Commit Graph

16015 Commits (95948b9d7c07dbc87a78003bde106db623f63424)

Author SHA1 Message Date
Carlos Perez ddb9871577 refactor for use of registry mixin and will now create a note for the hypervisor 2012-12-22 10:27:54 -04:00
sinn3r d97a63a94c Make changes based on juan and egypt's feedback 2012-12-22 02:35:22 -06:00
James Lee 20cc2fa38d Make Windows postgres_payload more generic
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
  the ability to use generate_payload_dll() which generates a generic dll
  that spawns rundll32 and runs the shellcode in that process. This is
  basically what the linux version accomplishes by compiling the .so on
  the fly. On major advantage of this is that the resulting DLL will
  work on pretty much any version of postgres

* Adds Exploit::FileDropper to windows version as well. This gives us
  the ability to delete the dll via the resulting session, which works
  because the template dll contains code to shove the shellcode into a
  new rundll32 process and exit, thus leaving the file closed after
  Postgres calls FreeLibrary.

* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
  Windows

* Adds a check method to both Windows and Linux versions that simply
  makes sure that the given credentials work against the target service.

* Replaces the version-specific lo_create method with a generic
  technique that works on both 9.x and 8.x

* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
  gets downcased and subsequently causes postgres to error out before
  opening the DLL

* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
sinn3r 9b768a2c62 Merge branch 'cleanup/post-windows-services' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/post-windows-services 2012-12-21 23:42:17 -06:00
sinn3r 49248c79d6 Oops, didn't mean to keep these lines 2012-12-21 22:22:58 -06:00
Carlos Perez 924f5283ae Improvements to checkvm
- Added additional checks for Hyper-V
- Added additional checks for VMware
- Removed $Id$ and $Revision$ (Confirmed with Todb on it)
2012-12-21 22:11:57 -04:00
sinn3r 9af8c9b457 Small corrections 2012-12-21 18:52:40 -06:00
sinn3r 395a20ef22 Merge branch 'foswiki_maketext' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-foswiki_maketext 2012-12-21 18:43:44 -06:00
sinn3r 28f09618c8 Merge branch 'lm2ntcrack_fix' of git://github.com/mubix/metasploit-framework into mubix-lm2ntcrack_fix 2012-12-21 18:20:14 -06:00
sinn3r c57567d077 Merge branch 'feature/smtp_deliver_domain' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/smtp_deliver_domain 2012-12-21 16:26:50 -06:00
sinn3r 1dd27566e8 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-12-21 16:25:37 -06:00
sinn3r ea31e38af8 Merge branch 'license-updates' of git://github.com/todb-r7/metasploit-framework into todb-r7-license-updates 2012-12-21 16:25:24 -06:00
sinn3r ca72132fc0 Add a check 2012-12-21 16:23:31 -06:00
sinn3r 1323081bce msftidy cleanup 2012-12-21 16:11:16 -06:00
sinn3r 529a3c9a63 Add Netwin SurgeFTP module 2012-12-21 16:10:27 -06:00
jvazquez-r7 d5f08a2405 Added module for CVE-2012-6329 for foswiki 2012-12-21 22:08:08 +01:00
Tod Beardsley 9a710175ad Added a bunch of gems
builder
coderay
journey
metasploit_data_models
railties
spork
2012-12-21 14:52:24 -06:00
Tod Beardsley 0bdc187084 Adding fastlib 2012-12-21 14:25:07 -06:00
Tod Beardsley ef8e3416e9 Updating THIRD-PARTY.md
Moved PacketFu to 3-Clause BSD.
Added Kiss FFT, Kiss FFT wrapper, and Armitage to 3-Clause BSD.
2012-12-21 14:22:56 -06:00
David Maloney be7da83feb Adds EHLO domain to smtp deliver
Allow the user to set the EHLO domain for the smtp deliver module.
This is needed for Pro functionality

[story #41549217]
2012-12-21 14:22:21 -06:00
jvazquez-r7 02782258eb fix eol for ms12_004_midi 2012-12-21 21:01:39 +01:00
jvazquez-r7 ff4b959c04 Merge branch 'ms12_004_leaky_icky' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms12_004_leaky_icky 2012-12-21 21:01:05 +01:00
sinn3r e9c00488fa Return value does not need to be checked, says zeknox 2012-12-21 13:00:08 -06:00
sinn3r 115ad9ae33 Small corrections 2012-12-21 12:56:44 -06:00
sinn3r 6ac5f2b6a2 Merge branch 'twiki_maketext' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-twiki_maketext 2012-12-21 11:15:49 -06:00
sinn3r 2c4d517e75 Merge branch 'useragent_cleanup' of git://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-useragent_cleanup 2012-12-21 11:14:06 -06:00
sinn3r e9f5f79ee9 Merge branch 'sap_instanceproperties_fix' of git://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-sap_instanceproperties_fix 2012-12-21 11:13:00 -06:00
sinn3r 3c398d0e62 Final cleanup 2012-12-21 10:46:36 -06:00
sinn3r 4c58991c89 Cleanup ROP a little 2012-12-21 10:35:28 -06:00
sinn3r e95f0267c6 Update for some leaky icky 2012-12-21 10:03:38 -06:00
Tod Beardsley 2bb7b5ea11 Fixes error message for badchar
Note that only a custom module that allows for users to pass arguments
to nmap would be capable of hitting the error condition. Right now, only
auxiliary/scanner/oracle/oracle_login traverses the codepath, and that
doesn't allow for arbitrary args passed to nmap.

So... without contriving an example, it should be impossible to
experience or test.

[FixRM #7641]
2012-12-21 09:59:54 -06:00
Tod Beardsley a7ea53ddf0 Update CONTRIBUTING.md
Add in a very short plea about repro steps.
2012-12-21 09:48:13 -06:00
Chris John Riley 413b75cd8b Fixed crash issues with unescape
Added better formatting to avoid pages of output
2012-12-21 12:07:14 +01:00
jvazquez-r7 76cad3dd4c Added module for CVE-2012-6329 2012-12-21 11:30:04 +01:00
Chris John Riley e237512bd7 Cleaned up the SAP modules as they are all sending double user-agent strings (also added OptEnum where appropriate) 2012-12-21 10:47:45 +01:00
HD Moore b3c0c6175d FixRM #3398 by removing double user-agent headers 2012-12-20 14:45:18 -06:00
sinn3r be85cf54ab Why in a quote? 2012-12-20 10:47:23 -06:00
sinn3r 912bfd5a28 Merge branch 'master' of git://github.com/SherifEldeeb/metasploit-framework into SherifEldeeb-master 2012-12-20 10:46:55 -06:00
Sherif Eldeeb f0991f3b3b make "resp.body" as an advanced option
created a new advanced option "HttpUknownRequestResponse" that will be sent back in the HTML body of unknown requests instead of the old static "No site configured at this address" message.
2012-12-20 12:35:00 +03:00
jvazquez-r7 26f561795d fix cmd windows ruby payloads 2012-12-20 00:50:02 +01:00
sput-nick 4595a96ece updated CVE and OSVDB wikka_spam_exec references 2012-12-19 16:42:47 -05:00
sinn3r 37524c7965 Make sure return vals are handled correctly. 2012-12-19 09:45:01 -06:00
sinn3r cfcd1ead54 Merge branch 'netlm_downgrade.rb' of git://github.com/zeknox/metasploit-framework into zeknox-netlm_downgrade.rb 2012-12-19 02:22:00 -06:00
sinn3r 2818e53cbf Merge branch 'indusoft_issymbol_internationalseparator' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-indusoft_issymbol_internationalseparator 2012-12-18 18:16:31 -06:00
sinn3r 592de9b39e Something tells me charles wanna try 5 times, not 6 times. 2012-12-18 18:10:15 -06:00
sinn3r ba242e1809 Merge branch 'master' of git://github.com/charles-n2netsec/metasploit-framework into charles-n2netsec-master 2012-12-18 18:01:28 -06:00
jvazquez-r7 f820ffb32d update authors 2012-12-18 23:57:29 +01:00
jvazquez-r7 8a07d2e53d Added module for ZDI-12-168 2012-12-18 23:48:53 +01:00
sinn3r 7145078e63 Merge branch 'mipsle-shell_reverse_tcp' of git://github.com/kost/metasploit-framework into kost-mipsle-shell_reverse_tcp 2012-12-18 11:50:41 -06:00
sinn3r cad8abef48 msftidy cleanup 2012-12-18 11:46:27 -06:00