0e4fc48df4
Fix #9602 , a little defensive programming
...
Check for a nil message and unnecessary auth failures while looping.
2018-02-26 16:52:25 -06:00
3880f6a65e
Finally fix "Unknown admin user ''" after 2yrs
...
The failed password auth was necessary after all. I misread the PoC. :'(
Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
2018-02-21 20:44:35 -06:00
3d67d2ed12
Land #9443 , Add warning to FileDropper for deleting CWD
2018-02-19 21:22:39 -06:00
afef1948bf
catch exception for patched Vista
2018-02-01 21:39:25 -07:00
469209a2b3
prefer x64 dynamite
2018-01-31 17:19:09 -07:00
6d7b48382e
fix print arch key
2018-01-31 17:17:53 -07:00
ec26f01360
fix x64 typo
2018-01-31 17:12:07 -07:00
da23432745
Update cleanup method to check CWD
2018-01-31 16:19:43 -06:00
e60aeca2db
Pass in session to CWD check
...
Oops, used to this being accessible universally. Not the case here.
2018-01-31 16:19:43 -06:00
199a7cc134
Check for subdirectories and relative paths
2018-01-31 16:19:43 -06:00
09d931e392
Split assignment across two lines for clarity
...
https://github.com/bbatsov/ruby-style-guide#use-if-case-returns
2018-01-31 16:19:43 -06:00
15ff70fbda
Add warning to FileDropper for deleting CWD
2018-01-31 16:19:43 -06:00
d5d3769517
more robust Windows XP SP0/SP1 fix
2018-01-30 18:11:07 -07:00
a9fa1b6a4d
catch TypeError for matched pairs Frag leak
2018-01-30 10:32:59 -07:00
bbeccdd024
more trace and more flexible tolerance for SP0/SP1
2018-01-29 19:57:43 -07:00
7007bc1444
hopefully fixed XP SP0/SP1 issues
2018-01-29 19:11:30 -07:00
cfb7aa6de7
NULL pointer checks on read/write primitives
2018-01-29 18:10:01 -07:00
b5a88e3c8b
remove VERBOSE req for prints in DBGTRACE
2018-01-29 15:01:37 -07:00
9b7c19db08
fix exception
2018-01-29 07:57:08 -07:00
a15befe94b
squelch ::Rex::Proto::SMB::Exceptions::NoReply
2018-01-29 07:48:00 -07:00
6d35d241de
fix pack error for xp
2018-01-29 07:45:07 -07:00
1a74c60339
fix output
2018-01-29 02:21:01 -07:00
0c23c5fcad
notes
2018-01-29 01:37:03 -07:00
24a79ae7b3
clean up DBGTRACE
2018-01-29 01:18:49 -07:00
a321a70349
clean up token for earlier versions of windows
2018-01-29 01:09:31 -07:00
4bc3b31550
properly scope cleanup
2018-01-29 00:49:38 -07:00
bfef87a445
fixed up indentations
2018-01-29 00:19:42 -07:00
42dbab763b
increased leak attempts
2018-01-28 23:27:19 -07:00
7b19951317
fix the danger zone
2018-01-28 22:32:00 -07:00
9df4075d96
win10 needs full path to IPC$, should fix in Rex too
2018-01-28 21:15:13 -07:00
7cc00c0e10
fixed padding/offsets for win 10
2018-01-28 21:10:51 -07:00
237c3f7b2c
crash 10.14393... should fail to leak transaction
2018-01-28 18:52:43 -07:00
2723b328aa
misc tidying, added more randomness
2018-01-28 18:20:18 -07:00
6c2d5b1fc2
semi-completed exploit files
2018-01-28 18:13:25 -07:00
03d1523d43
Land #6611 , add native DNS to Rex, MSF mixin, sample modules
2018-01-22 23:54:32 -06:00
afaf832034
remove verbose error from library, bubble consistent exceptions to the module instead
2018-01-22 23:52:20 -06:00
de411e764a
Msf DNS server - add :use_resolver? method
2018-01-13 02:40:53 -05:00
ee218658b6
Cleanup Msf server and add dnsruby to gemspec
2018-01-13 02:30:08 -05:00
c65c03722c
Migrate native DNS services to Dnsruby data format
...
Dnsruby provides advanced options like DNSSEC in its data format
and is a current and well supported library.
The infrastructure services - resolver, server, etc, were designed
for a standalone configuration, and carry entirely too much weight
and redundancy to implement for this context. Instead of porting
over their native resolver, update the Net::DNS subclassed Rex
Resolver to use Dnsruby data formats and method calls.
Update the Msf namespace infrastructure mixins and native server
module with new method calls and workarounds for some instance
variables having only readers without writers. Implement the Rex
ServerManager to start and stop the DNS service adding relevant
alias methods to the Rex::Proto::DNS::Server class.
Rex services are designed to be modular and lightweight, as well
as implement the sockets, threads, and other low-level interfaces.
Dnsruby's operations classes implement their own threading and
socket semantics, and do not fit with the modular mixin workflow
used throughout Framework. So while the updated resolver can be
seen as adding rubber to the tire fire, converting to dnsruby's
native classes for resolvers, servers, and caches, would be more
like adding oxy acetylene and heavy metals.
Testing:
Internal tests for resolution of different record types locally
and over pivot sessions.
2018-01-12 05:00:00 -05:00
4b225c30fd
Land #9368 , ye olde NIS ypserv map dumper
2018-01-10 22:02:36 -06:00
b1cecd4193
Bump TIMEOUT in Msf::Exploit::Remote::SunRPC
2018-01-10 20:36:35 -06:00
1c1f3b161e
Rescue XDR errors in Msf::Exploit::Remote::SunRPC
2018-01-10 20:11:30 -06:00
461f1c12e6
Fix nil bug(s) by moving arrays to initialize
2018-01-06 02:31:16 -06:00
14143c2b90
Fix missed file_dropper_win_path
2018-01-06 01:44:25 -06:00
50f4ebb3b2
Add register_dirs_for_cleanup to FileDropper
2018-01-04 11:06:32 -06:00
caae33b417
Land #9170 , Linux UDF for mysql_udf_payload
2017-12-21 20:48:24 -06:00
8e4b007edc
Move verify_arch to dcerpc_getarch
...
We can use this code elsewhere, such as the MS17-010 scanner.
2017-12-14 02:08:25 -06:00
2565ad6a27
Handle IPv6 addresses in full_uri (add brackets)
2017-12-07 12:56:55 -06:00
7b3bf85d03
Print the generated command stager for debugging
2017-11-28 16:00:28 -06:00
697031eb36
mysql UDF now multi
2017-11-03 05:26:05 -04:00
William Vu