9bb9f8b27b
Update descriptions on SMB file utils.
2013-10-28 13:48:25 -05:00
0f63420e9f
Be specific about the type of hash
...
See #2583 . Since there are several types of hashes, we need to be more
specific about this -- see modules/exploits/windows/smb/psexec.rb which
uses an "smb_hash" as a password type.
Also, the fixes in #2583 do not appear to address anything else reported
on the Redmine issue, namely, operating system and architecture
identification discovered with this module (assuming good credentials).
Therefore, the Redmine issue should not be considered resolved.
[SeeRM #4398 ]
2013-10-28 13:40:07 -05:00
1fee3ce952
Land #2584 , reporting for energizer_duo_detect
2013-10-28 10:48:20 -05:00
efcfc9eef7
Land #2273 , @kaospunk's enum domain feature for owa_login
2013-10-28 09:47:54 -05:00
71a1ccf771
Clean owa_login enum_domain feature
2013-10-28 09:46:41 -05:00
87dc58191d
Land #2583 - Report creds to db
2013-10-26 23:22:40 -05:00
278dff93e7
Add missing require for Msf::Exploit::Powershell
...
Thanks for the report, @mubix.
2013-10-25 21:41:24 -05:00
e0aec13ce1
[FixRM #4397 ] Add reporting for energizer_duo_detect
2013-10-25 16:51:44 -05:00
9276a839d4
[FixRM #4398 ] Report credentials to database
2013-10-25 16:19:47 -05:00
df83114f0b
Land #2578 , @wchen-r7's [FixRM #8525 ]
2013-10-25 13:28:59 -05:00
a95425de08
Check dec instead
2013-10-25 10:47:41 -05:00
b69ee1fc67
[FixRM #8419 ] Add module platform to ms04_011_pct
2013-10-25 09:29:19 -05:00
1d0a3aad70
[FixRM #8525 ] undefined method `+' for nil:NilClass in enum_ie
...
Looks like for some reason if CryptUnprotectData fails, the decrypt_reg()
method will return "". And when you unpack "", you produce an array of nils.
Since you cannot add something to nil, this should cause an
"undefined method `+' for nil:NilClass" error.
This will check if we get an array of nils, we jump to the next iteration.
2013-10-25 00:26:38 -05:00
7d788fbf76
Land #2571 - HP Intelligent Management SOM FileDownloadServlet Arbitrary Download
2013-10-24 14:15:26 -05:00
7ee615223d
Land #2570 - HP Intelligent Management SOM Account Creation
2013-10-24 14:14:06 -05:00
ea80c15c3b
Land #2383 , @jamcut's aux module for jenkins enum
2013-10-24 11:31:36 -05:00
8428671f32
Land #2455 , @juushya's aux module for radware
2013-10-24 10:54:02 -05:00
1673b66cbe
Delete some white lines
2013-10-24 10:50:14 -05:00
b589e9aa6e
Use the peer method
2013-10-24 10:45:02 -05:00
2ef33aabe7
Clean open_flash_chart_upload_exec
2013-10-24 10:15:28 -05:00
110daa6e96
Check for nil response from request in check method.
2013-10-24 09:12:37 -04:00
8a5d4d45b4
Add Open Flash Chart v2 Arbitrary File Upload exploit
2013-10-24 22:46:41 +10:30
ecbbd7bb4b
Ran resplat.rb and retab.rb. Fixed msftidy issues.
2013-10-23 20:59:27 -04:00
b5f26455a3
Land #2545 , javascript library overhaul
2013-10-23 16:12:49 -05:00
255cd18868
Use peer helper
2013-10-23 16:08:40 -05:00
69da39ad52
Add module for ZDI-13-240
2013-10-23 16:01:01 -05:00
655e09f007
Fixed description to look better in info output.
2013-10-23 16:36:39 -04:00
9f84ced00e
Fixed boilerplate text.
2013-10-23 16:13:25 -04:00
58a32ebb45
Initial commit.
2013-10-23 14:47:42 -04:00
d1e1968cb9
Land #2566 - Download and delete a file via SMB
2013-10-23 12:28:57 -05:00
9a51dd5fc4
Do exception handling and stuff
2013-10-23 12:28:25 -05:00
0500842625
Do some exception handling
2013-10-23 12:22:49 -05:00
83a4ac17e8
Make sure fd is closed to avoid a possible resource leak
2013-10-23 12:16:18 -05:00
af02fd0355
Use store_loot, sorry mubix
2013-10-23 12:13:05 -05:00
55e3f36589
Add module for ZDI-13-242
2013-10-23 11:24:29 -05:00
bea04cceeb
Remove the trailing slash from the ZDI ref
2013-10-23 11:05:33 -05:00
7d84fa487e
Correct ZDI ref to match new scheme
2013-10-23 11:44:44 +02:00
8f3228d191
chage author but basic copied from hdms upload_file
2013-10-22 21:13:30 -04:00
acc73dd545
Land #2282 - BypassUAC now checks if the process is LowIntegrityLevel
2013-10-22 17:16:26 -05:00
af174639cd
Land #2468 - Hwnd Broadcast Performance
2013-10-22 17:03:02 -05:00
2e8c369c69
Land #2559 - remove content-length
2013-10-22 16:03:42 -05:00
dc0d9ae21d
Land #2560 , ZDI references
...
[FixRM #8513 ]
2013-10-22 15:58:21 -05:00
e1c4aef805
Land #1789 - Windows SSO Post Module
2013-10-22 15:48:15 -05:00
8611a2a24c
Merge remote-tracking branch 'upstream/master' into low_integ_bypassuac
2013-10-22 21:42:36 +01:00
ba1edc6fa8
Land #2402 - Windows Management Instrumentation Local -> Peers
2013-10-22 15:39:32 -05:00
b2b8824e2e
add delete and download modules for smb
2013-10-22 16:31:56 -04:00
85479f5994
removed PrependMigrate, introduced migrate -f
2013-10-22 16:11:19 -04:00
6989f16661
Land #2548 , @titanous's aux module for CVE-2013-4450
2013-10-22 15:02:54 -05:00
bdf07456ba
Last cleanup for nodejs_pipelining
2013-10-22 15:00:58 -05:00
db447b65f9
Add exploit for Node.js HTTP Pipelining DoS
2013-10-22 15:12:14 -04:00
11b2719ccc
Change module plate
2013-10-22 12:36:58 -05:00
df42dfe863
Land #2536 , @ddouhine's exploit for ZDI-11-061
2013-10-22 12:35:40 -05:00
c34155b8be
Clean replication_manager_exec
2013-10-22 12:34:35 -05:00
a4dd53f650
Chane module filename
2013-10-22 11:16:14 -05:00
cdd183f43a
Add reporting
2013-10-22 11:15:16 -05:00
e447aff0ec
Fix misleading statement in Outlook post module
...
Since this module doesn't retrieve domain exchange information as it isn't stored there it shouldn't say that Outlook isn't installed at all.
2013-10-22 11:53:15 -04:00
0d73275c3f
Delete not necessary check
2013-10-22 10:39:54 -05:00
c50e7c73b6
Make parsing easier
2013-10-22 10:30:03 -05:00
0cc7be0138
Use snake_case
2013-10-22 10:04:32 -05:00
e4a340b7f1
Fix small issues
2013-10-22 10:02:32 -05:00
a425e2be78
Fix typo
2013-10-22 09:28:43 -05:00
111c12ef0d
Do cosmetic changes
2013-10-22 09:28:15 -05:00
f46cdb8970
Add the correct plate
2013-10-22 09:27:37 -05:00
de0d09886c
Retab changes for PR #2383
2013-10-22 09:26:44 -05:00
0214501891
Merge for retab
2013-10-22 09:22:10 -05:00
72f3d4f86c
Land #2496 - Added ability to generate multiple payloads
...
Thx Dave!
2013-10-22 01:42:03 -05:00
afcce8a511
Merge osdetect and addonsdetect
2013-10-22 01:11:11 -05:00
9a3e719233
Rework the naming style
2013-10-21 20:16:37 -05:00
5613cfb249
Retab changes for PR #2455
2013-10-21 15:57:23 -05:00
39d38e598d
Merge for retab
2013-10-21 15:55:48 -05:00
71fab72e06
Delete duplicate content-length from axis2_deployer
2013-10-21 15:35:51 -05:00
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
10a4ff41de
Delete Content-Length duplicate header
2013-10-21 15:11:37 -05:00
57e39c2b2c
Land #2498 - multiple payload capabilities
2013-10-21 14:51:24 -05:00
03adb48d48
Resolve NoMethodError undefined method `empty?' for nil:NilClass
...
blank? should fix this.
2013-10-21 14:50:25 -05:00
1599d1171d
Land #2558 - Release fixes
2013-10-21 13:48:11 -05:00
c1954c458c
Just warn, don't bail
...
Even if the OS detection returns non-Win7, maybe it's Win 8 or something
where it'll still work. We rarely bail out on checks like these.
If I'm crazy, feel free to skip or revert this commit (it shouldn't hold
up the release at all)
For details on this module, see #2503 . I don't see any comments about
this line in particular
2013-10-21 13:39:45 -05:00
bce8d9a90f
Update license comments with resplat.
2013-10-21 13:36:15 -05:00
c070108da6
Release-related updates
...
* Lua is not an acronym
* Adds an OSVDB ref
* credit @jvazquez-r7, not HD, for the Windows CMD thing
2013-10-21 13:33:00 -05:00
58a43e87dd
Added fixes suggested by jlee-r7
...
additional code clean up
2013-10-21 14:18:12 -04:00
4c14595525
Land #2535 - Use %PATH% for notepad
2013-10-21 13:14:44 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
e7d3206dc9
Revert "Land #2505" to resolve new rspec fails
...
This reverts commit 717dfefead6430fa3354
2013-10-21 12:47:57 -05:00
cacaf40276
Land #2542 - D-Link DIR-605L Captcha Handling Buffer Overflow
2013-10-21 12:03:07 -05:00
9bfd98b001
Change plate
2013-10-21 11:54:42 -05:00
717dfefead
Land #2505 , missing source fix for sock_sendpage
2013-10-21 11:47:55 -05:00
6430fa3354
Land #2539 - Support Windows CMD generic payload
...
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
2013-10-21 11:26:13 -05:00
45d06dd28d
Change plate
2013-10-21 11:24:30 -05:00
0670020701
Land #2553 - HP Intelligent Management BIMS DownloadServlet Directory Traversal
2013-10-21 11:20:16 -05:00
8c05f8cf51
Land #2550 - Add HP Intelligent Managemetn UploadServlet dir traversal
2013-10-21 11:14:22 -05:00
d22e4ac2f1
Check timeout condition
2013-10-21 11:13:48 -05:00
36dace26fa
Land #2538 - Fix redirect URLs
2013-10-21 11:08:03 -05:00
09c9cba3d5
Updated code
2013-10-21 19:29:05 +05:30
183116c81f
Make module work, and final cleanup
2013-10-20 18:39:41 -05:00
27078eb5a6
Add support for HP imc /BIMS 5.1
2013-10-20 18:18:34 -05:00
b0d32a308a
Update version information
2013-10-19 00:52:22 -05:00
7d8a0fc06c
Add BID reference
2013-10-19 00:29:43 -05:00
aa6a24da1b
Add module template
2013-10-19 00:27:57 -05:00
cf239c2234
Add module for ZDI-13-238
2013-10-19 00:05:09 -05:00
5a0b8095c0
Land #2382 , Lua bind and reverse shells
2013-10-18 17:11:37 -05:00
70fced1d74
Delete unnecessary requires and make msftidy compliant
2013-10-18 16:54:20 -05:00
dbd74bceed
Add the ARCH_CMD target
2013-10-18 16:35:22 -05:00
2339cdc713
Land #2513 , @joev-r7's osx persistence local exploit
2013-10-18 15:13:50 -05:00
83f27296d3
Fix some bugs in osx persistence.
...
- the RUN_NOW datastore option did not work as expected
- Adds support for OSX < 10.4 KeepAlive option
- organizes private methods alphabetically.
2013-10-18 14:12:33 -05:00
4e4d0488ae
Rubyfy constants in privs lib
2013-10-18 18:26:07 +01:00
681db6cb41
Use fully qualified constant in include.
2013-10-18 11:31:02 -05:00
05bea41458
mkdir -p the dirname, not the file.
2013-10-18 11:27:37 -05:00
2e0a14d719
Introduced PrependMigrate, PPID killing and general clean-up
2013-10-18 12:24:50 -04:00
9d6031acdb
Reverting payload_inject because of x64 shellcode
...
Injecting x64 shellcode in a SYSWOW64 process spawn a 32 bit notepad, so
we revert the changes.
2013-10-18 09:51:18 +02:00
7a47059e1d
Fix a couple more shellescapes.
2013-10-18 00:47:22 -05:00
a2e3c6244e
Remove unnecessary Exe::Custom logic.
...
- this is handled by the exe.rb mixin.
- adds support for a RUN_NOW datastore option.
- tested working on java meterpreter and x86 shell session.
2013-10-18 00:41:18 -05:00
7dd39ae5e6
Update ranking
2013-10-17 22:43:47 -05:00
a00a813649
Add real device libraries base addresses
2013-10-17 22:34:54 -05:00
55426882d4
Further bypassuac tidyup
2013-10-18 00:08:06 +01:00
e450e34c7e
Merge branch 'master' of github.com:rapid7/metasploit-framework into low_integ_bypassuac
...
Conflicts:
modules/exploits/windows/local/bypassuac.rb
2013-10-17 23:35:36 +01:00
5a662defac
Post::Privs uses Post::Registry methods
2013-10-17 23:28:07 +01:00
94db3f511a
Avoid extra slash in redirect URI
...
[SeeRM #8507 ]
2013-10-17 14:10:15 -05:00
be1d6ee0d3
Support Windows CMD generic payload
2013-10-17 14:07:27 -05:00
22b4bf2e94
Resplat webtester_exec.rb
2013-10-17 13:30:54 -05:00
07ab53ab39
Merge from master to clear conflict
...
Conflicts:
modules/exploits/windows/brightstor/tape_engine_8A.rb
modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
7f6dadac16
Merge for sync
2013-10-17 10:40:01 -05:00
b03783baec
minors fixes and rand for endstring
2013-10-17 17:10:05 +02:00
22eb2ba163
randstring and fixes
2013-10-17 16:51:34 +02:00
352eca1147
Fix check method and set a big space available for payload
2013-10-17 09:30:59 -05:00
563bf4e639
Fix bug #8502 , used %PATH% for notepad invocation
...
We use system %PATH% for notepad executable instead of the absolute
path, because it caused a problem with the migrate script in a 64-bit
meterpreter session. By default the wordpad binary is not in the
%PATH%, so the condition in hp_nnm_ovbuildpath_textfile.rb was not
changed.
2013-10-17 15:41:12 +02:00
54cf7855a2
Add WebTester 5.x Command Execution exploit module
2013-10-17 16:57:57 +10:30
3d3a7b3818
Add support for OSVDB 86824
2013-10-17 01:08:01 -05:00
7a0671eba9
Land #2531 - rm deprecated mods
2013-10-16 20:02:58 -05:00
a54b4c7370
Land #2482 , use runas when UAC is DoNotPrompt
2013-10-16 17:51:11 -05:00
f1a67ecafe
Remove overdue deprecated modules
...
[See PT #56795804 ]
[See PT #56796034 ]
2013-10-16 17:02:28 -05:00
0ce221274b
Change JS comments in Ruby.
2013-10-16 16:40:54 -05:00
f0aedd932d
More stragglers
2013-10-16 16:29:55 -05:00
ba2c52c5de
Fixed up some more weird splat formatting.
2013-10-16 16:25:48 -05:00
4fa3b8f820
Add support for IE7 on XP
2013-10-16 15:56:34 -05:00
d13fa7e9a5
Land #2528 , base64 for ms13-080
2013-10-16 15:54:56 -05:00
cc42fbc59e
Added ext .rb
...
... ext .rb why you no save.
2013-10-17 01:40:05 +05:30
f3d4229ed4
Updated code
...
msftidy compliant now. Have run it thru retab.rb, hence the indent like this.
2013-10-17 01:36:26 +05:30
2833d58387
Add OSVDB for vbulletin exploit
2013-10-16 15:01:28 -05:00
3c2dddd7aa
Update reference with a non-plagarised source
2013-10-16 14:44:18 -05:00
06a212207e
Put PrependMigrate on hold because of #1674
...
But I will probably still want this.
2013-10-16 09:24:46 -05:00
ac78f1cc5b
Use Base64 encoding for OS parameter
...
I didn't even realize we already added this in server.rb. So instead
of just escaping the OS parameter, we also encode the data in base64.
I also added prependmigrate to avoid unstable conditions for the payload.
2013-10-15 23:37:11 -05:00
f57032636e
Straggler on a weird boilerplate format
2013-10-15 14:57:04 -05:00
5d86ab4ab8
Catch mis-formatted bracket comments.
2013-10-15 14:52:12 -05:00
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
c68319d098
Fix author
2013-10-15 12:59:19 -05:00
f60b29c7a6
Land #2503 , @MrXors's local exploit using VSS
2013-10-15 12:35:26 -05:00
f345414832
Added correct spelling in info
2013-10-15 10:13:18 -07:00
0b9cf24103
Convert vss_persistence to Local Exploit
2013-10-15 11:11:04 -05:00
Tod Beardsley
William Vu
jvazquez-r7
sinn3r
AverageSecurityGuy
bcoles
Booboule
Rob Fuller
Meatballs
root
Jonathan Rudenberg
jamcut
Karn Ganeshen
joev
Norbert Szetei
James Lee
Davy Douhine
MrXors