Commit Graph

401 Commits (8f2e444aca057869d1d42c317aadebf7201d0917)

Author SHA1 Message Date
Jon Hart 684975a315 Use correct target address for fake As 2014-11-19 08:28:56 -08:00
Jon Hart 3777e78a85 Sanitize creation of target host. Return minimal for SRV 2014-11-19 08:28:56 -08:00
Jon Hart 52e004d8ab Use less conflicting name for SRV record port 2014-11-19 08:28:56 -08:00
Jon Hart ee90e4353b Add more consistent logging for fakedns types that support fake vs bypass 2014-11-19 08:28:55 -08:00
Jon Hart 0910275fac Don't artificially insert additional records when BYPASS 2014-11-19 08:28:55 -08:00
Fatih Ozavci a38cb3ee53 @jhart-r7 commits are accepted and conflicts fixed. 2014-11-19 08:28:55 -08:00
Fatih Ozavci ab7f6866f5 FAKE and BYPASS actions are implemented for SRV queries 2014-11-19 08:28:55 -08:00
Fatih Ozavci f403d27fbd Author update for the fakedns module 2014-11-19 08:28:55 -08:00
Fatih Ozavci 47f7d8c4be IN:SRV expansion for Fake DNS server 2014-11-19 08:28:55 -08:00
William Vu 405eae4b6e
Remove EOL whitespace 2014-11-17 11:46:36 -06:00
Joe Vennix fc1635e80a
Fix BAP JS ref error. 2014-11-17 10:06:15 -06:00
William Vu 953a642b0e
Finally write a decent description 2014-10-30 22:51:42 -05:00
William Vu e3ed7905f1
Add tnftp_savefile exploit
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
HD Moore 64c206fa62 Add module for CVE-2014-4877 (Wget) 2014-10-27 23:37:41 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
William Vu df44dfb01a
Add OSVDB and EDB references to Shellshock modules 2014-09-29 21:39:07 -05:00
HD Moore 878f3d12cd Remove kind_of? per @trosen-r7 2014-09-29 15:39:10 -05:00
HD Moore 77efa7c19a Change if/else to case statement 2014-09-29 15:37:58 -05:00
jvazquez-r7 e1f00a83bc Fix Rex because domainname and domain_name were duplicated 2014-09-26 13:40:52 -05:00
jvazquez-r7 5044117a78 Refactor dhclient_bash_env to use the egypt's mixin mods 2014-09-26 13:34:44 -05:00
jvazquez-r7 a31b4ecad9
Merge branch 'review_3893' into test_land_3893 2014-09-26 08:41:43 -05:00
James Lee 86f85a356d
Add DHCP server module for CVE-2014-6271 2014-09-26 01:24:42 -05:00
Ramon de C Valle 9c11d80968 Add dhclient_bash_env.rb (Bash exploit)
This module exploits a code injection in specially crafted environment
variables in Bash, specifically targeting dhclient network configuration
scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
2014-09-26 01:37:00 -03:00
Tom Sellers 74920d26a4 Update to server/capture/imap.rb for new Credential system 2014-08-19 15:25:31 -05:00
joev 5bfbb7654e
Add android meterpreter to browser autopwn. 2014-08-18 11:09:16 -05:00
HD Moore a844b5c30a Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
Rich Lundeen 60b9f855b4 Bug with HTTP POST requests (content type sent twice) 2014-04-28 18:44:02 -07:00
Ramon de C Valle fd232b1acd Use the protocol version from the handshake
I used the protocol version from the record layer thinking I was using
the protocol version from the handshake. This commit fix this and uses
the protocol version from the handshake instead of from the record layer
as in https://gist.github.com/rcvalle/10335282, which is how it should
have been initially.

Thanks to @wvu-r7 for finding this out!
2014-04-25 01:48:17 -03:00
Ramon de C Valle 039946e8d1 Use the first cipher suite sent by the client
If encrypted, use the TLS_RSA_WITH_AES_128_CBC_SHA; otherwise, use the
first cipher suite sent by the client. This complements the last commit
and makes this module work with SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
when NEGOTIATE_TLS is not enabled (see
https://gist.github.com/rcvalle/10335282).
2014-04-12 05:05:14 -03:00
Ramon de C Valle b95fcb9610 Use the protocol version sent by the client
Use the protocol version sent by the client. This should be the latest
version supported by the client, which may also be the only acceptable.
This makes this module work with SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
when NEGOTIATE_TLS is not enabled (see
https://gist.github.com/rcvalle/10335282).
2014-04-12 04:21:35 -03:00
William Vu 6675464c20
Fix a few things in the Heartbleed modules 2014-04-10 16:06:40 -05:00
William Vu b905aece38 Fix job not backgrounding 2014-04-09 17:03:57 -05:00
HD Moore ed247498b6 Make TLS negotiation optional 2014-04-09 17:03:38 -05:00
William Vu 2f9a400efa
vprint_status the other message message 2014-04-09 15:11:02 -05:00
William Vu 84ce72367b
Make the output less verbose 2014-04-09 14:57:51 -05:00
jvazquez-r7 157fb5a905 Make title more searchable 2014-04-09 12:08:35 -05:00
jvazquez-r7 58f4a1c085 Usee loop do instead or while true 2014-04-09 11:48:45 -05:00
jvazquez-r7 bc36b9ebd6 Delete server side PoCs as referecences because don\'t apply here 2014-04-09 10:58:59 -05:00
jvazquez-r7 fd90203120 Change some variable names to make code reading easier 2014-04-09 10:56:50 -05:00
jvazquez-r7 e154d175e8 Add @hmoore-r7's heartbeat client side module 2014-04-09 09:38:11 -05:00
HD Moore 749bcf2473 Report fingerprint.match notes, various cleanups 2014-04-02 07:08:23 -07:00
HD Moore 7e227581a7 Rework OS fingerprinting to match Recog changes
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.

This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
Tod Beardsley 151e2287b8
OptPath, not OptString. 2014-03-07 10:52:45 -06:00
Tod Beardsley 5cf1f0ce4d
Since dirs are required, server will send/recv
This does change some of the meaning of the required-ness of the
directories. Before, if you wanted to serve files, but not receive any,
you would just fail to set a OUTPUTPATH.

Now, since both are required, users are required to both send and
recieve. This seems okay, you can always just set two different
locations and point the one you don't want at /dev/null or something.
2014-03-07 10:49:11 -06:00
Tod Beardsley 37fa4a73a1
Make the path options required and use /tmp
Otherwise it's impossible to run this module without setting the options
which were not otherwise validated anyway.
2014-03-07 10:41:18 -06:00
Tod Beardsley 8a0531650c
Allow TFTP server to take a host/port argument
Otherwise you will tend to listen on your default ipv6 'any' address and
bound to udp6 port 69, assuming you haven't bothered to disable your
automatically-enabled ipv6 stack.

This is almost never correct.
2014-03-06 16:13:20 -06:00
William Vu 4cc91095de Fix minor formatting issues 2014-02-25 13:48:37 -06:00
kn0 6783e31c67 Used the builtin send_redirect method in Msf::Exploit::Remote::HttpServer instead of creating a redirect inline 2014-02-24 15:59:49 -06:00
kn0 f1e71b709c Added 301 Redirect option to Basic Auth module 2014-02-24 14:59:20 -06:00