infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,203 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

12834 Commits (c12eae66b353a65df959a056bb805e7a4ea5da8b)

Author SHA1 Message Date
Jeff Jarmoc c12eae66b3 Error and return if public key wasn't retrieved. 2014-04-17 15:44:40 -05:00
Jeff Jarmoc 578002e016 KEYS action gets it's own function 2014-04-17 15:39:05 -05:00
Jeff Jarmoc 9f30976b83 Heartbleed RSA Keydump 
Flattened, merge conflicts resolved, etc.
 2014-04-17 14:30:47 -05:00
Christian Mehlmauer 71a650fe6e
Land #3259, XMPP Hostname autodetect by @TomSellers 2014-04-17 08:54:15 +02:00
Tom Sellers 1f452aab48 Code cleanup 
Changes requested by wvu-R7
 2014-04-17 12:46:25 -05:00
Tom Sellers 9e2285619e Additional cleanup 
Whitespace cleanup
 2014-04-17 10:46:33 -05:00
Tom Sellers ee0d30a1f3 Whitespace fix 
Removing extra line feeds
 2014-04-16 17:27:39 -05:00
Tom Sellers 92eab6c54b Attribution addition 
Per comment from Firefart
 2014-04-16 17:26:09 -05:00
Tom Sellers 1f3ec46b8a Heartbleed - Add autodetection of XMPP hostname (round 2) 
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.

This version addresses issues that FireFart (Thanks!) brought up about code quality and connection reliability.
 2014-04-16 08:49:45 -05:00
sinn3r 54346f3f92
Land #3265 - Windows Post Manage Change Password 2014-04-15 18:45:48 -05:00
sinn3r d7a63003a3
Land #3266 - MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free 2014-04-15 18:35:18 -05:00
sinn3r 23c2a071cd Small name change 2014-04-15 18:35:00 -05:00
sinn3r 7a4e12976c
First little bit at Bug 8498 
[FixRM #8489] rhost/rport modification
 2014-04-15 18:20:16 -05:00
sinn3r d7513b0eb2 Handle nil properly when no results are found 2014-04-15 18:19:29 -05:00
jvazquez-r7 abd76c5000 Add module for CVE-2014-0322 2014-04-15 17:55:24 -05:00
Meatballs 5bd9721d95
Redundant include 2014-04-15 21:34:21 +01:00
Meatballs 02b11afddc
Merge remote-tracking branch 'upstream/master' into netapi_change_passwd 
Conflicts:
	lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb
 2014-04-15 21:23:45 +01:00
Meatballs bd9b5add49
Dont report creds 
We dont know if a DOMAIN or IP is specified etc.
 2014-04-15 21:14:49 +01:00
Meatballs fc018eb32e
Initial commit 2014-04-15 21:05:06 +01:00
Tod Beardsley 0b2737da7c
Two more java payloads that wanted to write RHOST 
There are three total, and they're all copy-pasted from the original
module from 2009. I suspect this idiom isn't used at all any more -- I
can't detect a difference in the payload if I just declare a host being
cli.peerhost, rather than rewriting RHOST to be cli.peerhost.

[SeeRM #8498]
 2014-04-14 22:22:30 -05:00
Tod Beardsley 775b0de3c0
Replace RHOST reassing with just host 
This looks okay from debug (the host looks like it's generating okay)
but there may be some subtle thing I'm not seeing here. @wchen-r7 can
you glance at this please?

[SeeRM #8498]
 2014-04-14 22:17:31 -05:00
Tod Beardsley 9db01770ec
Add custom rhost/rport, remove editorializing desc 
Verification:

````
resource (./a.rc)> run
[*] Connecting to FTP server ....
[*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server)
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla@example.com...
[*] FTP send: "USER anonymous\r\n"
[*] FTP recv: "331 Anonymous login ok, send your complete email address
as your password\r\n"
````

...etc.
 2014-04-14 21:46:05 -05:00
Tod Beardsley 40a359f312 Include a vhost for Shodan or else it complains 
Works now. The rhost option was not keeping the custom vhost option.

````
msf auxiliary(shodan_search) > rexploit
[*] Reloading module...

[*] Total: 13443 on 269 pages. Showing: 1
[*] Country Statistics:
[*] United States (US): 2006
[*] Germany (DE): 1787
[*] Korea, Republic of (KR): 1061
[*]     Italy (IT): 916
[*] Hungary (HU): 604
[*] Collecting data, please WaitUntilAuthEmptyt...

IP Results
==========
````
 2014-04-14 21:23:27 -05:00
Tod Beardsley 1436f68955
Fix shodan to not muck with datastore 2014-04-14 21:21:11 -05:00
Tod Beardsley 9035d1523d
Update wol.rb to specify rhost/rport directly 
- [ ] Fire up tcpdump on the listening interface
 - [ ] Run the module and see the pcap:

listening on vmnet8, link-type EN10MB (Ethernet), capture size 65535
bytes
20:56:02.592331 IP 192.168.145.1.41547 > 255.255.255.255.9: UDP, length
102
 2014-04-14 20:57:20 -05:00
Tom Sellers 0360d1177f Heartbleed - Add autodetection of XMPP hostname 
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server.  This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS.  The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.
 2014-04-14 20:09:21 -05:00
William Vu 66cc050876
Land #3256, SMTP RFC compliance for Heartbleed 2014-04-14 17:52:56 -05:00
Tod Beardsley 66a50b33fd
Errant whitespace 2014-04-14 13:34:39 -05:00
Tom Sellers 634a03a852 Update to openssl_heartbleed to deal with SMTP RFC 
Added CR character in order to have the commands match SMTP RFC 5321 2.3.8 for line termination. Some SMTP services, such as the Symantec Mail Gateway, require strict compliance or the connection will be dropped with the response  '550 esmtp: protocol deviation'

Reference:
   http://www.symantec.com/business/support/index?page=content&id=TECH96829
   http://tools.ietf.org/html/rfc5321#section-2.3.8
 2014-04-14 13:27:33 -05:00
joev 5f0d723588 Adds history collection module for FF privileged JS. 2014-04-14 12:27:18 -05:00
sinn3r 61196b4793
Land #3246 - Firefox Gather Passwords from Privileged Javascript Shell 2014-04-14 11:37:55 -05:00
David Maloney c537aebf0f
Land #3228, JtR colon Seperation 2014-04-14 11:19:16 -05:00
joev 1715cf4650 Add base64 to prevent potential encoding issues. 2014-04-11 17:30:04 -05:00
joev 65d267032d
Fix wrong DisclosureDate. 2014-04-11 16:17:22 -05:00
joev 197a7e556b Add password colletion post module for Firefox shells. 2014-04-11 16:15:48 -05:00
William Vu 6599999b8a
Land #3232, Heartbleed memory dump filtering 2014-04-11 12:46:01 -05:00
Sebastiano Di Paola a63f020a68 Fixing coding style 2014-04-11 19:39:57 +02:00
Sebastiano Di Paola 4acacb005d Fixed a bug...referring to wrong variable after filtering with regexp 2014-04-11 19:33:23 +02:00
Sebastiano Di Paola 83fe1cec65 Cleaned up Array.join call 2014-04-11 19:24:32 +02:00
Sebastiano Di Paola 55ec969bd9 Renamed FILTER -> DUMPFILTER, more intuitive and coherent 2014-04-11 19:07:57 +02:00
Sebastiano Di Paola 8268009b36 Renamed PATTERN_FILTER -> FILTER 2014-04-11 19:03:25 +02:00
Sebastiano Di Paola c378fe95c1 Added missing space in comment 2014-04-11 19:01:01 +02:00
Sebastiano Di Paola f8f710547c Fixed call to String.match with regexp pattern 2014-04-11 18:59:59 +02:00
Sebastiano Di Paola 638cb41a3f Remove Spaces at EOL, fixed if test on pattern variable 2014-04-11 18:58:05 +02:00
Sebastiano Di Paola 34fa4e29d9 Restored FTP option 2014-04-11 18:16:19 +02:00
Sebastiano Di Paola eb0e35bf25 Fixed store on file option 2014-04-11 18:07:14 +02:00
sinn3r b69662fa42
Land #3233 - eScan Password Command Injection 2014-04-11 11:05:48 -05:00
jvazquez-r7 0c8f5e9b7d Add @Firefart's feedback 2014-04-11 10:21:33 -05:00
Sebastiano Di Paola c4029ea582 - Rubbish that was left dangling here around 2014-04-11 17:20:54 +02:00
Sebastiano Di Paola 1808fe470a fixed conflicts, used OptRegexp for pattern 2014-04-11 17:16:06 +02:00