infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
25,721 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

13820 Commits (cbf15660bfab7f6c5444c130127632bae5d51e36)

Author SHA1 Message Date
Meatballs 7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-16 20:34:34 +01:00
Spencer McIntyre 82abe49754 Mark windows/misc/psh_web_delivery as deprecated 2014-07-16 14:02:05 -04:00
David Bloom 52bdc5364c Update dbvis_query.rb 2014-07-16 18:52:27 +02:00
David Bloom 200c122ecd Update dbvis_query.rb 2014-07-16 18:48:15 +02:00
David Bloom 31e38cee23 Update dbvis_add_db_admin.rb 2014-07-16 18:45:38 +02:00
David Bloom 5f38ad5e10 Update dbvis_add_db_admin.rb 2014-07-16 18:30:23 +02:00
David Bloom c3b87e2e6c Update rigth on dbviscmd check 2014-07-16 18:27:19 +02:00
David Bloom 90932116f8 Update dbvis_query.rb 
Minor changes
 2014-07-16 15:44:48 +02:00
David Bloom b4aca68406 Update dbvis_query.rb 2014-07-16 15:10:07 +02:00
David Bloom 17b2169b9d Create dbvis_query.rb 
Dbvisulaizer offers a command line functionality to execute SQL pre-configured databases (With GUI).
The remote database can be accessed from the command line without the need to authenticate.
The module abuses this functionality to query the remote database and store the result.
 2014-07-16 14:51:24 +02:00
David Bloom b602fc89a3 Update dbvis_add_db_admin.rb 
Corrections
 2014-07-16 13:42:58 +02:00
Jon Hart 9e5c24a97e Address some Ruby style issues 2014-07-15 16:55:54 -07:00
jvazquez-r7 6d05a24653 Add target information 2014-07-15 17:45:45 -05:00
sinn3r f8e47a5c61
Land #3524 - WPTouch fileupload exploit 2014-07-15 16:29:59 -05:00
Spencer McIntyre e58100fe85
Land #3419, multi script delivery module by @jakxx 2014-07-15 17:07:51 -04:00
Spencer McIntyre 1a8d73fca8 Minor whitespace and grammar changes 2014-07-15 17:00:28 -04:00
jvazquez-r7 604a612393 Have into account differences between windows default installs 2014-07-15 15:03:07 -05:00
David Bloom 875c024243 create dbvis_add_db_admin.rb 
Dbvisulaizer offers a command line functionality to execute SQL pre-configured databases (With GUI).
The remote database can be accessed from the command line without the need to authenticate.
The module abuses this functionality to create an administrator in the database if DB user rights allow it.
 2014-07-15 21:43:14 +02:00
sinn3r 57b1023592
Land #3522 - Multi Gather Dbvis Connections Settings 2014-07-15 11:34:02 -05:00
sinn3r 1d6f088eab Pass msftidy 2014-07-15 11:31:37 -05:00
David Bloom 526538ecd6 Added dbvis version find and print 2014-07-15 15:04:46 +02:00
David Bloom 97dcc56225 Update dbvis_enum.rb 2014-07-15 14:23:40 +02:00
David Bloom 400b0f4276 parse url to report host in old config 2014-07-15 14:21:09 +02:00
David Bloom f3d953f829 Old config file update 
Added functions to parse old and new config files.
 2014-07-15 14:00:29 +02:00
David Bloom ac3d453002 Update dbvis_enum.rb 2014-07-15 12:33:07 +02:00
David Bloom a53341f520 Added compatibility with dbvis <= 6 
Checking for "config" folder existence if "config70" is not found.
 2014-07-15 12:14:38 +02:00
Christian Mehlmauer c1f612b82a
Use vprint_ instead of print_ 2014-07-15 06:58:33 +02:00
James Lee de22aeba41
Land #3481, meterpreter bins 2014-07-14 15:57:52 -05:00
sinn3r cc1ba265cb Change module name for consistency 2014-07-14 15:49:19 -05:00
sinn3r 4d7bffd713 Change header 2014-07-14 15:45:17 -05:00
sinn3r 5a821cea9d Account for EOFError condition 2014-07-14 15:27:40 -05:00
sinn3r 89a877031f I mean "unless", not "if" 2014-07-14 15:24:53 -05:00
sinn3r bec32a01ab For for missing an end 2014-07-14 15:17:54 -05:00
sinn3r cecdcef2e2 + not preferred 2014-07-14 15:14:54 -05:00
sinn3r 0737deb2a3 Remove the last exception handler 
We're already checking the file path with file?(), so we don't need
to use exception handling for this task anymore.
 2014-07-14 15:02:23 -05:00
sinn3r 8fe3f1a077 File should be checked for existence before reading 2014-07-14 15:01:03 -05:00
sinn3r 20e5803592 Author's Twitter handle should be a comment 
msfconsole treats whatever is in <> as the author's email, not
twitter handle
 2014-07-14 14:57:36 -05:00
sinn3r 3b6947c1d7 Use Rex to check IPv4 instead of using resolv 2014-07-14 14:56:38 -05:00
sinn3r b5e556519b Change = to == 
This is an if condition, not an assignment
 2014-07-14 14:53:27 -05:00
sinn3r 8f51fd0e45 Retabbed and reformatted 2014-07-14 14:39:34 -05:00
Christian Mehlmauer 144c6aecba
Added WPTouch fileupload exploit 2014-07-14 21:35:18 +02:00
root 3becfff41e Add Bruteforce Joomla 2014-07-14 14:07:23 -05:00
Tod Beardsley 6c595f28d7
Set up a proper peer method 2014-07-14 13:29:07 -05:00
David Bloom 72d9587a50 DbVisualizer stores the user database configuration in dbvis.xml 
This module retrieves the connections settings from this file
 2014-07-14 20:08:48 +02:00
David Bloom 667b1363f3 Delete dbvis_enum.rb 2014-07-14 10:57:53 +02:00
David Bloom 0ef0f6aae1 Update dbvis_enum.rb 2014-07-14 10:54:43 +02:00
David Bloom bcbb0b4fde dbvis connections gathering 
DbVisualizer stores the user database configuration in dbvis.xml.
This module retrieves the connections settings from this file.
 2014-07-14 10:49:20 +02:00
Michael Messner 1b7008dafa typo in name 2014-07-13 13:24:54 +02:00
William Vu 2fd7bcf8bf
Land #3514, report_note for scraper 2014-07-11 17:17:10 -05:00
nodeofgithub 5d833cbb16 http_header report_note remove to_s 2014-07-11 17:14:45 -05:00
nodeofgithub 7e9eb84531 http_header report_note remove brackets, move rport 2014-07-11 17:14:45 -05:00
nodeofgithub a8ec733a3a Interpolate all the things! 2014-07-11 17:14:09 -05:00
nodeofgithub 4abe856fc1 Rescue http_header notes from getting truncated 
Seems that only one header line gets added to host notes, and the rest are thrown away. This adds the counter number to the type string, so that each header line entry is unique and correctly saved. I also added port in case you want headers from several ports on one host without the previous getting overwritten.

(scanning shodanhq.com)
----BEFORE----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: deleted header Expires
[*] 162.159.245.38:80: CF-RAY: 1485d013ca880773-EWR
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 14:50:20 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 7 headers
[*] Scanned 1 of 1 hosts (100% complete)

msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 14:50:19 UTC Note: host=162.159.245.38 type=HTTP header data="SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >

----AFTER----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: CF-RAY: 14869ad5c0970f57-FRA
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 17:08:45 GMT
[*] 162.159.245.38:80: EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 8 headers
[*] Scanned 1 of 1 hosts (100% complete)

msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.0 data="CF-RAY: 14869ad5c0970f57-FRA"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.1 data="CACHE-CONTROL: max-age=15"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.2 data="CONNECTION: keep-alive"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.3 data="CONTENT-TYPE: text/html; charset=UTF-8"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.4 data="DATE: Fri, 11 Jul 2014 17:08:45 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.5 data="EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.6 data="SERVER: cloudflare-nginx"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.7 data="SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >
 2014-07-11 17:14:09 -05:00
nodeofgithub 6ef69b4014 scraper report_note, remove eol whitespace 2014-07-11 21:21:56 +02:00
nodeofgithub ad46c37988 scraper report_note, remove unnecessary to_s 2014-07-11 21:08:35 +02:00
nodeofgithub 7a7d149dc5 scraper report_note, change note type string 2014-07-11 21:01:20 +02:00
Tod Beardsley e5d7dae016
Land #3513, Author name fixups from @jvazquez-r7 2014-07-11 13:58:38 -05:00
Tod Beardsley b09fab13f0 Fix one flubbed author address 2014-07-11 13:50:37 -05:00
nodeofgithub 8b302cd472 Add report_note to scraper.rb 
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
 2014-07-11 20:31:46 +02:00
nodeofgithub b834e7d3cb Update scraper.rb 2014-07-11 20:20:40 +02:00
nodeofgithub da67a63ad0 Add report_note to scraper.rb 
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
 2014-07-11 20:07:48 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
William Vu 79603c9a73
Land #3505, a bunch o' Linux post module fixes 2014-07-11 12:39:31 -05:00
jvazquez-r7 eb9d2f130c Change title 2014-07-11 12:03:09 -05:00
jvazquez-r7 a356a0e818 Code cleanup 2014-07-11 12:00:31 -05:00
jvazquez-r7 6fd1ff6870 Merge master 2014-07-11 11:40:39 -05:00
jvazquez-r7 d637171ac0 Change module filename 2014-07-11 11:39:32 -05:00
jvazquez-r7 c55117d455 Some cleanup 2014-07-11 11:39:01 -05:00
jvazquez-r7 a7a700c70d
Land #3502, @m-1-k-3's DLink devices HNAP Buffer Overflow CVE-2014-3936 2014-07-11 11:25:03 -05:00
jvazquez-r7 b9cda5110c Add target info to message 2014-07-11 11:24:33 -05:00
jvazquez-r7 dea68c66f4 Update title and description 2014-07-11 10:38:53 -05:00
jvazquez-r7 f238c2a93f change module filename 2014-07-11 10:30:50 -05:00
jvazquez-r7 f7d60bebdc Do clean up 2014-07-11 10:28:31 -05:00
William Vu 43f41de124
Land #3508, CVE-2014-4671 Flash JSONP disclosure 2014-07-11 10:11:48 -05:00
jvazquez-r7 8f3197c192
Land #3496, @m-1-k-3's switch to CmdStager on dlink_upnp_exec_noauth 2014-07-11 09:50:57 -05:00
jvazquez-r7 4ea2daa96a Minor cleanup 2014-07-11 09:50:22 -05:00
jvazquez-r7 51cfa168b1 Fix deprecation information 2014-07-11 09:47:30 -05:00
jvazquez-r7 46f5282fd3
Land #3455, @m-1-k-3's exploit for DLink UPNP M-Search Command Injection 2014-07-11 09:39:05 -05:00
jvazquez-r7 611b8a1b6d Modify title and ranking 2014-07-11 09:35:21 -05:00
jvazquez-r7 a9b92ee581 Change module filename 2014-07-11 09:17:56 -05:00
jvazquez-r7 36c6e74221 Do minor fixes 2014-07-11 09:17:34 -05:00
joev b8225ae2dc
Remove unnecessary ||= and ivars. 2014-07-10 16:06:28 -05:00
joev e0389dfbc3
Update code as per @wvu's code review. 2014-07-10 15:03:40 -05:00
Michael Messner 109201a5da little auto detect fix 2014-07-10 20:45:49 +02:00
Michael Messner 781149f13f little auto detect fix 2014-07-10 20:40:39 +02:00
joev dd439066ca
Patch rhost to display hostname of JSONP_URL. 2014-07-10 12:02:22 -05:00
Tod Beardsley bcec2df0a4
Fix Meterpreter PHP hop description 2014-07-10 11:35:48 -05:00
joev 841cb6a590
STEAL_URL -> STEAL_URLS. 2014-07-10 09:14:32 -05:00
joev fad30bc874
Add flash rosetta exploit module for stealing URLs. 2014-07-10 09:09:10 -05:00
scriptjunkie 2cd9577278 Fix table printing. 2014-07-09 21:46:34 -05:00
Tod Beardsley 038d1e210a
Merge upstream/master to deconflict. 
Conflicts:
	Gemfile.lock
 2014-07-09 17:43:42 -05:00
Michael Messner f068006f05 auto target 2014-07-09 21:53:11 +02:00
Michael Messner 6a765ae3b0 small cleanup 2014-07-09 21:16:29 +02:00
Michael Messner 0674314c74 auto target included 2014-07-09 20:56:04 +02:00
Michael Messner b4812c1b7d auto target included 2014-07-09 20:53:24 +02:00
jvazquez-r7 42823fe15e Test download_exec with linux meterpreter 2014-07-09 09:41:10 -05:00
jvazquez-r7 f4c6505351 Test mount_cifs_creds on linux meterpreter 2014-07-09 09:20:30 -05:00
jvazquez-r7 14b218dce5 Make hashdump compatible with meterpreter 2014-07-09 08:48:20 -05:00
jvazquez-r7 73fdc06d1d Fix enum_xchat to work with meterpreter 2014-07-09 08:37:17 -05:00
jvazquez-r7 b47650580a Fix bugs 2014-07-08 16:51:39 -05:00
jvazquez-r7 a364172978 Add meterpreter as session type 2014-07-08 16:25:50 -05:00
jvazquez-r7 c25c5f6806 Make linux gather post modules compatible with meterpreter 2014-07-08 16:23:57 -05:00
Michael Messner f89f47c4d0 dlink_dspw215_info_cgi_rop 2014-07-08 22:29:57 +02:00
Michael Messner 6fbd6bb4a0 stager 2014-07-08 22:17:02 +02:00
Michael Messner ac727dae89 dlink_dsp_w215_hnap_exploit 2014-07-08 22:13:13 +02:00
Michael Messner 579ce0a858 cleanup 2014-07-08 21:58:15 +02:00
Michael Messner 51001f9cb3 Merge branch 'master' of git://github.com/rapid7/metasploit-framework into dlink_upnp_msearch_command_injection 2014-07-08 21:39:53 +02:00
Michael Messner 84d6d56e15 cleanup, deprecated 2014-07-08 21:36:07 +02:00
Michael Messner 10bcef0c33 cleanup, deprecated 2014-07-08 21:34:28 +02:00
Tod Beardsley 9fef2ca0f3
Description/whitespace changes (minor) 
Four modules updated for the weekly release with minor cosmetic fixes.

- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
 2014-07-07 12:39:05 -05:00
jvazquez-r7 cd6b83858b
Add new Yokogawa SCADA exploit 2014-07-07 11:20:49 -05:00
HD Moore 6f433db609
Minor typo fix 2014-07-06 23:44:17 -05:00
HD Moore 3ef35f19dc Prefer strip over chomp 2014-07-06 23:17:09 -05:00
HD Moore d76081bcef Prefer strip over chomp 2014-07-06 23:16:56 -05:00
HD Moore ab7848a895
Merge master for testing of #2809 2014-07-06 22:27:58 -05:00
Michael Messner e7ade9f84d migrate from wget to echo mechanism 2014-07-06 21:45:53 +02:00
Christian Mehlmauer d5843f8eaf
Updated Mailpoet exploit to work with another version 2014-07-06 10:53:40 +02:00
William Vu cf5d29c53b
Add EOF newline to satisfy msftidy 2014-07-05 13:51:12 -05:00
HD Moore 6d9bf83ded Small fixes for the recent WP MailPoet module 
Correct casing in the title
Anchor the use of ::File
Force body.to_s since it can be nil in corner cases
 2014-07-05 13:17:23 -05:00
jvazquez-r7 98a82bd145
Land #3486, @brandonprry's exploit for CVE-2014-4511 gitlist RCE 2014-07-04 16:41:04 -05:00
jvazquez-r7 59881323b9 Clean code 2014-07-04 16:40:16 -05:00
Brandon Perry a33a6dc79d add bash to requiredcmd 2014-07-03 16:52:52 -05:00
Brandon Perry 806f26424c && not and 2014-07-03 16:50:21 -05:00
Brandon Perry 6fb2fc85a0 address @jvasquez-r7 review points 2014-07-03 16:43:01 -05:00
jvazquez-r7 2efa3d6bc0
Land #3487, @FireFart's exploit for WordPress MailPoet file upload 2014-07-03 14:34:58 -05:00
sinn3r f1b7a9f421
Land #3488 - loot storage into the enum_services post module 2014-07-03 14:18:16 -05:00
sinn3r 79c433e7ea
Land #3480 - Oracle Event Processing FileUploadServlet Arbitrary File Upload 2014-07-03 14:09:12 -05:00
sinn3r c207d14d1f Update description 2014-07-03 14:08:31 -05:00
jvazquez-r7 97a6b298a8 Use print_warning 2014-07-03 13:38:20 -05:00
Christian Mehlmauer dcba357ec3
implement feedback 2014-07-03 20:27:08 +02:00
sinn3r 2c999d3099 Better describe the problem 2014-07-03 13:06:19 -05:00
sinn3r 9aa3c75234 Do something for the shut-everything-up event handling practice 2014-07-03 13:04:56 -05:00
sinn3r 8a513058f6 Fix comments 2014-07-03 12:59:10 -05:00
sinn3r ebeb9880a6 Favor "unless" over "if" for negative conditions 
Please refer to https://github.com/bbatsov/ruby-style-guide
 2014-07-03 12:55:13 -05:00
sinn3r 1d828a951f string interpolation is preferred over concatenation 
Please refer to https://github.com/bbatsov/ruby-style-guide
 2014-07-03 12:46:56 -05:00
sinn3r b781b87d74 Avoid unnecessary "if not" 2014-07-03 12:44:17 -05:00
Brandon Perry 86a31b1896 Update gitlist_exec.rb 2014-07-03 12:40:37 -05:00
Christian Mehlmauer aeb4fff796
Added FileDropper 2014-07-03 19:25:31 +02:00
jvazquez-r7 51695c4932
Land #2484, @zeroSteiner's refactoring for CmdStager 2014-07-03 11:33:46 -05:00
Jon Hart 1500f33e1b Default to only fuzzing versions 2-4 2014-07-03 07:32:44 -07:00
Christian Mehlmauer b15297eee0
Land #3490, @Meatballs1 tns listener verbose output 2014-07-03 16:20:38 +02:00
jvazquez-r7 5e0211016d Merge to solve conflicts 2014-07-03 09:16:04 -05:00
Christian Mehlmauer 071f236946
Changed check method 2014-07-02 22:31:02 +02:00
Christian Mehlmauer a58ff816c5
Changed check method 2014-07-02 22:29:00 +02:00
sinn3r 90df0f1bb5
Land #3489 - Add verbosity to Jenkins Enum 2014-07-02 14:40:25 -05:00
sinn3r ecba95644d
Land #3473 - skype post module to extract password hash 2014-07-02 14:34:10 -05:00
Michael Messner e5b441314c removed wrong edit ... 2014-07-02 21:33:49 +02:00
Michael Messner 8f55af5f9d UPnP check included 2014-07-02 21:28:39 +02:00
Michael Messner ac2e84bfd6 check included 2014-07-02 21:24:50 +02:00
Rob Fuller c6675a2900 Add verbosity to Jenkins Enum 2014-07-02 13:25:18 -04:00