Commit Graph

5444 Commits (926c11139e7343687a78bd2aaaa286132a4dbab6)

Author SHA1 Message Date
ohdae 14d427fa87 Added fix for enum_protections 2012-03-17 13:28:31 -04:00
sinn3r 78331bb4c1 A bunch of fixes 2012-03-17 03:14:26 -05:00
sinn3r 4a0c75f4b3 Merge branch 'post-mods' of https://github.com/ohdae/metasploit-framework 2012-03-17 02:38:35 -05:00
sinn3r ff093c3f93 The comments in get_chatlogs need an update 2012-03-17 00:28:05 -05:00
sinn3r 39cfa43250 Correct license format 2012-03-17 00:25:41 -05:00
sinn3r 3479a314e3 Add enum_adium.rb post module 2012-03-17 00:22:03 -05:00
ohdae c3f98fe284 Changed store_note to store_loot. Fixed local/remote file retrieval 2012-03-16 16:54:36 -03:00
sinn3r d3a87b59aa This module is not ready, yanked. 2012-03-16 11:49:31 -05:00
Gregory Man ba6928cbf1 sockso_traversal 1.8 compatibility fix 2012-03-16 18:12:09 +02:00
ohdae c5a4dc39c3 fix 2012-03-16 09:17:35 -04:00
ohdae 9b4ecc2777 Merge branch 'post-mods' of github.com:ohdae/metasploit-framework into post-mods 2012-03-16 09:15:47 -04:00
ohdae b635019d56 saves each config to loot instead of notes 2012-03-16 09:14:48 -04:00
sinn3r 9f0a293a53 Correct variable name 2012-03-16 01:17:39 -05:00
ohdae 13b92b97e9 Fixed incorrect variable within get_sql_history 2012-03-16 01:40:12 -03:00
ohdae f6a2e2b890 Enumerate important and interesting configuration files 2012-03-15 22:59:42 -04:00
David Maloney 6011da7db8 More Virtualisation SSL fixes 2012-03-15 19:06:48 -05:00
David Maloney e4778c2ba4 Default SSL to true for esx_fingerprint module 2012-03-15 18:15:29 -05:00
Tod Beardsley e3f2610985 Msftidy run through on the easy stuff.
Still have some hits, but that requires a little more code contortion to
fix.
2012-03-15 17:06:20 -05:00
Tod Beardsley 9144c33345 MSFTidy check for capitalization in modules
And also fixes up a dozen or so failing modules.
2012-03-15 16:38:12 -05:00
sinn3r 46dbaf8283 Fix typos and output 2012-03-15 16:10:05 -05:00
sinn3r 81b3eaa482 Fix typo 2012-03-15 15:56:24 -05:00
sinn3r db4538389c Add sockso dir traversal 2012-03-15 15:55:54 -05:00
James Lee 74e40763d6 Fix syntax error in 1.8, thanks Jun Koi for the patch 2012-03-15 14:32:16 -06:00
sinn3r e53938b9d7 Merge branch 'ohdae-post-mods' 2012-03-15 14:30:23 -05:00
sinn3r 2770199d28 enum_protections is now find_apps 2012-03-15 14:27:40 -05:00
sinn3r e5c420b676 File rename, as well as design and cosmetic changes 2012-03-15 14:22:23 -05:00
sinn3r 8b91cc54c3 Merge branch 'post-mods' of https://github.com/ohdae/metasploit-framework into ohdae-post-mods 2012-03-15 13:50:43 -05:00
ohdae 7e7b220b70 added report_note, removed store_loot function, cleaned up info/author 2012-03-15 15:29:52 -03:00
sinn3r d5f83be2d0 Cosmetic changes 2012-03-15 11:21:41 -05:00
ohdae b88af39f74 fixed output newline issue 2012-03-15 12:18:29 -03:00
Gregory Man 9928b102b5 Added rails_mass_assignment module. 2012-03-15 16:56:38 +02:00
sinn3r 5250b179c8 Add CVE and OSVDB ref 2012-03-15 04:40:27 -05:00
ohdae 32002c595d fixed save line 2012-03-15 01:05:35 -03:00
ohdae c165b7b7c2 removed unneeded comments 2012-03-15 01:02:07 -03:00
ohdae 58b2d570c9 fixed output issue 2012-03-15 01:00:55 -03:00
sinn3r 65bde7ec99 Add OSVDB-79863 NetDecision Directory Traversal 2012-03-14 16:50:54 -05:00
ohdae ffc41bf265 removed unneeded dependency 2012-03-14 18:26:53 -03:00
Jonathan Cran c38aaede03 duplicate of enum_users_history.rb 2012-03-14 16:07:49 -05:00
ohdae 5c74b7741b locates installed 3rd part av, fws, etc 2012-03-14 13:30:16 -04:00
sinn3r d1efb40d2d Fix bad path for Windows (bug #6523) - Thanks Francesco 2012-03-14 12:27:40 -05:00
sinn3r 3b880359fe Change module name to better describe the purpose of it. Also some cosmetic corrections. 2012-03-14 11:44:03 -05:00
sinn3r 704f8e391d Remove the line that's commented out 2012-03-14 11:37:43 -05:00
ohdae 60b3ee7b16 Added user specific tasks to enum_users, removed bash_hist from enum_sys, added disk space info to enum_system 2012-03-14 09:06:51 -04:00
sinn3r 50f8b6088b Fix cosmetic problems 2012-03-14 05:20:19 -05:00
sinn3r 4872e80385 Cleanup whitespace and author format 2012-03-14 05:18:00 -05:00
sinn3r 9d7e22876c Merge branch 'my-branch' of https://github.com/ohdae/metasploit-framework 2012-03-14 05:14:33 -05:00
sinn3r ecb1fda682 Add OSVDB-79651: NetDecision 4.5 HTTP Server Buffer Overflow 2012-03-14 05:13:22 -05:00
ohdae fbd076e749 removed old/ folder 2012-03-13 22:49:01 -04:00
ohdae b86fa5c85b Combined network tasks into enum_network.rb, Combined user/system tasks into enum_system.rb 2012-03-13 22:24:49 -04:00
ohdae 0fe26780b9 Merge branch 'my-branch' of github.com:ohdae/metasploit-framework into my-branch 2012-03-13 22:20:59 -04:00
ohdae 96fb9fd458 Combined network tasks into one module, Combined system/user tasks into one module 2012-03-13 22:18:24 -04:00
ohdae f79bda2dc7 Update modules/post/linux/gather/enum_linux.rb 2012-03-13 21:15:47 -03:00
ohdae 3260bc6b65 Update modules/post/linux/gather/enum_linux.rb 2012-03-13 21:14:49 -03:00
ohdae bd5950ea52 added active connections, iwconfig, if-up/down, open ports 2012-03-13 20:09:41 -04:00
ohdae 4b7e380581 Linux post ssh enum, Linux post network info 2012-03-13 17:27:21 -04:00
Tod Beardsley 81248f35c4 Changing H.323 constant for H323_STATUS_FACILITY
However, it's not actually being used in the module anywhere, so this
change appears cosmetic more than anything right now. However, I'm
inclined to believe Ricky's suggestions when it comes to H.323.

Corroborated by this 2003 post to the Ethereal mailing list:

http://www.ethereal.com/lists/ethereal-users/200311/msg00001.html

[See #6521]
2012-03-13 12:26:03 -05:00
Gregory Man b0ba10f79c Added afp_login module. 2012-03-13 10:01:42 +02:00
Gregory Man 5b13b7d1d9 Extracted common AFP functionality to mixin 2012-03-13 09:56:03 +02:00
Jonathan Cran 1cf25e58d5 merge description change 2012-03-12 17:22:01 -05:00
sinn3r 7d95132eab Use a cleaner way to calculate JRE ROP's NEG value 2012-03-11 17:27:47 -05:00
sinn3r 6c19466de8 Change output style 2012-03-11 13:59:18 -05:00
sinn3r 25a1552fbd Dynamic VirtualProtect dwSize. Change output style. 2012-03-11 13:49:46 -05:00
sinn3r b0e7c048c9 This module fits the GoodRanking description 2012-03-10 00:50:41 -06:00
sinn3r 1d5bad469c Add Windows 7 SP1 target 2012-03-10 00:11:25 -06:00
sinn3r 1ae779157d Disable Nops so we don't get an ugly crash after getting a shell 2012-03-08 18:56:58 -06:00
Tod Beardsley 1e4d4a5ba0 Removing EncoderType from flash module
Also not very useful
2012-03-08 16:57:41 -06:00
Tod Beardsley 302a42a495 Fixing up print statements
Dropping the ROP prints since they're not all that useful.
2012-03-08 16:56:44 -06:00
Tod Beardsley 1396fc19bd Fixup bad merge on flash mp4 2012-03-08 16:52:53 -06:00
sinn3r cb04e47304 Attempt #2: there's no cli in get_payload 2012-03-08 16:47:49 -06:00
sinn3r 3563fe1b36 The encoder "issue" was just a misconfig on my side. Also there's no cli in get_payload. 2012-03-08 16:41:32 -06:00
sinn3r fee2e1eff9 Minor spray size change 2012-03-08 16:19:51 -06:00
HD Moore 12395c719f Remove debugging code 2012-03-08 16:16:42 -06:00
HD Moore 87274987c1 Remove the now obsolete text about SWF_PLAYER 2012-03-08 16:16:13 -06:00
sinn3r 181fdb7365 A small title change 2012-03-08 16:10:16 -06:00
HD Moore 1271368b6f Redirect to a trailing slash to make sure relative resources load
properly
2012-03-08 15:37:06 -06:00
HD Moore b0db18674c Test out new player code 2012-03-08 15:05:12 -06:00
HD Moore eb847a3dfb Add a nicer prefix to the target selection message 2012-03-08 13:46:14 -06:00
Tod Beardsley 5b566b43b4 Catching an update from @hdmoore-r7
wrt the nuclear option.
2012-03-08 12:08:39 -06:00
sinn3r edb3f19c12 A little more padding for Win Vista target 2012-03-08 12:04:04 -06:00
Tod Beardsley 18962e1180 Checking in the new Flash exploit to the release
Using the checkout master directly:

 git checkout master external/source/exploits/CVE-2012-0754/Exploit.as
 git checkout master
modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
2012-03-08 11:55:01 -06:00
HD Moore 86fc45810b Remove the resource during cleanup 2012-03-07 23:04:53 -06:00
HD Moore b4e0daf3ca Small tweaks to the adobe mp4 exploit 2012-03-07 22:53:47 -06:00
James Lee 8d93e3ad44 Actually use the password we were given... 2012-03-08 10:17:39 -07:00
sinn3r 9ece7b08fc Add vendor's advisory as a reference 2012-03-08 00:46:34 -06:00
sinn3r 5f92bff697 Make sure no encoder will break the exploit again 2012-03-08 00:44:57 -06:00
sinn3r 2e94b97c82 Fix description 2012-03-07 23:59:51 -06:00
Tod Beardsley 57376a976d Fixes descriptions on new modules.
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:18:47 -06:00
sinn3r d9788db7bb Merge pull request #222 from jduck/master
Fixes #6483
2012-03-07 18:11:48 -08:00
sinn3r 0550b77522 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-03-07 20:04:04 -06:00
sinn3r 3b4ed13aee Fix typo 2012-03-07 20:03:46 -06:00
Tod Beardsley 33460b6bf4 Fixups on the Adobe Flash exploit description
Massaged the lines about the phishing campagin use in the wild.
2012-03-07 19:37:49 -06:00
sinn3r c76f43c066 Add CVE-2012-0754: Adobe Flash Player MP4 cprt overflow 2012-03-07 19:24:00 -06:00
Tod Beardsley f97dc8dee7 Fix spelling of the IBM product iSeries
Was I-Series.
2012-03-07 15:24:15 -06:00
sinn3r 7dfba9c00d Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-03-07 14:51:39 -06:00
sinn3r 0ee7788028 Add a check to detect the vulnerable version of Sysax SSH 2012-03-07 14:51:21 -06:00
Joshua J. Drake ab01a19f92 Fixes #6483: Correct the include for the handler (was copypasta) 2012-03-07 11:23:44 -06:00
Tod Beardsley ba2bf194fd Fixes descriptions on new modules.
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:17:22 -06:00
James Lee 02ea38516f Add a check method for tomcat_mgr_deploy 2012-03-06 23:22:44 -07:00
James Lee 2b9acb61ad Clean up some incosistent verbosity
Modules should use `vprint_*` instead of `print... if
datastore["VERBOSE"]` or similar constructs
2012-03-06 12:01:20 -07:00
sinn3r 003fa3e22c Apply patch for #6495 2012-03-06 11:43:28 -06:00