James Lee
50c6f26329
Don't deregister PrependFork
2013-09-05 10:50:36 -05:00
kaospunk
9f628b8b63
Add URI where information was discovered
...
This adds the URI where the information was enumerated from to the
scanner output.
One more place where target_uri was being used was also corrected.
2013-09-05 10:06:11 -04:00
kaospunk
afaab5e0a6
Fixes issues raised by jvazquez-r7
...
This commit fixes the following issues raised by jvazquez-r7:
* The local target_uri variable has been renamed to test_uri
* Logic to prepend a "/" to the uri has been removed
* The timeout of 10 for send_request_cgi has been removed to use the
default
2013-09-05 09:34:35 -04:00
jvazquez-r7
5c06a471f9
Get the call result
2013-09-05 08:33:35 -05:00
jvazquez-r7
3681955f68
Use Msf::Config.data_directory
2013-09-05 08:28:50 -05:00
jvazquez-r7
6b1d7545d6
Refactor, avoid duplicate code
2013-09-05 08:26:49 -05:00
kaospunk
533643fe2c
Host Information Enumeration via NTLM Authentication
...
This aux module makes requests to resources on the target server in
an attempt to find resources which permit NTLM authentication. For
resources which permit NTLM authentication a blank NTLM type 1 message
is sent to enumerate a a type 2 message from the target server. The type
2 message is then parsed for information such as the Active Directory
domain and NetBIOS name.
The user can provide their own TARGETURIS file which contains URIs
to request to attempt to get a 401 with NTLM. This PR also includes
a list of URLs that can be used as the default.
2013-09-04 21:39:02 -04:00
jgor
84e4b42f6b
allow 302 redirects
2013-09-04 16:59:42 -05:00
jgor
66d5af5a11
remove dependency on tmpl=component
2013-09-04 16:58:49 -05:00
jvazquez-r7
b6245eea72
Update target info
2013-09-04 16:43:26 -05:00
jvazquez-r7
34b3ee5e17
Update ranking and description
2013-09-04 16:10:15 -05:00
jvazquez-r7
94125a434b
Add module for ZDI-13-205
2013-09-04 15:57:22 -05:00
Tab Assassin
9f3a5dc5d0
Retab new modules
2013-09-04 12:32:53 -05:00
Tab Assassin
999b802468
Merge branch 'master' into retab/rumpus
2013-09-04 12:32:05 -05:00
James Lee
b913fcf1a7
Add a proper PrependFork for linux
...
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
Meatballs
3066e7e19d
ReverseConnectRetries ftw
2013-09-04 00:16:19 +01:00
Meatballs
a8e77c56bd
Updates
2013-09-03 22:46:20 +01:00
William Vu
cc838401fb
Land #2314 , metasploit_pcaplog title correction
2013-09-03 15:21:00 -06:00
William Vu
b9ceed0c53
Land #2313 , lockout_keylogger title correction
2013-09-03 15:20:20 -06:00
Meatballs
ac0c493cf9
Merge branch 'master' of github.com:rapid7/metasploit-framework into local_win_priv_keyring
2013-09-03 21:33:11 +01:00
Tab Assassin
cbb9984358
Merge branch 'master' into retab/rumpus
2013-09-03 14:11:16 -05:00
Tab Assassin
84aaf2334a
Retab new material
2013-09-03 11:47:26 -05:00
Brandon Turner
4259bc6211
Merge pull request #2323 from jvazquez-r7/fix_python_load
...
Fix require on Python bind_tcp stager
2013-09-03 09:47:06 -07:00
Tab Assassin
0c1e6546af
Update from master
2013-09-03 11:45:39 -05:00
jvazquez-r7
ff6ee5b145
Fix require
2013-09-03 10:52:52 -05:00
Tod Beardsley
6daa90a4a5
Msftidy: use binary on File.open always
...
msftidy is complaining, here:
keylog_recorder.rb:116 - [WARNING] File.open without binary mode
Not sure how this managed to hit upstream/master with msftidy warnings.
Protip, use an msftidy pre-commit hook. We have just such a hook script
in tools/dev, as a matter of fact, so it's just a symlink away:
https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
2013-09-03 10:35:50 -05:00
Boris
a23c1f1ad4
added additional "include"
2013-09-03 19:34:37 +04:00
Tod Beardsley
8acabe457c
Trailing whitespace fixup
2013-09-03 10:32:48 -05:00
Tod Beardsley
ca8dacb93b
Minor module description updates for grammar.
2013-09-03 10:31:45 -05:00
Boris
9a33c674aa
RHOST, RPORT removed, Tries option added
2013-09-01 22:58:22 +04:00
jvazquez-r7
560d384633
Do first modification to Auxiliary::Login and Auxiliary::AuthBrute
2013-08-31 23:38:04 -05:00
sinn3r
ac0b14e793
Add the missing CVE reference
...
Was looking at all the 2013 exploit modules for missing CVE references
2013-08-31 18:54:16 -05:00
sinn3r
bcc0152274
Correct metasploit_pcaplog's naming style
...
The naming style nazi is in town. ph33r.
2013-08-31 18:25:06 -05:00
sinn3r
a4bcc1f82f
Correct module naming style
...
You know what it is.
2013-08-31 18:17:06 -05:00
Boris
28ca62d60f
New option added. Names now random. Dos check added
2013-08-31 13:18:22 +04:00
sinn3r
0736677a01
Land #2299 - Add powershell support & removes ADODB.Stream requirement
2013-08-31 00:32:23 -05:00
sinn3r
c4aa557364
Land #2292 - Fix the way to get a session over a telnet connection
2013-08-31 00:29:25 -05:00
Tab Assassin
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
jvazquez-r7
5b32c63a42
Land #2308 , @wchen-r7's exploit for MS13-059
2013-08-30 10:59:36 -05:00
jvazquez-r7
ea8cd2dc46
Update authors list
2013-08-30 10:52:39 -05:00
sinn3r
a283f1d4fa
Correct module title
2013-08-30 10:50:35 -05:00
sinn3r
f4e09100bd
Correct file name
2013-08-30 10:50:05 -05:00
sinn3r
38dbab9dd0
Fix typos
2013-08-30 10:43:26 -05:00
Meatballs
1ea3d91f48
Lands #2244 Python Meterpreter
...
[Closes #2244 ]
2013-08-30 14:33:35 +01:00
sinn3r
7401f83d8e
Land #2305 - HP LoadRunner lrFileIOService ActiveX WriteFileString Bug
2013-08-30 03:23:47 -05:00
sinn3r
0a1b078bd8
Add CVE-2013-3184 (MS13-058) CFlatMarkupPointer Use After Free
...
Please see module description for more info.
2013-08-30 03:16:28 -05:00
jvazquez-r7
2176f0b91c
Land #2303 , @todb-r7's patch to avoid loading order issues on sudo_password_bypass
2013-08-29 14:52:17 -05:00
jvazquez-r7
657be3a3d9
Fix typo
2013-08-29 14:42:59 -05:00
jvazquez-r7
4a6bf1da7f
Add module for ZDI-13-207
2013-08-29 14:09:45 -05:00
Tod Beardsley
7b9314763c
Add the require boilerplate
...
Fixes a bug that sometimes comes up with load order on this module. I
know @jlee-r7 is working on a better overall solution but this should
solve for the short term.
Note, since the problem is practically machine-specific. @jlee-r7
suggested rm'ing all modules but the one under test. Doing that exposes
the bug, and I've verified this fix in that way.
2013-08-29 13:03:11 -05:00
rbsec
a574b548b2
Updated wordpress_login_enum auxilary module.
...
Update wordoress_login_enum to work when the wordpress site redirects
to /author/[authorname]/ rather than displaying the author's name in
the page contents.
2013-08-29 15:28:46 +01:00
jvazquez-r7
66886eed7a
Land #2283 , @bmerinofe's post module for PortProxy Port Forwarding
2013-08-28 17:34:14 -05:00
jvazquez-r7
f477711268
Provide more information about installing IPv6
2013-08-28 17:22:50 -05:00
jvazquez-r7
43badfaa1c
Move the check_ipv6 call to the run metod
2013-08-28 17:20:11 -05:00
jvazquez-r7
05863cb1cc
Delete vague exception handling only done on one place
2013-08-28 17:17:05 -05:00
jvazquez-r7
6b8c7cbe24
Omit parentheses for method call with no args
2013-08-28 17:15:28 -05:00
jvazquez-r7
c04e6b2b14
Reduce code complexity on check_ipv6
2013-08-28 17:13:21 -05:00
jvazquez-r7
f339510816
Use OptPort
2013-08-28 17:10:22 -05:00
jvazquez-r7
ad8b6ec1ef
Avoid redefine builtin datastore options
2013-08-28 17:08:22 -05:00
jvazquez-r7
ad1b9fbaef
Use datastore options to avoid complex logic around args
2013-08-28 17:00:10 -05:00
jvazquez-r7
c68986e6eb
Favor unless over if not
2013-08-28 16:50:44 -05:00
jvazquez-r7
3a2a2a9cc0
Beautify metadata
2013-08-28 16:48:36 -05:00
Meatballs
a12f5092dd
Encode the powershell cmd
2013-08-28 22:37:11 +01:00
Meatballs
aa0563244b
Update unsafe scripting module
2013-08-28 22:30:46 +01:00
Boris
b3ec8f741f
File moved to auxiliary with some bug fixes
2013-08-29 00:11:34 +04:00
Boris
d71b2bd3a4
Samba CVE 2013-4124 integer overflow exploit added
2013-08-28 23:05:26 +04:00
bmerinofe
c31a2332be
Juan changes applied
2013-08-28 19:53:54 +02:00
James Lee
feae4a41e7
I don't like end-of-line comments
2013-08-28 12:42:26 -05:00
sinn3r
57c7d0679a
Land #2295 - Add platform info
2013-08-28 10:38:50 -05:00
jvazquez-r7
1042dbe56a
Land #2108 , @jiuweigui's post module to get info from prefetch files
2013-08-28 10:01:06 -05:00
jvazquez-r7
0fbe411be7
Ensure use Ruby File
2013-08-28 09:55:21 -05:00
jvazquez-r7
5c32bb4a8e
Beautify metadata
2013-08-28 09:32:23 -05:00
jvazquez-r7
4f8ba82d02
Make gather_pf_info return a prefetch entry
2013-08-28 09:29:49 -05:00
jvazquez-r7
904bd12663
Fix print over nil or empty string
2013-08-28 09:27:18 -05:00
jvazquez-r7
ef3085823c
Use default timeout value
2013-08-28 09:26:46 -05:00
jvazquez-r7
8ac82b8b18
Beautify timezone_key_values function
2013-08-28 09:25:49 -05:00
jvazquez-r7
bc593aab4f
Avoid confusion between variable and method name
2013-08-28 09:24:32 -05:00
jvazquez-r7
26531dbaa7
Land #2100 , @ddouhine's exploit for OSVDB 83543
2013-08-28 08:55:59 -05:00
jvazquez-r7
ab572d7d72
Fix Authors metadata section
2013-08-28 08:53:48 -05:00
Vlatko Kosturjak
b702a0d353
Fix "A payload has not been selected."
...
Since platform definition is missing, exploitation fails.
2013-08-28 12:53:08 +02:00
Joe Vennix
f823290a4c
Add nc check. Prints successful binary match.
...
* kills session nil check
2013-08-27 17:21:18 -05:00
sinn3r
13996b98cf
Correct action description for recording
...
The correct description is recording
2013-08-27 12:39:46 -05:00
sinn3r
a91b38cbf4
Land #2276 - osx webcam and record_mic post modules
2013-08-27 12:28:14 -05:00
Joe Vennix
067b8f3c59
Adds session existence check. Moves error log path to datastore option.
2013-08-27 11:44:21 -05:00
Joe Vennix
8a8f80e097
Move error log path to datastore option.
2013-08-27 11:43:20 -05:00
jvazquez-r7
0bfc12ada1
Fix the way to get a session over a telnet connection
2013-08-27 11:38:49 -05:00
sinn3r
728d0a0e65
Land #2240 - OSX keylogger
2013-08-27 11:36:58 -05:00
sinn3r
a9459ef703
Update module title for naming style consistency
2013-08-27 11:36:26 -05:00
sinn3r
16ace44f2d
Move keylogger.rb to post/osx/capture/keylog_recorder
...
To match the naming consistency with Windows
2013-08-27 11:35:00 -05:00
Joe Vennix
5cc4ef09d1
Move previous error log path to method. Renames the #check method.
2013-08-27 11:25:00 -05:00
sinn3r
e4a567b2b5
Land #2284 - Fix description
2013-08-27 11:20:58 -05:00
sinn3r
b0226cab79
Land #2290 - HP LoadRunner lrFileIOService ActiveX Vulnerability
2013-08-27 11:19:43 -05:00
sinn3r
2e4e3fdbe6
Land #2237 - Fix check function
2013-08-27 11:11:54 -05:00
jvazquez-r7
997c5e5516
Land #2291 , @todb-r7's patch for oracle_endeca_exec's requires
2013-08-27 11:01:21 -05:00
Tod Beardsley
15b741bb5f
Require the powershell mixin explicitly
2013-08-27 10:36:51 -05:00
jvazquez-r7
f59f57e148
Randomize object id
2013-08-27 10:35:06 -05:00
jvazquez-r7
66fa1b41aa
Fix logic to spray correctly IE9
2013-08-27 09:57:55 -05:00
g0tmi1k
7efe85dbd6
php_include - added @wchen-r7's code improvements
2013-08-27 14:00:13 +01:00
Joe Vennix
87c03237a9
Fix discrepencies between unix/osx with whereis cmd.
2013-08-27 03:17:14 -05:00
Joe Vennix
98b21471ed
fix some bugs in cups_root_file_read module.
2013-08-27 03:03:08 -05:00
jvazquez-r7
93c46c4be5
Complete the Author metadata
2013-08-26 23:29:16 -05:00
jvazquez-r7
8efe2d9206
Land #2289 , @jlee-r7's exploit for CVE-2013-1662
2013-08-26 23:27:19 -05:00
jvazquez-r7
e1e889131b
Add references and comments
2013-08-26 23:26:13 -05:00
James Lee
63786f9e86
Add local exploit for taviso's vmware privesc
2013-08-26 21:06:40 -05:00
sinn3r
7a4d781538
Land #2274 - Firefox XMLSerializer Use After Free
2013-08-26 20:53:42 -05:00
jvazquez-r7
b9360b9de6
Land #2286 , @wchen-r7's patch for undefined method errors
2013-08-26 20:46:05 -05:00
violet
4cbdf38377
updated contact info
...
MASTER OF DISASTER
ULTRA LASER
:::::::-. :::::::.. :::::::-. ... ... . :
;;, `';,;;;;``;;;; ;;, `';, .;;;;;;;. .;;;;;;;. ;;,. ;;;
`[[ [[ [[[,/[[[' `[[ [[,[[ \[[,,[[ \[[,[[[[, ,[[[[,
$$, $$ $$$$$$c $$, $$$$$, $$$$$$, $$$$$$$$$$$"$$$
888_,o8P' 888b "88bo,d8b 888_,o8P'"888,_ _,88P"888,_ _,88P888 Y88" 888o
MMMMP"` MMMM "W" YMP MMMMP"` "YMMMMMP" "YMMMMMP" MMM M' "MMM
2013-08-26 16:14:49 -07:00
sinn3r
85ed9167f2
Print target endpoint
...
If a module consistently print the target endpoint in all its print
functions, then we'll follow that.
2013-08-26 17:51:43 -05:00
sinn3r
9f8051161f
Properly implement normalize_uri
2013-08-26 17:18:00 -05:00
sinn3r
7fad26968c
More fix to jboss_seam_exec
2013-08-26 17:16:15 -05:00
jvazquez-r7
c660279963
Land #2259 , @wchen-r7's patch for [SeeRM #8319 ]
2013-08-26 16:36:45 -05:00
jvazquez-r7
a58750fbbb
Land #2266 , @wchen-r7's patch forn [SeeRM #8345 ] and [SeeRM #8344 ]
2013-08-26 16:14:50 -05:00
Tod Beardsley
6b15a079ea
Update for grammar in descriptions on new modules.
2013-08-26 14:52:51 -05:00
Tod Beardsley
5b4890f5b9
Fix caps on typo3_winstaller module
2013-08-26 14:47:42 -05:00
sinn3r
3769da2722
Better fixes
2013-08-26 14:02:45 -05:00
sinn3r
6b8feaff8c
Type conversion
2013-08-26 13:56:11 -05:00
sinn3r
8c7f4b3e1f
Avoid using inline rescue
2013-08-26 13:54:06 -05:00
jvazquez-r7
252f48aeee
Land #2272 , @jvennix-r7's exploit for CVE-2013-1775
2013-08-26 13:21:58 -05:00
jvazquez-r7
0baaf989fb
Delete on_new_session cleanup, as discusses with @jlee-r7
2013-08-26 13:20:43 -05:00
jvazquez-r7
9cb8ec950f
Fix module description
2013-08-26 11:40:05 -05:00
bmerinofe
2b577552a2
OptEnum option changed
2013-08-26 15:25:23 +02:00
bmerinofe
64d21c7216
added portproxy post meterpreter module
2013-08-26 14:44:41 +02:00
jvazquez-r7
f8d1d29648
Add module for ZDI-13-182
2013-08-25 23:07:08 -05:00
Joe Vennix
34404ee067
Commit cups module. Tested on osx 10.7, 10.8, and unpatched ubuntu 12.0.4.
2013-08-25 14:30:11 -05:00
Joe Vennix
bf89c956c4
Just the one file, please
2013-08-24 14:53:51 -05:00
Joe Vennix
757886bece
Remove some extra wip files.
2013-08-24 14:52:52 -05:00
Joe Vennix
29320f5b7f
Fix vn refs. Add juan as an @author.
2013-08-24 13:07:35 -05:00
jvazquez-r7
5b812b0c22
Add references
2013-08-24 12:12:21 -05:00
jvazquez-r7
b4ad8c8867
Beautify module
2013-08-24 12:08:38 -05:00
Joe Vennix
0e116730a1
Polishing module. Tested on 10.8, 10.8.2, and 10.8.4.
2013-08-24 12:01:38 -05:00
jvazquez-r7
b13d357000
Add ranking
2013-08-24 11:35:35 -05:00
jiuweigui
2ebfdcc84b
Fix to description
2013-08-24 19:32:01 +03:00
jvazquez-r7
3ce23ffb49
Make a test before running the payload
2013-08-24 11:20:47 -05:00
jiuweigui
73f4259156
Fix based on suggestions
2013-08-24 19:14:48 +03:00
jvazquez-r7
ab293d2ad9
Make msftidy happy
2013-08-24 10:51:19 -05:00
jvazquez-r7
82cf812311
Switch to PrependMigrate
2013-08-24 10:46:04 -05:00
jvazquez-r7
480794a9ab
Make small fixes
2013-08-24 10:40:08 -05:00
jvazquez-r7
832fa8838b
Change the command to launch after background the payload job
2013-08-24 09:57:33 -05:00
jvazquez-r7
4532474309
Allow cleanup from the new session
2013-08-24 09:47:40 -05:00
Joe Vennix
3cdc6abec6
Clean up some code, get CMD working.
2013-08-23 20:19:21 -05:00
Joe Vennix
140d8ae42f
Need to set timezone first.
2013-08-23 20:09:18 -05:00
Joe Vennix
a4c2ba04f3
Pass cmd through /bin/sh to set default /Users/joe/.rvm/gems/ruby-1.9.3-p392@pro-dev/bin /Users/joe/.rvm/gems/ruby-1.9.3-p392@global/bin /Users/joe/.rvm/rubies/ruby-1.9.3-p392/bin /Users/joe/.rvm/bin /usr/local/sbin /usr/local/bin /usr/bin /bin /usr/sbin /sbin /usr/X11/bin /opt/bin /opt/X11/bin. CMD and native payloads now working.
2013-08-23 19:39:21 -05:00
jvazquez-r7
fc91380ebc
Add work code
2013-08-23 17:54:21 -05:00
Joe Vennix
2d3f599498
Moves ruby_dl helpers to proper place in repo.
...
* Adds fail_with methods and moves timeouts to constants.
2013-08-23 17:17:19 -05:00
Joe Vennix
ba00395cfd
Set filename to osx_mic_rec instead of webcam.
2013-08-23 15:52:24 -05:00
sinn3r
7b5e98d57e
Land #2269 - Oracle Endeca Server Remote Command Execution
2013-08-23 15:40:31 -05:00
Joe Vennix
6c4ad6a976
Move modules to post/osx/manage.
2013-08-23 15:38:58 -05:00
Joe Vennix
c3b98262bf
Seriously ,stop writing things to my desktop.
2013-08-23 15:16:41 -05:00
jvazquez-r7
a5c9f8d670
Beautify targets metadata
2013-08-23 15:15:04 -05:00
jvazquez-r7
f3415f4147
Make msftidy compliant
2013-08-23 15:14:13 -05:00