Commit Graph

5908 Commits (d8818fc268fa53bf1e9708120547d24267778074)

Author SHA1 Message Date
Joshua Drake d8818fc268 execute xp_cmdshell from master explicitly
git-svn-id: file:///home/svn/framework3/trunk@8720 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 23:55:04 +00:00
Tod Beardsley a5e187bd69 Add the ability to slow down brute force sessions.
git-svn-id: file:///home/svn/framework3/trunk@8719 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 23:29:26 +00:00
Joshua Drake d370ab62c6 don't wait for shell.run to finish
git-svn-id: file:///home/svn/framework3/trunk@8718 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 22:33:16 +00:00
Joshua Drake 8a2382ed1a don't wait for shell.run to finish
git-svn-id: file:///home/svn/framework3/trunk@8717 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 22:32:46 +00:00
Joshua Drake 1629bf7bf0 move http_send_cmd into cmdweb test exploit
git-svn-id: file:///home/svn/framework3/trunk@8716 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 21:00:58 +00:00
Joshua Drake 0ed5fc1af1 change VERBOSE option from OptString to OptBool
git-svn-id: file:///home/svn/framework3/trunk@8715 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 20:59:49 +00:00
Stephen Fewer a44358df67 Simple fix for #1013 and the migration permission error message.
git-svn-id: file:///home/svn/framework3/trunk@8714 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 19:31:36 +00:00
Joshua Drake 0900314a15 redirect requests without subdirectories
git-svn-id: file:///home/svn/framework3/trunk@8713 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 18:28:05 +00:00
Joshua Drake 4bd857b53e add exploit module for cve-2008-3558
git-svn-id: file:///home/svn/framework3/trunk@8712 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 17:41:26 +00:00
James Lee bf2a64b3ac use new argument list for get_host
git-svn-id: file:///home/svn/framework3/trunk@8711 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 07:59:55 +00:00
James Lee c2612548c5 fix get_host, was breaking browser_autopwn, see #976
git-svn-id: file:///home/svn/framework3/trunk@8710 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 07:58:47 +00:00
James Lee 602395ead0 don't set the language if we don't have one
git-svn-id: file:///home/svn/framework3/trunk@8709 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 07:38:52 +00:00
James Lee 4f08e6fd25 treat the database as write-only and use the (improved) target cache, fixes 986
git-svn-id: file:///home/svn/framework3/trunk@8708 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 07:37:58 +00:00
James Lee f40a9a5c4b new ie fingerprint
git-svn-id: file:///home/svn/framework3/trunk@8707 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 07:17:10 +00:00
James Lee 37159d6b41 move this up so all database drivers have a bigger pool, see #976
git-svn-id: file:///home/svn/framework3/trunk@8706 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 07:10:20 +00:00
Joshua Drake e8f22a7136 add exploit module for cve-2008-3878
git-svn-id: file:///home/svn/framework3/trunk@8705 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 06:19:37 +00:00
James Lee dea2ba3420 try a little harder not to break things by making sure there's a space in front of comments before removing them
git-svn-id: file:///home/svn/framework3/trunk@8704 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 03:20:52 +00:00
Joshua Drake 5aebed8fe7 add exploit module for cve-2008-5002
git-svn-id: file:///home/svn/framework3/trunk@8703 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 21:17:31 +00:00
James Lee 506fdb63ff remove comments after obfuscating strings so things like 'http://example.com' in a string doesn't get mangled. will still have problems with a string like that and no string obfu
git-svn-id: file:///home/svn/framework3/trunk@8702 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 20:51:29 +00:00
James Lee b70b17b42a don't use undefined variables.
git-svn-id: file:///home/svn/framework3/trunk@8701 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 19:51:05 +00:00
James Lee 7392de4d3d don't use undefined variables.
git-svn-id: file:///home/svn/framework3/trunk@8700 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 19:50:22 +00:00
James Lee 7d348c3593 honor the SSL option in HttpServer, fixes #1001
git-svn-id: file:///home/svn/framework3/trunk@8699 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 18:47:04 +00:00
Joshua Drake fb5906385d add exploit module for cve-2009-1534
git-svn-id: file:///home/svn/framework3/trunk@8698 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 18:12:37 +00:00
Joshua Drake 9148068acc pass unlink_now flag to close for Tempfile instances
git-svn-id: file:///home/svn/framework3/trunk@8697 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 04:58:12 +00:00
Joshua Drake d86575701d added CVE, KB references
git-svn-id: file:///home/svn/framework3/trunk@8696 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 03:20:58 +00:00
James Lee 467a7a5f3e merge mubix's patch to allow importing a simple list of ip addresses from a file, closes #999
git-svn-id: file:///home/svn/framework3/trunk@8695 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 00:34:16 +00:00
James Lee c07b47b30b explicitly rescue timeouts since they inherit from ::Interrupt on ruby 1.8
git-svn-id: file:///home/svn/framework3/trunk@8694 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 23:08:05 +00:00
Tod Beardsley 7d3ac25586 Adds Citrix-ICA to the UDP sweep discovery module.
git-svn-id: file:///home/svn/framework3/trunk@8693 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 18:48:28 +00:00
Joshua Drake 7a37934a01 process autorun scripts for telnet_login and ssh_login
1. create session.process_autoruns in Msf::Sessions::CommandShell
2. call process_autoruns from within the handler on_session code
4. set user_input and user_output in sessions base set_from_exploit method
5. remove on_session from Msf::Sessions::CommandShellOptions
6. include CommandShellOptions into telnet_login and ssh_login
7. call sess.process_autoruns from telnet_login and ssh_login
8. celebrate (while crossing fingers of course)!

git-svn-id: file:///home/svn/framework3/trunk@8692 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 18:07:50 +00:00
Tod Beardsley 09a669875c Bumping the minimum version of MySQL to try back to 4.1.20, no problems seen
on that build.



git-svn-id: file:///home/svn/framework3/trunk@8691 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 16:52:22 +00:00
James Lee 15b13d2472 make string obfuscation produce correct code more often (should be 100% now, but no guarantees). stops doing hex-encoding (more hassle than it's worth) and adds random split/concats (jduck's idea)
git-svn-id: file:///home/svn/framework3/trunk@8690 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 14:36:09 +00:00
James Lee 76745eed81 bump the connection pool up to 30 for sqlite; see #976. Not closing the bug, since I don't know how this will work in the long term
git-svn-id: file:///home/svn/framework3/trunk@8689 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 14:27:36 +00:00
Steve Tornio 074b4ada44 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8688 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 12:23:17 +00:00
James Lee b16a08c4cd whitespace
git-svn-id: file:///home/svn/framework3/trunk@8687 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 11:10:23 +00:00
Joshua Drake 4b59410507 rename module per ms bulletin
git-svn-id: file:///home/svn/framework3/trunk@8686 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 07:50:25 +00:00
Joshua Drake d0153225a0 add exploit module for cve-2009-1612
git-svn-id: file:///home/svn/framework3/trunk@8685 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 02:26:55 +00:00
Joshua Drake e7a9391a76 minor tweaks, no functional changes
git-svn-id: file:///home/svn/framework3/trunk@8684 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 02:26:08 +00:00
Carlos Perez 5f0e0916f3 Improved Pidging Meterpreter Script by Ryan Hayward
git-svn-id: file:///home/svn/framework3/trunk@8683 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 01:54:14 +00:00
Joshua Drake cc9113397c add exploit for IE Windows Help vulnerability
git-svn-id: file:///home/svn/framework3/trunk@8682 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 23:14:20 +00:00
Tod Beardsley 453451a26d Check the version number of the remote MySQL server before attempting
to log in. Sadly, the library we're using right now doesn't know
how to correctly negotiate 4.x and 3.x versions of MySQL. Until that
gets resolved (by writing a new library for these old versions), 
this will at least prevent false positives/negatives from getting
reported.



git-svn-id: file:///home/svn/framework3/trunk@8681 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 22:56:00 +00:00
Tod Beardsley e2af2f9ab9 Again.
git-svn-id: file:///home/svn/framework3/trunk@8680 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 20:20:37 +00:00
Tod Beardsley e1a02d602d Fixing up the tomcat login scanner.
git-svn-id: file:///home/svn/framework3/trunk@8679 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 20:20:20 +00:00
Joshua Drake e80df81350 correct the CVE reference
git-svn-id: file:///home/svn/framework3/trunk@8678 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 19:47:13 +00:00
Joshua Drake cc891bce80 whitespace cleanups
git-svn-id: file:///home/svn/framework3/trunk@8677 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 15:13:04 +00:00
HD Moore ac517fafea Remove the db dependency from Meterpreter scripts
git-svn-id: file:///home/svn/framework3/trunk@8676 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-28 19:29:43 +00:00
Tod Beardsley 341f4a258d Removing net-ssh's ability to write to your known_hosts file. Some day, make this an optional behavior, but for now, turn that rudeness off.
git-svn-id: file:///home/svn/framework3/trunk@8675 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 22:45:58 +00:00
James Lee 3b59bc7cfc use the same option names for user/pass
git-svn-id: file:///home/svn/framework3/trunk@8674 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 22:14:58 +00:00
HD Moore e4ec13eec2 Store the path in the path
git-svn-id: file:///home/svn/framework3/trunk@8673 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 22:13:20 +00:00
James Lee cded6cc59d log all output from sessions when reading from rpc
git-svn-id: file:///home/svn/framework3/trunk@8672 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 21:55:30 +00:00
HD Moore df415fd636 Fix workspace.loots
git-svn-id: file:///home/svn/framework3/trunk@8671 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 21:48:16 +00:00