Commit Graph

11627 Commits (a328bb21f115b388df6ad46dc23ffa4f535b2405)

Author SHA1 Message Date
chao-mu c59e08ce7d Moved utility codde and expanded railgun test suite runner 2012-01-06 21:07:16 -05:00
chao-mu f41fc7a0ac Moved platform_util.rb and added the tests for the new utilities to railgun.rb.ts.rb 2012-01-06 20:56:41 -05:00
chao-mu bd52f228a0 Merge remote branch 'upstream/master' 2012-01-06 20:27:53 -05:00
chao-mu 78ec687a4f Merge remote branch 'origin/master' 2012-01-06 20:20:28 -05:00
David Maloney bf425a6744 Fixed bug that prevented telnet sessions from opening with good creds 2012-01-06 16:59:08 -08:00
Stephen Haywood 2e60d2e01a Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2012-01-06 17:46:42 -05:00
Stephen Haywood 72072c4ef3 Added enum_artifacts 2012-01-06 17:43:50 -05:00
sinn3r 6ceb2f04a3 Add CVE-2011-2474 Sybase EAServer directory traversal vulnerability 2012-01-06 14:24:49 -06:00
David Maloney 9cf2af6a94 Adds exploit/windows/htt/xampp_webdav_upload_php
This exploit abuses weak default passwords on XAMPP
for windows to uplaod a php payload and execute it.

Fixes #2170
2012-01-06 12:00:14 -08:00
Sam Sharps 06414c2413 changed author to my actual name 2012-01-06 01:03:20 -06:00
HD Moore c2a71d63b4 Tweak the logic here 2012-01-06 00:53:50 -06:00
HD Moore 7b26e33e19 Initial version 2012-01-06 00:53:50 -06:00
Sam Sharps b26ed37467 Added description, urls, and another author 2012-01-06 00:47:01 -06:00
Sam Sharps 5c05cebaf7 Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790 2012-01-06 00:16:45 -06:00
sam f3a9bc2dad Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790 2012-01-06 00:12:28 -06:00
David Maloney 54bca49ef9 Slightly better fix to the digest request header issue 2012-01-05 12:25:32 -08:00
David Maloney ba86e8a04f Added PROPFIND support to http_login
This allows http_login to test against WebDAV.
Also added XAMPP default usernames and passwords to default wordlists
2012-01-05 12:10:53 -08:00
HD Moore 9c827abcb7 net-ssh hackery to disable agent support, disable private key support,
and add a callback
2012-01-05 14:10:31 -06:00
Jonathan Cran eec70706d0 make the esx driver dependent on meterpreter 2012-01-05 20:42:58 -06:00
Jonathan Cran bedc34ad44 Merge branch 'master' of r7.github.com:rapid7/metasploit-framework 2012-01-05 18:26:26 -06:00
Jonathan Cran c522514030 update the meterpreter modifier to reflect the new copy_ api 2012-01-05 18:26:05 -06:00
David Maloney 6cd3810094 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-05 12:03:21 -08:00
David Maloney e61b4ed65c Fixed issue with send_digest_request_cgi not keeping user supplied headers. 2012-01-05 12:02:21 -08:00
Tod Beardsley e28ccc33c7 Merge pull request #92 from rsmudge/armitage
Armitage 1.5.12
2012-01-05 11:05:35 -08:00
Raphael Mudge 46964a6be7 Armitage 1.5.12 - Performance and bandwidth optimizations in the team server, improved Java meterpreter interface, and
greatly overhauled Armitage's data export capability. Now users may select to export all data or any workspace.
2012-01-05 04:55:58 -05:00
chao-mu 3772f56260 Am making use of platform_util.rb's platform symbols for standardization across railgun. Ideally only platform_util.rb will need to know what platform strings look like and how they are represented in the railgun world. Corrected railgun.rb mixin's pointer_size function. 2012-01-04 22:28:20 -05:00
chao-mu 59ebb396a6 Steps towards pointer utility support for module developers and railgun developer(s) alike. 2012-01-04 22:14:41 -05:00
chao-mu 6db2da1f76 module Rex
module Post
module Meterpreter
module Extensions
module Stdapi
module Railgun
module Type
module PlatformUtil

	X86_64 = :x86_64
	X86_32 = :x86_32

	def self.parse_client_platform(meterp_client_platform)
		meterp_client_platform =~ /win64/ ? X86_64 : X86_32
	end

end # PlatformUtil
end # Type
end # Railgun
end # Stdapi
end # Extensions
end # Meterpreter
end # Post
end # Rex
2012-01-04 22:11:09 -05:00
chao-mu d995c3893b Platform handling utilities. I want to protect railgun against changes to client.platform's general form 2012-01-04 21:56:34 -05:00
HD Moore 8315709fb6 Correct typo and set the disclosure date 2012-01-04 19:46:56 -06:00
chao-mu d46379dda2 Merge remote branch 'upstream/master' 2012-01-04 19:32:06 -05:00
chao-mu 3d7d5d5f3d Utility for working with pointers. Test coverage is incomplete 2012-01-04 19:30:30 -05:00
Tod Beardsley 7b692aa0b9 Adding references to vss modules. 2012-01-04 12:10:03 -06:00
Tod Beardsley 164c80d496 Adding a comment doc to the shadowcopy lib.
Citing Tim Tomes and Mark Baggett
2012-01-04 12:03:13 -06:00
sinn3r 8cced0a91e Add CVE-2011-2462 Adobe Reader U3D exploit 2012-01-04 03:49:49 -06:00
sinn3r c122ec34bc Add default SSH credential for Op5 system CenOS VM image 2012-01-03 15:13:35 -06:00
David Maloney 12221b0433 UAC will disrupt these modules
Added checks for UAC.
UAC must be bypassed before using these modules.
2012-01-03 12:07:38 -08:00
Jonathan Cran 166e3f45d6 Merge branch 'release/20111227000001' 2012-01-03 11:56:55 -06:00
chao-mu b9b5b1e66f Merge remote branch 'upstream/master' 2012-01-02 20:07:50 -05:00
Tod Beardsley 904297ee35 Merge pull request #91 from jduck/master
Stack trace fix when mytarget is nil, actually populate the agent variable.
2012-01-02 09:26:05 -08:00
Joshua J. Drake 958ffe6e1d Fix stack trace from unknown agents 2012-01-02 03:41:49 -06:00
HD Moore 7448ab4780 Merge pull request #90 from swtornio/master
add osvdb ref
2012-01-01 10:25:21 -08:00
Steve Tornio 7bfdc9eff4 add osvdb ref 2012-01-01 09:10:10 -06:00
James Lee 4cd329a943 Spawn the payload as a seperate process
Running the payload using system() in a thread was causing some weird
interactions with ctrl-c. Fix those issues by using Process.spawn and
Process.detach. I suspect this was the original cause of #3631, java
meterpreter sessions dying unaccountably.

See #3631
2011-12-31 12:11:34 -07:00
David Maloney dd0b07b2cc Adds mixin and post modules to manipulate Volume shadowcopy Service(VSS) 2011-12-30 15:03:04 -08:00
Joshua Smith 29b6d0d1e3 Adds previous, pushm, popm to msfconsole
Adds the ability to set and use a stack of modules, and to easily switch
between the last two modules used.

[Fixes #6165][Closes #84]
Squashed commit of the following:

commit e41e7f704888b1ce5ad5f23caeee1de13052e3d5
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date:   Mon Dec 26 15:52:08 2011 -0500

    pushm/popm working great, let me know if you find bugs

commit 23da8d56ea08ca196e649431e8188b4f29ba97b9
Author: Joshua Smith <kernelsmith@kernelsmith.com>
Date:   Mon Dec 26 14:37:18 2011 -0500

    Adds the 'previous' command to msfconsole which will load the previously active module as the currently active module, adds @previous_module as a class variable
2011-12-30 15:30:55 -06:00
James Lee 0fa0ceccb5 Merge branch 'master' of github-r7:rapid7/metasploit-framework 2011-12-30 10:55:48 -07:00
James Lee ba017773b2 Cleanup whitespace at EOL 2011-12-30 10:55:01 -07:00
sinn3r 23f2a189d7 Merge pull request #89 from rsmudge/armitage
Armitage 12.30.11
2011-12-30 08:21:04 -08:00
sinn3r d9db03dba6 Add CoCSoft StreamDown buffer overflow (Feature #6168; no CVE or OSVDB ref) 2011-12-30 10:16:29 -06:00