infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,340 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

3584 Commits (e774411b63768796d63050b7c6254433399c1d55)

Author SHA1 Message Date
Meatballs 647936e291
Add more yarddoc to Rex::Exploitation::Powershell 
encode_code doesn't use eof
no need to unicode encode in gzip as this is handled by encode_code
 2014-04-23 01:07:54 +01:00
Meatballs 88fe619c48
Yarddoc exploit::powershell 2014-04-23 00:15:55 +01:00
Meatballs 4c66e86f73
Dont add extra space in args 2014-04-22 14:44:01 +01:00
Meatballs 0f942d8c3d
Still :shorten command args 2014-04-19 18:58:26 +01:00
Meatballs 270b4b9728
Catch first arg with shorten 2014-04-19 18:54:42 +01:00
Meatballs 67f44072ca
Merge remote-tracking branch 'upstream/master' into pr2075 2014-04-19 18:45:55 +01:00
William Vu 7d801e3acc
Land #3200, goodbye LORCON modules :( 2014-04-18 12:32:22 -05:00
RageLtMan 9f05760c50 Merge with Meatballs' initial changes 
Clean up arch detection code and dedup Msf/Rex
Reduce generated payload size
 2014-04-18 00:28:48 -04:00
RageLtMan 5c3289bbc6 merge fix 2014-04-17 21:26:04 -04:00
sinn3r 7a4e12976c
First little bit at Bug 8498 
[FixRM #8489] rhost/rport modification
 2014-04-15 18:20:16 -05:00
Meatballs 38d8df4040
Merge remote-tracking branch 'upstream/master' into pr2075 
Conflicts:
	modules/exploits/windows/local/wmi.rb
 2014-04-15 22:06:45 +01:00
Tod Beardsley 9db01770ec
Add custom rhost/rport, remove editorializing desc 
Verification:

````
resource (./a.rc)> run
[*] Connecting to FTP server ....
[*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server)
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla@example.com...
[*] FTP send: "USER anonymous\r\n"
[*] FTP recv: "331 Anonymous login ok, send your complete email address
as your password\r\n"
````

...etc.
 2014-04-14 21:46:05 -05:00
David Maloney c537aebf0f
Land #3228, JtR colon Seperation 2014-04-14 11:19:16 -05:00
Tod Beardsley 91293fd0db
Allow vhost to be maybe opts['rhost'] 
This enables passing rhost and rport directly to send_request_cgi
without having to monkey with the datastore.

See #8498
 2014-04-10 16:47:49 -05:00
Tod Beardsley 3109f42a55
Merge release back into master 2014-04-11 15:07:16 -05:00
Brandon Turner 2f2692f4bf
Bump version to 4.9.2 2014-04-10 17:45:42 -05:00
sinn3r 80faaf86d8 Add a link to explain about unmet exploit requirements 2014-04-10 14:01:16 -05:00
James Lee 95399b0de7
Don't try to be too helpful 
John cares not one whit how many colons are in a hash line, only that
there are enough for the format (at least 2 for regular /etc/passwd, at
least 3 for NTLM, etc). So there is no simple way to programmatically
determine whether a password had a colon or there was just an extra on
the end of the original hash line.

[MSP-9778]
See #2515
 2014-04-09 19:24:26 -05:00
Tod Beardsley 062175128b
Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
Meatballs ae3ead6ef9
Land #2107 Post Enum Domain Users 2014-04-09 11:32:12 +01:00
Tod Beardsley eab938c7b4
Get rid of requires, too 2014-04-07 16:39:19 -05:00
Tod Beardsley 17ddbccc34
Remove the broken lorcon module set 
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.

I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.

Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.

````
msf auxiliary(wifun) > show options

Module options (auxiliary/dos/wifi/wifun):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   CHANNEL    11               yes       The initial channel
   DRIVER     autodetect       yes       The name of the wireless driver
for lorcon
   INTERFACE  wlan0            yes       The name of the wireless
interface

msf auxiliary(wifun) > run

[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
 2014-04-07 16:37:10 -05:00
jvazquez-r7 577bd7c855
Land #3146, @wchen-r7's flash version detection code 2014-04-02 15:13:41 -05:00
agix a71fcaeefd add comments on change description call 2014-04-02 20:33:09 +01:00
agix bc4cb3febf Add DCERPC catch exception 2014-04-02 20:33:09 +01:00
agix 4a575d57ab Try to fix Meatballs1 suggestions : optional service_description change call 2014-04-02 20:33:09 +01:00
agix 5334f2657e Fix a bug for backwards compatibility 2014-04-02 20:33:08 +01:00
agix 631a7b9c48 Adapt to new psexec mixin (first try :D) 2014-04-02 20:33:08 +01:00
William Vu 5a448d9f2d
Fix ActiveRecord::ConnectionNotEstablished 
[SeeRM #8780]
 2014-04-02 00:54:39 -05:00
William Vu 8fd4f50081
Fix NameError for "r" in Msf::Auxiliary::Nmap 
Wasn't in scope.
 2014-04-01 17:35:20 -05:00
William Vu f9a7cfaa67
Land #3168, EICAR payload encoding 2014-04-01 09:17:10 -05:00
Tod Beardsley 42c7b85b86
Don't EICAR every time. That would be bad. 2014-04-01 09:05:55 -05:00
sinn3r 07ab05c870 Update a comment 2014-03-28 15:20:45 -05:00
sinn3r 4b7f85e47d Adobe Flash support in BES 2014-03-28 15:14:58 -05:00
Tod Beardsley 196e07c5b1
Touch up the EICAR stuff 2014-03-28 11:45:28 -05:00
jvazquez-r7 da6a428bbf Modify libs to support explib2 2014-03-28 10:44:52 -05:00
James Lee 6c36d14be1
Land #3118, fix java payloads for msfvenom 2014-03-25 15:38:21 -05:00
sinn3r 85c0c8bb70 Add support to detect mshtml build 
Some IE vulns are build-specific, in that case we need a way to
detect the build version. On IE9 and newer, the build version is
the same as the one you see in WinDBG when you do lmv m mshtml.
On IE8, it returns something else I don't know.
 2014-03-25 03:31:08 -05:00
William Vu 8b2ee4eb8c
Disable BLANK_PASSWORDS and USER_AS_PASS 
They're as obnoxious as DB_ALL_* when enabled by default.
 2014-03-24 15:51:35 -05:00
sinn3r 13f5c22536
Land #3129 - Fix 2782 with 2961 and stop stack-tracing download_exec 2014-03-21 11:36:59 -05:00
James Lee 0a141f1c02
Land #2810, masked password format switcheroo 2014-03-20 15:12:12 -05:00
David Maloney c4a9b4fda0
Land #3128, Put loot in correct workspace 2014-03-20 14:11:17 -05:00
Tod Beardsley 4d3f871e9d
Land #2961, get_env and get_envs Post mixin 
This unbreaks the changes introduced by #2782 by introducing
get_env and get_envs for shell sessions (not just meterpreter sessions).
 2014-03-20 10:53:50 -05:00
Trevor Rosen dd4b16ad60 Remove some dead code 2014-03-20 09:38:14 -05:00
Trevor Rosen dc85a99fbd report_loot now sets proper Mdm::Workspace 
* Uses an Mdm::Workspace when passed one in conf hash
 2014-03-20 09:27:09 -05:00
Samuel Huckins 33ca577010 Zip Workspace imports now working. 
MSP-9531

* Was trying to delete XML file, not sure why, running into permission
error
* General clarification and cleanup
 2014-03-19 22:53:15 -05:00
Samuel Huckins cc4c958d58 Merge remote-tracking branch 'metasploit-framework/master' into masked-cred-format-update 2014-03-19 15:47:46 -05:00
David Maloney 130474fdfd
Fix java payload generation 
jsp payloads are java but do not generate JARs
also we were not merging datastore options in properly
 2014-03-18 13:41:27 -05:00
David Maloney da0c37cee2
Land #2684, Meatballs PSExec refactor 2014-03-14 13:01:20 -05:00
sinn3r 6e37493471
Land #3091 - native shellcode payloads from a FF privileged js shell 2014-03-13 13:36:37 -05:00