Commit Graph

3184 Commits (7fcf5b3dc22509659b1dcc444a0591a327b86b98)

Author SHA1 Message Date
HD Moore 7fcf5b3dc2 Lots of new targets merged in for MS08-067 including Brett Moore's 2003 SP2 DEP bypass
git-svn-id: file:///home/svn/framework3/trunk@5812 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-31 05:16:02 +00:00
HD Moore 08d296240a Add the license to the actual .[ch] files and remove the inaccurate readme
git-svn-id: file:///home/svn/framework3/trunk@5811 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-30 22:30:32 +00:00
HD Moore 675e03c272 Clarify the licensing between reflective and vnc
git-svn-id: file:///home/svn/framework3/trunk@5810 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-30 22:22:58 +00:00
HD Moore ac70cc88eb Remove the giant program database
git-svn-id: file:///home/svn/framework3/trunk@5809 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-30 22:21:46 +00:00
HD Moore 345837485f Remove the Release object directory
git-svn-id: file:///home/svn/framework3/trunk@5808 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-30 22:21:01 +00:00
HD Moore 835ce24792 Add the modified VNC DLL from Stephen Fewer
git-svn-id: file:///home/svn/framework3/trunk@5807 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-30 22:20:37 +00:00
HD Moore 56a413d803 Reflective DLL injection payloads from Stephen Fewer
git-svn-id: file:///home/svn/framework3/trunk@5806 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-30 22:17:32 +00:00
HD Moore dfbc35da3c Patch for ms08-067 from antoine, fixes braindead bug on my part, should increase reliability
git-svn-id: file:///home/svn/framework3/trunk@5805 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-30 17:21:07 +00:00
HD Moore a4d53893ac Improvements to opty2 from vlad902:
1) Fixed a minor bug, sometimes Opty2 would generate C1 /6 instructions which most processors will execute but which are not technically valid (they would exist for SAL but SAL is an alias for SHL so it is defined as C1 /4).
 2) I changed the 0x90 nop instruction so that it is no longer considered that 0x90 changes the eax register.
3) Removed o16/0x66 prepend byte from 0x0f, this is currently unused anyways but might prevent some poor person from debugging it in the future.
 4) Previously short jumps would only make positive jumps, I added the capability for them to make a "-1" jump which would basically just start executing at the offset byte. For example it could generate something like EB FF XX YY ... where EB FF jumps to FF XX YY ...
 5) I added support for the instructions mov reg, segreg (8C), mov reg, imm8/imm32 (C6/C7), and lea reg, mem (8D). I implemented LEA so that it only allows memory references to be in ModR/M form and not be in SIB form (I don't think it's possible to allow SIB in the way Opty2 works at the moment).
 



git-svn-id: file:///home/svn/framework3/trunk@5804 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-30 07:30:52 +00:00
HD Moore e9d133e9aa Remove the while(true) which snuck into this module
git-svn-id: file:///home/svn/framework3/trunk@5803 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-30 07:21:53 +00:00
kris 330bd2ef5b Update some of my aux modules that require a successful login to not continue
running without it


git-svn-id: file:///home/svn/framework3/trunk@5802 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-30 00:52:38 +00:00
kris 4740e6e452 Adding DoS aux module for the Victory FTP Server v5.0
git-svn-id: file:///home/svn/framework3/trunk@5801 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-29 21:57:31 +00:00
kris 3c4aec43d5 Adding DoS aux module for the PacketTrap TFTP server
git-svn-id: file:///home/svn/framework3/trunk@5800 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-29 17:28:34 +00:00
kris 025b7410a0 Remove spurious ] from db_services output for consistency with other db output
git-svn-id: file:///home/svn/framework3/trunk@5799 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-29 13:10:22 +00:00
HD Moore f9f6c8d3e6 Adds an initial exploit for MS08-067, support for XP SP2/SP3 DEP, 2003 SP0/SP2 no-DEP.
git-svn-id: file:///home/svn/framework3/trunk@5798 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-28 07:35:17 +00:00
kris aec269616a Ignore EACCES from connect in TCP portscanner aux module. This can be caused
by (at least) ICMPv6 Administratively Prohibited messages, on at least Linux.
I got these by scanning ports 21-23 on ipv6.google.com, for example.



git-svn-id: file:///home/svn/framework3/trunk@5797 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-28 02:55:10 +00:00
kris 71885912b8 Allow more flexible (Nmap-esque) port specifications in TCP portscan aux module,
so things like "21-25,80,443", "1024-" and "-" behave like you expect.  This
replaces the PORTSTART and PORTSTOP options with a single PORTS option.



git-svn-id: file:///home/svn/framework3/trunk@5796 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-27 23:33:34 +00:00
kris 3e8c5ecebc Fix db_add_host (undefined variable)
git-svn-id: file:///home/svn/framework3/trunk@5795 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-27 22:47:09 +00:00
kris 9d565f9a51 Fix CERT ref numbers in bailiwicked DNS aux modules
git-svn-id: file:///home/svn/framework3/trunk@5794 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-27 22:26:48 +00:00
Mario Ceballos e700980288 update the return. thanks jacop.
git-svn-id: file:///home/svn/framework3/trunk@5793 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-27 20:50:44 +00:00
druid a07a3af2d6 Adds a method hook for any primer code needed to execute immediately after server startup.
git-svn-id: file:///home/svn/framework3/trunk@5792 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-27 20:31:40 +00:00
HD Moore c0ffd16629 Patch from antoine, corrected description and pre-calculated hashes
git-svn-id: file:///home/svn/framework3/trunk@5791 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-27 17:58:56 +00:00
et ae3ea1280c Wmap documentation updated with reporting
git-svn-id: file:///home/svn/framework3/trunk@5790 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-27 02:50:55 +00:00
et 75be2e33ad Added module reporting and wmap_reports command
git-svn-id: file:///home/svn/framework3/trunk@5789 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-27 02:22:30 +00:00
HD Moore ce58c15d6e Switch to cain&abel / halflm tables compatible challenge
git-svn-id: file:///home/svn/framework3/trunk@5788 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-26 21:53:36 +00:00
et ebc5294574 Added new wmap sqlmap module
git-svn-id: file:///home/svn/framework3/trunk@5787 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-25 03:26:50 +00:00
Ramon de C Valle 8d19ba7bbf Changed AIX_VERSION to AIXLEVEL
git-svn-id: file:///home/svn/framework3/trunk@5786 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 13:22:12 +00:00
et 29e983567e removed reports_exist check
git-svn-id: file:///home/svn/framework3/trunk@5785 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 04:23:54 +00:00
et c4dc77c15b fixed ip handling and CN parsing
git-svn-id: file:///home/svn/framework3/trunk@5784 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 03:19:24 +00:00
Ramon de C Valle c66d6c4e46 Set property 'svn:keywords'
git-svn-id: file:///home/svn/framework3/trunk@5783 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 02:43:21 +00:00
Ramon de C Valle eb0c6d1a65 Added missing Linux x86 payload modules from unixasm
git-svn-id: file:///home/svn/framework3/trunk@5782 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 02:19:50 +00:00
Ramon de C Valle 693202fd4b Updated AIX POWER/PowerPC payload modules
git-svn-id: file:///home/svn/framework3/trunk@5781 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 02:04:18 +00:00
HD Moore 1df0612f61 Adds a case-sensitivity permutation routine
git-svn-id: file:///home/svn/framework3/trunk@5780 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-22 22:43:13 +00:00
HD Moore 65419ad206 Adds routines/tools for cracking the NTLM hash from the plaintext case-insensive LANMAN password
git-svn-id: file:///home/svn/framework3/trunk@5779 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-22 22:42:52 +00:00
pusscat 16612cacba Rename
git-svn-id: file:///home/svn/framework3/trunk@5778 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-22 17:51:12 +00:00
pusscat 822234771f Initial import of the bea oracle weblogic apache plugin
git-svn-id: file:///home/svn/framework3/trunk@5777 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-22 17:44:57 +00:00
et 13ab6ed2d8 added ssl host name detection module
git-svn-id: file:///home/svn/framework3/trunk@5776 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-22 05:31:55 +00:00
et f98c87ff22 added directory scanner
git-svn-id: file:///home/svn/framework3/trunk@5775 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-22 02:31:52 +00:00
Ramon de C Valle e6127313c9 Updated AIX POWER/PowerPC payload modules
git-svn-id: file:///home/svn/framework3/trunk@5774 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 21:41:12 +00:00
Ramon de C Valle f124597a56 Code cleanups
git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 21:03:39 +00:00
Ramon de C Valle 4c847e0d44 Fixed typo
git-svn-id: file:///home/svn/framework3/trunk@5772 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 20:38:07 +00:00
et 7e73ed8c15 first attempt of reporting implementation.
git-svn-id: file:///home/svn/framework3/trunk@5771 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 20:32:14 +00:00
Ramon de C Valle c34bbae344 Added payload advanced packing types for 16/16 and 22/10 bits substitution
git-svn-id: file:///home/svn/framework3/trunk@5770 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 20:32:14 +00:00
Mario Ceballos 3de5bab19b added exploit module zenturiprogramchecker_unsafe.rb
git-svn-id: file:///home/svn/framework3/trunk@5769 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 13:15:53 +00:00
HD Moore deea354fbb Wrap the modulation setting as well
git-svn-id: file:///home/svn/framework3/trunk@5768 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-17 18:31:09 +00:00
HD Moore 4a3b540685 Handle the txrate error better
git-svn-id: file:///home/svn/framework3/trunk@5767 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-17 17:46:05 +00:00
HD Moore 7d98de2fed Handle cases where lorcon cant change the txrate (zdw driver)
git-svn-id: file:///home/svn/framework3/trunk@5766 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-17 17:35:35 +00:00
HD Moore 4eac2506b8 Add TXRATE and TXMOD options
git-svn-id: file:///home/svn/framework3/trunk@5765 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-17 15:58:33 +00:00
Ramon de C Valle fbed757aa5 Added webrick_regex.rb module from Kris Katterjohn
git-svn-id: file:///home/svn/framework3/trunk@5764 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-17 15:40:20 +00:00
et ff546b3c0a added reports table
git-svn-id: file:///home/svn/framework3/trunk@5763 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-17 13:40:11 +00:00