infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
38,805 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

395 Commits (9d13df3a2584364494c27348e63fd873fbeed6f7)

Author SHA1 Message Date
agix 631a7b9c48 Adapt to new psexec mixin (first try :D) 2014-04-02 20:33:08 +01:00
Florian Gaultier 978bdbb676 Custom Service Description 2014-04-02 20:33:07 +01:00
sinn3r d7ca537a41 Microsoft module name changes 
So after making changes for MSIE modules (see #3161), I decided to
take a look at all MS modules, and then I ended up changing all of
them. Reason is the same: if you list modules in an ordered list
, this is a little bit easier to see for your eyes.
 2014-03-28 20:56:53 -05:00
Meatballs 8082c19469
Allow servicename/displayname to be set 
Tidyup psexec some more
 2014-03-19 13:16:14 +00:00
David Maloney da0c37cee2
Land #2684, Meatballs PSExec refactor 2014-03-14 13:01:20 -05:00
William Vu 517f264000 Add last chunk of fixes 2014-03-11 12:46:44 -05:00
Meatballs 2f7f344be3
Copy original sleep 2014-02-23 04:53:48 +00:00
Meatballs a00481beb4
Auto target psexec/psh_web 2014-02-09 11:47:15 +00:00
Meatballs c37cb5075c
Merge remote-tracking branch 'upstream/master' into pr2075 2014-02-08 22:11:31 +00:00
sinn3r cc4dea7d49 Was playing with ms08_067 check and realized I forgot this print 2014-01-25 16:15:52 -06:00
sinn3r e5dc6a9911 Update exploit checks 
Progress group 1: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
 2014-01-20 14:26:10 -06:00
Meatballs a3c7dccfc0
Add disconnect option to psexec 
Allow the module to prevent the mixin from ending the SMB session.
 2013-11-24 16:37:25 +00:00
Meatballs dd9bb459bf
PSEXEC Refactor 
Move peer into mixin
PSEXEC should use the psexec mixin
 2013-11-24 16:24:05 +00:00
Meatballs c5007f67ab
Retab psexec_psh 2013-11-22 23:00:36 +00:00
Meatballs 20b76602a1
Merge remote-tracking branch 'upstream/master' into pr2075 
Conflicts:
	lib/msf/core/exploit/powershell.rb
 2013-11-22 22:41:08 +00:00
scriptjunkie 61e4700832
Allow guest login option. 
This enables obtaining or maintaining access to properly misconfigured
systems through the Guest account.
 2013-11-06 11:28:13 -06:00
Meatballs 4fc8bb2b4b
Auto arch detection 2013-10-22 00:42:59 +01:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
Meatballs 9ade4cb671 Refactor 2013-09-13 20:43:09 +01:00
Meatballs 243d3d6ebd Apply comments 2013-09-13 19:19:54 +01:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
violet 4cbdf38377 updated contact info 
MASTER OF DISASTER

ULTRA LASER

:::::::-.  :::::::..        :::::::-.      ...         ...     .        :
 ;;,   `';,;;;;``;;;;        ;;,   `';, .;;;;;;;.   .;;;;;;;.  ;;,.    ;;;
 `[[     [[ [[[,/[[['        `[[     [[,[[     \[[,,[[     \[[,[[[[, ,[[[[,
  $$,    $$ $$$$$$c           $$,    $$$$$,     $$$$$$,     $$$$$$$$$$$"$$$
  888_,o8P' 888b "88bo,d8b    888_,o8P'"888,_ _,88P"888,_ _,88P888 Y88" 888o
  MMMMP"`   MMMM   "W" YMP    MMMMP"`    "YMMMMMP"   "YMMMMMP" MMM  M'  "MMM
 2013-08-26 16:14:49 -07:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
Meatballs eb3f83f26f Merge remote-tracking branch 'remotes/semperv/powershell_import' into psh_merge 
Conflicts:
	modules/exploits/windows/smb/psexec_psh.rb
 2013-07-29 15:17:52 +01:00
Meatballs 176de5a380 Selective psexec_psh merge. 2013-07-29 15:13:59 +01:00
RageLtMan b3fab9a342 Fix git branch mauling - reintroduce psexec_psh 
Replace powershell lib which snuck in as psexec_psh.
Introduce psexec_psh module which uses the Rex and Msf PSH
methods provided in the lib import.
 2013-07-28 19:23:37 -04:00
RageLtMan dc15c5b505 Merge branch 'master' into powershell_import 
Resolve conflicts from old code being pulled into master.

Conflicts:
	lib/msf/core/exploit/powershell.rb
	modules/exploits/windows/smb/psexec_psh.rb
 2013-07-20 19:29:55 -04:00
James Lee f81369a10d Don't make promises about AV detection 2013-07-12 16:13:02 -05:00
James Lee bc88732400 Prints don't need to be rescued 2013-07-12 15:56:04 -05:00
RageLtMan 4554cc6e51 Import Powershell libs and modules (again) 
Add Rex powershell parser:
 reads PSH, determines functions, variables, blocks
 compresses and cleans up the code it's read, obfuscates
 handles string literals and reserved variable names
 extracts code blocks and functions for reuse
  turns powersploit into a useful sub-component for MSF
Rewire Msf powershell modules
 Make use of Rex parser
 Handles payload generation, substituions
 Brings convenience methods - byte array generation and download
 Re-add .NET compiler
  Compiles .NET code (C#/VB.NET) in memory
  Can generate binary output file (dynamic persistence)
  Handles code-signing (steal cert with mimikatz, sign your bin)
  Not detected by AV (still...)
 Update payload generation
  GZip compression and decompression (see Rex module as well)
  msftidy violations for space efficiency - each char counts
Re-submit psexec-psh
 Makes use of updated Msf and Rex modules
 Runs shellcode in-memory (in a hidden PSH window)
 Completely bypasses all AVs tested for the last year...
 2013-07-04 14:04:19 -04:00
Meatballs cd159960e1 Tidy 2013-07-04 12:02:32 +01:00
Meatballs 9c1a43a417 Check payload arch 2013-07-04 11:46:34 +01:00
Meatballs 83bc32abb4 Remove Exploit::Exe 2013-07-04 11:01:01 +01:00
Meatballs 7d6a78bf1f Remove report aux 2013-07-04 10:36:32 +01:00
Meatballs 555140b85a Add warning for persist 2013-07-04 10:30:03 +01:00
Meatballs 44cdc0a1c8 Move options to lib 2013-07-04 10:25:37 +01:00
Meatballs 1368c1c27f Move options to lib 2013-07-04 10:25:08 +01:00
Meatballs 8590720890 Use fail_with 2013-07-04 10:21:24 +01:00
Meatballs 3eab7107b8 Remove opt supplied by lib 2013-07-04 10:16:03 +01:00
Meatballs 7d273b2c8b Refactor to psexec lib 2013-07-04 10:11:13 +01:00
Meatballs 1569a15856 Msf license 2013-07-04 10:08:29 +01:00
Meatballs 052c23b980 Add missing require 2013-07-04 09:58:48 +01:00
Meatballs 6fa60be76f Merge branch 'psexec_psh' of https://github.com/sempervictus/metasploit-framework into psexec_psh 2013-07-04 09:42:18 +01:00
James Lee 5964d36c40 Fix a syntax error 
Also uses a prettier syntax for setting the filename (ternary operators
are hard to read).
 2013-05-31 13:31:36 -05:00
Rob Fuller 95b0d4e5ec move filename init up to remove dup code 
as suggested by @jlee-r7
 2013-05-09 13:29:21 -04:00
Rob Fuller 71c68d09c1 Allow user ability to set filename for psexec service binary 
This should probably be higher up for all
generate_payload_exe but would take a major edit
 2013-05-07 15:26:22 -03:00
sinn3r 0ad548a777 I expect people to know what a share is. 2013-02-07 19:16:44 -06:00
RageLtMan 92ef462c34 This commit completes powershell based psexec 
The original module suffered from a small problem - interactive
process notification from Desktop 0 for users currently logged in.
Although acheiving full AV evasion, we were setting off UserAlert.
This commit updates the module itself to match #1379 in R7's repo.
The size of powershell payloads has been reduced, and a wrapper
added to hide the actual payload process entirely.
 2013-02-04 20:39:05 -05:00
RageLtMan 6ba85d4c06 add libs from #1379 and allow psh 1.0 exec against older hosts 2013-01-30 12:38:53 -05:00
lmercer deb9385181 Patch for smb_relay.rb to allow the share written to, to be defined in an option 
As described in Redmine Feature #5455
 2013-01-29 15:19:35 -05:00
RageLtMan 61cd3b55fc hide window 2013-01-24 14:43:07 -05:00
RageLtMan e6ebf772de allow psh to run in background via cmd start 2013-01-21 08:12:56 -05:00
RageLtMan 43a5322bd4 psexec_psh cleanup 2013-01-20 22:15:55 -05:00
RageLtMan cae0362aa3 Add disk-less AV bypass PSExec module using PSH 
This commit rewires the existing work on PSExec performed by R3dy,
HDM, and countless others, to execute a powershell command instead
of a binary written to the disk. This particular iteration uses
PSH to call .NET, which pull in WINAPI functions to execute the
shellcode in memory. The entire PSH script is compressed with ZLIB,
given a decompressor stub, encoded in base64 and executed directly
from the command-line with powershell -EncodedCommand.

In practice, this prevents us from having to write binaries with
shellcode to the target drive, deal with removal, or AV detection
at all. Moreover, the powershell wrapper can be quickly modified
to loop execution (included), or perform other obfu/delay in order
to confuse and evade sandboxing and other HIDS mechanisms.

This module has been tested with x86/x64 reverse TCP against win6,
win7 (32 and 64), and Server 2008r2. Targets tested were using
current AV with heuristic analysis and high identification rates.
In particular, this system evaded Avast, KAV current, and MS' own
offerings without any issue. In fact, none of the tested AVs did
anything to prevent execution or warn the user.

Lastly, please note that powershell must be running in the same
architecture as the payload being executed, since it pulls system
libraries and their functions from unmanaged memory. This means
that when executing x86 payloads on x64 targets, one must set the
RUN_WOW64 flag in order to forcibly execute the 32bit PSH EXE.
 2013-01-20 21:46:26 -05:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
Alexandre Maloteaux c0c3dff4e6 Several fixes for smb, mainly win 8 compatibility 2012-11-28 22:49:40 +01:00
James Lee b2db3e133d Rescue when the service is crashed 
Failed exploit attempts leave the service in a state where the port is
still open but login attmempts reset the connection. Rescue that and
give the user an indication of what's going on.
 2012-10-22 17:57:30 -05:00
jvazquez-r7 e461d542ac added Windows 2003 SP1 Spanish targets 2012-08-24 12:50:30 +02:00
jvazquez-r7 54ce7268ad modules/exploits/windows/smb/ms08_067_netapi.rb 2012-08-24 11:30:23 +02:00
jvazquez-r7 1a60abc7a7 Added W2003 SP2 Spanish targets 2012-08-24 11:16:08 +02:00
Tod Beardsley bd408fc27e Updating msft links to psexec 
Thanks for the spot @shuckins-r7 !
 2012-08-13 15:28:04 -05:00
HD Moore 44e56c87f1 Make super sure that blank creds are not reported 2012-07-15 20:56:31 -05:00
HD Moore 3bb7405b09 Only report auth if the username is not blank 2012-07-02 04:11:29 -05:00
HD Moore fb7f6b49f0 This mega-diff adds better error classification to existing modules 2012-06-19 12:59:15 -05:00
sinn3r 18c8314d79 Change unknown authors to "Unknown". 
Since "Anonymous" has become a well known organization, the meaning of the
term also may cause confusion.  In order to clarify, we correct unknown
authors to simply "Unknown".
 2012-05-26 15:23:09 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
Tod Beardsley 9144c33345 MSFTidy check for capitalization in modules 
And also fixes up a dozen or so failing modules.
 2012-03-15 16:38:12 -05:00
HD Moore 99177e9d5e Small commit to fix bad reference and old comment 2012-03-06 01:44:26 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
sinn3r aa44eb955e Correct author e-mail format 2012-02-02 11:27:43 -06:00
Tod Beardsley 8ce47ab832 Changing license for KillBill module 
Talked with Solar Eclipse, and he's consented to change his module
license from GPL to BSD, thus striking a blow for freedom. Thanks!
 2012-01-19 11:39:56 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
David Maloney c8142043e9 Fixes to credential handling to downcase usernames whenever they are not case sensitive. 
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
 2011-11-14 22:50:52 -08:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format 
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-06 22:02:26 +00:00
David Rude 521aec205b Return on error 
git-svn-id: file:///home/svn/framework3/trunk@14006 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-19 19:55:04 +00:00
Tod Beardsley 3c36b0c975 Msftidy: knocking out all those trailing spaces. Screw those guys. 
git-svn-id: file:///home/svn/framework3/trunk@13967 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 03:49:49 +00:00
HD Moore cf8524b1b4 Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types 
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-16 09:53:53 +00:00
HD Moore 3d8a18cfd1 Fix tab indent 
git-svn-id: file:///home/svn/framework3/trunk@13836 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-08 18:39:23 +00:00
Joshua Drake 2e7edeff81 See #3585: Happy Third Birthday MS08-067! 
Adds an AlwaysOn DEP bypass for XP SP2 and SP3

git-svn-id: file:///home/svn/framework3/trunk@13835 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-08 07:26:37 +00:00
amaloteaux 9cfba23558 psexec: allow o upload payload in a subfolder 
git-svn-id: file:///home/svn/framework3/trunk@13638 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-25 22:30:46 +00:00
Wei Chen f47a2c7565 Format dictatorship round 2: Fix author e-mail format for all exploit modules 
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-22 20:17:58 +00:00
HD Moore 7dbb56b38b No longer default a target for XP systems; some obscure builds of XP Embedded SP1 have a different offset and not good way to differentiate 
git-svn-id: file:///home/svn/framework3/trunk@13214 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-19 01:40:26 +00:00
HD Moore 764bb36f44 Wait a little longer for a session (5 seconds) 
git-svn-id: file:///home/svn/framework3/trunk@13208 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-18 16:05:51 +00:00
HD Moore 8887fe86b8 Either the offset or the env page moves around for this exploit on some non-english systems, do not default the target for 2003 SP0 
git-svn-id: file:///home/svn/framework3/trunk@13206 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-18 14:59:55 +00:00
David Rude a8b6c43636 reverting the disclosure dates for now need to clean up the patch 
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-04 20:43:19 +00:00
David Rude 3b7ea08f6a Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy 
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-04 19:17:31 +00:00
James Lee b5e0962e3e return the appropriate check codes instead of just printing stuff. add some error checks to avoid stack traces against samba and non-existant hosts 
git-svn-id: file:///home/svn/framework3/trunk@12314 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-13 23:26:07 +00:00
David Rude 39f4c0c42f Added MS08-067 check method thanks staylor =) 
git-svn-id: file:///home/svn/framework3/trunk@12294 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-11 16:32:59 +00:00
amaloteaux 8e61c108d3 typo fix 
git-svn-id: file:///home/svn/framework3/trunk@12229 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-03 23:11:02 +00:00
Joshua Drake 8a627758f3 update description to remove blurb about ATSVC pipe, since it is no longer used 
git-svn-id: file:///home/svn/framework3/trunk@12226 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-03 20:53:54 +00:00
HD Moore 9594829357 Remove the no longer needed require 
git-svn-id: file:///home/svn/framework3/trunk@12181 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-29 18:11:39 +00:00
HD Moore e0e8d986e7 Fix up psexec by adding a reqwuire for the wbemexec mixin 
git-svn-id: file:///home/svn/framework3/trunk@12180 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-29 16:35:26 +00:00
HD Moore 904dd863d1 Remove the WBEM mixin until its actually checked in 
git-svn-id: file:///home/svn/framework3/trunk@12179 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-29 15:26:08 +00:00
amaloteaux 3a6a02e43c add wbem exec method for psexec as optional, fix #3972, thanks to pbk-df3 for patch 
git-svn-id: file:///home/svn/framework3/trunk@12171 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-29 01:07:32 +00:00
amaloteaux 46cf938475 fix typo 
git-svn-id: file:///home/svn/framework3/trunk@12112 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 20:47:49 +00:00
amaloteaux c0a0e3f217 small fix 
git-svn-id: file:///home/svn/framework3/trunk@12110 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 19:02:38 +00:00
amaloteaux e706051bda psexec : allow exploit to succeed on any r/w share 
git-svn-id: file:///home/svn/framework3/trunk@12109 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 18:53:32 +00:00
David Rude eeb1aae9d0 Added Japanese NO NX Target 
git-svn-id: file:///home/svn/framework3/trunk@11985 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 07:58:50 +00:00
amaloteaux dce7dd13fe type fix on psexec 
git-svn-id: file:///home/svn/framework3/trunk@11926 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-10 18:46:58 +00:00
Jonathan Cran 79da0ead08 applying description update from zeknox -- thanks! 
git-svn-id: file:///home/svn/framework3/trunk@11923 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-10 05:36:17 +00:00
amaloteaux 5f6995e8d3 enable ntlmv2 and signing for smb client stack (pth implementation is coming), fixes #11678 and #152 
git-svn-id: file:///home/svn/framework3/trunk@11893 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-07 19:57:53 +00:00
Joshua Drake 160c683f18 Add WbemExec mixin, modify MS10-061 to use MOF technique 
git-svn-id: file:///home/svn/framework3/trunk@11766 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-17 19:22:11 +00:00
Joshua Drake 41f0c2eaa5 typo 
git-svn-id: file:///home/svn/framework3/trunk@11762 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-17 03:56:15 +00:00
Joshua Drake ae33e3ac71 Fixes #3571, normalize 2k3r2 and fix language defaulting 
git-svn-id: file:///home/svn/framework3/trunk@11614 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-21 04:09:48 +00:00
Joshua Drake ffbea6199f Do not wait for the DCERPC call to timeout 
git-svn-id: file:///home/svn/framework3/trunk@11545 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-11 17:56:27 +00:00
Tod Beardsley 0204cedca6 Makes the print_status displays more consistent between smb_login and psexec by moving some of the domain display functions up into exploit/smb proper. 
git-svn-id: file:///home/svn/framework3/trunk@11204 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-02 17:29:26 +00:00
Joshua Drake e9faf75503 fix some more titles with periods 
git-svn-id: file:///home/svn/framework3/trunk@11127 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-24 19:35:38 +00:00
Joshua Drake 3b6edefe44 fix up auto targeting to not assign to "target" 
git-svn-id: file:///home/svn/framework3/trunk@11072 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-19 18:33:34 +00:00
Tod Beardsley 996cc49408 Be more accomodating for SMB domains when bruteforcing SMB hosts. 
git-svn-id: file:///home/svn/framework3/trunk@10977 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-11 02:07:31 +00:00
Joshua Drake ede859f60e use Msf::WindowsError, see #2214 
git-svn-id: file:///home/svn/framework3/trunk@10607 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-08 19:51:50 +00:00
Joshua Drake b36e383581 clean up exceptions a bit further 
git-svn-id: file:///home/svn/framework3/trunk@10557 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-05 23:23:17 +00:00
Joshua Drake 74db9d7fe4 demote to manual ranking due to domain requirement 
git-svn-id: file:///home/svn/framework3/trunk@10554 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-05 19:29:10 +00:00
Joshua Drake d2c5d62606 do not wait for WfsDelay if unable to enum printers 
git-svn-id: file:///home/svn/framework3/trunk@10553 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-05 19:03:52 +00:00
Joshua Drake 6f18c4a468 do not wait for WfsDelay if unable to bind 
git-svn-id: file:///home/svn/framework3/trunk@10545 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-04 20:48:48 +00:00
HD Moore 2f344fe7c8 Moving to ManualRanking since it requires user/pass 
git-svn-id: file:///home/svn/framework3/trunk@10503 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-28 15:23:14 +00:00
HD Moore 3ee6117219 Default to english, in the end, this is still the most common language pack 
git-svn-id: file:///home/svn/framework3/trunk@10471 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-25 03:18:08 +00:00
Joshua Drake 3acede0f3c fix indent 
git-svn-id: file:///home/svn/framework3/trunk@10442 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-23 02:15:40 +00:00
Joshua Drake a0b193f9d3 note psexec release date 
git-svn-id: file:///home/svn/framework3/trunk@10405 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 01:50:50 +00:00
Joshua Drake 8e5cf31e9a big exe/dll update, see #2017 
NOTE: These changes specifically affect payload encoding via RPC, "use
payload", and msfencode

1. consolidate user-specified exe generation routine (now
Msf::Util::EXE.to_executable_fmt)
2. supported format types are now queried/checked using arrays
3. cleaned up and standardized exe option passing
4. rename data store options for EXE mixin
5. add generate_payload_exe_service for psexec/smb_relay
6. reworked default template handling in Msf::Util::EXE
  a. added template search path option (not used if template includes
a path separator)
  b. "fallback" flag to enable using default if specified file doesn't
exist
7. added Msf::Util::EXE.to_win64pe_dll
8. improved error messages from exe generation



git-svn-id: file:///home/svn/framework3/trunk@10404 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-21 00:13:30 +00:00
Joshua Drake 4590844871 tons of indentation fixes, some other style tweaks 
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-20 08:06:27 +00:00
Joshua Drake 0149ec0253 bump exe name to 14 chars to avoid randomly smashing existing bins 
git-svn-id: file:///home/svn/framework3/trunk@10391 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-20 05:06:51 +00:00
Joshua Drake 21d88b36c1 rename generate_exe -> generate_payload_exe 
git-svn-id: file:///home/svn/framework3/trunk@10388 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-20 04:37:25 +00:00
HD Moore 3dae16482f Required admin creds == ManualRanking 
git-svn-id: file:///home/svn/framework3/trunk@10384 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-20 02:56:29 +00:00
HD Moore ad4bf32a45 Move to the SMB directory 
git-svn-id: file:///home/svn/framework3/trunk@10370 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-18 17:56:22 +00:00
Joshua Drake 9dae361383 typo fixes 
git-svn-id: file:///home/svn/framework3/trunk@10332 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-16 16:23:46 +00:00
Joshua Drake 467861ceb7 style compliance fixes 
git-svn-id: file:///home/svn/framework3/trunk@10190 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-30 20:40:05 +00:00
Joshua Drake 330281eadd see #684, adds checksum support, updates modules to use it, fixes some wfs_delay/WfsDelay issues 
git-svn-id: file:///home/svn/framework3/trunk@10150 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-25 20:55:37 +00:00
Joshua Drake 9cc66b39dd indicate not to attempt to read a resposne 
git-svn-id: file:///home/svn/framework3/trunk@10039 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-18 17:21:56 +00:00
Tod Beardsley 6d6a547b34 Fixes #2412. Adds a creds table, modifies the db_report_auth API, adds the db_creds and db_add_cred commands. 
git-svn-id: file:///home/svn/framework3/trunk@10034 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-18 00:58:20 +00:00
Joshua Drake 4f9ed0e4e9 style compliance fixes 
git-svn-id: file:///home/svn/framework3/trunk@10022 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-16 17:12:16 +00:00
Joshua Drake 6243d8fe2a change existing to_win*pe_service uses to pass a hash instead of a string, r10016+this fixes #2398 
git-svn-id: file:///home/svn/framework3/trunk@10017 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-14 20:43:43 +00:00
HD Moore 040a292181 Create a new mixin that changes SMBUser/SMBPass to normal options, include this mixin within SMB modules that more often than not require authentication 
git-svn-id: file:///home/svn/framework3/trunk@9981 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-12 15:00:58 +00:00
Joshua Drake f6033b9bd6 change some print_status to print_error, rename a few msft modules using msb convention 
git-svn-id: file:///home/svn/framework3/trunk@9929 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-25 21:37:54 +00:00
Joshua Drake 136c8d2ecc change print_status to print_error 
git-svn-id: file:///home/svn/framework3/trunk@9919 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-24 21:38:57 +00:00
Joshua Drake 9e360f19e0 ignore timeout errors, see #2260 
git-svn-id: file:///home/svn/framework3/trunk@9839 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-15 20:54:03 +00:00
Joshua Drake b73e13bd62 add xpsp1-jp target from Masashi, fixes #2255 
git-svn-id: file:///home/svn/framework3/trunk@9838 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-15 20:18:34 +00:00
Joshua Drake 7d945ed9dc add lots of disclosure dates from OSVDB 
git-svn-id: file:///home/svn/framework3/trunk@9669 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-03 03:13:45 +00:00
Joshua Drake 0882838491 ensure binary mode when opening files, whitespace fixes 
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-01 23:33:07 +00:00
Joshua Drake b5aac2860c add DEP bypass targets for XPSP2 and 2k3SP1, add 2k3 SP0 target 
git-svn-id: file:///home/svn/framework3/trunk@9632 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-28 16:01:23 +00:00
Joshua Drake 2c91164494 allow x64 payloads to be used with psexec 
git-svn-id: file:///home/svn/framework3/trunk@9565 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-21 03:49:39 +00:00
Joshua Drake a8186ae6ae add suggestion when auto-targeting fails, see #2022 
git-svn-id: file:///home/svn/framework3/trunk@9396 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-02 16:29:14 +00:00
Steve Tornio 365f13551b added refs. I think all the auxiliary and exploit modules should now be covered. 
git-svn-id: file:///home/svn/framework3/trunk@9298 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-13 16:53:50 +00:00
HD Moore d65146ae0c Downgrade MS04_011 to Great, as we have better exploits 
git-svn-id: file:///home/svn/framework3/trunk@9291 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-12 16:36:45 +00:00
Joshua Drake 128e0515ef stop perpetuating the ambiguity! 
git-svn-id: file:///home/svn/framework3/trunk@9262 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-09 17:45:00 +00:00
Joshua Drake 0ea6eca4bc big module whitespace/formatting cleanup pass 
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-30 08:40:19 +00:00
Tod Beardsley bd94145d8d Allows reporting auth credentials to be optional with exploit/windows/smb/psexec. Sometimes you don't want this, especially if you already have an auth credential via smb_login. 
For auxiliary/scanner/smb/smb_login, if a password hash is used instead of a password, record it as a :hash instead of a :pass when reporting to the DB.



git-svn-id: file:///home/svn/framework3/trunk@9116 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-22 17:23:29 +00:00
Joshua Drake d03eacc386 move exploit specific stuff back to exploit method 
git-svn-id: file:///home/svn/framework3/trunk@9094 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-16 05:30:27 +00:00
Joshua Drake 74a344ce7a unbreak the module, oops 
git-svn-id: file:///home/svn/framework3/trunk@9093 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-16 05:10:36 +00:00
Joshua Drake a402a69de6 make error more friendly and clean up whitespace 
git-svn-id: file:///home/svn/framework3/trunk@9092 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-16 04:51:08 +00:00