infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
47,663 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

8405 Commits (d9e94f94dc08c96d1dfe7e85b4e8934659002fb5)

Author SHA1 Message Date
Spencer McIntyre 28d15a113f Add the secretsdump impacket module and docs 2018-05-27 17:09:59 -04:00
Spencer McIntyre 9fab2316c5 Add the wmiexec impacket module and documentation 2018-05-27 16:24:56 -04:00
Spencer McIntyre c85cc9ad9e Refactor SOCKS5 TcpRelay and add packet tests 2018-05-26 13:46:00 -04:00
Spencer McIntyre 49341fc87d Add credential authentication support to socks5 2018-05-25 20:14:03 -04:00
Spencer McIntyre 9b5ae34896 Drop udp associate support and cleanup logging 2018-05-25 20:14:03 -04:00
Spencer McIntyre 6859856101 Refactor the socks5 code into multiple files 2018-05-25 20:14:03 -04:00
Spencer McIntyre 04bec0bdf0 Progress on the socks5 proxy module 2018-05-25 20:14:02 -04:00
Ege Balcı 3ab7526786
Name & description Change 
Exploit::CheckCode changed to Unknown as suggested.
 2018-05-25 20:22:51 +03:00
rmdavy affa0bdc6f
Minor Update 
Removed Unused Comment
 2018-05-24 13:45:08 +01:00
rmdavy 7143f04ea7
Add files via upload 
Updated to use recommended method of creating zip files
 2018-05-24 09:53:53 +01:00
rmdavy 04a27e0221
Delete thumbnail.png 
Moved folder location
 2018-05-24 09:37:45 +01:00
rmdavy 81c4e9f7b9
Delete styles.xml 
Moved folder location
 2018-05-24 09:37:31 +01:00
rmdavy 73bfe1c9ab
Delete settings.xml 
Moved folder location
 2018-05-24 09:37:18 +01:00
rmdavy 247904746c
Delete meta.xml 
Moved folder location
 2018-05-24 09:37:04 +01:00
rmdavy f9bda873d2
Delete manifest.xml 
Moved folder location
 2018-05-24 09:36:55 +01:00
rmdavy 5002eae655
Delete manifest.rdf 
Moved folder location
 2018-05-24 09:36:45 +01:00
rmdavy 02afeb3e29
Delete content.xml 
Moved folder location
 2018-05-24 09:36:35 +01:00
Brent Cook 86a5b951aa
Land #9990, add SOCKS5 proxy support 2018-05-23 17:31:09 -05:00
Jan Rude 567e2dbc7e
Update telpho10_credential_dump.rb 
Current version still vulnerable, developer ignores mails. It seems like this is going to be a 'won´t fix'
 2018-05-23 09:32:41 +02:00
Aaron Soto 72efe66403
Refactored for better logging, IPv6 support, and prep for auth 2018-05-22 18:57:00 -05:00
James Barnett 0472b9df3f
Land #10024, Fix find_or_create_* methods for remote data service 
This PR updates the find_or_create_* methods associated with each model to
no longer just proxy to the report_* model. It now performs a lookup through
the DataProxy and returns the found object if it exists, or creates a new
record if needed.
 2018-05-22 17:08:46 -05:00
Matthew Kienow 4ecc1ff551
Modify loots, notes and services search methods 
Modify loots and services method signatures. Remove workspace as a
positional argument, move into opts hash argument and update callers.
Made host search for these models more uniform. Update find_or_create
methods to handle difference in opts between find and report
operations.
 2018-05-21 17:37:51 -04:00
rmdavy ef229111c8
Delete readme.txt 2018-05-19 16:58:45 +01:00
rmdavy 5d3c95e51b
Create badodt 2018-05-19 16:58:14 +01:00
rmdavy a0d8f70dee
Create readme.txt 2018-05-19 16:57:40 +01:00
rmdavy 077a7c7c9e
Delete test.txt 2018-05-19 16:57:07 +01:00
rmdavy 018a8a3060
Create test.txt 2018-05-19 16:56:49 +01:00
rmdavy 622bc272fb
Delete odt 2018-05-19 16:56:30 +01:00
rmdavy b293ddfe5d
Create odt 2018-05-19 16:56:10 +01:00
Brent Cook 7af7587519
Land #9999, Optionally test empty group in cisco_ssl_vpn 2018-05-18 10:57:15 -05:00
Aaron Soto c35c8e9c75
Update module name, per a good catch by @bcook 2018-05-16 13:55:45 -05:00
Jacob Robles 999b895735
Land #9816, Add the scanner/smb/impacket/dcomexec module 2018-05-16 07:15:32 -05:00
Jacob Robles cc0fdee788
EmptyGroup advanced option, just in case... 2018-05-10 09:57:50 -05:00
Jacob Robles 79a0610436
remove empty group 2018-05-09 11:11:03 -05:00
Brent Cook a4ecd43a8f remove unused constants 2018-05-07 00:24:38 -05:00
Jacob Robles 534d05ff44 simpleclient versions option 2018-05-07 00:24:38 -05:00
Jacob Robles ff202a5f5b Simpleclient/SMB2 support 2018-05-07 00:24:38 -05:00
Aaron Soto 2cd0d3d90a
Rudamentary SOCKS5 functionality, CONNECT, IPv4, non-DNS only 2018-05-04 14:44:03 -05:00
Auxilus d29bc920c1 print o/p to new line 2018-04-27 20:58:25 +05:30
Auxilus 912970ad3b change vprint to print for printing o/p in psexec_command 2018-04-27 20:47:21 +05:30
Auxilus 0374de5e0d change vprint to print for printing o/p 2018-04-27 10:49:04 +05:30
Auxilus 25cf8d175a report command execution o/p 2018-04-27 08:43:30 +05:30
Auxilus 382a7f8aa3 Merge https://github.com/rapid7/metasploit-framework into psexec_cleanup 2018-04-25 09:09:48 +05:30
Auxilus cbfdaf23a0 updated for requested changes 2018-04-25 08:56:54 +05:30
Auxilus 3353102dc1 fix opt dependencies 2018-04-24 21:55:09 +05:30
Wei Chen f9a804e7d8
Bring the PR up to date 2018-04-23 08:52:05 -05:00
Auxilus f0b9ea635a cleanup psexec code 2018-04-16 09:04:36 +05:30
Adam Cammack 2a6acfd1d0
Land #9823, Private IP leak via WebRTC 2018-04-11 17:37:56 -05:00
Brendan Coles 154951cd37
minor update 2018-04-11 01:45:41 +10:00
Dhiraj Mishra 8be159bdc7
Fixing space-tab mixed 2018-04-10 20:45:38 +05:30
Dhiraj Mishra 7cbba34c83
Parsing IP address only 
Changed title name and description, however few things still needs to fix.
 2018-04-10 20:32:52 +05:30
Dhiraj Mishra 201cdfb189
Handling execption by MSFTIDY 2018-04-06 22:54:21 +05:30
Dhiraj Mishra 4e6afd49ed
Update browser_getprivateip.rb 2018-04-06 21:10:29 +05:30
Dhiraj Mishra f6cfcefbae
Some tweaks suggested by bcoles. 2018-04-06 17:44:43 +05:30
Dhiraj Mishra 582eb2e61c
Create browser_getprivateip.rb 2018-04-06 14:42:57 +05:30
Spencer McIntyre 0a3bcf570c Add the scanner/smb/impacket/dcomexec module 2018-04-04 17:34:41 -04:00
Jon Hart 63aabc00f1
etcd rubocop style 2018-04-04 11:01:38 -07:00
Jon Hart a8c76638d3
Rename 2018-04-04 10:54:20 -07:00
Jon Hart 518e17118a
Add DisclosureDate 2018-04-04 10:52:47 -07:00
Jon Hart a6c31aceb2
Refactor common etc capabilities; add separate version scanner 2018-04-04 10:48:27 -07:00
Brent Cook bd3c00dfd0
Land #9726, add simple Rex::Tar wrapper for consistency with other archive types 2018-04-02 23:35:22 -05:00
Brent Cook 226ef160ff
Land #9748, Convert the smbloris DoS into an external module 
Help reliability and performance. This some Ruby-specific external module
tooling as a result as well.
 2018-04-02 23:25:10 -05:00
Brent Cook fa34f3e0a4
Land #9718, Add get_user_spns 'kerberoasting' module 2018-04-02 10:04:44 -05:00
Brent Cook 3a54f0d5f8
Land #9776, if data is nil, stop reading the heartbleed socket 2018-03-29 11:23:08 -05:00
Jon Hart a1e83ce835
Land #9760, @h00die's etcd scanner 2018-03-28 10:41:22 -07:00
Jon Hart 5cdfadd0df
Fix more style issues 2018-03-28 09:43:30 -07:00
Jon Hart 7767505678
Fix some style issues 2018-03-28 09:43:22 -07:00
h00die c97743925f jhart suggestions 2018-03-27 18:46:31 -04:00
Jeffrey Martin 288bd28d3a
if data is nil stop reading the heartbleed socket 2018-03-27 15:51:14 -05:00
William Vu 1f31bcd26f Update telpho10_credential_dump 2018-03-27 14:57:57 -05:00
William Vu 862a3ff74d
Land #9618, pipe auditing improvements 2018-03-26 17:01:48 -05:00
h00die 327b2176c0 change and 2018-03-26 17:35:58 -04:00
Andrew Morris 217dea60fc
Update blog link to up-to-date blog post 2018-03-26 15:43:10 -04:00
h00die e462cb49a2 updated docs 2018-03-25 14:53:30 -04:00
h00die d739a9a057 working etcd scanner 2018-03-25 13:54:55 -04:00
Adam Cammack 5ece14b064
Convert SMBLoris to an external module 2018-03-23 14:55:18 -05:00
William Vu 09cb4a52df Update smb_ms17_010 scanner with PipeAuditor mixin 2018-03-22 15:37:45 -05:00
William Vu e4c026fffd Update pipe_auditor module with PipeAuditor mixin 2018-03-22 15:37:45 -05:00
Jacob Robles 8d0e3ada74
Change option names and module type 2018-03-21 06:49:50 -05:00
Jacob Robles fc9005df8a
Add External License Support 2018-03-21 06:26:25 -05:00
Jacob Robles 8d12118d1f
Add get_user_spns external module and documentation 2018-03-21 06:26:15 -05:00
Jacob Robles ca7caae622
Change External Module Type Names 
Change the a couple of external module type names
to be consistent with the template files.
 2018-03-20 10:19:57 -05:00
Brent Cook 44d5022380
Land #9529, Add module for HP iLO CVE-2017-12542 authentication bypass 2018-03-16 16:50:54 -05:00
Brent Cook d1722d507b handle reset from the target on exploit 2018-03-16 16:46:50 -05:00
Brent Cook 65ae1e33e1
Land #9694, move ssh platforms to lib 2018-03-16 12:49:57 -05:00
Jacob Robles 1b2f1ced02
Land #8422, Typo3 News Module Sql Injection exploit 2018-03-15 10:55:04 -05:00
Jacob Robles ba0d990273
Documentation added and Error Checks 2018-03-15 10:46:08 -05:00
Jacob Robles 9e23997c3d
Added Error Handling 2018-03-14 08:16:17 -05:00
Jacob Robles 1d51cf6d24
Implement Suggested Changes 2018-03-14 06:15:49 -05:00
Jacob Robles 64a51c1bd7
Save Credentials and IP 2018-03-13 08:47:08 -05:00
h00die 97dbc1273a copy pasta 2018-03-12 20:14:08 -04:00
Brent Cook 1587b5b682
Land #9686, add ipv6 to slowloris, rhost to non-scanner modules 2018-03-12 16:13:21 -05:00
Auxilus ef515d256d msftidy fixes 2018-03-13 00:34:25 +05:30
Auxilus 2c52498d4a
Update smb_ms17_010.rb 2018-03-13 00:28:37 +05:30
Auxilus 6e9a4916f5 scanner update 2018-03-13 00:23:18 +05:30
Ege Balcı 2950c84660
Better code. 
Added check function.
Smaller & cleaner code.
 2018-03-12 20:33:46 +03:00
Brent Cook d86dcbc237
Land #9632, owa_login and auth_brute enhancements 2018-03-12 10:31:20 -05:00
Mzack9999 5ee50c5fab
Username and password reported as credentials 2018-03-12 07:01:03 -05:00
Mzack9999 3d6af4c7ee
Removed mail from author section 2018-03-12 07:01:03 -05:00
Mzack9999 b0ed8c4702
code cleanup 2018-03-12 07:01:03 -05:00
Mzack9999 7b781d53c9
Small code refactoring, added verbose output 2018-03-12 07:01:03 -05:00
Mzack9999 fe89e2d391
Corrected check method, warning in case of absence of news and TARGETURI parameter 2018-03-12 07:01:03 -05:00
Mzack9999 f09d9a8994
Solved msftidy.rb issues 2018-03-12 07:01:02 -05:00
Mzack9999 dbba27cc97
Fixed minor issues and added automatic detection of Patten1/Pattern2 2018-03-12 07:01:02 -05:00
Mzack9999 63444a2c43
Corrected wrong label in password hash message 2018-03-12 07:01:02 -05:00
Mzack9999 4a40f40c14
Typo3 News Module Sql Injection exploit 2018-03-12 07:00:45 -05:00
Ege Balcı 420905137b
CVA added. 2018-03-12 08:42:28 +03:00
Ege Balcı d71b6bdf0d
Update syncbreeze_enterprise_dos.rb 
msftidy.rb adjustment.
 2018-03-11 23:27:46 +03:00
Ege Balcı 0e4e260a02
Adding Sync Breeze Enterprise 10.6.24 DOS 
This module triggers a Denial of Service vulnerability in the Sync Breeze Enterprise HTTP server. Vulnerable version of the product can be downloaded here (http://www.syncbreeze.com/setups/syncbreezeent_setup_v10.6.24.exe). After installing the software web server should be enabled via Options->Server->Enable web server on port. Module triggers a user space write access violation on syncbrs.exe memory region. Number of requests that will crash the server changes between 200-1000 depending on the OS version and system memory.
 2018-03-11 23:07:50 +03:00
Jacob Robles 615f6b02af
varnish no auth file read 2018-03-09 11:25:13 -06:00
Jacob Robles 1fd0087a97
Land #7654, varnish file read 2018-03-09 10:59:04 -06:00
Jacob Robles a458cb9ebc
varnish file read msftidy fixes 2018-03-09 10:56:52 -06:00
Jacob Robles 037559023a
Update connect/disconnect varnish 
[ticket: #7654]
 2018-03-09 10:37:14 -06:00
Jacob Robles ea78e21961
Documentation accuracy 2018-03-09 07:43:12 -06:00
Auxilus 9df99e8ce3
Update smb_ms17_010.rb 2018-03-09 16:10:20 +05:30
Auxilus 56fe70d84b
Update smb_ms17_010.rb 2018-03-09 16:07:09 +05:30
h00die ec7a62bc4c move ssh platforms to lib 2018-03-08 21:23:11 -05:00
Auxilus 478f01d0d9 fix format 2018-03-09 02:25:58 +05:30
Adam Cammack 9a8f1ace2d
Add slowloris support for IPv6 and hostnames 
Replace manual socket creation with `socket.create_connection` to get
auto-detection goodness.
 2018-03-07 17:06:04 -06:00
Jacob Robles 5a2f197c47
Remove redundant RPORT 2018-03-07 14:41:51 -06:00
Fab e8a227b1a6 Changes as requested by jhart-r7: 
- Default Username / Password are now random
- Doc fixed
- REST typo fixed
 2018-03-07 10:48:05 +01:00
Jon Hart a69c2e29d2
Correct comment 2018-03-06 18:16:22 -08:00
Jon Hart 1e04fa009f
Fix style 2018-03-06 18:13:50 -08:00
Jon Hart 74ec9f00e7
Add WIP memcached UDP version scanner 2018-03-06 17:54:00 -08:00
Jon Hart e72372d6d8
Add disclosure date and correct CVE for memcached amp 2018-03-06 16:04:00 -08:00
Brent Cook d6871f5733
Land #9614, Juniper post enum module 2018-03-06 10:29:56 -06:00
Jacob Robles f6ebce2440
Update User List 2018-03-06 06:38:06 -06:00
Jacob Robles 5fde6bf5d3
Update Code 2018-03-05 22:39:16 -06:00
Jon Hart f2de2a7f21
Appease most of rubocop's concerns 2018-03-04 07:17:25 -08:00
Jon Hart 2edb2dd8d0
Add CVE; clarify vuln name 2018-03-04 07:13:28 -08:00
Jon Hart e7a7b557bc
Randomize and doc memcached stats probe; catch multi-packet responses 2018-03-01 16:56:34 -08:00
Jon Hart 155f45fc28
Simplify memcached amplification scanner to use UDPScanner for most of the work 2018-03-01 15:37:23 -08:00
Jon Hart 9e1a7c869c
Use drdos mixin for memcached amp module 2018-02-27 22:51:27 -08:00
xistence 05c99ffb5c Add Memcached amplification scanner 2018-02-28 11:24:17 +07:00
Jacob Robles a344ffadd8
Modified Code, Added additional check 2018-02-26 07:29:08 -06:00
Jacob Robles 4e4aeb7b4d
Add GitStack v2.3.10 Unauth REST API Aux Module 2018-02-26 06:04:38 -06:00
Auxilus a1587bcd68
Update smb_ms17_010.rb 2018-02-24 09:05:35 +05:30
Auxilus 46af6239df
Update smb_ms17_010.rb 2018-02-24 08:50:39 +05:30
Auxilus 9bae6246b2
Check for accessible named pipe on vuln targets 
```
msf5 auxiliary(scanner/smb/smb_ms17_010) > run

[+] 192.168.0.2:445       - Host is likely VULNERABLE to MS17-010! - Windows 7 Ultimate 7601 Service Pack 1 x64 (64-bit)
[*] 192.168.0.2:445       - Checking for accessible named pipes
[+] 192.168.0.2:445       - Found accessible named pipe: netlogon
[+] 192.168.0.2:445       - Found accessible named pipe: lsarpc
[+] 192.168.0.2:445       - Found accessible named pipe: samr
[+] 192.168.0.2:445       - Found accessible named pipe: browser
[+] 192.168.0.2:445       - Found accessible named pipe: atsvc
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
 2018-02-24 03:20:34 +05:30
James Barnett 133b34827f
Fix false+ login in a few more places 2018-02-23 13:16:41 -06:00
h00die c7bbc6eca4 juniper post enum module 2018-02-22 21:08:21 -05:00
James Barnett 5815b626d9
Dont save email addresses as valid 
Also add module doc for owa_login module
 2018-02-22 14:58:11 -06:00
James Barnett e531dbc976
Fix bug causing all logins to appear valid 
The headers we were looking for were a little too loose
and were incorrectly identifying all responses as successful
login attempts
 2018-02-22 11:25:35 -06:00
Jacob Robles 738d6ab33a
Land #9604, Fix logged errors when running without Python 3.6 / gmpy2 2018-02-22 08:11:30 -06:00
Brent Cook 7e665ab287 check for extra libraries explicitly, fail gracefully 2018-02-21 21:54:58 -06:00
William Vu 3880f6a65e Finally fix "Unknown admin user ''" after 2yrs 
The failed password auth was necessary after all. I misread the PoC. :'(

Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
 2018-02-21 20:44:35 -06:00
William Vu cc2495dd9c Explain fortinet-backdoor -> FortinetBackdoor 2018-02-21 17:05:30 -06:00
William Vu a5d78b82d4 Add require for Net::SSH::CommandStream 2018-02-21 15:51:53 -06:00
William Vu 854ac67b8e Use start_session in fortinet_backdoor 
Still get "Unknown admin user ''" from a shell channel request,
@busterb's more complete implementation notwithstanding.

Hoping we fix this in a subsequent commit or related PR.

Please see #6612 and #9524.
 2018-02-21 15:33:34 -06:00
Brent Cook 78822fd799
Land #9524, prefer 'shell' channels over 'exec' channels for ssh CommandStream 2018-02-21 06:59:09 -06:00