adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,254 Commits 27 Branches 1,043 Tags
94de5a4e42cfb1dc0fdfc1233707f71b6d9a628b
Commit Graph

2038 Commits

Author SHA1 Message Date
Joshua Drake 73da75a931 big update to cmd stager 
1. returns array of commands instead of big blob of lines
2. combine lines together when possible (to reduce # of commands to execute)
3. add cmd stager usage in mssql_payload
4. remove extraneous stuff here and there

git-svn-id: file:///home/svn/framework3/trunk@8721 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-05 00:29:44 +00:00
Joshua Drake d8818fc268 execute xp_cmdshell from master explicitly 
git-svn-id: file:///home/svn/framework3/trunk@8720 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-04 23:55:04 +00:00
Joshua Drake 8a2382ed1a don't wait for shell.run to finish 
git-svn-id: file:///home/svn/framework3/trunk@8717 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-04 22:32:46 +00:00
Joshua Drake 1629bf7bf0 move http_send_cmd into cmdweb test exploit 
git-svn-id: file:///home/svn/framework3/trunk@8716 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-04 21:00:58 +00:00
James Lee 602395ead0 don't set the language if we don't have one 
git-svn-id: file:///home/svn/framework3/trunk@8709 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-04 07:38:52 +00:00
James Lee 7392de4d3d don't use undefined variables. 
git-svn-id: file:///home/svn/framework3/trunk@8700 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-03 19:50:22 +00:00
James Lee 7d348c3593 honor the SSL option in HttpServer, fixes #1001 
git-svn-id: file:///home/svn/framework3/trunk@8699 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-03 18:47:04 +00:00
Joshua Drake e7a9391a76 minor tweaks, no functional changes 
git-svn-id: file:///home/svn/framework3/trunk@8684 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-02 02:26:08 +00:00
HD Moore 304a238d3e Add pop3/imap4 scanners 
git-svn-id: file:///home/svn/framework3/trunk@8664 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-26 19:06:26 +00:00
HD Moore 2cbf64b85a Fix up the stored banner for SMTP 
git-svn-id: file:///home/svn/framework3/trunk@8661 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-26 18:47:48 +00:00
Tod Beardsley 25de6844b8 Adding OpenSoliaris Postgres fingerprints. 
git-svn-id: file:///home/svn/framework3/trunk@8599 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-23 14:09:21 +00:00
HD Moore 80f1f48b2d Merge in loot and user, fix up telnet to handle eof better 
git-svn-id: file:///home/svn/framework3/trunk@8594 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-22 23:45:43 +00:00
HD Moore 8296dc85b3 Cache the local interface/netmask 
git-svn-id: file:///home/svn/framework3/trunk@8571 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-20 18:52:13 +00:00
HD Moore 551e7d57ba Speed up packet injection 
git-svn-id: file:///home/svn/framework3/trunk@8570 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-20 18:31:46 +00:00
HD Moore 0a8696436e Fix up the telnet login code to handle varied responses better 
git-svn-id: file:///home/svn/framework3/trunk@8565 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-20 05:49:40 +00:00
natron 474228a132 Woops, forgot to push the updated mixin. 
git-svn-id: file:///home/svn/framework3/trunk@8560 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-19 06:06:30 +00:00
Joshua Drake 089a522df0 various fixes 
1. allow passing payload to generate_cmdstager (needed for html server sploits)
2. cleanup whitespace here and there
3. removed rendundant pattern match
4. removed use of sleep in favor of select idiom


git-svn-id: file:///home/svn/framework3/trunk@8539 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-17 20:04:54 +00:00
Joshua Drake 0d526a26af add cmdstager to mixins, oops 
git-svn-id: file:///home/svn/framework3/trunk@8526 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-16 20:26:31 +00:00
Joshua Drake 4800d6841c commit cmd stager stuff from bannedit 
git-svn-id: file:///home/svn/framework3/trunk@8518 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-16 16:38:19 +00:00
HD Moore 993ba44fcf SMB updates, better reporting of SSL status for HTTP 
git-svn-id: file:///home/svn/framework3/trunk@8459 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-11 22:37:00 +00:00
Tod Beardsley 65c5eae59e Calling it postgres instead of postgresql for overall consistency. 
git-svn-id: file:///home/svn/framework3/trunk@8435 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-09 20:44:23 +00:00
James Lee e2d70519d7 add the ability to check for a prompt before sending user/pass; now works with cisco, aix, solaris, linux, and windows telnetds 
git-svn-id: file:///home/svn/framework3/trunk@8434 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-09 19:07:02 +00:00
Tod Beardsley c763052c57 See #816. This came up while learning how to perform various postgre tasks via Metasploit. 
This module in particular reads a text file on the remote machine, copies it to a temporary table, and then selects the table.

Looks like this:

http://pastie.org/private/uoxgaw7ibjpvuepolr1fuw



git-svn-id: file:///home/svn/framework3/trunk@8417 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-08 22:34:09 +00:00
Tod Beardsley 0b6c44b2cb Adding reporting to postgres_login. Logging version info more verbosely for authenticated login, since it's way useful. 
git-svn-id: file:///home/svn/framework3/trunk@8408 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-08 17:35:58 +00:00
Tod Beardsley 67bb7a1926 Cleaning up print_status messages for Postgres SQL module and Postgres library. 
git-svn-id: file:///home/svn/framework3/trunk@8407 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-08 16:43:44 +00:00
HD Moore 5f76353e8e Woops, add the missing support files 
git-svn-id: file:///home/svn/framework3/trunk@8400 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-08 00:59:29 +00:00
Joshua Drake 7d9d169a1a exploit/sunrpc: return nil on error 
git-svn-id: file:///home/svn/framework3/trunk@8394 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-07 03:51:14 +00:00
James Lee 3b0b2731fd fix telnet scanner 
git-svn-id: file:///home/svn/framework3/trunk@8392 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-07 00:14:29 +00:00
Joshua Drake 80bdf77b39 cleanup sunrpc_call error handling 
git-svn-id: file:///home/svn/framework3/trunk@8388 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-06 21:50:11 +00:00
Tod Beardsley 43bbfefa8f Adding a Windows signature for Postgres. 
git-svn-id: file:///home/svn/framework3/trunk@8374 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-05 18:02:13 +00:00
Tod Beardsley c8cdf9c938 Fixes #811 by implementing an enumerator for PostgreSQL. 
git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-05 15:20:59 +00:00
Tod Beardsley 6e8e6ef16a Fixes #769 by implementing a brute force module for Postgres. A couple notes: If you guess wrong at the database name, you still can try to login with a username and password -- you'll get a successful auth, but then get disconnected. So, that's pretty neat. 
Also, since Postgres-PR uses the stock TCPSocket object, connection timeouts and other errors take forever. This is avoided in the brute forcer by pre-validating the connection with Rex::Socket, but this is a hack -- it would be better to convert Postgres-PR to a Rex::Socket flavor, so you also get nicer error messages and what all. I did fork it off the main distribute it already anyway, so may as well will open a feature bug on this, but it's pretty low priority.




git-svn-id: file:///home/svn/framework3/trunk@8366 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-03 21:45:13 +00:00
Joshua Drake a052340703 a few fixes to sunrpc code 
this fixes a couple of errors handling error messages
also, some whitespace/indenting adjustments



git-svn-id: file:///home/svn/framework3/trunk@8365 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-03 20:30:09 +00:00
Tod Beardsley e0060a4f83 See #794. Fixing this better to ensure that we never end up with a nil for a source mac address on ARP packets. 
git-svn-id: file:///home/svn/framework3/trunk@8354 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-02 22:05:24 +00:00
Tod Beardsley 2ffe4abb5d Fixes #730 by fixing up the Postgres query module and nicifying the output. 
git-svn-id: file:///home/svn/framework3/trunk@8352 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-02 21:02:12 +00:00
Tod Beardsley 01adf60550 See #730. First pass at a Postgres Query module. Doesn't handle errors very well yet (still need to work all that out and create some test cases). 
git-svn-id: file:///home/svn/framework3/trunk@8344 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-02 01:40:48 +00:00
James Lee 554f46be43 fix syntax error 
git-svn-id: file:///home/svn/framework3/trunk@8341 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-01 16:48:04 +00:00
Tod Beardsley d166c166b5 Fixes #794. I also couldn't reproduce -- whiten0ise's error makes is sound like he's running an old or broken version of pcaprub that's missing Pcap#lookupnet (present in at least 0.7-dev, just checked http://rubyforge.org/projects/pcaprub/ 
However, this should at least solve the split error, and give better hints on other errors. Implements check_pcaprub_loaded to ensure that Pcap is in fact available on lookupnet, openpcap, and inject, and implemented a begin/rescue around lookupnet to catch errors involving a bad interface.



git-svn-id: file:///home/svn/framework3/trunk@8340 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-01 15:11:35 +00:00
Tod Beardsley a76480d42c See #726. Cleaning up my gross whitespace. 
git-svn-id: file:///home/svn/framework3/trunk@8311 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 23:08:39 +00:00
natron 69ad365b46 Added STDERR to pure java payload, cleaned up user's view. 
git-svn-id: file:///home/svn/framework3/trunk@8308 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 22:53:36 +00:00
Joshua Drake 9c0213e642 check for JAVA_HOME before using it 
git-svn-id: file:///home/svn/framework3/trunk@8289 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 08:18:24 +00:00
Joshua Drake a28b727e3f oops! minor change fixes #785 
git-svn-id: file:///home/svn/framework3/trunk@8288 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 07:48:12 +00:00
Tod Beardsley 7c4d7c3d71 Fixes #782. Cleans up the various arp and inject methods so they're a little more sane to read, and streamlines the ARP process. 
Still would like to a) experiment with keeping a persistent cache (with a cache timeout maybe, like a real arp cache), and b) see how caching negative replies will work out, but that's for another time.



git-svn-id: file:///home/svn/framework3/trunk@8280 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 22:46:41 +00:00
Tod Beardsley 0711363b49 See #782. Added in a mechanism to determine if I should ARP. This brings synflood back up to speed. 
git-svn-id: file:///home/svn/framework3/trunk@8278 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 21:19:23 +00:00
Tod Beardsley bedbc2c341 See #782. Deregistering filter and pcapfile (not needed for these), moving GATEWAY to advanced options. 
git-svn-id: file:///home/svn/framework3/trunk@8277 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 20:58:45 +00:00
natron 3b85e44a7a Remove old comments; no longer relevant. 
git-svn-id: file:///home/svn/framework3/trunk@8270 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 19:59:25 +00:00
natron cd5e5880d2 Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit. 
git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 19:46:39 +00:00
Tod Beardsley 2f76affadb See #782. Updating ldap exploit to use capture_sendto. Also updating capture.rb to include RHOST. 
git-svn-id: file:///home/svn/framework3/trunk@8266 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 19:37:22 +00:00
Tod Beardsley 709c634bfa Renaming sendto to capture_sendto to give the user a hint as to where it came from. 
git-svn-id: file:///home/svn/framework3/trunk@8260 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 18:21:33 +00:00
Tod Beardsley 3053bd702a See #782. Updated xmas.rb (again), now uses the nicer frontend function sendto. Diff against r8026 to get an idea of what's changed for module writers. 
git-svn-id: file:///home/svn/framework3/trunk@8259 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 18:12:02 +00:00