345e1711b1
Land #2775 , @wchen-r7's post module to Safari get LastSession.plist
2013-12-17 15:57:50 -06:00
7ec96876d9
Delete unnecessary includes
2013-12-17 15:57:09 -06:00
374ef71c12
Favor read_file instead
2013-12-17 15:34:52 -06:00
80eea97ccd
ChrisJohnRiley fix for sap_service_discovery
2013-12-17 13:31:56 -06:00
ea6ba2b159
Add post module to get LastSession.plist
...
LastSession.plist sometimes contains sensitive information such as
usernames and passwords. It'd be nice to keep this in loot.
2013-12-17 13:07:30 -06:00
2de15bdc8b
added module for Zimbra Collaboration Server CVE-2013-7091
2013-12-17 19:32:04 +01:00
252909a609
Land #2448 , @OJ's ReverseListenerBindPort :)
2013-12-17 11:24:09 -06:00
ad2ec497c2
Land #2773 - Fix ms_ndproxy to work under a sandboxed Reader
2013-12-16 20:32:27 -06:00
52cb43e6a8
Fix typo
2013-12-16 20:28:49 -06:00
2eee34babf
added timeout options and rescue timeout
2013-12-16 20:00:13 -06:00
fe34d0e36e
fixed syntax
2013-12-16 19:26:40 -06:00
7b8de95f6b
fixed database overwriting issues
2013-12-16 19:16:12 -06:00
07f686bb1a
added ResolverArgumentError rescue statement
2013-12-16 18:46:14 -06:00
84759a552a
Save one variable
2013-12-16 16:49:44 -06:00
042bd4f80b
Fix ms_ndproxy to work under a sandboxed Reader
2013-12-16 16:19:17 -06:00
24bc10905e
Added Spaces and removed Interrupt
2013-12-16 22:12:35 +00:00
f88a3a55b6
More slight updates.
2013-12-16 15:05:39 -06:00
afcee93309
Land #2771 - Fix description
2013-12-16 15:01:32 -06:00
04b7e8b174
Fix module title and add vendor patch information
2013-12-16 14:59:00 -06:00
040619c373
Minor description changes
...
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
2013-12-16 14:57:33 -06:00
533accaa87
Add module for CVE-2013-3346
2013-12-16 14:13:47 -06:00
446db78818
Minor fix to gather_pf_info function
2013-12-16 21:33:07 +02:00
bf561fef95
Corrected Extraneous Whitespace\Newlines
2013-12-16 16:38:49 +00:00
79022c2e29
Probably should have checked it worked...
2013-12-16 11:33:08 +00:00
59003a9842
Updated Poison Ivy Scanner
2013-12-15 22:02:14 +00:00
226cd241bf
Added Poison Ivy Command and Control Scanner\n Auxiliary module to scan for Poison Ivy C&C on ports 80,8080,443 and 3460
2013-12-15 14:34:50 +00:00
3dec7f61a5
Check in sysnative if wow64
2013-12-15 01:12:52 +00:00
2dc4faad72
Resplat license
2013-12-15 01:12:51 +00:00
8203274256
Small fixes
...
Remove " from service command if it is quoted.
Spawn SYSWOW64 notepad.
2013-12-15 01:12:51 +00:00
f2e2147065
Change unless with else to if with else
2013-12-15 01:12:50 +00:00
cff7008500
Fix final issues with merge
...
Hopefully this will be the last of the changes.
2013-12-15 01:12:50 +00:00
41c538856a
Re-add RDI mixin changes
2013-12-15 01:12:49 +00:00
db29af0f97
First batch of submodule refactorings
2013-12-15 01:12:48 +00:00
6916f7c5d2
Fixup description
2013-12-15 01:12:47 +00:00
3d1646d18e
Exit process when complete
2013-12-15 01:12:47 +00:00
dd32c2b0b8
Spawn 32bit process
2013-12-15 01:12:46 +00:00
819ba30a33
msftidy
...
Conflicts:
lib/msf/core/post/windows/services.rb
2013-12-15 01:12:46 +00:00
5eca4714c2
Renamed module
2013-12-15 01:12:46 +00:00
a930056d7f
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
Conflicts:
lib/msf/core/post/windows/services.rb
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
2013-12-15 01:12:45 +00:00
c6623b380a
Initial commit
2013-12-15 01:12:45 +00:00
999006e037
fixed some things, as suggested by jvazquez-r7
2013-12-14 19:41:31 +01:00
e8396dc37a
Delete redefinition of ntdll functions on railgun
2013-12-13 16:02:47 -06:00
ba1a70b72e
Update Microsoft patch information
2013-12-13 15:59:15 -06:00
1ab3e891c9
Modify ms_ndproxy to use railgun additions
2013-12-13 15:54:34 -06:00
14a3d76410
Land #2755 - Microsoft Windows ndproxy.sys Local Privilege Escalation
2013-12-13 15:18:13 -06:00
e6f1f648be
modified wordlist path, modified report_goods to log udp or tcp, made wordlist not required
2013-12-13 10:49:44 -06:00
d6e19df8e2
added additional url reference
2013-12-12 22:57:23 -06:00
9f18c57fce
added period to description and changed tester to user
2013-12-12 22:11:02 -06:00
dba0e9bf77
msftidy done
2013-12-12 20:30:46 -06:00
554cd41403
added dns_cache_scraper and useful wordlists
2013-12-12 20:18:18 -06:00
7ab1369515
Land #2757 , @wchen-r7's youtube post module
2013-12-12 16:36:42 -06:00
1bcaffccc8
Make sure profile name is random
2013-12-12 16:19:06 -06:00
036955983d
Add support for Linux, thanks @jvennix-r7!
2013-12-12 16:12:36 -06:00
7d12ced66e
Remove unnecessary require statements
2013-12-12 13:49:54 -06:00
ce18ac4c62
fix comment
2013-12-12 12:49:46 -06:00
97e9daaa6a
Change title
2013-12-12 12:42:07 -06:00
de087d134a
Account for error
2013-12-12 12:41:05 -06:00
7ff0f4a2e7
move to multi for real
2013-12-12 12:35:58 -06:00
4d1a07bdfc
Move to multi
2013-12-12 12:34:45 -06:00
17b5d3c375
Add support for OSX
2013-12-12 12:33:59 -06:00
509ebddb87
Turns out there's -k, that's easier
2013-12-12 10:09:02 -06:00
5c1ca97e21
Create a new process to host the final payload
2013-12-12 08:26:44 -06:00
eb4e3f8a32
Fix os detection
2013-12-12 07:39:19 -06:00
54a5dfc344
This module allows you to broadcast a Youtube video on compromised machines
2013-12-12 02:34:00 -06:00
8b518776bc
Dont fail_with on check
2013-12-11 22:08:36 -06:00
02915c751c
Favor unless over if not and add reference
2013-12-11 16:28:09 -06:00
374e40c815
Add requires
2013-12-11 12:05:12 -06:00
572ddacdd6
Clean ie_proxypac
2013-12-11 11:49:29 -06:00
7589b4c4d5
Merge for retab
2013-12-11 11:47:30 -06:00
b6fa3f28b1
Modify description
2013-12-11 08:56:31 -06:00
c4721de4a0
Add module for CVE-2013-5065
2013-12-11 08:52:35 -06:00
e6eeb4a26d
rescue RuntimeError added
2013-12-11 03:00:13 +01:00
930a907531
Land #2748 - HP LoadRunner EmulationAdmin Web Service Directory Traversal
2013-12-10 16:29:12 -06:00
3a9ac303f0
Use rexml for XML data generation
2013-12-10 15:37:44 -06:00
ff9cb481fb
Land #2464 , fixes for llmnr_response and friends
...
Fixed conflict in lib/msf/core/exploit/http/server.rb.
2013-12-10 13:41:45 -06:00
3d5501326b
Land #2743 , @Mekanismen's exploit for CVE-2013-0632
2013-12-10 10:00:30 -06:00
30960e973f
Do minor cleanup on coldfusion_rds
2013-12-10 09:59:36 -06:00
2ef3caa9d7
Land #2735 , @jvennix-r7 support of 10.8+ on osx hashdump
2013-12-10 09:39:04 -06:00
230fcd87a5
Add module for zdi-13-259
2013-12-10 08:45:08 -06:00
9a6e504bfe
fixed path error and description
2013-12-10 09:05:34 +01:00
313a98b084
moved coldfusion_rds to multi directory and fixed a bug
2013-12-10 08:45:27 +01:00
1b3bc878f8
Unscrew the author name
2013-12-09 21:32:03 -06:00
e9edce10ac
Applying changes
2013-12-10 03:07:40 +01:00
06b651de7b
Revert read_file to cat so that pipe will work.
2013-12-09 19:30:08 -06:00
450716c788
Remove meterpreter support from osx autologin gather.
2013-12-09 19:19:20 -06:00
0845e3ce37
updated
2013-12-10 00:45:34 +01:00
bca2212f7e
updated
2013-12-09 23:28:17 +01:00
60d32be7d9
updated
2013-12-09 23:10:13 +01:00
e737b136cc
Minor grammar/caps fixup for release
2013-12-09 14:01:27 -06:00
14d12a2ce3
updated
2013-12-09 20:22:26 +01:00
37826688ce
Add cfme_manageiq_evm_pass_reset.rb
...
This module exploits a SQL injection vulnerability in the "explorer"
action of "miq_policy" controller of the Red Hat CloudForms Management
Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier)
by changing the password of the target account to the specified
password.
2013-12-09 16:49:07 -02:00
21661b168b
Add cfme_manageiq_evm_upload_exec.rb
...
This module exploits a path traversal vulnerability in the "linuxpkgs"
action of "agent" controller of the Red Hat CloudForms Management Engine
5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier).
2013-12-09 16:18:12 -02:00
6d1d45c691
Add user param to nt_hash call.
2013-12-09 10:28:06 -06:00
c59b8fd7bc
Land #2741 , @russell TCP support for nfsmount
2013-12-09 09:46:34 -06:00
67415808da
added exploit module for CVE-2013-0632
2013-12-09 15:18:34 +01:00
291a52712e
Allow the NFS protocol to be specified in the mount scanner
2013-12-09 21:26:29 +11:00
1e30cd55f7
Land #2740 - Real regex for MATCH and EXCLUDE
2013-12-09 03:05:08 -06:00
9c5991980a
Land #2733 - Disable meterpreter support because they're not stable
2013-12-09 02:50:36 -06:00
2f6a77861a
Land #2731 - vBulletin nodeid SQL injection (exploit)
2013-12-09 02:22:07 -06:00
feca3efafb
Land #2728 - vBulletin Password Collector via nodeid SQL Injection
2013-12-09 02:12:42 -06:00
92412279ae
Account for failed cred gathering attempts
...
Sometimes the SQL error doesn't contain the info we need.
2013-12-09 02:11:46 -06:00
cd66cca8a1
Make browser autopwn datastore use OptRegexp.
2013-12-08 17:46:33 -06:00
dea35252af
Kill unused method.
2013-12-08 14:35:49 -06:00
df76651834
Make sure loot is named correctly.
2013-12-08 14:31:18 -06:00
7f3ab14179
Make pipe part of /bin/bash cmd.
2013-12-08 14:27:28 -06:00
9b34a8f1ad
Supports 10.3
2013-12-08 14:26:16 -06:00
f981a04918
Fix MATCHUSER bug.
...
* Also add spacing and indentation for better readability.
* Refactors grab_shadow_blob method.
2013-12-08 14:21:48 -06:00
2a0b503f06
Minor fix
2013-12-08 18:17:22 +02:00
eacab1b2ad
Fix description, kill dead constant.
2013-12-07 22:28:16 -06:00
969f45fd32
Refactor OSX hashdump post module.
...
* Adds support for MATCHUSER regex option
* Adds support for OSX 10.8 and 10.9 hashes (PBKDF2)
* DRYs up a bunch of older code, adds lots of helper fns
* Ends up shaving off ~20 lines
2013-12-07 22:22:23 -06:00
3066e62711
Fix typo, fix no-autologin users bug.
2013-12-07 19:27:36 -06:00
4cb788b9de
Adds osx autologin password post module.
2013-12-07 19:01:35 -06:00
c6eac67ab5
Kill meterpreter support for osx media modules.
...
There is some bug that I haven't been able to track down that causes the
osx call to run the event queue to just hang on latest OSX + Java/python
meterpreter. I tried rewriting these modules using OSX's new Media API,
but I run into the same problem. Until I find a solution, we should mark
these shell-only.
2013-12-07 17:46:26 -06:00
c51e9036ae
Merge branch 'land_mipsbe_xor_encoder' into upstream-master
2013-12-07 17:28:57 -06:00
75fb38fe8d
Land #2724 , @wchen-r7 and @jvennix-r7's module for CVE-2013-6414
2013-12-07 14:26:46 -06:00
fdebfe3d2f
Add references
2013-12-07 14:25:58 -06:00
f77784cd0d
Land #2723 , @denandz's module for OSVDB-100423
2013-12-06 17:32:07 -06:00
3729c53690
Move uptime_file_upload to the correct location
2013-12-06 15:57:52 -06:00
2ff9c31747
Do minor clean up on uptime_file_upload
2013-12-06 15:57:22 -06:00
adc241faf8
Last one, I say
2013-12-06 15:52:42 -06:00
17193e06a9
Last commit, I swear
2013-12-06 15:49:44 -06:00
58a70779ac
Final update
2013-12-06 15:48:59 -06:00
9f5768ae37
Another update
2013-12-06 14:53:35 -06:00
af16f11784
Another update
2013-12-06 14:39:26 -06:00
d47292ba10
Add module for CVE-2013-3522
2013-12-06 13:50:12 -06:00
87e77b358e
Use the correct URI
2013-12-06 12:08:19 -06:00
5d4acfa274
Plenty of changes
2013-12-06 11:57:02 -06:00
5e5fd6b01a
Unless replaced
2013-12-06 15:01:35 +01:00
6f02744d46
Land #2730 Typo in mswin_tiff_overflow
2013-12-06 12:32:37 +00:00
3aebe968bb
Land #2721 Reflective DLL Mixin
...
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.
Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
89ef1d4720
Fix a typo in mswin_tiff_overflow
2013-12-06 00:44:12 -06:00
3d327363af
uptime_file_upload code tidy-ups
2013-12-06 13:45:22 +13:00
c07686988c
random uri
2013-12-05 18:07:24 -06:00
73d3ea699f
Remove the last redundant error check
2013-12-06 09:32:21 +10:00
e4c6413643
Land #2718 , @wchen-r7's deletion of @peer on HttpClient modules
2013-12-05 17:25:59 -06:00
f2f8c08c8e
Use blank? method
2013-12-05 16:36:44 -06:00
2cb991cace
Shuffle RDI stuff into more appropriate structure
...
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
a380d9b4f2
Add aux module for CVE-2013-3522
2013-12-05 15:58:05 -06:00
79e23a1e13
Land #2675 , @JonValt's forensics/browser_history
...
Great job!
2013-12-05 09:35:53 -06:00
cd5172384f
Rename gather_browser_history.rb to browser_history.rb
2013-12-05 08:43:19 -06:00
3957bbc710
capitalization ("skype")
...
(https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r8120307 )
Removed some Chrome artifacts and renamed one to reflect "Archived History."
(https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r8120314 )
((Will include other doxxes in another module.))
2013-12-05 08:33:47 -06:00
717f45ac09
Minor modification
2013-12-05 09:07:28 +02:00
902d48efab
Delete debug prints
2013-12-05 09:03:42 +02:00
492cd1ca07
Modifications how info is collected from pf files.
2013-12-05 08:56:26 +02:00
07294106cb
Removed redundant content-type parameter
2013-12-05 14:18:26 +13:00
8e9723788d
Correct description
2013-12-04 17:25:58 -06:00
fb2fcf429f
This one actually works
2013-12-04 17:22:42 -06:00
cfffd80d22
Added uptime_file_upload exploit module
2013-12-05 11:56:05 +13:00
b936831125
Renamed the mixin module
2013-12-05 08:13:54 +10:00
d0071d7baa
Add CVE-2013-6414 Rails Action View DoS
2013-12-04 14:57:30 -06:00
jvazquez-r7
sinn3r
Mekanismen
William Vu
zeknox
SeawolfRN
Tod Beardsley
jiuweigui
Meatballs
OJ
Matteo Cantoni
bmerinofe
Joe Vennix
Ramon de C Valle
Russell Sim
DoI
Joshua Harper PI GCFE GCFA GSEC