f2130311fa
Add the MSF blog reference
2014-12-29 16:08:35 -06:00
897e993971
Update description
2014-12-30 08:05:53 +11:00
8719a36d84
DRY status messages
2014-12-30 08:03:40 +11:00
0de80e9c76
Minor changes to style
2014-12-30 07:58:54 +11:00
0085bcf075
Use `blank?' instead of `nil?'
2014-12-30 07:38:34 +11:00
a50ac4050c
Add support for PostgreSQL history
2014-12-30 07:33:22 +11:00
4ebe0fc0a8
Add support for different shells
2014-12-30 07:26:12 +11:00
d2af956b16
Do minor cleanups
2014-12-29 10:39:51 -06:00
1dd9d60e34
Land #4461 , Android cookie database theft
...
`
Thanks @jvennix-r7!
2014-12-29 08:15:21 -06:00
d10222365b
Add Rafay's blog as a reference
2014-12-29 08:12:19 -06:00
1236684954
Use get_uri instead, note lack of Rex::Text method
...
See rapid7#4461
2014-12-28 15:06:34 -06:00
788e315fd4
Fix msftidy warnings
2014-12-28 14:53:29 -06:00
9791acd0bf
Add stager ipknock shellcode (PR 2)
2014-12-27 22:03:45 +01:00
9f98fd4d87
Info leak webapp ROOT so we can cleanup
2014-12-27 08:47:51 -06:00
5afd2d7f4b
Add module for ZDI-14-410
2014-12-26 20:40:28 -06:00
655cfdd416
Land #4321 , @wchen-r7's fixes #4246 ms01_026_dbldecode undef method
2014-12-26 12:48:29 -06:00
51049152b6
Use Rex::Text.rand_mail_address for more realistic fake commit
2014-12-26 10:39:52 -08:00
c1b0385a4b
Land #4460 , @Meatballs1's ssl cert validation bypass on powershell web delivery
2014-12-26 12:07:45 -06:00
2bed52dcd5
Land #4459 , @bcoles's ProjectSend Arbitrary File Upload module
2014-12-26 11:28:42 -06:00
b5b0be9001
Do minor cleanup
2014-12-26 11:24:02 -06:00
85ab11cf52
Use print_warning consistently
2014-12-26 09:54:38 -06:00
f31a2e070e
Use print_warning to print the Kerberos error
2014-12-26 09:22:09 -06:00
d148848d31
Support Kerberos error codes
2014-12-24 18:05:48 -06:00
121c0406e9
Beautify restart_command creation
2014-12-24 15:52:15 -06:00
43ec8871bc
Do minor c code cleanup
2014-12-24 15:45:38 -06:00
92113a61ce
Check payload
2014-12-24 15:43:49 -06:00
36ac0e6279
Clean get_restart_commands
2014-12-24 14:55:18 -06:00
92b3505119
Clean exploit method
2014-12-24 14:49:19 -06:00
9c4d892f5e
Use single quotes when possible
2014-12-24 14:37:39 -06:00
bbbb917728
Do style cleaning on metadata
2014-12-24 14:35:35 -06:00
af24e03879
Update from upstream
2014-12-24 14:25:25 -06:00
0b85a81b01
Use REXML to generate exploit file
2014-12-24 19:23:28 +01:00
30228bcfe7
Added underscore to user regex in smart_hashdump.rb to support usernames that contain underscores. Issue #4349 .
2014-12-23 22:36:11 -06:00
a692656ab7
Update comments to reflect reality, minor cleanup
2014-12-23 19:09:45 -08:00
ebb05a64ea
Land #4357 , @Meatballs1 Kerberos Support for current_user_psexec
2014-12-23 20:38:31 -06:00
89d0a0de8d
Delete unnecessary connect
2014-12-23 19:35:59 -06:00
265e0a7744
Upper case domain
2014-12-23 19:16:50 -06:00
ed2d0cd07b
Use USER_SID instead of DOMAIN_SID and USER_RID
2014-12-23 19:11:05 -06:00
8d73794cc8
Add hint for exploit on old devices.
2014-12-23 12:29:08 -06:00
59f75709ea
Print out malicious URLs that will be used by default
2014-12-23 10:10:31 -08:00
905f483915
Remove unused and commented URIPATH
2014-12-23 09:40:27 -08:00
8e57688f04
Use random URIs by default, different method for enabling/disabling Git/Mercurial
2014-12-23 09:39:39 -08:00
bd3dc8a5e7
Use fail_with rather than fail
2014-12-23 08:20:03 -08:00
015b96a24a
Add back perl and bash related payloads since Windows git will have these and OS X should
2014-12-23 08:13:00 -08:00
16302f752e
Enable generic command
2014-12-23 14:22:26 +00:00
a3b0b9de62
Configure module to target bash by default
2014-12-23 14:19:51 +00:00
313d6cc2f8
Add super call
2014-12-23 14:12:47 +00:00
43221d4cb0
Remove redundant debugging stuff
2014-12-23 14:09:12 +00:00
42a10d6d50
Add Powershell target
2014-12-23 14:07:57 +00:00
40c1fb814e
one line if statement
2014-12-23 11:20:24 +00:00
b41e259252
Move it to a common method
2014-12-23 11:16:07 +00:00
5c82b8a827
Add ProjectSend Arbitrary File Upload module
2014-12-23 10:53:03 +00:00
01cf14d44e
Fix banner
2014-12-23 01:02:09 -06:00
4928cd36e4
Land #4187 , @BorjaMerino's post module to get output rules
2014-12-23 01:01:03 -06:00
49fef9e514
Do minor module clean up
2014-12-23 01:00:21 -06:00
abec7c206b
Update description to describe current limitations
2014-12-22 20:32:45 -08:00
1505588bf6
Rename the file to reflect what it really is
2014-12-22 20:27:40 -08:00
ff440ed5a4
Describe vulns in more detail, add more URLs
2014-12-22 20:20:48 -08:00
b4f6d984dc
Minor style cleanup
2014-12-22 17:51:35 -08:00
421fc20964
Partial mercurial support. Still need to implement bundle format
2014-12-22 17:44:14 -08:00
708cbd7b65
Allow to provide USER SID
2014-12-22 18:24:50 -06:00
56eadc0d55
Delete default values from options
2014-12-22 18:11:43 -06:00
787dab998d
Fix description
2014-12-22 17:51:44 -06:00
a7faf798bf
Use explicit encryption algorithms
2014-12-22 15:51:17 -06:00
f37cf555bb
Use random subkey
2014-12-22 15:39:08 -06:00
fdd1d085ff
Don't encode the payload because this only complicates OS X
2014-12-22 13:36:38 -08:00
0bf3a9cd55
Fix duplicate :ua_maxver key.
2014-12-22 14:57:44 -06:00
b0a178e0a3
Delete blank line
2014-12-22 14:40:32 -06:00
5a6c915123
Clean options
2014-12-22 14:37:37 -06:00
20ab14d7a3
Clean module code
2014-12-22 14:29:02 -06:00
ea9f5ed6ca
Minor cleanup
2014-12-22 12:16:53 -08:00
dd73424bd1
Don't link to unused repositories
2014-12-22 12:04:55 -08:00
6c8cecf895
Make git/mercurial support toggle-able, default mercurial to off
2014-12-22 11:36:50 -08:00
574d3624a7
Clean up setup_git verbose printing
2014-12-22 11:09:08 -08:00
16543012d7
Correct planted clone commands
2014-12-22 10:56:33 -08:00
01055cd41e
Use a trigger to try to only start a handler after the malicious file has been requested
2014-12-22 10:43:54 -08:00
dabc890b2f
Change module filename again
2014-12-22 12:35:15 -06:00
2b46bdd929
Add references and authors
2014-12-22 12:34:31 -06:00
4319dbaaef
Change module filename
2014-12-22 12:29:28 -06:00
3bcd67ec2e
Unique URLs for public repo page and malicious git/mercurial repos
2014-12-22 10:03:30 -08:00
93be828738
Fix invalid URL in splat
2014-12-22 11:26:20 -06:00
f1b9862665
Align shellcode in bind_hidden_tcp
2014-12-22 11:17:14 -06:00
308eea0c2c
Make malicious hook file name be customizable
2014-12-22 08:28:55 -08:00
9a7e431a4a
New block_api applied
2014-12-22 17:21:13 +01:00
42636fb3c0
Handler and block_hidden_bind_tcp deleted
2014-12-22 17:21:13 +01:00
fa8e944e34
AHOST OptAddress moved to the payload
2014-12-22 17:21:11 +01:00
c0fa8c0e3f
Add stager for hidden bind shell payload
2014-12-22 17:21:11 +01:00
7f3cfd2207
Add a ranking
2014-12-22 07:51:47 -08:00
44084b4ef6
Correct Microsoft security bulletin for ppr_flatten_rec
2014-12-22 10:40:23 +00:00
9be95eacb8
Use %Q for double-quoted string
2014-12-22 07:37:32 +01:00
60d4525632
Add specs for Msf::Kerberos::Client::Pac
2014-12-21 17:49:36 -06:00
bb33a91110
Update description to be a little more descriptive
2014-12-21 19:31:58 +01:00
74783b1c78
Remove ruby and telnet requirement
2014-12-21 10:06:06 -08:00
cd02e61a57
Add module for OSVDB-114279
2014-12-21 17:00:45 +01:00
31f320c901
Add mercurial debugging
2014-12-20 20:00:12 -08:00
3da1152743
Add better logging. Split out git support in prep for mercurial
2014-12-20 19:34:55 -08:00
58d5b15141
Add another useful URL. Use a more git-like URIPATH
2014-12-20 19:11:56 -08:00
9f1403a63e
Add initial specs for Msf::Kerberos::Client::TgsResponse
2014-12-20 20:29:00 -06:00
9f97b55a4b
Add module for CVE-2014-2973
2014-12-20 18:38:22 +01:00
f41d0fe3ac
Randomize most everything about the malicious commit
2014-12-19 19:31:00 -08:00
805241064a
Create a partially capitalized .git directory
2014-12-19 19:07:45 -08:00
f7630c05f8
Use payload.encoded
2014-12-19 18:52:34 -08:00
b0ac68fbc3
Create build_subkey method
2014-12-19 19:46:57 -06:00
4a106089b9
Move options to build_tgs_request_body
2014-12-19 19:12:17 -06:00
e6781fcbea
Build AuthorizationData from the module
2014-12-19 18:59:39 -06:00
9bd454d288
Build PAC extensions from the module
2014-12-19 18:47:41 -06:00
def1695e80
Use options by call
2014-12-19 18:23:11 -06:00
f332860c19
Clean creation of client and server principal names
2014-12-19 18:16:22 -06:00
bd85723a9d
Build pre auth array out of the mixin
2014-12-19 18:10:14 -06:00
7f2247f86d
Add description and URL
2014-12-19 15:50:16 -08:00
9b815ea0df
Some style cleanup
2014-12-19 15:35:09 -08:00
4d0b5d1a50
Add some vprints and use a sane URIPATH
2014-12-19 15:33:26 -08:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
48444a27af
Remove debugging pp
2014-12-19 15:27:06 -08:00
1c7fb7cc7d
Mostly working exploit for CVE-2014-9390
2014-12-19 15:24:27 -08:00
d058bd5259
Refact extraction of kerberos cache credentials
2014-12-19 15:53:24 -06:00
4888ebe68d
Initial commit of POC module for CVE-2013-9390 ( #4435 )
2014-12-19 12:58:02 -08:00
fffa8cfdd1
Lands #4426 by cleaning up the module description
2014-12-19 14:54:17 -06:00
9ede2c2ca5
Lands #4429 by fixing windows/messagebox with EXITFUNC=none
2014-12-19 14:51:57 -06:00
fad08d7fca
Add specs for Rex Kerberos client
2014-12-19 12:14:33 -06:00
e45af903d9
Add patch discovery date.
2014-12-19 12:04:41 -06:00
2c0c732967
Fix #4414 & #4415 - exitfunc and proper null-terminated string
...
This patch fixes the following for messagebox.rb
Issue 1 (#4415 )
When exitfunc is none, the payload will not be able to generate
due to an "invalid opcode" error.
Issue 2: (#4414 )
After "user32.dll" is pushed onto the stack for the LoadLibrary
call, the payload does not actually ensure bl is a null byte, it
just assumes it is and uses it to modify the stack to get a
null-terminated string.
Fix #4414
Fix #4415
2014-12-19 03:19:06 -06:00
25313b1712
Use the hash to pass the script.
2014-12-19 02:30:37 -06:00
8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222
2014-12-18 17:21:26 -08:00
f325d2f60e
Add support for cache credentials in the mixin
2014-12-18 16:31:46 -06:00
c15bad44a6
Be clearer on backslash usage.
...
See #4282
2014-12-18 16:16:02 -06:00
9a58617387
Add dummy test module
2014-12-17 19:57:10 -06:00
6b0a98b69c
Resolve #4408 - bad uncaught nil get_once
2014-12-17 14:02:42 -06:00
6a822cca61
Move code out of begin/rescue block
2014-12-17 06:45:00 +00:00
dd63d793e5
Bring in @darkoperator's filters
2014-12-17 06:14:21 +00:00
8c7ff728ef
Gather some more info
2014-12-17 05:46:01 +00:00
84ea628284
Add Android cookie theft attack.
2014-12-16 19:12:01 -06:00
f6af86a06d
Land #4402 , ms12_020_check NilClass fix
2014-12-16 15:34:25 -06:00
f237c56a13
This oracle scheduler exploit hangs if not vuln
...
When this exploit gets run against a system that isn't vulnerable
it can hang for a signifigant ammount of time. This change uses the check
method on the exploit to see whether it should proceed. Don't try to exploit
the host if it's not vulnerable.
2014-12-16 09:42:42 -06:00
2604746fb7
Land #4361 , Kippo detector
2014-12-15 14:54:48 -06:00
8394cc13a8
Perform final cleanup of detect_kippo
2014-12-15 14:38:38 -06:00
c611249723
Take full advantage of the check command
2014-12-15 12:50:59 -06:00
9edb2b4fab
Fix #4378 - Do exception handling
...
Fix #4378
2014-12-15 12:37:36 -06:00
effb5b966f
Land #4328 , @bcoles' exploit for ActualAnalyzer < 2.81 'ant' code execution
2014-12-15 09:57:27 -08:00
025c0771f8
Have exploit call check. Have check report_vuln
2014-12-15 09:53:11 -08:00
4c714b3eaf
Land #4386 - Fix issue #3852 (support for other languages for enable_rdp)
2014-12-15 11:37:05 -06:00
f521e7d234
Use newer Ruby hash syntax
2014-12-15 09:17:32 -08:00
c93dc04a52
Resolve address before storing the working cred
2014-12-15 09:11:12 -08:00
c24fdb81b5
Land #4389 , Meatballs1's fix for enum_ad_* post module regressions
...
Fixes #4387 by adjusting for the new return type from ADSI queries.
2014-12-15 10:45:12 -06:00
5ca8f187b3
Merge remote-tracking branch 'upstream/pr/4328' into temp
2014-12-15 08:15:51 -08:00
6480ae2c03
Show message at the end
2014-12-15 16:26:39 +01:00
288954afa0
recvfrom allocation changed
2014-12-14 18:58:48 +01:00
9a0ed723d1
Adds error handling for drive letter enumeration
2014-12-14 12:56:20 -05:00
4530066187
return nil
2014-12-15 01:04:39 +11:00
55d9e9cff6
Use list of potential analytics hosts
2014-12-14 23:15:41 +11:00
00b802cc68
Reindent description
2014-12-14 10:04:18 +00:00
223d6b7923
Merged with Fr330wn4g3's changes
2014-12-14 13:08:19 +08:00
0c5f4ce4ee
Removed the handler-ish code
2014-12-13 22:18:41 -05:00
2addd0fdc4
Fixed name, removed tabs, updated license
2014-12-13 20:37:19 -05:00
e3943682a2
Improves linux/armle payloads, lands #3315
2014-12-13 18:27:14 -06:00
6ea5ed1a82
Shrinks windows payloads, lands #4391
2014-12-13 17:41:50 -06:00
f67a32ef9c
Add missing commits from #3770 , lands #4393
2014-12-13 17:36:26 -06:00
6ecf537f40
Grab user creds to database
2014-12-13 20:30:20 +00:00
eb47ca593e
update desc to include domain admin information
2014-12-13 13:01:41 -06:00
2e94280cba
mv bmc to scanner/http
2014-12-13 12:58:16 -06:00
5a645c5eba
Stagers updated from source
2014-12-13 12:50:47 -06:00
e914061745
Gsub out funny character when storing to database
2014-12-13 18:35:31 +00:00
316710329b
Fix field.value
2014-12-13 18:31:29 +00:00
92490ab5e8
Singles updated from the source
2014-12-13 12:22:07 -06:00
d3d744a7cb
Make sure we get the field :value
2014-12-13 18:13:36 +00:00
8c6b95c39c
Merge branch 'landing-4359' of https://github.com/jhart-r7/metasploit-framework into bmc_trackit
2014-12-13 11:37:57 -06:00
cd1e61a201
Merge branch 'master' into bmc_trackit
2014-12-13 11:36:30 -06:00
8dd5da9d64
added blog post reference
2014-12-12 18:53:26 -08:00
b1453afb52
Land #4297 , fixes #4293 , Use OperatingSystems::Match::WINDOWS
...
* instead of Msf::OperatingSystems::WINDOWS
2014-12-12 18:19:58 -06:00
5eb510f7bc
Use the correct variable for the filename
2014-12-12 17:40:26 -06:00
27323bcaa5
Fix #3852 , make enable_rdp with other languages
2014-12-12 17:30:14 -06:00
f676b72767
Add Kademlia scanner, lands #4210
2014-12-12 16:40:58 -06:00
338cce02c9
Downcase the service name for consistency
2014-12-12 16:40:42 -06:00
4fc4866fd8
Merge code in from #2395
2014-12-12 16:22:51 -06:00
488f46c8a1
Land #4324 , payload_exe rightening.
...
Fixes #4323 , but /not/ #4246 .
2014-12-12 15:04:57 -06:00
9908e0e35b
Land #4384 , fix typo.
2014-12-12 14:39:47 -06:00
50b734f996
Add Portuguese target, lands #3961 (also reorders targets)
2014-12-12 14:23:02 -06:00
f5374d1552
Added report_service method for database support, added port number in the print_status output, removed arbitrary comments, fixed some spacing. Ready for another review from msf devs
2014-12-12 11:57:35 -08:00
008c33ff51
Fix description
2014-12-12 13:36:28 -06:00
183acb9582
Land #4383 to handle Dutch correctly.
2014-12-12 13:32:21 -06:00
81460198b0
Add openssl payload to distcc exploit
...
This is required to test #4274
2014-12-12 13:25:55 -06:00
3b6e92726c
Update outlook rb, "NL" to "nl_NL"
...
Update outlook rb, "NL" to "nl_NL"
2014-12-12 20:09:34 +01:00
c683e7bc67
Fix banner
2014-12-12 13:01:51 -06:00
b1f7682713
Make msftidy happy
2014-12-12 12:59:00 -06:00
493034ad10
Land #3305 , @claudijd Cisco SSL VPN Privilege Escalation exploit
2014-12-12 12:57:00 -06:00
047bc3d752
Make msftidi happy
2014-12-12 12:49:12 -06:00
a1876ce6fc
Land #4282 , @pedrib's module for CVE-2014-5445, NetFlow Analyzer arbitrary download
2014-12-12 12:47:50 -06:00
b334e7e0c6
Land #4322 , @FireFart's wordpress exploit for download-manager plugin
2014-12-12 12:41:59 -06:00
aaed7fe957
Make the timeout for the calling payload request lower
2014-12-12 12:41:06 -06:00
00f66b6050
Correct named captures
2014-12-12 10:22:14 -08:00
98dca6161c
Delete unused variable
2014-12-12 12:03:32 -06:00
810bf598b1
Use fail_with
2014-12-12 12:03:12 -06:00
1e6bbc5be8
Use blank?
2014-12-12 09:51:08 -08:00
4f3ac430aa
Land #4341 , @EgiX's module for tuleap PHP Unserialize CVE-2014-8791
2014-12-12 11:48:25 -06:00
64f529dcb0
Modify default timeout for the exploiting request
2014-12-12 11:47:49 -06:00
24f1b916e0
Minor ruby style cleanup
2014-12-12 09:47:35 -08:00
1d1aa5838f
Use Gem::Version to compare versions in check
2014-12-12 09:47:01 -08:00
d01a07b1c7
Add requirement to description
2014-12-12 11:42:45 -06:00
fd09b5c2f6
Fix title
2014-12-12 10:52:18 -06:00
4871228816
Do minor cleanup
2014-12-12 10:52:06 -06:00
a0b181b698
Land #4335 , @us3r777 JBoss DeploymentFileRepository aux module
2014-12-12 10:40:03 -06:00
3059cafbcb
Do minor cleanup
2014-12-12 10:37:50 -06:00
751bc7a366
Revert "Move to a more appropriate location"
...
This reverts commit 6c82529266
2014-12-12 07:42:22 -08:00
6c82529266
Move to a more appropriate location
2014-12-12 07:40:37 -08:00
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
65b316cd8c
Land #4372
2014-12-11 18:48:16 -08:00
e5e40307e6
Land #4373
2014-12-11 18:45:53 -08:00
3c2a33a316
Allow new password to be specified as an option
2014-12-11 17:26:42 -08:00
a013dbf536
Correct and add more prints
2014-12-11 17:16:43 -08:00
48dcfd9809
Use random security Q/A
2014-12-11 17:10:33 -08:00
f208f31a33
Use correct username/domain in report_vuln
...
It would be nice if 'vulns' showed this
2014-12-11 16:59:21 -08:00
70fce0bb33
Report the changed password
2014-12-11 16:56:22 -08:00
f64a3be742
Avoid death by a thousand functions
2014-12-11 16:53:36 -08:00
0627f708a2
Better handling of failed requests
2014-12-11 16:51:41 -08:00
f2bda05d42
Correct last of the print_
2014-12-11 16:28:08 -08:00
9486f67fbc
report_vuln upon exploitation with more specific details
2014-12-11 16:28:08 -08:00
37d0959fd6
Include info in report_vuln. More style
2014-12-11 16:28:08 -08:00
cfb02fe909
Add check support
2014-12-11 16:28:07 -08:00
44818ba623
Minor style and usage updates as a result of Scanner
2014-12-11 16:28:07 -08:00
0a29326ce7
Mixin Scanner. Yay speed!
2014-12-11 16:28:07 -08:00
c9acd7a233
Remove unnecessary RPORT, which comes from HttpClient
2014-12-11 16:28:07 -08:00
f8c25d83e5
Use get_cookies instead
2014-12-11 16:26:51 -08:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
de88908493
code style
2014-12-11 23:30:20 +01:00
af9979d30b
Ruby style on methods please
...
Introduced in #4220 . This ain't no JavaScript!
2014-12-11 15:24:30 -06:00
47c38ed04e
Merge pull request #4364 from todb-r7/bug/bruteforce-speed-3904
...
Modules should respect bruteforce_speed again
2014-12-11 13:19:42 -06:00
51762e1194
Explicitly include the HTTP Login scanner
...
This should be the last commit that fixes #3904 .
2014-12-11 11:08:08 -06:00
b533f74024
Add a bruteforce_speed option to all LoginScanners
2014-12-11 11:06:32 -06:00
24dbc28521
Land #4356
2014-12-11 09:03:18 -08:00
54e8254a82
Update bmc_trackit_passwd_reset.rb
2014-12-11 10:59:43 -06:00
7afa87f168
screwed up formatting. updated indention at the end. ok seriously, going to bed now
2014-12-11 01:05:56 -08:00
291166e1ff
forgot to run through msftidy.rb. made a few minor corrections
2014-12-11 00:47:39 -08:00
a1624c15ae
Addressed some recommendations made by wvu-r7. Need to remove some comments, add reporting, etc.
2014-12-11 00:40:20 -08:00
22c9db5818
added detect_kippo.rb
2014-12-10 19:37:35 -08:00
67cf3e74c0
Update bmc_trackit_passwd_reset.rb
2014-12-10 20:45:54 -06:00
90cc9a9bed
Update bmc_trackit_passwd_reset.rb
2014-12-10 19:05:46 -06:00
f37dc13a19
Create bmc_trackit_passwd_reset.rb
2014-12-10 18:54:37 -06:00
0eea9a02a1
Land #3144 , psexec refactoring
2014-12-10 17:30:39 -06:00
c813c117db
Use DNS names
2014-12-10 22:25:44 +00:00
245b76477e
Fix issue with execution of perl due to gsub not matching across newlines
2014-12-10 21:38:04 +00:00
86ae104580
Land #4325 , consistent mssql module names
2014-12-09 21:52:05 -05:00
87c83cbb1d
Another round of name corrections
2014-12-09 20:16:24 -06:00
e89a399f95
Merge remote-tracking branch 'upstream/master' into add_cisco_ssl_vpn_priv_esc
2014-12-09 20:55:01 -05:00
09617f990b
Implement BRUTEFORCE_SPEED respect (telnet)
...
This implements just for telnet, but assuming this strategy is kosher,
it's not too painful to add for the rest of the LoginScanner using the
old defaults used by `AuthBrute`.
See #3904 , @dmaloney-r7 or @jlee-r7
2014-12-09 15:40:43 -06:00
176296681a
Fix heartbleed cert parsing, lands #4338 , closes #4309
2014-12-09 14:58:27 -06:00
bb8dfdb15f
Ensure consistency for mssql modules
2014-12-09 10:28:45 -06:00
700ccc71e7
Create tuleap_unserialize_exec.rb
2014-12-09 10:15:46 +01:00
916503390d
use get_data
2014-12-08 22:49:02 +01:00
fb9724e89d
fix heartbleed cert parsing, fix #4309
2014-12-08 21:58:38 +01:00
4abfb84cfc
Upload WAR through Jboss DeploymentFileRepository
2014-12-08 19:02:51 +01:00
909971e0bf
Margins on description, PowerShell not Powershell
2014-12-08 10:57:49 -06:00
80dc781625
Email over E-mail
...
While I believe "e-mail" is the actually correct spelling, we tend to
say "email" everywhere else. See:
````
todb@mazikeen:~/git/rapid7/metasploit-framework$ grep -ri "print.*email"
modules/ | wc -l
19
[ruby-2.1.5@metasploit-framework](fixup-grammar)
todb@mazikeen:~/git/rapid7/metasploit-framework$ grep -ri
"print.*e-mail" modules/ | wc -l
1
````
2014-12-08 10:55:26 -06:00
738fc78883
Land #4220 , outlook gather post module
2014-12-07 22:41:28 +01:00
98e416f6ec
Correct OSVDB id
2014-12-07 17:54:31 +00:00
e474ecc9cf
Add OSVDB id
2014-12-07 17:41:35 +00:00
54705eee48
Fix option parsing
2014-12-06 21:50:54 -06:00
21742b6469
Test #3729
2014-12-06 21:20:52 -06:00
42744e5650
Add actualanalyzer_ant_cookie_exec exploit
2014-12-06 19:09:20 +00:00
cc63d435c7
another whitespace
2014-12-06 09:32:22 +01:00
f0a47f98bc
final formatting
2014-12-06 00:38:05 +01:00
f1f743804e
more formatting
2014-12-06 00:31:38 +01:00
9187a409ec
outlook post module fixes
2014-12-06 00:28:44 +01:00
2f98a46241
Land #4314 , @todb-r7's module cleanup
2014-12-05 14:05:09 -06:00
4b06334455
Minor title change for mssql_enum_domain_accounts_sqli
...
We don't really do "-" for naming
Kind of stands up on a list
2014-12-05 11:42:08 -06:00
7ae786a53b
Add a comment as an excuse to tag the issue
...
Fix #4246
... so it will automatically close the ticket.
2014-12-05 11:26:26 -06:00
f25e3ebaaf
Fix #4246 - More undef 'payload_exe' in other modules
...
Root cause: payload_exe is an accessor in the TFPT command stager
mixin, you need stager_instance in order to retreive that info.
2014-12-05 11:19:58 -06:00
8d1ca872d8
Now with logging of command response output
2014-12-05 10:58:40 -06:00
5ea062bb9c
fix bug
2014-12-05 11:30:45 +01:00
55b8d6720d
add wordpress download-manager exploit
2014-12-05 11:17:54 +01:00
e3f7398acd
Fix #4246 - Access payload_exe information correctly
...
This fixes an undef method 'payload_exe' error. We broke this when
all modules started using Msf::Exploit::CmdStager as the only source
to get a command stager payload. The problem with that is "payload_exe"
is an accessor in CmdStagerTFTP, not in CmdStager, so when the module
wants to access that, we trigger the undef method error.
To be exact, this is the actual commit that broke it:
7ced5927d8Fix #4246
2014-12-05 02:08:13 -06:00
85e0d72711
Land #4229 , @tatehansen's module for CVE-2014-7992
2014-12-04 17:20:49 -08:00
f0cfcd4faf
Update dlsw_leak_capture name and print_
...
This makes it more obvious exactly what is being scanned for
2014-12-04 17:20:01 -08:00
e5bdf225a9
Update netflow_file_download.rb
2014-12-04 21:32:19 +00:00
52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT
2014-12-04 13:26:16 -08:00
6bd56ac225
Update any modules that deregistered NETMASK
2014-12-04 13:22:06 -08:00
e471271231
Move comment
2014-12-04 20:24:37 +00:00
c14ba11e79
If extapi dont stage payload
2014-12-04 20:17:48 +00:00
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
7c62fa5c95
Add Windows post module for reading/searching Outlook e-mail #8
2014-12-04 14:28:40 +01:00
3aecd3a10e
added DLSw v1 and v2 check, added check for \x00 in leak segment
2014-12-03 23:27:11 -07:00
2fcbcc0c26
Resolve merge conflict for ie_setmousecapture_uaf ( #4213 )
...
Conflicts:
modules/exploits/windows/browser/ie_setmousecapture_uaf.rb
2014-12-03 14:12:15 -06:00
3cadcb942a
Add Windows post module for reading/searching Outlook e-mail #7
2014-12-03 18:30:22 +01:00
3a978e1147
Land #4280 , frontpage_login improvements
2014-12-02 14:56:57 -06:00
a631ee65f6
Fix #4293 - Use OperatingSystems::Match::WINDOWS
...
Fix #4293 . Modules should use OperatingSystems::Match::WINDOWS
instead of Msf::OperatingSystems::WINDOWS, because the second
won't match anything anymore.
2014-12-02 13:46:27 -06:00
b29e53984e
Merge master with merge of PR #4225
2014-12-02 11:58:30 -06:00
fc96d011ab
Python reverse_http stager, lands #4225
2014-12-02 11:47:31 -06:00
7fe72fd118
Cosmetic tweaks for #4225
2014-12-02 11:47:14 -06:00
611e8c72eb
Add Windows post module for reading/searching Outlook e-mail #6
2014-12-02 14:05:08 +01:00
a88ee0911a
Fix os detection
...
See #3373
2014-12-02 01:15:55 -06:00
a42c7a81e7
Fix os detection
...
See #4283
2014-12-02 01:13:51 -06:00
564488acb4
Changed and to &&
2014-12-02 00:02:53 -06:00
280e10db55
Add module for Arris VAP2500 Remote Command Execution
2014-12-01 23:07:56 -06:00
394d132d33
Land #2756 , tincd post-auth BOF exploit
2014-12-01 12:13:37 -06:00
0ab2e99419
Delete version from title
2014-12-01 10:24:12 -06:00
d1e8b160c7
Land #4271 , @espreto's module for CVE-2014-7816 WildFly's Traversal
...
* Issue in the web server JBoss Undertow
2014-12-01 10:22:47 -06:00
f4e20284a4
Change mixin include order
2014-12-01 10:22:20 -06:00
d85aabfed9
Use vprint by default
2014-12-01 10:20:12 -06:00
e0cb0f7966
Fix description
2014-12-01 10:19:14 -06:00
fa07b466d6
Use single quote and minor cosmetic changes
2014-12-01 09:57:29 -06:00
d5888a7f6f
Fix module options
2014-12-01 09:55:36 -06:00
47acf3487d
Do minor cleanup
...
* Prepend peer
* Use print_good when file downloaded
2014-12-01 09:53:00 -06:00
0f973fdf2b
Fix #4284 - Typo "neline" causing the exploit to break
...
"neline" isn't supposed to be there at all.
2014-12-01 01:24:30 -06:00
7a2c9c4c0d
Land #4263 , @jvennix-r7's OSX Mavericks root privilege escalation
...
* Msf module for the Ian Beer exploit
2014-11-30 21:13:07 -06:00
b357fd88a7
Add comment
2014-11-30 21:08:38 -06:00
0ab99549bd
Change ranking
2014-11-30 21:08:12 -06:00
7772da5e3f
Change paths, add makefile and compile
2014-11-30 21:06:11 -06:00
e4b3ee2811
Changed the module name.
2014-12-01 01:00:14 -02:00
ecbce679a8
Remove timeout on line 59.
2014-12-01 00:51:12 -02:00
f3957ea428
FILEPATH changed from false to true.
2014-12-01 00:48:47 -02:00
97ee975235
Deleted checking on line 48.
2014-12-01 00:46:58 -02:00
d7d1b72bce
Rename local_variables
2014-11-30 20:40:55 -06:00
84ce573227
Deleted line 61 which returns the server status code.
2014-12-01 00:39:05 -02:00
d77c02fe43
Delete unnecessary metadata
2014-11-30 20:37:34 -06:00
ff30a272f3
Windows paths need 2 backslashes
2014-11-30 18:54:41 -06:00
223bc340e4
Prepend peer
2014-11-30 18:46:15 -06:00
5ad3cc6296
Make FILEPATH mandatory
2014-11-30 18:45:23 -06:00
b1b10cf4e5
Use Rex::ConnectionError
2014-11-30 18:44:25 -06:00
a549cbbef8
Beautify metadata
2014-11-30 18:44:03 -06:00
0887127264
Fixed several recommended changes by jvazquez-r7 and jlee-r7
2014-11-30 00:53:24 -05:00
26d9ef4edd
Explain about Windows back slashes on option
2014-11-30 00:15:44 +00:00
2fb38ec7bb
Create exploit for CVE-2014-5445
2014-11-30 00:12:37 +00:00
6f6274735f
Update frontpage_login.rb
...
Vhost is now used if specified.
Added X-Vermeer-Content-Type header, which seems to be required for the RPC service otherwise server responds with:
method=
status=
status=262147
osstatus=0
msg=No "CONTENT_TYPE" on CGI environment.
osmsg=
2014-11-28 17:21:47 +00:00
f7f4a191c1
Land #4255 - CVE-2014-6332 Internet Explorer
2014-11-28 10:12:27 -06:00
2a7d4ed963
Touchup
2014-11-28 10:12:05 -06:00
48904c2d63
Land #4277 - vmware-mount configurable directory
2014-11-28 08:05:42 +10:00
985838e999
Suggestions from OJ
2014-11-27 21:38:50 +00:00
10a05a393c
Add format_all_drives payload, lands #4268
2014-11-27 11:44:44 -06:00
4a4608adbc
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 23:06:54 +05:30
25ecf73d7d
Add configurable directory, rather than relying on the session working
...
directory.
2014-11-27 17:12:37 +00:00
8473ed144a
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 14:13:49 +05:30
d75ffc36da
Changed the description of FILEPATH
2014-11-27 00:50:34 -02:00
f8dc366f42
Add CVE-2014-7816 Directory Traversal for WildFly 8 Application
2014-11-27 00:13:29 -02:00
84bb5b5215
Rex::Socket.to_sockaddr changed
2014-11-26 17:51:38 +01:00
16b64ff42a
Rex::Socket.to_sockaddr changed
2014-11-26 17:51:05 +01:00
cc33566ca8
Land #4265 , @shuckins-r7 fix for RPORT error on UDP sweep.
2014-11-26 10:27:15 -06:00
79b2b5e231
RPORT is required by UDPScanner; deregister instead
2014-11-26 07:39:14 -08:00
f5633ba3c3
Add format_all_drives shellcode for Windows x86_x64
2014-11-26 20:29:25 +05:30
16a9450d43
session.tunnel_peer changed by session.session_host. Other minor changes
2014-11-26 12:08:54 +01:00
75e5553cd4
Change to in exploit
2014-11-26 16:53:30 +10:00
9524efa383
Fix banner
2014-11-25 23:14:20 -06:00
16ed90db88
Delete return keyword
2014-11-25 23:11:53 -06:00
85926e1a07
Improve check
2014-11-25 23:11:32 -06:00
5a2d2914a9
Fail on upload errors
2014-11-25 22:48:57 -06:00
b24e641e97
Modify exploit logic
2014-11-25 22:11:43 -06:00
4bbadc44d6
Use Msf::Exploit::FileDropper
2014-11-25 22:00:42 -06:00
7fbd5b63b1
Delete the Rex::MIME::Message gsub
2014-11-25 21:54:50 -06:00
eaa41e9a94
Added reference
2014-11-25 21:37:04 -06:00
2c207597dc
Use single quotes
2014-11-25 18:30:25 -06:00
674ceeed40
Do minor cleanup
2014-11-25 18:26:41 -06:00
6ceb47619a
Change module filename
2014-11-25 18:09:15 -06:00
sinn3r
Brendan Coles
jvazquez-r7
Tod Beardsley
Borja Merino
Jon Hart
Gabor Seljan
Mark Judice
Joe Vennix
Meatballs
William Vu
root
Peregrino Gris
Jon Cave
HD Moore
David Maloney
Brent Cook
Sean Verity
rcnunez
Brandon Perry
Andrew Morris
wez3
Christian Mehlmauer
Marc Wickenden
Spencer McIntyre
Jonathan Claudius
EgiX
us3r777
Pedro Ribeiro
headlesszeke
tate
Roberto Soares Espreto
Deral Heiland
Tiago Sintra
OJ
Rasta Mouse
HackSys Team