Commit Graph

5315 Commits (eb847a3dfbf64a85ccfa2fd3bc198147fea0e14d)

Author SHA1 Message Date
sinn3r 8bad0033d3 Update description 2012-03-01 19:16:29 -06:00
sinn3r 0bc26c1665 Add CVE-2009-4656: DJ Studio .pls buffer overflow 2012-03-01 19:09:25 -06:00
sinn3r d06848ba56 Default to token impersonation before migrating to a different process 2012-03-01 18:31:33 -06:00
sinn3r 687c50d0cd Indent level fix 2012-03-01 16:14:29 -06:00
juan f1a6d8f535 Added exploit module for CVE-2008-5036 2012-03-01 23:06:40 +01:00
sinn3r 5a5e5eab95 Add msvcrt ROP target for IE8 2012-03-01 15:23:41 -06:00
sinn3r 1bc99646e7 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-03-01 15:14:05 -06:00
Steve Tornio 2d802750e3 fix osvdb ref 2012-03-01 08:07:11 -06:00
Steve Tornio 256fee3626 add osvdb ref 2012-03-01 08:06:53 -06:00
sinn3r a32bcc44f2 Merge branch 'post-apple-ios-backup-osx-fix' of https://github.com/gregory-m/metasploit-framework 2012-03-01 00:43:17 -06:00
sinn3r e9df9d6c2c Increase default depth 2012-02-29 16:24:18 -06:00
Tod Beardsley 4369f73c7a Msftidy fixes on new modules
Dropped a cryptic year reference from jducks' java module, found a
spurious space in thelightcosine's telnet module.
2012-02-29 10:42:43 -06:00
sinn3r 74cdb5dabc It's a two-space tab, not one space. OMG. 2012-02-29 10:13:29 -06:00
Gregory Man eaf41769ed Fixed gather/apple_ios_backup to work with OSX
Also moved it to post/multi/gather
2012-02-29 10:31:26 +02:00
sinn3r 278f394552 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-29 01:37:36 -06:00
sinn3r 6321ff7cb4 Change output message 2012-02-29 01:36:38 -06:00
sinn3r bc8480715f Add references to metadata. Do report_auth_info() when a credential is found. Plus other minor changes. 2012-02-29 01:32:21 -06:00
HD Moore 4c39cfd98a Small tweak to the format of the type 2012-02-28 23:52:48 -06:00
sinn3r 4b1e67f94f Add ROP target for Win2k3 SP1 and SP2 2012-03-04 17:18:34 -06:00
Steve Tornio 8f93a5abbb add osvdb ref 2012-03-03 12:28:30 -06:00
sinn3r fa916d863d Add Sysax SSH buffer overflow exploit 2012-03-03 10:11:51 -06:00
Tod Beardsley 6c0f8636ec Merge pull request #217 from rapid7/reverse-http-randomness
Reverse http randomness
2012-03-02 16:36:26 -08:00
HD Moore b70b41091b Tested fairly well - this randomizes the URLs and removes the user-agent string from the request 2012-03-02 17:44:23 -06:00
sinn3r 9258cda144 Change :info and file name so it's easier to identify it's a Firefox profile 2012-03-02 16:45:42 -06:00
Tod Beardsley 96e03d2556 Merge pull request #44 from linuxgeek247/armle-bind-shell
Adding armle bind shellcode based on existing reverse shellcode
2012-03-02 14:25:43 -08:00
James Lee f3e0b46e5c Post mods should use session_host when reporting
target_host probably never worked anyway
2012-02-28 18:40:17 -07:00
James Lee 624e19fd8b Merge session-host-rework branch back to master
Squashed commit of the following:

commit 2f4e8df33c5b4baa8d6fd67b400778a3f93482aa
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:31:03 2012 -0700

    Clean up some rdoc comments

    This adds categories for the various interfaces that meterpreter and
    shell sessions implement so they are grouped logically in the docs.

commit 9d31bc1b35845f7279148412f49bda56a39c9d9d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 13:00:25 2012 -0700

    Combine the docs into one output dir

    There's really no need to separate the API sections into their own
    directory.  Combining them makes it much easier to read.

commit eadd7fc136a9e7e4d9652d55dfb86e6f318332e0
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:27:22 2012 -0700

    Keep the order of iface attributes the same accross rubies

    1.8 doesn't maintain insertion order for Hash keys like 1.9 does so we
    end up with ~random order for the display with the previous technique.
    Switch to an Array instead of a Hash so it's always the same.

commit 6f66dd40f39959711f9bacbda99717253a375d21
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:23:35 2012 -0700

    Fix a few more compiler warnings

commit f39cb536a80c5000a5b9ca1fec5902300ae4b440
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:17:39 2012 -0700

    Fix a type-safety warning

commit 1e52785f38146515409da3724f858b9603d19454
Author: James Lee <egypt@metasploit.com>
Date:   Mon Feb 27 15:21:36 2012 -0700

    LHOST should be OptAddress, not OptAddressRange

commit acef978aa4233c7bd0b00ef63646eb4da5457f67
Author: James Lee <egypt@metasploit.com>
Date:   Sun Feb 26 17:45:59 2012 -0700

    Fix a couple of warnings and a typo

commit 29d87f88790aa1b3e5db6df650ecfb3fb93c675b
Author: HD Moore <hdm@digitaloffense.net>
Date:   Mon Feb 27 11:54:29 2012 -0600

    Fix ctype vs content_type typo

commit 83b5400356c47dd1973e6be3aa343084dfd09c73
Author: Gregory Man <man.gregory@gmail.com>
Date:   Sun Feb 26 15:38:33 2012 +0200

    Fixed scripts/meterpreter/enum_firefox to work with firefox > 3.6.x

commit 49c2c80b347820d02348d694cc71f1b3028b4365
Author: Steve Tornio <swtornio@gmail.com>
Date:   Sun Feb 26 07:13:13 2012 -0600

    add osvdb ref

commit e18e1fe97b89c3a2b8c22bc6c18726853d2c2bee
Author: Matt Andreko <mandreko@gmail.com>
Date:   Sat Feb 25 18:02:56 2012 -0500

    Added aspx target to msfvenom.  This in turn added it to msfencode as well.
    Ref: https://github.com/rapid7/metasploit-framework/pull/188
    Tested on winxp with IIS in .net 1.1 and 2.0 modes

commit e6aa5072112d79bbf8a4d2289cf8d301db3932f5
Author: Joshua J. Drake <github.jdrake@qoop.org>
Date:   Sat Feb 25 13:00:48 2012 -0600

    Fixes #6308: Fall back to 127.0.0.1 when SocketError is raised from the resolver

commit b3371e8bfeea4d84f9d0cba100352b57d7e9e78b
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 17:07:42 2012 -0700

    Simplify logic for whether an inner iface has the same address

commit 5417419f35a40d1c08ca11ca40744722692d3b0d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:58:16 2012 -0700

    Whitespace

commit 9036875c2918439ae23e11ee7b958e30ccc29545
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:53:45 2012 -0700

    Set session info before worrying about address

    get_interfaces can take a while on Linux, grab uid and hostname earlier
    so we can give the user an idea of what they popped as soon as possible.

commit f34b51c6291031ab25b5bfb1ac6307a516ab0ee9
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:48:42 2012 -0700

    Clean up rdoc

commit e61a0663454400ec66f59a80d18b0baff4cb8cd9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:54:45 2012 -0600

    Ensure the architecture is only the first word (not the full WOW64
    message in some cases)

commit 4c701610976a92298c1182eecc9291a1b301e43b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:49:17 2012 -0600

    More paranoia code, just in case RHOST is set to whitespace

commit c5ff89fe3dc9061e0fa9f761e6530f6571989d28
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:47:01 2012 -0600

    A few more small bug fixes to handle cases with an empty string target
    host resulting in a bad address

commit 462d0188a1298f29ac83b10349aec6737efc5b19
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 03:55:10 2012 -0600

    Fix up the logic (reversed by accident)

commit 2b2b0adaec2448423dbd3ec54d90a5721965e2df
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 23:29:52 2012 -0600

    Automatically parse system information and populate the db, identify and
    report NAT when detected, show the real session_host in the sessions -l
    listing

commit 547a4ab4c62dc3248f847dd5d305ad3b74157348
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:16:03 2012 -0600

    Fix typo introduced

commit 27a7b7961e61894bdecd55310a8f45d0917c5a5c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:11:38 2012 -0600

    More session.session_host tweaks

commit e447302a1a9915795e89b5e29c89ff2ab9b6209b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:08:20 2012 -0600

    Additional tunnel_peer changes

commit 93369fcffaf8c6b00d992526b4083acfce036bb3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:06:21 2012 -0600

    Additional changes to session.session_host

commit c3552f66d158685909e2c8b51dfead7c240c4f40
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:00:19 2012 -0600

    Merge changes into the new branch
2012-02-28 18:29:39 -07:00
sinn3r af4551d8dc Merge branch 'auxiliary-scanner-mongodb' of https://github.com/gregory-m/metasploit-framework into gregory-m-auxiliary-scanner-mongodb 2012-02-28 19:07:21 -06:00
sinn3r 986807e525 Add CVE-2012-0201 IBM Personal Communications .ws buffer overflow 2012-02-28 19:01:54 -06:00
sinn3r 5560087006 Add OSVDB 79438 Asus Net4Switch ActiveX Buffer Overflow 2012-02-28 18:58:28 -06:00
James Lee e69c8ca422 LHOST should be OptAddress, not OptAddressRange 2012-02-28 08:16:06 -07:00
Gregory Man bf07a6a027 Added auxiliary/scanner/mongodb/mongodb_login module
MongoDB login utility + brute force attack
2012-02-28 16:06:30 +02:00
sinn3r 2f201cdf78 Merge pull request #198 from jduck/master
Fixes #6308
2012-02-26 11:52:47 -08:00
Joshua J. Drake 3ff5c91c24 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-26 09:53:04 -06:00
Steve Tornio ef4cdb516d add osvdb ref 2012-02-26 07:13:13 -06:00
HD Moore 139136e033 Fix a handful of typos in the regex/parsing code 2012-02-26 02:10:06 -06:00
Joshua J. Drake 65ed4bfa8b Fixes #6308: Fall back to 127.0.0.1 when SocketError is raised from the resolver 2012-02-25 13:00:48 -06:00
sinn3r 91a7a44f02 Merge branch 'gather-firefox_creds-osx-fix' of https://github.com/gregory-m/metasploit-framework into gregory-m-gather-firefox_creds-osx-fix 2012-02-24 16:03:42 -06:00
sinn3r 7281a0ebdd Add CVE-2011-0923: HP Data Protector CMD_EXEC module (submitted by wireghoul) 2012-02-24 12:06:47 -06:00
Gregory Man 8a158c3a00 Added OSX support to post/multi/gather/firefox_creds
Tested on OSX 10.7.3 and FF 9.0.1
2012-02-24 16:44:42 +02:00
sinn3r bc2e12f7b5 Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-23 17:34:10 -06:00
sinn3r 339fb8d266 eh, I mean Win2k3 SP0 to SP1 2012-02-23 17:33:49 -06:00
David Maloney cb9cc1a69e Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-23 17:22:55 -06:00
David Maloney a6b10862bd Adds a lantronix telnet discovery module 2012-02-23 17:22:32 -06:00
James Lee 9ddca81ab5 Fix test that always evals to false
Meterpreter does not respond_to? extension names, they're magic.
2012-02-23 14:52:48 -07:00
Joshua J. Drake e262d7a7ff Add CVE-2012-0500 Sun Java Web Start exploit 2012-02-23 13:30:45 -06:00
Steve Tornio 08fb03276f add osvdb ref 2012-02-23 07:39:31 -06:00
sinn3r 144fa0dc0e Comment what \x0b\x04 is for 2012-02-22 22:59:43 -06:00
sinn3r 92c801d936 Merge branch 'ssh-creds-fix' of https://github.com/gregory-m/metasploit-framework into gregory-m-ssh-creds-fix 2012-02-22 19:49:26 -06:00
sinn3r 291e083d65 Add CVE-2011-5001: TrendMicro Control Manager 5.5 CmdProcessor Stack Bof 2012-02-22 19:44:47 -06:00
sinn3r 4ee1f989a6 Merge branch 'CVE-2008-1602_orbit_download_failed_bof' of https://github.com/juanvazquez/metasploit-framework 2012-02-22 19:40:56 -06:00
HD Moore 8d212849dc Fix typos that result in stack traces when matching the response codes 2012-02-22 16:04:24 -06:00
Gregory Man ace28a8388 1.9 compatibility fix
Strings in ruby 1.9 doesn't have #each method
2012-02-22 18:01:17 +02:00
Gregory Man 66fa56cc49 Fixed post/multi/gather/ssh_creds to work with shell session 2012-02-22 15:16:11 +02:00
HD Moore 3fecda95be Fix 1.8 compatibility issue 2012-02-22 02:05:44 -06:00
James Lee 5e6c40edfd Remove unnecessary space restrictions.
This allows using the full range of PHP payloads
2012-02-21 23:21:07 -07:00
James Lee 464cf7f65f Normalize service names
Downcases lots and standardizes a few.  Notably, modules that reported a
service name of "TNS" are now "oracle".  Modules that report http
now check for SSL and report https instead.

[Fixes #6437]
2012-02-21 22:59:20 -07:00
James Lee 7ca573a1b4 Give these two old modules a chance to work by setting a proper arch
These must have been broken for quite some time.  =/  They should
probably both be ARCH_PHP but I'm reluctant to make that big of a change
without having the target software to test.
2012-02-21 22:59:20 -07:00
HD Moore 4932a9ca25 Dont dump an HTML document to the console 2012-02-21 23:45:25 -06:00
David Maloney d3fad51f3a Fix my screwup in winscp for servicename 2012-02-21 20:31:52 -06:00
David Maloney dcf3f3579d Fix to the awful sname in this module 2012-02-21 20:28:27 -06:00
James Lee 02d6089893 Fix a stack trace when an unexpected response from the server
Caused by a typo
2012-02-21 18:57:27 -07:00
HD Moore acb4446e45 Fix #6407 by treating redirects as successful authentication 2012-02-21 16:02:21 -06:00
juan d6310829ea Added module for CVE-2008-1602 2012-02-21 22:36:57 +01:00
Tod Beardsley 4a631e463c Module title normalization
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/

The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
HD Moore bce1c08623 Update modules/auxiliary/server/capture/http_javascript_keylogger.rb 2012-02-21 04:46:56 -06:00
HD Moore 7c1d48d6aa Merge in MJC's javascript keylogger 2012-02-21 04:25:15 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
HD Moore ab92e38628 Small cosmetic change to module descriptions 2012-02-20 19:29:51 -06:00
HD Moore af56807668 Cleanup the titles of many exploit modules 2012-02-20 19:25:55 -06:00
sinn3r bb55b4e54f Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-02-20 14:22:23 -06:00
sinn3r f09ce04b00 Show where store_loot() saves the info 2012-02-20 14:22:05 -06:00
James Lee 89e0842b1e Add vim_soap to the mixins list.
Fixes an issue where a different module load order would result in one
of the vmware modules failing to load be cause vim_soap hadn't been
required yet. Thanks d0rm0us3 for having a weird system and spotting
stuff like this.
2012-02-20 13:17:45 -07:00
sinn3r cda9166180 This module should show where store_loot() saves the results 2012-02-20 14:15:55 -06:00
sinn3r 779e3cdcda Correct more post modules for naming style consistency 2012-02-20 13:49:23 -06:00
sinn3r fd283dd95b Correct naming style 2012-02-20 12:38:43 -06:00
sinn3r 3180d75168 Correct naming style 2012-02-20 12:38:31 -06:00
sinn3r 22e40d9da4 Change naming style for consistency 2012-02-20 12:35:53 -06:00
sinn3r 300558e009 Correct post module naming style 2012-02-20 12:34:35 -06:00
sinn3r a8d56afda6 Use store_loot() to save data to local disk 2012-02-20 01:30:11 -06:00
Matt Buck fccb338e29 Merge branch 'master' of github-r7:rapid7/metasploit-framework 2012-02-19 23:01:14 -06:00
Matt Buck e0a75c1b2c Merge branch 'release/4.2-stable'
Conflicts:
	lib/msf/core/model/host.rb
2012-02-19 22:57:22 -06:00
sinn3r ea698864bd Add aux module to disclose IIS internal IP (Feature #6405) 2012-02-19 22:44:30 -06:00
sinn3r 95fa97cbd7 This module should be using store_loot() to save downloaded data 2012-02-19 20:48:00 -06:00
sinn3r 6037a2fc7a Correct type and name for store_loot 2012-02-19 20:20:44 -06:00
HD Moore f92ddb2475 Revert "Cleanup to the module output for vmware_http_login.rb"
This reverts commit 08d91aebdb.
2012-02-19 18:55:49 -06:00
HD Moore a25475fac0 Revert "Add a new vmauthd_version scanner (also pulls in the SSL cert if"
This reverts commit c4ea27d32b.
2012-02-19 18:53:03 -06:00
HD Moore d761265b93 Revert "Cosmetic cleanup to the module output for vmauthd_login"
This reverts commit 87e7bf4934.
2012-02-19 18:52:39 -06:00
HD Moore 648686002b Cosmetic cleanup of the vmware_http_login module 2012-02-19 18:51:16 -06:00
HD Moore 2521bd7b59 Add a new vmauthd_version scanner (also pulls in the SSL cert if
available)
2012-02-19 18:34:35 -06:00
HD Moore 00d2497a42 Cosmetic cleanup to the module output for vmauthd_login 2012-02-19 18:32:36 -06:00
HD Moore c4ea27d32b Add a new vmauthd_version scanner (also pulls in the SSL cert if
available)
2012-02-19 18:28:06 -06:00
HD Moore 87e7bf4934 Cosmetic cleanup to the module output for vmauthd_login 2012-02-19 18:16:54 -06:00
HD Moore 08d91aebdb Cleanup to the module output for vmware_http_login.rb 2012-02-19 18:16:05 -06:00
sinn3r 825ea01f79 Correct report_web_vuln 2012-02-19 16:37:42 -06:00
sinn3r 199e9c518b Add Generic HTTP Directory Traversal Utility (Feature #6338) 2012-02-19 00:30:18 -06:00
David Maloney 6ced540e0b Merge branch 'vmware-api' into vmware-stable 2012-02-18 18:38:20 -06:00
David Maloney 36dc0fee50 Better dynamic soap generation for all the vmware stuff 2012-02-18 18:29:46 -06:00
sinn3r ef2c261ce9 Change print() to print_line() 2012-02-18 00:22:02 -06:00
sinn3r 1f34c1ffd2 Correct print() and sleep() to print_line and select() 2012-02-18 00:20:52 -06:00