infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
39,814 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

7342 Commits (741c4b891670a16145daa84855759e6d5e420212)

Author SHA1 Message Date
TheNaterz f525c24a9f Added offsets for 8.4(7) 2016-09-22 17:16:37 -06:00
zerosum0x0 28a09c2d13 stupid comment 2016-09-22 22:57:42 +00:00
TheNaterz 7762f42dfa Added offsets for 8.3(1) 2016-09-22 16:17:37 -06:00
TheNaterz 064aed858b Added RiskSense contributor repo to references 2016-09-22 16:10:30 -06:00
TheNaterz 961524d648 Adding offsets for 9.1(1)4 2016-09-22 16:04:44 -06:00
TheNaterz 4e9459d876 Added offsets for 9.0(1) 2016-09-22 15:35:59 -06:00
TheNaterz 5ca6563c8f Fixed problem with 9.2(2)8 offsets 2016-09-22 15:24:49 -06:00
TheNaterz b77adc97f0 Removing redundant version check 2016-09-22 15:05:42 -06:00
TheNaterz c22a2a19e8 Added offsets for 9.2(2)8 2016-09-22 14:59:49 -06:00
TheNaterz e8d1f6d5a0 Added offsets for 8.2(3) 2016-09-22 14:38:52 -06:00
Jenna Magius a0ba8b7401 Fix whitespace per msftidy 2016-09-22 14:25:04 -06:00
TheNaterz 022189c075 Added offsets for 8.4(3) 2016-09-22 14:12:33 -06:00
zerosum0x0 4288c3fb46 added always_return_true variable 2016-09-22 19:44:55 +00:00
TheNaterz c18045128a Replaced global vars, made 'patched_code' value static 2016-09-22 13:42:23 -06:00
zerosum0x0 3c7fc49788 Added module auxiliary/admin/cisco/cisco_asa_extrabacon 
This module patches the authentication functions of a Cisco ASA
to allow uncredentialed logins. Uses improved shellcode for payload.
 2016-09-22 18:06:03 +00:00
Brent Cook 88cef32ea4
Land #7339, SSH module fixes from net:ssh updates 2016-09-22 00:27:32 -05:00
Brent Cook a9a1146155 fix more ssh option hashes 2016-09-20 01:30:35 -05:00
David Maloney e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules 2016-09-19 15:27:37 -05:00
David Maloney 06ff7303a6
make pubkey verifier work with old module 
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together

7321
 2016-09-19 15:20:35 -05:00
Pearce Barry 3f5ed75198
Relocate Rex::Platform:Windows content (fixes MS-1714) 2016-09-19 14:34:44 -05:00
h00die 9c922d111f colorado ftp 2016-09-18 20:03:16 -04:00
William Vu 4ba1ed2e00
Fix formatting in fortinet_backdoor 
Also add :config and :use_agent options.
 2016-09-16 12:32:30 -05:00
David Maloney 26491eed1a
pass the public key in as a file instead of data 
when using key_data it seems to assume it is a private
key now. the initial key parsing error can be bypassed
by doing this

7321
 2016-09-16 11:48:51 -05:00
David Maloney dfcd5742c1
some more minor fixes 
some more minor fixes around broken
ssh modules

7321
 2016-09-15 14:25:17 -05:00
David Maloney e10c133eef
fix the exagrid exploit module 
split the exagrid exploit module up and
refactor to be able to easily tell if the
key or the password was used

7321
 2016-09-15 11:44:19 -05:00
William Vu cac890a797
Land #7308, disclosure date additions 2016-09-13 23:16:30 -05:00
William Vu e4e6f5daac Fix indentation 2016-09-13 23:15:37 -05:00
h00die d73531c0d3 added disclosure dates 2016-09-13 20:37:04 -04:00
Brent Cook 7352029497 first round of SSL damage fixes 2016-09-13 17:42:31 -05:00
wchen-r7 245237d650
Land #7288, Add LoginScannerfor Octopus Deploy server 2016-09-13 17:26:56 -05:00
Pedro Ribeiro 4d49f7140c update links and CVE on webnms_file_download 2016-09-13 18:50:53 +01:00
Pedro Ribeiro 8b90df8b67 update links and CVE on webnms_cred_disclosure 2016-09-13 18:49:58 +01:00
Tijl Deneut 8df8f7dda0 Initial commit of profinet_siemens.rb 2016-09-11 09:15:41 +02:00
Brent Cook a81f351cb3
Land #7274, Remove deprecated modules 2016-09-09 12:01:59 -05:00
Brent Cook 1d4b0de560
Land #6616, Added an Outlook EWS NTLM login module. 2016-09-09 11:43:52 -05:00
Brendan a30711ddcd
Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
aushack 7632c74aba Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2016-09-07 14:15:57 +10:00
aushack 6e21684ff7 Fix typo. 2016-09-07 14:08:46 +10:00
james-otten dcf0d74428 Adding module to scan for Octopus Deploy server 
This module tries to log into one or more Octopus Deploy servers.

More information about Octopus Deploy:
https://octopus.com
 2016-09-06 20:52:49 -05:00
William Vu fed2ed444f Remove deprecated modules 
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
 2016-09-03 12:43:01 -05:00
Brendan 81bc6bd672
Land #7228, Create zabbix_toggleids_sqli auxiliary module 2016-09-01 16:33:17 -05:00
Jon Hart b0e45341e5
Update redis file_upload to optionally FLUSHALL before writing 
This increases the chances that the uploaded file will be usable as-is
rather than being surround by the data in redis itself.
 2016-08-31 14:27:18 -07:00
Brandon Perry 874fec4e31 Update zabbix_toggleids_sqli.rb 2016-08-31 17:23:16 -04:00
Brandon Perry d43380330e Update zabbix_toggleids_sqli.rb 2016-08-31 17:18:28 -04:00
Brendan b21ea2ba3f Added code to assign CPORT value to the parent scanner object 2016-08-29 13:17:10 -05:00
Pearce Barry 226ded8d7e
Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
William Vu cd858a149f Add DETECT_ANY_AUTH to make bogus login optional 2016-08-23 23:05:47 -05:00
Brandon Perry 38a8d21e5b Update zabbix_toggleids_sqli.rb 2016-08-22 18:57:25 -05:00
Brandon Perry 6b9635d7a5 Rename zabbix_toggleids_sqli to zabbix_toggleids_sqli.rb 2016-08-22 18:52:16 -05:00
David Maloney 20947cd6cd
remove old dependency on net-ssh moneykpatch 
the ssh_login_pubkey scanner relied on functionality that
was monkeypatched into our vendored copy. this was an uneeded solution
in the first palce, and we now use a more sane method of accomplishing
the same thing
 2016-08-22 10:54:09 -05:00
Brandon Perry 2abf71a3ac Create zabbix_toggleids_sqli 2016-08-21 12:43:20 -05:00
wchen-r7 5f8ef6682a Fix #7202, Make print_brute print ip:rport if available 
Fix #7202
 2016-08-16 15:34:30 -05:00
Pearce Barry 1e7663c704
Land #7200, Rex::Ui::Text cleanup 2016-08-12 16:22:55 -05:00
wchen-r7 c2c05a820a Force uripath and srvport options 2016-08-10 18:25:45 -05:00
wchen-r7 e56e801c12 Update ie_sandbox_findfiles.rb 2016-08-10 18:09:58 -05:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs 
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
 2016-08-10 13:30:09 -05:00
Yorick Koster 87b27951cf Fixed some build errors 2016-08-09 20:46:49 +02:00
Yorick Koster 79a84fb320 Internet Explorer iframe sandbox local file name disclosure vulnerability 
It was found that Internet Explorer allows the disclosure of local file
names. This issue exists due to the fact that Internet Explorer behaves
different for file:// URLs pointing to existing and non-existent files.
When used in combination with HTML5 sandbox iframes it is possible to
use this behavior to find out if a local file exists. This technique
only works on Internet Explorer 10 & 11 since these support the HTML5
sandbox. Also it is not possible to do this from a regular website as
file:// URLs are blocked all together. The attack must be performed
locally (works with Internet zone Mark of the Web) or from a share.
 2016-08-09 20:35:42 +02:00
wchen-r7 de16a6d536
Land #7182, Nuuo / Netgear Surveillance admin password reset module 2016-08-08 16:10:30 -05:00
Pedro Ribeiro 7ca7682d17 Fix whitespace error from msftidy 2016-08-08 17:57:03 +01:00
Pedro Ribeiro 106f26587e Add bugtraq reference 2016-08-05 21:52:46 +01:00
Pedro Ribeiro 036d0502db Add github link 2016-08-04 17:38:45 +01:00
Pedro Ribeiro ec67db03f1 add exploit for CVE 2016-5676 2016-08-04 16:56:16 +01:00
Jon Hart 554a0c5ad7
Deprecate nbname_probe, which duplicate nbname as of 77cd6dbc8b 2016-08-02 17:36:22 -07:00
William Vu e699d3f05b Fix empty output in nbns_response 
Normally, the module prints nothing unless VERBOSE is true. In practice,
we at least want to see responded-to hosts. We leave details to be
printed when VERBOSE is set.
 2016-07-31 09:47:19 -07:00
wchen-r7 cce1ae6026 Fix #6989, scanner modules printing RHOST in progress messages 
Fix #6989
 2016-07-25 23:15:59 -05:00
James Lee ff63e6e05a
Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
David Maloney b6b52952f4
set ssh to non-interactive 
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password

MS-1688
 2016-07-14 11:12:03 -05:00
David Maloney 01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
thao doan 9862a2fc25 Land #7080, Updated docs and made enhancements for Netgear soap password extractor 2016-07-13 14:30:46 -07:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Brent Cook 627fffdb08
Land #7089, correct usage of OptPort and OptRegex 2016-07-11 22:13:27 -05:00
Brent Cook 128f802928 use the regex source when generating or displaying a regex 2016-07-11 22:05:50 -05:00
Brendan 963437d5e7
Land #7063, Add module for WebNMS 5.2 Arbitrary File Download 2016-07-11 10:05:21 -07:00
Brendan c2a5da08af
Land #7064, Add moule to steal creds from WebNMS 5.2 2016-07-11 06:38:50 -07:00
h00die fdce5bc30c add disclosure date 2016-07-09 09:30:00 -04:00
Brendan bbe4162320 Added error checking and some suggested style changes 2016-07-08 08:27:56 -07:00
James Lee cfb56211e7
Revert "Revert "Land #7009, egypt's rubyntlm cleanup"" 
This reverts commit 1164c025a2.
 2016-07-07 15:00:41 -05:00
Brendan 09dcd1dade Added version check and error handling, changed regex to ruby syntax. 
Also made a few syntax changes to placate rubocop.
 2016-07-07 10:35:18 -07:00
h00die 892f354ece give me some credit 2016-07-06 21:39:45 -04:00
h00die 47cf6d5edf better docs, extract more data 2016-07-06 21:28:57 -04:00
James Lee 1164c025a2 Revert "Land #7009, egypt's rubyntlm cleanup" 
This reverts commit d90f0779f8, reversing
changes made to e3e360cc83.
 2016-07-05 15:22:44 -05:00
David Maloney 5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-05 10:48:38 -05:00
Brent Cook 54dfcee665
Land #7055, add netgear_soap_password_extractor docs 2016-07-04 23:59:10 -05:00
Pedro Ribeiro ec4769fade Create exploit for WebNMS credential disclosure 2016-07-04 21:15:15 +01:00
Pedro Ribeiro 05ef5316df Create exploit for WebNMS arbitrary file download 2016-07-04 21:10:14 +01:00
h00die 844c13dc17 added new vuln device to netgear list, plus docs 2016-07-01 18:32:30 -04:00
Pearce Barry 159446ce92 Ensure http_login scanner module saves passwds. 
Fixes #6983.  When the auxiliary/scanner/http/http_login module discovers a successful basic auth user+password combination, make sure we properly store the password by specifically telling the credentials gem that the private data we're storing is a :password.
 2016-06-30 16:58:39 -05:00
David Maloney 3d93c55174
move sshfactory into a mixin method 
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention

MS-1688
 2016-06-28 15:23:12 -05:00
James Lee 4e63591ce8
Use the proper Author key, not Authors 2016-06-28 15:21:19 -05:00
David Maloney ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-06-28 15:00:35 -05:00
David Maloney 97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm 2016-06-28 14:14:56 -05:00
David Maloney 409e26351b
remove test module 
sponge left in patient
 2016-06-24 15:12:47 -05:00
David Maloney 6c3871bd0c
update ssh modules to use new SSHFactory 
updated all of our SSh based module to use the
new SSHFactory class to plug Rex::Sockets into
Net::SSH

MS-1688
 2016-06-24 13:55:28 -05:00
David Maloney 5bc513d6cd
get ssh sessions working properly 
ssh sessions now working correctly

MD-1688
 2016-06-24 12:14:48 -05:00
wchen-r7 9f280d714e
Land #6994, NetBIOS Name Brute Force Spoofing modules 2016-06-23 17:54:51 -05:00
wchen-r7 048741660c
Land #6980, Add ClamAV Remote Command Transmitter 2016-06-22 15:50:45 -05:00
David Maloney 3e94abe555
put net:ssh::commandstream back 
this was apparently our own creation for doing
ssh sessions

MD-1688
 2016-06-22 15:02:36 -05:00
David Maloney 6072697126
continued 2016-06-22 14:54:00 -05:00