infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
31,710 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

31710 Commits (f676dc03c85b54df394b1f4fe5c48c04a4df44e5)

Author SHA1 Message Date
William Vu 35511636cc
Land #4788, splunk_web_login new version support 2015-02-18 11:54:54 -06:00
Jay Smith e40772efe2
Fixed open device issue for non-priv users 
Fixed the open_device call to work for users without Administrator
privileges
 2015-02-18 12:44:58 -05:00
jvazquez-r7 ff4aa1f9da Require FileServer mixin 2015-02-18 11:43:13 -06:00
jvazquez-r7 f960a77754 Solve merging conflicts 2015-02-18 11:36:47 -06:00
joev f8609ab0ba Add file format exploit for injecting code into unpackers. 2015-02-18 11:26:45 -06:00
jvazquez-r7 01bedb7351 Merge #3074, @0x41414141 SMBFileServer mixin 2015-02-18 10:53:05 -06:00
Matt Buck a9931cd410
Land #4725, convert Rails 3 AR calls in RPC_Db 
Converts Rails 3 style ActiveRecord calls in RPC_Db to their Rails 4
counterparts.

Fixes #4725, also see MSP-12017
 2015-02-18 09:59:40 -06:00
William Vu 10960310da
Land #4786, cosmetic fixes from @hmoore-r7 
For {axis,glassfish}_login.
 2015-02-18 03:56:13 -06:00
William Vu 6a9d15a8d5
Land #4785, Rex::Proto::Http::Client context fixes 2015-02-18 03:47:26 -06:00
William Vu e2f5cc05c6
Land #4782, MSB reference fix 
In ms13_022_silverlight_script_object title.
 2015-02-18 03:44:15 -06:00
William Vu bda96f46e6
Land #4780, stop HTTP service with HTTP handler 2015-02-18 03:34:03 -06:00
HD Moore cc6899d783 Fix a stack trace on null response, thanks @jlee-r7 2015-02-18 00:38:55 -06:00
HD Moore f4d8a25981 Add support for newer Splunk versions 2015-02-18 00:30:47 -06:00
HD Moore 2847507f03 Add a chef brute force module 2015-02-17 23:49:57 -06:00
HD Moore 27d5ab45b4 Add a zabbix brute force module 2015-02-17 22:56:08 -06:00
HD Moore 85fd139ab0 Add missing context and a normalize_uri helper method 2015-02-17 22:55:53 -06:00
sinn3r 8ce1db5081 Fix #4783, raise exception if the payload arch is incompatible 
Fix #4783
 2015-02-17 21:47:17 -06:00
HD Moore f0e69cb526 Fix two cosmetic typos in the axis/glassfish modules 2015-02-17 21:01:35 -06:00
HD Moore 16932372db Calls to Rex::Proto::Http::Client.new were passing in empty context 2015-02-17 20:44:37 -06:00
sinn3r 59c413637a
Land #4781, handle resolve_sid failure enumerating user profiles 2015-02-17 14:58:07 -06:00
sinn3r 6acbe64dbd The MSB reference in the title is wrong 
It should be MS13-022.

MS12-022 is MSFT Expression Design.
 2015-02-17 14:56:14 -06:00
William Vu be5a0ee9c2
Land #4777, @todb-r7's release fixes 2015-02-17 13:45:00 -06:00
Samuel Huckins bfe55d3414
Merging master into release 2015-02-17 13:28:51 -06:00
rastating e0d87a8886 Update to use store_loot for CSV export 2015-02-17 19:21:31 +00:00
Tod Beardsley fb06cb13cc
Land #4774, Chromecast HTTP scanner 2015-02-17 13:11:25 -06:00
William Vu 687d84cdf0 Land wvu-r7#11, minor fixes for #4774 2015-02-17 13:08:30 -06:00
Tod Beardsley a8108cfc17
Be less stupid in the description 
[See #4774]
 2015-02-17 13:04:26 -06:00
Brent Cook bed40a83ee fix #4337: gracefully handle resolve_sid failure when enumerating user profiles 
Rather than throwing a backtrace with an unresolvable SID, try to get as
much profile data as possible if resolve_sid fails.

```
[*] Determining session platform and type...
[-] Unexpected windows error 1332
[*] Checking for Firefox directory in:
C:\Users\Administrator\AppData\Roaming\Mozilla\
[-] Firefox not found
[*] Post module execution completed
```
 2015-02-17 13:03:12 -06:00
Tod Beardsley 71c5f622ca
Land #4775, Kindle Fire TV Stick controller 2015-02-17 12:59:54 -06:00
Tod Beardsley 053de8e62c
Fix whitespace in author name 
[See #4777]
 2015-02-17 12:57:36 -06:00
Tod Beardsley 14e764ff5a
Move to http subdirectory 
After all, the wordpress scanners are all HTTP as well, and not under
some platform specific "wordpress" directory. Lots of other HTTP-ish
devices in there as well.
 2015-02-17 12:53:18 -06:00
Tod Beardsley 5e07b01a1f
Fix up description a tiny bit 2015-02-17 12:51:55 -06:00
William Vu 45b16c92b7 Prefer sleep 
It's all the same, anyway.
 2015-02-17 12:43:14 -06:00
William Vu 787deb4b23 Change service name to something more appropriate 
Technically, it's part of DIAL, but we don't want to confuse the user
even more.
 2015-02-17 12:41:31 -06:00
Brent Cook a8f44ca68f stop the http service when the reverse http handler stops 2015-02-17 12:38:20 -06:00
sinn3r b90639fd66
Land #4726, X360 Software actvx buffer overflow 2015-02-17 11:41:23 -06:00
David Maloney 8e50baaded
Land #4771, userPrincipalName fix 
Lands Meatballs1's PR to add userPrincipalName as a column
enumerated by the enum_ad_user* post modules.
 2015-02-17 11:31:15 -06:00
Matthew Hall 666b8e3e72 Add timeout to connection handler 2015-02-17 17:27:03 +00:00
Matthew Hall 728cfafe4d cleanups 2015-02-17 17:27:03 +00:00
Matthew Hall e4bab60007 Generic HTTP DLL Injection Exploit Module 
This is an example implementation of using the
Msf::Exploit::Remote::SMBFileServer module to perform
arbitrary DLL injection over SMB.
 2015-02-17 17:27:03 +00:00
Matthew Hall d4aa44455c Merge branch 'module-exploitsmbfileserver' of github.com:0x41414141/metasploit-framework into module-exploitsmbfileserver 2015-02-17 17:25:36 +00:00
Matthew Hall 547d4d1950 Merge with master 2015-02-17 17:23:19 +00:00
Matthew Hall 9e2a483977 Add example usage to Msf::Exploit::Remote::SMBFileServer documentation 2015-02-17 17:23:18 +00:00
Matthew Hall cec817902f Add yardoc documentation for Msf::Exploit::Remote::SMBFileServer 2015-02-17 17:23:18 +00:00
Matthew Hall 5cf8833697 Tidy lib/msf/core/exploit/smb.rb following feedback from jlee-r7. 
* Doc comments wrap at 78 chars to follow yardoc convention
 * Remove unused :server and SERVER vals
 * Use Utils class directly
 * Stop server within an ensure
 * Change SRVHOST to an OptAddress
 2015-02-17 17:23:18 +00:00
Matthew Hall 8beed5652d Implement SMBFileServer mixin. 
In order to accomplish remote file injection (e.g. DLL) this module
emulates an SMB service process to allow clients to load a file from a
network share.

This commit implements the SMBFileServer exploit module utilising the
::Rex::Proto::SMB::Server module to export the "start_smb_server"
function.

Utilising the module (example):
 include Msf::Exploit::Remote::SMBFileServer
 exe = generate_payload_dll
 @exe_file = rand_text_alpha(7) + ".dll"
 @share = rand_text_alpha(5)
 my_host = (datastore['SRVHOST'] == '0.0.0.0') ?
 Rex::Socket.source_address : datastore['SRVHOST']
 @unc = "\\#{my_host}\#{@share}\#{@exe_file}"
 start_smb_server(@unc, exe, @exe_file)
 // Inject DLL
 handle

A separate commit will provide a sample implementation of utilising this
module within a generic webserver DLL injection exploit:
./exploits/windows/http/generic_http_dllinject.rb
 2015-02-17 17:23:18 +00:00
Matthew Hall c86caacf95 Merge branch 'master' into module-exploitsmbdllserver 
Conflicts:
	lib/msf/core/exploit/smb.rb
 2015-02-17 17:16:09 +00:00
Matthew Hall 6c68f0ab19 Merge with master 2015-02-17 17:12:59 +00:00
Matthew Hall 9f04e3bcf0 Merge branch 'master' into hp_dataprotector_dll_cmd_exec 2015-02-17 17:06:40 +00:00
Matthew Hall afca27dae5 Merge branch 'master' into cve-2014-0094 2015-02-17 17:06:21 +00:00