f2bda05d42
Correct last of the print_
2014-12-11 16:28:08 -08:00
9486f67fbc
report_vuln upon exploitation with more specific details
2014-12-11 16:28:08 -08:00
37d0959fd6
Include info in report_vuln. More style
2014-12-11 16:28:08 -08:00
cfb02fe909
Add check support
2014-12-11 16:28:07 -08:00
44818ba623
Minor style and usage updates as a result of Scanner
2014-12-11 16:28:07 -08:00
0a29326ce7
Mixin Scanner. Yay speed!
2014-12-11 16:28:07 -08:00
c9acd7a233
Remove unnecessary RPORT, which comes from HttpClient
2014-12-11 16:28:07 -08:00
f8c25d83e5
Use get_cookies instead
2014-12-11 16:26:51 -08:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
de88908493
code style
2014-12-11 23:30:20 +01:00
af9979d30b
Ruby style on methods please
...
Introduced in #4220 . This ain't no JavaScript!
2014-12-11 15:24:30 -06:00
47c38ed04e
Merge pull request #4364 from todb-r7/bug/bruteforce-speed-3904
...
Modules should respect bruteforce_speed again
2014-12-11 13:19:42 -06:00
51762e1194
Explicitly include the HTTP Login scanner
...
This should be the last commit that fixes #3904 .
2014-12-11 11:08:08 -06:00
b533f74024
Add a bruteforce_speed option to all LoginScanners
2014-12-11 11:06:32 -06:00
24dbc28521
Land #4356
2014-12-11 09:03:18 -08:00
54e8254a82
Update bmc_trackit_passwd_reset.rb
2014-12-11 10:59:43 -06:00
7afa87f168
screwed up formatting. updated indention at the end. ok seriously, going to bed now
2014-12-11 01:05:56 -08:00
291166e1ff
forgot to run through msftidy.rb. made a few minor corrections
2014-12-11 00:47:39 -08:00
a1624c15ae
Addressed some recommendations made by wvu-r7. Need to remove some comments, add reporting, etc.
2014-12-11 00:40:20 -08:00
22c9db5818
added detect_kippo.rb
2014-12-10 19:37:35 -08:00
67cf3e74c0
Update bmc_trackit_passwd_reset.rb
2014-12-10 20:45:54 -06:00
90cc9a9bed
Update bmc_trackit_passwd_reset.rb
2014-12-10 19:05:46 -06:00
f37dc13a19
Create bmc_trackit_passwd_reset.rb
2014-12-10 18:54:37 -06:00
0eea9a02a1
Land #3144 , psexec refactoring
2014-12-10 17:30:39 -06:00
c813c117db
Use DNS names
2014-12-10 22:25:44 +00:00
245b76477e
Fix issue with execution of perl due to gsub not matching across newlines
2014-12-10 21:38:04 +00:00
86ae104580
Land #4325 , consistent mssql module names
2014-12-09 21:52:05 -05:00
87c83cbb1d
Another round of name corrections
2014-12-09 20:16:24 -06:00
e89a399f95
Merge remote-tracking branch 'upstream/master' into add_cisco_ssl_vpn_priv_esc
2014-12-09 20:55:01 -05:00
09617f990b
Implement BRUTEFORCE_SPEED respect (telnet)
...
This implements just for telnet, but assuming this strategy is kosher,
it's not too painful to add for the rest of the LoginScanner using the
old defaults used by `AuthBrute`.
See #3904 , @dmaloney-r7 or @jlee-r7
2014-12-09 15:40:43 -06:00
176296681a
Fix heartbleed cert parsing, lands #4338 , closes #4309
2014-12-09 14:58:27 -06:00
bb8dfdb15f
Ensure consistency for mssql modules
2014-12-09 10:28:45 -06:00
700ccc71e7
Create tuleap_unserialize_exec.rb
2014-12-09 10:15:46 +01:00
916503390d
use get_data
2014-12-08 22:49:02 +01:00
fb9724e89d
fix heartbleed cert parsing, fix #4309
2014-12-08 21:58:38 +01:00
4abfb84cfc
Upload WAR through Jboss DeploymentFileRepository
2014-12-08 19:02:51 +01:00
909971e0bf
Margins on description, PowerShell not Powershell
2014-12-08 10:57:49 -06:00
80dc781625
Email over E-mail
...
While I believe "e-mail" is the actually correct spelling, we tend to
say "email" everywhere else. See:
````
todb@mazikeen:~/git/rapid7/metasploit-framework$ grep -ri "print.*email"
modules/ | wc -l
19
[ruby-2.1.5@metasploit-framework](fixup-grammar)
todb@mazikeen:~/git/rapid7/metasploit-framework$ grep -ri
"print.*e-mail" modules/ | wc -l
1
````
2014-12-08 10:55:26 -06:00
738fc78883
Land #4220 , outlook gather post module
2014-12-07 22:41:28 +01:00
98e416f6ec
Correct OSVDB id
2014-12-07 17:54:31 +00:00
e474ecc9cf
Add OSVDB id
2014-12-07 17:41:35 +00:00
54705eee48
Fix option parsing
2014-12-06 21:50:54 -06:00
21742b6469
Test #3729
2014-12-06 21:20:52 -06:00
42744e5650
Add actualanalyzer_ant_cookie_exec exploit
2014-12-06 19:09:20 +00:00
cc63d435c7
another whitespace
2014-12-06 09:32:22 +01:00
f0a47f98bc
final formatting
2014-12-06 00:38:05 +01:00
f1f743804e
more formatting
2014-12-06 00:31:38 +01:00
9187a409ec
outlook post module fixes
2014-12-06 00:28:44 +01:00
2f98a46241
Land #4314 , @todb-r7's module cleanup
2014-12-05 14:05:09 -06:00
4b06334455
Minor title change for mssql_enum_domain_accounts_sqli
...
We don't really do "-" for naming
Kind of stands up on a list
2014-12-05 11:42:08 -06:00
7ae786a53b
Add a comment as an excuse to tag the issue
...
Fix #4246
... so it will automatically close the ticket.
2014-12-05 11:26:26 -06:00
f25e3ebaaf
Fix #4246 - More undef 'payload_exe' in other modules
...
Root cause: payload_exe is an accessor in the TFPT command stager
mixin, you need stager_instance in order to retreive that info.
2014-12-05 11:19:58 -06:00
5ea062bb9c
fix bug
2014-12-05 11:30:45 +01:00
55b8d6720d
add wordpress download-manager exploit
2014-12-05 11:17:54 +01:00
e3f7398acd
Fix #4246 - Access payload_exe information correctly
...
This fixes an undef method 'payload_exe' error. We broke this when
all modules started using Msf::Exploit::CmdStager as the only source
to get a command stager payload. The problem with that is "payload_exe"
is an accessor in CmdStagerTFTP, not in CmdStager, so when the module
wants to access that, we trigger the undef method error.
To be exact, this is the actual commit that broke it:
7ced5927d8Fix #4246
2014-12-05 02:08:13 -06:00
85e0d72711
Land #4229 , @tatehansen's module for CVE-2014-7992
2014-12-04 17:20:49 -08:00
f0cfcd4faf
Update dlsw_leak_capture name and print_
...
This makes it more obvious exactly what is being scanned for
2014-12-04 17:20:01 -08:00
e5bdf225a9
Update netflow_file_download.rb
2014-12-04 21:32:19 +00:00
52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT
2014-12-04 13:26:16 -08:00
6bd56ac225
Update any modules that deregistered NETMASK
2014-12-04 13:22:06 -08:00
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
7c62fa5c95
Add Windows post module for reading/searching Outlook e-mail #8
2014-12-04 14:28:40 +01:00
3aecd3a10e
added DLSw v1 and v2 check, added check for \x00 in leak segment
2014-12-03 23:27:11 -07:00
2fcbcc0c26
Resolve merge conflict for ie_setmousecapture_uaf ( #4213 )
...
Conflicts:
modules/exploits/windows/browser/ie_setmousecapture_uaf.rb
2014-12-03 14:12:15 -06:00
3cadcb942a
Add Windows post module for reading/searching Outlook e-mail #7
2014-12-03 18:30:22 +01:00
3a978e1147
Land #4280 , frontpage_login improvements
2014-12-02 14:56:57 -06:00
a631ee65f6
Fix #4293 - Use OperatingSystems::Match::WINDOWS
...
Fix #4293 . Modules should use OperatingSystems::Match::WINDOWS
instead of Msf::OperatingSystems::WINDOWS, because the second
won't match anything anymore.
2014-12-02 13:46:27 -06:00
b29e53984e
Merge master with merge of PR #4225
2014-12-02 11:58:30 -06:00
fc96d011ab
Python reverse_http stager, lands #4225
2014-12-02 11:47:31 -06:00
7fe72fd118
Cosmetic tweaks for #4225
2014-12-02 11:47:14 -06:00
611e8c72eb
Add Windows post module for reading/searching Outlook e-mail #6
2014-12-02 14:05:08 +01:00
a88ee0911a
Fix os detection
...
See #3373
2014-12-02 01:15:55 -06:00
a42c7a81e7
Fix os detection
...
See #4283
2014-12-02 01:13:51 -06:00
394d132d33
Land #2756 , tincd post-auth BOF exploit
2014-12-01 12:13:37 -06:00
0ab2e99419
Delete version from title
2014-12-01 10:24:12 -06:00
d1e8b160c7
Land #4271 , @espreto's module for CVE-2014-7816 WildFly's Traversal
...
* Issue in the web server JBoss Undertow
2014-12-01 10:22:47 -06:00
f4e20284a4
Change mixin include order
2014-12-01 10:22:20 -06:00
d85aabfed9
Use vprint by default
2014-12-01 10:20:12 -06:00
e0cb0f7966
Fix description
2014-12-01 10:19:14 -06:00
fa07b466d6
Use single quote and minor cosmetic changes
2014-12-01 09:57:29 -06:00
d5888a7f6f
Fix module options
2014-12-01 09:55:36 -06:00
47acf3487d
Do minor cleanup
...
* Prepend peer
* Use print_good when file downloaded
2014-12-01 09:53:00 -06:00
0f973fdf2b
Fix #4284 - Typo "neline" causing the exploit to break
...
"neline" isn't supposed to be there at all.
2014-12-01 01:24:30 -06:00
7a2c9c4c0d
Land #4263 , @jvennix-r7's OSX Mavericks root privilege escalation
...
* Msf module for the Ian Beer exploit
2014-11-30 21:13:07 -06:00
b357fd88a7
Add comment
2014-11-30 21:08:38 -06:00
0ab99549bd
Change ranking
2014-11-30 21:08:12 -06:00
7772da5e3f
Change paths, add makefile and compile
2014-11-30 21:06:11 -06:00
e4b3ee2811
Changed the module name.
2014-12-01 01:00:14 -02:00
ecbce679a8
Remove timeout on line 59.
2014-12-01 00:51:12 -02:00
f3957ea428
FILEPATH changed from false to true.
2014-12-01 00:48:47 -02:00
97ee975235
Deleted checking on line 48.
2014-12-01 00:46:58 -02:00
d7d1b72bce
Rename local_variables
2014-11-30 20:40:55 -06:00
84ce573227
Deleted line 61 which returns the server status code.
2014-12-01 00:39:05 -02:00
d77c02fe43
Delete unnecessary metadata
2014-11-30 20:37:34 -06:00
ff30a272f3
Windows paths need 2 backslashes
2014-11-30 18:54:41 -06:00
223bc340e4
Prepend peer
2014-11-30 18:46:15 -06:00
5ad3cc6296
Make FILEPATH mandatory
2014-11-30 18:45:23 -06:00
b1b10cf4e5
Use Rex::ConnectionError
2014-11-30 18:44:25 -06:00
a549cbbef8
Beautify metadata
2014-11-30 18:44:03 -06:00
0887127264
Fixed several recommended changes by jvazquez-r7 and jlee-r7
2014-11-30 00:53:24 -05:00
26d9ef4edd
Explain about Windows back slashes on option
2014-11-30 00:15:44 +00:00
2fb38ec7bb
Create exploit for CVE-2014-5445
2014-11-30 00:12:37 +00:00
6f6274735f
Update frontpage_login.rb
...
Vhost is now used if specified.
Added X-Vermeer-Content-Type header, which seems to be required for the RPC service otherwise server responds with:
method=
status=
status=262147
osstatus=0
msg=No "CONTENT_TYPE" on CGI environment.
osmsg=
2014-11-28 17:21:47 +00:00
f7f4a191c1
Land #4255 - CVE-2014-6332 Internet Explorer
2014-11-28 10:12:27 -06:00
2a7d4ed963
Touchup
2014-11-28 10:12:05 -06:00
48904c2d63
Land #4277 - vmware-mount configurable directory
2014-11-28 08:05:42 +10:00
985838e999
Suggestions from OJ
2014-11-27 21:38:50 +00:00
10a05a393c
Add format_all_drives payload, lands #4268
2014-11-27 11:44:44 -06:00
4a4608adbc
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 23:06:54 +05:30
25ecf73d7d
Add configurable directory, rather than relying on the session working
...
directory.
2014-11-27 17:12:37 +00:00
8473ed144a
Add format_all_drives shellcode for Windows x86_x64
2014-11-27 14:13:49 +05:30
d75ffc36da
Changed the description of FILEPATH
2014-11-27 00:50:34 -02:00
f8dc366f42
Add CVE-2014-7816 Directory Traversal for WildFly 8 Application
2014-11-27 00:13:29 -02:00
84bb5b5215
Rex::Socket.to_sockaddr changed
2014-11-26 17:51:38 +01:00
16b64ff42a
Rex::Socket.to_sockaddr changed
2014-11-26 17:51:05 +01:00
cc33566ca8
Land #4265 , @shuckins-r7 fix for RPORT error on UDP sweep.
2014-11-26 10:27:15 -06:00
79b2b5e231
RPORT is required by UDPScanner; deregister instead
2014-11-26 07:39:14 -08:00
f5633ba3c3
Add format_all_drives shellcode for Windows x86_x64
2014-11-26 20:29:25 +05:30
16a9450d43
session.tunnel_peer changed by session.session_host. Other minor changes
2014-11-26 12:08:54 +01:00
75e5553cd4
Change to in exploit
2014-11-26 16:53:30 +10:00
9524efa383
Fix banner
2014-11-25 23:14:20 -06:00
16ed90db88
Delete return keyword
2014-11-25 23:11:53 -06:00
85926e1a07
Improve check
2014-11-25 23:11:32 -06:00
5a2d2914a9
Fail on upload errors
2014-11-25 22:48:57 -06:00
b24e641e97
Modify exploit logic
2014-11-25 22:11:43 -06:00
4bbadc44d6
Use Msf::Exploit::FileDropper
2014-11-25 22:00:42 -06:00
7fbd5b63b1
Delete the Rex::MIME::Message gsub
2014-11-25 21:54:50 -06:00
eaa41e9a94
Added reference
2014-11-25 21:37:04 -06:00
2c207597dc
Use single quotes
2014-11-25 18:30:25 -06:00
674ceeed40
Do minor cleanup
2014-11-25 18:26:41 -06:00
6ceb47619a
Change module filename
2014-11-25 18:09:15 -06:00
1305d56901
Update from upstream master
2014-11-25 18:07:13 -06:00
5615d65aee
Do minor cleanup
2014-11-25 17:35:07 -06:00
d4e5cd25e1
Report credentials for new login level 15
2014-11-25 16:35:16 -06:00
dc253efa19
Use Rex::Text.rand_text*
2014-11-25 16:35:06 -06:00
f20afff1a8
Do return instead of abort
2014-11-25 16:34:57 -06:00
d876efaa0f
Delete ssh_socket attribute
2014-11-25 16:34:47 -06:00
5091bc76ad
Do minor cleanup
2014-11-25 16:34:22 -06:00
c92a26e967
Update from upstream master
2014-11-25 16:30:45 -06:00
5f4760c58e
Print final results in a table
2014-11-25 14:01:29 -06:00
d998d97aaa
Refactor build_user_sid
2014-11-25 13:58:47 -06:00
aad860a310
Make conditional easier
2014-11-25 13:54:08 -06:00
ba57bc55b0
Don't report service
2014-11-25 13:52:22 -06:00
059b0e91da
Don't report service
...
* The mssql could be in a third host, not rhost
2014-11-25 13:50:42 -06:00
b467bda2d6
Reuse local variable
2014-11-25 13:49:24 -06:00
31a84ef6ff
Make ternary operator more readable
2014-11-25 13:44:50 -06:00
be566e5ad3
Use a lower fuzz number by default
2014-11-25 13:42:47 -06:00
cd43f83cd7
Delete unnecessary comments
...
* No need to comment every step, just relevant
comments to undrestad code.
2014-11-25 13:40:57 -06:00
f93dbc6deb
Use the target domain name
2014-11-25 13:36:48 -06:00
7c87603b0e
Add progress information
2014-11-25 13:23:36 -06:00
8e5b37ea6e
Fix reporting
2014-11-25 13:20:31 -06:00
93539ae4c6
Use shorter variable name
2014-11-25 13:04:31 -06:00
271f982f34
Use peer
2014-11-25 13:03:48 -06:00
c549508abb
Use vprint
2014-11-25 13:03:18 -06:00
249fb79a21
Fix print_* calls
2014-11-25 13:02:53 -06:00
87cfd7c321
Dont use disconnect
2014-11-25 13:00:53 -06:00
fb8372f505
Fix metadata
2014-11-25 12:59:11 -06:00
71f35f5cd6
Update from upstream master
2014-11-25 12:46:44 -06:00
3a5de9970f
Update description, rename xnu_ver -> osx_ver.
2014-11-25 12:38:29 -06:00
7a3fb12124
Add an OSX privilege escalation from Google's Project Zero.
2014-11-25 12:34:16 -06:00
4bd579bc1c
added mssql_enum_domain_accounts_sqli
2014-11-25 09:57:20 -06:00
5294594379
dd Windows post module for reading/searching Outlook e-mail #5 Add DE
2014-11-25 14:36:14 +01:00
64f2b45ef4
Land #4258 , release fixes
2014-11-24 21:44:14 -06:00
71669b9f9e
Change module filename
2014-11-24 20:34:12 -06:00
5c4b1b0283
Output some information
2014-11-24 20:31:26 -06:00
6e9cd331b3
Modify description
2014-11-24 20:28:38 -06:00
261da9306e
Use store_loot
2014-11-24 20:22:21 -06:00
cf52dd895f
Refactor search
2014-11-24 20:20:37 -06:00
2fa5223d3b
move check out of the begin block
2014-11-24 19:28:53 -06:00
90bdc770b5
Use literal creation notation
2014-11-24 19:27:50 -06:00
2c4caeed29
Clean metadata
2014-11-24 19:26:12 -06:00
443dd7b6c0
Use constants
2014-11-24 19:04:02 -06:00
250250beb0
Fix indentation
2014-11-24 18:58:07 -06:00
88ccffacb4
Update from upstream master
2014-11-24 18:32:35 -06:00
0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
...
All of the work is done in rex. The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
bd948eb346
Normalize author name
...
From #4061 , please don't decorate author names with URLs.
2014-11-24 13:03:42 -06:00
343a0d78bc
Delete admin check
2014-11-24 12:28:19 -06:00
7164c4e038
Use shorter filename
2014-11-24 12:10:08 -06:00
021b27dd83
Clean reporting
2014-11-24 12:01:09 -06:00
f74ab34881
Delente unnecessary check
2014-11-24 11:50:41 -06:00
3c858c793a
Use vprint
2014-11-24 11:49:36 -06:00
583494c0db
use BrowserExploitServer
2014-11-24 18:49:27 +01:00
4a169210ab
Use vprint
2014-11-24 11:48:16 -06:00
ecb74c543a
Beautify description
2014-11-24 11:27:32 -06:00
c52104e91d
Beautify metadata
2014-11-24 11:24:41 -06:00
fcb4bea3c1
Fix code comments
2014-11-24 11:23:27 -06:00
77b1f2d2f0
Fixup for release
...
Fixes the grammar on the SMTP enumeration module and the Cisco CDP
module, and adds a more informative description and reference for the
CDP module introduced on PR #4061 .
2014-11-24 10:50:43 -06:00
10d0305cb2
Update from upstream master
2014-11-24 09:48:43 -06:00
e9750e2df8
Minor style/usability cleanups
2014-11-24 06:57:31 -08:00
08a67d78c5
module for CVE-2014-6332.
2014-11-24 08:25:18 +01:00
57419bb0fc
Fix #4253 - Print access level for snmp_login
...
Fix #4253 - module should print the access level
2014-11-22 23:09:15 -06:00
9828598cb7
removing timeout method and option
2014-11-22 00:28:56 -07:00
57b04f96a7
working with DLSw protocol check
2014-11-21 23:54:00 -07:00
b9a274f869
improving DLSw detection
2014-11-21 18:58:02 -07:00
53b69583f4
Add Windows post module for reading/searching Outlook e-mail #4
2014-11-21 20:00:30 +01:00
3ac1f7d4fb
Land #4242 , @Meatballs1 fix for sap_service_discovery report_note
...
* I cannot reproduce @Meatballs1 issue
* But I noticed report_note should :update with :unique_data
* Fixed the :update
2014-11-21 10:16:08 -06:00
e30ee9fee2
Update with :unique_data
2014-11-21 10:14:39 -06:00
99a23ada5c
Module cleanup, error handling, and reporting
2014-11-20 16:18:20 -06:00
e255db9429
Partial commit
2014-11-20 13:49:36 -08:00
94e5ba13a4
YARD and spec cleanup
2014-11-20 13:28:01 -08:00
df36ac910d
Mostly complete Kademlia PING / BOOTSTRAP scanner
2014-11-20 13:28:01 -08:00
ab49d01a1b
Add beginnings of Kademlia gather module and protocol support
2014-11-20 13:28:00 -08:00
2f6c4a9ba4
Slight tweak to description/author email formatting
2014-11-20 14:53:52 -06:00
ee15179441
Fix service discovery errors
2014-11-20 18:22:33 +00:00
8306d739e3
add scanner module to extract domain from NTLM challenge
2014-11-20 11:02:21 -05:00
8e7e5590c9
rename SHELLARG to ARGV0 because that's really what it is
2014-11-19 22:14:24 +01:00
ac4c11ca39
work on linux/armle/shell_bind/tcp
...
same changes as to shell_reverse_tcp
2014-11-19 21:53:23 +01:00
fd7248b3c0
work on linux/armle/shell_reverse_tcp
...
shorten the execve code, remove exit, grow argv[0] space
2014-11-19 21:53:23 +01:00
9e9954e831
fix placeholder to show the firmware version I used
2014-11-19 21:23:39 +01:00
a718e6f83e
add exploit for r7-2014-18 / CVE-2014-4880
2014-11-19 21:07:02 +01:00
6a58774dd6
Land #4234 , crediting @jduck
2014-11-19 12:43:04 -06:00
a4a1048f95
modified to get data collection off sock working
2014-11-19 11:17:58 -07:00
684975a315
Use correct target address for fake As
2014-11-19 08:28:56 -08:00
3777e78a85
Sanitize creation of target host. Return minimal for SRV
2014-11-19 08:28:56 -08:00
52e004d8ab
Use less conflicting name for SRV record port
2014-11-19 08:28:56 -08:00
ee90e4353b
Add more consistent logging for fakedns types that support fake vs bypass
2014-11-19 08:28:55 -08:00
0910275fac
Don't artificially insert additional records when BYPASS
2014-11-19 08:28:55 -08:00
a38cb3ee53
@jhart-r7 commits are accepted and conflicts fixed.
2014-11-19 08:28:55 -08:00
ab7f6866f5
FAKE and BYPASS actions are implemented for SRV queries
2014-11-19 08:28:55 -08:00
f403d27fbd
Author update for the fakedns module
2014-11-19 08:28:55 -08:00
47f7d8c4be
IN:SRV expansion for Fake DNS server
2014-11-19 08:28:55 -08:00
a9cb6e0d2f
Add jduck as an author on samsung_knox_smdm_url
2014-11-19 10:18:08 -06:00
895bdd9c6f
Remove unused options
2014-11-19 08:09:52 -08:00
134046975e
Remove report mixin which was not used
2014-11-19 08:09:52 -08:00
4c112e71c1
Remove errant whitespace, unnecessary to_s
2014-11-19 08:09:52 -08:00
f54fc3da87
More CDP cleanup. Loop, cleaner packet construction, style
2014-11-19 08:09:52 -08:00
0dac2de3fd
Use PacketFu::EthHeader.mac2str for MAC formatting
2014-11-19 08:09:52 -08:00
2d484a3e1a
Remove sniffing capabilities from cdp -- use wireshark/tcpdump instead
2014-11-19 08:09:52 -08:00
39d691086e
First round of basic Ruby style cleanup in cdp
2014-11-19 08:09:52 -08:00
7e93d890ab
Viproy is removed from names
...
Author section is fixed
2014-11-19 08:09:52 -08:00
d78d57eaf4
Viproy VoIP Pen-Test Kit - Cisco CDP Testing Module
2014-11-19 08:09:52 -08:00
1d0d5582c1
Remove datastore options
2014-11-19 15:05:36 +00:00
7004c501f8
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
...
Conflicts:
modules/exploits/windows/smb/psexec.rb
2014-11-19 14:40:50 +00:00
7d6e7a6bfa
Minor Ruby style and module usability cleanup
2014-11-18 16:33:05 -08:00
6b8b49ff98
improving metasploit module based on feedback
2014-11-18 15:03:18 -07:00
fb4b6543e2
Handle other rex exceptions
2014-11-18 15:57:41 -06:00
542eb6e301
Handle exception in brute force exploits
2014-11-18 12:17:10 -08:00
60e31cb342
Allow sunrpc_create to raise on its own
2014-11-18 12:17:10 -08:00
500c4249fe
Update solaris_kcms_readfile to gracefully handle RPC errors
2014-11-18 12:17:10 -08:00
82f89e620b
Clean up nfs mount scanner to *print_* better
2014-11-18 12:17:10 -08:00
b2f9307e0a
vprint # of RPC programs, since the table comes right after
2014-11-18 12:17:10 -08:00
a9f9a8b116
Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner
2014-11-18 12:17:10 -08:00
c7794a7ed9
Clean up Ruby style in sunrpc_portmapper
2014-11-18 12:17:09 -08:00
059d84e4ca
More consistent *print_* and Rex::Ui::Text::Table for sunrpc_portmapper
2014-11-18 12:17:09 -08:00
435c6eef81
Add Windows post module for reading/searching Outlook e-mail #3
2014-11-18 16:27:33 +01:00
91a53dc36c
Add Windows post module for reading/searching Outlook e-mail
2014-11-18 12:41:24 +01:00
703e0486fb
Add DLSw leak capture module for CVE-2014-7992
2014-11-17 20:35:54 -07:00
d5ebd8a2dc
Shorten the reverse_http stager by renaming a var
2014-11-17 19:04:26 -05:00
7daedac399
Land #3972 @jhart-r7's post gather module for remmina Remmina
...
* Gather credentials managed with Remmina
2014-11-17 16:44:41 -06:00
45d219c0d8
Land #4102 , @jhart-r7's fix for nbns_response
...
* Use request src_port instead of 137
2014-11-17 15:46:38 -06:00
286827c6e5
Land #4186 , Samsung KNOX exploit. Ty @jvennix-r7!
2014-11-17 13:29:39 -06:00
39980c7e87
Fix up KNOX caps, descriptive description
2014-11-17 13:29:00 -06:00
0f41bdc8b8
Add an OSVDB ref
2014-11-17 13:26:21 -06:00
8c34f35ca9
added mssql_enum_windows_domain_accounts.rb
2014-11-17 13:03:43 -06:00
54de805b7a
Report credentials
...
* Even when we are not associating them to hosts
* It's a post module so maybe we cannot solve some names
2014-11-17 12:49:18 -06:00
7a2b7208e7
Add Windows post module for reading/searching Outlook e-mail
2014-11-17 19:38:55 +01:00
b3b37c7c9f
Use longer description lines
2014-11-17 12:23:22 -06:00
145e610c0f
Avoid shadowing new method
2014-11-17 12:22:30 -06:00
fd53e969fd
Land #4217 , browser_autopwn variable fix
2014-11-17 11:46:52 -06:00
405eae4b6e
Remove EOL whitespace
2014-11-17 11:46:36 -06:00
20195e7f37
Update from upstream/master
2014-11-17 11:43:48 -06:00
91ba25a898
Land #4208 , psexec delay fix
2014-11-17 11:35:56 -06:00
2c36f79934
Land #4165 , @jhart-r7's check for datastore options on Cisco dtp
...
* Fix modules/auxiliary/spoof/cisco/dtp
* Just one of the two options is required
2014-11-17 11:23:31 -06:00
d5afb2b766
%q
2014-11-17 09:01:14 -08:00
ce73e32673
Doc and named captures
2014-11-17 09:01:14 -08:00
bf05fe1389
Refactoring, simplification, better print_*
2014-11-17 09:01:14 -08:00
6e1cdfde36
Rip out create_credential* stuff. Use what works
2014-11-17 09:01:14 -08:00
e5bb13a609
If remmina config files are missing data for creds, tell me what
2014-11-17 09:01:14 -08:00
875d1f9ea0
Convert Remmina credential gatherer to use new credentials model
2014-11-17 09:01:14 -08:00
086f0c02d6
Remove excessive logging
2014-11-17 09:01:14 -08:00
90e58e9e71
Binary encoding
2014-11-17 09:01:14 -08:00
e76373340e
Correct some Rubocop things that I agree with
2014-11-17 09:01:14 -08:00
f729a6cf02
Add Remmina RDP/SSH/VNC password gathering
2014-11-17 09:01:13 -08:00
cd61975966
Change puts to vprint_debug.
2014-11-17 10:13:13 -06:00
9243cfdbb7
Minor fixes to ruby style things
2014-11-17 17:12:17 +01:00
fc1635e80a
Fix BAP JS ref error.
2014-11-17 10:06:15 -06:00
2a24151fa8
Remove BAP target, payload is flaky. Add warning.
2014-11-17 02:02:37 -06:00
9fe4994492
Chris McNab has been working with MITRE to add these CVEs
...
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
0bf93acf6b
Pymeterp http proxy and user agent support
2014-11-16 14:29:20 -05:00
5de69ab6a6
minor syntax fixes.
2014-11-15 21:39:37 -06:00
3fb6ee4f7d
Remove dead constant.
2014-11-15 21:38:11 -06:00
7a62b71839
Some URL fixes from @jduck and exploit ideas from Andre Moulu.
...
The exploit works with the URLs fixed, installs the APK, but hangs at the Installing...
screen and never actually launches. We tried opening the APK in a setTimeout() intent
URI, but the previously launched intent seemed unresponsive. Andre had the bright
idea of re-opening the previously launched intent with invalid args, crashing it and
allow us to launch the payload.
2014-11-15 21:33:16 -06:00
a521d469ed
Land #4194 , Quake protocol support
2014-11-15 17:44:19 -06:00
28135bcb09
Land #4159 , MantisBT PHP code execution by @itseco
2014-11-15 07:49:54 +01:00
27d5ed624f
fix for IE9 exploit config
2014-11-14 17:21:59 -08:00
17ab0cf96e
ADD winxpIE8 exploit for MS13-080
2014-11-14 17:16:51 -08:00
7c14e818f6
Patch pymeterp http settings
2014-11-14 17:12:23 -05:00
e194d5490d
See #4162 - Don't delay before deleting a file via SMB
...
So I was looking at issue #4162 , and on my box I was seeing this
problem of the exploit failing to delete the payload in C:\Windows,
and the error was "Rex::Proto::SMB::Exceptions::NoReply The SMB
server did not reply to our request". I ended up removing the sleep(),
and that got it to function properly again. The box was a Win 7 SP1.
I also tested other Winodws boxes such as Win XP SP3, Windows Server
2008 SP2 and not having the sleep() doesn't seem to break anything.
So I don't even know why someone had to add the sleep() in the first
place.
2014-11-14 15:45:37 -06:00
681ae8ce6b
Pymet reverse_http stager basic implementation
2014-11-14 14:15:46 -05:00
ee9b1aa83a
Manage Rex::ConnectionRefused exceptions
2014-11-14 10:53:03 -06:00
428fe00183
Handle Rex::ConnectionTimeout
2014-11-13 22:34:28 -06:00
57aef9a6f5
Land #4177 , @hmoore-r7's fix for #4169
2014-11-13 18:29:57 -08:00
4a0e9b28a4
Use peer
2014-11-13 19:26:01 -06:00
4a06065774
Manage Exceptions to not wait the full wfs_delay
2014-11-13 19:17:09 -06:00
73ce4cbeaa
Use primer
2014-11-13 18:21:19 -06:00
0bcb99c47d
Fix metadata
2014-11-13 18:00:11 -06:00
a5c8152f50
Use fail_with
2014-11-13 17:57:26 -06:00
6ddf6c3863
Fail when the loader cannot find the java payload class
2014-11-13 17:55:49 -06:00
3faa48d810
small bugfix
2014-11-13 22:51:41 +01:00
7d6b6cba43
some changes
2014-11-13 22:46:53 +01:00
e2dc862121
Fix newly introduced typo.
2014-11-13 14:53:57 -06:00
dd1920edd6
Minor typos and grammar fixes
2014-11-13 14:48:23 -06:00
17032b1eed
Fix issue reported by FireFart
2014-11-13 04:48:45 -05:00
80a9fa4b5d
Ports default values added, is_internal REX function added, reference added
2014-11-13 10:10:25 +01:00
31f3aa1f6d
Refactor create packager methods
2014-11-13 01:16:15 -06:00
38a96e3cfc
Update target info
2014-11-13 00:56:42 -06:00
e25b6145f9
Add module for MS14-064 bypassing UAC through python for windows
2014-11-13 00:56:10 -06:00
f081ede2aa
Land #4155 , @pedrib's module for CVE-2014-8499
...
* Password Manager Pro privesc + password disclosure
2014-11-12 23:56:26 -06:00
ea6d8860a1
Not root, just arbitrary permissions.
2014-11-12 21:51:55 -06:00
ebf6fe4e56
Minor style cleanup
2014-11-12 16:44:43 -08:00
a5009170e7
Land #4185 - Add CVE-2014-6352 (ms14-060 aka sandworm)
2014-11-12 17:11:43 -06:00
07a1653e57
Add gather module for Quake servers
2014-11-12 13:32:56 -08:00
9df31e950f
Add OSVDB id
2014-11-12 21:32:33 +00:00
54158c8662
Land #4005 , TNS poison checker
2014-11-12 13:29:59 -06:00
d242bc220b
Minor fixups and disclosure date for TNS module
2014-11-12 13:25:10 -06:00
955a5142ca
Edit e-mail address for antispam
2014-11-12 13:19:04 -06:00
1895311911
Change URL to single line.
2014-11-12 10:56:51 -06:00
529f749abb
Add post-exploitation module to get FW filtering rules
2014-11-12 17:38:49 +01:00
8689b0adef
Add module for samsung knox root exploit.
2014-11-12 09:53:20 -06:00
70589668c2
Really land the #4130 module
2014-11-12 09:39:01 -06:00
ece8013d7a
Use #empty?
2014-11-12 09:35:06 -06:00
f048463ed6
Do minor fixupts
...
* Delete peer method
* Make verifications more strict
2014-11-12 09:33:49 -06:00
a5c87db65e
Do minor cleanup
...
* Beautify description
* Use double quotes for interpolation
2014-11-12 09:29:53 -06:00
e1164d3e14
Use snake_case on filename
2014-11-12 09:26:47 -06:00
c35dc2e6b3
Add module for CVE-2014-6352
2014-11-12 01:10:49 -06:00
7e05f88399
Reapply PR #4113 (removed via #4175 )
2014-11-11 15:06:43 -06:00
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
017a44c0ae
Revert errored merge of deea30d
...
Revert "Merge branch 'master' of https://github.com/farias-r7/metasploit-framework into upstream-master"
This reverts commit deea30ddb414514d7b8b
2014-11-11 14:38:47 -06:00
9238d80a24
Use correct source port for NBNS spoofer
...
137 is only correct for systems that use this as their source port.
Systems running Samba, for example, don't use this. So use the port
taken from the original request, not 137 or 1337
2014-11-11 10:33:27 -08:00
96ba6da697
Add the UDP scanner template, lands #4113 .
...
There is some additional work to do regarding CHOST/CPORT, but this is not tied to the udp template changes.
2014-11-11 11:59:30 -06:00
01fda27264
Fix title
2014-11-11 11:15:53 -06:00
a588bfd31a
Use single quotes
2014-11-11 09:56:46 -06:00
77c8dc2b64
Dont return nil from 'run'
2014-11-11 09:39:08 -06:00
fb309aae11
Use a Fixnum as FuzzInt default value
2014-11-11 09:36:53 -06:00
f6762b41b6
Use random fake db name
2014-11-11 09:35:51 -06:00
94c353222d
Do small cosmetic changes
2014-11-11 09:31:57 -06:00
e9e5869951
update from master
2014-11-11 09:24:33 -06:00
c0285067c9
Add new module to test TNS poison
...
msf auxiliary(tnspoison_checker) > show options
Module options (auxiliary/scanner/oracle/tnspoison_checker1):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 172.16.2.100, 172.16.2.24, 172.16.2.101 yes The target address range or CIDR identifier
RPORT 1521 yes The target port
THREADS 1 yes The number of concurrent threads
msf auxiliary(tnspoison_checker) > exploit
[+] 172.16.2.100:1521 is vulnerable
[*] Scanned 1 of 3 hosts (033% complete)
[-] 172.16.2.24:1521 is not vulnerable
[*] Scanned 2 of 3 hosts (066% complete)
[-] 172.16.2.101:1521 unable to connect to the server
[*] Scanned 3 of 3 hosts (100% complete)
[*] Auxiliary module execution completed
2014-11-11 17:29:27 +03:00
ac17780f6d
Fix by @FireFart to recover communication with the application after a meterpreter session
2014-11-11 05:49:18 -05:00
6bf1f613b6
Fix issues reported by FireFart
2014-11-11 00:41:58 -05:00
091da05a86
update from master
2014-11-10 22:59:44 -06:00
cac6494427
Use snake_case in filename
2014-11-10 16:58:46 -06:00
2c33642de8
Do minor cleanup
2014-11-10 16:57:57 -06:00
12ae8b3ec6
update from master
2014-11-10 16:19:26 -06:00
493b81d874
cleanup
2014-11-10 15:22:21 -06:00
31fa57fcb2
mssql_enum_sql_logins
2014-11-10 15:19:55 -06:00
d543b16cc1
Added mssql_enum_sql_logins.rb
2014-11-10 15:02:46 -06:00
ea226f7482
Update mssql_enum_sql_logins.rb
2014-11-10 15:02:14 -06:00
d4bbf0fe39
Fix issues reported by wchen-r7 and mmetince
2014-11-10 15:27:10 -05:00
74344e9295
added mssql_enum_sql_logins
2014-11-10 13:42:52 -06:00
Jon Hart
Christian Mehlmauer
Tod Beardsley
dmaloney-r7
Brandon Perry
Andrew Morris
Meatballs
Marc Wickenden
Spencer McIntyre
sinn3r
Jonathan Claudius
HD Moore
EgiX
us3r777
Pedro Ribeiro
jvazquez-r7
Brendan Coles
William Vu
wez3
tate
Roberto Soares Espreto
Deral Heiland
Tiago Sintra
OJ
Rasta Mouse
HackSys Team
peregrino
Joe Vennix
nullbind
spdfire
Rich Whitcroft
Mark Schloesser
Fatih Ozavci
floyd
Rich Lundeen
Juan Escobar
Nikita