infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,378 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

24378 Commits (bb4e9e2d4d8a4bba6bfb34171dbdc4ed64d5681c)

Author SHA1 Message Date
sinn3r d7513b0eb2 Handle nil properly when no results are found 2014-04-15 18:19:29 -05:00
jvazquez-r7 abd76c5000 Add module for CVE-2014-0322 2014-04-15 17:55:24 -05:00
Meatballs 5bd9721d95
Redundant include 2014-04-15 21:34:21 +01:00
Meatballs 02b11afddc
Merge remote-tracking branch 'upstream/master' into netapi_change_passwd 
Conflicts:
	lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb
 2014-04-15 21:23:45 +01:00
Meatballs bd9b5add49
Dont report creds 
We dont know if a DOMAIN or IP is specified etc.
 2014-04-15 21:14:49 +01:00
Meatballs fc018eb32e
Initial commit 2014-04-15 21:05:06 +01:00
Christian Mehlmauer 56b165d4bd
Land #3263, updated vars_get msftidy regex by @wvu-r7 2014-04-15 21:53:10 +02:00
William Vu aeedad262d
Remove unnecessary charclass escapes 2014-04-15 14:14:51 -05:00
William Vu 261572158b
Add paren to list of exclusion chars 2014-04-15 11:20:11 -05:00
William Vu 14c7eb19e6
Make the hash brace optional 2014-04-15 10:06:43 -05:00
Tod Beardsley f46b4ab8f3
Land #3258, undoing the aggressive vars_post check 2014-04-14 22:30:04 -05:00
Tod Beardsley 0b2737da7c
Two more java payloads that wanted to write RHOST 
There are three total, and they're all copy-pasted from the original
module from 2009. I suspect this idiom isn't used at all any more -- I
can't detect a difference in the payload if I just declare a host being
cli.peerhost, rather than rewriting RHOST to be cli.peerhost.

[SeeRM #8498]
 2014-04-14 22:22:30 -05:00
Tod Beardsley 775b0de3c0
Replace RHOST reassing with just host 
This looks okay from debug (the host looks like it's generating okay)
but there may be some subtle thing I'm not seeing here. @wchen-r7 can
you glance at this please?

[SeeRM #8498]
 2014-04-14 22:17:31 -05:00
Tod Beardsley 9db01770ec
Add custom rhost/rport, remove editorializing desc 
Verification:

````
resource (./a.rc)> run
[*] Connecting to FTP server ....
[*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server)
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla@example.com...
[*] FTP send: "USER anonymous\r\n"
[*] FTP recv: "331 Anonymous login ok, send your complete email address
as your password\r\n"
````

...etc.
 2014-04-14 21:46:05 -05:00
Tod Beardsley 40a359f312 Include a vhost for Shodan or else it complains 
Works now. The rhost option was not keeping the custom vhost option.

````
msf auxiliary(shodan_search) > rexploit
[*] Reloading module...

[*] Total: 13443 on 269 pages. Showing: 1
[*] Country Statistics:
[*] United States (US): 2006
[*] Germany (DE): 1787
[*] Korea, Republic of (KR): 1061
[*]     Italy (IT): 916
[*] Hungary (HU): 604
[*] Collecting data, please WaitUntilAuthEmptyt...

IP Results
==========
````
 2014-04-14 21:23:27 -05:00
Tod Beardsley 1436f68955
Fix shodan to not muck with datastore 2014-04-14 21:21:11 -05:00
Tod Beardsley 9035d1523d
Update wol.rb to specify rhost/rport directly 
- [ ] Fire up tcpdump on the listening interface
 - [ ] Run the module and see the pcap:

listening on vmnet8, link-type EN10MB (Ethernet), capture size 65535
bytes
20:56:02.592331 IP 192.168.145.1.41547 > 255.255.255.255.9: UDP, length
102
 2014-04-14 20:57:20 -05:00
Tom Sellers 0360d1177f Heartbleed - Add autodetection of XMPP hostname 
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server.  This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS.  The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.
 2014-04-14 20:09:21 -05:00
Thanat0s 07ed8d832a Update db 2014-04-15 02:48:55 +02:00
David Chan 1a73206034 Add detection for GnuTLS with with multiple records 2014-04-14 17:09:25 -07:00
Thanat0s fecdbd1781 F5 bigip cookie module 2014-04-15 01:11:17 +02:00
Tod Beardsley e4a61e2730
Fix Module.new bug and test for vhost 2014-04-14 18:01:13 -05:00
William Vu 66cc050876
Land #3256, SMTP RFC compliance for Heartbleed 2014-04-14 17:52:56 -05:00
William Vu f3f31005d8
Revert inadvertent fix for vars_get in msftidy 2014-04-14 14:51:52 -05:00
William Vu 0a4c10876d
Land #3257, errant whitespace fix 2014-04-14 14:33:04 -05:00
Thanat0s 176204d62d With implemented remarks 2014-04-14 21:11:04 +02:00
Tod Beardsley 66a50b33fd
Errant whitespace 2014-04-14 13:34:39 -05:00
Tom Sellers 634a03a852 Update to openssl_heartbleed to deal with SMTP RFC 
Added CR character in order to have the commands match SMTP RFC 5321 2.3.8 for line termination. Some SMTP services, such as the Symantec Mail Gateway, require strict compliance or the connection will be dropped with the response  '550 esmtp: protocol deviation'

Reference:
   http://www.symantec.com/business/support/index?page=content&id=TECH96829
   http://tools.ietf.org/html/rfc5321#section-2.3.8
 2014-04-14 13:27:33 -05:00
sinn3r 1f5f697037
Land #3255 - Adds history collection module for FF privileged JS 2014-04-14 12:45:03 -05:00
joev 5f0d723588 Adds history collection module for FF privileged JS. 2014-04-14 12:27:18 -05:00
sinn3r 61196b4793
Land #3246 - Firefox Gather Passwords from Privileged Javascript Shell 2014-04-14 11:37:55 -05:00
David Maloney c537aebf0f
Land #3228, JtR colon Seperation 2014-04-14 11:19:16 -05:00
David Maloney 5074529647
Land #3253, Fix to exe-only format 
Lands pull request to fix nil issue with
the to_winpe_only method call in Msf::Util::EXE
 2014-04-14 11:04:03 -05:00
JoseMi e811e169dc Cambios en el exploit 2014-04-14 16:31:54 +01:00
JoseMi da26a39634 Add CVE-2014-2219 exploit for windows XP SP3 2014-04-14 16:16:10 +01:00
agix ac63e84d02 Fix little bug when using msfencode and exe-only 
When arch is not defined, arch is null so it crashs.
It should be 'x86' by default
 2014-04-14 01:02:31 +02:00
Thanat0s dd7bceee56 fix threaded issues 2014-04-12 17:43:39 +02:00
Thanat0s d493c48cc6 add thottling,notes insert and output to dns_rev_lookup 2014-04-12 16:36:18 +02:00
Ramon de C Valle 039946e8d1 Use the first cipher suite sent by the client 
If encrypted, use the TLS_RSA_WITH_AES_128_CBC_SHA; otherwise, use the
first cipher suite sent by the client. This complements the last commit
and makes this module work with SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
when NEGOTIATE_TLS is not enabled (see
https://gist.github.com/rcvalle/10335282).
 2014-04-12 05:05:14 -03:00
Ramon de C Valle b95fcb9610 Use the protocol version sent by the client 
Use the protocol version sent by the client. This should be the latest
version supported by the client, which may also be the only acceptable.
This makes this module work with SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
when NEGOTIATE_TLS is not enabled (see
https://gist.github.com/rcvalle/10335282).
 2014-04-12 04:21:35 -03:00
David Chan 6fafc10184 Add HeartBleed check functionality 2014-04-12 00:07:00 -07:00
sinn3r 7b6b94acd5
Land #3247 - Revert #3224 jsobfu string size fixes 2014-04-12 00:58:27 -05:00
joev 1715cf4650 Add base64 to prevent potential encoding issues. 2014-04-11 17:30:04 -05:00
joev e09f887c4c Revert "Fixes large-string expansion in JSObfu." 
This reverts commit 14fed8c610.
 2014-04-11 16:51:47 -05:00
joev 4cb04b6b9a Revert "Use implicit return for assignment." 
This reverts commit 49139cc07f.
 2014-04-11 16:51:40 -05:00
joev 21b2697b95 Revert "Use tiny var names by default." 
This reverts commit 52432ef482.
 2014-04-11 16:51:34 -05:00
joev 0b23fc2c40 Revert "Use actual vars so that jsobfu can randomize." 
This reverts commit b9284c5635.
 2014-04-11 16:51:29 -05:00
joev d41b3467f8 Revert "Re-add the #random_string(len) method to pass specs." 
This reverts commit bd8918e4e1.
 2014-04-11 16:51:21 -05:00
joev 65d267032d
Fix wrong DisclosureDate. 2014-04-11 16:17:22 -05:00
joev 197a7e556b Add password colletion post module for Firefox shells. 2014-04-11 16:15:48 -05:00