From ef29f29c100138267dd7158d6ccd483b6f2c9ec8 Mon Sep 17 00:00:00 2001 From: David Maloney Date: Wed, 29 Aug 2012 19:16:33 -0500 Subject: [PATCH 01/23] Adds a new findpids command to meterpreter findpids calls client.sys.process.get_processes like ps but then filters out any processes that do not match one of the process names supplied as arguments to the command. `findpids explorer.exe notepad.exe` will return all processes named explorer.exe or notepad.exe Allows for quick searching for the pid you want. ideal for migration --- .../console/command_dispatcher/stdapi/sys.rb | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb index 138ea2eaab..4ce46c0e50 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb @@ -58,6 +58,7 @@ class Console::CommandDispatcher::Stdapi::Sys "getuid" => "Get the user that the server is running as", "kill" => "Terminate a process", "ps" => "List running processes", + "findpids" => "Find Processes by name", "reboot" => "Reboots the remote computer", "reg" => "Modify and interact with the remote registry", "rev2self" => "Calls RevertToSelf() on the remote machine", @@ -75,6 +76,7 @@ class Console::CommandDispatcher::Stdapi::Sys "getuid" => [ "stdapi_sys_config_getuid" ], "kill" => [ "stdapi_sys_process_kill" ], "ps" => [ "stdapi_sys_process_get_processes" ], + "findpids" => [ "stdapi_sys_process_get_processes" ], "reboot" => [ "stdapi_sys_power_exitwindows" ], "reg" => [ "stdapi_registry_load_key", @@ -284,6 +286,34 @@ class Console::CommandDispatcher::Stdapi::Sys return true end + def cmd_findpids(*args) + if args.empty? or args.include? "-h" + print_line "You must supply one or more process name to search for" + print_line "e.g. findpids explorer.exe notepad.exe" + return true + end + processes = client.sys.process.get_processes + if (processes.length == 0) + print_line("No running processes were found.") + else + searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new + processes.each do |proc| + if args.include? proc["name"] + searched_procs << proc + end + end + searched_procs.compact! + if searched_procs.length == 0 + print_line("No running processes were found matching the supplied names.") + else + print_line + print_line(searched_procs.to_table("Indent" => 1).to_s) + print_line + end + end + return true + end + # # Reboots the remote computer. # From f13502033af2d7eb38777537b2bf1ff6ee31d4f6 Mon Sep 17 00:00:00 2001 From: David Maloney Date: Thu, 6 Sep 2012 11:54:28 -0500 Subject: [PATCH 02/23] Built in regex support to findpids --- .../ui/console/command_dispatcher/stdapi/sys.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb index 4ce46c0e50..26e8ac17cd 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb @@ -290,6 +290,7 @@ class Console::CommandDispatcher::Stdapi::Sys if args.empty? or args.include? "-h" print_line "You must supply one or more process name to search for" print_line "e.g. findpids explorer.exe notepad.exe" + print_line "You may also pass Regular Expressions: findpids *.svc.* *.dll.*" return true end processes = client.sys.process.get_processes @@ -298,8 +299,11 @@ class Console::CommandDispatcher::Stdapi::Sys else searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new processes.each do |proc| - if args.include? proc["name"] - searched_procs << proc + args.each do |arg| + if proc["name"].match(/#{arg}/) + searched_procs << proc + break + end end end searched_procs.compact! From 52f3dfa81b4a2aa0d8c2d0f52fe25e9a381e6ae1 Mon Sep 17 00:00:00 2001 From: David Maloney Date: Wed, 12 Sep 2012 08:26:31 -0500 Subject: [PATCH 03/23] Moved help text into cmd_findpids_help --- .../ui/console/command_dispatcher/stdapi/sys.rb | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb index 26e8ac17cd..52e26561d1 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb @@ -288,9 +288,7 @@ class Console::CommandDispatcher::Stdapi::Sys def cmd_findpids(*args) if args.empty? or args.include? "-h" - print_line "You must supply one or more process name to search for" - print_line "e.g. findpids explorer.exe notepad.exe" - print_line "You may also pass Regular Expressions: findpids *.svc.* *.dll.*" + cmd_findpids_help return true end processes = client.sys.process.get_processes @@ -318,6 +316,12 @@ class Console::CommandDispatcher::Stdapi::Sys return true end + def cmd_findpids_help + print_line "You must supply one or more process name to search for" + print_line "e.g. findpids explorer.exe notepad.exe" + print_line "You may also pass Regular Expressions: findpids *.svc.* *.dll.*" + end + # # Reboots the remote computer. # From 1adfc0e070c302a2d39bc33ab1da5f0560fedb33 Mon Sep 17 00:00:00 2001 From: David Maloney Date: Wed, 19 Sep 2012 08:28:36 -0500 Subject: [PATCH 04/23] rolled changes into existing ps command Some users requested this be added to the ps command via a -S opt instead of creating a new command. This limits the search to only one search parameter at a time but with the ability to pass RegEx I think that's fine --- .../console/command_dispatcher/stdapi/sys.rb | 66 +++++++++---------- 1 file changed, 30 insertions(+), 36 deletions(-) diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb index 52e26561d1..f3683f980a 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb @@ -45,6 +45,10 @@ class Console::CommandDispatcher::Stdapi::Sys "-r" => [ true, "The remote machine name to connect to (with current process credentials" ], "-w" => [ false, "Set KEY_WOW64 flag, valid values [32|64]." ]) + @@ps_opts = Rex::Parser::Arguments.new( + "-h" => [false, "Help menu."], + "-S" => [true, "RegEx term(s) to filter results with "]) + # # List of supported commands. # @@ -58,7 +62,6 @@ class Console::CommandDispatcher::Stdapi::Sys "getuid" => "Get the user that the server is running as", "kill" => "Terminate a process", "ps" => "List running processes", - "findpids" => "Find Processes by name", "reboot" => "Reboots the remote computer", "reg" => "Modify and interact with the remote registry", "rev2self" => "Calls RevertToSelf() on the remote machine", @@ -76,7 +79,6 @@ class Console::CommandDispatcher::Stdapi::Sys "getuid" => [ "stdapi_sys_config_getuid" ], "kill" => [ "stdapi_sys_process_kill" ], "ps" => [ "stdapi_sys_process_get_processes" ], - "findpids" => [ "stdapi_sys_process_get_processes" ], "reboot" => [ "stdapi_sys_power_exitwindows" ], "reg" => [ "stdapi_registry_load_key", @@ -276,6 +278,24 @@ class Console::CommandDispatcher::Stdapi::Sys # def cmd_ps(*args) processes = client.sys.process.get_processes + @@ps_opts.parse(args) do |opt, idx, val| + case opt + when "-h" + cmd_ps_help + return true + when "-S" + print_line "Performing Search..." + searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new + processes.each do |proc| + if val.nil? or val.empty? + print_line "You must supply a search term!" + return false + end + searched_procs << proc if proc["name"].match(/#{val}/) + end + processes = searched_procs + end + end if (processes.length == 0) print_line("No running processes were found.") else @@ -286,40 +306,14 @@ class Console::CommandDispatcher::Stdapi::Sys return true end - def cmd_findpids(*args) - if args.empty? or args.include? "-h" - cmd_findpids_help - return true - end - processes = client.sys.process.get_processes - if (processes.length == 0) - print_line("No running processes were found.") - else - searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new - processes.each do |proc| - args.each do |arg| - if proc["name"].match(/#{arg}/) - searched_procs << proc - break - end - end - end - searched_procs.compact! - if searched_procs.length == 0 - print_line("No running processes were found matching the supplied names.") - else - print_line - print_line(searched_procs.to_table("Indent" => 1).to_s) - print_line - end - end - return true - end - - def cmd_findpids_help - print_line "You must supply one or more process name to search for" - print_line "e.g. findpids explorer.exe notepad.exe" - print_line "You may also pass Regular Expressions: findpids *.svc.* *.dll.*" + def cmd_ps_help + print_line "Use the command with no arguments to see all running processes." + print_line "You may supply a search term to filter the results:" + print_line "\t ps -S explorer.exe" + print_line "\t Would return any processes named explorer.exe" + print_line "You may also pass Regular Expressions:" + print_line "\tps -S *.svc.* " + print_line "Would return any processes with 'svc' in the name" end # From 1fd4c8867cd49ac36522a84a0270e2f54618c851 Mon Sep 17 00:00:00 2001 From: David Maloney Date: Fri, 21 Sep 2012 13:27:16 -0500 Subject: [PATCH 05/23] Add a bunch of extra filter options --- .../console/command_dispatcher/stdapi/sys.rb | 40 ++++++++++++++++++- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb index f3683f980a..152ef980bc 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb @@ -47,7 +47,10 @@ class Console::CommandDispatcher::Stdapi::Sys @@ps_opts = Rex::Parser::Arguments.new( "-h" => [false, "Help menu."], - "-S" => [true, "RegEx term(s) to filter results with "]) + "-S" => [true, "RegEx term to filter on process name with "], + "-A" => [true, "Arch to filter on (x86 or x86_64"], + "-s" =>[false, "Show only SYSTEM processes"], + "-U" => [true, "RegEx term to filter on user name with"]) # # List of supported commands. @@ -284,7 +287,7 @@ class Console::CommandDispatcher::Stdapi::Sys cmd_ps_help return true when "-S" - print_line "Performing Search..." + print_line "Filtering on process name..." searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new processes.each do |proc| if val.nil? or val.empty? @@ -294,6 +297,36 @@ class Console::CommandDispatcher::Stdapi::Sys searched_procs << proc if proc["name"].match(/#{val}/) end processes = searched_procs + when "-A" + print_line "Filtering on arch..." + searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new + processes.each do |proc| + next if proc['arch'].nil? or proc['arch'].empty? + if val.nil? or val.empty? or !(val == "x86" or val == "x86_64") + print_line "You must select either x86 or x86_64" + return false + end + searched_procs << proc if proc["arch"] == val + end + processes = searched_procs + when "-s" + print_line "Filtering on SYSTEM processes..." + searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new + processes.each do |proc| + searched_procs << proc if proc["user"] == "NT AUTHORITY\\SYSTEM" + end + processes = searched_procs + when "-U" + print_line "Filtering on user name..." + searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new + processes.each do |proc| + if val.nil? or val.empty? + print_line "You must supply a search term!" + return false + end + searched_procs << proc if proc["user"].match(/#{val}/) + end + processes = searched_procs end end if (processes.length == 0) @@ -316,6 +349,8 @@ class Console::CommandDispatcher::Stdapi::Sys print_line "Would return any processes with 'svc' in the name" end + + # # Reboots the remote computer. # @@ -627,6 +662,7 @@ class Console::CommandDispatcher::Stdapi::Sys client.sys.power.shutdown end + end end From 30bfa7cee6db4a3fd03dcd59941eaaba3daa5504 Mon Sep 17 00:00:00 2001 From: David Maloney Date: Fri, 21 Sep 2012 13:45:09 -0500 Subject: [PATCH 06/23] Fix up the ps help --- .../console/command_dispatcher/stdapi/sys.rb | 23 ++++++++++++++----- 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb index 152ef980bc..5e09ef8cd5 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb @@ -341,12 +341,23 @@ class Console::CommandDispatcher::Stdapi::Sys def cmd_ps_help print_line "Use the command with no arguments to see all running processes." - print_line "You may supply a search term to filter the results:" - print_line "\t ps -S explorer.exe" - print_line "\t Would return any processes named explorer.exe" - print_line "You may also pass Regular Expressions:" - print_line "\tps -S *.svc.* " - print_line "Would return any processes with 'svc' in the name" + print_line "The following options can be used to filter those results:" + + tbl = Rex::Ui::Text::Table.new( + 'Header' => "Options List", + 'Indent' => 1, + 'Columns' => + [ + "Option", + "Details" + ] + ) + + tbl << ["-s", "Display only SYSTEM processes"] + tbl << ["-S ", "Filters processes on the process name using the supplied RegEx"] + tbl << ["-A ", "Filters processes on the arch. (x86, x86_64)"] + tbl << ["-U ", "Filters processes on the user using the supplied RegEx"] + print_line tbl.to_s end From e94c68d85b00d2a91b18a9ee80464707e25e0b0b Mon Sep 17 00:00:00 2001 From: Michael Schierl Date: Mon, 22 Oct 2012 18:38:18 +0200 Subject: [PATCH 07/23] Author cleanup: One module did not have an author --- modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb b/modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb index 4f6ca6c41a..5d071eaf46 100644 --- a/modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb +++ b/modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb @@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote super(update_info(info, 'Name' => 'MacOS X QuickTime RTSP Content-Type Overflow', # Description? - # Author? + 'Author' => 'unknown', 'Version' => '$Revision$', 'Platform' => 'osx', 'References' => From ece6d84e922555bfd4ebc90e25a837d52509839d Mon Sep 17 00:00:00 2001 From: Michael Schierl Date: Mon, 22 Oct 2012 19:45:27 +0200 Subject: [PATCH 08/23] Author cleanup: fix unmatched angle brackets --- modules/exploits/windows/ftp/sasser_ftpd_port.rb | 2 +- modules/post/multi/manage/multi_post.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/exploits/windows/ftp/sasser_ftpd_port.rb b/modules/exploits/windows/ftp/sasser_ftpd_port.rb index e79017f398..90c2e0ac99 100644 --- a/modules/exploits/windows/ftp/sasser_ftpd_port.rb +++ b/modules/exploits/windows/ftp/sasser_ftpd_port.rb @@ -23,7 +23,7 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits the FTP server component of the Sasser worm. By sending an overly long PORT command the stack can be overwritten. }, - 'Author' => [ 'valsmith [at] metasploit.com>', 'chamuco [at] gmail.com>', 'patrick' ], + 'Author' => [ '', '', 'patrick' ], 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, 'Version' => '$Revision$', diff --git a/modules/post/multi/manage/multi_post.rb b/modules/post/multi/manage/multi_post.rb index ac80e2283c..ef57b64601 100644 --- a/modules/post/multi/manage/multi_post.rb +++ b/modules/post/multi/manage/multi_post.rb @@ -29,7 +29,7 @@ class Metasploit3 < Msf::Post of the module against the sessions and validation of the options provided. }, 'License' => MSF_LICENSE, - 'Author' => [ 'carlos_perez[at]darkoperator.com>'], + 'Author' => [ ''], 'Version' => '$Revision$', 'Platform' => [ 'windows', 'unix', 'osx', 'linux', 'solaris' ], 'SessionTypes' => [ 'meterpreter','shell' ] From 2bb498c4b3ba8a147f70d212c0d9907853b91659 Mon Sep 17 00:00:00 2001 From: Michael Schierl Date: Mon, 22 Oct 2012 20:04:21 +0200 Subject: [PATCH 09/23] DisclosureDate cleanup: Try parsing all dates Fix all dates unparsable by `Date.strptime(value, '%b %d %Y')` --- modules/exploits/windows/local/ask.rb | 2 +- modules/exploits/windows/local/bypassuac.rb | 2 +- modules/exploits/windows/local/service_permissions.rb | 2 +- modules/exploits/windows/smtp/wmailserver.rb | 2 +- modules/post/windows/escalate/bypassuac.rb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/exploits/windows/local/ask.rb b/modules/exploits/windows/local/ask.rb index 88b377e56d..95009ac41d 100644 --- a/modules/exploits/windows/local/ask.rb +++ b/modules/exploits/windows/local/ask.rb @@ -38,7 +38,7 @@ class Metasploit3 < Msf::Exploit::Local 'References' => [ [ 'URL', 'http://www.room362.com/blog/2012/1/3/uac-user-assisted-compromise.html' ] ], - 'DisclosureDate'=> "Jan 3, 2012" + 'DisclosureDate'=> "Jan 3 2012" )) register_options([ diff --git a/modules/exploits/windows/local/bypassuac.rb b/modules/exploits/windows/local/bypassuac.rb index f919f9b3c8..3788b2c7ee 100644 --- a/modules/exploits/windows/local/bypassuac.rb +++ b/modules/exploits/windows/local/bypassuac.rb @@ -40,7 +40,7 @@ class Metasploit3 < Msf::Exploit::Local 'References' => [ [ 'URL', ' http://www.trustedsec.com/december-2010/bypass-windows-uac/' ] ], - 'DisclosureDate'=> "Dec 31, 2010" + 'DisclosureDate'=> "Dec 31 2010" )) end diff --git a/modules/exploits/windows/local/service_permissions.rb b/modules/exploits/windows/local/service_permissions.rb index a4e7fe8da9..cc1733a38e 100644 --- a/modules/exploits/windows/local/service_permissions.rb +++ b/modules/exploits/windows/local/service_permissions.rb @@ -42,7 +42,7 @@ class Metasploit3 < Msf::Exploit::Local [ 'Automatic', { } ], ], 'DefaultTarget' => 0, - 'DisclosureDate'=> "Oct 15, 2012" + 'DisclosureDate'=> "Oct 15 2012" )) register_options([ diff --git a/modules/exploits/windows/smtp/wmailserver.rb b/modules/exploits/windows/smtp/wmailserver.rb index ab89caf331..50b342259e 100644 --- a/modules/exploits/windows/smtp/wmailserver.rb +++ b/modules/exploits/windows/smtp/wmailserver.rb @@ -50,7 +50,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Windows XP Pro SP0/SP1 English', { 'Ret' => 0x71aa32ad } ], ], 'DefaultTarget' => 0, - 'DisclosureDate' => 'Jul 11 2005 ')) + 'DisclosureDate' => 'Jul 11 2005')) register_options([ Opt::RPORT(25) ], self.class) end diff --git a/modules/post/windows/escalate/bypassuac.rb b/modules/post/windows/escalate/bypassuac.rb index d6fde61719..06ef199e58 100644 --- a/modules/post/windows/escalate/bypassuac.rb +++ b/modules/post/windows/escalate/bypassuac.rb @@ -30,7 +30,7 @@ class Metasploit3 < Msf::Post 'References' => [ [ 'URL', ' http://www.trustedsec.com/december-2010/bypass-windows-uac/' ] ], - 'DisclosureDate'=> "Dec 31, 2010" + 'DisclosureDate'=> "Dec 31 2010" )) register_options([ From c17b026db9e6318d0e9dcbae79d9171ba5ad0053 Mon Sep 17 00:00:00 2001 From: Michael Schierl Date: Mon, 22 Oct 2012 20:14:39 +0200 Subject: [PATCH 10/23] Platform cleanup: platform should be lowercase --- modules/exploits/freebsd/tacacs/xtacacsd_report.rb | 2 +- modules/post/windows/manage/mssql_local_auth_bypass.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/exploits/freebsd/tacacs/xtacacsd_report.rb b/modules/exploits/freebsd/tacacs/xtacacsd_report.rb index 13026d076a..98cb5833df 100644 --- a/modules/exploits/freebsd/tacacs/xtacacsd_report.rb +++ b/modules/exploits/freebsd/tacacs/xtacacsd_report.rb @@ -41,7 +41,7 @@ class Metasploit3 < Msf::Exploit::Remote 'PrependEncoder' => "\x83\xec\x7f", 'DisableNops' => 'True', }, - 'Platform' => 'BSD', + 'Platform' => 'bsd', 'Arch' => ARCH_X86, 'Targets' => [ diff --git a/modules/post/windows/manage/mssql_local_auth_bypass.rb b/modules/post/windows/manage/mssql_local_auth_bypass.rb index 1e902fa457..fa602e08a6 100644 --- a/modules/post/windows/manage/mssql_local_auth_bypass.rb +++ b/modules/post/windows/manage/mssql_local_auth_bypass.rb @@ -25,7 +25,7 @@ class Metasploit3 < Msf::Post However, this can be overcome by migrating to the SQL Server process.}, 'License' => MSF_LICENSE, 'Author' => [ 'Scott Sutherland '], - 'Platform' => [ 'Windows' ], + 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ] )) From 3bf612aec8ba8d51722a58d0ea155e53242b4a42 Mon Sep 17 00:00:00 2001 From: Michael Schierl Date: Mon, 22 Oct 2012 20:28:02 +0200 Subject: [PATCH 11/23] Arch/Platform cleanup: aux modules need neither --- modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb | 1 - modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb | 1 - modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb | 1 - modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb | 1 - modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb | 1 - 5 files changed, 5 deletions(-) diff --git a/modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb b/modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb index 57f8dcad50..47d57073a7 100644 --- a/modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb +++ b/modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb @@ -35,7 +35,6 @@ class Metasploit3 < Msf::Auxiliary 'Author' => 'jduck', 'License' => MSF_LICENSE, 'Version' => '$Revision$', - 'Platform' => [ 'win' ], 'References' => [ [ 'OSVDB', '65533'], diff --git a/modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb b/modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb index 828ffee880..eb8924aea7 100644 --- a/modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb +++ b/modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb @@ -26,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'nullbind ' ], 'License' => MSF_LICENSE, - 'Platform' => [ 'win' ], 'References' => [[ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ]] )) diff --git a/modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb b/modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb index 203587be41..b6c9dba312 100644 --- a/modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb +++ b/modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb @@ -33,7 +33,6 @@ class Metasploit3 < Msf::Auxiliary [ 'Automatic', { } ], ], 'DefaultTarget' => 0, - 'Platform' => [ 'win' ], 'References' => [[ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ]] )) diff --git a/modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb b/modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb index 403e11c6da..c45bc2aa67 100644 --- a/modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb +++ b/modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb @@ -27,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary Code execution may be possible however this module is only a DoS. }, 'Author' => [ 'patrick' ], - 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, 'Version' => '$Revision$', 'References' => diff --git a/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb b/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb index 3365bd54ef..0d6967348a 100644 --- a/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb +++ b/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb @@ -43,7 +43,6 @@ class Metasploit3 < Msf::Auxiliary [ 'EDB', 15803 ], [ 'URL', 'http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx' ] ], - 'Platform' => [ 'win' ], 'DisclosureDate' => 'Dec 21 2010')) register_options( From 595d0821c58da594ddbbfe379db60cf7808fd0be Mon Sep 17 00:00:00 2001 From: Michael Schierl Date: Mon, 22 Oct 2012 20:36:49 +0200 Subject: [PATCH 12/23] Privileged cleanup: auxiliary modules can't --- modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb | 1 - modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb | 1 - 2 files changed, 2 deletions(-) diff --git a/modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb b/modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb index 47d57073a7..e25693f213 100644 --- a/modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb +++ b/modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb @@ -40,7 +40,6 @@ class Metasploit3 < Msf::Auxiliary [ 'OSVDB', '65533'], [ 'URL', 'http://seclists.org/bugtraq/2010/Jun/160' ] ], - 'Privileged' => true, 'DisclosureDate' => 'Jun 15 2010' ) diff --git a/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb b/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb index 6cb8a84a35..28f0f916b1 100644 --- a/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb +++ b/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb @@ -45,7 +45,6 @@ class Metasploit3 < Msf::Auxiliary ['URL', 'http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000898.1-1'] ], # Tested OK against sol8.tor 20100624 -jjd - 'Privileged' => true, 'DisclosureDate' => 'Jan 22 2003') register_options( From d38629275410d2c341ad9f24f06cc30c87022d92 Mon Sep 17 00:00:00 2001 From: Rob Fuller Date: Mon, 22 Oct 2012 14:46:52 -0400 Subject: [PATCH 13/23] remove non-functional enum_delicious module --- .../auxiliary/scanner/http/enum_delicious.rb | 112 ------------------ 1 file changed, 112 deletions(-) delete mode 100644 modules/auxiliary/scanner/http/enum_delicious.rb diff --git a/modules/auxiliary/scanner/http/enum_delicious.rb b/modules/auxiliary/scanner/http/enum_delicious.rb deleted file mode 100644 index a04c7fc52c..0000000000 --- a/modules/auxiliary/scanner/http/enum_delicious.rb +++ /dev/null @@ -1,112 +0,0 @@ -## -# $Id$ -## - -## -# This file is part of the Metasploit Framework and may be subject to -# redistribution and commercial restrictions. Please see the Metasploit -# web site for more information on licensing and terms of use. -# http://metasploit.com/ -## - -require 'msf/core' -require 'net/http' - -class Metasploit3 < Msf::Auxiliary - include Msf::Auxiliary::Report - def initialize(info = {}) - super(update_info(info, - 'Name' => 'Del.icio.us Domain Links (URLs) Enumerator', - 'Description' => %q{ - This module pulls and parses the URLs stored by Del.icio.us users for the - purpose of replaying during a web assessment. Finding unlinked and old pages. - }, - 'Author' => [ 'Rob Fuller ' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$')) - - register_options( - [ - OptString.new('DOMAIN', [ true, "Domain to request URLS for"]), - OptString.new('OUTFILE', [ false, "Where to output the list for use"]) - ], self.class) - - register_advanced_options( - [ - OptString.new('PROXY', [ false, "Proxy server to route connection. :",nil]), - OptString.new('PROXY_USER', [ false, "Proxy Server User",nil]), - OptString.new('PROXY_PASS', [ false, "Proxy Server Password",nil]) - ], self.class) - - end - - def pull_urls(targetdom) - response = "" - list = [] - lastpage = 0 - pagenum = 1 - while lastpage == 0 - print_status("Page number: " + pagenum.to_s) - header = { 'User-Agent' => "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/4.0.221.6 Safari/525.13"} - clnt = Net::HTTP::Proxy(@proxysrv,@proxyport,@proxyuser,@proxypass).new("www.delicious.com") - resp = clnt.get2("/search?p=site%3A"+targetdom+"&page="+pagenum.to_s,header) - response << resp.body - response.each_line do |line| - list << line.gsub!(/(.+ Date: Mon, 22 Oct 2012 20:53:17 +0200 Subject: [PATCH 14/23] Version cleanup Remove all values that are neither 0 nor $Revision$. --- modules/auxiliary/gather/d20pass.rb | 2 +- modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb | 2 +- modules/auxiliary/scanner/h323/h323_version.rb | 2 +- modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb | 2 +- modules/auxiliary/server/capture/drda.rb | 2 +- modules/auxiliary/server/http_ntlmrelay.rb | 3 +-- modules/auxiliary/vsploit/pii/web_pii.rb | 2 +- modules/encoders/x86/context_cpuid.rb | 2 +- modules/exploits/linux/http/webid_converter.rb | 2 +- modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb | 2 +- modules/exploits/multi/http/jboss_deploymentfilerepository.rb | 2 +- .../multi/http/struts_code_exec_exception_delegator.rb | 2 +- .../exploits/windows/browser/imgeviewer_tifmergemultifiles.rb | 2 +- .../exploits/windows/browser/viscom_movieplayer_drawtext.rb | 2 +- modules/exploits/windows/fileformat/csound_getnum_bof.rb | 2 +- modules/exploits/windows/fileformat/foxit_reader_launch.rb | 2 +- modules/exploits/windows/fileformat/mini_stream_pls_bof.rb | 2 +- modules/exploits/windows/fileformat/mplayer_sami_bof.rb | 2 +- .../exploits/windows/fileformat/orbit_download_failed_bof.rb | 1 - modules/exploits/windows/fileformat/vlc_realtext.rb | 2 +- modules/exploits/windows/http/bea_weblogic_post_bof.rb | 2 +- .../windows/http/landesk_thinkmanagement_upload_asp.rb | 2 +- modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb | 2 +- .../misc/citrix_streamprocess_get_boot_record_request.rb | 2 +- .../exploits/windows/misc/citrix_streamprocess_get_footer.rb | 2 +- .../exploits/windows/misc/citrix_streamprocess_get_objects.rb | 2 +- modules/exploits/windows/misc/gimp_script_fu.rb | 2 +- modules/exploits/windows/misc/hp_dataprotector_new_folder.rb | 2 +- modules/post/multi/manage/sudo.rb | 2 +- modules/post/windows/gather/credentials/imvu.rb | 2 +- modules/post/windows/gather/credentials/outlook.rb | 2 +- 31 files changed, 30 insertions(+), 32 deletions(-) diff --git a/modules/auxiliary/gather/d20pass.rb b/modules/auxiliary/gather/d20pass.rb index cee450d9c1..43df04d3d7 100644 --- a/modules/auxiliary/gather/d20pass.rb +++ b/modules/auxiliary/gather/d20pass.rb @@ -31,7 +31,7 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'K. Reid Wightman ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision: 1 $', + 'Version' => '$Revision$', 'DisclosureDate' => 'Jan 19 2012' )) diff --git a/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb b/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb index 374eb2aeb3..bc32a33858 100644 --- a/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb +++ b/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb @@ -13,7 +13,7 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'IPv6 Link Local/Node Local Ping Discovery', - 'Version' => '$Revision: 13962 $', + 'Version' => '$Revision$', 'Description' => %q{ Send a ICMPv6 ping request to all default multicast addresses, and wait to see who responds. }, diff --git a/modules/auxiliary/scanner/h323/h323_version.rb b/modules/auxiliary/scanner/h323/h323_version.rb index 894c068fb2..46996d1f8f 100644 --- a/modules/auxiliary/scanner/h323/h323_version.rb +++ b/modules/auxiliary/scanner/h323/h323_version.rb @@ -16,7 +16,7 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'H.323 Version Scanner', - 'Version' => '$Revision: 9804 $', + 'Version' => '$Revision$', 'Description' => 'Detect H.323 Version.', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb b/modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb index 59a3fc7750..3d479efee3 100644 --- a/modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb +++ b/modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb @@ -16,7 +16,7 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'Atlassian Crowd XML Entity Expansion Remote File Access', - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'Description' => %q{ This module simply attempts to read a remote file from the server using a vulnerability in the way Atlassian Crowd handles XML files. The vulnerability diff --git a/modules/auxiliary/server/capture/drda.rb b/modules/auxiliary/server/capture/drda.rb index 32af81f035..b71f9f1ce8 100644 --- a/modules/auxiliary/server/capture/drda.rb +++ b/modules/auxiliary/server/capture/drda.rb @@ -38,7 +38,7 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Authentication Capture: DRDA (DB2, Informix, Derby)', - 'Version' => '$Revision: 14774 $', + 'Version' => '$Revision$', 'Description' => %q{ This module provides a fake DRDA (DB2, Informix, Derby) server that is designed to capture authentication credentials. diff --git a/modules/auxiliary/server/http_ntlmrelay.rb b/modules/auxiliary/server/http_ntlmrelay.rb index a23072a310..2edb6392ec 100644 --- a/modules/auxiliary/server/http_ntlmrelay.rb +++ b/modules/auxiliary/server/http_ntlmrelay.rb @@ -35,7 +35,7 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super(update_info(info, 'Name' => 'HTTP Client MS Credential Relayer', - 'Version' => '$Revision:$', + 'Version' => '$Revision$', 'Description' => %q{ This module relays negotiated NTLM Credentials from an HTTP server to multiple protocols. Currently, this module supports relaying to SMB and HTTP. @@ -52,7 +52,6 @@ class Metasploit3 < Msf::Auxiliary [ 'Rich Lundeen ', ], - 'Version' => '$Revision:$', 'License' => MSF_LICENSE, 'Actions' => [ diff --git a/modules/auxiliary/vsploit/pii/web_pii.rb b/modules/auxiliary/vsploit/pii/web_pii.rb index f9b95c8381..7126189bb4 100644 --- a/modules/auxiliary/vsploit/pii/web_pii.rb +++ b/modules/auxiliary/vsploit/pii/web_pii.rb @@ -25,7 +25,7 @@ class Metasploit3 < Msf::Auxiliary 'Description' => 'This module emulates a webserver leaking PII data', 'License' => MSF_LICENSE, 'Author' => 'MJC', - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.metasploit.com'], diff --git a/modules/encoders/x86/context_cpuid.rb b/modules/encoders/x86/context_cpuid.rb index 860937d9f4..bd854efa4e 100644 --- a/modules/encoders/x86/context_cpuid.rb +++ b/modules/encoders/x86/context_cpuid.rb @@ -22,7 +22,7 @@ class Metasploit3 < Msf::Encoder::XorAdditiveFeedback def initialize super( 'Name' => 'CPUID-based Context Keyed Payload Encoder', - 'Version' => '$Revision: 1$', + 'Version' => '$Revision$', 'Description' => %q{ This is a Context-Keyed Payload Encoder based on CPUID and Shikata Ga Nai. }, diff --git a/modules/exploits/linux/http/webid_converter.rb b/modules/exploits/linux/http/webid_converter.rb index 585540d1c9..5f0eae911d 100644 --- a/modules/exploits/linux/http/webid_converter.rb +++ b/modules/exploits/linux/http/webid_converter.rb @@ -31,7 +31,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'OSVDB', '73609' ], [ 'EDB', '17487' ] ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'Privileged' => false, 'Platform' => ['php'], 'Arch' => ARCH_PHP, diff --git a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb index 8fc2b9b5b6..731b59e1cb 100644 --- a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb +++ b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb @@ -33,7 +33,7 @@ class Metasploit3 < Msf::Exploit::Remote 'Brendan Coles ', # Discovery and exploit ], 'License' => MSF_LICENSE, - 'Version' => '$Revision: 3 $', + 'Version' => '$Revision$', 'Privileged' => false, 'Arch' => ARCH_CMD, 'Platform' => 'unix', diff --git a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb index 7e84e55847..053fccccc1 100644 --- a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb +++ b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb @@ -28,7 +28,7 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC', 'Jacob Giannantonio', 'Patrick Hof', 'h0ng10' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision: 15620 $', + 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0738' ], # by using VERB other than GET/POST diff --git a/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb b/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb index 5a07039eb5..e33e0fa926 100644 --- a/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb +++ b/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb @@ -33,7 +33,7 @@ class Metasploit3 < Msf::Exploit::Remote 'mihi' # ARCH_JAVA support ], 'License' => MSF_LICENSE, - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2012-0391'], diff --git a/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb b/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb index c759aa93b1..236ec13602 100644 --- a/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb +++ b/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb @@ -32,7 +32,7 @@ class Metasploit3 < Msf::Exploit::Remote 'TecR0c ', # Metasploit module 'mr_me ' # Metasploit module ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ [ 'EDB', 15668 ], diff --git a/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb b/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb index 2fbbd82d1b..cd1c6320ed 100644 --- a/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb +++ b/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb @@ -32,7 +32,7 @@ class Metasploit3 < Msf::Exploit::Remote 'TecR0c ', # Metasploit module 'mr_me ' # Metasploit module ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0356' ], diff --git a/modules/exploits/windows/fileformat/csound_getnum_bof.rb b/modules/exploits/windows/fileformat/csound_getnum_bof.rb index ad1551a1ce..11390576f6 100644 --- a/modules/exploits/windows/fileformat/csound_getnum_bof.rb +++ b/modules/exploits/windows/fileformat/csound_getnum_bof.rb @@ -30,7 +30,7 @@ class Metasploit3 < Msf::Exploit::Remote 'Secunia', # Vulnerability discovery 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2012-0270' ], diff --git a/modules/exploits/windows/fileformat/foxit_reader_launch.rb b/modules/exploits/windows/fileformat/foxit_reader_launch.rb index 698771cb47..a698daff98 100644 --- a/modules/exploits/windows/fileformat/foxit_reader_launch.rb +++ b/modules/exploits/windows/fileformat/foxit_reader_launch.rb @@ -28,7 +28,7 @@ class Metasploit3 < Msf::Exploit::Remote 'Francisco Falcon', # Discovery 'bannedit' # Metasploit module ], - 'Version' => '$Revision: 14069 $', + 'Version' => '$Revision$', 'References' => [ [ 'CVE' , '2009-0837' ], diff --git a/modules/exploits/windows/fileformat/mini_stream_pls_bof.rb b/modules/exploits/windows/fileformat/mini_stream_pls_bof.rb index 7b33f47358..93ac7c5917 100644 --- a/modules/exploits/windows/fileformat/mini_stream_pls_bof.rb +++ b/modules/exploits/windows/fileformat/mini_stream_pls_bof.rb @@ -27,7 +27,7 @@ class Metasploit3 < Msf::Exploit::Remote 'Tiago Henriques', # metasploit module 'James Fitts' # clean ups ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ [ 'EDB', 14373 ], diff --git a/modules/exploits/windows/fileformat/mplayer_sami_bof.rb b/modules/exploits/windows/fileformat/mplayer_sami_bof.rb index 3de93967df..c3e4fcba29 100644 --- a/modules/exploits/windows/fileformat/mplayer_sami_bof.rb +++ b/modules/exploits/windows/fileformat/mplayer_sami_bof.rb @@ -29,7 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote 'Jacques Louw', # Vulnerability Discovery and PoC 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ [ 'BID', '49149' ], diff --git a/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb b/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb index d48d783b55..443b575891 100644 --- a/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb +++ b/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb @@ -28,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Diego Juarez', # Vulnerability discovery 'juan vazquez', # Metasploit module ], - 'Version' => '$ $', 'References' => [ [ 'BID', '28541' ], diff --git a/modules/exploits/windows/fileformat/vlc_realtext.rb b/modules/exploits/windows/fileformat/vlc_realtext.rb index 79f2e33021..7cec8a7364 100644 --- a/modules/exploits/windows/fileformat/vlc_realtext.rb +++ b/modules/exploits/windows/fileformat/vlc_realtext.rb @@ -32,7 +32,7 @@ class Metasploit3 < Msf::Exploit::Remote 'SkD', # Exploit 'juan vazquez' # Metasploit Module ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '49809' ], diff --git a/modules/exploits/windows/http/bea_weblogic_post_bof.rb b/modules/exploits/windows/http/bea_weblogic_post_bof.rb index 128c522cb0..5c9eafb89f 100644 --- a/modules/exploits/windows/http/bea_weblogic_post_bof.rb +++ b/modules/exploits/windows/http/bea_weblogic_post_bof.rb @@ -34,7 +34,7 @@ class Metasploit3 < Msf::Exploit::Remote 'KingCope', # Vulnerability Discovery and PoC 'juan vazquez', # Metasploit Module ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-3257' ], diff --git a/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb b/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb index 3f9a422f48..31261e648b 100644 --- a/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb +++ b/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb @@ -33,7 +33,7 @@ class Metasploit3 < Msf::Exploit::Remote 'Andrea Micalizzi', # aka rgod - Vulnerability Discovery and PoC 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'Platform' => 'win', 'References' => [ diff --git a/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb b/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb index 60a80569ee..9265d98094 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb @@ -31,7 +31,7 @@ class Metasploit3 < Msf::Exploit::Remote 'AbdulAziz Hariri', # Initial discovery via ZDI 'alino <26alino[at]gmail.com>' # Metasploit module ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ ['OSVDB', '75780'], diff --git a/modules/exploits/windows/misc/citrix_streamprocess_get_boot_record_request.rb b/modules/exploits/windows/misc/citrix_streamprocess_get_boot_record_request.rb index 12ee128f78..2dc4ce226a 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess_get_boot_record_request.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess_get_boot_record_request.rb @@ -28,7 +28,7 @@ class Metasploit3 < Msf::Exploit::Remote 'alino <26alino[at]gmail.com>', # citrix_streamprocess_data_msg author 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ ['OSVDB', '75780'], diff --git a/modules/exploits/windows/misc/citrix_streamprocess_get_footer.rb b/modules/exploits/windows/misc/citrix_streamprocess_get_footer.rb index 004e550e1e..33f13c20a2 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess_get_footer.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess_get_footer.rb @@ -28,7 +28,7 @@ class Metasploit3 < Msf::Exploit::Remote 'alino <26alino[at]gmail.com>', # citrix_streamprocess_data_msg author 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ ['OSVDB', '75780'], diff --git a/modules/exploits/windows/misc/citrix_streamprocess_get_objects.rb b/modules/exploits/windows/misc/citrix_streamprocess_get_objects.rb index ed92d421d6..bb92d02b25 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess_get_objects.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess_get_objects.rb @@ -29,7 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote 'alino <26alino[at]gmail.com>', # citrix_streamprocess_data_msg author 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ ['OSVDB', '75780'], diff --git a/modules/exploits/windows/misc/gimp_script_fu.rb b/modules/exploits/windows/misc/gimp_script_fu.rb index 6fb3a43ed0..8e96415b39 100644 --- a/modules/exploits/windows/misc/gimp_script_fu.rb +++ b/modules/exploits/windows/misc/gimp_script_fu.rb @@ -29,7 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote 'Joseph Sheridan', # Vulnerability Discovery and PoC 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2012-2763' ], diff --git a/modules/exploits/windows/misc/hp_dataprotector_new_folder.rb b/modules/exploits/windows/misc/hp_dataprotector_new_folder.rb index fea85b7d75..6d97fb05b5 100644 --- a/modules/exploits/windows/misc/hp_dataprotector_new_folder.rb +++ b/modules/exploits/windows/misc/hp_dataprotector_new_folder.rb @@ -37,7 +37,7 @@ class Metasploit3 < Msf::Exploit::Remote 'juan vazquez', 'sinn3r' ], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2012-0124' ], diff --git a/modules/post/multi/manage/sudo.rb b/modules/post/multi/manage/sudo.rb index b1d654989c..f80cbb92d3 100644 --- a/modules/post/multi/manage/sudo.rb +++ b/modules/post/multi/manage/sudo.rb @@ -34,7 +34,7 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'todb '], - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'Platform' => [ 'linux','unix','osx','solaris','aix' ], 'References' => [ diff --git a/modules/post/windows/gather/credentials/imvu.rb b/modules/post/windows/gather/credentials/imvu.rb index 1caebb1051..6c27b0d04e 100644 --- a/modules/post/windows/gather/credentials/imvu.rb +++ b/modules/post/windows/gather/credentials/imvu.rb @@ -34,7 +34,7 @@ class Metasploit3 < Msf::Post 'Shubham Dawra ' # www.SecurityXploded.com ], 'License' => MSF_LICENSE, - 'Version' => '$Revision: 14100 $', + 'Version' => '$Revision$', 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/outlook.rb b/modules/post/windows/gather/credentials/outlook.rb index a236496258..748f511119 100644 --- a/modules/post/windows/gather/credentials/outlook.rb +++ b/modules/post/windows/gather/credentials/outlook.rb @@ -31,7 +31,7 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'Justin Cacak'], - 'Version' => '$Revision: 14835 $', + 'Version' => '$Revision$', 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ] )) From 6147b332f1e5c3269dccb71df5cbcf7759a8ed27 Mon Sep 17 00:00:00 2001 From: James Lee Date: Mon, 22 Oct 2012 14:15:58 -0500 Subject: [PATCH 15/23] Rescue when the service is crashed Failed exploit attempts leave the service in a state where the port is still open but login attmempts reset the connection. Rescue that and give the user an indication of what's going on. --- .../exploits/windows/smb/ms08_067_netapi.rb | 22 +++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/modules/exploits/windows/smb/ms08_067_netapi.rb b/modules/exploits/windows/smb/ms08_067_netapi.rb index 8d50d9bf4a..e60da6e5a3 100644 --- a/modules/exploits/windows/smb/ms08_067_netapi.rb +++ b/modules/exploits/windows/smb/ms08_067_netapi.rb @@ -807,8 +807,18 @@ class Metasploit3 < Msf::Exploit::Remote def exploit - connect() - smb_login() + begin + connect() + smb_login() + rescue Rex::Proto::SMB::Exceptions::LoginError => e + if (e.message =~ /Connection reset/) + print_error("Connection reset during login") + print_error("This most likely means a previous exploit attempt caused the service to crash") + return + else + raise e + end + end # Use a copy of the target mytarget = target @@ -1052,6 +1062,14 @@ class Metasploit3 < Msf::Exploit::Remote rescue Rex::ConnectionError => e print_error("Connection failed: #{e.class}: #{e}") return + rescue Rex::Proto::SMB::Exceptions::LoginError => e + if (e.message =~ /Connection reset/) + print_error("Connection reset during login") + print_error("This most likely means a previous exploit attempt caused the service to crash") + return Msf::Exploit::CheckCode::Unknown + else + raise e + end end # From eb76c46ddd4bf5a07a8c7a5374045958ec068a48 Mon Sep 17 00:00:00 2001 From: Michael Schierl Date: Mon, 22 Oct 2012 21:24:36 +0200 Subject: [PATCH 16/23] Infohash key cleanups Replace obvious typos in infohash keys. Note that this *does* affect the behaviour as those keys have been ignored before. --- modules/exploits/linux/local/udev_netlink.rb | 2 +- modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/exploits/linux/local/udev_netlink.rb b/modules/exploits/linux/local/udev_netlink.rb index 91f560d713..c9fcd64d47 100644 --- a/modules/exploits/linux/local/udev_netlink.rb +++ b/modules/exploits/linux/local/udev_netlink.rb @@ -60,7 +60,7 @@ class Metasploit4 < Msf::Exploit::Local [ 'Linux x64', { 'Arch' => ARCH_X86_64 } ], #[ 'Command payload', { 'Arch' => ARCH_CMD } ], ], - 'DefaultOptons' => { 'WfsDelay' => 2 }, + 'DefaultOptions' => { 'WfsDelay' => 2 }, 'DefaultTarget' => 0, 'DisclosureDate' => "Apr 16 2009", } diff --git a/modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb b/modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb index fbea3a7691..f9c5a4b47f 100644 --- a/modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb +++ b/modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb @@ -43,7 +43,7 @@ class Metasploit4 < Msf::Exploit::Remote { 'BadChars' => "\x00\x3a\x3b\x3d\x3c\x3e\x0a\x0d\x22\x26\x27\x2f\x60\xb4", }, - 'Platforms' => [ 'win' ], + 'Platform' => [ 'win' ], 'Targets' => [ [ From 601ecec2cf73e948204f212be14ac15e232301ca Mon Sep 17 00:00:00 2001 From: James Lee Date: Mon, 22 Oct 2012 15:16:55 -0500 Subject: [PATCH 17/23] Use opts.usage instead of a Table --- .../console/command_dispatcher/stdapi/sys.rb | 28 +++++-------------- 1 file changed, 7 insertions(+), 21 deletions(-) diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb index 5e09ef8cd5..485c2c4b9b 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb @@ -43,14 +43,14 @@ class Console::CommandDispatcher::Stdapi::Sys "-t" => [ true, "The registry value type (E.g. REG_SZ)." ], "-v" => [ true, "The registry value name (E.g. Stuff)." ], "-r" => [ true, "The remote machine name to connect to (with current process credentials" ], - "-w" => [ false, "Set KEY_WOW64 flag, valid values [32|64]." ]) + "-w" => [ false, "Set KEY_WOW64 flag, valid values [32|64]." ]) @@ps_opts = Rex::Parser::Arguments.new( - "-h" => [false, "Help menu."], - "-S" => [true, "RegEx term to filter on process name with "], - "-A" => [true, "Arch to filter on (x86 or x86_64"], - "-s" =>[false, "Show only SYSTEM processes"], - "-U" => [true, "RegEx term to filter on user name with"]) + "-h" => [ false, "Help menu." ], + "-S" => [ true, "Filters processes on the process name using the supplied RegEx"], + "-A" => [ true, "Filters processes on architecture (x86 or x86_64)" ], + "-s" => [ false, "Show only SYSTEM processes" ], + "-U" => [ true, "Filters processes on the user using the supplied RegEx" ]) # # List of supported commands. @@ -343,21 +343,7 @@ class Console::CommandDispatcher::Stdapi::Sys print_line "Use the command with no arguments to see all running processes." print_line "The following options can be used to filter those results:" - tbl = Rex::Ui::Text::Table.new( - 'Header' => "Options List", - 'Indent' => 1, - 'Columns' => - [ - "Option", - "Details" - ] - ) - - tbl << ["-s", "Display only SYSTEM processes"] - tbl << ["-S ", "Filters processes on the process name using the supplied RegEx"] - tbl << ["-A ", "Filters processes on the arch. (x86, x86_64)"] - tbl << ["-U ", "Filters processes on the user using the supplied RegEx"] - print_line tbl.to_s + print_line @@ps_opts.usage end From f1829b40e1f7a7620acb1b6206087fd54a6f7806 Mon Sep 17 00:00:00 2001 From: Michael Schierl Date: Mon, 22 Oct 2012 22:34:47 +0200 Subject: [PATCH 18/23] References cleanup Uppercase MSB, spaces in URLs. --- modules/exploits/windows/fileformat/ms12_005.rb | 2 +- modules/exploits/windows/iis/ms02_065_msadc.rb | 2 +- modules/exploits/windows/iis/msadc.rb | 4 ++-- modules/exploits/windows/local/bypassuac.rb | 2 +- modules/post/windows/escalate/bypassuac.rb | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/exploits/windows/fileformat/ms12_005.rb b/modules/exploits/windows/fileformat/ms12_005.rb index 6364632d08..4cbfa12ec1 100644 --- a/modules/exploits/windows/fileformat/ms12_005.rb +++ b/modules/exploits/windows/fileformat/ms12_005.rb @@ -36,7 +36,7 @@ class Metasploit3 < Msf::Exploit::Remote [ ['CVE', '2012-0013'], ['OSVDB', '78207'], - ['MSB', 'ms12-005'], + ['MSB', 'MS12-005'], ['BID', '51284'], ['URL', 'http://support.microsoft.com/default.aspx?scid=kb;EN-US;2584146'], ['URL', 'http://exploitshop.wordpress.com/2012/01/14/ms12-005-embedded-object-package-allow-arbitrary-code-execution/'] diff --git a/modules/exploits/windows/iis/ms02_065_msadc.rb b/modules/exploits/windows/iis/ms02_065_msadc.rb index 435fd68ec0..ce315ae0a8 100644 --- a/modules/exploits/windows/iis/ms02_065_msadc.rb +++ b/modules/exploits/windows/iis/ms02_065_msadc.rb @@ -36,7 +36,7 @@ class Metasploit3 < Msf::Exploit::Remote ['OSVDB', '14502'], ['BID', '6214'], ['CVE', '2002-1142'], - ['MSB', 'ms02-065'], + ['MSB', 'MS02-065'], ['URL', 'http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html'] ], 'Privileged' => false, diff --git a/modules/exploits/windows/iis/msadc.rb b/modules/exploits/windows/iis/msadc.rb index 4cdb4be539..5f5c6ab8c1 100644 --- a/modules/exploits/windows/iis/msadc.rb +++ b/modules/exploits/windows/iis/msadc.rb @@ -42,8 +42,8 @@ class Metasploit3 < Msf::Exploit::Remote ['OSVDB', '272'], ['BID', '529'], ['CVE', '1999-1011'], - ['MSB', 'ms98-004'], - ['MSB', 'ms99-025'] + ['MSB', 'MS98-004'], + ['MSB', 'MS99-025'] ], 'Targets' => [ diff --git a/modules/exploits/windows/local/bypassuac.rb b/modules/exploits/windows/local/bypassuac.rb index 3788b2c7ee..983600d305 100644 --- a/modules/exploits/windows/local/bypassuac.rb +++ b/modules/exploits/windows/local/bypassuac.rb @@ -38,7 +38,7 @@ class Metasploit3 < Msf::Exploit::Local 'Targets' => [ [ 'Windows', {} ] ], 'DefaultTarget' => 0, 'References' => [ - [ 'URL', ' http://www.trustedsec.com/december-2010/bypass-windows-uac/' ] + [ 'URL', 'http://www.trustedsec.com/december-2010/bypass-windows-uac/' ] ], 'DisclosureDate'=> "Dec 31 2010" )) diff --git a/modules/post/windows/escalate/bypassuac.rb b/modules/post/windows/escalate/bypassuac.rb index 06ef199e58..9c88439bc4 100644 --- a/modules/post/windows/escalate/bypassuac.rb +++ b/modules/post/windows/escalate/bypassuac.rb @@ -28,7 +28,7 @@ class Metasploit3 < Msf::Post 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ], 'References' => [ - [ 'URL', ' http://www.trustedsec.com/december-2010/bypass-windows-uac/' ] + [ 'URL', 'http://www.trustedsec.com/december-2010/bypass-windows-uac/' ] ], 'DisclosureDate'=> "Dec 31 2010" )) From e675f4e901ce1b2d06bdd4d68c902b602b7c3ef7 Mon Sep 17 00:00:00 2001 From: Rob Fuller Date: Mon, 22 Oct 2012 17:01:58 -0400 Subject: [PATCH 19/23] standardizing author info --- lib/msf/core/module/author.rb | 3 ++- modules/auxiliary/scanner/http/enum_wayback.rb | 2 +- modules/auxiliary/scanner/http/httpbl_lookup.rb | 2 +- modules/exploits/windows/local/ask.rb | 4 +--- modules/exploits/windows/local/bypassuac.rb | 2 +- modules/post/windows/capture/lockout_keylogger.rb | 2 +- modules/post/windows/escalate/droplnk.rb | 2 +- modules/post/windows/gather/cachedump.rb | 5 ++++- modules/post/windows/gather/credentials/gpp.rb | 2 +- modules/post/windows/gather/credentials/mremote.rb | 2 +- modules/post/windows/gather/credentials/vnc.rb | 6 ++++-- modules/post/windows/gather/enum_domains.rb | 2 +- modules/post/windows/gather/enum_proxy.rb | 2 +- modules/post/windows/gather/enum_termserv.rb | 2 +- modules/post/windows/gather/reverse_lookup.rb | 2 +- modules/post/windows/gather/tcpnetstat.rb | 2 +- modules/post/windows/manage/clone_proxy_settings.rb | 2 +- modules/post/windows/recon/computer_browser_discovery.rb | 2 +- modules/post/windows/recon/resolve_hostname.rb | 2 +- modules/post/windows/recon/resolve_ip.rb | 2 +- 20 files changed, 27 insertions(+), 23 deletions(-) diff --git a/lib/msf/core/module/author.rb b/lib/msf/core/module/author.rb index 9cf4a0ef52..81ade99a2e 100644 --- a/lib/msf/core/module/author.rb +++ b/lib/msf/core/module/author.rb @@ -43,7 +43,8 @@ class Msf::Module::Author 'amaloteaux' => 'alex_maloteaux' + 0x40.chr + 'metasploit.com', 'Carlos Perez' => 'carlos_perez' + 0x40.chr + 'darkoperator.com', 'juan vazquez' => 'juan.vazquez' + 0x40.chr + 'metasploit.com', - 'theLightCosine' => 'theLightCosine' + 0x40.chr + 'metasploit.com' + 'theLightCosine' => 'theLightCosine' + 0x40.chr + 'metasploit.com', + 'mubix' => 'mubix' + 0x40.chr + 'hak5.org' } # diff --git a/modules/auxiliary/scanner/http/enum_wayback.rb b/modules/auxiliary/scanner/http/enum_wayback.rb index e3725f4616..15f821499e 100644 --- a/modules/auxiliary/scanner/http/enum_wayback.rb +++ b/modules/auxiliary/scanner/http/enum_wayback.rb @@ -22,7 +22,7 @@ class Metasploit3 < Msf::Auxiliary This module pulls and parses the URLs stored by Archive.org for the purpose of replaying during a web assessment. Finding unlinked and old pages. }, - 'Author' => [ 'Rob Fuller ' ], + 'Author' => [ 'mubix' ], 'License' => MSF_LICENSE, 'Version' => '$Revision$' )) diff --git a/modules/auxiliary/scanner/http/httpbl_lookup.rb b/modules/auxiliary/scanner/http/httpbl_lookup.rb index b4b0f7b74f..ebb13a1247 100644 --- a/modules/auxiliary/scanner/http/httpbl_lookup.rb +++ b/modules/auxiliary/scanner/http/httpbl_lookup.rb @@ -23,7 +23,7 @@ class Metasploit3 < Msf::Auxiliary This module can be used to enumerate information about an IP addresses from Project HoneyPot's HTTP Block List. }, - 'Author' => [ 'Rob Fuller ' ], + 'Author' => [ 'mubix' ], 'License' => MSF_LICENSE, 'Version' => '$Revision$', 'References' => diff --git a/modules/exploits/windows/local/ask.rb b/modules/exploits/windows/local/ask.rb index 95009ac41d..88a8657f6b 100644 --- a/modules/exploits/windows/local/ask.rb +++ b/modules/exploits/windows/local/ask.rb @@ -27,9 +27,7 @@ class Metasploit3 < Msf::Exploit::Local UAC settings. }, 'License' => MSF_LICENSE, - 'Author' => [ - 'mubix ' # Port to local exploit - ], + 'Author' => [ 'mubix' ], 'Version' => '$Revision$', 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ], diff --git a/modules/exploits/windows/local/bypassuac.rb b/modules/exploits/windows/local/bypassuac.rb index 983600d305..e297048830 100644 --- a/modules/exploits/windows/local/bypassuac.rb +++ b/modules/exploits/windows/local/bypassuac.rb @@ -30,7 +30,7 @@ class Metasploit3 < Msf::Exploit::Local 'Author' => [ 'David Kennedy "ReL1K" ', 'mitnick', - 'mubix ' # Port to local exploit + 'mubix' # Port to local exploit ], 'Version' => '$Revision$', 'Platform' => [ 'windows' ], diff --git a/modules/post/windows/capture/lockout_keylogger.rb b/modules/post/windows/capture/lockout_keylogger.rb index b9157b7034..c3e267b4f2 100644 --- a/modules/post/windows/capture/lockout_keylogger.rb +++ b/modules/post/windows/capture/lockout_keylogger.rb @@ -25,7 +25,7 @@ class Metasploit3 < Msf::Post Winlogon.exe. Using idle time and natural system changes to give a false sense of security to the user.}, 'License' => MSF_LICENSE, - 'Author' => ['Rob Fuller ', 'cg'], + 'Author' => [ 'mubix', 'cg' ], 'Version' => '$Revision$', 'Platform' => ['windows'], 'SessionTypes' => ['meterpreter'], diff --git a/modules/post/windows/escalate/droplnk.rb b/modules/post/windows/escalate/droplnk.rb index d2f0231d8e..952a279f30 100644 --- a/modules/post/windows/escalate/droplnk.rb +++ b/modules/post/windows/escalate/droplnk.rb @@ -19,7 +19,7 @@ class Metasploit3 < Msf::Post connections to be initiated from any user that views the shortcut. }, 'License' => MSF_LICENSE, - 'Author' => [ 'Rob Fuller '], + 'Author' => [ 'mubix' ], 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/cachedump.rb b/modules/post/windows/gather/cachedump.rb index 3d84215cd6..f11137f1cf 100644 --- a/modules/post/windows/gather/cachedump.rb +++ b/modules/post/windows/gather/cachedump.rb @@ -27,7 +27,10 @@ class Metasploit3 < Msf::Post cached as a result of a GPO setting. The default setting on Windows is to store the last ten successful logins.}, 'License' => MSF_LICENSE, - 'Author' => ['Maurizio Agazzini ','Rob Fuller '], + 'Author' => [ + 'Maurizio Agazzini ', + 'mubix' + ], 'Version' => '$Revision$', 'Platform' => ['windows'], 'SessionTypes' => ['meterpreter'], diff --git a/modules/post/windows/gather/credentials/gpp.rb b/modules/post/windows/gather/credentials/gpp.rb index 4e337910a2..83d614a062 100644 --- a/modules/post/windows/gather/credentials/gpp.rb +++ b/modules/post/windows/gather/credentials/gpp.rb @@ -33,7 +33,7 @@ class Metasploit3 < Msf::Post 'Loic Jaquemet ', 'scriptmonkey ', 'theLightCosine', - 'Rob Fuller ' #domain/dc enumeration code + 'mubix' #domain/dc enumeration code ], 'References' => [ diff --git a/modules/post/windows/gather/credentials/mremote.rb b/modules/post/windows/gather/credentials/mremote.rb index 25bece5d7a..041a73a45f 100644 --- a/modules/post/windows/gather/credentials/mremote.rb +++ b/modules/post/windows/gather/credentials/mremote.rb @@ -35,7 +35,7 @@ class Metasploit3 < Msf::Post [ 'theLightCosine', 'hdm', #Helped write the Decryption Routine - 'Rob Fuller ' #Helped write the Decryption Routine + 'mubix' #Helped write the Decryption Routine ], 'Version' => '$Revision$', 'Platform' => [ 'windows' ], diff --git a/modules/post/windows/gather/credentials/vnc.rb b/modules/post/windows/gather/credentials/vnc.rb index 1bf93f654e..0a31c63fd4 100644 --- a/modules/post/windows/gather/credentials/vnc.rb +++ b/modules/post/windows/gather/credentials/vnc.rb @@ -30,8 +30,10 @@ class Metasploit3 < Msf::Post This module extract DES encrypted passwords in known VNC locations }, 'License' => MSF_LICENSE, - 'Author' => ['Kurt Grutzmacher ', - 'Rob Fuller '], + 'Author' => [ + 'Kurt Grutzmacher ', + 'mubix' + ], 'Version' => '$Revision$', 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ] diff --git a/modules/post/windows/gather/enum_domains.rb b/modules/post/windows/gather/enum_domains.rb index ceb18b1865..1ed481a319 100644 --- a/modules/post/windows/gather/enum_domains.rb +++ b/modules/post/windows/gather/enum_domains.rb @@ -18,7 +18,7 @@ class Metasploit3 < Msf::Post controllers for that domain. }, 'License' => MSF_LICENSE, - 'Author' => [ 'Rob Fuller '], + 'Author' => [ 'mubix' ], 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/enum_proxy.rb b/modules/post/windows/gather/enum_proxy.rb index 44867f13e2..d6f62b70e6 100644 --- a/modules/post/windows/gather/enum_proxy.rb +++ b/modules/post/windows/gather/enum_proxy.rb @@ -24,7 +24,7 @@ class Metasploit3 < Msf::Post are set it pulls the current user, else it will pull the user's settings specified SID and target host. }, - 'Author' => [ 'mubix ' ], + 'Author' => [ 'mubix' ], 'License' => MSF_LICENSE, 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ] diff --git a/modules/post/windows/gather/enum_termserv.rb b/modules/post/windows/gather/enum_termserv.rb index e779647c46..44f0f4d969 100644 --- a/modules/post/windows/gather/enum_termserv.rb +++ b/modules/post/windows/gather/enum_termserv.rb @@ -30,7 +30,7 @@ class Metasploit3 < Msf::Post This module dumps MRU and connection data for RDP sessions }, 'License' => MSF_LICENSE, - 'Author' => ['Rob Fuller '], + 'Author' => [ 'mubix' ], 'Version' => '$Revision$', 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ] diff --git a/modules/post/windows/gather/reverse_lookup.rb b/modules/post/windows/gather/reverse_lookup.rb index 3b2cc39299..363aaf9f76 100644 --- a/modules/post/windows/gather/reverse_lookup.rb +++ b/modules/post/windows/gather/reverse_lookup.rb @@ -25,7 +25,7 @@ class Metasploit3 < Msf::Post 'Version' => '$Revision$', 'Platform' => ['windows'], 'SessionTypes' => ['meterpreter'], - 'Author' => ['mubix'] + 'Author' => [ 'mubix' ] )) register_options( [ diff --git a/modules/post/windows/gather/tcpnetstat.rb b/modules/post/windows/gather/tcpnetstat.rb index 1030111a8b..d1eafb072f 100644 --- a/modules/post/windows/gather/tcpnetstat.rb +++ b/modules/post/windows/gather/tcpnetstat.rb @@ -25,7 +25,7 @@ class Metasploit3 < Msf::Post 'Name' => 'Windows Gather TCP Netstat', 'Description' => %q{ This Module lists current TCP sessions}, 'License' => MSF_LICENSE, - 'Author' => [ 'Rob Fuller '], + 'Author' => [ 'mubix' ], 'Version' => '$Revision$', 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter'] diff --git a/modules/post/windows/manage/clone_proxy_settings.rb b/modules/post/windows/manage/clone_proxy_settings.rb index 2ea6c63d5b..4393ed8716 100644 --- a/modules/post/windows/manage/clone_proxy_settings.rb +++ b/modules/post/windows/manage/clone_proxy_settings.rb @@ -24,7 +24,7 @@ class Metasploit3 < Msf::Post targeted user SID, supports remote hosts as well if remote registry is allowed. }, - 'Author' => [ 'mubix ' ], + 'Author' => [ 'mubix' ], 'License' => MSF_LICENSE, 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ] diff --git a/modules/post/windows/recon/computer_browser_discovery.rb b/modules/post/windows/recon/computer_browser_discovery.rb index cda59b745e..9fdfd36568 100644 --- a/modules/post/windows/recon/computer_browser_discovery.rb +++ b/modules/post/windows/recon/computer_browser_discovery.rb @@ -27,7 +27,7 @@ class Metasploit3 < Msf::Post WINDOWS (all Windows hosts), or UNIX (all Unix hosts). }, 'License' => MSF_LICENSE, - 'Author' => [ 'Rob Fuller '], + 'Author' => [ 'mubix' ], 'Version' => '$Revision$', 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ] diff --git a/modules/post/windows/recon/resolve_hostname.rb b/modules/post/windows/recon/resolve_hostname.rb index 4bf64294a5..9e9b2006ae 100644 --- a/modules/post/windows/recon/resolve_hostname.rb +++ b/modules/post/windows/recon/resolve_hostname.rb @@ -15,7 +15,7 @@ class Metasploit3 < Msf::Post 'Name' => 'Windows Recon Resolve Hostname', 'Description' => %q{ This module resolves a hostname to IP address via the victim, similiar to the Unix dig command}, 'License' => MSF_LICENSE, - 'Author' => [ 'mubix '], + 'Author' => [ 'mubix' ], 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/recon/resolve_ip.rb b/modules/post/windows/recon/resolve_ip.rb index 56c05c1a35..792c68454a 100644 --- a/modules/post/windows/recon/resolve_ip.rb +++ b/modules/post/windows/recon/resolve_ip.rb @@ -19,7 +19,7 @@ class Metasploit3 < Msf::Post 'Name' => 'Windows Recon Resolve IP', 'Description' => %q{ This module reverse resolves a range or IP to a hostname}, 'License' => MSF_LICENSE, - 'Author' => [ 'mubix '], + 'Author' => [ 'mubix' ], 'Version' => '$Revision$', 'Platform' => [ 'windows' ], 'SessionTypes' => [ 'meterpreter' ] From 7d531dcbba6a16c6ad150a28692ff4ba09e16048 Mon Sep 17 00:00:00 2001 From: Rob Fuller Date: Mon, 22 Oct 2012 17:07:58 -0400 Subject: [PATCH 20/23] fix spacing --- lib/msf/core/module/author.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/msf/core/module/author.rb b/lib/msf/core/module/author.rb index 81ade99a2e..40cb980781 100644 --- a/lib/msf/core/module/author.rb +++ b/lib/msf/core/module/author.rb @@ -44,7 +44,7 @@ class Msf::Module::Author 'Carlos Perez' => 'carlos_perez' + 0x40.chr + 'darkoperator.com', 'juan vazquez' => 'juan.vazquez' + 0x40.chr + 'metasploit.com', 'theLightCosine' => 'theLightCosine' + 0x40.chr + 'metasploit.com', - 'mubix' => 'mubix' + 0x40.chr + 'hak5.org' + 'mubix' => 'mubix' + 0x40.chr + 'hak5.org' } # From e84abef63b67b4e999913e3ad2a23ec57b4363be Mon Sep 17 00:00:00 2001 From: Rob Fuller Date: Mon, 22 Oct 2012 17:22:37 -0400 Subject: [PATCH 21/23] fix spacing for all authors --- lib/msf/core/module/author.rb | 66 +++++++++++++++++------------------ 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/lib/msf/core/module/author.rb b/lib/msf/core/module/author.rb index 40cb980781..adee15d752 100644 --- a/lib/msf/core/module/author.rb +++ b/lib/msf/core/module/author.rb @@ -12,39 +12,39 @@ class Msf::Module::Author # A hash of known author names Known = { - 'hdm' => 'hdm' + 0x40.chr + 'metasploit.com', - 'spoonm' => 'spoonm' + 0x40.chr + 'no$email.com', - 'skape' => 'mmiller' + 0x40.chr + 'hick.org', - 'vlad902' => 'vlad902' + 0x40.chr + 'gmail.com', - 'optyx' => 'optyx' + 0x40.chr + 'no$email.com', - 'anonymous' => 'anonymous-contributor' + 0x40.chr + 'metasploit.com', - 'stinko' => 'vinnie' + 0x40.chr + 'metasploit.com', - 'MC' => 'mc' + 0x40.chr + 'metasploit.com', - 'cazz' => 'bmc' + 0x40.chr + 'shmoo.com', - 'pusscat' => 'pusscat' + 0x40.chr + 'metasploit.com', - 'skylined' => 'skylined' + 0x40.chr + 'edup.tudelft.nl', - 'patrick' => 'patrick' + 0x40.chr + 'osisecurity.com.au', - 'Ramon de C Valle'=> 'rcvalle' + 0x40.chr + 'metasploit.com', - 'I)ruid' => 'druid' + 0x40.chr + 'caughq.org', - 'egypt' => 'egypt' + 0x40.chr + 'metasploit.com', - 'kris katterjohn' => 'katterjohn' + 0x40.chr + 'gmail.com', - 'CG' => 'cg' + 0x40.chr + 'carnal0wnage.com', - 'et' => 'et' + 0x40.chr + 'metasploit.com', - 'sf' => 'stephen_fewer' + 0x40.chr + 'harmonysecurity.com', - 'kf' => 'kf_list' + 0x40.chr + 'digitalmunition.com', - 'ddz' => 'ddz' + 0x40.chr + 'theta44.org', - 'jduck' => 'jduck' + 0x40.chr + 'metasploit.com', - 'natron' => 'natron' + 0x40.chr + 'metasploit.com', - 'todb' => 'todb' + 0x40.chr + 'metasploit.com', - 'msmith' => 'msmith' + 0x40.chr + 'metasploit.com', - 'jcran' => 'jcran' + 0x40.chr + 'metasploit.com', - 'sinn3r' => 'sinn3r' + 0x40.chr + 'metasploit.com', - 'bannedit' => 'bannedit' + 0x40.chr + 'metasploit.com', - 'amaloteaux' => 'alex_maloteaux' + 0x40.chr + 'metasploit.com', - 'Carlos Perez' => 'carlos_perez' + 0x40.chr + 'darkoperator.com', - 'juan vazquez' => 'juan.vazquez' + 0x40.chr + 'metasploit.com', - 'theLightCosine' => 'theLightCosine' + 0x40.chr + 'metasploit.com', - 'mubix' => 'mubix' + 0x40.chr + 'hak5.org' + 'hdm' => 'hdm' + 0x40.chr + 'metasploit.com', + 'spoonm' => 'spoonm' + 0x40.chr + 'no$email.com', + 'skape' => 'mmiller' + 0x40.chr + 'hick.org', + 'vlad902' => 'vlad902' + 0x40.chr + 'gmail.com', + 'optyx' => 'optyx' + 0x40.chr + 'no$email.com', + 'anonymous' => 'anonymous-contributor' + 0x40.chr + 'metasploit.com', + 'stinko' => 'vinnie' + 0x40.chr + 'metasploit.com', + 'MC' => 'mc' + 0x40.chr + 'metasploit.com', + 'cazz' => 'bmc' + 0x40.chr + 'shmoo.com', + 'pusscat' => 'pusscat' + 0x40.chr + 'metasploit.com', + 'skylined' => 'skylined' + 0x40.chr + 'edup.tudelft.nl', + 'patrick' => 'patrick' + 0x40.chr + 'osisecurity.com.au', + 'Ramon de C Valle' => 'rcvalle' + 0x40.chr + 'metasploit.com', + 'I)ruid' => 'druid' + 0x40.chr + 'caughq.org', + 'egypt' => 'egypt' + 0x40.chr + 'metasploit.com', + 'kris katterjohn' => 'katterjohn' + 0x40.chr + 'gmail.com', + 'CG' => 'cg' + 0x40.chr + 'carnal0wnage.com', + 'et' => 'et' + 0x40.chr + 'metasploit.com', + 'sf' => 'stephen_fewer' + 0x40.chr + 'harmonysecurity.com', + 'kf' => 'kf_list' + 0x40.chr + 'digitalmunition.com', + 'ddz' => 'ddz' + 0x40.chr + 'theta44.org', + 'jduck' => 'jduck' + 0x40.chr + 'metasploit.com', + 'natron' => 'natron' + 0x40.chr + 'metasploit.com', + 'todb' => 'todb' + 0x40.chr + 'metasploit.com', + 'msmith' => 'msmith' + 0x40.chr + 'metasploit.com', + 'jcran' => 'jcran' + 0x40.chr + 'metasploit.com', + 'sinn3r' => 'sinn3r' + 0x40.chr + 'metasploit.com', + 'bannedit' => 'bannedit' + 0x40.chr + 'metasploit.com', + 'amaloteaux' => 'alex_maloteaux' + 0x40.chr + 'metasploit.com', + 'Carlos Perez' => 'carlos_perez' + 0x40.chr + 'darkoperator.com', + 'juan vazquez' => 'juan.vazquez' + 0x40.chr + 'metasploit.com', + 'theLightCosine' => 'theLightCosine' + 0x40.chr + 'metasploit.com', + 'mubix' => 'mubix' + 0x40.chr + 'hak5.org' } # From 5c9b33b8fd18830e4378b2413aec0729f26b2c0a Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 22 Oct 2012 17:18:14 -0500 Subject: [PATCH 22/23] Add a missing post require --- modules/post/windows/gather/enum_proxy.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/post/windows/gather/enum_proxy.rb b/modules/post/windows/gather/enum_proxy.rb index d6f62b70e6..60ed0233dc 100644 --- a/modules/post/windows/gather/enum_proxy.rb +++ b/modules/post/windows/gather/enum_proxy.rb @@ -10,6 +10,7 @@ ## require 'msf/core' +require 'msf/core/post/windows/services' class Metasploit3 < Msf::Post @@ -108,4 +109,4 @@ class Metasploit3 < Msf::Post end -end \ No newline at end of file +end From b48e355a6d5a474896aceea18a958365ff5ce62c Mon Sep 17 00:00:00 2001 From: corelanc0d3r Date: Wed, 24 Oct 2012 20:04:54 +0200 Subject: [PATCH 23/23] fixed typo and defined badchars --- modules/exploits/windows/ftp/turboftp_port.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/exploits/windows/ftp/turboftp_port.rb b/modules/exploits/windows/ftp/turboftp_port.rb index 1e71610e63..12e5870827 100644 --- a/modules/exploits/windows/ftp/turboftp_port.rb +++ b/modules/exploits/windows/ftp/turboftp_port.rb @@ -23,7 +23,7 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ - 'Zhao Liang', #Initial Descovery + 'Zhao Liang', #Initial Discovery 'Lincoln', #Metasploit 'corelanc0d3r', #Metasploit 'thelightcosine' #Metasploit @@ -36,9 +36,7 @@ class Metasploit3 < Msf::Exploit::Remote ], 'Payload' => { - 'BadChars' => "\x00", - 'EncoderType' => Msf::Encoder::Type::AlphanumMixed, - 'EncoderOptions' => { 'BufferRegister' => 'EDI' } + 'BadChars' => "\x00\x0a\x0d\x20", }, 'Targets' => [