infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,340 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

24340 Commits (e774411b63768796d63050b7c6254433399c1d55)

Author SHA1 Message Date
Meatballs e774411b63
Revert Enum removal 
.NET 4.5 has two constructors with 2 args so this becomes ambiguous
 2014-04-23 02:06:14 +01:00
Meatballs d2e8e07cfe
Fix old powershell generation 2014-04-23 01:58:02 +01:00
Meatballs dd38a81dfc
Fix a @parma 2014-04-23 01:10:13 +01:00
Meatballs 647936e291
Add more yarddoc to Rex::Exploitation::Powershell 
encode_code doesn't use eof
no need to unicode encode in gzip as this is handled by encode_code
 2014-04-23 01:07:54 +01:00
Meatballs 88fe619c48
Yarddoc exploit::powershell 2014-04-23 00:15:55 +01:00
Meatballs 86cfecdd95
Shave some chars off compression code 2014-04-22 14:52:30 +01:00
Meatballs 4c66e86f73
Dont add extra space in args 2014-04-22 14:44:01 +01:00
Meatballs 354311d191
No need to out-null if no windows is shown 2014-04-22 14:42:03 +01:00
Meatballs cec12edd99
Use enum integer values 2014-04-22 14:40:32 +01:00
Meatballs 71b43d392b
Dont need to specify ASCII mode 2014-04-22 14:36:02 +01:00
Meatballs d73854ff17
Fix wmi and add automatic target 2014-04-22 14:28:27 +01:00
Meatballs 5d9bc71e97
Update hp_dataprotector 2014-04-19 19:16:17 +01:00
Meatballs 3019cb99c1
Update cmd_upgrade module 2014-04-19 19:13:48 +01:00
Meatballs 00234aeec3
Remove powershell remoting 2014-04-19 19:03:18 +01:00
Meatballs 0f942d8c3d
Still :shorten command args 2014-04-19 18:58:26 +01:00
Meatballs c936dc963c
Shorten compression 2014-04-19 18:55:45 +01:00
Meatballs 270b4b9728
Catch first arg with shorten 2014-04-19 18:54:42 +01:00
Meatballs 67f44072ca
Merge remote-tracking branch 'upstream/master' into pr2075 2014-04-19 18:45:55 +01:00
Meatballs1 ad414b7458 Merge pull request #47 from sempervictus/merge_psh_0414 
Merge psh 0414
 2014-04-22 13:07:09 +01:00
William Vu 284b474591
Land #3286, release fixes 2014-04-21 14:03:00 -05:00
Tod Beardsley e514ff3607
Description and print_status fixes for release 
@cdoughty-r7, I choose you! Or @wvu-r7.
 2014-04-21 14:00:03 -05:00
William Vu 1faf069130
Land #3284, deprecated module cleanup 2014-04-20 23:10:55 -05:00
James Lee ee413ac385
Remove previously deprecated modules 2014-04-20 22:15:44 -05:00
Brandon Turner fda6ed39f2
Land #3278, use renamed bcrypt gem instead of bcrypt-ruby 2014-04-18 16:33:51 -05:00
Tod Beardsley af19efbd71
Use the new bcrypt gem, not bcrypt-ruby 
See the change upstream at:

273946f2ba

Reported by @ZeroChaos
 2014-04-18 15:02:42 -05:00
William Vu 7d801e3acc
Land #3200, goodbye LORCON modules :( 2014-04-18 12:32:22 -05:00
sinn3r 32293dfdab
Land #3277 - Be very clear about Redmine's existence 2014-04-18 10:31:16 -05:00
Tod Beardsley fe86886c29
Be very clear about Redmine's existence. 2014-04-18 10:01:54 -05:00
jvazquez-r7 c4d4af031c
Land #3276, @todb-r7's "make msftidy happy"'s fix 2014-04-18 09:54:52 -05:00
jvazquez-r7 5083143971
Land #3238, @Zinterax's timeout addition in openssl_heartbleed 2014-04-18 09:28:04 -05:00
Tod Beardsley 2a729c84f6
Fix disclosure date 2014-04-18 09:27:41 -05:00
jvazquez-r7 8a011ec9f6
Land #3197, @0x3fcoma's module for CVE-2013-5795 and CVE-2013-5880 2014-04-18 08:58:54 -05:00
jvazquez-r7 f3299e3ced Do minor code cleanup 2014-04-18 08:58:11 -05:00
Zinterax c68b7aa18f Merge pull request #1 from jvazquez-r7/review_3238 
Clean timeout handling code
 2014-04-18 09:50:33 -04:00
jvazquez-r7 2366f77226 Clean timeout handling code 2014-04-18 08:16:28 -05:00
Zinterax e38f4cbfa0 Apply response_timeout to get_once, code cleanup 
Add response_timeout to get_once

Change timeout output in establish_connect()

Add disconnect ater timeout output

Made establish_connect timeout check more readable
 2014-04-18 07:57:33 -04:00
Zinterax fab091ca88 Fix Action => DUMP 
Fix for when Action is set to DUMP. Modifed the check to use action.name.

Console output:

msf auxiliary(openssl_heartbleed) > set action DUMP
action => DUMP
msf auxiliary(openssl_heartbleed) > run

[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Heartbeat data stored in /root/.msf4/loot/20140418070745_default_192.168.1.3_openssl.heartble_135938.bin
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
 2014-04-18 07:08:12 -04:00
Zinterax 1cf1616341 Rebase. Add timeout option support 
Rebase to account for the KEYS merge.

Modify bleed() to work with timeout option.

Modify establish_connect() to work with timeout option.

Modify loot_and_report() to work with timeout option.

---Test Console Output---

Client Hello Timeout:

msf auxiliary(openssl_heartbleed) > run

[*] 127.0.0.1:443 - Sending Client Hello...
[-] 127.0.0.1:443 - No Client Hello response after 10 seconds...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Patched Apache:

msf auxiliary(openssl_heartbleed) > run

[*] 127.0.0.1:443 - Sending Client Hello...
[*] 127.0.0.1:443 - Sending Heartbeat...
[-] 127.0.0.1:443 - No Heartbeat response...
[-] 127.0.0.1:443 - Looks like there isn't leaked information...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Vulnerable Server:

msf auxiliary(openssl_heartbleed) > run

[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
 2014-04-18 07:04:05 -04:00
Zinterax 021ac53911 remove me 2014-04-18 07:03:36 -04:00
Christian Mehlmauer bbed9f4c66
Land #3274, @jjarmoc heartbleed private key extraction 2014-04-18 06:59:10 +02:00
jvazquez-r7 b0e4648d66
Land #2895, @dukebarman's exploit for Flash CVE-2013-0634 2014-04-17 23:35:05 -05:00
jvazquez-r7 acb12a8bef Beautify and fix both ruby an AS 2014-04-17 23:32:29 -05:00
RageLtMan 9f05760c50 Merge with Meatballs' initial changes 
Clean up arch detection code and dedup Msf/Rex
Reduce generated payload size
 2014-04-18 00:28:48 -04:00
RageLtMan 5c3289bbc6 merge fix 2014-04-17 21:26:04 -04:00
Jeff Jarmoc 94618455b7 Merge pull request #1 from todb-r7/land-3274-rsa-keydump 
Deconflict after #3252
 2014-04-17 18:53:42 -05:00
Tod Beardsley 845108acf6
Looks like an autocorrect ran wild on TLS_CALLBACK 
Whoops.
 2014-04-17 17:47:47 -05:00
Tod Beardsley 2aa2cb17f3
Reimplement a check. 2014-04-17 17:10:54 -05:00
Tod Beardsley d40ab039e4
Clean up whitespace. Protip: use commit hooks 2014-04-17 16:28:07 -05:00
Tod Beardsley c34d548e50
First, undo #3252. Sorry about that. 
undo #3252 completely. This means a reimplementation of @dchan's work,
but his intent was simply to implement a check_host() that doesn't
actually pull memory, so that should be pretty straight forward with the
new structure of the module.
 2014-04-17 16:25:15 -05:00
Jeff Jarmoc e3daf6daf7 Singular 'TLS_CALLBACK' option 2014-04-17 15:51:37 -05:00