Commit Graph

2417 Commits (af10ee5e571f5674baad6d6a52e956c2dfedd26b)

Author SHA1 Message Date
Tod Beardsley f58558f605 Updated all the brute force login modules to record successful logins and avoid duplicating credentials.
git-svn-id: file:///home/svn/framework3/trunk@8553 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 19:04:51 +00:00
Joshua Drake 2e77c76824 add exploit module to get code exec on a tomcat manager instance, closes #772
git-svn-id: file:///home/svn/framework3/trunk@8552 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 18:18:43 +00:00
Tod Beardsley 38a3b8203e Properly checking for credential duplication.
git-svn-id: file:///home/svn/framework3/trunk@8551 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 18:11:18 +00:00
Joshua Drake 534d56cdd8 adjust text wrap
git-svn-id: file:///home/svn/framework3/trunk@8550 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 18:04:11 +00:00
Tod Beardsley c24a708db6 See #859. Adds keyboard-interactive as an acceptable method of authentication.
git-svn-id: file:///home/svn/framework3/trunk@8548 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 16:11:58 +00:00
Patrick Webster 350c189a34 Added exploit module qbik_wingate_wwwproxy.
git-svn-id: file:///home/svn/framework3/trunk@8547 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 15:58:26 +00:00
Tod Beardsley 27c3266c0a Serializes telnet brute forcing so it's a little bit faster (as it happens) and
about a zillion times more reliable.



git-svn-id: file:///home/svn/framework3/trunk@8543 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 00:22:02 +00:00
Tod Beardsley 4197f00701 Moves @credentials_tried and @credentials_good into auth_brute proper, though modules still
need to handle them themselves... which telnet and ssh both do now.



git-svn-id: file:///home/svn/framework3/trunk@8542 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 21:55:02 +00:00
Joshua Drake 797ab55f52 add exploit module for cve-2009-2011
git-svn-id: file:///home/svn/framework3/trunk@8541 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 20:14:40 +00:00
Tod Beardsley 443e82bc75 Reworked ssh_login to a) handle all SSH errors, b) cease trying users if we already guessed a password and c) cease trying the same user:pass combo more than once.
git-svn-id: file:///home/svn/framework3/trunk@8540 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 20:12:02 +00:00
Steve Tornio a71a24b6d3 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8538 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 18:56:05 +00:00
Steve Tornio ed395fcda4 add osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@8537 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 18:48:34 +00:00
Steve Tornio b17fc35986 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8536 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 18:35:01 +00:00
Steve Tornio 3314e6a10b add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8535 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 17:25:47 +00:00
Steve Tornio fa877eb567 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8534 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 17:11:45 +00:00
Steve Tornio e5609bbf82 add cve and osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@8533 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 17:07:54 +00:00
HD Moore 1686931efe More SSH versions
git-svn-id: file:///home/svn/framework3/trunk@8532 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 14:42:11 +00:00
Joshua Drake b4ead057f6 add exploit module for cve-2000-0917
git-svn-id: file:///home/svn/framework3/trunk@8530 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 00:56:28 +00:00
Tod Beardsley 5fce04ce22 See #843, but this really just masks the problem. Investigate more thoroughly.
git-svn-id: file:///home/svn/framework3/trunk@8529 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 23:35:22 +00:00
Tod Beardsley 25ec6e8021 Removing the require rescues for SSH, now that it's shipping in lib directly.
git-svn-id: file:///home/svn/framework3/trunk@8528 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 23:21:51 +00:00
Tod Beardsley 206b70ace7 Indentation fixes (wrapping everything in a begin;rescue;end, didn't want
to obfuscate that with the last change).



git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 18:09:51 +00:00
Tod Beardsley b45cfb8793 Fixes #808. Removes the pre-connect test from login and version.
git-svn-id: file:///home/svn/framework3/trunk@8521 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 18:05:51 +00:00
Steve Tornio ceb65d7dc0 Add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8519 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 16:38:58 +00:00
Joshua Drake 4800d6841c commit cmd stager stuff from bannedit
git-svn-id: file:///home/svn/framework3/trunk@8518 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 16:38:19 +00:00
et cf29ff333e Added a path to prepend
git-svn-id: file:///home/svn/framework3/trunk@8514 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 05:24:31 +00:00
HD Moore 185ff610eb Add an example of how to break out of the capture loop
git-svn-id: file:///home/svn/framework3/trunk@8513 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 01:32:25 +00:00
Joshua Drake 48b7aec12d corrected cve reference
git-svn-id: file:///home/svn/framework3/trunk@8512 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:30:17 +00:00
Joshua Drake a996668cfa added payload notes
git-svn-id: file:///home/svn/framework3/trunk@8511 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:27:45 +00:00
Joshua Drake 82369aa9e8 add exploit module for cve-2007-2447
git-svn-id: file:///home/svn/framework3/trunk@8510 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:26:41 +00:00
Joshua Drake 8c59c9cfdc fix typos
git-svn-id: file:///home/svn/framework3/trunk@8508 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 22:42:16 +00:00
Joshua Drake b1ef6075c0 add exploit module for cve-2007-5208
git-svn-id: file:///home/svn/framework3/trunk@8507 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 22:38:50 +00:00
HD Moore 1857268af8 Uber-fast-get-me-a-php-shell mode :)
git-svn-id: file:///home/svn/framework3/trunk@8505 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 17:59:54 +00:00
kris 5a5fb84e2c strings, not constants
git-svn-id: file:///home/svn/framework3/trunk@8502 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 13:34:07 +00:00
HD Moore 32357b1f64 Skip the debugging target for automatic mode
git-svn-id: file:///home/svn/framework3/trunk@8499 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 01:02:12 +00:00
HD Moore 5d7139ad6f Various module cleanups
git-svn-id: file:///home/svn/framework3/trunk@8498 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 00:48:03 +00:00
Patrick Webster f9ae031055 Added piranha_passwd_exec exploit module.
git-svn-id: file:///home/svn/framework3/trunk@8497 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 20:27:24 +00:00
HD Moore 43e89bf3a2 Consistency fix
git-svn-id: file:///home/svn/framework3/trunk@8496 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 19:38:47 +00:00
HD Moore ca4b9bbd52 Ignore lang/service pack for non-Windows hosts in the OS information
git-svn-id: file:///home/svn/framework3/trunk@8490 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 17:25:05 +00:00
HD Moore 337e00d57e Swap flavor/name
git-svn-id: file:///home/svn/framework3/trunk@8489 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 17:13:55 +00:00
HD Moore 352a367857 Handle OS X better
git-svn-id: file:///home/svn/framework3/trunk@8488 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 17:13:00 +00:00
et 26bb74ad6e file autopwn minor fixes
git-svn-id: file:///home/svn/framework3/trunk@8486 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 00:06:32 +00:00
et 11cc5b0a32 fix name
git-svn-id: file:///home/svn/framework3/trunk@8484 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 23:38:01 +00:00
et 24084024c0 Add file format exploits generator. Kind of a File autopwn. Next step add Emailer
git-svn-id: file:///home/svn/framework3/trunk@8483 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 23:32:33 +00:00
HD Moore 9c227ea0e7 Improved auxiliary detection
git-svn-id: file:///home/svn/framework3/trunk@8481 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 23:26:07 +00:00
Patrick Webster ee4fd8c75d Ported sambar6_search_results from v2.
git-svn-id: file:///home/svn/framework3/trunk@8480 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 20:15:19 +00:00
HD Moore 7aa7995da9 Autodetect and exploit 2003 SP0
git-svn-id: file:///home/svn/framework3/trunk@8479 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 20:04:24 +00:00
Patrick Webster 01cbe85468 Fixed OSVDB refs and added CA Server module.
git-svn-id: file:///home/svn/framework3/trunk@8478 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 16:16:13 +00:00
Patrick Webster c8da073f80 Ported calicclnt_getconfig exploit module from msf2.
git-svn-id: file:///home/svn/framework3/trunk@8476 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 15:38:06 +00:00
Joshua Drake 1896c82e39 add exploit module for cve-2009-2484
git-svn-id: file:///home/svn/framework3/trunk@8475 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 06:58:27 +00:00
Joshua Drake 8c28d583aa bump ranking up a notch
git-svn-id: file:///home/svn/framework3/trunk@8474 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 06:57:58 +00:00
Tod Beardsley 0e48287310 Adding a quickie ssh_login checker.
This will certainly change -- it's mostly just a placeholder now (though it does work).



git-svn-id: file:///home/svn/framework3/trunk@8472 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 23:00:36 +00:00
Joshua Drake d561b8e8ec add references, update description
git-svn-id: file:///home/svn/framework3/trunk@8471 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 21:09:09 +00:00
Joshua Drake f3c6b01bbd add first exploit module using Rex::OLE (cve-2009-3129)
git-svn-id: file:///home/svn/framework3/trunk@8470 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 20:52:41 +00:00
Tod Beardsley 49b0e8a077 Argh should be mssql not tcp.
git-svn-id: file:///home/svn/framework3/trunk@8469 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 19:58:14 +00:00
Tod Beardsley fb30d8e8c9 Renaming services to mssql-m and mssql because nobody uses ms-sql-s to talk about port 1433 except /etc/services
git-svn-id: file:///home/svn/framework3/trunk@8468 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 19:53:18 +00:00
Tod Beardsley 58913b6a71 Trivial fixup on print_status
git-svn-id: file:///home/svn/framework3/trunk@8467 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 19:16:05 +00:00
Patrick Webster 3fd3d44ad6 Added barcode_ax49.rb exploit module.
git-svn-id: file:///home/svn/framework3/trunk@8466 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 18:06:49 +00:00
Tod Beardsley 537007c9cb Implementing database reporting for mssql_ping.
git-svn-id: file:///home/svn/framework3/trunk@8464 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 16:53:46 +00:00
HD Moore 3fe41a0d94 Fix a small typo
git-svn-id: file:///home/svn/framework3/trunk@8463 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 14:44:23 +00:00
natron 9729b22972 Loopty version of the wireshark exploit. This will continually blast packets as a background job.
git-svn-id: file:///home/svn/framework3/trunk@8460 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 01:58:33 +00:00
HD Moore 993ba44fcf SMB updates, better reporting of SSL status for HTTP
git-svn-id: file:///home/svn/framework3/trunk@8459 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 22:37:00 +00:00
Tod Beardsley c52b37ea17 Prettify the telnet banner display for db_services
git-svn-id: file:///home/svn/framework3/trunk@8458 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 20:14:38 +00:00
Tod Beardsley 8a44f4b9d8 Using a proper variable instead of $1 token for ora version.
git-svn-id: file:///home/svn/framework3/trunk@8456 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 18:29:24 +00:00
Tod Beardsley 53ce10ac12 Switching Oracle scanner to use db_service rather than db_note to record version numbers.
git-svn-id: file:///home/svn/framework3/trunk@8455 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 17:57:33 +00:00
Joshua Drake 6e80c7a62c use Rex::Arch::pack_addr
git-svn-id: file:///home/svn/framework3/trunk@8454 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 09:03:48 +00:00
Joshua Drake 0f942df9cd whitespace changes
git-svn-id: file:///home/svn/framework3/trunk@8451 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 06:00:12 +00:00
Joshua Drake f82c53db2a move 70k binary to data/exploits instead of hex encoded in the exploit
git-svn-id: file:///home/svn/framework3/trunk@8446 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 23:17:19 +00:00
James Lee eb6ce38e0c old zero-day shows its age
git-svn-id: file:///home/svn/framework3/trunk@8445 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 20:41:07 +00:00
Steve Tornio df55aee06f add osvdb and cve refs
git-svn-id: file:///home/svn/framework3/trunk@8444 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 19:35:28 +00:00
Steve Tornio a1ec895cee add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8443 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 19:26:18 +00:00
Tod Beardsley e4494d3582 Added a verbosity line to telnet.
git-svn-id: file:///home/svn/framework3/trunk@8442 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 19:06:01 +00:00
Steve Tornio b37b409c3e update osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@8441 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 18:46:03 +00:00
Joshua Drake d96a6a1f8f add exploit module for cve-2009-2261 - first consumer of zip library!
git-svn-id: file:///home/svn/framework3/trunk@8440 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 17:28:25 +00:00
natron f93a8e878e Auxiliary failed: NoMethodError undefined method `each' for "GET ([^ ?]+) HTTP":String
git-svn-id: file:///home/svn/framework3/trunk@8436 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 22:36:37 +00:00
Tod Beardsley 65c5eae59e Calling it postgres instead of postgresql for overall consistency.
git-svn-id: file:///home/svn/framework3/trunk@8435 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 20:44:23 +00:00
James Lee e2d70519d7 add the ability to check for a prompt before sending user/pass; now works with cisco, aix, solaris, linux, and windows telnetds
git-svn-id: file:///home/svn/framework3/trunk@8434 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 19:07:02 +00:00
Stephen Fewer a03b7c3feb Commit the modified auxiliary modules to include a CHOST option so the relevant modules can avail of the new UDP pivoting.
git-svn-id: file:///home/svn/framework3/trunk@8432 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 16:47:38 +00:00
HD Moore a92f5f207b Handle null user lists
git-svn-id: file:///home/svn/framework3/trunk@8429 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 16:43:26 +00:00
HD Moore 11e8710a60 Catch OpenDomain failures
git-svn-id: file:///home/svn/framework3/trunk@8428 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 16:34:49 +00:00
Joshua Drake 48a159006a Regenerate the payload with the specified AIX level, cleanups
git-svn-id: file:///home/svn/framework3/trunk@8427 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 04:15:47 +00:00
Joshua Drake e7f7ac20ea extended brute range, minor cleanups
git-svn-id: file:///home/svn/framework3/trunk@8426 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 04:15:15 +00:00
HD Moore af978cbbdc Regenerate the payload with the specified AIX level
git-svn-id: file:///home/svn/framework3/trunk@8424 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 03:59:20 +00:00
et 36c61ff5ed Fix typo
git-svn-id: file:///home/svn/framework3/trunk@8423 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 01:10:29 +00:00
Joshua Drake 7bf3de2a3d randomize filler
git-svn-id: file:///home/svn/framework3/trunk@8422 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 00:43:56 +00:00
Joshua Drake 40579ce936 it works! don't forget to "set AIX <version>"
git-svn-id: file:///home/svn/framework3/trunk@8421 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 00:41:49 +00:00
Joshua Drake 17bd4b8b7d fixed aix payloads to REALLY do variable substitution
git-svn-id: file:///home/svn/framework3/trunk@8418 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 22:41:36 +00:00
Tod Beardsley c763052c57 See #816. This came up while learning how to perform various postgre tasks via Metasploit.
This module in particular reads a text file on the remote machine, copies it to a temporary table, and then selects the table.

Looks like this:

http://pastie.org/private/uoxgaw7ibjpvuepolr1fuw



git-svn-id: file:///home/svn/framework3/trunk@8417 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 22:34:09 +00:00
HD Moore ba34abc232 Fix unpack("H*") vs unpack("H*")[0]
git-svn-id: file:///home/svn/framework3/trunk@8416 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 21:37:07 +00:00
Tod Beardsley 2860d57e01 Cosmetic change to print_status messages to be consistent with Postgres
git-svn-id: file:///home/svn/framework3/trunk@8414 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 20:12:35 +00:00
HD Moore c6c1cda153 Try to delete the file (doesn't always work)
git-svn-id: file:///home/svn/framework3/trunk@8413 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 19:12:59 +00:00
HD Moore bc62eaf99b Adds a module to exploit insecure IIS configurations (PUT)
git-svn-id: file:///home/svn/framework3/trunk@8412 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 19:04:19 +00:00
Tod Beardsley d374c16662 Fixed up reporting for DB2 and tested; also added other default usernames for db2.
git-svn-id: file:///home/svn/framework3/trunk@8411 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 18:54:50 +00:00
Steve Tornio f3ad1c0a15 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8410 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 18:53:21 +00:00
Tod Beardsley 0b6c44b2cb Adding reporting to postgres_login. Logging version info more verbosely for authenticated login, since it's way useful.
git-svn-id: file:///home/svn/framework3/trunk@8408 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 17:35:58 +00:00
Tod Beardsley 67bb7a1926 Cleaning up print_status messages for Postgres SQL module and Postgres library.
git-svn-id: file:///home/svn/framework3/trunk@8407 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 16:43:44 +00:00
HD Moore 79c68e3784 Fix the description
git-svn-id: file:///home/svn/framework3/trunk@8406 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 13:53:50 +00:00
HD Moore c28f15d02c Quote the share name
git-svn-id: file:///home/svn/framework3/trunk@8405 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 13:36:35 +00:00
Joshua Drake f04ae6f20d minor cleanups -- getting closer
git-svn-id: file:///home/svn/framework3/trunk@8402 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 01:03:46 +00:00
HD Moore 7870638481 Expose the SunRPC socket; we need to overhaul the SunRPC code sometime
git-svn-id: file:///home/svn/framework3/trunk@8399 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:52:58 +00:00
Joshua Drake 8b63d506f7 initial commit of aix cmsd exploit (not fully working yet)
git-svn-id: file:///home/svn/framework3/trunk@8398 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:44:54 +00:00
Joshua Drake d68efa61d2 initial commit of aix cmsd exploit (not fully working yet)
git-svn-id: file:///home/svn/framework3/trunk@8397 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:44:37 +00:00
Joshua Drake 9f174795d4 add exploit module for vermillion ftpd memory corruption
git-svn-id: file:///home/svn/framework3/trunk@8396 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:39:48 +00:00
Joshua Drake a772bc2c85 minor cleanups
git-svn-id: file:///home/svn/framework3/trunk@8395 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-07 21:42:12 +00:00
James Lee c6c1afe543 open sessions when a telnet login succeeds; needs testing on more telnetd's
git-svn-id: file:///home/svn/framework3/trunk@8393 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-07 01:24:41 +00:00
James Lee 3b0b2731fd fix telnet scanner
git-svn-id: file:///home/svn/framework3/trunk@8392 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-07 00:14:29 +00:00
HD Moore bd91871763 Correct credit for the advisory
git-svn-id: file:///home/svn/framework3/trunk@8391 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 23:22:28 +00:00
HD Moore b2518b7c68 Remove the starting host verbage; it gets noisy in scanning mode
git-svn-id: file:///home/svn/framework3/trunk@8390 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 22:07:44 +00:00
HD Moore 715e2c4c2e Add a link to the vendor response
git-svn-id: file:///home/svn/framework3/trunk@8389 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 21:54:57 +00:00
James Lee c48fe399f7 references have to be strings. fixes 815
git-svn-id: file:///home/svn/framework3/trunk@8387 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 21:41:06 +00:00
HD Moore 4c8dc37435 Add the OSVDB reference
git-svn-id: file:///home/svn/framework3/trunk@8382 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 14:51:56 +00:00
HD Moore 2c6b9c2800 Use the full \\host\share syntax to work with all versions of Samba. Thanks Eren!
git-svn-id: file:///home/svn/framework3/trunk@8381 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 14:45:43 +00:00
Joshua Drake 875a66553f clean up a couple comments to save future pain
git-svn-id: file:///home/svn/framework3/trunk@8380 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 06:53:31 +00:00
Joshua Drake bd3a4760da fixes to adobe_pdf_embedded_exe
optimized the directory search, and cmdline in general
added the Documents (Vista/Win7) to the list of directories to check
fixes #767



git-svn-id: file:///home/svn/framework3/trunk@8379 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 06:51:13 +00:00
James Lee 9b59f0e3c2 give the reported service a name
git-svn-id: file:///home/svn/framework3/trunk@8377 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 00:37:16 +00:00
James Lee 509b2aab3a use new api
git-svn-id: file:///home/svn/framework3/trunk@8376 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-05 23:00:51 +00:00
James Lee 0e1af9ed6a add reporting, see #385
git-svn-id: file:///home/svn/framework3/trunk@8375 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-05 21:13:07 +00:00
Tod Beardsley 43bbfefa8f Adding a Windows signature for Postgres.
git-svn-id: file:///home/svn/framework3/trunk@8374 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-05 18:02:13 +00:00
Tod Beardsley c8cdf9c938 Fixes #811 by implementing an enumerator for PostgreSQL.
git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-05 15:20:59 +00:00
HD Moore aeba7e0429 Store RPC information
git-svn-id: file:///home/svn/framework3/trunk@8370 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-05 14:53:09 +00:00
HD Moore b3a588b8cc Adds a module for kcope's samba filesystem traversal
git-svn-id: file:///home/svn/framework3/trunk@8369 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-05 06:38:24 +00:00
Joshua Drake 4f9490f63f add default username/passwords for IBM Cognos Express Tomcat Manager
git-svn-id: file:///home/svn/framework3/trunk@8368 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-04 20:34:55 +00:00
Joshua Drake 9397c897ba fix spoof support
git-svn-id: file:///home/svn/framework3/trunk@8367 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-04 04:56:18 +00:00
Tod Beardsley 6e8e6ef16a Fixes #769 by implementing a brute force module for Postgres. A couple notes: If you guess wrong at the database name, you still can try to login with a username and password -- you'll get a successful auth, but then get disconnected. So, that's pretty neat.
Also, since Postgres-PR uses the stock TCPSocket object, connection timeouts and other errors take forever. This is avoided in the brute forcer by pre-validating the connection with Rex::Socket, but this is a hack -- it would be better to convert Postgres-PR to a Rex::Socket flavor, so you also get nicer error messages and what all. I did fork it off the main distribute it already anyway, so may as well will open a feature bug on this, but it's pretty low priority.




git-svn-id: file:///home/svn/framework3/trunk@8366 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 21:45:13 +00:00
Joshua Drake 9b79ebd000 add a windows target, thx redsand!
also removed some cruft


git-svn-id: file:///home/svn/framework3/trunk@8364 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 18:24:42 +00:00
Tod Beardsley 376e2ee62c Gah!
git-svn-id: file:///home/svn/framework3/trunk@8363 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 13:53:47 +00:00
Tod Beardsley b785d5af00 Keywords.
git-svn-id: file:///home/svn/framework3/trunk@8362 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 13:53:12 +00:00
Joshua Drake 7538b93aae add exploit module for cve-2006-6665
git-svn-id: file:///home/svn/framework3/trunk@8361 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 06:09:31 +00:00
Joshua Drake a41647a922 add silly jmp esp target for wireshark gui on debian
git-svn-id: file:///home/svn/framework3/trunk@8360 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 00:08:28 +00:00
James Lee 1ee79780e9 fix the http option scanner
git-svn-id: file:///home/svn/framework3/trunk@8355 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 23:11:18 +00:00
Tod Beardsley 2ffe4abb5d Fixes #730 by fixing up the Postgres query module and nicifying the output.
git-svn-id: file:///home/svn/framework3/trunk@8352 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 21:02:12 +00:00
Tod Beardsley 44fbe35871 Fixing revision keyword
git-svn-id: file:///home/svn/framework3/trunk@8351 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 17:37:34 +00:00
Tod Beardsley 4fcc9856d0 Adding a Juniper JunOS DoS exploit (no CVE, BID: 37670)
git-svn-id: file:///home/svn/framework3/trunk@8349 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 17:19:14 +00:00
Steve Tornio 2cbd6d152d Add cve and osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@8347 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 12:37:07 +00:00
Joshua Drake 98dd073368 add an exploit module for one of the wireshark lwres vulns
git-svn-id: file:///home/svn/framework3/trunk@8346 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 06:20:18 +00:00
Joshua Drake 746c4fc263 whitespace change
git-svn-id: file:///home/svn/framework3/trunk@8345 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 06:19:34 +00:00
Tod Beardsley 01adf60550 See #730. First pass at a Postgres Query module. Doesn't handle errors very well yet (still need to work all that out and create some test cases).
git-svn-id: file:///home/svn/framework3/trunk@8344 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 01:40:48 +00:00
Joshua Drake fde3fbb2e3 add exploit module for cve-2009-1569
git-svn-id: file:///home/svn/framework3/trunk@8339 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:56:02 +00:00
Joshua Drake c073cd707a removed unecessary parameter, commented target
git-svn-id: file:///home/svn/framework3/trunk@8338 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:33:38 +00:00
et edc64f824e Added trace.axd scanner by C4an
git-svn-id: file:///home/svn/framework3/trunk@8337 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 02:49:18 +00:00
Joshua Drake 2783c5884e add exploit module for cve-2009-1568
git-svn-id: file:///home/svn/framework3/trunk@8336 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 02:40:47 +00:00
et 7964d0f38a Renaming wmap modules
git-svn-id: file:///home/svn/framework3/trunk@8335 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 02:12:30 +00:00
et 7e5793af2a New enumeration modules by Mubix
git-svn-id: file:///home/svn/framework3/trunk@8331 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-31 00:52:51 +00:00
natron 3ecabe1be9 Adds static signed jar and user messages letting them know.
git-svn-id: file:///home/svn/framework3/trunk@8328 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 19:47:40 +00:00
Joshua Drake 4863faf0a7 add reference to cve-2000-1209 (sa blank password)
git-svn-id: file:///home/svn/framework3/trunk@8324 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 16:37:06 +00:00
Joshua Drake c514c2274b typo, fixes #786, see also r8315
git-svn-id: file:///home/svn/framework3/trunk@8316 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 01:06:06 +00:00
Joshua Drake 53fd14c9c0 updated description, added PATH variable
git-svn-id: file:///home/svn/framework3/trunk@8315 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 01:04:23 +00:00
Tod Beardsley a76480d42c See #726. Cleaning up my gross whitespace.
git-svn-id: file:///home/svn/framework3/trunk@8311 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 23:08:39 +00:00
natron 69ad365b46 Added STDERR to pure java payload, cleaned up user's view.
git-svn-id: file:///home/svn/framework3/trunk@8308 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 22:53:36 +00:00
Steve Tornio 70c0cb7530 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8307 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 21:04:40 +00:00
Steve Tornio a3f4d4f65e add cve and osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@8306 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 21:04:01 +00:00
Joshua Drake c0e556f7ad oops, broke the tree again!
git-svn-id: file:///home/svn/framework3/trunk@8305 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:37:44 +00:00
Joshua Drake 4751d83cb8 some cleanups, added some CVE references
git-svn-id: file:///home/svn/framework3/trunk@8304 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:15:32 +00:00
Joshua Drake 7789db860d add exploit module for Audiotran .pls file bof
git-svn-id: file:///home/svn/framework3/trunk@8303 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 19:24:41 +00:00
Joshua Drake d9e5de5683 note the CLSID of this control
git-svn-id: file:///home/svn/framework3/trunk@8302 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 19:17:50 +00:00
Joshua Drake 15e13348c0 add exploit module for AOL phobos bug
git-svn-id: file:///home/svn/framework3/trunk@8300 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 18:58:14 +00:00
Joshua Drake 0fbe42395f added automatic target detection
git-svn-id: file:///home/svn/framework3/trunk@8287 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 07:34:47 +00:00
HD Moore 214d624ddc Fix the report_host() code (broken by previous commit), add an advanced option to store db hosts from monlist
git-svn-id: file:///home/svn/framework3/trunk@8283 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 23:25:17 +00:00
Joshua Drake 008755b025 add exploit module for yassl CertDecoder::GetName vuln
also renames old mysql_yassl exploit to _hello

git-svn-id: file:///home/svn/framework3/trunk@8282 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 23:24:44 +00:00
natron 9891d60dfc Move applet generation up for slight speed improvement and less spamminess to the user.
git-svn-id: file:///home/svn/framework3/trunk@8281 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 23:15:36 +00:00
Tod Beardsley bedbc2c341 See #782. Deregistering filter and pcapfile (not needed for these), moving GATEWAY to advanced options.
git-svn-id: file:///home/svn/framework3/trunk@8277 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:58:45 +00:00
natron 5e4442a4d4 Fix a bug missed due to caching issues.
git-svn-id: file:///home/svn/framework3/trunk@8276 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:58:13 +00:00
Tod Beardsley e224d621aa See #782. Updating bailiwicked to use capture_sendo.
git-svn-id: file:///home/svn/framework3/trunk@8275 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:36:49 +00:00
natron c135462768 <@jduck> natron: you need some svn keywords magic
git-svn-id: file:///home/svn/framework3/trunk@8274 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:20:32 +00:00
Tod Beardsley 8d64f8a10c See #782. Updating to use capture_sendto.
git-svn-id: file:///home/svn/framework3/trunk@8273 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:17:45 +00:00
Tod Beardsley 246fe53ff4 See #782. Updating the ntpd dos attack to use capture_sendto.
git-svn-id: file:///home/svn/framework3/trunk@8272 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:13:44 +00:00
Tod Beardsley 170b9f7705 See #782. Converted synflood.rb to use capture_sendto.
Note, this makes the SYN flooding significantly more sucky, since if it's a remote address, capture_sendto will always try to arp. Need to deal with this. I have a couple strategies in mind.


git-svn-id: file:///home/svn/framework3/trunk@8271 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:04:14 +00:00
Tod Beardsley e05e3d7248 Adding Id tag.
git-svn-id: file:///home/svn/framework3/trunk@8269 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:55:31 +00:00
Tod Beardsley 3baeb9c199 See #782. Updating chunked.rb to use capture_sendto. Also adjusted TTL's for ldap and chunked.
git-svn-id: file:///home/svn/framework3/trunk@8268 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:54:33 +00:00
natron cd5e5880d2 Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit.
git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:46:39 +00:00
Tod Beardsley 2f76affadb See #782. Updating ldap exploit to use capture_sendto. Also updating capture.rb to include RHOST.
git-svn-id: file:///home/svn/framework3/trunk@8266 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:37:22 +00:00
Tod Beardsley 0f37a27fe4 See #782. Updating ip_spoof to use capture_sendto
git-svn-id: file:///home/svn/framework3/trunk@8265 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:00:21 +00:00
Tod Beardsley 71c44dadd8 See #782. Updating rogue_send form capture_sendto
git-svn-id: file:///home/svn/framework3/trunk@8264 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 18:46:48 +00:00
Tod Beardsley 4374b8ccc4 See #782. Updating ipidseq to use capture_sendto.
git-svn-id: file:///home/svn/framework3/trunk@8263 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 18:40:38 +00:00
Tod Beardsley 99f9cf76a8 See #782. Updating syn to use capture_sendto.
git-svn-id: file:///home/svn/framework3/trunk@8262 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 18:34:35 +00:00
Tod Beardsley 280e7f8bdd See #782. Revising ack to use the new capture_sendto.
git-svn-id: file:///home/svn/framework3/trunk@8261 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 18:31:36 +00:00
Tod Beardsley 709c634bfa Renaming sendto to capture_sendto to give the user a hint as to where it came from.
git-svn-id: file:///home/svn/framework3/trunk@8260 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 18:21:33 +00:00
Tod Beardsley 3053bd702a See #782. Updated xmas.rb (again), now uses the nicer frontend function sendto. Diff against r8026 to get an idea of what's changed for module writers.
git-svn-id: file:///home/svn/framework3/trunk@8259 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 18:12:02 +00:00
HD Moore 393cf5becb Add the NTP monlist scanner
git-svn-id: file:///home/svn/framework3/trunk@8255 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 06:53:24 +00:00
Tod Beardsley fb09655c42 See #782. Fixing the packet send, but that's it (the module is still busted for other reasons).
git-svn-id: file:///home/svn/framework3/trunk@8251 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 03:03:51 +00:00
Tod Beardsley bf24295d1d See #782. Updating ipidseq.
git-svn-id: file:///home/svn/framework3/trunk@8248 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 22:36:27 +00:00
Tod Beardsley 23f06ca8a6 See #782. Updating syn scanner. Also, before I forget: should optimize the arp cache to keep negatives so we don't rearp all the time for nonexistant hosts.
git-svn-id: file:///home/svn/framework3/trunk@8247 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 22:16:03 +00:00
Tod Beardsley 658e07a0de See #782. Updating ack scanner.
git-svn-id: file:///home/svn/framework3/trunk@8246 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 21:59:30 +00:00
Tod Beardsley 4bb6e650da See #782. Implemented a more sensible arp cache so as not to spam with UDP probes and arps. Also refactored xmas to use the new methods.
git-svn-id: file:///home/svn/framework3/trunk@8245 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 21:37:40 +00:00
Joshua Drake 31949c4343 svn keywords fixups
fixed a bunch of $Id$ and $Revision$ typos
added keywords property to files missing it



git-svn-id: file:///home/svn/framework3/trunk@8242 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 20:12:13 +00:00
Tod Beardsley c003a663d1 See #782. Extended the injection ARP query methods to handle local addresses more satisfactorially, fixed a couple errors, and added a bunch of inline documentation to explain how it all works together.
git-svn-id: file:///home/svn/framework3/trunk@8238 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 16:00:16 +00:00
Tod Beardsley cac3d6d56b See #782. This introduces some inject methods to the Capture mixin, and edits the ip_spoof module to take advantage of them.
git-svn-id: file:///home/svn/framework3/trunk@8237 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 06:38:41 +00:00
Tod Beardsley 37c1441c6c Formatting on db2 output.
git-svn-id: file:///home/svn/framework3/trunk@8225 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 16:37:56 +00:00
Tod Beardsley 7cc01b07f3 See #726. Post-commit fixes. Rename probe to version, clean up includes, fix verbosity on the probe and convert to single-line output.
git-svn-id: file:///home/svn/framework3/trunk@8224 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 16:25:29 +00:00
Tod Beardsley 359e1ad53a See #726. Adds a DB2 scanner and brute forcer.
git-svn-id: file:///home/svn/framework3/trunk@8223 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 15:58:24 +00:00
HD Moore 1bdd286936 This bug actually affected 9.2 as well according to adobe, reference updated
git-svn-id: file:///home/svn/framework3/trunk@8222 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 14:22:13 +00:00
Joshua Drake 87adb7714f fixed whitespace
git-svn-id: file:///home/svn/framework3/trunk@8219 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 04:52:49 +00:00
Joshua Drake 83f47796fe add reference to ms09-032 (the mitigation)
git-svn-id: file:///home/svn/framework3/trunk@8212 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-24 00:05:19 +00:00
James Lee cc41516a79 don't wait for the client reporting
git-svn-id: file:///home/svn/framework3/trunk@8210 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-23 00:17:59 +00:00
Joshua Drake 14862e0106 added another target
git-svn-id: file:///home/svn/framework3/trunk@8204 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 21:43:40 +00:00
Joshua Drake 4bb3adc397 move new tomcat_mgr_login scanner into scanner/http
git-svn-id: file:///home/svn/framework3/trunk@8202 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 20:33:11 +00:00
Joshua Drake 40be42676b new tomcat_mgr_login aux module
- uses auth_brute mixin
- has old and new default users/passes/pairs
- replaces older modules/auxiliary/admin/http/tomcat_manager.rb


git-svn-id: file:///home/svn/framework3/trunk@8201 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 20:31:51 +00:00
Joshua Drake 5ebb0c4b38 add CVE, two default users & passwords, see #711
git-svn-id: file:///home/svn/framework3/trunk@8194 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 16:22:12 +00:00
Joshua Drake 6fd20d411f add exploit module for cve-2009-4179
git-svn-id: file:///home/svn/framework3/trunk@8192 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 05:52:53 +00:00
Joshua Drake 409d44bfad fix another typo
git-svn-id: file:///home/svn/framework3/trunk@8190 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:26:04 +00:00
Joshua Drake 9cb3ac9340 fix typo
git-svn-id: file:///home/svn/framework3/trunk@8189 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:24:54 +00:00
Joshua Drake ab1a1c58db escape more format specifiers passed to util.printd
prevents mucking with the allocation size (hopefully)
a better solution would be to find a different way to allocate the freed memory..


git-svn-id: file:///home/svn/framework3/trunk@8188 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 18:32:01 +00:00
Joshua Drake a87d4e7eb4 escape randomly generated format specifiers passed to util.printd
prevents mucking with the allocation size (hopefully)


git-svn-id: file:///home/svn/framework3/trunk@8186 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 17:09:46 +00:00
Joshua Drake 2b8a2d56a1 some variable renaming
git-svn-id: file:///home/svn/framework3/trunk@8184 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 04:55:16 +00:00
Joshua Drake 72e1b9bb50 added a couple better error messages
git-svn-id: file:///home/svn/framework3/trunk@8183 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:30:08 +00:00
Joshua Drake 97c3159293 fixed version command, check function
git-svn-id: file:///home/svn/framework3/trunk@8182 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:15:20 +00:00
Joshua Drake e8048704be add exploit module for cve-2009-1979 (oracle pre-auth bof)
git-svn-id: file:///home/svn/framework3/trunk@8181 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:05:18 +00:00
James Lee 865a50594b add a telnet login scanner
git-svn-id: file:///home/svn/framework3/trunk@8179 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-20 03:25:34 +00:00
Joshua Drake 4a54388119 use print_error for failed login
git-svn-id: file:///home/svn/framework3/trunk@8178 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-20 02:33:15 +00:00
James Lee e19f66ec1f use the new authbrute mixin
git-svn-id: file:///home/svn/framework3/trunk@8176 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-20 01:43:01 +00:00
Joshua Drake 310be42bfa try not to repeatedly load static files - see #694
git-svn-id: file:///home/svn/framework3/trunk@8166 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 19:12:42 +00:00
James Lee ca7f85c054 more consistent printing of found credentials
git-svn-id: file:///home/svn/framework3/trunk@8164 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 19:06:03 +00:00
James Lee d85c801b11 name consistency with arp_sweep
git-svn-id: file:///home/svn/framework3/trunk@8162 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 17:49:00 +00:00
Joshua Drake db5097af91 bump ranking up, comment about crash recovery
git-svn-id: file:///home/svn/framework3/trunk@8154 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 07:23:22 +00:00
Joshua Drake 477468147b cleanup exceptions, optimize query length, add some entropy
git-svn-id: file:///home/svn/framework3/trunk@8153 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 05:09:40 +00:00
Joshua Drake 7c402d1d79 changed a comment
git-svn-id: file:///home/svn/framework3/trunk@8152 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 01:56:31 +00:00
Joshua Drake 52b71077d3 major overhaul of ms09-004 (cve-2008-5416) exploit
git-svn-id: file:///home/svn/framework3/trunk@8151 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 01:51:48 +00:00
James Lee 08eb80f4a9 use the authbrute mixin
git-svn-id: file:///home/svn/framework3/trunk@8150 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-18 22:22:22 +00:00
James Lee cb9cf943b4 Remove the database lookups so we don't trigger lockout policies unnecessarily. We'll probably have to revisit this at some point
git-svn-id: file:///home/svn/framework3/trunk@8145 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-18 21:19:28 +00:00
James Lee d4c42806f6 can't really be a scanner since a sid is needed for each host
git-svn-id: file:///home/svn/framework3/trunk@8141 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-17 17:56:05 +00:00
James Lee bbe10b439f let the user know when a client connects
git-svn-id: file:///home/svn/framework3/trunk@8140 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 01:00:01 +00:00
James Lee 6c572466fa make the oracle login a scanner for consistency. see 757
git-svn-id: file:///home/svn/framework3/trunk@8139 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 00:59:06 +00:00
HD Moore 69f609bdcd Updated description to make the source of the exploit clear and why it only triggers reliably vs 6 now. Adjusts the heap spray to be slightly bigger
git-svn-id: file:///home/svn/framework3/trunk@8138 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 00:55:42 +00:00
Steve Tornio a0326fc842 add CVE and OSVDB refs
git-svn-id: file:///home/svn/framework3/trunk@8137 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 22:05:02 +00:00
HD Moore 579a6fe799 Metasploit port of the IE "Aurora" exploit, based on this sample: http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js
git-svn-id: file:///home/svn/framework3/trunk@8136 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 21:36:04 +00:00
HD Moore 2ba892aa69 Report host mac, name, and whether its a VM
git-svn-id: file:///home/svn/framework3/trunk@8133 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 15:49:13 +00:00
HD Moore 7390b1d42d Add and improve database reporting to existing scanner modules
git-svn-id: file:///home/svn/framework3/trunk@8131 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 03:25:34 +00:00
HD Moore 90221c1191 Consistency change
git-svn-id: file:///home/svn/framework3/trunk@8130 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 02:58:59 +00:00
HD Moore 0b7df74615 Rename modules to be consistent with the new convention
git-svn-id: file:///home/svn/framework3/trunk@8129 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 02:55:08 +00:00
Joshua Drake fba8a1d110 added a German target with 0x0a0a0a0a as the spray addr
git-svn-id: file:///home/svn/framework3/trunk@8125 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-14 22:24:56 +00:00
James Lee df1cb6b36e move smb/login. see 757
git-svn-id: file:///home/svn/framework3/trunk@8121 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-14 18:51:04 +00:00
James Lee 54095a585e update the auth bruteforcer, and use it in smb/login
git-svn-id: file:///home/svn/framework3/trunk@8116 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-14 16:58:43 +00:00
HD Moore 396e894cdb Finger user enumerator
git-svn-id: file:///home/svn/framework3/trunk@8109 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-13 23:37:14 +00:00
HD Moore 9bb14e1c4e Add a telnet banner grabber
git-svn-id: file:///home/svn/framework3/trunk@8108 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-13 21:46:48 +00:00
HD Moore 831833667a Minor tweak (run inside of sh -c '')
git-svn-id: file:///home/svn/framework3/trunk@8107 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-13 20:19:51 +00:00
HD Moore dded66d71a Fixed up to work against Windows 2000 -> Windows 7
git-svn-id: file:///home/svn/framework3/trunk@8106 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-13 14:37:15 +00:00
HD Moore de2a293c26 Lookup users via SAMR
git-svn-id: file:///home/svn/framework3/trunk@8103 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-13 00:27:11 +00:00
HD Moore a2b883ff3d Adds a SID lookup module
git-svn-id: file:///home/svn/framework3/trunk@8101 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-12 07:39:53 +00:00
Carlos Perez f9f4f31fdd Changed to checking the size and not the line count on queries
git-svn-id: file:///home/svn/framework3/trunk@8083 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-07 17:52:40 +00:00
HD Moore b1f79c6342 Use nohup to prevent the telnet session close from killing the command
git-svn-id: file:///home/svn/framework3/trunk@8082 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-07 00:10:03 +00:00
Joshua Drake 8399ff46b2 oops, left out a var
git-svn-id: file:///home/svn/framework3/trunk@8081 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:55:41 +00:00
Joshua Drake c51c14bcba fix typos :-/
git-svn-id: file:///home/svn/framework3/trunk@8080 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:09:34 +00:00
Joshua Drake 97338e6848 add exploit module for cve-2007-2280 (split from other)
git-svn-id: file:///home/svn/framework3/trunk@8079 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:04:58 +00:00
Joshua Drake 75ff9d327a _2 == cve-2009-3844
git-svn-id: file:///home/svn/framework3/trunk@8078 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:01:08 +00:00
Joshua Drake 3a9b384554 renamed the moduled
git-svn-id: file:///home/svn/framework3/trunk@8077 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 19:29:11 +00:00
Joshua Drake 4a0051d93a lots of updates, preparing to split into two modules
git-svn-id: file:///home/svn/framework3/trunk@8076 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 19:28:19 +00:00
HD Moore 6a10d6b6ca Cleanup for tcp mixin, report smb version better, downcase service names
git-svn-id: file:///home/svn/framework3/trunk@8074 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 18:47:04 +00:00
Steve Tornio 888b7637c0 Add OSVDB ref, fixed exploit-db refs
git-svn-id: file:///home/svn/framework3/trunk@8071 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 11:49:12 +00:00
Joshua Drake 905d391d5e add exploit module for bigant 2.52 usv bug
git-svn-id: file:///home/svn/framework3/trunk@8070 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 08:24:35 +00:00
Joshua Drake efb3dbb2af minor tweaks
git-svn-id: file:///home/svn/framework3/trunk@8069 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 00:35:46 +00:00
Joshua Drake 789d875d24 record addr for stack hijacking
git-svn-id: file:///home/svn/framework3/trunk@8068 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 00:02:15 +00:00