adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,625 Commits 27 Branches 1,043 Tags
f2f5ee66d9b6daaa651399d69c00aad07014d9b2
Commit Graph

407 Commits

Author SHA1 Message Date
Tod Beardsley d41e94050e See #2034. This adds a basic FTP bruteforce module. It also makes some minor changes to auth_brute (allows for both SMB and FTP credentials to get mapped to the basic 'USERNAME' and 'PASSWORD' datastores), and touches up the other FTP modules slightly. 
git-svn-id: file:///home/svn/framework3/trunk@9388 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-01 18:17:26 +00:00
Joshua Drake 6d1e7bdaa5 big commit - lots of cmdstager changes 
created 4 cmd stagers (instead of just one): CmdStagerVBS, CmdStagerDebugAsm, CmdStagerDebugWrite, CmdStagerTFTP
created a TFTPServer mixin
created Msf::Exploit::EXE mixin to generate executables
updated all uses of CmdStager to use CmdStagerVBS for the time being
add exploit for cve-2001-0333 using CmdStagerTFTP
updated tftp server to wait for transfers to finish (up to 30 seconds) before shutting down
write debug.exe stager stub in 16-bit assembly (used in CmdStagerDebugAsm)


git-svn-id: file:///home/svn/framework3/trunk@9375 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-26 22:39:56 +00:00
Joshua Drake 350ac4fb7c grammar! 
git-svn-id: file:///home/svn/framework3/trunk@9371 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-26 15:40:12 +00:00
Joshua Drake 3ce61ca466 grammar! 
git-svn-id: file:///home/svn/framework3/trunk@9370 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-26 15:38:13 +00:00
Joshua Drake def1af53ad remove executable property 
git-svn-id: file:///home/svn/framework3/trunk@9369 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-26 01:14:46 +00:00
Ramon de C Valle d31dd35f62 Fixes #2004. Add back the timeout argument to sunrpc_call method. 
git-svn-id: file:///home/svn/framework3/trunk@9349 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-24 00:57:18 +00:00
Tod Beardsley 1a2be34a63 Fixes #2002. Needed to work with some pipelining to get this all to work right, but it seems to function now pretty well -- if the target takes Basic, do basic, if the target takes NTLM, do NTLM. Should implement Digest too, but I don't think hardly anyone uses that. 
git-svn-id: file:///home/svn/framework3/trunk@9346 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-22 17:58:01 +00:00
Joshua Drake a6795c4714 add EXE exploit mixin 
git-svn-id: file:///home/svn/framework3/trunk@9340 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-21 06:20:10 +00:00
HD Moore dfa7fb7d0b Move away from Kernel.select in exchange for IO.select, solves some issues with windows compatibility 
git-svn-id: file:///home/svn/framework3/trunk@9330 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-20 20:42:17 +00:00
James Lee e70dabf3e3 warn and remove commas from CERTCN to prevent a crash bug in Rjb's keytool, fixes 1543 
git-svn-id: file:///home/svn/framework3/trunk@9241 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-07 18:19:50 +00:00
HD Moore 42da9e899a Improvements to the cleanup process, close sockets properly for exploits and auxiliary 
git-svn-id: file:///home/svn/framework3/trunk@9187 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-01 16:26:24 +00:00
natron c1fa8d60f7 Expose exe :template and :insert via advanced options plus formatting changes. Thanks MarkBagget for the kick in the pants and the example options to to_win32pe\! 
git-svn-id: file:///home/svn/framework3/trunk@8966 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-31 22:05:32 +00:00
HD Moore c3eccf2cb5 Change default to 445, its 2010 
git-svn-id: file:///home/svn/framework3/trunk@8941 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-27 21:00:28 +00:00
James Lee 1dc7a4a21f i'm tired of support requests for oci libs not being installed 
git-svn-id: file:///home/svn/framework3/trunk@8899 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-24 19:02:38 +00:00
HD Moore eb31c8f24b Fixes up SunRPC to use proper timeouts and track the socket context (needed for pivoting) 
git-svn-id: file:///home/svn/framework3/trunk@8845 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-17 23:02:35 +00:00
Tod Beardsley 3f69bb8053 Fixes the handling for telnet services when the server is "busy" -- this is common wit HP JetDirect servers, where the server will respond with a busy message up to several seconds after the last connection logged off. While this does mean that credential tests will be skipped, they will at least not be scored incorrectly as false postives. 
Also, this removes the disconnect() method in favor of self.sock.close(). Disconnect seems to have a tendency to leave sessions half-closed, which will cause a busy state to never clear. self.sock.close doesn't appear to have this effect if you use a slower bruteforce_speed option (3 seems to work all right).



git-svn-id: file:///home/svn/framework3/trunk@8835 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-16 18:45:50 +00:00
Tod Beardsley cb640571b0 Fixes #1109 -- ARP is now less picky about ARP replies, but does conform to normal networking standards. 
git-svn-id: file:///home/svn/framework3/trunk@8832 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-16 16:04:02 +00:00
Joshua Drake b6851b8ee4 modify cmd stager to take a raw payload string instead of a payload instance 
git-svn-id: file:///home/svn/framework3/trunk@8805 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-12 21:47:01 +00:00
Joshua Drake 28f4eb2fd9 handle failed logins - fixes #1014 
git-svn-id: file:///home/svn/framework3/trunk@8728 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-05 17:05:12 +00:00
Joshua Drake 73da75a931 big update to cmd stager 
1. returns array of commands instead of big blob of lines
2. combine lines together when possible (to reduce # of commands to execute)
3. add cmd stager usage in mssql_payload
4. remove extraneous stuff here and there

git-svn-id: file:///home/svn/framework3/trunk@8721 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-05 00:29:44 +00:00
Joshua Drake d8818fc268 execute xp_cmdshell from master explicitly 
git-svn-id: file:///home/svn/framework3/trunk@8720 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-04 23:55:04 +00:00
Joshua Drake 8a2382ed1a don't wait for shell.run to finish 
git-svn-id: file:///home/svn/framework3/trunk@8717 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-04 22:32:46 +00:00
Joshua Drake 1629bf7bf0 move http_send_cmd into cmdweb test exploit 
git-svn-id: file:///home/svn/framework3/trunk@8716 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-04 21:00:58 +00:00
James Lee 602395ead0 don't set the language if we don't have one 
git-svn-id: file:///home/svn/framework3/trunk@8709 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-04 07:38:52 +00:00
James Lee 7392de4d3d don't use undefined variables. 
git-svn-id: file:///home/svn/framework3/trunk@8700 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-03 19:50:22 +00:00
James Lee 7d348c3593 honor the SSL option in HttpServer, fixes #1001 
git-svn-id: file:///home/svn/framework3/trunk@8699 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-03 18:47:04 +00:00
Joshua Drake e7a9391a76 minor tweaks, no functional changes 
git-svn-id: file:///home/svn/framework3/trunk@8684 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-02 02:26:08 +00:00
HD Moore 304a238d3e Add pop3/imap4 scanners 
git-svn-id: file:///home/svn/framework3/trunk@8664 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-26 19:06:26 +00:00
HD Moore 2cbf64b85a Fix up the stored banner for SMTP 
git-svn-id: file:///home/svn/framework3/trunk@8661 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-26 18:47:48 +00:00
Tod Beardsley 25de6844b8 Adding OpenSoliaris Postgres fingerprints. 
git-svn-id: file:///home/svn/framework3/trunk@8599 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-23 14:09:21 +00:00
HD Moore 80f1f48b2d Merge in loot and user, fix up telnet to handle eof better 
git-svn-id: file:///home/svn/framework3/trunk@8594 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-22 23:45:43 +00:00
HD Moore 8296dc85b3 Cache the local interface/netmask 
git-svn-id: file:///home/svn/framework3/trunk@8571 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-20 18:52:13 +00:00
HD Moore 551e7d57ba Speed up packet injection 
git-svn-id: file:///home/svn/framework3/trunk@8570 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-20 18:31:46 +00:00
HD Moore 0a8696436e Fix up the telnet login code to handle varied responses better 
git-svn-id: file:///home/svn/framework3/trunk@8565 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-20 05:49:40 +00:00
natron 474228a132 Woops, forgot to push the updated mixin. 
git-svn-id: file:///home/svn/framework3/trunk@8560 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-19 06:06:30 +00:00
Joshua Drake 089a522df0 various fixes 
1. allow passing payload to generate_cmdstager (needed for html server sploits)
2. cleanup whitespace here and there
3. removed rendundant pattern match
4. removed use of sleep in favor of select idiom


git-svn-id: file:///home/svn/framework3/trunk@8539 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-17 20:04:54 +00:00
Joshua Drake 0d526a26af add cmdstager to mixins, oops 
git-svn-id: file:///home/svn/framework3/trunk@8526 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-16 20:26:31 +00:00
Joshua Drake 4800d6841c commit cmd stager stuff from bannedit 
git-svn-id: file:///home/svn/framework3/trunk@8518 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-16 16:38:19 +00:00
HD Moore 993ba44fcf SMB updates, better reporting of SSL status for HTTP 
git-svn-id: file:///home/svn/framework3/trunk@8459 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-11 22:37:00 +00:00
Tod Beardsley 65c5eae59e Calling it postgres instead of postgresql for overall consistency. 
git-svn-id: file:///home/svn/framework3/trunk@8435 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-09 20:44:23 +00:00
James Lee e2d70519d7 add the ability to check for a prompt before sending user/pass; now works with cisco, aix, solaris, linux, and windows telnetds 
git-svn-id: file:///home/svn/framework3/trunk@8434 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-09 19:07:02 +00:00
Tod Beardsley c763052c57 See #816. This came up while learning how to perform various postgre tasks via Metasploit. 
This module in particular reads a text file on the remote machine, copies it to a temporary table, and then selects the table.

Looks like this:

http://pastie.org/private/uoxgaw7ibjpvuepolr1fuw



git-svn-id: file:///home/svn/framework3/trunk@8417 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-08 22:34:09 +00:00
Tod Beardsley 0b6c44b2cb Adding reporting to postgres_login. Logging version info more verbosely for authenticated login, since it's way useful. 
git-svn-id: file:///home/svn/framework3/trunk@8408 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-08 17:35:58 +00:00
Tod Beardsley 67bb7a1926 Cleaning up print_status messages for Postgres SQL module and Postgres library. 
git-svn-id: file:///home/svn/framework3/trunk@8407 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-08 16:43:44 +00:00
HD Moore 5f76353e8e Woops, add the missing support files 
git-svn-id: file:///home/svn/framework3/trunk@8400 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-08 00:59:29 +00:00
Joshua Drake 7d9d169a1a exploit/sunrpc: return nil on error 
git-svn-id: file:///home/svn/framework3/trunk@8394 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-07 03:51:14 +00:00
James Lee 3b0b2731fd fix telnet scanner 
git-svn-id: file:///home/svn/framework3/trunk@8392 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-07 00:14:29 +00:00
Joshua Drake 80bdf77b39 cleanup sunrpc_call error handling 
git-svn-id: file:///home/svn/framework3/trunk@8388 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-06 21:50:11 +00:00
Tod Beardsley 43bbfefa8f Adding a Windows signature for Postgres. 
git-svn-id: file:///home/svn/framework3/trunk@8374 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-05 18:02:13 +00:00
Tod Beardsley c8cdf9c938 Fixes #811 by implementing an enumerator for PostgreSQL. 
git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-05 15:20:59 +00:00