Commit Graph

7979 Commits (a43b218917448c8806f5383ca38e8a71f8dd2ea7)

Author SHA1 Message Date
sinn3r fc4da53be4 More fixes 2012-12-28 03:27:04 -06:00
sinn3r ddd4b7ef60 Applying fixes 2012-12-28 02:26:40 -06:00
sinn3r 5369f88c5d Merge branch 'local_admin_search_enum.rb' of git://github.com/zeknox/metasploit-framework into zeknox-local_admin_search_enum.rb
Conflicts:
	modules/post/windows/gather/local_admin_search_enum.rb
2012-12-28 02:25:39 -06:00
Tod Beardsley c2586d0907 Instead of raising, offer advice on BPF filtering
Many people don't know how to disable ICMP echo responses off the top of
their head. However, the problem is solvable with a decent BPF filter.
2012-12-27 15:18:18 -06:00
Tod Beardsley c6533621a0 Oops removing debug prints 2012-12-27 14:58:52 -06:00
Tod Beardsley c695f429d5 Mirror upstream PacketFu fix on ICMP size 2012-12-27 14:56:49 -06:00
Tod Beardsley 121353b360 Fixing EOLs to unix
In vim:

:set fileformat=unix
:wq

ta-da
2012-12-27 13:54:50 -06:00
Tod Beardsley 9fa6c9f4c4 Merge remote branch 'ChrisJohnRiley/icmp_exfil' into icmp_exfil 2012-12-27 13:52:19 -06:00
sinn3r 30c1286795 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2012-12-27 10:45:19 -06:00
sinn3r 0f6b72dad5 Final touchup 2012-12-26 21:16:04 -06:00
sinn3r 919d6daa41 Even if there's password, we should prolly keep the username 2012-12-26 21:14:26 -06:00
sinn3r 4ce1df2214 Change module title for consistency 2012-12-26 21:13:02 -06:00
sinn3r da49f67079 Only show the password when exists 2012-12-26 21:10:52 -06:00
sinn3r d3d595da95 Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb 2012-12-26 21:08:03 -06:00
Brandon McCann 6e520e7a2a converted split into a scan 2012-12-26 21:06:48 -06:00
sinn3r eb424195ca Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb 2012-12-26 20:42:24 -06:00
Brandon McCann e3c1d5a5c0 fixed config.close bug 2012-12-26 20:40:11 -06:00
sinn3r 17b41adfec Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb 2012-12-26 20:35:46 -06:00
Brandon McCann b71729bf5f fixed multi stored creds issue 2012-12-26 20:32:41 -06:00
sinn3r 6ecaabc9cc Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb 2012-12-26 20:08:34 -06:00
Brandon McCann d70d2c4a19 typo 2012-12-26 19:54:35 -06:00
Brandon McCann bcc651a1b2 modified password parsing, and utf encoding 2012-12-26 19:49:25 -06:00
sinn3r c75f48b404 Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb 2012-12-26 18:58:34 -06:00
Brandon McCann 073565c001 modified port and sname in db logging 2012-12-26 18:33:10 -06:00
sinn3r b483e76065 Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb 2012-12-26 18:03:24 -06:00
Brandon McCann 7147e7a09b added spark_im post exploit module 2012-12-26 17:28:23 -06:00
sinn3r 771460fa4c Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2012-12-26 11:35:52 -06:00
sinn3r d2dc7ebc2d Merge branch 'feature/windows-postgres-payload-dll' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/windows-postgres-payload-dll 2012-12-26 11:18:21 -06:00
sinn3r 8223df375d Avoid making the title sound too generic. 2012-12-26 11:15:37 -06:00
sinn3r 0b2ea3e55e Fix weird tabs vs spaces prob 2012-12-26 11:14:48 -06:00
jvazquez-r7 e895ccb6b1 added random string functions 2012-12-25 18:13:02 +01:00
jvazquez-r7 fec989026f Added module for CVE-2012-5691 2012-12-25 18:05:10 +01:00
sinn3r 2682908ff2 Small corrections here and there 2012-12-24 18:20:46 -06:00
sinn3r 6a3bf6a2a6 Merge branch 'master' of git://github.com/rapid7/metasploit-framework 2012-12-24 17:57:02 -06:00
sinn3r 38f0886058 James has more modules that need to be updated.
e-mail update.
2012-12-24 17:51:58 -06:00
jvazquez-r7 5b8492fc0d module cleanup by juan 2012-12-24 23:26:40 +01:00
jvazquez-r7 ac6f34dc09 module name renamed 2012-12-24 23:26:06 +01:00
jvazquez-r7 bf036c97ad added initial submission from james fitts 2012-12-24 23:25:25 +01:00
Zach Grace d4bdf1b6b4 Added user name enumeration based on author id enumeration 2012-12-24 16:09:03 -06:00
jvazquez-r7 7173c9b598 update james email address 2012-12-24 22:46:47 +01:00
sinn3r d69e506221 Final changes 2012-12-24 15:08:52 -06:00
sinn3r 3d27397429 This error will still show even if we get a shell 2012-12-24 15:06:15 -06:00
jvazquez-r7 0950240d9a module cleanup by juan 2012-12-24 18:59:45 +01:00
jvazquez-r7 9020c96373 module renamed 2012-12-24 18:59:25 +01:00
jvazquez-r7 09568f255e Submission by James Fitts 2012-12-24 18:58:53 +01:00
sinn3r 076c8aa995 Merge branch 'nullbind-mssql_linkcrawler' 2012-12-24 11:14:28 -06:00
sinn3r 677b9718da Finalizing module 2012-12-24 11:13:51 -06:00
sinn3r 0822e8eae2 Merge branch 'kost-mipsle-shell_reverse_tcp' 2012-12-24 10:52:19 -06:00
jvazquez-r7 4c897c5181 added module for ZDI-12-154 2012-12-24 16:23:19 +01:00
sinn3r d2e3e5defb Merge branch 'jlee-r7-cleanup/post-windows-services' 2012-12-22 13:29:48 -06:00
sinn3r ae4f434691 Handle RequestError
Some registry-retrieving functions will return nil when a
RequestError exception is raised, and that's the exception we
should be handling.
2012-12-22 13:10:44 -06:00
sinn3r e423351de3 Merge branch 'darkoperator_checkvm_more_checks' of git://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator_checkvm_more_checks 2012-12-22 12:40:33 -06:00
jvazquez-r7 e15cf9f288 Merge branch 'netwin_surgeftp_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-netwin_surgeftp_exec 2012-12-22 15:50:07 +01:00
Carlos Perez 1ca85e2fff fix indentation and EOL spaces 2012-12-22 10:42:43 -04:00
Carlos Perez ddb9871577 refactor for use of registry mixin and will now create a note for the hypervisor 2012-12-22 10:27:54 -04:00
sinn3r d97a63a94c Make changes based on juan and egypt's feedback 2012-12-22 02:35:22 -06:00
James Lee 20cc2fa38d Make Windows postgres_payload more generic
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
  the ability to use generate_payload_dll() which generates a generic dll
  that spawns rundll32 and runs the shellcode in that process. This is
  basically what the linux version accomplishes by compiling the .so on
  the fly. On major advantage of this is that the resulting DLL will
  work on pretty much any version of postgres

* Adds Exploit::FileDropper to windows version as well. This gives us
  the ability to delete the dll via the resulting session, which works
  because the template dll contains code to shove the shellcode into a
  new rundll32 process and exit, thus leaving the file closed after
  Postgres calls FreeLibrary.

* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
  Windows

* Adds a check method to both Windows and Linux versions that simply
  makes sure that the given credentials work against the target service.

* Replaces the version-specific lo_create method with a generic
  technique that works on both 9.x and 8.x

* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
  gets downcased and subsequently causes postgres to error out before
  opening the DLL

* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
sinn3r 9b768a2c62 Merge branch 'cleanup/post-windows-services' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/post-windows-services 2012-12-21 23:42:17 -06:00
sinn3r 49248c79d6 Oops, didn't mean to keep these lines 2012-12-21 22:22:58 -06:00
Carlos Perez 924f5283ae Improvements to checkvm
- Added additional checks for Hyper-V
- Added additional checks for VMware
- Removed $Id$ and $Revision$ (Confirmed with Todb on it)
2012-12-21 22:11:57 -04:00
sinn3r 9af8c9b457 Small corrections 2012-12-21 18:52:40 -06:00
sinn3r ca72132fc0 Add a check 2012-12-21 16:23:31 -06:00
sinn3r 1323081bce msftidy cleanup 2012-12-21 16:11:16 -06:00
sinn3r 529a3c9a63 Add Netwin SurgeFTP module 2012-12-21 16:10:27 -06:00
jvazquez-r7 d5f08a2405 Added module for CVE-2012-6329 for foswiki 2012-12-21 22:08:08 +01:00
jvazquez-r7 02782258eb fix eol for ms12_004_midi 2012-12-21 21:01:39 +01:00
jvazquez-r7 ff4b959c04 Merge branch 'ms12_004_leaky_icky' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms12_004_leaky_icky 2012-12-21 21:01:05 +01:00
sinn3r e9c00488fa Return value does not need to be checked, says zeknox 2012-12-21 13:00:08 -06:00
sinn3r 115ad9ae33 Small corrections 2012-12-21 12:56:44 -06:00
sinn3r 6ac5f2b6a2 Merge branch 'twiki_maketext' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-twiki_maketext 2012-12-21 11:15:49 -06:00
sinn3r 2c4d517e75 Merge branch 'useragent_cleanup' of git://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-useragent_cleanup 2012-12-21 11:14:06 -06:00
sinn3r 3c398d0e62 Final cleanup 2012-12-21 10:46:36 -06:00
sinn3r 4c58991c89 Cleanup ROP a little 2012-12-21 10:35:28 -06:00
sinn3r e95f0267c6 Update for some leaky icky 2012-12-21 10:03:38 -06:00
Chris John Riley 413b75cd8b Fixed crash issues with unescape
Added better formatting to avoid pages of output
2012-12-21 12:07:14 +01:00
jvazquez-r7 76cad3dd4c Added module for CVE-2012-6329 2012-12-21 11:30:04 +01:00
Chris John Riley e237512bd7 Cleaned up the SAP modules as they are all sending double user-agent strings (also added OptEnum where appropriate) 2012-12-21 10:47:45 +01:00
HD Moore b3c0c6175d FixRM #3398 by removing double user-agent headers 2012-12-20 14:45:18 -06:00
jvazquez-r7 26f561795d fix cmd windows ruby payloads 2012-12-20 00:50:02 +01:00
sput-nick 4595a96ece updated CVE and OSVDB wikka_spam_exec references 2012-12-19 16:42:47 -05:00
sinn3r 37524c7965 Make sure return vals are handled correctly. 2012-12-19 09:45:01 -06:00
sinn3r cfcd1ead54 Merge branch 'netlm_downgrade.rb' of git://github.com/zeknox/metasploit-framework into zeknox-netlm_downgrade.rb 2012-12-19 02:22:00 -06:00
sinn3r 2818e53cbf Merge branch 'indusoft_issymbol_internationalseparator' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-indusoft_issymbol_internationalseparator 2012-12-18 18:16:31 -06:00
sinn3r 592de9b39e Something tells me charles wanna try 5 times, not 6 times. 2012-12-18 18:10:15 -06:00
sinn3r ba242e1809 Merge branch 'master' of git://github.com/charles-n2netsec/metasploit-framework into charles-n2netsec-master 2012-12-18 18:01:28 -06:00
jvazquez-r7 f820ffb32d update authors 2012-12-18 23:57:29 +01:00
jvazquez-r7 8a07d2e53d Added module for ZDI-12-168 2012-12-18 23:48:53 +01:00
sinn3r 7145078e63 Merge branch 'mipsle-shell_reverse_tcp' of git://github.com/kost/metasploit-framework into kost-mipsle-shell_reverse_tcp 2012-12-18 11:50:41 -06:00
sinn3r cad8abef48 msftidy cleanup 2012-12-18 11:46:27 -06:00
sinn3r 860ebbcfb1 Merge branch 'master' into averagesecurityguy-master 2012-12-18 11:45:41 -06:00
sinn3r 0344c568fd Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes 2012-12-18 11:38:14 -06:00
sinn3r 9825b07df8 Merge branch 'sap_soap_rfc_dbmcli_sxpg_command_exec' of git://github.com/nmonkee/metasploit-framework into nmonkee-sap_soap_rfc_dbmcli_sxpg_command_exec 2012-12-18 01:12:50 -06:00
Garret Picchioni fa42d0c7fe Fixed minor spelling errors 2012-12-17 15:18:08 -07:00
sinn3r 88f02e0016 Merge branch 'jvazquez-r7-crystal_reports_printcontrol' 2012-12-17 13:52:11 -06:00
sinn3r 9198e0dc05 Merge branch 'crystal_reports_printcontrol' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-crystal_reports_printcontrol 2012-12-17 13:40:41 -06:00
nmonkee 37f7122006 NameError undefined local variable or method output - fixed 2012-12-17 19:34:36 +00:00
Tod Beardsley 10511e8281 Merge remote branch 'origin/bug/fix-double-slashes'
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
jvazquez-r7 3ed36bd66a trying to fix stability issues on w7 2012-12-17 19:17:36 +01:00
sinn3r 37ce92afb1 Merge branch 'crystal_reports_printcontrol' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-crystal_reports_printcontrol 2012-12-16 16:15:24 -06:00
jvazquez-r7 bce7d48931 comment updated 2012-12-14 23:55:12 +01:00
jvazquez-r7 0a0b26dc2c after study the crash after the overflow... 2012-12-14 23:54:44 +01:00
sinn3r 53a2fda608 Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler 2012-12-14 15:23:25 -06:00
sinn3r 12472756aa Merge branch 'master' into bug/safari-metadata-version 2012-12-14 12:52:18 -06:00
jvazquez-r7 3e3f35419b Added module for CVE-2010-2590 2012-12-14 12:50:29 +01:00
joe eb972eaf0a Add a maxver for the safari_metadata_archive exploit.
* Apple Security Update 2006-001 (http://support.apple.com/kb/TA23971)
* Update applied to 10.4.5, where safari 2.0.3 is default browser.
* Because update did not bump Safari version, not all 2.0.3 browsers will be affected.
2012-12-14 02:17:25 -06:00
sinn3r d2885d9045 Correct US Cert references 2012-12-13 14:19:53 -06:00
nullbind 67829756f8 fixed errors 2012-12-12 17:45:02 -06:00
Tod Beardsley e762ca0d9b Merge remote branch 'jlee-r7/midnitesnake-postgres_payload' 2012-12-12 15:30:56 -06:00
sinn3r d6e2c3970d Merge branch 'dmaloney-r7-feature/winrm_compat_mode' 2012-12-12 14:39:49 -06:00
sinn3r a69a4fbbce Extra spaces, be gone. 2012-12-12 14:38:00 -06:00
sinn3r 3a481c8e42 Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode 2012-12-12 14:31:04 -06:00
David Maloney 5856874cea Login check fixes for exploit 2012-12-12 14:18:41 -06:00
Raphael Mudge 482846942a Fix: download_exec appends an extra / to request
The download_exec module parses the provided URL and appends an
unnecessary, nay--damaging I say!!!! '/' to the parsed URI. This
renders the module unusable for those who want a payload to
download and execute a file.

Before and after access.log snippets are in the redmine ticket

http://dev.metasploit.com/redmine/issues/7592
2012-12-12 14:01:31 -06:00
sinn3r b465d20d61 Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode 2012-12-12 11:59:23 -06:00
David Maloney 5e8b9a20a4 Fix boneheaded mistake 2012-12-12 09:18:03 -06:00
jvazquez-r7 3e81fb2002 last cleanup for steam.rb 2012-12-12 11:48:46 +01:00
jvazquez-r7 87f6b8bc89 Merge branch 'master' of https://github.com/nikolai-r/metasploit-framework into nikolai-r-master 2012-12-12 11:48:26 +01:00
Nikolai Rusakov f642aa67f9 CLeanup redundant code. 2012-12-12 00:00:27 -05:00
Nikolai Rusakov f7cf75063d Cleanup and use Post::File api. Use store_loot for data collection 2012-12-11 23:41:50 -05:00
jvazquez-r7 8f388eb226 fixing if typo 2012-12-11 23:28:21 +01:00
jvazquez-r7 b5b5667539 Merge branch 'symantec_brightmail' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-symantec_brightmail 2012-12-11 23:27:56 +01:00
sinn3r 0ca1dbd14e Account for the timeout condition 2012-12-11 16:24:42 -06:00
sinn3r 3f4efea879 No twitter name, please. 2012-12-11 14:52:39 -06:00
Rob Fuller 20ea56e4b9 fixed type @wchen-r7 found
hopefully didn't miss any others
2012-12-11 15:29:53 -05:00
Rob Fuller 717799cffd fix typos
negotiate spelled wrong in a couple spots
and only 3 g's in loggging
2012-12-11 15:00:21 -05:00
sinn3r 343a785420 Add OSVDB references 2012-12-11 12:47:08 -06:00
sinn3r ceb6f81165 Merge branch 'ektron_xslt_exec_nicob' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ektron_xslt_exec_nicob 2012-12-11 12:40:45 -06:00
jvazquez-r7 461f057c95 Merge branch 'loggedin_users' of https://github.com/R3dy/metasploit-framework into R3dy-loggedin_users 2012-12-11 17:33:31 +01:00
jvazquez-r7 2eb4de815d added c# code by Nicolas Gregoire 2012-12-11 16:33:41 +01:00
jvazquez-r7 44633c4f5b deleted incorrect cve ref 2012-12-11 12:16:47 +01:00
jvazquez-r7 fdb457d82b Merge branch 'refs_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-refs_update 2012-12-11 12:16:06 +01:00
jvazquez-r7 6512eb4783 Merge branch 'naming_corrections' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-naming_corrections 2012-12-11 11:55:51 +01:00
sinn3r 283d37f2e3 Correct naming style
In order to match naming style consistency
2012-12-11 01:12:29 -06:00
sinn3r b315a4eee4 Grammar 2012-12-11 00:19:15 -06:00
jvazquez-r7 e3a126aa75 Added module for ZDI-10-174 2012-12-11 01:37:44 +01:00
sinn3r 25d888bebb Add CVE-2012-4347 Symantec Messaging Gateway Log File Download 2012-12-10 18:09:29 -06:00
sinn3r 31e2a164a9 MySQL file priv gets a ref from OSVDB 2012-12-10 12:15:44 -06:00
sinn3r f5193b595c Update references 2012-12-10 11:42:21 -06:00
David Maloney e448431c8a Add 32bit comapt mode for 64 bit targets on wirnm
When a 32 bit payload is selected for an x64 target using the powershell
2.0 method,
it will try to invoke the 32bit version of pwoershell to sue instead
allowing us to still get a session even with the wrong payload arch
2012-12-10 11:39:24 -06:00
Tod Beardsley 7ea188e02d Merge pull request #1147 from wchen-r7/cve_text_consistency
Change CVE text format
2012-12-09 14:48:08 -08:00
sinn3r 23d0ffa3ab Dang it, grammar fail. 2012-12-09 01:39:24 -06:00
sinn3r 64a8b59ff9 Change CVE forma
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
Nikolai Rusakov 462766a654 Added Steam client session collector post module 2012-12-08 19:11:57 -05:00
sinn3r 811bc49bfd Merge branch 'bug/rm7593-flash-otf' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/rm7593-flash-otf 2012-12-08 17:16:14 -06:00
jvazquez-r7 d921c6f6e9 bid reference added 2012-12-08 15:09:32 +01:00
jvazquez-r7 080e45045b Merge branch 'nagios_graph_explorer' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-nagios_graph_explorer 2012-12-08 15:08:57 +01:00
sinn3r 60feba164d Add OSVDB 2012-12-07 23:18:02 -06:00
sinn3r 15661b82bc Add Nagios Network Monitor Graph Explorer module 2012-12-07 23:16:25 -06:00
sinn3r e989142d9d Merge branch 'freefloat' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-freefloat 2012-12-07 14:48:01 -06:00
sinn3r 78b4233b56 Final changes 2012-12-07 14:44:41 -06:00
jvazquez-r7 bae5442ca6 working... 2012-12-07 21:38:17 +01:00
sinn3r 901ef5060c Merge branch 'maxthon' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-maxthon 2012-12-07 13:52:23 -06:00
sinn3r 3f1cfcc184 More changes 2012-12-07 13:47:07 -06:00
jvazquez-r7 1aaecbcf0c cleanup and user agent check 2012-12-07 20:38:08 +01:00
sinn3r a1336c7b5a Some more changes 2012-12-07 13:32:44 -06:00
sinn3r 403ac1dc37 I would do anything for a cake. 2012-12-07 13:15:27 -06:00
sinn3r 9838a2c75f This never works for us. Gonna ditch it. 2012-12-07 13:02:26 -06:00
HD Moore 69177105ab Handle a null reply properly, small bug fix 2012-12-07 10:54:08 -08:00
jvazquez-r7 b0be8dc4df history exploit cleanup 2012-12-07 19:23:00 +01:00
sinn3r 38f2348c33 First changes 2012-12-07 11:27:09 -06:00
sinn3r a872362a65 Merge branch 'maxthon3' of git://github.com/malerisch/metasploit-framework into maxthon 2012-12-07 11:17:15 -06:00
sinn3r 2260e4b471 Switch to manual payload selection, because we don't auto-detect 2012-12-07 11:07:11 -06:00
James Lee 8812285678 Move print of my_target.name to after nil check
Avoids
  "Exception handling request: undefined method `name' for nil:NilClass"
when we don't have a target for the connecting browser.

[FixRM #7593]
2012-12-07 11:00:24 -06:00
sinn3r c08ee695a9 Merge branch 'splunk_upload_app_exec_cleanup' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-splunk_upload_app_exec_cleanup 2012-12-07 10:46:28 -06:00
sinn3r fafdcbaae1 Vuln discovered by Rich.
See: https://twitter.com/webstersprodigy/status/277087755073380353
2012-12-07 10:42:45 -06:00
jvazquez-r7 e5cc950fe1 fix identation 2012-12-07 11:57:11 +01:00
jvazquez-r7 133ad04452 Cleanup of #1062 2012-12-07 11:55:48 +01:00
sinn3r cddda9eab7 Merge branch 'master' into nullbind-mssql_linkcrawler 2012-12-06 23:51:06 -06:00
Stephen Haywood f56ef52ffc Fixed path error when BASE_PATH is nil. 2012-12-06 23:55:34 -05:00
Stephen Haywood 761e735a55 Store wc.db file in loot. Add BASE_PATH option. 2012-12-06 23:38:03 -05:00
sinn3r 88c97cd2b5 Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler 2012-12-06 18:08:13 -06:00
Royce Davis 97c9dd0caf Extra file got added by mistake, removed it 2012-12-06 16:31:28 -06:00
Royce Davis 600121c36a Fixed issue involing static path to Windows directory 2012-12-06 16:28:59 -06:00
Stephen Haywood 8a149b3ea3 Removed Version. 2012-12-06 17:24:16 -05:00
Stephen Haywood 4ce51fe889 Made changes requested by sinn3r. 2012-12-06 17:18:50 -05:00
Royce Davis 4837ea38f5 Merge https://github.com/rapid7/metasploit-framework 2012-12-06 16:15:55 -06:00
sinn3r c66777d028 Merge branch 'command' of git://github.com/R3dy/metasploit-framework into R3dy-command 2012-12-06 16:08:04 -06:00
Royce Davis 205276c38f Update modules/auxiliary/admin/smb/psexec_command.rb
Fixed static path to Windows directory.  This causes problems with directory is 'WINNT' for example.
2012-12-06 16:03:44 -06:00
Stephen Haywood d938959e97 Module to find SVN wc.db files. 2012-12-06 16:30:23 -05:00
sinn3r bf47eaaa41 Remove code that's commented out. Clearly not needed anymore. 2012-12-06 12:57:41 -06:00
sinn3r 0ea5c781c1 Tabs and spaces don't mix 2012-12-06 12:53:22 -06:00
sinn3r 37f9cff25a Merge branch 'ibm_director_cim_dllinject' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ibm_director_cim_dllinject 2012-12-06 12:36:48 -06:00
jvazquez-r7 fd20998f40 using the primer callback as pointed by egypt 2012-12-06 18:59:46 +01:00
sinn3r 817a7749c1 Merge branch 'ibm_director_cim_dllinject' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ibm_director_cim_dllinject 2012-12-06 11:35:09 -06:00
jvazquez-r7 8e21d9e235 fix source_address param 2012-12-06 18:34:22 +01:00
sinn3r 1fb05c0baf Merge branch 'ibm_director_cim_dllinject' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ibm_director_cim_dllinject 2012-12-06 11:34:19 -06:00
Brandon McCann 433532ddf4 fix OptAddress 2012-12-06 11:21:42 -06:00
Tod Beardsley 215017e17c Merge remote branch 'wchen-r7/better_tectia_ssh' 2012-12-06 11:01:36 -06:00
sinn3r 06927345e5 If message becomes nil, we should force a to_s for the regex
next_message can be nil sometimes if packet is nil (see net/ssh's
poll_message source)
2012-12-06 10:44:16 -06:00
jvazquez-r7 fc8b08f10f trailing comma 2012-12-06 17:32:58 +01:00
jvazquez-r7 532afc2919 Added module for CVE-2009-0880 2012-12-06 16:43:07 +01:00
jvazquez-r7 6d3d4c1d84 Added support for FileDropper 2012-12-06 12:03:17 +01:00
sinn3r 18f4df0a38 Fix weird indent prob 2012-12-06 03:58:16 -06:00
sinn3r a90ed82413 Correct CVE format 2012-12-06 03:57:46 -06:00
sinn3r 2b96c4e2a5 Add Kingcope's MySQL 'Stuxnet' technique exploit
Because why not.  One more trick to a pentest + coverage = better.
2012-12-06 03:56:23 -06:00
sinn3r 530332b176 Apply evil-e's fix when port isn't 22
See #1130
2012-12-05 21:42:53 -06:00
sinn3r 32c5f12912 Hmm, I should change the target name 2012-12-05 21:38:31 -06:00
sinn3r d3c1fa842a Lots of improvements
Keyboard-interactive method isn't required to exploit Tectia SSH.
So this update will just go straight to password method. There's
also improvements for the check() method: Not only does it check
the SSH version (banner), it will also check and see if the server
is using password method to auth.
2012-12-05 21:34:33 -06:00
malerisch 5e28563e4e Advisories URLs changed 2012-12-05 14:33:25 -08:00
sinn3r 49999a56ea Added CVE & vendor advisory information 2012-12-05 10:13:44 -06:00
jvazquez-r7 dd1d60293c Merge branch 'indesign_server' of https://github.com/h0ng10/metasploit-framework into h0ng10-indesign_server 2012-12-05 15:27:25 +01:00
jvazquez-r7 232eb7bf2d Final cleanup plus name change 2012-12-05 00:32:42 +01:00
jvazquez-r7 9cff72af72 Merge branch 'loggedin_users' of https://github.com/R3dy/metasploit-framework into R3dy-loggedin_users 2012-12-05 00:31:24 +01:00
sinn3r 86cbb672fc Merge branch 'psexec_command_fix' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-psexec_command_fix 2012-12-04 15:56:54 -06:00
sinn3r 353ea7bab7 Merge branch 'patch-4' of git://github.com/mubix/metasploit-framework into mubix-patch-4 2012-12-04 15:56:20 -06:00
sinn3r b85919266d Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-12-04 15:55:08 -06:00
jvazquez-r7 3dada00f43 fix typo accor ding to redmine 7550 2012-12-04 22:37:08 +01:00
Rob Fuller 5e9a5268cd remove .inspect debug code
cosmetic change
2012-12-04 16:24:15 -05:00
jvazquez-r7 2cca857f6f added support for Mac OS X 2012-12-04 22:04:21 +01:00
jvazquez-r7 9d8f0f94f6 added support for Mac OS X 2012-12-04 22:03:58 +01:00
jvazquez-r7 5548bebb16 embeding payload on the c# script 2012-12-04 17:44:55 +01:00
sinn3r e6c6133c90 must be password authentication 2012-12-04 09:56:51 -06:00
sinn3r 2467183c4f "Appears" is better
"Appears" is a more accureate way describing how much we think the
host is vulnerable.
2012-12-04 09:28:05 -06:00
sinn3r b5e7009283 Since we have included Tcp for check(), we don't need to reg rhost 2012-12-04 09:25:24 -06:00
sinn3r 3c59c2d5c0 This extra space must die. 2012-12-03 21:09:07 -06:00
sinn3r 211a1674f5 Add kingcope's Tectia SSH 0day 2012-12-03 21:07:32 -06:00
h0ng10 752907d5f0 exploit for OSVDB-87548 2012-12-03 19:01:40 -05:00
jvazquez-r7 3f3bdb8473 my editor... 2012-12-03 21:45:26 +01:00
jvazquez-r7 8a9ad4253a comment about the original discoverer updated 2012-12-03 21:44:35 +01:00
jvazquez-r7 2cb824d62d Added module for CVE-2012-5357 2012-12-03 20:12:02 +01:00
Brandon McCann 65f9f8ec2e fixed net use cmd 2012-12-02 23:43:35 -06:00
Royce Davis a1136be59e Fixed last ip changed it to peer 2012-12-02 19:17:59 -06:00
Royce Davis 2b171bb003 Added report_note functionality 2012-12-02 18:49:50 -06:00
Royce Davis e4e3ec8fdd Fixed module to use clean psexec method 2012-12-02 18:35:23 -06:00
Royce Davis 476a5dc58c Fixed return without disconnect 2012-12-02 18:27:27 -06:00
Royce Davis 4276279dd8 Fixed print_status to use peer instead of ip 2012-12-02 18:25:09 -06:00
Brandon McCann 5be12c1ad3 add verbose output 2012-12-01 12:04:34 -06:00
Brandon McCann e03ace17d9 typo 2012-12-01 11:57:51 -06:00
Brandon McCann 73b4a9d573 cleaned up rescue statements 2012-12-01 11:09:01 -06:00
Brandon McCann 501224f21f setup() added 2012-12-01 11:03:11 -06:00
Brandon McCann 16c5879d08 error handling added 2012-12-01 09:09:33 -06:00
sinn3r 1085357dbb Talked to Todb, we like "." better 2012-11-30 14:53:57 -06:00
sinn3r 01fc69b2b5 Merge branch 'mandreko-http_hsts' 2012-11-30 14:26:49 -06:00
sinn3r 61a74bf257 Minor changes here and there
Changes include:
* Some corrections in metadata
* report_note()
* Removes connect(), usually don't need it in modules
2012-11-30 14:24:27 -06:00
James Lee bc63ee9c46 Merge branch 'jvazquez-r7-file_dropper_support_local' into rapid7 2012-11-30 13:43:02 -06:00
Matt Andreko a73d8792ee Changed RPORT definition per egypt 2012-11-30 13:57:25 -05:00
sinn3r 7ae8f5b338 Modify name a little 2012-11-30 12:11:06 -06:00
sinn3r 9db84a16fa Change output 2012-11-30 12:06:21 -06:00
sinn3r 44022baefa Fix bug: NoMethodError undefined method `empty?' for nil:NilClass 2012-11-30 12:02:32 -06:00
sinn3r 37367bbaa0 Mostly cosmetic changes 2012-11-30 12:01:47 -06:00
sinn3r 4df86c08db Merge branch 'ftpx_post_gather' of git://github.com/bcoles/metasploit-framework into bcoles-ftpx_post_gather 2012-11-30 11:19:32 -06:00
Matt Andreko 40b8c93ef8 Added HSTS scanner for HTTPS sites 2012-11-30 09:30:11 -05:00
sinn3r 9d52048d7f Forgot to remove this after badchar analysis 2012-11-30 02:17:08 -06:00
sinn3r 37f731fe7d Add OSVDB-80896 BlazeVideo HDTV Player Pro 6.6 Buffer Overflow 2012-11-30 02:14:22 -06:00
bcoles 0472d60c4a Add FTP Explorer (FTPx) post->gather->credentials module
This module finds saved login credentials for the
FTP Explorer (FTPx) FTP client for Windows.
2012-11-30 15:09:14 +10:30
Royce Davis 7d4982b47b Fixed description area and authoer section 2012-11-29 14:21:27 -06:00
Royce Davis d6a3f6666d Fixed simple return form get_output method 2012-11-29 14:15:57 -06:00
Royce Davis cf53588ab7 Removed Version 2012-11-29 14:14:41 -06:00
Royce Davis 3ebbee5b1f Removed generic URLs 2012-11-29 14:13:49 -06:00
sinn3r bf41d3d0fd Merge branch 'network_shutdown_creds' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-network_shutdown_creds 2012-11-29 10:43:03 -06:00