Commit Graph

5216 Commits (92c801d93619dc7670eaa629556fcec418a96352)

Author SHA1 Message Date
Tod Beardsley 1128c3ec6b Checkpoint error msg should use res.inspect
Otherwise your terminal will go all wonky.
2011-12-20 15:46:31 -06:00
Tod Beardsley a58ddcae1b Adds reporting to Patrick's Checkpoint module
Also refers to port 264/TCP as the SecuRemote service instead of the
Topology service (I believe this is correct)

Reporting is initially conservative -- if we don't get something for
fw_hostname, then don't bother reporting at all; assume we're
mis-identifying the target.
2011-12-20 15:44:05 -06:00
sinn3r baaa1f6c82 Add US-Cert references to all these SCADA modules. The refers are based on this list:
http://www.scadahacker.com/resources/msf-scada.html
2011-12-20 14:07:29 -06:00
sinn3r d439390aa2 Fix typo 2011-12-20 12:19:34 -06:00
sinn3r c2d59f0307 Fix issue #6133 2011-12-20 11:32:33 -06:00
Tod Beardsley c83c3d5128 TFTP forgot to commit my rename.
Fixes #5291 for real.
2011-12-20 10:45:29 -06:00
Tod Beardsley 1a396ba955 Merge pull request #70 from rapid7/tftp_client
Tftp client
2011-12-20 08:42:42 -08:00
Tod Beardsley 11a27a1e61 Renaming TFTP transfer util.
See #5291. Just renaming the file.
2011-12-20 10:06:44 -06:00
Tod Beardsley 24d53efa7c Final touches on TFTP client
See #5291. Adds an option to mess with the block size in case someone
wants to write a fuzzer or exploit that leverages that. Adds a cleanup
method to the module (pretty much required, it turns out). Looking
nearly final, just need to rename the module and I think we're good to
push to master.
2011-12-20 10:03:04 -06:00
sinn3r 0200b6367a Add OKI Scanner (Feature #6125) 2011-12-20 03:09:09 -06:00
Tod Beardsley 677cb4b152 Handle empty data sends sanely for TFTP.
Don't just hang forever -- let the user know they just send empty data.
TFTP servers don't like this of course.
2011-12-19 21:56:03 -06:00
Tod Beardsley 2b3e3725ac TFTP adding comment docs, ability to send w/out a file.
Commenting the tricksy parts a little better for general usage.

Adding the ability to set FILEDATA instead of FILENAME, in case
only short bits of data are desired and the user doesn't want
to go to the trouble of creating a source file to upload.
2011-12-19 18:15:19 -06:00
Tod Beardsley 431ef826c9 TFTP client now uses constants, preserves trailing spaces/nulls in data
See #5291, just rediscovered the bug on this.
2011-12-19 16:33:25 -06:00
Tod Beardsley 5eaf2e7535 Adding download and loot functionality.
Still need to deal with the use case of not passing a block; blocks
should not be required, it should be okay to invoke and just wait for
the complete attribute to be true. You'll miss out on error messages but
eh, maybe those should be return values.
2011-12-19 15:50:50 -06:00
Tod Beardsley aecde6fea4 Updating TFTP client. Now with grown-up thread handling.
No longer blocks on successful connections.
2011-12-19 12:14:40 -06:00
Tod Beardsley 902d7f5ea7 Adding more to TFTP. Still need a read tho
Adds error checking and some helpful messaging in the event of an error.
In the event of a failed transfer the module exits immediately, but in
success, I'm still hanging around for several seconds after. Not a deal
breaker but can be annoying.

Also, need to implement a read as well as a write and store it as loot,
to be actually useful for most TFTP checking.
2011-12-18 21:05:27 -06:00
Tod Beardsley 23aadd04f7 Fixing merge conflict cruft
Dangit teach me to merge quickly. TFTP module now loads again.
2011-12-18 13:28:52 -06:00
sinn3r b58097a2a7 Remove junk() because it's never used 2011-12-17 01:28:07 -06:00
Tod Beardsley 1201d7fbf2 Merge branch 'tftp_client' of github_r7:rapid7/metasploit-framework into tftp_client
Conflicts:
	modules/auxiliary/admin/tftp/tftp_upload_file.rb
2011-12-16 22:41:22 -06:00
Tod Beardsley 0b8914021c Switch to vprint_status, also add skeletal cleanup def. 2011-12-16 21:06:10 -06:00
Tod Beardsley 50fa10679b First draft of a TFTP client.
Could use some actual error checking and also needs to expose
more options.
2011-12-16 18:41:55 -06:00
Tod Beardsley a6867ef128 First draft of a TFTP client.
Could use some actual error checking and also needs to expose
more options.
2011-12-16 18:39:09 -06:00
sinn3r fae80f8d49 typo 2011-12-16 11:10:46 -06:00
Patrick Webster 205637892b Added checkpoint_hostname aux module. 2011-12-16 10:54:34 -06:00
sinn3r e0c4afbf9e Merge pull request #60 from darkoperator/master
Typo in the file opening option
2011-12-16 08:44:22 -08:00
sinn3r 208b93ce74 Merge pull request #58 from swtornio/master
add osvdb refs
2011-12-16 08:44:02 -08:00
Carlos Perez 3c08836f51 Typo on the file opening mode 2011-12-16 01:13:06 -04:00
sinn3r bb2ea62de8 Add CVE-2008-0926: Novell eDirectory eMBox Unauthenticated Access (Feature #2729) 2011-12-15 23:09:26 -06:00
sinn3r e991094bd2 Fix host info for report_auth_info(). Change print_status vs print_line order 2011-12-15 13:05:03 -06:00
sinn3r 2648e533a2 nil bug fix 2011-12-15 12:58:21 -06:00
sinn3r 829d96ffbe Add Windows Gather RazorSQL cred collector (Feature #6117) 2011-12-15 11:15:44 -06:00
Steve Tornio 1712f2aa22 add osvdb ref 2011-12-14 07:23:11 -06:00
Steve Tornio 85caabbf5d add osvdb ref 2011-12-14 07:19:34 -06:00
HD Moore 8dc85f1cc5 Fix up some nascent typos 2011-12-14 00:30:31 -06:00
HD Moore 866e2b6bf3 Additional IPv6 payload support 2011-12-14 00:27:38 -06:00
HD Moore 86b3409d47 Actually return 2011-12-13 20:01:13 -06:00
HD Moore cb456337a0 Handle invalid http responses better, see #6113 2011-12-13 19:54:10 -06:00
sinn3r fea4bfb85c Repair dead milw0rm link to exploit-db 2011-12-13 16:13:53 -06:00
sinn3r c1a4c4e584 Repair dead milw0rm link to exploit-db 2011-12-13 16:13:34 -06:00
sinn3r acef9de711 Repair dead milw0rm link to exploit-db 2011-12-13 16:13:15 -06:00
sinn3r e7ab48693c Repair dead milw0rm link to exploit-db 2011-12-13 16:12:57 -06:00
sinn3r 94b736c76c Repair dead milw0rm link to exploit-db 2011-12-13 16:12:38 -06:00
sinn3r 97b74101fb Repair dead milw0rm link to exploit-db 2011-12-13 16:12:11 -06:00
sinn3r 7b2a1dc791 Repair dead milw0rm link to exploit-db 2011-12-13 16:11:33 -06:00
sinn3r a5189917da Add CVE-2005-4832: Oracle Database Server DBMS_CDC_SUBSCRIBE SUBSCRIPTION_NAME SQL Injection (Feature #6094) 2011-12-13 15:44:39 -06:00
sinn3r d246bfa4da Credit Luigi Auriemma for the original discovery/poc, not Celil 2011-12-13 15:20:26 -06:00
sinn3r d87d8d5799 Add CVE-2011-4453 (PmWiki Remote code exeuction - Feature #6103) 2011-12-13 11:45:24 -06:00
HD Moore a9e4474eda Add missing require, fix load error on invalid constant 2011-12-12 23:24:03 -06:00
sinn3r cd0679ab5d Increase timeout for cmd_exec() 2011-12-12 21:15:28 -06:00
sinn3r 6e8fdf1ce1 Apply patch #6081 2011-12-12 19:51:02 -06:00
Tod Beardsley a8fad72fce Merge branch 'msftidy_fixup'
Merging a local msftidy cleanup branch, adding a new optional msftidy
test to check for 1.8 compat and cleaning up some whitespace /
file.open()'s.
2011-12-12 17:55:21 -06:00
Tod Beardsley f402b8598b Whitespace and File.open binary mode cleanups.
Fixes some recent modules: dns_fuzzer, shodan_search,
avidphoneticindexer, and win_privs.
2011-12-12 17:31:28 -06:00
sinn3r 32c8301c19 Add feature #6082 (Traq 2.3 Auth bypass remote code execution) 2011-12-12 15:45:19 -06:00
sinn3r bacdbb90d7 ugh, stack overflow != stack buffer overflow. Also, metadata format fix. 2011-12-12 15:23:32 -06:00
sinn3r 5af5137241 Add CoDeSys SCADA bof module (#6083) 2011-12-12 15:21:15 -06:00
sinn3r 5ba5bbf077 Apply feature #6074 2011-12-12 12:03:34 -06:00
sinn3r 4e95eb5d34 Update description (Feature #6080) 2011-12-12 11:33:17 -06:00
Tod Beardsley b4f58ef8fd Trailing commas kill 1.8. dangit.
Fixed dns_fuzzer to knock that off.
2011-12-12 10:26:53 -06:00
HD Moore 4736cb1cbe Merge pull request #48 from swtornio/master
add osvdb ref
2011-12-11 20:37:43 -08:00
HD Moore 17cc89ebad Add IPv6 specific HTTP(S) handlers and payloads (simplifies
options/usage)
2011-12-11 13:26:48 -06:00
HD Moore 2d3064c1ec Default the scope ID to 0, explicitly 2011-12-10 13:46:16 -06:00
HD Moore 1ae12e3a23 Remove the default target, since module doesn't fingerprint the service
pack, this can only end in tears.
2011-12-10 13:31:05 -06:00
HD Moore a9db05e53b Fix regular expression 2011-12-10 13:24:58 -06:00
HD Moore cd4d7d3c47 Handle IPv6 properly (host header parsing) 2011-12-10 13:24:58 -06:00
Steve Tornio 25685c4c74 add osvdb ref 2011-12-10 08:07:21 -06:00
Steve Tornio b521602d82 add osvdb ref 2011-12-10 07:49:50 -06:00
Tod Beardsley 8ccb68c9df Adding an add_socket() to dhcp and rftp as lauched with a survice
when succesful.

Closing the related pull reuquest for this one.
2011-12-10 03:39:25 -06:00
Tod Beardsley e52436e7ad Drop the incorrect Id keyword from h323_version 2011-12-09 14:29:55 -06:00
sinn3r e043fb52c2 Incrase timeout 2011-12-08 11:21:03 -06:00
sinn3r d6d9ac17d2 use store_loot() instead of store_local() 2011-12-08 11:10:31 -06:00
sinn3r c366e652b9 Revert "Using store_local() to store stuff for dir traversal bugs feels much better than store_loot()"
This reverts commit d37daa4934.
2011-12-08 10:11:09 -06:00
sinn3r d37daa4934 Using store_local() to store stuff for dir traversal bugs feels much better than store_loot() 2011-12-07 19:08:24 -06:00
sinn3r aa5c0c46b6 Fix indent level 2011-12-07 18:44:49 -06:00
sinn3r feab7f5077 Add CVE-2011-4350 2011-12-07 18:42:52 -06:00
sinn3r b7ccbcd6b5 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-07 12:23:23 -06:00
sinn3r 84682b3615 Apply patch #6072 2011-12-07 12:22:58 -06:00
HD Moore b8767d5f57 Fix typo on 1.8.7 2011-12-07 10:45:23 -06:00
sinn3r 5afba20c21 Merge pull request #43 from jduck/master
Clear up how to use native payloads for tomcat_mgr_deploy
2011-12-06 23:01:53 -08:00
sinn3r 1694e22e74 Merge pull request #42 from chao-mu/master
Fix for issue #6012;  post/windows/manage/enable_rdp broken
2011-12-06 23:01:20 -08:00
sinn3r 0e2101e4c1 Correct author name 2011-12-07 00:24:16 -06:00
sinn3r fd1935b3de show is_admin 2011-12-07 00:23:06 -06:00
sinn3r edec6b98ee Add feature #6067 Family Connections CMS 2.7.1 exploit 2011-12-07 00:00:56 -06:00
David Maloney 8fdfd9f97b Additional verbosity on WLAN error message
to explain that the modules will error if the
Wireless Zero Configuration Service is turned off.
2011-12-06 20:42:11 -05:00
David Maloney 459eafd96d Fix to WLAN mdoules for when wLAN not installed on target
The modules did not close out properly when WLAN was determined not to be
installed on the host. This fix corrects that.

fixes #6070
2011-12-06 20:22:47 -05:00
sinn3r 92c1065508 Add CVE-2004-1626 (Ability FTP Server). OSCP l337-fu :-) 2011-12-06 18:52:42 -06:00
Tod Beardsley f1950c2fe1 Adding back bitstruct (current upstream) and dns_fuzzer module
Fixes #3289.

This commit adds back the bit-struct library because in the end,
it is useful for some modules, especially pello's. It's small
and it has a nice license, so why not. After all, it /is/
useful for quicky application headers. Eventually, should
be replaced by StructFu, but that requires some doc work
on my part to get that transition in place.

This also adds pello's DNS fuzzer module which makes use of
BitStruct to create sometimes malformed-on-purpose DNS headers.

Tested against 3 different DNS servers, caused one to reboot,
so I'd say it works.
2011-12-06 17:03:36 -06:00
sinn3r 0bbbcd549d Add port information, and allow search in data 2011-12-05 22:22:36 -06:00
Tod Beardsley 84af4647db Merge branch 'issue_1083_oracle' 2011-12-05 17:39:46 -06:00
Tod Beardsley 4da2c32734 Minor update to xdb_side_brute, see #1083
Adds a typo fix and adds an explicit VERBOSE option.
2011-12-05 15:11:09 -06:00
HD Moore dbd00efefe Merge branch '4.3-schema' 2011-12-05 15:04:35 -06:00
sinn3r 37516134f0 FILTER shouldn't be case-sensitive 2011-12-05 13:19:04 -06:00
HD Moore 97087d88fa Mark portscan modules as v6 incompatible 2011-12-05 13:07:36 -06:00
HD Moore cf28713f9a Mark specific modules as incompatible due to use of quad-dot code 2011-12-05 13:07:36 -06:00
sinn3r fd2eb200fb Add Shodan Search Module (Feature #5451) 2011-12-05 12:50:21 -06:00
Joshua J. Drake ac7edc268a Add some more clear documentation for selecting payloads for this module. 2011-12-05 00:35:11 -06:00
sinn3r e524215b55 WTH, the date format is wrong 2011-12-04 15:23:31 -06:00
sinn3r 679ef457d8 Correct spelling, thx bannedit 2011-12-04 14:59:54 -06:00
sinn3r f26447e021 Correct my own weird grammar 2011-12-04 14:50:53 -06:00
sinn3r e07868d613 Catch possible exception if WTSGetActiveConsoleSessionId isn't available on the target machine 2011-12-04 14:48:45 -06:00
chao-mu e52ebd602f Encorporating patch submitted by Boris Lukashev to fix issue 6012 (Post module enable rdp broken and fixed (here)). Fix was to have the module include Msf::Post::Windows::WindowsServices, make service_change_startup available 2011-12-04 15:26:43 -05:00
sinn3r 3cd2caca1a Fix #6052 2011-12-04 13:49:13 -06:00
sinn3r 89ed25978d Add feature #6048 2011-12-04 13:44:21 -06:00
Steve Tornio f63a616739 add osvdb ref 2011-12-04 07:48:48 -06:00
sinn3r 950b4a54a0 Fix bug #6050 2011-12-03 22:00:48 -06:00
sinn3r 2720572a37 Add IPSwitch Whatsup Gold TFTP directory traversal module 2011-12-03 18:46:34 -06:00
HD Moore 27974c4c27 Merge branch 'master' of github.com:rapid7/metasploit-framework into fastlib
Conflicts:
	modules/auxiliary/scanner/http/axis_login.rb
	modules/exploits/multi/http/axis2_deployer.rb
	modules/post/multi/gather/thunderbird_creds.rb
	modules/post/windows/gather/credentials/imvu.rb
	msfopcode
2011-12-03 14:07:09 -06:00
Steve Tornio b75799d18d =add osvdb ref 2011-12-02 16:50:42 -06:00
Steve Tornio 83f12c6fe0 =add osvdb ref 2011-12-02 16:46:01 -06:00
sinn3r c8634390b7 Add CCMPlayer m3u exploit (Feature #6029) 2011-12-02 16:27:59 -06:00
sinn3r 30e3607ec0 The SUCCESS message may not be constant across foreign language verions according to jduck, chaning back to the old way 2011-12-02 15:11:27 -06:00
sinn3r f4b755c319 Add License comment (author already put 'MSF_LICENSE' in there). Also drop rank, because it doesn't cover so many targets 2011-12-02 15:00:39 -06:00
sinn3r cd2bb027bf Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-02 14:54:53 -06:00
sinn3r 895a509bd3 Add Avid Media Composer 5.5 (Feature #6035) 2011-12-02 14:53:26 -06:00
Steve Tornio 2bb97791f7 Update OSVDF refs for servu module.
* Added osvdb ref to servu module.
* Fixed rhino entry in osvdb, removed comment from module.

Squashed commit of the following:

commit 80ce65253f51e07a0bcb8900402a1b3d59eaeaa1
Author: Steve Tornio <swtornio@gmail.com>
Date:   Fri Dec 2 07:44:28 2011 -0600

    add osvdb ref

commit 558f20d84dd705b57b7f807a5ea3815e17b6f9f5
Author: Steve Tornio <swtornio@gmail.com>
Date:   Wed Nov 30 08:15:20 2011 -0600

    fixed in osvdb

[Closes #39]
2011-12-02 13:21:41 -05:00
HD Moore dbe7e6aecf Remove a leftover debugging statement 2011-12-02 00:06:04 -06:00
sinn3r 2d320b1828 Fix bug: table being saved while empty 2011-12-01 22:47:42 -06:00
sinn3r 608a5586b2 Actually, don't really have a good reason for that exception handling anymore. I think. 2011-12-01 22:47:42 -06:00
sinn3r 0eb3b5a49b Fix undefined method 'cmd_exec' bug. Thx Boris. 2011-12-01 22:47:42 -06:00
sinn3r 19fae182da Add Thunderbird credential collector (Feature #6014) 2011-12-01 22:47:42 -06:00
James Lee a91926716d don't dup the last part of the key, fixes #6036 2011-12-01 15:24:58 -07:00
HD Moore 9f99cfc757 Convert the h323 module to MSF_LICENSE (backport from Pro) 2011-12-01 16:01:01 -06:00
HD Moore 3e5e9a910e Add h323 scanner 2011-12-01 16:01:01 -06:00
sinn3r d0db88d35d Make key_base an instance var so other functions can access it. Bug #6036 2011-12-01 14:41:44 -06:00
David Maloney 57f12cb2d8 Merge branch 'servu_sploit' 2011-12-01 11:21:32 -08:00
sinn3r 93a419c76b Having nothing on the webpage may probably confuse some novice users. But I do like stealth. 2011-12-01 03:02:35 -06:00
sinn3r 8399ce6e41 Fix bug #6031 2011-11-30 15:22:52 -06:00
David Maloney 40ab37fa10 Merge branch 'iss5979' 2011-11-30 12:16:33 -08:00
David Maloney 2858cae296 Some quick corrections to tidy things up 2011-11-29 19:57:08 -08:00
David Maloney be88f483a3 More Accurate Vulnerability Check 2011-11-29 18:38:00 -08:00
David Maloney 0dda948265 New Exploit for the Serv-U FTP Buffer overflow
from CVE 2004-2111
2011-11-29 17:34:01 -08:00
sinn3r f26f6da74b Add CVE-2011-3544 (feature #6023) Java Rhino exploit 2011-11-29 18:05:20 -06:00
Rob Fuller e439aba779 switched %USERPROFILE% to %APPDATA% to make the code a bit more universal 2011-11-29 20:08:44 +00:00
sinn3r 897731f3a5 Check creds (feature #6025). Also bringing the 'Inbox' regex back 2011-11-29 11:01:39 -06:00
sinn3r 6f5d64f6de Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-29 03:31:15 -06:00
sinn3r 34a933d499 Feature #5610 2011-11-29 03:30:49 -06:00
Tod Beardsley f503bd9488 Fixes #5749 by converting to unix-style linefeeds and forcing jtr modules to read files as binary, and updating msftidy to allow for r+b as a ghetto append. 2011-11-28 17:52:34 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
sinn3r 3a84c31326 Using a better regex for a successful login. Thanks Borys. 2011-11-28 14:29:42 -06:00
sinn3r bc541c118d Apply patch #6020 2011-11-28 14:16:24 -06:00
sinn3r 5165865560 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-28 14:07:19 -06:00
sinn3r 59ab0c3a18 Fix bug #6021, Thanks Borys 2011-11-28 14:06:56 -06:00
Tod Beardsley 44a47f9913 Fixing up OWA bruteforce module to conform with the usual print_status
messages.
2011-11-28 13:31:54 -06:00
sinn3r a578db7f56 Apply fix for #6019 2011-11-28 01:12:18 -06:00
sinn3r ebfe269698 Apply patch for #5824 2011-11-26 16:52:12 -06:00
sinn3r 5e08c93ac9 Apply patch #5580 2011-11-26 15:32:43 -06:00
sinn3r b7950a752e Add feature #4929 (MS09-053) 2011-11-26 13:30:35 -06:00
sinn3r 82a5da866a Fix bug: table being saved while empty 2011-11-25 00:54:17 -06:00
sinn3r ec3c37d963 Actually, don't really have a good reason for that exception handling anymore. I think. 2011-11-25 00:41:28 -06:00
sinn3r 3e7c821119 Fix undefined method 'cmd_exec' bug. Thx Boris. 2011-11-25 00:34:33 -06:00
sinn3r 7571466014 Add Thunderbird credential collector (Feature #6014) 2011-11-24 19:39:34 -06:00
David Maloney 900232fb60 HTTP login scanners need to set duplicate_ok to true
or different web applications on the same server
may wipe eachother's creds out.
2011-11-23 23:05:51 -06:00
David Maloney 53b3e96af4 Added a check to the Axis login scanner to ensure
that the supplied url is valid.
Need this because we don't currently have a way to fingerprint
for Axis2 so we are relying on Tomcat fingerpinting.
2011-11-23 23:05:51 -06:00
sinn3r 3954030963 Apply patch #6004 2011-11-23 23:05:51 -06:00
David Maloney d1c44160dd Fix to the axis2 Deployer exploit to add Default Target 2011-11-23 23:05:51 -06:00
David Maloney d3887d20e5 Consolidation of the Axis2 Deployer Exploits
Fixes #5276
2011-11-23 23:05:51 -06:00
David Maloney c61d02686a HTTP login scanners need to set duplicate_ok to true
or different web applications on the same server
may wipe eachother's creds out.
2011-11-22 13:04:10 -08:00
David Maloney 9d7f7b1f0e Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-22 11:53:14 -08:00
David Maloney 9e40fac8b1 Added a check to the Axis login scanner to ensure
that the supplied url is valid.
Need this because we don't currently have a way to fingerprint
for Axis2 so we are relying on Tomcat fingerpinting.
2011-11-22 11:52:06 -08:00
sinn3r 8b729b59f8 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-22 13:08:08 -06:00
sinn3r 25f4b45bd1 Apply patch #6004 2011-11-22 13:07:46 -06:00
David Maloney 4a22df4014 Fix to the axis2 Deployer exploit to add Default Target 2011-11-22 10:27:38 -08:00
David Maloney 30d1451159 Consolidation of the Axis2 Deployer Exploits
Fixes #5276
2011-11-22 08:47:53 -08:00
David Maloney 4ef7c373e9 Fix to typo in the tables being pushed. 2011-11-22 00:06:58 -06:00
David Maloney f81567fb6f Fix to typo in the tables being pushed. 2011-11-21 15:49:57 -08:00
sinn3r e11ca43c37 Add feature #5680 2011-11-21 12:39:45 -06:00
sinn3r 76846aa578 Add MS10-038 (CVE-2010-0822) exploit 2011-11-21 11:36:47 -06:00
sinn3r 28a079f308 Add credit to the appropriate researcher 2011-11-20 02:32:45 -06:00
sinn3r 95d639ccf7 Change target index and names. Also retested on XP all the way to Win 7, IE 6 to IE8. 2011-11-20 01:44:52 -06:00
sinn3r 980cd4c888 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-19 20:41:29 -06:00
sinn3r 9c2fab0921 Add CVE-2010-0356 (Viscom Movie Player Pro) by tecr0c 2011-11-19 20:40:04 -06:00
James Lee 67120d4263 msftidy on aux modules, see #5749 2011-11-20 13:12:07 +11:00
James Lee f35b6c5269 msftidy on post modules for spaces at EOL 2011-11-20 12:53:25 +11:00
sinn3r a4cadf0d53 remove the extra comment that's not used 2011-11-19 12:48:39 -06:00
sinn3r 30f13984ea Add wireshark console.lua exploit (CVE-2011-3360) 2011-11-18 21:24:48 -06:00
David Maloney ff22246119 Attempt to fix #5979 2011-11-18 12:53:35 -08:00
Tod Beardsley eca1253439 updating sudo 2011-11-18 10:17:43 -06:00
Tod Beardsley 356e0e6fb5 Moving sudo from linux to multi, because it is. 2011-11-18 10:16:57 -06:00
Tod Beardsley fa77909c67 whitespace fix 2011-11-18 08:51:07 -06:00
Tod Beardsley 55367fad4f Merge pull request #25 from rapid7/post_module_sudo
Post module sudo
2011-11-18 06:30:40 -08:00
David Maloney 11c1f0983f Fixes #5993 2011-11-17 18:05:36 -08:00
David Maloney 77cba9de7c Merge branch 'cbdfix'
Conflicts:
	modules/post/windows/gather/credentials/imvu.rb
	modules/post/windows/gather/forensics/duqu_check.rb
	modules/post/windows/recon/computer_browser_discovery.rb
2011-11-17 14:55:20 -08:00
Tod Beardsley d8b77564ef Tidying up, fixing csh echo behavior 2011-11-17 16:29:02 -06:00
David Maloney 3bfe7e9b98 fix to comptuer browser discovery to output properly and sotre as loot
added additional option to save detected hosts in the db.
2011-11-17 14:17:28 -08:00
Tod Beardsley 9878517f80 Cleanup and light refactoring, deal with slowpoke linux telnet cmd_exec() 2011-11-17 13:19:13 -06:00
Tod Beardsley 84fb5b441a Cleaning up some names and descs 2011-11-17 07:47:26 -06:00
David Maloney 4c90b68b4f Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-16 19:10:53 -08:00
David Maloney eae171b216 Addresses issue #5984 2011-11-16 19:07:56 -08:00
Tod Beardsley 93a133d5de Always try both export and setenv. Fixups to allow for correct reading from echoy nix shells. Fixes is_root? to not treat an empty string as 0 2011-11-16 16:48:19 -06:00
sinn3r fea42dbdee Add feature #5872 2011-11-16 12:26:54 -06:00
Tod Beardsley 725431dbdb Simpler method for setenv vs export. Tested on csh, ksh, zsh, sh, bash 2011-11-15 19:31:15 -06:00
Tod Beardsley d969006268 Adding zsh 2011-11-15 19:10:25 -06:00
Tod Beardsley 5cdab2ef41 Less repetitive error messages 2011-11-15 18:17:25 -06:00
Tod Beardsley 26659d8b17 Adding a sudo post module for easier automation 2011-11-15 17:38:45 -06:00
David Maloney d8347a1245 Fixes to post modules that store creds as loot.
All post modules that store creds as loot now store in
a CSV format with User and then Password always as the
first two columns.
2011-11-15 14:13:51 -08:00
David Maloney f6b0ffd630 Cleanup of the stack traces in the pidgin and filezilla client cred modules 2011-11-15 12:19:15 -08:00
David Maloney 8d47883af0 Moving the wlan directory up a level. It makes more sense in it's own area
instead of under gather.
2011-11-15 08:29:13 -08:00
David Maloney c8142043e9 Fixes to credential handling to downcase usernames whenever they are not case sensitive.
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
2011-11-14 22:50:52 -08:00
Tod Beardsley 96d2209ca2 Minor fixups for trace report_note patch 2011-11-14 10:40:11 -06:00
andurin 5d5c9464cc Do some report_note while TRACE detection 2011-11-14 12:10:53 +01:00
sinn3r 2536cf0308 Add feature #5779 2011-11-14 01:49:26 -06:00
andurin 5856112797 Quickfix: missing require in post/windows/escalate/getsystem.rb
Resolves:
[-] WARNING! The following modules could not be loaded!
[-]     contrib/metasploit-framework/modules/post/windows/escalate/getsystem.rb: NameError uninitialized constant Msf::Post::Windows
2011-11-13 14:25:31 +01:00
Andurin 71599f5ef9 Fix sqlmap aux to work with actual sqlmap.py
Commit relates to IssueID #5807
2011-11-13 09:18:33 +01:00
HD Moore 4f177acf88 Merge pull request #9 from swtornio/master
Add osvdb ref
2011-11-12 11:35:24 -08:00
sinn3r e4ebb890d8 Apply patch for bug #5963 2011-11-12 13:17:26 -06:00
sinn3r 41d746a07a Add Support Incident Tracker (Feature #5964) by Juan 2011-11-12 12:36:21 -06:00
Steve Tornio a0c9297500 add osvdb ref 2011-11-12 06:01:41 -06:00
sinn3r 170c4f5451 Fix author email format 2011-11-12 01:53:25 -06:00
sinn3r b8b8732d85 Correct disclosure date 2011-11-12 01:12:28 -06:00
sinn3r ed5bae6441 oops, I don't need that extra comment 2011-11-12 01:04:00 -06:00
sinn3r 84c5268ab4 Add Aviosoft DTV exploit 2011-11-12 01:02:40 -06:00
HD Moore 2ec21858c6 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-11 16:20:27 -06:00
HD Moore 65fc693c66 Add a getsystem post module for automation 2011-11-11 16:19:49 -06:00
sinn3r 62fdbd549c no need to register VERBOSE, because it's already a standard option in all modules. Thanks egyp7 for the reminder. 2011-11-11 15:37:47 -06:00
sinn3r 2d940e2c91 Apply patch #5952 2011-11-11 14:58:17 -06:00
Tod Beardsley 2f6c9d6d08 Removing a hated semi-colon, noting that the rescue does nothing 2011-11-11 13:59:14 -06:00
sinn3r e1cea699a7 yo, format police is in town for some law and order around here 2011-11-11 11:39:13 -06:00
sinn3r 35f84f5e42 yo, ruby 1.8 fix 2011-11-11 11:38:28 -06:00
sinn3r fdef66f2bf yo, ruby 1.8 fix 2011-11-11 11:38:08 -06:00
sinn3r 6f050d624f Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-11 11:24:55 -06:00
sinn3r e972234629 yo, owa bruteforce utility in the house (Feature #4725) 2011-11-11 11:23:35 -06:00
Tod Beardsley 184eee0e64 Merge branch 'duqu' 2011-11-11 10:22:12 -06:00
Tod Beardsley e03b6d27d2 Adding a colon to Request keyword mostly just to test local changes 2011-11-11 10:20:52 -06:00
Marcus J. Carey ef1a86e839 adding email address 2011-11-11 09:44:18 -06:00
David Maloney 6ae8bbb6ce Fixes #5832 2011-11-10 21:57:24 -08:00
Marcus J. Carey 5a75a67830 cleaning up tabs and rename variables for clarity 2011-11-10 23:26:19 -06:00
David Maloney c30d98093f Merge branch 'iss5426' 2011-11-10 20:39:48 -08:00
David Maloney c984ea41d1 Quick fix to cred sourcing to eliminate spaces in the source type 2011-11-10 20:39:13 -08:00
HD Moore 17150b7e0b Merge pull request #5 from aushack/master
Added BID ref for amlibweb module.
2011-11-10 18:22:00 -08:00
HD Moore 43fa2c3d1b Add a gitignore and delete the broken file_autopwn code. Fixes #4964 2011-11-10 20:11:53 -06:00
Patrick Webster f54b622ad3 Added BID ref for amlibweb module. 2011-11-11 12:04:40 +11:00
sinn3r 7191542503 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-10 18:09:55 -06:00
sinn3r 457b7cb6d1 sinn3r: *knock, knock* Whitespace: who's there? sinn3r:Me, I kill you 2011-11-10 18:08:28 -06:00
wchen-r7 0675def3d4 Whitespace, I kill you. 2011-11-10 18:00:50 -06:00
Marcus J. Carey e140361ffd change keys to array instead of comma delimited string 2011-11-10 16:11:11 -06:00
wchen-r7 3a328e1a1c Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-10 16:09:35 -06:00
wchen-r7 b761c6a9cc Add feature #5933 2011-11-10 16:09:03 -06:00
HD Moore d75e4aead3 Cosmetic changes 2011-11-10 15:45:02 -06:00
Marcus J. Carey 7348a71c24 adding duqu_check.rb 2011-11-10 15:20:48 -06:00
Steve Tornio 0c36915dae add osvdb ref 2011-11-10 13:24:26 -06:00
wchen-r7 453082678f Add CVE-2010-1871 (Feature #5922) 2011-11-10 10:21:17 -06:00
wchen-r7 a9ebfbd604 Add feature #5912 2011-11-10 03:13:57 -06:00
wchen-r7 3ff1449995 Do report_note() 2011-11-10 02:16:25 -06:00
wchen-r7 c569ec4a33 Don't really need a revision # in source 2011-11-09 22:10:52 -06:00
Wei Chen 32bb3af298 Add feature #5946 2011-11-09 21:49:34 -06:00
Matt Buck 16f45fc894 Add empty directories from svn repo. 2011-11-09 18:41:40 -06:00
Wei Chen 9ff5eabb4b Fix #4915
git-svn-id: file:///home/svn/framework3/trunk@14201 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 08:51:47 +00:00
David Maloney a88f954640 More Cred Sourcing
git-svn-id: file:///home/svn/framework3/trunk@14197 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 01:49:57 +00:00
Matt Weeks fdf13e5e0e Fixes #5927
git-svn-id: file:///home/svn/framework3/trunk@14196 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 21:45:17 +00:00
David Maloney aa4f6c1cae More cred sourcing fixes
git-svn-id: file:///home/svn/framework3/trunk@14193 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 18:45:47 +00:00
David Maloney cdbe7bc587 Multiple fixes to cred reporting on this module
git-svn-id: file:///home/svn/framework3/trunk@14192 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 17:25:39 +00:00
Wei Chen 16fc275853 whitespace cleanup
git-svn-id: file:///home/svn/framework3/trunk@14191 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 16:09:31 +00:00
Carlos Perez 3ac11b7d44 Whitespace clean up
git-svn-id: file:///home/svn/framework3/trunk@14190 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 15:48:04 +00:00
Carlos Perez 4490bb4683 handle better certain options that may use = sign
git-svn-id: file:///home/svn/framework3/trunk@14189 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 15:14:00 +00:00
Wei Chen c4fa5b4674 Fix #5937. Vista is currently taken down because it's not stable enough.
git-svn-id: file:///home/svn/framework3/trunk@14188 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 09:35:18 +00:00
David Maloney 2d80d1e144 Fixes Cred Sourcing in report_auth_info() for post modules.
git-svn-id: file:///home/svn/framework3/trunk@14187 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 03:34:49 +00:00
Carlos Perez 28c2408fdd handle better certain options that may use = sign
git-svn-id: file:///home/svn/framework3/trunk@14186 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 03:22:54 +00:00
Patrick Webster 77a3edbb4f Added squiz_matrix_user_enum aux module.
git-svn-id: file:///home/svn/framework3/trunk@14185 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 03:14:39 +00:00
Wei Chen ad94bae78f Fix bug #5923
git-svn-id: file:///home/svn/framework3/trunk@14182 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 17:52:02 +00:00
Wei Chen 7ffcf62a2e Add #5364
git-svn-id: file:///home/svn/framework3/trunk@14181 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 17:34:42 +00:00
Wei Chen 12378b45d6 Fix #5502
git-svn-id: file:///home/svn/framework3/trunk@14180 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 07:44:02 +00:00
Wei Chen 0b981b0db0 Add OSVDB reference
git-svn-id: file:///home/svn/framework3/trunk@14179 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 02:01:42 +00:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
Wei Chen b1d38a44a4 Clenaup
git-svn-id: file:///home/svn/framework3/trunk@14174 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 21:23:21 +00:00
Wei Chen 49dddf1396 Yeah, don't really need the bottom comment anymore
git-svn-id: file:///home/svn/framework3/trunk@14172 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 20:16:34 +00:00
Wei Chen 43a22d3fa0 Add Office 2007 SP2 target, thanks Juan
git-svn-id: file:///home/svn/framework3/trunk@14171 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 17:33:29 +00:00
Wei Chen 70a64bf4db Fix indent level and whitespace
git-svn-id: file:///home/svn/framework3/trunk@14170 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 23:18:30 +00:00
Wei Chen 1a2f60f4c0 Add MS11-021 (#5917)
git-svn-id: file:///home/svn/framework3/trunk@14169 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 23:05:42 +00:00
Matt Weeks e4d540e031 Seplling
git-svn-id: file:///home/svn/framework3/trunk@14166 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 15:43:28 +00:00
HD Moore f6cc9eade7 Replace my crufty old ASN.1 parser with OpenSSL::ASN1
git-svn-id: file:///home/svn/framework3/trunk@14165 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 05:12:28 +00:00
Wei Chen 1272736b72 indent level fix
git-svn-id: file:///home/svn/framework3/trunk@14162 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 21:04:54 +00:00
David Maloney a0aebe98bb Adds the community submitted ePO database password post module
Did some minor code cleanup and replaced the hostname resolution with mubix's railgun
code to make the victim do the resolution. This should be more reliable.
Fixes #5210


git-svn-id: file:///home/svn/framework3/trunk@14160 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 20:15:14 +00:00
David Maloney 69193f9fe4 Some quick fixes to enum_cred_store
Fixes #5218


git-svn-id: file:///home/svn/framework3/trunk@14159 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 19:28:53 +00:00
David Maloney 07a41924a6 Added mubix's enum_termserv post module.
Fixes #5914


git-svn-id: file:///home/svn/framework3/trunk@14158 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 18:47:22 +00:00
James Lee 155c3ff9ac whitespace
git-svn-id: file:///home/svn/framework3/trunk@14157 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 17:17:10 +00:00
Steve Tornio 7a07e069da add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@14156 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 14:15:00 +00:00
Wei Chen 3d6f631780 Upgrade mini_stream as a remote module. Account for all variables that affect the offset to EIP. Also digital1 = Ron.
git-svn-id: file:///home/svn/framework3/trunk@14155 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 08:20:43 +00:00
Wei Chen 057725450c svn propset. fix author email format
git-svn-id: file:///home/svn/framework3/trunk@14154 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 08:16:36 +00:00
Carlos Perez f23389390b better handling of hosts with no USB History
git-svn-id: file:///home/svn/framework3/trunk@14153 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 22:59:39 +00:00
Carlos Perez 86a7807b97 Added a couple more checks for the names of the post modules provided
git-svn-id: file:///home/svn/framework3/trunk@14152 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 22:40:29 +00:00
Carlos Perez 1c5d44c40a Fix variable declaration
git-svn-id: file:///home/svn/framework3/trunk@14151 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 22:28:08 +00:00
David Maloney 585a7cc4a2 Adding the HTTP Trace scanner from CG
Fixes #3390


git-svn-id: file:///home/svn/framework3/trunk@14150 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 20:09:11 +00:00
HD Moore c7f0568769 Fix next vs return issue
git-svn-id: file:///home/svn/framework3/trunk@14149 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 18:34:30 +00:00
David Maloney 7091fc1eea Adding mubix's post modules
Fixes #5916
Fixes #5913
Fixes #5915


git-svn-id: file:///home/svn/framework3/trunk@14148 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 03:00:51 +00:00
Mario Ceballos f25dc59371 spelling.
git-svn-id: file:///home/svn/framework3/trunk@14146 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 21:56:38 +00:00
Mario Ceballos 2b00ace437 spelling.
git-svn-id: file:///home/svn/framework3/trunk@14145 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 21:47:27 +00:00
Wei Chen 3722a5c3c1 Add LifeSize room command injection (feature #5333)
git-svn-id: file:///home/svn/framework3/trunk@14143 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 19:40:05 +00:00
David Maloney 131ffe4ab2 Fixed inconsistencies in how data was being passed to report_auth_info(). The command dispatcher and filezilla
server cred module both used the accessor :ptype but report_auth_info looks for :type. 

While ptype is what the db field is called, almsot everything else references :type so it is better
for consistency to keep everything at :type.

Fixes #5906



git-svn-id: file:///home/svn/framework3/trunk@14141 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 02:47:28 +00:00
David Maloney 4ab4a2cec7 fixes issues with with imvu, forgot the require statement.
git-svn-id: file:///home/svn/framework3/trunk@14140 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-01 21:50:06 +00:00
Wei Chen ae9e8b7821 Syntax fix for ruby 1.8
git-svn-id: file:///home/svn/framework3/trunk@14139 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-01 21:48:24 +00:00
Wei Chen d5cee2dedf Apply patch #5411 to allow user-specified path
git-svn-id: file:///home/svn/framework3/trunk@14137 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-01 17:57:11 +00:00
Wei Chen b809f00979 Add NJStar MiniSMTP bof (Feature #5901)
git-svn-id: file:///home/svn/framework3/trunk@14135 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-01 08:19:55 +00:00
Wei Chen 8750c3aac5 Add feature #4849 (Redis module)
git-svn-id: file:///home/svn/framework3/trunk@14133 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 21:47:15 +00:00
Mario Ceballos 0890cca02a much needed patch worked like a champ in my enviroment.
git-svn-id: file:///home/svn/framework3/trunk@14132 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 20:37:30 +00:00
Mario Ceballos d55dc551b6 syntax issue
git-svn-id: file:///home/svn/framework3/trunk@14131 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 20:22:02 +00:00
Wei Chen 1b9a6bb20f Fix :host key
git-svn-id: file:///home/svn/framework3/trunk@14130 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 19:50:22 +00:00
Wei Chen 10dd6ff38e Fix "TypeError can't convert String into Hash" when using report_note()
git-svn-id: file:///home/svn/framework3/trunk@14129 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 19:48:20 +00:00
Tod Beardsley e1ffdfdb18 Fixes #3199, jduck caught the funky behavior of seek and ruby's "ab" and "wb" file mode. See also http://pastie.org/2789573
git-svn-id: file:///home/svn/framework3/trunk@14128 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 19:06:09 +00:00
Wei Chen e14668ece9 Add ColdFusion version scanner - feature #4079
git-svn-id: file:///home/svn/framework3/trunk@14127 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 18:18:11 +00:00
Wei Chen fb56e23197 Apply fix for bug #5516 to correct a possible false positive on Apache Tomcat
(yup, tomcats are tricky like that)


git-svn-id: file:///home/svn/framework3/trunk@14124 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 16:39:03 +00:00
Wei Chen f64893d305 Consistent naming
git-svn-id: file:///home/svn/framework3/trunk@14122 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-30 08:20:18 +00:00
David Maloney f365050c6f Keeping the style police happy =)
git-svn-id: file:///home/svn/framework3/trunk@14119 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-29 19:54:32 +00:00
David Maloney 47ea0d7b96 Added WlanAPI Post modules. These will probably get an upgrade in the future pending some Railgun improvements Chao-mu is working on.
Fixes #5598


git-svn-id: file:///home/svn/framework3/trunk@14118 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-29 19:32:45 +00:00
HD Moore 55e6672e6b Revert a well-intentioned but design-violating change
git-svn-id: file:///home/svn/framework3/trunk@14116 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-29 18:40:49 +00:00
Wei Chen 27c41e41f7 spaces/tabs cleanup
git-svn-id: file:///home/svn/framework3/trunk@14115 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-29 17:41:38 +00:00
David Maloney 47cb10c70b Added John the Ripper Linux module
Fixes #5513


git-svn-id: file:///home/svn/framework3/trunk@14114 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-29 17:27:21 +00:00
David Maloney 391f39d6a3 Fixes #5165
git-svn-id: file:///home/svn/framework3/trunk@14111 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-29 00:33:16 +00:00
David Maloney 292a1d087b Fixes #4288
git-svn-id: file:///home/svn/framework3/trunk@14110 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-29 00:23:02 +00:00
Carlos Perez 86128d3373 Removed whitespaces
git-svn-id: file:///home/svn/framework3/trunk@14106 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-28 23:06:52 +00:00
Tod Beardsley 45d8c91929 Fixes #3199. Note that hex notation (0x41) is okay for OptInt. Ruby integers can be 0x41, 0101, 0b01000001, which are all 65, so dropped that chunk and clarified the option instead of forcing a string and a conversion.
git-svn-id: file:///home/svn/framework3/trunk@14102 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-28 20:58:46 +00:00
David Maloney b15f878b2f Forgot to close out the registry hives when done. fixed now
git-svn-id: file:///home/svn/framework3/trunk@14100 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-28 18:00:10 +00:00
David Maloney 8be10d4abe Added the IVMU password collector post module submitted in #5582
git-svn-id: file:///home/svn/framework3/trunk@14099 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-28 17:50:16 +00:00
Carlos Perez de22020e6f Typos and undefined variable
git-svn-id: file:///home/svn/framework3/trunk@14097 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-28 14:46:49 +00:00
Tod Beardsley 467df77a50 Fixes #5170. Enforces a max width, avoids negative widths. Thanks Oliver!
Related to r13769



git-svn-id: file:///home/svn/framework3/trunk@14093 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-27 22:07:41 +00:00
Wei Chen 63a926a6ee Do a report_host() on OS default name. Request #5865
git-svn-id: file:///home/svn/framework3/trunk@14090 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-27 04:50:01 +00:00
Wei Chen 3eff1cfaa5 This exploit does not work at all, and could not be fixed in time. See #5854
git-svn-id: file:///home/svn/framework3/trunk@14088 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-27 01:47:48 +00:00
Carlos Perez ef808f20e8 Post module for enumerating on a host that is part of the domain domain members in its local groups, impersonation tokens of domain accounts and processes that run under domain accounts and on all cases checks if those domain accounts are part of the Domain Admins group
git-svn-id: file:///home/svn/framework3/trunk@14087 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-27 00:54:54 +00:00
Wei Chen c0cca836c1 Ok, last svn propset, I swear
git-svn-id: file:///home/svn/framework3/trunk@14086 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 23:41:24 +00:00
Wei Chen baf9a816d5 damn it, I missed one
git-svn-id: file:///home/svn/framework3/trunk@14085 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 23:40:32 +00:00
Wei Chen 7db499e71e The svn propset police joins the party
git-svn-id: file:///home/svn/framework3/trunk@14084 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 23:38:18 +00:00
Wei Chen 5d8c3e956e Watch out, the style police is in da house
git-svn-id: file:///home/svn/framework3/trunk@14083 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 23:31:12 +00:00
David Maloney 6ba153c9f5 Fix to a typo, thanks Jabra
git-svn-id: file:///home/svn/framework3/trunk@14082 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:44:17 +00:00
David Maloney abf37d7caf Added John the Ripper Unshadow module. See #5437
git-svn-id: file:///home/svn/framework3/trunk@14081 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:40:38 +00:00
David Maloney 1f8e455eaa Added Postgres MD5 Hashcrack module. See #5423
git-svn-id: file:///home/svn/framework3/trunk@14080 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:34:33 +00:00
David Maloney 23e50bf2b4 Added Oracle John the Ripper Module. See #5406
git-svn-id: file:///home/svn/framework3/trunk@14079 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:33:44 +00:00
David Maloney afec4fd928 Added MySQL John the Ripper module. See #5408
git-svn-id: file:///home/svn/framework3/trunk@14078 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:33:12 +00:00
David Maloney 5c565d12fc Added the MS SQL John the Ripper Module see #5407
git-svn-id: file:///home/svn/framework3/trunk@14077 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:32:08 +00:00
Mario Ceballos 7b099bbaef remove Rex::Text.pattern_create()
git-svn-id: file:///home/svn/framework3/trunk@14076 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:16:26 +00:00
Wei Chen ded364c8ef Feature #5621
git-svn-id: file:///home/svn/framework3/trunk@14075 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 21:25:46 +00:00
Wei Chen dd72e1ce9d Longer timeout. #5851
git-svn-id: file:///home/svn/framework3/trunk@14074 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 19:35:03 +00:00
Wei Chen 0dff3f3e52 Add #5682 (phpscheduleit module). Thx Juan.
git-svn-id: file:///home/svn/framework3/trunk@14073 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 18:06:12 +00:00
Wei Chen d98ab06464 This fixes the nil problem with arg. See bug #5848
git-svn-id: file:///home/svn/framework3/trunk@14070 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 20:48:17 +00:00
David Rude 086af94b5d Adds Foxit PDF Reader Exploit CVE-2009-0837
git-svn-id: file:///home/svn/framework3/trunk@14069 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 20:15:12 +00:00
Will Vandevanter a0d8a08851 java meterpreter should be used when the target is set to automatic
git-svn-id: file:///home/svn/framework3/trunk@14068 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 20:02:09 +00:00
Wei Chen ab4f9d65c7 Add PATH option. Feature #5412
git-svn-id: file:///home/svn/framework3/trunk@14067 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 18:32:02 +00:00
Wei Chen 82e1b87a21 #5541
git-svn-id: file:///home/svn/framework3/trunk@14064 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 16:43:58 +00:00
Wei Chen 2b46420b36 check nil
git-svn-id: file:///home/svn/framework3/trunk@14062 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 16:19:55 +00:00
Wei Chen 7ba5a8ec4e Module is busted when it loads, restoring to the original method. Mixin should not be loaded into an exploit
git-svn-id: file:///home/svn/framework3/trunk@14061 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 16:04:33 +00:00
Wei Chen 9cb54e37c5 Handle payloads better, also add a cleanup routine specifically for php/exec
git-svn-id: file:///home/svn/framework3/trunk@14060 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 05:25:39 +00:00
Wei Chen 2da07d4963 Fix bug #5834 (uri being nil in print_good)
git-svn-id: file:///home/svn/framework3/trunk@14057 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 00:40:03 +00:00
Wei Chen 3da8bb8b69 Add feature #5820 by mr_me and tecr0c
git-svn-id: file:///home/svn/framework3/trunk@14055 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 23:22:32 +00:00
Mario Ceballos b098257154 fixes a syntax error.
git-svn-id: file:///home/svn/framework3/trunk@14053 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 22:43:27 +00:00
Tod Beardsley a5ef33305f Fixes #5609, thanks David!
git-svn-id: file:///home/svn/framework3/trunk@14052 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 21:57:42 +00:00
Joshua Drake 32cde1d45a don't use the pattern creator
git-svn-id: file:///home/svn/framework3/trunk@14050 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 19:43:54 +00:00
Wei Chen fa2355a766 Damn comma
git-svn-id: file:///home/svn/framework3/trunk@14048 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 16:42:07 +00:00
Wei Chen 68286561f5 Add #5742
git-svn-id: file:///home/svn/framework3/trunk@14047 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 16:38:02 +00:00
Wei Chen 587f0fb4d6 This picasa module steals passwords, therefore should go to the credentials section
git-svn-id: file:///home/svn/framework3/trunk@14045 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 05:09:47 +00:00
Wei Chen c0d362bd83 Fix tabs, and the correct the bottom comment
git-svn-id: file:///home/svn/framework3/trunk@14041 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 01:39:11 +00:00
Wei Chen a8d62ae01a Add feature #5592 (Cytel Studio)
git-svn-id: file:///home/svn/framework3/trunk@14040 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 01:37:32 +00:00
Carlos Perez ef5d3e1d02 Added more messages for the different stages in case a problems happens to better pinpoint it.
git-svn-id: file:///home/svn/framework3/trunk@14039 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 01:12:38 +00:00
Carlos Perez f2e4278307 Fixed problems when running in x64 with a x64 payload
git-svn-id: file:///home/svn/framework3/trunk@14038 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 23:47:54 +00:00
Wei Chen 70c4061c64 These are the "myca" modules by Nick Freeman. Feature #5503
git-svn-id: file:///home/svn/framework3/trunk@14037 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 17:17:32 +00:00
Joshua Drake 7bfa29ace4 clean up exploit HTML print_status
git-svn-id: file:///home/svn/framework3/trunk@14036 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 14:21:57 +00:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
Wei Chen 14cf0deb29 Add feature #5398
git-svn-id: file:///home/svn/framework3/trunk@14032 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-22 22:20:55 +00:00
Wei Chen 17f518897f Moved from auxiliary/scanner/sap
git-svn-id: file:///home/svn/framework3/trunk@14030 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-22 21:33:53 +00:00
Wei Chen 1e7c197d8e git-svn-id: file:///home/svn/framework3/trunk@14029 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-22 21:32:36 +00:00
Wei Chen a62a236ad0 Add feature #5541
git-svn-id: file:///home/svn/framework3/trunk@14027 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-22 20:03:25 +00:00
Wei Chen 2a3f430c8e SAP ICM URLscan module (Feature #5620) by Chris
git-svn-id: file:///home/svn/framework3/trunk@14026 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-22 08:41:54 +00:00
Joshua Drake 4481354b83 typo
git-svn-id: file:///home/svn/framework3/trunk@14023 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-22 03:04:02 +00:00
Steve Tornio 27cba3d7ec add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@14020 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-21 11:50:59 +00:00
Wei Chen 06aa776a77 Bleh, fix BID reference
git-svn-id: file:///home/svn/framework3/trunk@14016 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-20 17:40:21 +00:00
Wei Chen e5f7bfceaf Add HP Power Manager module by ipax, thx!
git-svn-id: file:///home/svn/framework3/trunk@14015 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-20 17:29:48 +00:00
Wei Chen 389be65dff Attempt number 2 to fix #5579
git-svn-id: file:///home/svn/framework3/trunk@14014 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-20 16:29:15 +00:00
Wei Chen dd2623dba9 For bug #5579
git-svn-id: file:///home/svn/framework3/trunk@14012 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-20 01:07:08 +00:00
Carlos Perez ad1824ebec Multi post module execution against a selected session using macro/rc file
git-svn-id: file:///home/svn/framework3/trunk@14011 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 22:13:14 +00:00
Carlos Perez 75a1b18690 Persistence Meterpreter script re-wrote and optimized in to post module
git-svn-id: file:///home/svn/framework3/trunk@14010 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 22:09:29 +00:00
Carlos Perez d3a7e13b50 Fixed reporting of found hosts
git-svn-id: file:///home/svn/framework3/trunk@14009 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 22:08:56 +00:00
Carlos Perez 9329203eb9 Added payload selection and architecture check of payload for Windows Service PE output
git-svn-id: file:///home/svn/framework3/trunk@14008 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 22:08:23 +00:00
David Rude 091b9779e2 Add commas
git-svn-id: file:///home/svn/framework3/trunk@14007 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 20:41:09 +00:00
David Rude 521aec205b Return on error
git-svn-id: file:///home/svn/framework3/trunk@14006 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 19:55:04 +00:00
Carlos Perez 88dbc6adee Accidental assignment
git-svn-id: file:///home/svn/framework3/trunk@14005 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 13:04:40 +00:00
Steve Tornio 1f698e09c9 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@14004 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 11:19:59 +00:00
Carlos Perez f56f620222 Multi platform DNS Enumeration post modules, tested on OS X, Linux, Solaris and Windows
git-svn-id: file:///home/svn/framework3/trunk@14003 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 23:34:00 +00:00
Carlos Perez ee9be2d51e Multi platform post module for creating reverse tcp shells using scripting environments found on the target system, tested on Linux, OS X and Solaris
git-svn-id: file:///home/svn/framework3/trunk@14001 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 23:31:04 +00:00
Carlos Perez a5dc422f9a Windows Credential Store enumeration and decryption module by Kx499
git-svn-id: file:///home/svn/framework3/trunk@14000 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 23:25:28 +00:00
Joshua Drake ac916baac5 Fixes #5581: Stop hardcoding MIPS reverse shell IP/port
git-svn-id: file:///home/svn/framework3/trunk@13999 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 22:50:12 +00:00
David Rude 4209431355 Follow a consistent naming convention
git-svn-id: file:///home/svn/framework3/trunk@13996 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 20:42:59 +00:00
Wei Chen 973227933b Add CVE-2011-1290 as an aux module
git-svn-id: file:///home/svn/framework3/trunk@13994 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 16:30:28 +00:00
Wei Chen 0f1ba8dcf1 Change user agent check
git-svn-id: file:///home/svn/framework3/trunk@13993 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 15:48:03 +00:00
HD Moore 63d3fe2e9c Cosmetic
git-svn-id: file:///home/svn/framework3/trunk@13992 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:57:12 +00:00
HD Moore 5916a4afe3 Cosmetic
git-svn-id: file:///home/svn/framework3/trunk@13991 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:56:33 +00:00
HD Moore f2469fc23f Drop phpi to normal ranking, it eats too much time
git-svn-id: file:///home/svn/framework3/trunk@13990 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:10:45 +00:00
HD Moore e4290e40c4 Fix the check to not report empty user/pass
git-svn-id: file:///home/svn/framework3/trunk@13989 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:10:00 +00:00
Wei Chen 8e4f4a2672 Add CVE-2011-1774 (Safari libxslt arbitrary file creation)
git-svn-id: file:///home/svn/framework3/trunk@13987 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 07:39:50 +00:00
Wei Chen 0a661ec227 Add CVE-2011-3305 (#5673)
git-svn-id: file:///home/svn/framework3/trunk@13985 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 04:40:21 +00:00
Wei Chen fbbec1fa92 This exploit falls between NormalRanking to GoodRanking. I'll class it as Normal for now.
git-svn-id: file:///home/svn/framework3/trunk@13984 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 03:48:10 +00:00
Wei Chen 975cc52bac Fix spelling errors
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
Wei Chen 6e3b36e142 path could be nil but only checked using empty?. Defaulting value to ''
git-svn-id: file:///home/svn/framework3/trunk@13979 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 16:35:53 +00:00
Wei Chen d204f4027b Catch nil first before do .empty?
git-svn-id: file:///home/svn/framework3/trunk@13978 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 15:59:57 +00:00
Wei Chen 87ec1c390e We caught a problem with the module timing out (execution expired), this is an attempt to handle that more gracefully.
git-svn-id: file:///home/svn/framework3/trunk@13977 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 15:38:09 +00:00
Wei Chen 7dbf2e3fcd Apply fix by David, thx!
git-svn-id: file:///home/svn/framework3/trunk@13975 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 15:08:39 +00:00
Wei Chen 0304702b14 Mention where the getpc code is from, request by corelanc0d3r
git-svn-id: file:///home/svn/framework3/trunk@13974 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 14:56:44 +00:00
Jonathan Cran bbfbb38a5f wording fix.
git-svn-id: file:///home/svn/framework3/trunk@13973 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 08:56:07 +00:00
David Rude 8e88a3eaba fix gsub error in foreach dir api usage
git-svn-id: file:///home/svn/framework3/trunk@13972 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 05:54:20 +00:00
Tod Beardsley c336d063da Mostly file format (unix linefeeds) and File.open() calls using binary. Fixed ranking for mozilla_nstreerange and disclosure and BID # for tugzip.
git-svn-id: file:///home/svn/framework3/trunk@13971 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 04:20:53 +00:00
Wei Chen 7ef8c16e75 Fix NoMethodERror undefined method 'each' for '[path]':String error.
paths might be a string instead of an array, because the function that does unix-based enumeration returns a string


git-svn-id: file:///home/svn/framework3/trunk@13970 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 04:15:58 +00:00
Wei Chen 0af43246a4 Fix bug #5688. Some distros might have a different location for command uname
git-svn-id: file:///home/svn/framework3/trunk@13969 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:55:05 +00:00
Tod Beardsley 94eb3ac14c Deleting a puts statement.
git-svn-id: file:///home/svn/framework3/trunk@13968 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:52:10 +00:00
Tod Beardsley 3c36b0c975 Msftidy: knocking out all those trailing spaces. Screw those guys.
git-svn-id: file:///home/svn/framework3/trunk@13967 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:49:49 +00:00
Wei Chen 4c6a1923e7 Fix bug #5687
git-svn-id: file:///home/svn/framework3/trunk@13966 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:32:43 +00:00
Wei Chen 6194486a4c Fix bug #5689 (it needs a 'rescue' in order to catch an exception)
git-svn-id: file:///home/svn/framework3/trunk@13965 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:27:58 +00:00
Wei Chen d159937df6 If you don't have a 'rescue', you're not really catching an exception
git-svn-id: file:///home/svn/framework3/trunk@13964 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:25:12 +00:00
Tod Beardsley 30ac88694f More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
Tod Beardsley e9461c766e Msftidy run against a bunch of whitespace violations, a few line too longs.
git-svn-id: file:///home/svn/framework3/trunk@13962 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:42:01 +00:00
Tod Beardsley ea2c9d1a46 Adding missing Id and Rev SVN keywords.
git-svn-id: file:///home/svn/framework3/trunk@13961 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 01:27:28 +00:00
Wei Chen 6e6b5aa926 Apply fixes by jabra
git-svn-id: file:///home/svn/framework3/trunk@13960 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 00:21:37 +00:00
Wei Chen 7e1070c24e Fix "NoMethodError undefined method 'empty?' for nil:NilClass
git-svn-id: file:///home/svn/framework3/trunk@13959 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 23:23:57 +00:00
Wei Chen 39a4488da5 Patch #5740 for Firefox Array.reduceRight() exploit
git-svn-id: file:///home/svn/framework3/trunk@13958 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 20:28:15 +00:00
Wei Chen e6e8164843 Add CVE-2011-3230 - Safari File Policy vuln
git-svn-id: file:///home/svn/framework3/trunk@13956 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 19:31:09 +00:00
Tod Beardsley d059670d67 Fixes #5570, commits TecR0c's exploit module, after running through msftidy.rb. Thanks!
git-svn-id: file:///home/svn/framework3/trunk@13952 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 15:47:04 +00:00
HD Moore 594b0687c7 Fix CVE reference format
git-svn-id: file:///home/svn/framework3/trunk@13950 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:55:07 +00:00
HD Moore cf8524b1b4 Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:53:53 +00:00
David Rude be642faa81 stack trace fix and whitespace clean up
git-svn-id: file:///home/svn/framework3/trunk@13946 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 04:39:28 +00:00
David Rude 028fd4203b stack trace fix and whitespace clean up
git-svn-id: file:///home/svn/framework3/trunk@13945 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 04:36:08 +00:00
Tod Beardsley 020abd926b A handful of rankings changes, also converting whitespace.
git-svn-id: file:///home/svn/framework3/trunk@13941 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:58:20 +00:00
Tod Beardsley f0ee05eece Moving dos modules to manual ranking.
git-svn-id: file:///home/svn/framework3/trunk@13940 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:20:04 +00:00
Tod Beardsley c45add4199 Moving an old unnamed Microsoft exploit to the proper named exploit.
git-svn-id: file:///home/svn/framework3/trunk@13939 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:16:13 +00:00
Wei Chen 14d7db1641 Add disclosure dates to all the exploit modules that didn't have one
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
Wei Chen 1a02a2199b These are considered as cmd exec and do not cause crashes, therefore received an ExcellentRanking
git-svn-id: file:///home/svn/framework3/trunk@13937 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:42:20 +00:00
Wei Chen 1adb31747d This module is missing a ranking. Adding one.
git-svn-id: file:///home/svn/framework3/trunk@13936 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:35:18 +00:00
Wei Chen f2d328d969 cmd exec module should receive ExcellentRanking
git-svn-id: file:///home/svn/framework3/trunk@13935 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:10:53 +00:00
Wei Chen 2b746b3505 This module never got a ranking, adding one
git-svn-id: file:///home/svn/framework3/trunk@13934 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:07:59 +00:00
HD Moore 142ae9288b Fix title
git-svn-id: file:///home/svn/framework3/trunk@13933 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 19:56:57 +00:00
HD Moore 6620476744 More consistency fixes for modules titles
git-svn-id: file:///home/svn/framework3/trunk@13932 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 19:41:40 +00:00
HD Moore 8fd0fdf979 Consistency for manage modules
git-svn-id: file:///home/svn/framework3/trunk@13931 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 19:40:23 +00:00
HD Moore bc986e82d4 Fix the title for consistency
git-svn-id: file:///home/svn/framework3/trunk@13930 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 19:39:30 +00:00
James Lee 77e9c9d973 whitespace and another typo
git-svn-id: file:///home/svn/framework3/trunk@13929 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 18:12:50 +00:00
James Lee 76bad7a4e4 typo
git-svn-id: file:///home/svn/framework3/trunk@13928 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 18:07:50 +00:00
Carlos Perez 89ab6c11a9 small logic error that made module in shell sessions only test odd elements in the IP array
git-svn-id: file:///home/svn/framework3/trunk@13926 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 01:37:50 +00:00
Chao Mu 4b9346e40e Switching my BSD modules to MSF_LICENSE to make life easier. Resistance is Futile! Assimilate!
git-svn-id: file:///home/svn/framework3/trunk@13925 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 23:29:52 +00:00
HD Moore 3c73c3c2f8 Pile of small bug fixes for the FTP server and mixin
git-svn-id: file:///home/svn/framework3/trunk@13924 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 23:07:09 +00:00
Carlos Perez c0910add22 keywords
git-svn-id: file:///home/svn/framework3/trunk@13920 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 02:44:30 +00:00
Carlos Perez e4ce0bcb42 Added additional product keys
git-svn-id: file:///home/svn/framework3/trunk@13919 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 02:42:54 +00:00
HD Moore 0ff7f17cba Cosmetic module and service name fixes
git-svn-id: file:///home/svn/framework3/trunk@13917 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 00:52:15 +00:00
Carlos Perez 445f694e47 Change platform
git-svn-id: file:///home/svn/framework3/trunk@13915 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 22:42:05 +00:00
Wei Chen 4f4c0bc0be Add CVE-2011-2371 Firefox Array.reduceRight() vuln
git-svn-id: file:///home/svn/framework3/trunk@13909 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 03:16:15 +00:00
Carlos Perez 0859c99940 Cisco post module for enumerating information from a SSH or Telnet session to a Cisco device, can try to bruteforce the enable password
git-svn-id: file:///home/svn/framework3/trunk@13907 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 01:54:07 +00:00
Carlos Perez bf0150941e typo
git-svn-id: file:///home/svn/framework3/trunk@13906 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 01:50:15 +00:00
Carlos Perez 742a72ef1f typo
git-svn-id: file:///home/svn/framework3/trunk@13905 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 01:49:53 +00:00
Carlos Perez 7ae1bbbb3f typo
git-svn-id: file:///home/svn/framework3/trunk@13904 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 01:49:36 +00:00
Carlos Perez a0c34d1c73 Sets a session platform when using ssh_login
git-svn-id: file:///home/svn/framework3/trunk@13903 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 01:48:42 +00:00
Carlos Perez fccda688a6 Multi Platform post module for performing DNS Reverse Lookups using the tools installed on the host and the DNS server configured on the host.
git-svn-id: file:///home/svn/framework3/trunk@13899 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 23:26:10 +00:00
Carlos Perez dbdabf8607 Multi Platform post module for performing IPv4 ping sweeps using host built in ping command
git-svn-id: file:///home/svn/framework3/trunk@13897 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 23:20:34 +00:00
Carlos Perez b019f70d72 Post Module for injecting Windows Payloads in to memory works with x86 and x64 payloads and processes.
git-svn-id: file:///home/svn/framework3/trunk@13896 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 23:18:07 +00:00
Carlos Perez ab8b8802b5 issue with none domain machines fixed and added host resolution and reporting on domain controller using some of Mubix railgun fu
git-svn-id: file:///home/svn/framework3/trunk@13895 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 23:15:07 +00:00
HD Moore cce4aafd9b Tweak the snmp_login code to actually only poll response packets every 10 sent and break out of infinite loop in the case of a target going crazy and continuously replying
git-svn-id: file:///home/svn/framework3/trunk@13891 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 20:14:58 +00:00
Wei Chen 90a426cec6 Add PcVue 10 LoadObject/SaveObject vuln (Feature #5647)
git-svn-id: file:///home/svn/framework3/trunk@13889 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 10:57:31 +00:00
James Lee 6578874439 don't bother escaping a tick
git-svn-id: file:///home/svn/framework3/trunk@13887 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 01:45:10 +00:00
Chao Mu 53b807abee Adding the "this file is part of" comment to the top of the module and proper comment formatting
git-svn-id: file:///home/svn/framework3/trunk@13886 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 00:36:55 +00:00
Chao Mu df56110dd9 Fixing $Id so that it is prefaced by a comment.
git-svn-id: file:///home/svn/framework3/trunk@13885 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 00:32:14 +00:00