Commit Graph

11674 Commits (c5e667a1dc0f91718e63752f7997f51088fe3606)

Author SHA1 Message Date
David Maloney 52be1c3a7a Add schemadump module for MySql 2012-01-11 12:16:22 -08:00
Tod Beardsley 500cfa6dd1 Removing telnet_encrypt_keyid_bruteforce.rb to unstable
can't ship for a few problems, will be fixed up soonish but
about to release a build.
2012-01-11 14:00:42 -06:00
Tod Beardsley 5f121fe181 Workaround postgresql.fingerprint dlog message
Came up as a concern, this special-cases notes of
"postgresql.fingerprint". Not thrilled with this fix, though.
2012-01-11 13:17:21 -06:00
David Maloney 1a03777538 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-11 09:11:48 -08:00
David Maloney 8c594798d7 Fix to the AIX jtr module title. 2012-01-11 09:11:23 -08:00
Tod Beardsley 092b226cce Updating tns_auth_sesskey to use a user-supplied SID
Applying the patch suggested by Lukas, here: http://mail.metasploit.com/pipermail/framework/2012-January/008374.html
2012-01-11 07:31:36 -06:00
Brandon Perry 0236a6994f registry stuff 2012-01-10 18:45:24 -06:00
David Maloney 13069990eb Added module for dumping schema information from Microsoft SQL Server
and storing it as loot and notes.
2012-01-10 15:32:09 -08:00
Tod Beardsley 7e25f9a6cc Death to unicode
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.

Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
David Maloney ed0dbad243 Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.
Fixes #6066
2012-01-10 12:32:47 -08:00
chao-mu b23b7b8a88 Adds support for a regular expression based Option (RegexpOpt). Also introduced a method to OptBase called display_value which returns the value to be displayed to the user. 2012-01-10 09:22:14 -05:00
James Lee 753ddb27c5 Make all the EXE options OptPath 2012-01-10 03:36:47 -07:00
James Lee 1eb4900102 Make EXE::Custom an OptPath so it can be tab'd 2012-01-10 03:25:13 -07:00
sinn3r bc9014e912 Add new v3.4 target by Michael Coppola (Feature #6207) 2012-01-09 23:51:11 -06:00
sinn3r b76767669c Update Nenad's author name and e-mail 2012-01-09 20:14:47 -06:00
sinn3r 90eb2b9a75 Add CVE-2011-4862 encrypt_key_id using the brute-force method (Feature #6202) 2012-01-09 19:35:06 -06:00
sinn3r 8eee54d1d0 Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb) 2012-01-09 14:23:37 -06:00
Tod Beardsley eeb3a442de whitespace correctly smtp_version.rb 2012-01-09 14:11:10 -06:00
Tod Beardsley 15990efd85 Removing useless (?) begin/rescue from smtp_version
Let the scanner mixin handle the exceptions.
2012-01-09 14:11:10 -06:00
Tod Beardsley e7d7302644 Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a viewer has a Unicode-capable terminal. 2012-01-09 11:22:44 -06:00
David Maloney e12d5588c6 Set data on webdav scanner notes to include webdav path.
'Enabled' in the data field was useless since the note existing
already tells you webdav is enabled.
The path that webdav was running on wasn't kept anywhere though.
2012-01-09 08:33:45 -08:00
Tod Beardsley 9e78eff968 Merge pull request #96 from chao-mu/master
Updates to Railgun

[Fixes #6128] among other things.
2012-01-09 06:43:02 -08:00
Tod Beardsley 51a7f05d85 Adding oracle RC scripts from nebulus
Also adds at least title/attribution to the scripts. Should probably get
a proper format for that if we get more of these bad boys.

[Fixes #6145]
2012-01-09 08:36:52 -06:00
Patroklos Argyroudis 5a20b7d7ac Fixed small typo 2012-01-09 14:19:00 +02:00
Patroklos Argyroudis 9a62b41ab7 Mac OS X x86 payload that executes Calculator.app 2012-01-09 12:12:20 +02:00
Patroklos Argyroudis 5d359785ae Firefox 3.6.16 mChannel exploit for Mac OS X 10.6.8, 10.6.7 and 10.6.6 2012-01-09 12:10:25 +02:00
sinn3r 03a39f7fe8 Whitespace cleanup, also change print_status usage when verbose 2012-01-09 02:21:39 -06:00
sinn3r 2f9d563067 Update reference 2012-01-09 02:14:29 -06:00
Tod Beardsley badf62d8e0 Add back in ssh_key_matches?() 2012-01-08 22:45:00 -06:00
Tod Beardsley a1668f2b23 Adds SSHKey gem and some other ssh goodies
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.

Squashed commit of the following:

commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 22:23:32 2012 -0600

    Updates ssh credentials to easily find common keys

    Instead of making the modules do all the work of cross-checking keys,
    this introduces a few new methods to the Cred model to make this more
    universal.

    Also includes the long-overdue workspace() method for credentials.

    So far, nothing actually implements it, but it's nice that it's there
    now.

commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 20:10:40 2012 -0600

    Adding back cross-checking for privkeys.

    Needs to test to see if anything depends on order, but should
    be okay to mark up the privkey proof with this as well.

commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 16:49:56 2012 -0600

    Add SSHKey gem, convert PEM pubkeys to SSH pubkeys

commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 13:51:55 2012 -0600

    Store pubkeys as loot for reuse.

    Yanked cross checking for now, will drop back in before pushing.

commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 02:10:12 2012 -0600

    Fixes up a couple typos in ssh_identify_pubkeys

commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sat Jan 7 17:18:33 2012 -0600

    Updates to ssh_identify_pubkeys and friends

    Switches reporting to cred-based rather than note-based, accurately deal
    with DSA keys, adds disable_agent option to other ssh modules, and
    reports successful ssh_login attempts pubkey fingerprints as well.

    This last thing Leads to some double accounting of creds, so I'm not
    super-thrilled, but it sure makes searching for ssh_pubkey types a lot
    easier.... maybe a better solution is to just have a special method for
    the cred model, though.
2012-01-08 22:28:37 -06:00
chao-mu f7a9518944 In railgun mixin, "error_lookup" has been renamed "lookup_error" and now accepts a filtering regular expression. ::BUILTIN_DLLS instead of .builtin_dlls 2012-01-08 17:18:34 -05:00
chao-mu d0fb9424b2 Updated to use "reject!" instead of "select!" so older versions of ruby are happy 2012-01-08 11:16:17 -05:00
chao-mu 6591bd3a45 Completed test coverage for pointer_util.rb and fixed the bugs I found 2012-01-08 11:05:24 -05:00
chao-mu f9d123a8c8 Merge remote branch 'upstream/master' 2012-01-07 19:06:51 -05:00
sinn3r 243dbe50f0 Correct author name. Unfortunately not all editors can print unicode correctly. 2012-01-07 15:18:25 -06:00
sinn3r 181fe2d925 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-07 15:14:30 -06:00
sinn3r 4e858aba89 Add CVE-2012-0262 Op5 welcome.php Remote Code Execution 2012-01-07 15:13:45 -06:00
sinn3r 4645c1c2b9 Add CVE-2012-0261 Op5 license.php Remote Code Execution 2012-01-07 15:12:49 -06:00
HD Moore b12baccc49 Quick update, added a research option 2012-01-07 01:13:23 -06:00
sinn3r 6d401b48d1 Fix typo 2012-01-07 00:02:51 -06:00
sinn3r b7e29191f5 Add Drupal 'Views' module username enumeration (Feature #6194) 2012-01-06 23:51:32 -06:00
David Maloney 40a1d8bcc8 Fixed issue with a missing nil check in ftp_login 2012-01-06 20:51:58 -08:00
David Maloney 81acfd2126 Adds hashdump and cracking modules for AIX 2012-01-06 20:31:22 -08:00
David Maloney 8e017fd4db Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-06 20:30:25 -08:00
James Lee c2406e0e65 Fix whitespace at EOL 2012-01-06 21:13:17 -07:00
James Lee c35c7f5fab Add tab completion for pushm
[See #6165]
2012-01-06 21:10:59 -07:00
James Lee 7ea5f87960 Allow proper ruby types for evasion configuration
At some point in the distant past, the datastore was all strings and the
various option types got parsed out in the appropriate places. Then, in
the somewhat more recent past, the options started getting converted to
regular ruby types (such as TrueClass for a BOOL options, etc) earlier
in their life.  Apparently, that change broke boolean http evasions.
This commit fixes them by ensuring that +true+ is just as acceptable as
"true".

Fixes #6198, thanks Ashish for the report
2012-01-06 20:05:29 -07:00
chao-mu c59e08ce7d Moved utility codde and expanded railgun test suite runner 2012-01-06 21:07:16 -05:00
chao-mu f41fc7a0ac Moved platform_util.rb and added the tests for the new utilities to railgun.rb.ts.rb 2012-01-06 20:56:41 -05:00
chao-mu bd52f228a0 Merge remote branch 'upstream/master' 2012-01-06 20:27:53 -05:00