a1048f95
modified to get data collection off sock working
2014-11-19 11:17:58 -07:00
Jon Hart
684975a315
Use correct target address for fake As
2014-11-19 08:28:56 -08:00
Jon Hart
3777e78a85
Sanitize creation of target host. Return minimal for SRV
2014-11-19 08:28:56 -08:00
Jon Hart
52e004d8ab
Use less conflicting name for SRV record port
2014-11-19 08:28:56 -08:00
Jon Hart
ee90e4353b
Add more consistent logging for fakedns types that support fake vs bypass
2014-11-19 08:28:55 -08:00
Jon Hart
0910275fac
Don't artificially insert additional records when BYPASS
2014-11-19 08:28:55 -08:00
Fatih Ozavci
a38cb3ee53
@jhart-r7 commits are accepted and conflicts fixed.
2014-11-19 08:28:55 -08:00
Fatih Ozavci
ab7f6866f5
FAKE and BYPASS actions are implemented for SRV queries
2014-11-19 08:28:55 -08:00
Fatih Ozavci
f403d27fbd
Author update for the fakedns module
2014-11-19 08:28:55 -08:00
Fatih Ozavci
47f7d8c4be
IN:SRV expansion for Fake DNS server
2014-11-19 08:28:55 -08:00
Joe Vennix
a9cb6e0d2f
Add jduck as an author on samsung_knox_smdm_url
2014-11-19 10:18:08 -06:00
Jon Hart
895bdd9c6f
Remove unused options
2014-11-19 08:09:52 -08:00
Jon Hart
134046975e
Remove report mixin which was not used
2014-11-19 08:09:52 -08:00
Jon Hart
4c112e71c1
Remove errant whitespace, unnecessary to_s
2014-11-19 08:09:52 -08:00
Jon Hart
f54fc3da87
More CDP cleanup. Loop, cleaner packet construction, style
2014-11-19 08:09:52 -08:00
Jon Hart
0dac2de3fd
Use PacketFu::EthHeader.mac2str for MAC formatting
2014-11-19 08:09:52 -08:00
Jon Hart
2d484a3e1a
Remove sniffing capabilities from cdp -- use wireshark/tcpdump instead
2014-11-19 08:09:52 -08:00
Jon Hart
39d691086e
First round of basic Ruby style cleanup in cdp
2014-11-19 08:09:52 -08:00
Fatih Ozavci
7e93d890ab
Viproy is removed from names
...
Author section is fixed
2014-11-19 08:09:52 -08:00
Fatih Ozavci
d78d57eaf4
Viproy VoIP Pen-Test Kit - Cisco CDP Testing Module
2014-11-19 08:09:52 -08:00
Meatballs
1d0d5582c1
Remove datastore options
2014-11-19 15:05:36 +00:00
Meatballs
7004c501f8
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
...
Conflicts:
modules/exploits/windows/smb/psexec.rb
2014-11-19 14:40:50 +00:00
Jon Hart
7d6e7a6bfa
Minor Ruby style and module usability cleanup
2014-11-18 16:33:05 -08:00
tate
6b8b49ff98
improving metasploit module based on feedback
2014-11-18 15:03:18 -07:00
jvazquez-r7
fb4b6543e2
Handle other rex exceptions
2014-11-18 15:57:41 -06:00
jvazquez-r7
542eb6e301
Handle exception in brute force exploits
2014-11-18 12:17:10 -08:00
Jon Hart
60e31cb342
Allow sunrpc_create to raise on its own
2014-11-18 12:17:10 -08:00
Jon Hart
500c4249fe
Update solaris_kcms_readfile to gracefully handle RPC errors
2014-11-18 12:17:10 -08:00
Jon Hart
82f89e620b
Clean up nfs mount scanner to *print_* better
2014-11-18 12:17:10 -08:00
Jon Hart
b2f9307e0a
vprint # of RPC programs, since the table comes right after
2014-11-18 12:17:10 -08:00
Jon Hart
a9f9a8b116
Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner
2014-11-18 12:17:10 -08:00
Jon Hart
c7794a7ed9
Clean up Ruby style in sunrpc_portmapper
2014-11-18 12:17:09 -08:00
Jon Hart
059d84e4ca
More consistent *print_* and Rex::Ui::Text::Table for sunrpc_portmapper
2014-11-18 12:17:09 -08:00
wez3
435c6eef81
Add Windows post module for reading/searching Outlook e-mail #3
2014-11-18 16:27:33 +01:00
wez3
91a53dc36c
Add Windows post module for reading/searching Outlook e-mail
2014-11-18 12:41:24 +01:00
tate
703e0486fb
Add DLSw leak capture module for CVE-2014-7992
2014-11-17 20:35:54 -07:00
Spencer McIntyre
d5ebd8a2dc
Shorten the reverse_http stager by renaming a var
2014-11-17 19:04:26 -05:00
jvazquez-r7
7daedac399
Land #3972 @jhart-r7's post gather module for remmina Remmina
...
* Gather credentials managed with Remmina
2014-11-17 16:44:41 -06:00
jvazquez-r7
45d219c0d8
Land #4102 , @jhart-r7's fix for nbns_response
...
* Use request src_port instead of 137
2014-11-17 15:46:38 -06:00
Tod Beardsley
286827c6e5
Land #4186 , Samsung KNOX exploit. Ty @jvennix-r7!
2014-11-17 13:29:39 -06:00
Tod Beardsley
39980c7e87
Fix up KNOX caps, descriptive description
2014-11-17 13:29:00 -06:00
Tod Beardsley
0f41bdc8b8
Add an OSVDB ref
2014-11-17 13:26:21 -06:00
nullbind
8c34f35ca9
added mssql_enum_windows_domain_accounts.rb
2014-11-17 13:03:43 -06:00
jvazquez-r7
54de805b7a
Report credentials
...
* Even when we are not associating them to hosts
* It's a post module so maybe we cannot solve some names
2014-11-17 12:49:18 -06:00
wez3
7a2b7208e7
Add Windows post module for reading/searching Outlook e-mail
2014-11-17 19:38:55 +01:00
jvazquez-r7
b3b37c7c9f
Use longer description lines
2014-11-17 12:23:22 -06:00
jvazquez-r7
145e610c0f
Avoid shadowing new method
2014-11-17 12:22:30 -06:00
William Vu
fd53e969fd
Land #4217 , browser_autopwn variable fix
2014-11-17 11:46:52 -06:00
William Vu
405eae4b6e
Remove EOL whitespace
2014-11-17 11:46:36 -06:00
jvazquez-r7
20195e7f37
Update from upstream/master
2014-11-17 11:43:48 -06:00
William Vu
91ba25a898
Land #4208 , psexec delay fix
2014-11-17 11:35:56 -06:00
jvazquez-r7
2c36f79934
Land #4165 , @jhart-r7's check for datastore options on Cisco dtp
...
* Fix modules/auxiliary/spoof/cisco/dtp
* Just one of the two options is required
2014-11-17 11:23:31 -06:00
Jon Hart
d5afb2b766
%q
2014-11-17 09:01:14 -08:00
Jon Hart
ce73e32673
Doc and named captures
2014-11-17 09:01:14 -08:00
Jon Hart
bf05fe1389
Refactoring, simplification, better print_*
2014-11-17 09:01:14 -08:00
Jon Hart
6e1cdfde36
Rip out create_credential* stuff. Use what works
2014-11-17 09:01:14 -08:00
Jon Hart
e5bb13a609
If remmina config files are missing data for creds, tell me what
2014-11-17 09:01:14 -08:00
Jon Hart
875d1f9ea0
Convert Remmina credential gatherer to use new credentials model
2014-11-17 09:01:14 -08:00
Jon Hart
086f0c02d6
Remove excessive logging
2014-11-17 09:01:14 -08:00
Jon Hart
90e58e9e71
Binary encoding
2014-11-17 09:01:14 -08:00
Jon Hart
e76373340e
Correct some Rubocop things that I agree with
2014-11-17 09:01:14 -08:00
Jon Hart
f729a6cf02
Add Remmina RDP/SSH/VNC password gathering
2014-11-17 09:01:13 -08:00
Joe Vennix
cd61975966
Change puts to vprint_debug.
2014-11-17 10:13:13 -06:00
floyd
9243cfdbb7
Minor fixes to ruby style things
2014-11-17 17:12:17 +01:00
Joe Vennix
fc1635e80a
Fix BAP JS ref error.
2014-11-17 10:06:15 -06:00
Joe Vennix
2a24151fa8
Remove BAP target, payload is flaky. Add warning.
2014-11-17 02:02:37 -06:00
HD Moore
9fe4994492
Chris McNab has been working with MITRE to add these CVEs
...
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
Spencer McIntyre
0bf93acf6b
Pymeterp http proxy and user agent support
2014-11-16 14:29:20 -05:00
Joe Vennix
5de69ab6a6
minor syntax fixes.
2014-11-15 21:39:37 -06:00
Joe Vennix
3fb6ee4f7d
Remove dead constant.
2014-11-15 21:38:11 -06:00
Joe Vennix
7a62b71839
Some URL fixes from @jduck and exploit ideas from Andre Moulu.
...
The exploit works with the URLs fixed, installs the APK, but hangs at the Installing...
screen and never actually launches. We tried opening the APK in a setTimeout() intent
URI, but the previously launched intent seemed unresponsive. Andre had the bright
idea of re-opening the previously launched intent with invalid args, crashing it and
allow us to launch the payload.
2014-11-15 21:33:16 -06:00
William Vu
a521d469ed
Land #4194 , Quake protocol support
2014-11-15 17:44:19 -06:00
Christian Mehlmauer
28135bcb09
Land #4159 , MantisBT PHP code execution by @itseco
2014-11-15 07:49:54 +01:00
Rich Lundeen
27d5ed624f
fix for IE9 exploit config
2014-11-14 17:21:59 -08:00
Rich Lundeen
17ab0cf96e
ADD winxpIE8 exploit for MS13-080
2014-11-14 17:16:51 -08:00
Spencer McIntyre
7c14e818f6
Patch pymeterp http settings
2014-11-14 17:12:23 -05:00
sinn3r
e194d5490d
See #4162 - Don't delay before deleting a file via SMB
...
So I was looking at issue #4162 , and on my box I was seeing this
problem of the exploit failing to delete the payload in C:\Windows,
and the error was "Rex::Proto::SMB::Exceptions::NoReply The SMB
server did not reply to our request". I ended up removing the sleep(),
and that got it to function properly again. The box was a Win 7 SP1.
I also tested other Winodws boxes such as Win XP SP3, Windows Server
2008 SP2 and not having the sleep() doesn't seem to break anything.
So I don't even know why someone had to add the sleep() in the first
place.
2014-11-14 15:45:37 -06:00
Spencer McIntyre
681ae8ce6b
Pymet reverse_http stager basic implementation
2014-11-14 14:15:46 -05:00
jvazquez-r7
ee9b1aa83a
Manage Rex::ConnectionRefused exceptions
2014-11-14 10:53:03 -06:00
jvazquez-r7
428fe00183
Handle Rex::ConnectionTimeout
2014-11-13 22:34:28 -06:00
Jon Hart
57aef9a6f5
Land #4177 , @hmoore-r7's fix for #4169
2014-11-13 18:29:57 -08:00
jvazquez-r7
4a0e9b28a4
Use peer
2014-11-13 19:26:01 -06:00
jvazquez-r7
4a06065774
Manage Exceptions to not wait the full wfs_delay
2014-11-13 19:17:09 -06:00
jvazquez-r7
73ce4cbeaa
Use primer
2014-11-13 18:21:19 -06:00
jvazquez-r7
0bcb99c47d
Fix metadata
2014-11-13 18:00:11 -06:00
jvazquez-r7
a5c8152f50
Use fail_with
2014-11-13 17:57:26 -06:00
jvazquez-r7
6ddf6c3863
Fail when the loader cannot find the java payload class
2014-11-13 17:55:49 -06:00
Christian Mehlmauer
3faa48d810
small bugfix
2014-11-13 22:51:41 +01:00
Christian Mehlmauer
7d6b6cba43
some changes
2014-11-13 22:46:53 +01:00
Tod Beardsley
e2dc862121
Fix newly introduced typo.
2014-11-13 14:53:57 -06:00
Tod Beardsley
dd1920edd6
Minor typos and grammar fixes
2014-11-13 14:48:23 -06:00
Juan Escobar
17032b1eed
Fix issue reported by FireFart
2014-11-13 04:48:45 -05:00
Peregrino Gris
80a9fa4b5d
Ports default values added, is_internal REX function added, reference added
2014-11-13 10:10:25 +01:00
jvazquez-r7
31f3aa1f6d
Refactor create packager methods
2014-11-13 01:16:15 -06:00
jvazquez-r7
38a96e3cfc
Update target info
2014-11-13 00:56:42 -06:00
jvazquez-r7
e25b6145f9
Add module for MS14-064 bypassing UAC through python for windows
2014-11-13 00:56:10 -06:00
jvazquez-r7
f081ede2aa
Land #4155 , @pedrib's module for CVE-2014-8499
...
* Password Manager Pro privesc + password disclosure
2014-11-12 23:56:26 -06:00
Joe Vennix
ea6d8860a1
Not root, just arbitrary permissions.
2014-11-12 21:51:55 -06:00
Jon Hart
ebf6fe4e56
Minor style cleanup
2014-11-12 16:44:43 -08:00
sinn3r
a5009170e7
Land #4185 - Add CVE-2014-6352 (ms14-060 aka sandworm)
2014-11-12 17:11:43 -06:00
Jon Hart
07a1653e57
Add gather module for Quake servers
2014-11-12 13:32:56 -08:00
Pedro Ribeiro
9df31e950f
Add OSVDB id
2014-11-12 21:32:33 +00:00
Tod Beardsley
54158c8662
Land #4005 , TNS poison checker
2014-11-12 13:29:59 -06:00
Tod Beardsley
d242bc220b
Minor fixups and disclosure date for TNS module
2014-11-12 13:25:10 -06:00
Tod Beardsley
955a5142ca
Edit e-mail address for antispam
2014-11-12 13:19:04 -06:00
Joe Vennix
1895311911
Change URL to single line.
2014-11-12 10:56:51 -06:00
Peregrino Gris
529f749abb
Add post-exploitation module to get FW filtering rules
2014-11-12 17:38:49 +01:00
Joe Vennix
8689b0adef
Add module for samsung knox root exploit.
2014-11-12 09:53:20 -06:00
jvazquez-r7
70589668c2
Really land the #4130 module
2014-11-12 09:39:01 -06:00
jvazquez-r7
ece8013d7a
Use #empty?
2014-11-12 09:35:06 -06:00
jvazquez-r7
f048463ed6
Do minor fixupts
...
* Delete peer method
* Make verifications more strict
2014-11-12 09:33:49 -06:00
jvazquez-r7
a5c87db65e
Do minor cleanup
...
* Beautify description
* Use double quotes for interpolation
2014-11-12 09:29:53 -06:00
jvazquez-r7
e1164d3e14
Use snake_case on filename
2014-11-12 09:26:47 -06:00
jvazquez-r7
c35dc2e6b3
Add module for CVE-2014-6352
2014-11-12 01:10:49 -06:00
Tod Beardsley
7e05f88399
Reapply PR #4113 (removed via #4175 )
2014-11-11 15:06:43 -06:00
HD Moore
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Tod Beardsley
017a44c0ae
Revert errored merge of deea30d
...
Revert "Merge branch 'master' of https://github.com/farias-r7/metasploit-framework into upstream-master"
This reverts commit deea30ddb4
, reversing
changes made to 14514d7b8b
.
2014-11-11 14:38:47 -06:00
Jon Hart
9238d80a24
Use correct source port for NBNS spoofer
...
137 is only correct for systems that use this as their source port.
Systems running Samba, for example, don't use this. So use the port
taken from the original request, not 137 or 1337
2014-11-11 10:33:27 -08:00
HD Moore
96ba6da697
Add the UDP scanner template, lands #4113 .
...
There is some additional work to do regarding CHOST/CPORT, but this is not tied to the udp template changes.
2014-11-11 11:59:30 -06:00
jvazquez-r7
01fda27264
Fix title
2014-11-11 11:15:53 -06:00
jvazquez-r7
a588bfd31a
Use single quotes
2014-11-11 09:56:46 -06:00
jvazquez-r7
77c8dc2b64
Dont return nil from 'run'
2014-11-11 09:39:08 -06:00
jvazquez-r7
fb309aae11
Use a Fixnum as FuzzInt default value
2014-11-11 09:36:53 -06:00
jvazquez-r7
f6762b41b6
Use random fake db name
2014-11-11 09:35:51 -06:00
jvazquez-r7
94c353222d
Do small cosmetic changes
2014-11-11 09:31:57 -06:00
jvazquez-r7
e9e5869951
update from master
2014-11-11 09:24:33 -06:00
Nikita
c0285067c9
Add new module to test TNS poison
...
msf auxiliary(tnspoison_checker) > show options
Module options (auxiliary/scanner/oracle/tnspoison_checker1):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 172.16.2.100, 172.16.2.24, 172.16.2.101 yes The target address range or CIDR identifier
RPORT 1521 yes The target port
THREADS 1 yes The number of concurrent threads
msf auxiliary(tnspoison_checker) > exploit
[+] 172.16.2.100:1521 is vulnerable
[*] Scanned 1 of 3 hosts (033% complete)
[-] 172.16.2.24:1521 is not vulnerable
[*] Scanned 2 of 3 hosts (066% complete)
[-] 172.16.2.101:1521 unable to connect to the server
[*] Scanned 3 of 3 hosts (100% complete)
[*] Auxiliary module execution completed
2014-11-11 17:29:27 +03:00
Juan Escobar
ac17780f6d
Fix by @FireFart to recover communication with the application after a meterpreter session
2014-11-11 05:49:18 -05:00
Juan Escobar
6bf1f613b6
Fix issues reported by FireFart
2014-11-11 00:41:58 -05:00
jvazquez-r7
091da05a86
update from master
2014-11-10 22:59:44 -06:00
jvazquez-r7
cac6494427
Use snake_case in filename
2014-11-10 16:58:46 -06:00
jvazquez-r7
2c33642de8
Do minor cleanup
2014-11-10 16:57:57 -06:00
jvazquez-r7
12ae8b3ec6
update from master
2014-11-10 16:19:26 -06:00
nullbind
493b81d874
cleanup
2014-11-10 15:22:21 -06:00
nullbind
31fa57fcb2
mssql_enum_sql_logins
2014-11-10 15:19:55 -06:00
Scott Sutherland
d543b16cc1
Added mssql_enum_sql_logins.rb
2014-11-10 15:02:46 -06:00
Scott Sutherland
ea226f7482
Update mssql_enum_sql_logins.rb
2014-11-10 15:02:14 -06:00
Juan Escobar
d4bbf0fe39
Fix issues reported by wchen-r7 and mmetince
2014-11-10 15:27:10 -05:00
nullbind
74344e9295
added mssql_enum_sql_logins
2014-11-10 13:42:52 -06:00
jvazquez-r7
4b701700c1
Fix banner
2014-11-10 12:40:53 -06:00
Jon Hart
7ed11ffd52
Check for INTERFACE or SMAC in dtp setup
2014-11-10 10:14:47 -08:00
jvazquez-r7
65dbb1a83f
Do print_status
2014-11-10 11:26:53 -06:00
jvazquez-r7
7aed1e9581
Create loot_passwords method
2014-11-10 11:21:44 -06:00
jvazquez-r7
92df11baa7
Create report_super_admin_creds method
2014-11-10 11:16:25 -06:00
jvazquez-r7
8f17011909
do run clean up
...
* Reduce code complexity
* Don't report not valid administrator credentials
2014-11-10 11:12:04 -06:00
jvazquez-r7
635df2f233
Fail with NoAccess
2014-11-10 09:50:26 -06:00
jvazquez-r7
9c033492d2
Fix indentation
2014-11-10 09:48:22 -06:00
jvazquez-r7
2236518694
Check res.body before accessing #to_s
2014-11-10 09:47:05 -06:00
jvazquez-r7
8b8ab61e3d
Favor && over and
2014-11-10 09:45:12 -06:00
jvazquez-r7
ee4924582a
Use target_uri
2014-11-10 09:43:44 -06:00
jvazquez-r7
8ddd6a4655
Redefine RPORT having into account it is builtin
2014-11-10 09:42:30 -06:00
jvazquez-r7
eb36a36272
Change title
2014-11-10 09:40:22 -06:00
floyd
9d848c8c3b
Adding tincd post-auth stack buffer overflow exploit module for several OS
...
Minor changes to comments
Updated URLs
Added Fedora ROP, cleaned up
Fixing URLs again, typos
Added support for Archlinux (new target)
Added support for OpenSuse (new target)
Tincd is now a separate file, uses the TCP mixin/REX sockets.
Started ARM exploiting
Style changes, improvements according to egyp7's comments
Style changes according to sane rubocop messages
RSA key length other than 256 supported. Different key lengths for client/server supported.
Drop location for binary can be customized
Refactoring: Replaced pop_inbuffer with slice
Refactoring: fail_with is called, renamed method to send_recv to match other protocol classes,
using rand_text_alpha instead of hardcoded \x90,
Fixed fail command usage
Version exploiting ARM with ASLR brute force
Cleaned up version with nicer program flow
More elegant solution for data too large for modulus
Minor changes in comments only (comment about firewalld)
Correct usage of the TCP mixin
Fixes module option so that the path to drop the binary on the server is not validated against the local filesystem
Added comments
Minor edits
Space removal at EOL according to msftidy
2014-11-10 12:03:17 +01:00
William Vu
0e772cc338
Land #4161 , "stop" NilClass fix
2014-11-09 19:37:32 -06:00
sinn3r
cd0dbc0e24
Missed another
2014-11-09 14:06:39 -06:00
Juan Escobar
9cce7643ab
update description and fix typos
2014-11-09 09:10:01 -05:00
Juan Escobar
5d17637038
Add CVE-2014-7146 PHP Code Execution for MantisBT
2014-11-09 08:00:44 -05:00
Pedro Ribeiro
b3c27452cd
Add full disclosure URL
2014-11-09 10:40:41 +00:00
Deral Heiland
5bf8901822
Fixed several recommended changes by jvazquez-r7, Also Correct a XML parsing issue
2014-11-09 02:43:36 -05:00
jvazquez-r7
bc5529396f
Land #4137 , @pedrib's module for Eventlog CVE-2014-6038/6039
2014-11-08 08:12:11 -06:00
Pedro Ribeiro
f680b666c7
Add github adv URL
2014-11-08 11:29:36 +00:00
Pedro Ribeiro
143033f657
Rename manageengine_pmp_sadmin.rb to manageengine_pmp_privesc.rb
2014-11-08 11:28:04 +00:00
Pedro Ribeiro
2843437ca9
Create exploit for CVE-2014-8499
2014-11-08 11:24:50 +00:00
Pedro Ribeiro
e7b448537f
Add OSVDB ids
2014-11-08 11:05:34 +00:00
jvazquez-r7
9d6e0664a4
Guess service name and port
2014-11-07 20:56:01 -06:00
jvazquez-r7
a44640c9fc
Use single quotes
2014-11-07 20:48:04 -06:00
jvazquez-r7
7c1c08fc19
Use single quotes without interpolation
2014-11-07 20:46:47 -06:00
jvazquez-r7
0373156cce
Use unless over if not
2014-11-07 20:42:08 -06:00
jvazquez-r7
f5a920da99
Use || operator
2014-11-07 20:41:44 -06:00
jvazquez-r7
64754a5609
Delete unnecessary begin..end block
2014-11-07 20:38:36 -06:00
jvazquez-r7
0919f74a3d
Delete unused variable
2014-11-07 20:37:57 -06:00
jvazquez-r7
22b875d0f3
Reduce code complexity
2014-11-07 20:37:40 -06:00
jvazquez-r7
b1517e6ace
Delete unnecessary nil comparision
2014-11-07 20:34:13 -06:00
jvazquez-r7
aa1fec7f02
Use fail_with
2014-11-07 20:33:33 -06:00
jvazquez-r7
d630eac272
Reduce code complexity
2014-11-07 20:32:15 -06:00
jvazquez-r7
cea30b5427
Use built-in format for RPORT
2014-11-07 20:30:32 -06:00
jvazquez-r7
e99cc00a57
No more than 100 columns on description
2014-11-07 20:29:38 -06:00
Jon Hart
2b7d25950b
Land #4148 , @wchen-r7 fixed #4133
2014-11-07 08:26:29 -08:00
sinn3r
0dbfecba36
Better method name
...
Should be srvhost, not lhost
2014-11-07 02:23:34 -06:00
Pedro Ribeiro
c00a3ac9cd
Add full disclosure URL
2014-11-07 08:06:21 +00:00
Joshua Smith
7b25e3be75
Land #4139 , Visual Mining NetCharts
...
landed after some touch up
2014-11-06 22:52:41 -06:00
Joshua Smith
7510fb40aa
touch up visual_mining_netcharts_upload
2014-11-06 22:50:20 -06:00
Pedro Ribeiro
8a0249cdbf
Address Juan's points
2014-11-06 21:02:28 +00:00
sinn3r
579481e5f8
Explain why I did this
...
Also tagging Fix #4133
2014-11-06 14:25:11 -06:00
sinn3r
f210ade253
Use SRVHOST for msvidctl_mpeg2
2014-11-06 14:23:21 -06:00
sinn3r
f7e308cae8
Land #4110 - Citrix Netscaler BoF
2014-11-06 00:04:17 -06:00
jvazquez-r7
54c1e13a98
Land #4140 , @wchen-r7's default template for adobe_pdf_embedded_exe
...
* Fixes #4134
* Adds a default PDF template
2014-11-05 20:21:14 -06:00
jvazquez-r7
adefb2326e
Land #4124 , @wchen-r7 fixes #4115 adding HTTP auth support to iis_webdav_upload_asp
2014-11-05 18:14:33 -06:00
sinn3r
1b2554bc0d
Add a default template for CVE-2010-1240 PDF exploit
2014-11-05 17:08:38 -06:00
jvazquez-r7
79cabc6d68
Fix clean up
2014-11-05 15:46:33 -06:00
jvazquez-r7
c08993a9c0
Add module for ZDI-14-372
2014-11-05 15:31:20 -06:00
Pedro Ribeiro
e71ba1ad4a
Push exploit for CVE-2014-6038/39
2014-11-05 20:12:03 +00:00
Tod Beardsley
cca30b536f
Land #4094 , fixes for OWA brute forcer
...
Fixes #4083
Thanks TONS to @jhart-r7 for doing most of the work on this!
2014-11-05 14:00:26 -06:00
Jon Hart
ff8d481eec
Update description to remove comments about defaults. Default to 2013
2014-11-04 21:21:19 -08:00
Fatih Ozavci
d91ffa893b
Viproy is removed from names
...
Author sections are fixed
2014-11-05 15:44:32 +11:00
Jon Hart
2c028ca7a6
Move redirect check before body check -- a redirect won't have a body
2014-11-04 14:19:21 -08:00
Jon Hart
7855ede2de
Move userpass emptiness checking into setup
2014-11-04 14:07:39 -08:00
William Vu
ebb8b70472
Land #4015 , another Android < 4.4 UXSS module
2014-11-04 15:52:29 -06:00
Tod Beardsley
f8593ca1b5
Land #4109 , tnftp savefile exploit from @wvu-r7
2014-11-04 15:44:13 -06:00
Tod Beardsley
5fb268bbdf
Updates to better OWA fix
2014-11-04 14:32:54 -06:00
nullbind
56a02fdb4a
added mssql_escalate_executeas_sqli.rb
2014-11-04 13:38:13 -06:00
Jon Hart
b0e388f4c3
Land #3516 , @midnitesnake's snmp_enumusers fix for Solaris, OS X
2014-11-04 08:23:16 -08:00
nullbind
15119d2a0f
comment fix-sorry
2014-11-04 09:07:08 -06:00
nullbind
f108d7b20a
fixed code comment
2014-11-04 08:51:27 -06:00
jvazquez-r7
400ef51897
Land #4076 , exploit for x7chat PHP application
2014-11-03 18:22:04 -06:00
jvazquez-r7
3bf7473ac2
Add github pull request as reference
2014-11-03 18:18:42 -06:00
jvazquez-r7
44a2f366cf
Switch ranking
2014-11-03 18:06:09 -06:00
jvazquez-r7
039d3cf9ae
Do minor cleanup
2014-11-03 18:04:30 -06:00
William Vu
277fd5c7a1
Land #4123 , release fixes
2014-11-03 16:20:00 -06:00
Juan Escobar
7e4248b601
Added compatibility with older versions, Updated descriptions and fixed issue with Ubuntu 12.04
2014-11-03 16:42:50 -05:00
Tod Beardsley
0199e4d658
Land #3770 , resolve random stager bugs
2014-11-03 14:15:14 -06:00
sinn3r
9a27984ac1
switch from error to switch
2014-11-03 13:56:41 -06:00
sinn3r
a823ca6b2f
Add support for HTTP authentication. And more informative.
2014-11-03 13:46:53 -06:00
Tod Beardsley
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
nullbind
fbe3adcb4c
added mssql_escalate_executeas module
2014-11-03 11:29:15 -06:00
Jon Hart
8f197d4918
Move to build_probe
2014-11-03 08:41:51 -08:00
sinn3r
6f013cdcaf
Missed these
2014-10-31 18:48:48 -05:00
sinn3r
d6a830eb6e
Rescue the correct exception: Rex::HostUnreachable
2014-10-31 16:43:33 -05:00
Jon Hart
121ebdfef6
update_info
2014-10-31 13:17:50 -07:00
Jon Hart
b99e71dcdd
Example UDPScanner style cleanup, move most to UDPScanner
2014-10-31 12:14:04 -07:00
Jon Hart
ff0b52cffb
Example per-batch vprint, a useful default
2014-10-31 10:31:31 -07:00
Jon Hart
94d4388af9
Improvements to example UDPScanner
2014-10-31 09:53:10 -07:00
Joe Vennix
1e9f9ce425
Handle invalid JSON errors and fix typo.
2014-10-31 11:01:49 -05:00
Jon Hart
d9f0a10737
Add new example template for scanning UDP services
2014-10-31 08:06:31 -07:00
jvazquez-r7
40bf44bd05
Don't allow 127.0.0.1 as SRVHOST
2014-10-31 08:19:15 -05:00
jvazquez-r7
7d2fa9ee94
Delete unnecessary to_s
2014-10-30 22:59:22 -05:00
William Vu
953a642b0e
Finally write a decent description
2014-10-30 22:51:42 -05:00
sinn3r
64f4777407
Land #4091 - Xerox DLM injection
2014-10-30 22:15:16 -05:00
sinn3r
b7a1722b46
Pass msftidy, more descriptive name and description
2014-10-30 22:14:18 -05:00
William Vu
e3ed7905f1
Add tnftp_savefile exploit
...
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
jvazquez-r7
8fdea5f74c
Change module filename
2014-10-30 20:34:24 -05:00
jvazquez-r7
9404e24b24
Update module information
2014-10-30 20:33:38 -05:00
Jon Hart
1a37a6638c
Fix splunk_upload_app_exec to work on new installs. Style
2014-10-30 18:28:56 -07:00
Jon Hart
55f245f20f
Merge #3507 into local, recently updated branch of master for landing
2014-10-30 17:28:20 -07:00
OJ
cc7f7c9986
Land #4108 - Avoid local offsets in CVE-2014-4113
2014-10-31 09:08:51 +10:00
jvazquez-r7
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
sinn3r
92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor
2014-10-30 13:52:07 -05:00
sinn3r
470a067384
Final changes
2014-10-30 13:51:44 -05:00
sinn3r
912f6c8eee
Land #4085 - Xerox Administrator Console Password Extract
2014-10-30 13:37:32 -05:00
sinn3r
02b1c5c4bc
Final changes
2014-10-30 13:37:02 -05:00
sinn3r
127d1640da
Print password
2014-10-30 13:27:40 -05:00
Deral Heiland
a6980b9eb8
Updated to module based feedback from wchen-r7
2014-10-30 12:59:11 -04:00
Joe Vennix
6dc13f90cd
Update descriptions to mention Webview bugginess.
2014-10-30 10:55:56 -05:00
Joe Vennix
0ad9f95806
Remove stray alert() for debugging.
2014-10-30 10:52:06 -05:00
Joe Vennix
88040fbce0
Add another Android < 4.4 UXSS exploit.
2014-10-30 10:34:14 -05:00
Jon Hart
15e1c253fa
Numerous cleanups for snmp_enumusers
...
* Bring in line with Ruby standards
* More sane format for adding new OSs
* Better logging for use on larger networks
* Better error handling
2014-10-29 23:54:32 -07:00
jvazquez-r7
ac939325ce
Add module first version
2014-10-29 21:11:57 -05:00
Peter Arzamendi
9d56f0298a
Changed upper XXX to lower XXX.
2014-10-29 20:09:02 -05:00
Deral Heiland
6c13c14be1
Konica MFP ftp and SMB credential gathering module
2014-10-29 16:12:16 -04:00
Peter Arzamendi
b35a8935db
Updated get_once for get_once undefined method and EOFError
2014-10-29 13:47:07 -05:00
Deral Heiland
64a59e805c
Fix a simple typo
2014-10-29 12:40:24 -04:00
Deral Heiland
1bf1be0e46
Updated to module based feedback from wchen-r7
2014-10-29 11:42:07 -04:00
Juan Escobar
2e53027bb6
Fix value of X7C2P cookie and typo
2014-10-29 08:32:36 -05:00
Peter Arzamendi
2bc8767751
Updated rescue to catch other errors from the socket API
2014-10-29 08:03:28 -05:00
Juan Escobar
9f21ac8ba2
Fix issues reported by wchen-r7
2014-10-28 21:31:33 -05:00
Jon Hart
ba5035c7ef
Prevent calling match when there is no WWW-auth header
2014-10-28 17:13:57 -07:00
Jon Hart
a5d883563d
Abort if 2013 desired but redirect didn't happen
2014-10-28 15:59:22 -07:00
Jon Hart
7ca4ba26b0
Show more helpful vprint messages when login fails
2014-10-28 15:48:04 -07:00
Jon Hart
bce8f34a71
Set proper Cookie header from built cookie string
2014-10-28 15:41:36 -07:00
Jon Hart
a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response
2014-10-28 15:40:15 -07:00
Peter Arzamendi
604cad9fbb
Updated timeout to default to 45 seconds to wait for the print job to finish.
2014-10-28 15:45:28 -05:00
Meatballs
4f61710c9a
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
2014-10-28 20:26:44 +00:00
Peter Arzamendi
b17d6a661d
Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds.
2014-10-28 15:23:47 -05:00
Peter Arzamendi
0e42cf25d1
Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri
2014-10-28 15:13:16 -05:00
Tod Beardsley
9c028c1435
Fixes #4083 , make the split nil-safe
...
In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.
This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.
2014-10-28 14:59:20 -05:00
William Vu
71a6ec8b12
Land #4093 , cups_bash_env_exec CVE-2014-6278
2014-10-28 12:47:51 -05:00
Brendan Coles
57baf0f393
Add support for CVE-2014-6278
2014-10-28 17:10:19 +00:00
William Vu
3de5c43cf4
Land #4050 , CUPS Shellshock
...
Bashbleeded!!!!!!!!!!!
2014-10-28 11:59:31 -05:00
Peter Arzamendi
1012cd8d6b
Updated based on wchen-r7 feedback.
2014-10-28 11:38:50 -05:00
Brendan Coles
78b199fe72
Remove CVE-2014-6278
2014-10-28 16:18:24 +00:00
Joe Vennix
c6bbc5bccf
Merge branch 'landing-4055' into upstream-master
2014-10-28 11:18:20 -05:00
Deral Heiland
9021e4dae6
Xerox Workcentre firmware injection exploit
2014-10-28 11:15:43 -04:00
jvazquez-r7
5e0993d756
Add OJ as author
2014-10-28 09:58:34 -05:00
Tod Beardsley
dade6b97ba
Land #4088 , wget exploit
...
Fixes #4077 as well.
2014-10-28 09:03:07 -05:00
Brendan Coles
a060fec760
Detect version in check()
2014-10-28 12:28:18 +00:00
sinn3r
e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner
2014-10-28 01:45:57 -05:00
Jonathan Claudius
d799625507
Switch to vprint_good for verbose good things
2014-10-28 01:53:54 -04:00
Jonathan Claudius
0fa461737e
Fix null arguments syntax
2014-10-28 01:49:54 -04:00
Jonathan Claudius
7a727f9bff
Make msftidy happy
2014-10-28 01:48:13 -04:00
Jonathan Claudius
595b4d2bbd
Clean up aux check review comments
2014-10-28 01:44:52 -04:00
HD Moore
64c206fa62
Add module for CVE-2014-4877 (Wget)
2014-10-27 23:37:41 -05:00
Fatih Ozavci
329b9ac292
Actions updates of the Viproy CUCDM exploits
2014-10-28 14:11:07 +11:00
Fatih Ozavci
703393e9f1
First revision of the Viproy CUCDM exploits
2014-10-28 13:53:13 +11:00
Peter Arzamendi
0b225d94b1
Xerox Admin password extractor.
2014-10-27 19:26:40 -05:00
Juan Escobar
2ba2388889
Fix issues reported by jvasquez
2014-10-27 19:15:39 -05:00
jvazquez-r7
b990b14a65
Land #3771 , @us3r777's deletion of jboss_bshdeployer STAGERNAME option
2014-10-27 18:09:35 -05:00
parzamendi-r7
f7f6cff327
Update xerox_workcentre_5XXX_ldap.rb
2014-10-27 17:23:47 -05:00
Peter Arzamendi
f119abbf8c
Xerox workcentre 5735 LDAP credential extractor
2014-10-27 15:52:12 -05:00
jvazquez-r7
373ce8d340
Use perl encoding
2014-10-27 15:30:02 -05:00
Luke Imhoff
216360d664
Add missing require
...
MSP-11145
2014-10-27 15:19:59 -05:00
jvazquez-r7
9da83b6782
Update master changes
2014-10-27 14:35:30 -05:00
Spencer McIntyre
04a99f09bb
Land #4064 , Win32k.sys NULL Pointer Dereference
2014-10-27 14:01:07 -04:00
William Vu
090d9b95d1
Land #4078 , pureftpd_bash_env_exec desc. update
2014-10-27 12:12:09 -05:00
William Vu
950fc46e4b
Normalize description
2014-10-27 12:09:39 -05:00
Jon Hart
b8c9ef96ca
Land #4003 , @nstarke's Login Scanner for WD MyBook Live NAS
2014-10-27 09:57:43 -07:00
Spencer McIntyre
830f631da4
Make the check routine less strict
2014-10-27 12:51:20 -04:00
sinn3r
aa5dc0a354
100 columns per line
2014-10-27 10:24:11 -05:00
sinn3r
7e56948191
Update description about pureftpd_bash_env_exec
...
Make exploitable requirements more obvious
2014-10-27 10:23:06 -05:00
Spencer McIntyre
46b1abac4a
More robust check routine for cve-2014-4113
2014-10-27 11:19:12 -04:00
jvazquez-r7
4406972b46
Do version checking minor cleanup
2014-10-27 09:32:42 -05:00
Juan Escobar
848f24a68c
update module description
2014-10-27 02:07:16 -05:00
root
d66dc88924
Add PHP Code Execution for X7 Chat 2.0.5
2014-10-27 01:01:31 -05:00
jvazquez-r7
c319ea91b3
Delete verbose print
2014-10-26 17:31:19 -05:00
jvazquez-r7
34697a2240
Delete 'callback3' also from 32 bits version
2014-10-26 17:28:35 -05:00
Spencer McIntyre
7416c00416
Initial addition of x64 target for cve-2014-4113
2014-10-26 16:54:42 -04:00
Brendan Coles
554935e60b
Add check() and support CVE-2014-6278
2014-10-26 18:11:36 +00:00
scriptjunkie
4dfbce425a
use vprintf...
2014-10-26 09:20:32 -05:00
scriptjunkie
c31fb0633d
Merge branch 'wp-psexeccmd' of github.com:webstersprodigy/metasploit-framework into webstersprodigy-wp-psexeccmd
2014-10-26 09:05:25 -05:00
Fatih Ozavci
1db09fee01
Viproy VoIP Pen-Test Kit - Cisco CUCDM Exploits
2014-10-24 11:46:52 +11:00
jvazquez-r7
a75186d770
Add module for CVE-2014-4113
2014-10-23 18:51:30 -05:00
sinn3r
7cb4320a76
Land #3561 - unix cmd generic_sh encoder
2014-10-23 15:48:00 -05:00
sinn3r
13fd6a3374
Land #4046 - Centreon SQL and Command Injection
2014-10-23 13:17:00 -05:00
sinn3r
ce841e57e2
Rephrase about centreon.session
2014-10-23 13:15:55 -05:00
sinn3r
889045d1b6
Change failure message
2014-10-23 12:55:27 -05:00
Jon Hart
83df08aaa7
Properly encode body and catch invalid configs
2014-10-22 22:43:06 -07:00
Jon Hart
c765100efd
Land #4004 , @martinvigo's LastPass master password extraction module
2014-10-22 16:34:54 -07:00
Jon Hart
29b61984c5
Update to use correctly joined path
2014-10-22 16:34:17 -07:00
sinn3r
42cd288bc0
Land #4057 - Bring back TCP::max_send_size and TCP::send_delay options
...
Fix #3967
2014-10-22 16:23:15 -05:00
sinn3r
0ea03c00a5
Use print_brute instead of print_good for format consistency
2014-10-22 16:14:45 -05:00
Tim Wright
b8c3fadb9e
python 3 is supported now too :)
2014-10-22 20:10:48 +01:00
Tim Wright
8c3c73a72d
inline the error message
2014-10-22 20:08:14 +01:00
Tim Wright
2ab73688dc
use framework.threads to launch cleanup thread
2014-10-22 19:40:29 +01:00
Tim Wright
22fc6496ac
Merge branch 'pr/3401' into landing-3401
2014-10-22 19:23:01 +01:00
Jon Hart
ce8a9941ea
Cleanup. Sanity check in setup. vprint
2014-10-22 10:36:24 -07:00
James Lee
46acf08e2d
Merge remote-tracking branch 'upstream/master' into bug/msp-11497/loginscanner-tcp-evasions
2014-10-22 09:09:34 -05:00
nstarke
ee3dd3a2ac
More Fixes for WD MyBook Live Scanner
...
Fixes include removing deregistered options
from credentials collection object and adding proof
when there is no response
2014-10-22 03:06:21 +00:00
James Lee
0fcd1ac4f6
Restore tcp evasions to smb_login
2014-10-21 18:59:11 -05:00
James Lee
e1a7e902d6
Re-enable tcp evasions for more LoginScanners
...
Untested since I don't have targets for these.
2014-10-21 18:58:28 -05:00
sinn3r
6d11ec8477
These mods support Proxies, so make the option visible for the user
2014-10-21 15:39:24 -05:00
sinn3r
db7c420d8d
Merge the latest changes
2014-10-21 13:49:42 -05:00
James Lee
f9f8c413a8
Derp, ssh modules don't include Tcp for #proxies
2014-10-21 13:28:13 -05:00
sinn3r
79d393c5aa
Resolve merge conflicts
...
Conflicts:
lib/msf/core/exploit/smb.rb
lib/msf/core/exploit/tcp.rb
modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
James Lee
4705aeb762
Restore tcp evasions to ftp, pop3, vnc
2014-10-21 11:06:55 -05:00
James Lee
7d150ce0dd
Add tcp evasions to mysql
2014-10-21 10:05:18 -05:00
James Lee
e76ee294a1
Restore tcp evasions to telnet
2014-10-21 09:44:55 -05:00
nstarke
82b74d5f3c
Fixes to MyBook Live Module
...
This commit contains three fixes as requested on PR
#4003 . Those include:
+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
nstarke
70b13819d9
Adding Login Scanner for MyBook Live
...
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
jvazquez-r7
d6f4c02c2a
Land #3979 , @wchen-r7 fixes #3976 , http_login not using TARGETURI, neither uri normalization
2014-10-20 18:10:57 -05:00
Spencer McIntyre
f886ab6f97
Land #4020 , Jenkins-CI CSRF token support
2014-10-20 19:03:24 -04:00
jvazquez-r7
74ac16081f
Land #3981 , @wchen-r7 Fixes #3974 , axis_login.rb does not normalize URI
2014-10-20 17:51:13 -05:00
jvazquez-r7
00f137cdcf
Land #4040 , @nullbind's MS SQL privilege escalation through SQLi
2014-10-20 16:23:50 -05:00
jvazquez-r7
acc590b59c
Modify metadata
2014-10-20 16:22:10 -05:00
jvazquez-r7
1381c7fb37
Modify title
2014-10-20 16:17:47 -05:00
jvazquez-r7
323680c31a
Clean code
2014-10-20 16:17:06 -05:00
jvazquez-r7
c77a0984bd
Land #3989 , @us3r777's exploit for CVE-2014-7228, Joomla Update unserialize
...
the commit.
empty message aborts
2014-10-20 13:39:08 -05:00
jvazquez-r7
4e6f61766d
Change module filename
2014-10-20 13:31:22 -05:00
jvazquez-r7
e202bc10f0
Fix title
2014-10-20 13:30:44 -05:00
jvazquez-r7
f07c5de711
Do code cleanup
2014-10-20 13:27:48 -05:00
sinn3r
dbaf9c5857
Land #4001 - HP Data Protector EXEC_INTEGUTIL Remote Code Execution
2014-10-20 11:44:21 -05:00
HD Moore
935a23296d
Updates to NAT-PMP, lands #4041
2014-10-20 11:26:26 -05:00
sinn3r
6b9742b444
Land #3966 - Add exploit for CVE-2014-4872 BMC / Numara Track-It!
2014-10-20 11:23:23 -05:00
Tod Beardsley
6812b8fa82
Typo and grammar
2014-10-20 11:02:09 -05:00
jvazquez-r7
052a9fec86
Delete return
2014-10-20 10:52:33 -05:00
jvazquez-r7
199f6eba76
Fix check method
2014-10-20 10:46:40 -05:00
James Lee
3051b6c5ba
Clean up exceptions
...
Of particular note is mysql, who was rescuing Rex::ConnectionTimeout
*after* Rex::ConnectionError, which never would have fired anyway.
2014-10-20 10:27:02 -05:00
us3r777
16101612a4
Some changes to use primer
...
Follow wiki How-to-write-a-module-using-HttpServer-and-HttpClient
2014-10-20 17:26:16 +02:00
James Lee
b7d69bec83
Restore proxies to ssh scanners
2014-10-20 10:19:06 -05:00
us3r777
1e143fa300
Removed unused variables
2014-10-20 16:58:41 +02:00
jvazquez-r7
57fe829f96
Switch generic_sh's rank to ManualRanking
2014-10-20 09:34:19 -05:00
jvazquez-r7
c991c5e377
Readd generic_sh encoder
2014-10-20 09:33:34 -05:00
nullbind
036d43ba37
fixed logic bug
2014-10-19 20:56:29 -05:00
Jon Hart
2985b39267
Land #3980 , @wchen-r7 fixed #3975
2014-10-19 17:11:06 -07:00
Jon Hart
88c1647c80
Loot the passwords, obviously
2014-10-19 13:11:10 -07:00
Jon Hart
0971d7c3ac
Remove ... from prints, only map a browser if we found something
2014-10-19 13:05:11 -07:00
Jon Hart
967800eed0
Track account name for more useful table and prints
2014-10-19 12:59:51 -07:00
Jon Hart
5a05246682
Consistent case in *print_*
2014-10-19 12:30:50 -07:00
Spencer McIntyre
005baa7f7e
Retry the script page request to get the token
...
After logging in to Jenkins the script console page
needs to be requested again to get the CSRF token.
2014-10-19 14:04:16 -04:00
Brendan Coles
0ede70e7f6
Add exploit module for CUPS shellshock
2014-10-19 17:58:49 +00:00
ikkini
c2174c7910
return if no version response received
2014-10-19 00:29:36 +02:00
nullbind
1e2f1eaee0
cleaning up
2014-10-18 12:00:11 -05:00
sinn3r
d1523c59a9
Land #3965 - BMC Track-It! Arbitrary File Upload
2014-10-17 19:47:42 -05:00
Jon Hart
a30663e412
Fix multiuser LastPass extraction, print/vprint cleanup
2014-10-17 17:40:19 -07:00
James Lee
329a600b84
Add tcp evasion options to mssql_login
2014-10-17 17:40:21 -05:00
sinn3r
8b5a33c23f
Land #4044 - MS14-060 "Sandworm"
2014-10-17 16:46:32 -05:00
William Vu
d5b698bf2d
Land #3944 , pkexec exploit
2014-10-17 16:30:55 -05:00
jvazquez-r7
70f8e8d306
Update description
2014-10-17 16:17:00 -05:00
jvazquez-r7
e52241bfe3
Update target info
2014-10-17 16:14:54 -05:00
jvazquez-r7
7652b580cd
Beautify description
2014-10-17 15:31:37 -05:00
jvazquez-r7
d831a20629
Add references and fix typos
2014-10-17 15:29:28 -05:00
Jon Hart
d2a00b208e
Minor style cleanup to appease Rubocop
2014-10-17 12:50:18 -07:00
sinn3r
ef1556eb62
Another update
2014-10-17 13:56:37 -05:00
jvazquez-r7
8fa648744c
Add @wchen-r7's unc regex
2014-10-17 13:46:13 -05:00
William Vu
10f3969079
Land #4043 , s/http/http:/ splat
...
What is a splat?
2014-10-17 13:41:07 -05:00
Jon Hart
d97fe548b9
Store the browser name in LastPass loot
2014-10-17 11:33:31 -07:00
Jon Hart
43238c7324
Simplify LastPass extraction. Track what browser that puked creds
2014-10-17 11:19:36 -07:00
William Vu
dbfe398e35
Land #4037 , Drupageddon exploit
2014-10-17 12:39:59 -05:00
William Vu
a514e3ea16
Fix bad indent (should be spaces)
...
msftidy is happy now.
2014-10-17 12:39:25 -05:00
William Vu
f2328e679f
Land #4034 , POODLE scanner
2014-10-17 12:36:48 -05:00
William Vu
367ea5d3db
Add disclosure date
2014-10-17 12:35:28 -05:00
Tod Beardsley
ccdaf2b576
Fix the banner
...
Turns out these will be broken in outstanding PRs for a while. At least
they won't be merge conflicts.
2014-10-17 12:23:23 -05:00
Jon Hart
9177b931fd
Refactoring of LastPass module to use correct Firefox path on *nix
2014-10-17 10:20:55 -07:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley
ad501b25e4
Filename move to be less redundant
2014-10-17 11:25:14 -05:00
jvazquez-r7
e5903562ee
Delete bad/incomplete validation method
2014-10-17 10:36:01 -05:00
nullbind
bf92769ba2
added mssql_escalate_dbowner_sqli
2014-10-17 10:25:20 -05:00
sinn3r
a79427a659
I shoulda checked before git commit
2014-10-17 00:54:45 -05:00
sinn3r
4c0048f26a
Update description
2014-10-17 00:46:17 -05:00
sinn3r
3a63fa12b8
'ppsx_module_smaller' to branch cve_2014_4114
2014-10-17 00:10:57 -05:00
William Vu
e242bf914f
Land #4031 , fixes for pureftpd_bash_env_exec
2014-10-16 19:55:09 -05:00
jvazquez-r7
1d16bd5c77
Fix vulnerability discoverer
2014-10-16 18:01:45 -05:00
jvazquez-r7
807f1e3560
Fix target name
2014-10-16 17:58:45 -05:00
jvazquez-r7
c1f9ccda64
Fix ruby
2014-10-16 17:55:00 -05:00
jvazquez-r7
e40642799e
Add sandworm module
2014-10-16 16:37:37 -05:00
Jon Hart
8fdae8fbfb
Move protocol and lifetime to mixin, use correct map_target if CHOST
2014-10-16 13:24:17 -07:00
Brandon Perry
353d2f79cc
tweak pw generation
2014-10-16 12:06:19 -07:00
Brandon Perry
5f8c0cb4f3
Merge branch 'drupal' of https://github.com/FireFart/metasploit-framework into drupageddon
2014-10-16 11:53:54 -07:00
Christian Mehlmauer
c8dd08f605
password hashing
2014-10-17 15:52:47 +02:00
Brandon Perry
23b7b8e400
fix for version 7.0-7.31
2014-10-16 11:53:48 -07:00