Commit Graph

5135 Commits (a2778ea29739c52b07d406f4300332cb784d78f3)

Author SHA1 Message Date
sinn3r 1dec4c0c45 These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE'] 2012-01-30 13:08:35 -06:00
sinn3r fed0df3552 Merge branch 'osx_x64_exec' of https://github.com/argp/metasploit-framework into argp-osx_x64_exec 2012-01-30 11:01:03 -06:00
sinn3r a0ac4125cd Add aux module CMS400 default pass scanner (feature #6301) 2012-01-30 10:40:59 -06:00
Jon Hart 1b03a48540 Use desired [at] format for email 2012-01-30 08:21:58 -08:00
Jon Hart 16610d8852 Update email address to use desired [at] format 2012-01-30 08:05:08 -08:00
Patroklos Argyroudis 4e1029ae8b Execute (execve) arbitrary command payload for Mac OS X x64 2012-01-30 11:01:57 +02:00
sinn3r 21a05ce1d6 Fix bug: NoMethodError undefined method `report_vm' (#6298) 2012-01-30 00:44:45 -06:00
sinn3r ce7f93f5d9 Merge pull request #138 from claudijd/master
Added Sequence Filters and MSF Exploit Capture to BNAT Scan
2012-01-29 22:07:25 -08:00
Jon Hart 37d467ea79 Loot .netrc files, generic enum_user_directories 2012-01-29 14:03:57 -08:00
Jon Hart 5294fb57a4 Add post module to obtain SMB credentials stored for mount.smbfs 2012-01-29 12:04:26 -08:00
HD Moore dda3453ac7 Correct a typo 2012-01-28 23:33:26 -06:00
HD Moore 774862508e Handle another common error type 2012-01-28 23:31:20 -06:00
Jonathan Claudius 88298cf847 Added Sequence Filters and MSF Exploit Capture
-Sequence Filters (No More False Positives)
-Msf::Exploit::Capture (Use built-in MSF libs over manual threading)
-Immediate Feedback (Don't need to wait until complete to print results)
-Timeout (Includes user configurable timeout)
2012-01-28 22:44:12 -06:00
Jonathan Cran 54ffb01080 This module should use the default list of tomcat users 2012-01-28 18:13:34 -06:00
David Maloney ca7aa21202 Removed schema features from database hashdump modules
now that there are dedicated schemadump modules.
2012-01-28 16:55:39 -06:00
HD Moore 5a095e8ef5 Fixes for PCA modules 2012-01-28 14:35:07 -06:00
HD Moore c63c7393e3 Print status output 2012-01-28 13:52:38 -06:00
HD Moore f3eb78199b Add TCP-based PCA probe 2012-01-28 13:52:38 -06:00
sinn3r fbac9a7239 Forgot to remove this comment 2012-01-28 13:18:15 -06:00
HD Moore 2d7852ddef Merge PCA scans into udp_sweep/udp_probe 2012-01-28 13:05:24 -06:00
David Maloney 4cd38c5555 Adds login scanner module for VMware Server and ESX 2012-01-27 16:23:56 -06:00
sinn3r 7b866eee86 Use the proper function for verbose prints 2012-01-27 12:50:01 -06:00
HD Moore a2d20e25d3 Fix a regression in the workspace inclusion code (only affected
non-DB-connected instances). Add a PCA UDP scanner
2012-01-27 12:36:13 -06:00
sinn3r 64651e52a8 Credit Shane of X-Force for the discovery 2012-01-27 11:18:34 -06:00
David Maloney c5e667a1dc Post Module to enumerate VirtualBox VMs for the current user. 2012-01-27 11:12:59 -06:00
David Maloney 0e0aa33c47 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-27 11:12:35 -06:00
David Maloney 56be45f3a4 A few minor fixes to the find vmx module 2012-01-27 11:12:17 -06:00
HD Moore b4e2228404 Fix exitfunc option name 2012-01-27 09:15:31 -06:00
sinn3r 298b94d397 Add MS12-004 MIDI Heap Overflow Remote Code Execution Exploit (CVE-2012-003) 2012-01-27 03:48:39 -06:00
sinn3r a4c876a424 No need to manually add VERBOSE as an option, it already is (built-in) 2012-01-27 02:17:59 -06:00
sinn3r 3f4dbd9df6 Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework 2012-01-27 01:58:42 -06:00
Stephen Haywood efda420e5f Updates to enum_artifacts 2012-01-26 19:35:39 -05:00
sinn3r 9b78b6bd17 Hmm, the indent level of the description looks a bit funny. Fixing. 2012-01-26 17:24:05 -06:00
David Maloney 494c37c659 Adds a Multi-System post module for finding VMWare Virtual Machines 2012-01-26 16:25:50 -06:00
Tod Beardsley 5afc164c39 Merge branch 'vm-stuff' 2012-01-26 13:04:44 -06:00
Tod Beardsley fe22090a12 Correct e-mail format 2012-01-26 13:04:38 -06:00
Tod Beardsley 33c53b1f3f Updates vm checking 2012-01-26 13:02:39 -06:00
sinn3r 3952a06292 Minor changes 2012-01-26 11:35:43 -06:00
Tod Beardsley 8ce4ad49de Correct e-mail format 2012-01-26 11:24:38 -06:00
sinn3r 67274e2e85 Merge branch 'hp_magentservice' of https://github.com/linuxgeek247/metasploit-framework into linuxgeek247-hp_magentservice 2012-01-26 11:00:36 -06:00
David Maloney d0d964d8ab Adds an error message if the module couldn't conenct to the target.
Fixes #6278
2012-01-26 10:56:07 -06:00
Joshua J. Drake 31fb7e7b28 Fallback to writing a new file if resuming fails 2012-01-25 14:49:30 -06:00
Christopher McBee 1af6740b24 Initial checking of hp_magentservice module 2012-01-25 13:04:30 -05:00
Dave Hull 76ebbc48ec Update modules/post/windows/gather/dumplinks.rb 2012-01-24 23:16:40 -06:00
Marcus J. Carey 49be9996bc Merge remote-tracking branch 'upstream/master' 2012-01-24 20:23:58 -06:00
Marcus J. Carey 35de6a593b Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:14:10 -06:00
Marcus J. Carey 2e2726c3c0 Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:06:49 -06:00
Marcus J. Carey 88b1cd6891 Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:03:33 -06:00
Marcus J. Carey 71648159a8 Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:00:47 -06:00
Marcus J. Carey a20bd78f75 Adding html_frame_payload.rb 2012-01-24 16:56:32 -06:00
Tod Beardsley f6a6963726 Msftidy run over the recent changed+added modules 2012-01-24 15:52:41 -06:00
Jon Hart 7ec5f98480 Adding jhart's natpimp libary and modules.
Made some minor corrections -- dropped the #vim splats, switched to msf
constants for service open etc, namely.

[See #106]
2012-01-24 10:32:30 -06:00
Tod Beardsley 2f3e976173 Actually fix ruby loop syntax on d20pass 2012-01-24 10:08:19 -06:00
sinn3r fc00398330 Yup, that's better 2012-01-23 16:02:35 -06:00
sinn3r 39a2a894ee Fix fh, trailing comma, and ruby loop syntax 2012-01-23 15:15:49 -06:00
sinn3r ea9e9852cf ah man, typo! 2012-01-23 11:59:13 -06:00
sinn3r 621567dcc8 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-23 11:56:50 -06:00
sinn3r afc547e0fb Improve: Proper use of cmd_exec() and correct cmd path. More error handling for exec and rm. Fix bug with path setting, etc. 2012-01-23 11:54:19 -06:00
James Lee 455bcda6e8 Print the port so we know which http service 2012-01-23 10:17:32 -07:00
sinn3r 60d5f6d0bd Merge branch 'download_and_execute' of https://github.com/sempervictus/metasploit-framework into sempervictus-download_and_execute 2012-01-23 10:28:27 -06:00
Patroklos Argyroudis c6eb104132 bug fix for hardcoded max command length 2012-01-23 10:24:22 +02:00
RageLtMan 5671e2f691 Downloand and execute (railgun) 2012-01-22 23:25:49 -05:00
David Maloney 34491970b3 Adds a new VMWare Authentication Daemon login scanner module. 2012-01-22 15:39:53 -06:00
David Maloney bcb19ab0a3 Fixes an issue with smb_login not properly dealing with abritrary guest access
on Samba.
2012-01-22 01:35:36 -06:00
David Maloney 06b1bffcea Addresses an issue with udp sweep module that recorded services
from non-specified hosts when they respond to broadcast probes.
2012-01-20 15:34:15 -06:00
sinn3r be906023dc one register_options() should be fine. 2012-01-20 13:02:54 -06:00
sinn3r d6566aa818 Add CVE-2011-4050 7-Technologies IGSS 9 IGSSdataServer.exe DoS module (Feature #6267) 2012-01-20 12:57:13 -06:00
sinn3r bbb4205683 Set default maxpage to 1, because it's faster. 2012-01-20 11:09:38 -06:00
sinn3r 5631774d92 Fix bug: NoMethodError undefined method `each' for nil:NilClass (line 155) 2012-01-20 10:58:02 -06:00
sinn3r 9e5d2ff60e Improve URI, plus some other minor changes. 2012-01-19 13:26:25 -06:00
sinn3r ca51492079 Merge branch 'master' of https://github.com/joernchen/metasploit-framework into joernchen-master 2012-01-19 13:17:06 -06:00
Joshua J. Drake 292332d355 Add some error handling for tns_version method 2012-01-19 13:03:19 -06:00
joernchen of Phenoelit 2199cd18d7 fine tuning thx to sinn3r 2012-01-19 19:50:30 +01:00
joernchen of Phenoelit df9380500a disclosure date added 2012-01-19 19:19:53 +01:00
Tod Beardsley 8ce47ab832 Changing license for KillBill module
Talked with Solar Eclipse, and he's consented to change his module
license from GPL to BSD, thus striking a blow for freedom. Thanks!
2012-01-19 11:39:56 -06:00
Tod Beardsley a75b373d7a Fixing e-mail format for antispam 2012-01-19 10:58:25 -06:00
Tod Beardsley ed3191bcfe Adding d20pass module 2012-01-19 10:58:16 -06:00
joernchen of Phenoelit 197eb16f72 gitorious remote command exec exploit 2012-01-19 11:36:08 +01:00
HD Moore bb035bfec2 Fix up API option names so they can be set globally 2012-01-18 15:05:39 -06:00
Tod Beardsley ad6f8257e1 MSFTidy fixes. 2012-01-18 15:01:32 -06:00
sinn3r d6e8f0b54d Add Felipe as an author (plus a reference) because looks like the PoC originally came from him. 2012-01-18 13:33:27 -06:00
sinn3r 064a71fb1d Add CVE-2011-3167 HP OpenView NNM exploit (Feature #6245) 2012-01-18 12:05:18 -06:00
scriptjunkie 9fe18cdc86 Add x64 LoadLibraryA payload. Because it should exist. 2012-01-17 21:16:26 -06:00
sinn3r e4ed3c968d Add OSVDB and BID references 2012-01-17 18:16:47 -06:00
sinn3r 75f543f3eb Hilarious, I forgot to change the disclosure date. 2012-01-17 18:11:18 -06:00
sinn3r 7d9ba6f5e9 Fix bug #6256: uninitialized class variable error 2012-01-17 17:58:53 -06:00
sinn3r 2e8122dc88 Better MSF style compliance 2012-01-17 14:54:50 -06:00
sinn3r a682e68073 Add CVE-2011-4786 HP Easy Printer Care XMLCacheMgr exploit (Feature #6246) 2012-01-17 12:28:47 -06:00
sinn3r 4f16caed0f Change naming style for MS type bug 2012-01-17 03:00:07 -06:00
sinn3r 5761035371 This payload shouldn't be in here. Instead of adding a new one, exec.rb should be fixed 2012-01-16 22:41:27 -06:00
sinn3r d5443159d7 Merge pull request #110 from jhartftw/soap_xml_6249
Improvements to auxiiliary/scanner/http/soap_xml to (#6249)
2012-01-16 18:19:33 -08:00
sinn3r 7b8bfd401e Merge branch 'argp-osx_mozilla_mchannel' 2012-01-16 20:02:35 -06:00
sinn3r eb5641820f Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-16 19:56:10 -06:00
sinn3r 618097ba3d Whitespace and keyword cleanup 2012-01-16 19:55:27 -06:00
sinn3r 17ffc06f60 Merge branch 'osx_mozilla_mchannel' of https://github.com/argp/metasploit-framework into argp-osx_mozilla_mchannel 2012-01-16 19:35:29 -06:00
sinn3r d2dbf6007e Merge pull request #111 from jhartftw/arp_poisoning_6250
Bug #6250
2012-01-16 17:34:11 -08:00
sinn3r c15e7da0b8 Add ZDI-12-012 McAfee SaaS ShowReport code execution 2012-01-16 18:44:11 -06:00
Jon Hart fe901b3fb2 Clean up error messages when LOCALSIP isn't defined. Remove
now-duplicated code is_ipv4?, clarify SMAC error messages.
2012-01-16 14:32:15 -08:00
sinn3r 4689421201 Correct variable naming style 2012-01-16 16:03:48 -06:00
Jon Hart 6a057560fa Improvements to auxiiliary/scanner/http/soap_xml to:
* Detect additional SOAP faults to reduce false positives
* More obviously support SSL
* Report http/https
* Make it obvious when a SOAP endpoint falls over mid-scan
* Add a few more nouns/verbs
* Add an optional SLEEP to play nice with old/slow SOAP endpoints

https://dev.metasploit.com/redmine/issues/6249
2012-01-16 12:27:17 -08:00
Tod Beardsley 11fc423339 Merge pull request #102 from cbgabriel/bsplayer-m3u
modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-16 11:24:48 -08:00
sinn3r 14a35da0fd Merge pull request #104 from swtornio/master
add osvdb ref
2012-01-13 13:26:24 -08:00
Tod Beardsley 4ac6c0c3ee A great big pile of fixes to the ssh scanners
Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have been merged in prior to
just now.
2012-01-13 13:49:21 -06:00
Steve Tornio bd31f3f480 add osvdb ref 2012-01-13 13:21:33 -06:00
Tod Beardsley d52df50a77 Drop a spurious print_error line from smtp_version 2012-01-13 11:46:56 -06:00
sinn3r 2eb35728f6 Randomize nops 2012-01-12 18:37:25 -06:00
root ffe81584d1 updated author 2012-01-12 19:02:34 -05:00
sinn3r e42e0004a9 Merge branch 'ms05_054_onload' of https://github.com/SamSharps/metasploit-framework into SamSharps-ms05_054_onload 2012-01-12 17:46:50 -06:00
root a8ef3417b5 Fixed the date 2012-01-12 20:54:55 -06:00
Sam Sharps e75e23b963 Removed more unused variables and fixed some formatting 2012-01-12 18:13:28 -06:00
Sam Sharps f22f54034a Removed unused variables 2012-01-12 18:05:54 -06:00
Sam Sharps 87ee6905df Modified exploit to not need egg hunter shellcode 2012-01-12 18:01:22 -06:00
Stephen Haywood 6ad2eda24c Windows artifacts module 2012-01-12 17:26:35 -06:00
sinn3r 02bd1f3407 Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework 2012-01-12 17:06:14 -06:00
root ad0b745b31 new file: modules/exploits/windows/fileformat/bsplayer_m3u.rb 2012-01-12 16:12:43 -05:00
David Maloney 6234d13f7c Added Schema Dump Module for Postgres 2012-01-12 15:20:46 -05:00
Stephen Haywood cb146f9021 Used msf library for digest, fixed name. 2012-01-12 12:49:50 -05:00
David Maloney a3749f1d80 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-11 12:17:11 -08:00
David Maloney 52be1c3a7a Add schemadump module for MySql 2012-01-11 12:16:22 -08:00
Tod Beardsley 500cfa6dd1 Removing telnet_encrypt_keyid_bruteforce.rb to unstable
can't ship for a few problems, will be fixed up soonish but
about to release a build.
2012-01-11 14:00:42 -06:00
David Maloney 1a03777538 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-11 09:11:48 -08:00
David Maloney 8c594798d7 Fix to the AIX jtr module title. 2012-01-11 09:11:23 -08:00
Tod Beardsley 092b226cce Updating tns_auth_sesskey to use a user-supplied SID
Applying the patch suggested by Lukas, here: http://mail.metasploit.com/pipermail/framework/2012-January/008374.html
2012-01-11 07:31:36 -06:00
David Maloney 13069990eb Added module for dumping schema information from Microsoft SQL Server
and storing it as loot and notes.
2012-01-10 15:32:09 -08:00
Tod Beardsley 7e25f9a6cc Death to unicode
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.

Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
David Maloney ed0dbad243 Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.
Fixes #6066
2012-01-10 12:32:47 -08:00
sinn3r bc9014e912 Add new v3.4 target by Michael Coppola (Feature #6207) 2012-01-09 23:51:11 -06:00
sinn3r b76767669c Update Nenad's author name and e-mail 2012-01-09 20:14:47 -06:00
sinn3r 90eb2b9a75 Add CVE-2011-4862 encrypt_key_id using the brute-force method (Feature #6202) 2012-01-09 19:35:06 -06:00
sinn3r 8eee54d1d0 Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb) 2012-01-09 14:23:37 -06:00
Tod Beardsley eeb3a442de whitespace correctly smtp_version.rb 2012-01-09 14:11:10 -06:00
Tod Beardsley 15990efd85 Removing useless (?) begin/rescue from smtp_version
Let the scanner mixin handle the exceptions.
2012-01-09 14:11:10 -06:00
Tod Beardsley e7d7302644 Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal. 2012-01-09 11:22:44 -06:00
David Maloney e12d5588c6 Set data on webdav scanner notes to include webdav path.
'Enabled' in the data field was useless since the note existing
already tells you webdav is enabled.
The path that webdav was running on wasn't kept anywhere though.
2012-01-09 08:33:45 -08:00
Patroklos Argyroudis 5a20b7d7ac Fixed small typo 2012-01-09 14:19:00 +02:00
Patroklos Argyroudis 9a62b41ab7 Mac OS X x86 payload that executes Calculator.app 2012-01-09 12:12:20 +02:00
Patroklos Argyroudis 5d359785ae Firefox 3.6.16 mChannel exploit for Mac OS X 10.6.8, 10.6.7 and 10.6.6 2012-01-09 12:10:25 +02:00
sinn3r 03a39f7fe8 Whitespace cleanup, also change print_status usage when verbose 2012-01-09 02:21:39 -06:00
sinn3r 2f9d563067 Update reference 2012-01-09 02:14:29 -06:00
Tod Beardsley a1668f2b23 Adds SSHKey gem and some other ssh goodies
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.

Squashed commit of the following:

commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 22:23:32 2012 -0600

    Updates ssh credentials to easily find common keys

    Instead of making the modules do all the work of cross-checking keys,
    this introduces a few new methods to the Cred model to make this more
    universal.

    Also includes the long-overdue workspace() method for credentials.

    So far, nothing actually implements it, but it's nice that it's there
    now.

commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 20:10:40 2012 -0600

    Adding back cross-checking for privkeys.

    Needs to test to see if anything depends on order, but should
    be okay to mark up the privkey proof with this as well.

commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 16:49:56 2012 -0600

    Add SSHKey gem, convert PEM pubkeys to SSH pubkeys

commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 13:51:55 2012 -0600

    Store pubkeys as loot for reuse.

    Yanked cross checking for now, will drop back in before pushing.

commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 02:10:12 2012 -0600

    Fixes up a couple typos in ssh_identify_pubkeys

commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sat Jan 7 17:18:33 2012 -0600

    Updates to ssh_identify_pubkeys and friends

    Switches reporting to cred-based rather than note-based, accurately deal
    with DSA keys, adds disable_agent option to other ssh modules, and
    reports successful ssh_login attempts pubkey fingerprints as well.

    This last thing Leads to some double accounting of creds, so I'm not
    super-thrilled, but it sure makes searching for ssh_pubkey types a lot
    easier.... maybe a better solution is to just have a special method for
    the cred model, though.
2012-01-08 22:28:37 -06:00
sinn3r 243dbe50f0 Correct author name. Unfortunately not all editors can print unicode correctly. 2012-01-07 15:18:25 -06:00
sinn3r 181fe2d925 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-07 15:14:30 -06:00
sinn3r 4e858aba89 Add CVE-2012-0262 Op5 welcome.php Remote Code Execution 2012-01-07 15:13:45 -06:00
sinn3r 4645c1c2b9 Add CVE-2012-0261 Op5 license.php Remote Code Execution 2012-01-07 15:12:49 -06:00
HD Moore b12baccc49 Quick update, added a research option 2012-01-07 01:13:23 -06:00
sinn3r 6d401b48d1 Fix typo 2012-01-07 00:02:51 -06:00
sinn3r b7e29191f5 Add Drupal 'Views' module username enumeration (Feature #6194) 2012-01-06 23:51:32 -06:00
David Maloney 40a1d8bcc8 Fixed issue with a missing nil check in ftp_login 2012-01-06 20:51:58 -08:00
David Maloney 81acfd2126 Adds hashdump and cracking modules for AIX 2012-01-06 20:31:22 -08:00
David Maloney 8e017fd4db Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-06 20:30:25 -08:00