adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

21851 Commits

Author SHA1 Message Date
Jon Hart e96596e8eb Credit Nixawk/all3g for some of the module review/improvements/ideas 
From:
  https://github.com/rapid7/metasploit-framework/pull/6191
  https://github.com/jhart-r7/metasploit-framework/pull/5
 2015-11-05 09:22:30 -08:00
Jon Hart 0ae2e64bc5 Only mark rsync as req'ing auth true/false if we are sure, otherwise vprint and unknown 2015-11-05 09:20:02 -08:00
Brent Cook ee6d6258a5 Land #6180, add PSH as a target for psexec directly, implement autodetect 2015-11-05 10:38:50 -06:00
pyllyukko 4390fda513 Remove extra Content-Length HTTP header 
The send_request_raw already sets the header and if it's set also in the
module, Metasploit sends the header twice.
 2015-11-05 14:38:06 +02:00
nixawk d63f7c843e enum_dns - review 2015-11-05 10:09:54 +00:00
William Vu 862dff964a Integrate psexec_psh into psexec 2015-11-04 17:31:33 -06:00
Jon Hart f1a79bd207 Make motd printing optional, off by default 2015-11-04 10:11:00 -08:00
Jon Hart 8f497faa09 Make read timeout configurable and shorter by default 
This makes the time spent handling motd almost a non-issue
 2015-11-04 10:01:38 -08:00
Jon Hart 3528bb2fa7 Remove optional motd handling; this is always necessary 
without it, detecting authentication on systems w/ a motd does not work
 2015-11-04 09:43:10 -08:00
Jon Hart 0d3232f93a break if we get the rsync exit 2015-11-04 09:12:02 -08:00
Jon Hart ba5a8e4806 style 2015-11-04 09:11:07 -08:00
Jon Hart 2cab70294e sprinkle in peer 2015-11-04 09:05:33 -08:00
Jon Hart 9bcdd19e0a Correct table 2015-11-04 09:01:07 -08:00
Jon Hart 8f4f187c70 More usable format for module metadata in notes 2015-11-04 08:47:37 -08:00
Jon Hart b7ccee949e Improve name and description; update authors 2015-11-04 08:42:29 -08:00
Jon Hart c0993c3797 Appease rubocop 
You have 20 seconds to comply
 2015-11-04 08:28:35 -08:00
Jon Hart c265a371d8 Make testing the rsync module for authentication optional, 
but on by default
 2015-11-04 08:25:38 -08:00
fraf0 3739a2fb72 Update dns_srv_enum.rb 2015-11-03 16:59:55 +01:00
fraf0 f1feccfd7c Update dns_srv_enum.rb 2015-11-03 16:53:26 +01:00
nixawk 109e9b6b6e remove debug info - require 'pry' 2015-11-03 06:52:11 +00:00
nixawk 46fe0c0899 base64 for evasion purposes 2015-11-03 06:42:52 +00:00
Tom Spencer 557dffd8d2 Fixed extra space at end of line 2015-11-02 21:50:39 -08:00
Tom Spencer 4d97e33bc5 Dramatic speed-up in bleeding, improved verbose output of leaked data. 2015-11-02 16:07:21 -08:00
Jon Hart dd91956c4a ooops, puts 2015-11-02 15:07:26 -08:00
Jon Hart de959ed62b Remove actions; check and run_* will suffice 2015-11-02 13:54:42 -08:00
Jon Hart 1c3e4d2cbf Refactor to use Scanner; add check; add beginnings of actions 2015-11-02 13:39:09 -08:00
Jon Hart ced20ba51c Refactor NTP symmetric packet creation; add vuln detection to NAK to the future 2015-11-02 12:46:58 -08:00
Jon Hart 17c4aa2348 Fill in description; style 2015-11-02 12:18:35 -08:00
Jon Hart 8fb0596888 Add more refs 2015-11-02 12:07:18 -08:00
Jon Hart 3c92b109d7 Don't wait for motd when testing for auth 2015-11-02 10:49:48 -08:00
Jon Hart 6c0034fba6 get_once for negotiation and trailing motd_lines 
This feels hacky.
 2015-11-02 09:32:54 -08:00
Jon Hart a120dd1ea9 Return nil when no motd lines 2015-11-02 09:18:10 -08:00
Jon Hart 962cf77873 Not all modules have comments 2015-11-02 09:14:41 -08:00
Jon Hart 4effd3aa81 Handle case where motd comes after negotiation 2015-11-02 09:12:57 -08:00
Matthias Ganz 6458c591e4 Update loadlibrary.rb 2015-11-02 17:16:46 +01:00
Matthias Ganz a01d7c966a Bugfix loading address of library path into rcx 
Changed the following instruction:
67 48 8D 8D 00 01 00 00 lea         rcx,[ebp+100h]

Into
90                                              nop
48 8D 8D 00 01 00 00 lea         rcx,[rbp+100h]

The old code breaks if the payload is executed from a memory area where the 4 most significant bytes are non-zero. 

The bugfix removes the Address-Size override prefix 0x67 of the lea instruction and replaces it with a nop 0x90 (to not mess up code alignment,relative addressing or jmps).
 2015-11-02 12:54:44 +01:00
nixawk 6c16d2a1ca caidao's exploit module 2015-11-02 08:54:18 +00:00
Martin Vigo b0f92b49a2 Print vault passwords 2015-11-01 21:47:00 -08:00
William Vu 6a01efa394 Deprecate psexec_psh 2015-10-30 17:41:58 -05:00
Brent Cook ec1682ebd9 update payload size cache 2015-10-30 17:35:05 -05:00
Brent Cook be23da1c1f Merge branch 'upstream-master' into land-6120-python-stageless 2015-10-30 17:26:26 -05:00
Louis Sato 78416724f8 Land #6167, fix deprecation warning + expiration 
adobe flash player buffer overlow deprecation warning replacement
and expiration extended
 2015-10-30 15:49:40 -05:00
Louis Sato 2bd792f693 remove .rb file extension 2015-10-30 15:26:45 -05:00
Jon Hart d18b6ff9cd More doc, error handling 2015-10-30 13:13:44 -07:00
Jon Hart ff1d0709e0 vprint if the thing isn't rsync 2015-10-30 12:39:06 -07:00
William Vu f8a39ecc21 Land #6145, better RPC exception handling 2015-10-30 13:25:52 -05:00
Jon Hart eb99aaa216 Print out modules before building/reporting table 2015-10-30 09:49:07 -07:00
Jon Hart 86b48490f0 Merge branch 'master' into poc/rsunk 2015-10-30 09:42:41 -07:00
wchen-r7 82e600a53a Suggest the correct replacement for the deprecated module 
The deprecated module has been suggesting the wrong replacement,
it should be exploits/multi/browser/adobe_flash_pixel_bender_bof.rb
 2015-10-29 16:24:29 -05:00
Louis Sato 57304a30a8 Land #6139, remove bad ref links 2015-10-29 16:00:43 -05:00