sinn3r
5ea20a332b
Clearly I had the wrong disclosure date. This one is based on Adobe's security bulletin.
2012-02-10 00:13:39 -06:00
sinn3r
e5ea2961f5
Add CVE-2011-2140 Adobe Flash SequenceParameterSetNALUnit (mp4) bof
2012-02-10 00:10:28 -06:00
sinn3r
2bd330da33
Add ZDI-12-009 Citrix Provisioning Services 5.6 streamprocess buffer overflow exploit
2012-02-10 00:06:48 -06:00
Rob Fuller
1f1e67cb16
Moved railgun function definitions into central storage and out of individual modules where possible
2012-02-09 04:56:13 +00:00
Steve Tornio
adafe6f722
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-08 13:32:51 -06:00
HD Moore
29b99aa7b4
Fix up titles/add boundary check for reporting external host
2012-02-08 12:23:46 -06:00
m-1-k-3
705c436ede
added more multicast addresses from wikipedia
2012-02-07 11:45:20 +01:00
David Maloney
e8aa624a16
Added todb's validator over to this working branch
2012-02-06 10:15:05 -06:00
Tod Beardsley
8ad9beef75
Removing javascript_keylogger from master.
2012-02-06 09:37:16 -06:00
m-1-k-3
91820ad1c3
logging to notes
2012-02-06 08:56:35 +01:00
RageLtMan
858401463d
add exec timeout
2012-02-05 14:52:38 -05:00
RageLtMan
53ec982385
download_exec_fix
2012-02-05 14:35:44 -05:00
Steve Tornio
1b7fffbf8a
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-05 07:30:08 -06:00
sinn3r
b2ae8a24dc
Fix go cow art (tabs are bad to align chars)
2012-02-05 02:20:31 -06:00
sinn3r
0dd3ad0efb
Remove naughty trailing commas
2012-02-05 02:03:49 -06:00
sinn3r
26f89f65bd
Fix the bug that causes store_loot() to run twice. Also, other minor format changes.
2012-02-05 02:00:03 -06:00
sinn3r
c2d1f64472
Merge branch 'master' of https://github.com/threatagent/metasploit-framework
2012-02-05 01:44:53 -06:00
sinn3r
db1e400dff
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-05 01:27:21 -06:00
HD Moore
e4faa33517
Fix a typo introduce in the usb dumper
2012-02-04 00:03:20 -06:00
HD Moore
0737ccb8e2
Remove nulls from the unicode drive name
2012-02-04 00:03:03 -06:00
David Maloney
df401f4c94
more fixes to backend stuff, plus updated vmware http login module to use
...
the correct mixin method now.
2012-02-03 15:44:41 -06:00
Tod Beardsley
af506240cf
http_fingerprint reports service info
...
Service info once again is reported when http_fingerprint is run against
a target, along with http status codes.
2012-02-03 12:15:11 -06:00
Patroklos Argyroudis
ed34fd70fd
Modified (and tested) to work on Lion 10.7.2 and 10.7.3
2012-02-03 12:39:22 +02:00
Tod Beardsley
786d75493c
Fix up VMWware webscan to not false positive
...
Checks to see if a target is actually vmware based on the provided
cookie, using the http_fingerprint() function from HttpClient.
[Fixes #6340 ]
2012-02-02 22:19:57 -06:00
Marcus J. Carey
c06b0f7e72
cleaning up an editor glitch.
2012-02-02 17:59:51 -06:00
sinn3r
bd407d2e01
Merge branch 'master' of https://github.com/threatagent/metasploit-framework
2012-02-02 16:53:23 -06:00
Marcus J. Carey
1a278c55b5
a bit more cleanup
2012-02-02 16:19:21 -06:00
Marcus J. Carey
45b58bea06
got rid of bmp generation
2012-02-02 16:07:27 -06:00
Marcus J. Carey
e96eceb145
Editing Javascript keylogger
2012-02-02 15:01:22 -06:00
Marcus J. Carey
7b3262958d
Merge branch 'master' of github.com:threatagent/metasploit-framework
...
Conflicts:
modules/auxiliary/server/capture/javascript_keylogger.rb
2012-02-02 14:58:23 -06:00
Marcus J. Carey
59a44f75ec
Updated Javascript Keylogger
2012-02-02 14:42:13 -06:00
Steve Tornio
d90fe9b9b7
add osvdb ref
2012-02-02 13:43:03 -06:00
sinn3r
aa44eb955e
Correct author e-mail format
2012-02-02 11:27:43 -06:00
sinn3r
1676bd3c4f
Add MSF License header. Use print once to print the whole table instead of running print multiple times. Show where the results are save.
2012-02-02 11:13:08 -06:00
Marcus J. Carey
f45528ec68
Update modules/auxiliary/server/capture/javascript_keylogger.rb
2012-02-02 10:33:33 -06:00
Marcus J. Carey
3bfb8b3c9d
Adding Javascript Keylogger
2012-02-02 10:30:55 -06:00
sinn3r
d230eeedc0
Merge branch 'mount.smbfs-creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-mount.smbfs-creds
2012-02-02 10:21:21 -06:00
Marcus J. Carey
e70f9151e5
Merge remote-tracking branch 'upstream/master'
2012-02-02 07:13:03 -06:00
sinn3r
6b29af5c23
Add user-agent check. Auto-migrate.
2012-02-02 03:11:10 -06:00
sinn3r
6be65acfe2
Merge branch 'CVE-2008-2551_c6_DownloaderActiveX' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-2551_c6_DownloaderActiveX
2012-02-02 02:54:02 -06:00
sinn3r
de675c349a
Upgrade exploit rank, because it fits the description
2012-02-02 02:49:06 -06:00
sinn3r
28b4f4b60d
Add Sunway ForceControl NetDBServer.exe Buffer Overflow (Feature #6331 )
2012-02-02 02:43:32 -06:00
juan
82eacbe2fd
Added module for CVE-2008-2551
2012-02-01 23:26:28 +01:00
David Maloney
36e37e04fb
Fixes to post module cred reporting.
...
call to session.db_record.id would error if no db
was connected.
Fixes #6325
2012-02-01 12:26:35 -06:00
David Maloney
3f48e626a2
Adding a bunch of new VIM API auxiliary stuff
...
Work in progress.
2012-02-01 12:05:20 -06:00
Tod Beardsley
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
Jon Hart
4aa52203da
Renamed, switched partially to store_loot
2012-02-01 08:50:50 -08:00
sinn3r
890885d034
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-01 03:42:27 -06:00
sinn3r
98fbf84dac
Module should inform where the files are saved
2012-02-01 03:41:19 -06:00
HD Moore
0c2a18d765
Fix up reverse_tcp ipv6 stager for freebsd
2012-02-01 01:41:24 -06:00
HD Moore
29d8feaa24
Use the ADDR6 type, not ADDR
2012-02-01 00:58:08 -06:00
HD Moore
aed27a2f82
Add missing trailing quote
2012-02-01 00:54:42 -06:00
HD Moore
45a785fde0
Adds BSD IPv6 payloads and stagers
2012-02-01 00:54:42 -06:00
sinn3r
06f7165ee6
Add Metasploit license header (it's already MSF licensed)
2012-02-01 00:49:45 -06:00
sinn3r
f23ebbc7b5
Change how creds are displayed and saved
2012-02-01 00:48:14 -06:00
sinn3r
187f630283
Merge branch 'netrc-creds' of https://github.com/jhartftw/metasploit-framework into jhartftw-netrc-creds
2012-01-31 22:45:47 -06:00
Jonathan Cran
c3bd151197
add a ranking
2012-01-31 20:43:32 -06:00
Jonathan Cran
47c7f47f4e
Merge branch 'master' of r7.github.com:rapid7/metasploit-framework
2012-01-31 20:38:30 -06:00
Jonathan Cran
d9ee43d3dc
add disclosure date
2012-01-31 20:38:05 -06:00
Jonathan Cran
a814a9dce7
add disclosure date
2012-01-31 20:35:58 -06:00
Oliver-Tobias Ripka
0ba7557865
Fix typo in seattlelab_pass.rb exploit.
...
Also remove the $ from the end of the regex which stopped
the exploit from being executed.
2012-01-31 21:09:51 +01:00
Steve Tornio
e392958d90
add osvdb ref
2012-01-31 07:06:33 -06:00
HD Moore
0b8987f2af
Merge results initialization fix
2012-01-31 01:29:44 -06:00
HD Moore
ec5fd723ba
Merge in additional IPv6 support for PHP payloads
2012-01-31 01:11:55 -06:00
Jon Hart
b0df29c3ff
Switch to store_loot, since report_auth_info only works with Host
...
objects or IPs, currently (see
https://dev.metasploit.com/redmine/issues/6313 )
2012-01-30 23:08:02 -08:00
sinn3r
25fbe1c7d0
Merge branch 'master' of https://github.com/darkoperator/metasploit-framework
2012-01-30 19:57:29 -06:00
Tod Beardsley
6068580813
Should fix the report_auth_info call -- needs a host, not a session. Be nice if it handled a session, though.
...
[See #146 ]
2012-01-30 19:23:05 -06:00
sinn3r
bfd4734cbf
Forgot to add CMD as a datastore option, here it is
2012-01-30 17:34:58 -06:00
Carlos Perez
24747e18e3
The directory path for the accounts.xml was not set properly for windows systems
2012-01-30 18:19:17 -04:00
sinn3r
08134ad600
Add Exploit-DB reference
2012-01-30 16:17:25 -06:00
sinn3r
f3c340a9ab
Add vBSEO proc_deutf() Remote Code Execution (Feature #6307 )
2012-01-30 16:15:27 -06:00
sinn3r
1dec4c0c45
These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE']
2012-01-30 13:08:35 -06:00
sinn3r
fed0df3552
Merge branch 'osx_x64_exec' of https://github.com/argp/metasploit-framework into argp-osx_x64_exec
2012-01-30 11:01:03 -06:00
sinn3r
a0ac4125cd
Add aux module CMS400 default pass scanner (feature #6301 )
2012-01-30 10:40:59 -06:00
Jon Hart
1b03a48540
Use desired [at] format for email
2012-01-30 08:21:58 -08:00
Jon Hart
16610d8852
Update email address to use desired [at] format
2012-01-30 08:05:08 -08:00
Patroklos Argyroudis
4e1029ae8b
Execute (execve) arbitrary command payload for Mac OS X x64
2012-01-30 11:01:57 +02:00
sinn3r
21a05ce1d6
Fix bug: NoMethodError undefined method `report_vm' ( #6298 )
2012-01-30 00:44:45 -06:00
sinn3r
ce7f93f5d9
Merge pull request #138 from claudijd/master
...
Added Sequence Filters and MSF Exploit Capture to BNAT Scan
2012-01-29 22:07:25 -08:00
Jon Hart
37d467ea79
Loot .netrc files, generic enum_user_directories
2012-01-29 14:03:57 -08:00
Jon Hart
5294fb57a4
Add post module to obtain SMB credentials stored for mount.smbfs
2012-01-29 12:04:26 -08:00
HD Moore
dda3453ac7
Correct a typo
2012-01-28 23:33:26 -06:00
HD Moore
774862508e
Handle another common error type
2012-01-28 23:31:20 -06:00
Jonathan Claudius
88298cf847
Added Sequence Filters and MSF Exploit Capture
...
-Sequence Filters (No More False Positives)
-Msf::Exploit::Capture (Use built-in MSF libs over manual threading)
-Immediate Feedback (Don't need to wait until complete to print results)
-Timeout (Includes user configurable timeout)
2012-01-28 22:44:12 -06:00
Jonathan Cran
54ffb01080
This module should use the default list of tomcat users
2012-01-28 18:13:34 -06:00
David Maloney
ca7aa21202
Removed schema features from database hashdump modules
...
now that there are dedicated schemadump modules.
2012-01-28 16:55:39 -06:00
HD Moore
5a095e8ef5
Fixes for PCA modules
2012-01-28 14:35:07 -06:00
HD Moore
c63c7393e3
Print status output
2012-01-28 13:52:38 -06:00
HD Moore
f3eb78199b
Add TCP-based PCA probe
2012-01-28 13:52:38 -06:00
sinn3r
fbac9a7239
Forgot to remove this comment
2012-01-28 13:18:15 -06:00
HD Moore
2d7852ddef
Merge PCA scans into udp_sweep/udp_probe
2012-01-28 13:05:24 -06:00
David Maloney
4cd38c5555
Adds login scanner module for VMware Server and ESX
2012-01-27 16:23:56 -06:00
sinn3r
7b866eee86
Use the proper function for verbose prints
2012-01-27 12:50:01 -06:00
HD Moore
a2d20e25d3
Fix a regression in the workspace inclusion code (only affected
...
non-DB-connected instances). Add a PCA UDP scanner
2012-01-27 12:36:13 -06:00
sinn3r
64651e52a8
Credit Shane of X-Force for the discovery
2012-01-27 11:18:34 -06:00
David Maloney
c5e667a1dc
Post Module to enumerate VirtualBox VMs for the current user.
2012-01-27 11:12:59 -06:00
David Maloney
0e0aa33c47
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-27 11:12:35 -06:00
David Maloney
56be45f3a4
A few minor fixes to the find vmx module
2012-01-27 11:12:17 -06:00
HD Moore
b4e2228404
Fix exitfunc option name
2012-01-27 09:15:31 -06:00
sinn3r
298b94d397
Add MS12-004 MIDI Heap Overflow Remote Code Execution Exploit (CVE-2012-003)
2012-01-27 03:48:39 -06:00
sinn3r
a4c876a424
No need to manually add VERBOSE as an option, it already is (built-in)
2012-01-27 02:17:59 -06:00
sinn3r
3f4dbd9df6
Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework
2012-01-27 01:58:42 -06:00
Stephen Haywood
efda420e5f
Updates to enum_artifacts
2012-01-26 19:35:39 -05:00
sinn3r
9b78b6bd17
Hmm, the indent level of the description looks a bit funny. Fixing.
2012-01-26 17:24:05 -06:00
David Maloney
494c37c659
Adds a Multi-System post module for finding VMWare Virtual Machines
2012-01-26 16:25:50 -06:00
Tod Beardsley
5afc164c39
Merge branch 'vm-stuff'
2012-01-26 13:04:44 -06:00
Tod Beardsley
fe22090a12
Correct e-mail format
2012-01-26 13:04:38 -06:00
Tod Beardsley
33c53b1f3f
Updates vm checking
2012-01-26 13:02:39 -06:00
sinn3r
3952a06292
Minor changes
2012-01-26 11:35:43 -06:00
Tod Beardsley
8ce4ad49de
Correct e-mail format
2012-01-26 11:24:38 -06:00
sinn3r
67274e2e85
Merge branch 'hp_magentservice' of https://github.com/linuxgeek247/metasploit-framework into linuxgeek247-hp_magentservice
2012-01-26 11:00:36 -06:00
David Maloney
d0d964d8ab
Adds an error message if the module couldn't conenct to the target.
...
Fixes #6278
2012-01-26 10:56:07 -06:00
Joshua J. Drake
31fb7e7b28
Fallback to writing a new file if resuming fails
2012-01-25 14:49:30 -06:00
Christopher McBee
1af6740b24
Initial checking of hp_magentservice module
2012-01-25 13:04:30 -05:00
Dave Hull
76ebbc48ec
Update modules/post/windows/gather/dumplinks.rb
2012-01-24 23:16:40 -06:00
Marcus J. Carey
49be9996bc
Merge remote-tracking branch 'upstream/master'
2012-01-24 20:23:58 -06:00
Marcus J. Carey
35de6a593b
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:14:10 -06:00
Marcus J. Carey
2e2726c3c0
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:06:49 -06:00
Marcus J. Carey
88b1cd6891
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:03:33 -06:00
Marcus J. Carey
71648159a8
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:00:47 -06:00
Marcus J. Carey
a20bd78f75
Adding html_frame_payload.rb
2012-01-24 16:56:32 -06:00
Tod Beardsley
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00
Jon Hart
7ec5f98480
Adding jhart's natpimp libary and modules.
...
Made some minor corrections -- dropped the #vim splats, switched to msf
constants for service open etc, namely.
[See #106 ]
2012-01-24 10:32:30 -06:00
Tod Beardsley
2f3e976173
Actually fix ruby loop syntax on d20pass
2012-01-24 10:08:19 -06:00
sinn3r
fc00398330
Yup, that's better
2012-01-23 16:02:35 -06:00
sinn3r
39a2a894ee
Fix fh, trailing comma, and ruby loop syntax
2012-01-23 15:15:49 -06:00
sinn3r
ea9e9852cf
ah man, typo!
2012-01-23 11:59:13 -06:00
sinn3r
621567dcc8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-23 11:56:50 -06:00
sinn3r
afc547e0fb
Improve: Proper use of cmd_exec() and correct cmd path. More error handling for exec and rm. Fix bug with path setting, etc.
2012-01-23 11:54:19 -06:00
James Lee
455bcda6e8
Print the port so we know which http service
2012-01-23 10:17:32 -07:00
sinn3r
60d5f6d0bd
Merge branch 'download_and_execute' of https://github.com/sempervictus/metasploit-framework into sempervictus-download_and_execute
2012-01-23 10:28:27 -06:00
Patroklos Argyroudis
c6eb104132
bug fix for hardcoded max command length
2012-01-23 10:24:22 +02:00
RageLtMan
5671e2f691
Downloand and execute (railgun)
2012-01-22 23:25:49 -05:00
David Maloney
34491970b3
Adds a new VMWare Authentication Daemon login scanner module.
2012-01-22 15:39:53 -06:00
David Maloney
bcb19ab0a3
Fixes an issue with smb_login not properly dealing with abritrary guest access
...
on Samba.
2012-01-22 01:35:36 -06:00
David Maloney
06b1bffcea
Addresses an issue with udp sweep module that recorded services
...
from non-specified hosts when they respond to broadcast probes.
2012-01-20 15:34:15 -06:00
sinn3r
be906023dc
one register_options() should be fine.
2012-01-20 13:02:54 -06:00
sinn3r
d6566aa818
Add CVE-2011-4050 7-Technologies IGSS 9 IGSSdataServer.exe DoS module (Feature #6267 )
2012-01-20 12:57:13 -06:00
sinn3r
bbb4205683
Set default maxpage to 1, because it's faster.
2012-01-20 11:09:38 -06:00
sinn3r
5631774d92
Fix bug: NoMethodError undefined method `each' for nil:NilClass (line 155)
2012-01-20 10:58:02 -06:00
sinn3r
9e5d2ff60e
Improve URI, plus some other minor changes.
2012-01-19 13:26:25 -06:00
sinn3r
ca51492079
Merge branch 'master' of https://github.com/joernchen/metasploit-framework into joernchen-master
2012-01-19 13:17:06 -06:00
Joshua J. Drake
292332d355
Add some error handling for tns_version method
2012-01-19 13:03:19 -06:00
joernchen of Phenoelit
2199cd18d7
fine tuning thx to sinn3r
2012-01-19 19:50:30 +01:00
joernchen of Phenoelit
df9380500a
disclosure date added
2012-01-19 19:19:53 +01:00
Tod Beardsley
8ce47ab832
Changing license for KillBill module
...
Talked with Solar Eclipse, and he's consented to change his module
license from GPL to BSD, thus striking a blow for freedom. Thanks!
2012-01-19 11:39:56 -06:00
Tod Beardsley
a75b373d7a
Fixing e-mail format for antispam
2012-01-19 10:58:25 -06:00
Tod Beardsley
ed3191bcfe
Adding d20pass module
2012-01-19 10:58:16 -06:00
joernchen of Phenoelit
197eb16f72
gitorious remote command exec exploit
2012-01-19 11:36:08 +01:00
HD Moore
bb035bfec2
Fix up API option names so they can be set globally
2012-01-18 15:05:39 -06:00
Tod Beardsley
ad6f8257e1
MSFTidy fixes.
2012-01-18 15:01:32 -06:00
sinn3r
d6e8f0b54d
Add Felipe as an author (plus a reference) because looks like the PoC originally came from him.
2012-01-18 13:33:27 -06:00
sinn3r
064a71fb1d
Add CVE-2011-3167 HP OpenView NNM exploit (Feature #6245 )
2012-01-18 12:05:18 -06:00
scriptjunkie
9fe18cdc86
Add x64 LoadLibraryA payload. Because it should exist.
2012-01-17 21:16:26 -06:00
sinn3r
e4ed3c968d
Add OSVDB and BID references
2012-01-17 18:16:47 -06:00
sinn3r
75f543f3eb
Hilarious, I forgot to change the disclosure date.
2012-01-17 18:11:18 -06:00
sinn3r
7d9ba6f5e9
Fix bug #6256 : uninitialized class variable error
2012-01-17 17:58:53 -06:00
sinn3r
2e8122dc88
Better MSF style compliance
2012-01-17 14:54:50 -06:00
sinn3r
a682e68073
Add CVE-2011-4786 HP Easy Printer Care XMLCacheMgr exploit (Feature #6246 )
2012-01-17 12:28:47 -06:00
sinn3r
4f16caed0f
Change naming style for MS type bug
2012-01-17 03:00:07 -06:00
sinn3r
5761035371
This payload shouldn't be in here. Instead of adding a new one, exec.rb should be fixed
2012-01-16 22:41:27 -06:00
sinn3r
d5443159d7
Merge pull request #110 from jhartftw/soap_xml_6249
...
Improvements to auxiiliary/scanner/http/soap_xml to (#6249 )
2012-01-16 18:19:33 -08:00
sinn3r
7b8bfd401e
Merge branch 'argp-osx_mozilla_mchannel'
2012-01-16 20:02:35 -06:00
sinn3r
eb5641820f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-16 19:56:10 -06:00
sinn3r
618097ba3d
Whitespace and keyword cleanup
2012-01-16 19:55:27 -06:00
sinn3r
17ffc06f60
Merge branch 'osx_mozilla_mchannel' of https://github.com/argp/metasploit-framework into argp-osx_mozilla_mchannel
2012-01-16 19:35:29 -06:00
sinn3r
d2dbf6007e
Merge pull request #111 from jhartftw/arp_poisoning_6250
...
Bug #6250
2012-01-16 17:34:11 -08:00
sinn3r
c15e7da0b8
Add ZDI-12-012 McAfee SaaS ShowReport code execution
2012-01-16 18:44:11 -06:00
Jon Hart
fe901b3fb2
Clean up error messages when LOCALSIP isn't defined. Remove
...
now-duplicated code is_ipv4?, clarify SMAC error messages.
2012-01-16 14:32:15 -08:00
sinn3r
4689421201
Correct variable naming style
2012-01-16 16:03:48 -06:00
Jon Hart
6a057560fa
Improvements to auxiiliary/scanner/http/soap_xml to:
...
* Detect additional SOAP faults to reduce false positives
* More obviously support SSL
* Report http/https
* Make it obvious when a SOAP endpoint falls over mid-scan
* Add a few more nouns/verbs
* Add an optional SLEEP to play nice with old/slow SOAP endpoints
https://dev.metasploit.com/redmine/issues/6249
2012-01-16 12:27:17 -08:00
Tod Beardsley
11fc423339
Merge pull request #102 from cbgabriel/bsplayer-m3u
...
modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-16 11:24:48 -08:00
sinn3r
14a35da0fd
Merge pull request #104 from swtornio/master
...
add osvdb ref
2012-01-13 13:26:24 -08:00
Tod Beardsley
4ac6c0c3ee
A great big pile of fixes to the ssh scanners
...
Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have been merged in prior to
just now.
2012-01-13 13:49:21 -06:00
Steve Tornio
bd31f3f480
add osvdb ref
2012-01-13 13:21:33 -06:00
Tod Beardsley
d52df50a77
Drop a spurious print_error line from smtp_version
2012-01-13 11:46:56 -06:00
sinn3r
2eb35728f6
Randomize nops
2012-01-12 18:37:25 -06:00
root
ffe81584d1
updated author
2012-01-12 19:02:34 -05:00
sinn3r
e42e0004a9
Merge branch 'ms05_054_onload' of https://github.com/SamSharps/metasploit-framework into SamSharps-ms05_054_onload
2012-01-12 17:46:50 -06:00
root
a8ef3417b5
Fixed the date
2012-01-12 20:54:55 -06:00
Sam Sharps
e75e23b963
Removed more unused variables and fixed some formatting
2012-01-12 18:13:28 -06:00
Sam Sharps
f22f54034a
Removed unused variables
2012-01-12 18:05:54 -06:00
Sam Sharps
87ee6905df
Modified exploit to not need egg hunter shellcode
2012-01-12 18:01:22 -06:00
Stephen Haywood
6ad2eda24c
Windows artifacts module
2012-01-12 17:26:35 -06:00
sinn3r
02bd1f3407
Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-framework
2012-01-12 17:06:14 -06:00
root
ad0b745b31
new file: modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-12 16:12:43 -05:00
David Maloney
6234d13f7c
Added Schema Dump Module for Postgres
2012-01-12 15:20:46 -05:00
Stephen Haywood
cb146f9021
Used msf library for digest, fixed name.
2012-01-12 12:49:50 -05:00
David Maloney
a3749f1d80
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-11 12:17:11 -08:00
David Maloney
52be1c3a7a
Add schemadump module for MySql
2012-01-11 12:16:22 -08:00
Tod Beardsley
500cfa6dd1
Removing telnet_encrypt_keyid_bruteforce.rb to unstable
...
can't ship for a few problems, will be fixed up soonish but
about to release a build.
2012-01-11 14:00:42 -06:00
David Maloney
1a03777538
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-11 09:11:48 -08:00
David Maloney
8c594798d7
Fix to the AIX jtr module title.
2012-01-11 09:11:23 -08:00
Tod Beardsley
092b226cce
Updating tns_auth_sesskey to use a user-supplied SID
...
Applying the patch suggested by Lukas, here: http://mail.metasploit.com/pipermail/framework/2012-January/008374.html
2012-01-11 07:31:36 -06:00
David Maloney
13069990eb
Added module for dumping schema information from Microsoft SQL Server
...
and storing it as loot and notes.
2012-01-10 15:32:09 -08:00
Tod Beardsley
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
David Maloney
ed0dbad243
Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.
...
Fixes #6066
2012-01-10 12:32:47 -08:00
sinn3r
bc9014e912
Add new v3.4 target by Michael Coppola (Feature #6207 )
2012-01-09 23:51:11 -06:00
sinn3r
b76767669c
Update Nenad's author name and e-mail
2012-01-09 20:14:47 -06:00
sinn3r
90eb2b9a75
Add CVE-2011-4862 encrypt_key_id using the brute-force method (Feature #6202 )
2012-01-09 19:35:06 -06:00
sinn3r
8eee54d1d0
Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb)
2012-01-09 14:23:37 -06:00
Tod Beardsley
eeb3a442de
whitespace correctly smtp_version.rb
2012-01-09 14:11:10 -06:00
Tod Beardsley
15990efd85
Removing useless (?) begin/rescue from smtp_version
...
Let the scanner mixin handle the exceptions.
2012-01-09 14:11:10 -06:00
Tod Beardsley
e7d7302644
Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal.
2012-01-09 11:22:44 -06:00
David Maloney
e12d5588c6
Set data on webdav scanner notes to include webdav path.
...
'Enabled' in the data field was useless since the note existing
already tells you webdav is enabled.
The path that webdav was running on wasn't kept anywhere though.
2012-01-09 08:33:45 -08:00
Patroklos Argyroudis
5a20b7d7ac
Fixed small typo
2012-01-09 14:19:00 +02:00
Patroklos Argyroudis
9a62b41ab7
Mac OS X x86 payload that executes Calculator.app
2012-01-09 12:12:20 +02:00
Patroklos Argyroudis
5d359785ae
Firefox 3.6.16 mChannel exploit for Mac OS X 10.6.8, 10.6.7 and 10.6.6
2012-01-09 12:10:25 +02:00
sinn3r
03a39f7fe8
Whitespace cleanup, also change print_status usage when verbose
2012-01-09 02:21:39 -06:00
sinn3r
2f9d563067
Update reference
2012-01-09 02:14:29 -06:00
Tod Beardsley
a1668f2b23
Adds SSHKey gem and some other ssh goodies
...
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.
Squashed commit of the following:
commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 22:23:32 2012 -0600
Updates ssh credentials to easily find common keys
Instead of making the modules do all the work of cross-checking keys,
this introduces a few new methods to the Cred model to make this more
universal.
Also includes the long-overdue workspace() method for credentials.
So far, nothing actually implements it, but it's nice that it's there
now.
commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 20:10:40 2012 -0600
Adding back cross-checking for privkeys.
Needs to test to see if anything depends on order, but should
be okay to mark up the privkey proof with this as well.
commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 16:49:56 2012 -0600
Add SSHKey gem, convert PEM pubkeys to SSH pubkeys
commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 13:51:55 2012 -0600
Store pubkeys as loot for reuse.
Yanked cross checking for now, will drop back in before pushing.
commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 02:10:12 2012 -0600
Fixes up a couple typos in ssh_identify_pubkeys
commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date: Sat Jan 7 17:18:33 2012 -0600
Updates to ssh_identify_pubkeys and friends
Switches reporting to cred-based rather than note-based, accurately deal
with DSA keys, adds disable_agent option to other ssh modules, and
reports successful ssh_login attempts pubkey fingerprints as well.
This last thing Leads to some double accounting of creds, so I'm not
super-thrilled, but it sure makes searching for ssh_pubkey types a lot
easier.... maybe a better solution is to just have a special method for
the cred model, though.
2012-01-08 22:28:37 -06:00
sinn3r
243dbe50f0
Correct author name. Unfortunately not all editors can print unicode correctly.
2012-01-07 15:18:25 -06:00
sinn3r
181fe2d925
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-07 15:14:30 -06:00
sinn3r
4e858aba89
Add CVE-2012-0262 Op5 welcome.php Remote Code Execution
2012-01-07 15:13:45 -06:00
sinn3r
4645c1c2b9
Add CVE-2012-0261 Op5 license.php Remote Code Execution
2012-01-07 15:12:49 -06:00
HD Moore
b12baccc49
Quick update, added a research option
2012-01-07 01:13:23 -06:00
sinn3r
6d401b48d1
Fix typo
2012-01-07 00:02:51 -06:00
sinn3r
b7e29191f5
Add Drupal 'Views' module username enumeration (Feature #6194 )
2012-01-06 23:51:32 -06:00
David Maloney
40a1d8bcc8
Fixed issue with a missing nil check in ftp_login
2012-01-06 20:51:58 -08:00
David Maloney
81acfd2126
Adds hashdump and cracking modules for AIX
2012-01-06 20:31:22 -08:00
David Maloney
8e017fd4db
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-06 20:30:25 -08:00
David Maloney
bf425a6744
Fixed bug that prevented telnet sessions from opening with good creds
2012-01-06 16:59:08 -08:00
Stephen Haywood
2e60d2e01a
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-01-06 17:46:42 -05:00
Stephen Haywood
72072c4ef3
Added enum_artifacts
2012-01-06 17:43:50 -05:00
sinn3r
6ceb2f04a3
Add CVE-2011-2474 Sybase EAServer directory traversal vulnerability
2012-01-06 14:24:49 -06:00
David Maloney
9cf2af6a94
Adds exploit/windows/htt/xampp_webdav_upload_php
...
This exploit abuses weak default passwords on XAMPP
for windows to uplaod a php payload and execute it.
Fixes #2170
2012-01-06 12:00:14 -08:00
Sam Sharps
06414c2413
changed author to my actual name
2012-01-06 01:03:20 -06:00
HD Moore
7b26e33e19
Initial version
2012-01-06 00:53:50 -06:00
Sam Sharps
b26ed37467
Added description, urls, and another author
2012-01-06 00:47:01 -06:00
Sam Sharps
5c05cebaf7
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:16:45 -06:00
sam
f3a9bc2dad
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:12:28 -06:00
David Maloney
ba86e8a04f
Added PROPFIND support to http_login
...
This allows http_login to test against WebDAV.
Also added XAMPP default usernames and passwords to default wordlists
2012-01-05 12:10:53 -08:00
HD Moore
8315709fb6
Correct typo and set the disclosure date
2012-01-04 19:46:56 -06:00
Tod Beardsley
7b692aa0b9
Adding references to vss modules.
2012-01-04 12:10:03 -06:00
sinn3r
8cced0a91e
Add CVE-2011-2462 Adobe Reader U3D exploit
2012-01-04 03:49:49 -06:00
David Maloney
12221b0433
UAC will disrupt these modules
...
Added checks for UAC.
UAC must be bypassed before using these modules.
2012-01-03 12:07:38 -08:00
Joshua J. Drake
958ffe6e1d
Fix stack trace from unknown agents
2012-01-02 03:41:49 -06:00
Steve Tornio
7bfdc9eff4
add osvdb ref
2012-01-01 09:10:10 -06:00
David Maloney
dd0b07b2cc
Adds mixin and post modules to manipulate Volume shadowcopy Service(VSS)
2011-12-30 15:03:04 -08:00
sinn3r
d9db03dba6
Add CoCSoft StreamDown buffer overflow (Feature #6168 ; no CVE or OSVDB ref)
2011-12-30 10:16:29 -06:00
Tod Beardsley
bc22b7de99
MSFConsole should display hostless loot, also typo fix.
...
Fixes the console to display loot not associated with a host, as when
the CorpWatch modules save loot. Also fixes a typo on
corpwatch_lookup_id.rb
Fixes #6177
2011-12-29 15:11:15 -06:00
sinn3r
b202c29153
Correct e-mail format
2011-12-29 11:27:10 -06:00
sinn3r
d484e18300
Add e-mail for tecr0c
2011-12-29 11:14:15 -06:00
sinn3r
9972f42953
Add e-mail for mr_me for consistency
2011-12-29 11:01:38 -06:00
sinn3r
b5b2c57b9f
Correct e-mail format
2011-12-29 10:57:00 -06:00
sinn3r
a330a5c63a
Add e-mail for Brandon
2011-12-29 10:53:39 -06:00
Steve Tornio
778d396bc6
add osvdb ref
2011-12-29 07:54:15 -06:00
Steve Tornio
6d72dbb609
add osvdb ref
2011-12-29 07:54:01 -06:00
Steve Tornio
a00dad32fe
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2011-12-29 07:50:33 -06:00
Steve Tornio
27d1601028
add osvdb ref
2011-12-29 07:49:16 -06:00