jvazquez-r7
57d60c66f9
Add masqform version as comment
2013-12-27 10:59:23 -06:00
jvazquez-r7
341e3c0370
Use rexml
2013-12-27 10:55:36 -06:00
jvazquez-r7
ee35f9ac30
Add module for zdi-13-274
2013-12-27 10:20:44 -06:00
Tod Beardsley
d6a63433a6
Space at EOL
2013-12-26 10:37:18 -06:00
Tod Beardsley
5ce862a5b5
Add OSVDB
2013-12-26 10:33:46 -06:00
Tod Beardsley
c34a5f3758
Unacronym the title on Poison Ivy C&C
2013-12-26 10:30:30 -06:00
Tod Beardsley
47765a1c4f
Fix chargen probe title, comment on the CVE
2013-12-26 10:29:11 -06:00
Tod Beardsley
056661e5dd
No at-signs in names please.
2013-12-26 10:26:01 -06:00
jvazquez-r7
b02e21a1d3
Land #2779 , @wchen-r7's mod to raise Msf::OptionValidateError when PORTS is invalid
2013-12-26 09:27:27 -06:00
sinn3r
78db7429d0
Turns out the latest Safari is still vulnerable.
...
The version check is currently disabled because turns out the latest
Safari (6.1.1) is still vulnerable - I can still loot it in plain
text.
2013-12-24 19:27:45 -06:00
sinn3r
a26e12b746
Updates descriiption and improves regex for safari_lastsession.rb
...
This updates two things for the safari_lastsession post module:
1. The description is updated: More information is added to describe
how Safari would end up storing the Gmail credential in the last
session state, and what it means to you as an attacker.
2. Regex update for the domain to search for: Before the module starts
extract the session data, it needs to know which domain to extract from.
Originally I only added mail.google.com, but turns out the sensitive info
can be found in accounts.google.com, so I added that one.
2013-12-24 14:00:55 -06:00
rbsec
86a94022c0
Fix lotus_domino_hashes not working.
...
Some Lotus Domino servers prefix the "dspHTTPPassword" with a dollar
sign. Updated regex to take this into account.
2013-12-24 11:57:13 +00:00
sinn3r
90ce761681
Land #2790 - RealNetworks RealPlayer Version Attribute Buffer Overflow
2013-12-24 00:39:54 -06:00
sinn3r
367dce505b
Minor details
2013-12-24 00:39:15 -06:00
sgabe
f687a14539
Added support for opening via menu.
2013-12-24 03:12:49 +01:00
sinn3r
213556761a
Land #2765 - Added Poison Ivy Command and Control Scanner
2013-12-23 17:36:18 -06:00
sinn3r
0a07bbdf2e
Minor changes
2013-12-23 17:35:42 -06:00
jvazquez-r7
88b3b2c78e
Switch RHOSTS to TARGETS and add validation
2013-12-23 11:58:26 -06:00
sinn3r
9c484dd0a3
Land #2786 - HP SiteScope issueSiebelCmd Remote Code Execution
2013-12-23 02:34:01 -06:00
sinn3r
5b647ba6f8
Change description
...
Pre-auth is implied.
2013-12-23 02:33:17 -06:00
sgabe
287271cf98
Fixed date format.
2013-12-22 01:32:16 +01:00
sgabe
0ac495fef8
Replaced hex with plain text.
2013-12-22 01:31:37 +01:00
Bruno Morisson
94da642f5c
fixed typo: innacurated -> inaccurate
2013-12-21 20:36:43 +00:00
Bruno Morisson
c387a850ca
Fixed default value for RESOLVE (local)
2013-12-21 19:21:57 +00:00
Meatballs
bf8c0b10fa
Dont store n/a creds
2013-12-21 09:04:02 +00:00
Bruno Morisson
6ce0bab036
Cleanup, also split IP addresses separated by commas.
2013-12-21 00:15:00 +00:00
jvazquez-r7
f43bc02297
Land #2787 , @mwulftange's exploit for CVE-2013-6955
2013-12-20 17:03:10 -06:00
jvazquez-r7
163a54f8b1
Do send_request_cgi final clean up
2013-12-20 17:00:57 -06:00
sgabe
44ab583611
Added newline to end of file.
2013-12-20 22:40:45 +01:00
sgabe
62f71f6282
Added module for CVE-2013-6877
2013-12-20 22:37:09 +01:00
SeawolfRN
bf2dc97595
Merge branch 'poisonivyscanner' of github.com:SeawolfRN/metasploit-framework into poisonivyscanner
2013-12-20 18:46:35 +00:00
SeawolfRN
ae7a0159e7
Changed to Puts and get_once - also forgot the timeout...
2013-12-20 18:44:42 +00:00
jvazquez-r7
8be481f324
Land #2681 , @mcantoni and @todb-r7's support for chargen
2013-12-20 11:53:08 -06:00
jvazquez-r7
12efa99ce5
Fix udp_sweep
2013-12-20 11:47:48 -06:00
jvazquez-r7
2dc7ef4398
Fix udp_probe
2013-12-20 11:45:27 -06:00
jvazquez-r7
af13334c84
Revert gsub!
2013-12-20 11:39:49 -06:00
sinn3r
ce8b8e8ef9
Land #2783 - OpenSIS 'modname' PHP Code Execution
2013-12-20 11:29:10 -06:00
sinn3r
d0ef860f75
Strip default username/password
...
There isn't one. So force the user to supply one.
2013-12-20 11:28:18 -06:00
sinn3r
52a4e55804
Land #2781 - Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution
2013-12-20 11:25:50 -06:00
jvazquez-r7
1da961343a
Do final (minor) cleanup
2013-12-20 11:20:29 -06:00
Tod Beardsley
2f34f8458b
Downcase chargen service name
2013-12-20 10:41:53 -06:00
Tod Beardsley
35c847da94
Add chargen to udp_probe and udp_sweep
...
This simplifies the checks considerably for PR #2681 from @mcantoni
2013-12-20 10:32:15 -06:00
jvazquez-r7
a043d384d4
Land #2738 , @jiuweigui update to enum_prefetch
2013-12-20 10:26:54 -06:00
Markus Wulftange
929f3ea35c
Turn Auxiliary module into Exploit module
2013-12-20 16:45:38 +01:00
jvazquez-r7
eba164d2e3
Clean chargen_probe
2013-12-20 09:10:15 -06:00
Markus Wulftange
15f6a62f90
Msf::Exploit::Remote::HttpClient already provides 'peer'
2013-12-20 15:10:10 +01:00
Markus Wulftange
0718c27f47
Use 'unless' instead of 'if not'
2013-12-20 15:09:32 +01:00
Markus Wulftange
fe66d2437b
Add module for CVE-2013-6955
...
Auxiliary module for Synology DiskStation Manager (DMS) SLICEUPLOAD
vulnerability, which allows unauthenticated remote command execution
under root privileges.
2013-12-20 11:50:02 +01:00
bcoles
fb6cd9c149
add osvdb+url refs and module tidy up
2013-12-20 20:27:07 +10:30
sinn3r
2510580c19
Land #2784 - Remove EOL whitespace from OS X hashdump
2013-12-20 03:54:37 -06:00
OJ
0db062a1ce
Merge branch 'meatballs-vncdll-submodule'
2013-12-20 18:29:27 +10:00
OJ
34cdec5155
Update project VS 2013, clean CLI build
...
* Project system updated to VS 2013.
* Clean builds, had to remove a bunch of warnings.
* `make.bat` for building from the command line.
* Removed RDI stuff that shouldn't be there any more.
* Renamed the x86 DLL to include the platform name.
2013-12-20 09:49:15 +10:00
jvazquez-r7
4816abe63b
Add module for ZDI-13-263
2013-12-19 17:48:52 -06:00
Bruno Morisson
6ac0aad38b
Prevent report_* when RESOLVE is remote, since hostname may be unknown and local resolution fail, thus spitting out an error and failing
2013-12-19 23:37:13 +00:00
Bruno Morisson
c881ef5472
Unreachable and time out error identification
2013-12-19 22:59:56 +00:00
Matteo Cantoni
a199dc39af
used the recvfrom timeout
2013-12-19 20:56:11 +01:00
Joe Vennix
8e27e87c81
Use the right disclosure date.
2013-12-19 12:58:52 -06:00
Joe Vennix
955dfe5d29
msftidy it up.
2013-12-19 12:53:58 -06:00
Joe Vennix
b50bbc2f84
Update module to use sinn3r's beautiful browserexploitserver.
2013-12-19 12:49:24 -06:00
Bruno Morisson
773d4c5cd1
commented out response packet vprint
2013-12-19 18:35:11 +00:00
Bruno Morisson
ad8a156263
RHOSTS can be a comma separated list of hostnames
2013-12-19 18:33:32 +00:00
Bruno Morisson
564601e083
msftidy - fixed
2013-12-19 17:30:34 +00:00
Bruno Morisson
2480f023b1
Dropped scanner mixin. Tried to maintain usage
2013-12-19 17:15:44 +00:00
William Vu
9434d60021
Remove EOL whitespace from OS X hashdump
2013-12-19 10:39:49 -06:00
bcoles
fc2da15c87
Add OpenSIS 'modname' PHP Code Execution module for CVE-2013-1349
2013-12-19 19:10:48 +10:30
Joe Vennix
eb08a30293
Update description with new version support.
2013-12-19 02:08:55 -06:00
Joe Vennix
5ee6c77901
Add a patch for 15.x support.
...
* Also add authors i forgot, oops
2013-12-19 02:05:45 -06:00
Joe Vennix
2add2acc8f
Use a smaller key size, harder to spot.
2013-12-18 21:02:23 -06:00
Joe Vennix
8d183d8afc
Update versions, 4.0.1 does not work on windows.
2013-12-18 20:57:47 -06:00
Joe Vennix
cb390bee7d
Move comment.
2013-12-18 20:37:33 -06:00
Joe Vennix
23b5254ea1
Fix include reference.
2013-12-18 20:35:43 -06:00
Joe Vennix
5255f8da12
Clean up code. Test version support.
...
* Using #get in Object#defineProperty call makes the payload execute immediately
on all supported browsers I tested.
* Moved Ranking to Excellent since it is now 100% reliable.
2013-12-18 20:30:08 -06:00
Bruno Morisson
21d959c58d
RESOLVE option takes either "remote" or "local"
2013-12-19 00:38:47 +00:00
Bruno Morisson
1778a08e98
Keeping changes away from the "ip" variable
2013-12-19 00:19:58 +00:00
sinn3r
d41f05e0b6
Land #2776 - Avoid having the same port twice
2013-12-18 18:09:43 -06:00
Bruno Morisson
7ebcd5a8c9
Option to perform host resolution on remote saprouter
2013-12-18 23:53:58 +00:00
jvazquez-r7
198667b650
Land #2774 , @Mekanismen's module for CVE-2013-7091
2013-12-18 16:23:44 -06:00
jvazquez-r7
aec2e0c92c
Change ranking
2013-12-18 16:23:14 -06:00
jvazquez-r7
f21d666631
Land #2744 , @rcvalle module for CVE-2013-2050
2013-12-18 16:19:25 -06:00
jvazquez-r7
0eac17083a
Clean cfme_manageiq_evm_pass_reset
2013-12-18 16:16:32 -06:00
jvazquez-r7
d4ec858051
Clean zimbra_lfi
2013-12-18 15:46:37 -06:00
sinn3r
8dfa2e6963
Land #2734 - OSX Gather Autologin Password as Root
2013-12-18 15:37:45 -06:00
sinn3r
5011c4d928
The "unless" Ruby nazi is in town
2013-12-18 15:28:31 -06:00
sinn3r
5ec3d5f3f6
Raise specific exceptions
2013-12-18 15:27:49 -06:00
sinn3r
4bddd077ec
Land #2762 - Use new ntdll railgun functions
2013-12-18 15:18:47 -06:00
sinn3r
ee87f357b0
Raise Msf::OptionValidateError when the PORTS option is invalid
...
Instead of print_error for invalid ports, modules should be raising
Msf::OptionValidateError to warn the user about the invalid input.
2013-12-18 15:04:53 -06:00
sinn3r
4028dcede7
Add an input check for datastore option PORTS
...
If Rex::Socket.portspec_crack returns an empty array, we assume
there are no valid ports to test, so we raise an OptionValidateError
to warn the user about it.
2013-12-18 14:55:51 -06:00
Joe Vennix
64273fe41d
Move addon datastore options into mixin.
2013-12-18 14:42:01 -06:00
Joe Vennix
ca2de73879
It helps to actually commit the exploit.
2013-12-18 14:31:42 -06:00
Joe Vennix
1235615f5f
Add firefox 15 chrome privilege exploit.
...
* Moves the logic for generating a firefox addon into its own mixin
* Updates the firefox_xpi_bootstrapped_addon module to use the mixin
* Module only works if you move your mouse 1px in any direction.
2013-12-18 14:30:35 -06:00
Tod Beardsley
c4b8178663
Correct camelCase of YouTube
2013-12-18 14:06:45 -06:00
Mekanismen
0c0e8c3a49
various updates
2013-12-18 20:54:35 +01:00
Ramon de C Valle
b9a9b90088
Update module to use added bcrypt gem
2013-12-18 16:15:35 -02:00
Ramon de C Valle
e20569181b
Remove EzCrypto-related code as per review
2013-12-18 16:15:22 -02:00
jvazquez-r7
ab69454f89
Land #2745 , @rcvalle's exploit for CVE-2013-2068
2013-12-18 12:06:27 -06:00
jvazquez-r7
ec64382efc
Fix cfme_manageiq_evm_upload_exec according to chat with @rcvalle
2013-12-18 11:53:30 -06:00
Ramon de C Valle
ef081cec49
Add missing disclosure date as per review
2013-12-18 15:47:23 -02:00
jvazquez-r7
a28ea18798
Clean pull request
2013-12-18 11:32:34 -06:00
OJ
a4811bd0c3
Land #2760
2013-12-18 17:17:10 +10:00
OJ
5e4c395f86
Fix small spacing issue
2013-12-18 17:14:47 +10:00
sinn3r
10e16673a7
There must be read_file
2013-12-17 16:42:49 -06:00
sinn3r
21feae0bbc
Make sure the file path is readable when it's ~/
2013-12-17 16:38:58 -06:00
jvazquez-r7
345e1711b1
Land #2775 , @wchen-r7's post module to Safari get LastSession.plist
2013-12-17 15:57:50 -06:00
jvazquez-r7
7ec96876d9
Delete unnecessary includes
2013-12-17 15:57:09 -06:00
sinn3r
374ef71c12
Favor read_file instead
2013-12-17 15:34:52 -06:00
jvazquez-r7
80eea97ccd
ChrisJohnRiley fix for sap_service_discovery
2013-12-17 13:31:56 -06:00
sinn3r
ea6ba2b159
Add post module to get LastSession.plist
...
LastSession.plist sometimes contains sensitive information such as
usernames and passwords. It'd be nice to keep this in loot.
2013-12-17 13:07:30 -06:00
Mekanismen
2de15bdc8b
added module for Zimbra Collaboration Server CVE-2013-7091
2013-12-17 19:32:04 +01:00
William Vu
252909a609
Land #2448 , @OJ's ReverseListenerBindPort :)
2013-12-17 11:24:09 -06:00
bmerinofe
89ffafad0e
Changes to Service mixin
2013-12-17 13:10:27 +01:00
sinn3r
ad2ec497c2
Land #2773 - Fix ms_ndproxy to work under a sandboxed Reader
2013-12-16 20:32:27 -06:00
jvazquez-r7
52cb43e6a8
Fix typo
2013-12-16 20:28:49 -06:00
zeknox
2eee34babf
added timeout options and rescue timeout
2013-12-16 20:00:13 -06:00
zeknox
fe34d0e36e
fixed syntax
2013-12-16 19:26:40 -06:00
zeknox
7b8de95f6b
fixed database overwriting issues
2013-12-16 19:16:12 -06:00
zeknox
07f686bb1a
added ResolverArgumentError rescue statement
2013-12-16 18:46:14 -06:00
jvazquez-r7
84759a552a
Save one variable
2013-12-16 16:49:44 -06:00
jvazquez-r7
042bd4f80b
Fix ms_ndproxy to work under a sandboxed Reader
2013-12-16 16:19:17 -06:00
SeawolfRN
24bc10905e
Added Spaces and removed Interrupt
2013-12-16 22:12:35 +00:00
Tod Beardsley
f88a3a55b6
More slight updates.
2013-12-16 15:05:39 -06:00
sinn3r
afcee93309
Land #2771 - Fix description
2013-12-16 15:01:32 -06:00
sinn3r
04b7e8b174
Fix module title and add vendor patch information
2013-12-16 14:59:00 -06:00
Tod Beardsley
040619c373
Minor description changes
...
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
2013-12-16 14:57:33 -06:00
jvazquez-r7
533accaa87
Add module for CVE-2013-3346
2013-12-16 14:13:47 -06:00
jiuweigui
446db78818
Minor fix to gather_pf_info function
2013-12-16 21:33:07 +02:00
SeawolfRN
bf561fef95
Corrected Extraneous Whitespace\Newlines
2013-12-16 16:38:49 +00:00
SeawolfRN
79022c2e29
Probably should have checked it worked...
2013-12-16 11:33:08 +00:00
SeawolfRN
59003a9842
Updated Poison Ivy Scanner
2013-12-15 22:02:14 +00:00
SeawolfRN
226cd241bf
Added Poison Ivy Command and Control Scanner\n Auxiliary module to scan for Poison Ivy C&C on ports 80,8080,443 and 3460
2013-12-15 14:34:50 +00:00
Meatballs
3dec7f61a5
Check in sysnative if wow64
2013-12-15 01:12:52 +00:00
Meatballs
2dc4faad72
Resplat license
2013-12-15 01:12:51 +00:00
Meatballs
8203274256
Small fixes
...
Remove " from service command if it is quoted.
Spawn SYSWOW64 notepad.
2013-12-15 01:12:51 +00:00
OJ
f2e2147065
Change unless with else to if with else
2013-12-15 01:12:50 +00:00
OJ
cff7008500
Fix final issues with merge
...
Hopefully this will be the last of the changes.
2013-12-15 01:12:50 +00:00
OJ
41c538856a
Re-add RDI mixin changes
2013-12-15 01:12:49 +00:00
OJ
db29af0f97
First batch of submodule refactorings
2013-12-15 01:12:48 +00:00
Meatballs
6916f7c5d2
Fixup description
2013-12-15 01:12:47 +00:00
Meatballs
3d1646d18e
Exit process when complete
2013-12-15 01:12:47 +00:00
Meatballs
dd32c2b0b8
Spawn 32bit process
2013-12-15 01:12:46 +00:00
Meatballs
819ba30a33
msftidy
...
Conflicts:
lib/msf/core/post/windows/services.rb
2013-12-15 01:12:46 +00:00
Meatballs
5eca4714c2
Renamed module
2013-12-15 01:12:46 +00:00
Meatballs
a930056d7f
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
Conflicts:
lib/msf/core/post/windows/services.rb
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
2013-12-15 01:12:45 +00:00
Meatballs
c6623b380a
Initial commit
2013-12-15 01:12:45 +00:00
Matteo Cantoni
999006e037
fixed some things, as suggested by jvazquez-r7
2013-12-14 19:41:31 +01:00
bmerinofe
f185c2deb1
added driver_loaded post meterpreter module
2013-12-14 00:07:04 +01:00
jvazquez-r7
e8396dc37a
Delete redefinition of ntdll functions on railgun
2013-12-13 16:02:47 -06:00
sinn3r
ba1a70b72e
Update Microsoft patch information
2013-12-13 15:59:15 -06:00
jvazquez-r7
1ab3e891c9
Modify ms_ndproxy to use railgun additions
2013-12-13 15:54:34 -06:00
sinn3r
14a3d76410
Land #2755 - Microsoft Windows ndproxy.sys Local Privilege Escalation
2013-12-13 15:18:13 -06:00
zeknox
e6f1f648be
modified wordlist path, modified report_goods to log udp or tcp, made wordlist not required
2013-12-13 10:49:44 -06:00