Permalink
Browse files

Merge branch 'master' of git://github.com/rapid7/metasploit-framework

Conflicts:
	scripts/resource/wmap_autotest.rc
  • Loading branch information...
m-1-k-3
m-1-k-3 committed Mar 13, 2012
2 parents 605f62f + 1a364df commit 0da5f798e5779561706dfd44216662f175096113
Showing with 5,742 additions and 1,848 deletions.
  1. BIN data/armitage/armitage.jar
  2. +30 −0 data/armitage/whatsnew.txt
  3. BIN data/exploits/CVE-2012-0754.swf
  4. +22 −0 data/exploits/mp4player.as
  5. BIN data/exploits/mp4player.fla
  6. BIN data/exploits/mp4player.swf
  7. BIN data/meterpreter/ext_server_stdapi.jar
  8. BIN data/meterpreter/ext_server_stdapi.lso
  9. BIN data/meterpreter/meterpreter.jar
  10. +5 −0 data/wmap/wmap_dirs.txt
  11. +531 −114 documentation/wmap.txt
  12. +31 −0 external/source/exploits/CVE-2012-0754/Exploit.as
  13. +6 −0 external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/TLVType.java
  14. +5 −0 ...eter/java/src/stdapi/com/metasploit/meterpreter/stdapi/stdapi_net_config_get_interfaces_V1_4.java
  15. +4 −0 external/source/meterpreter/source/common/arch/posix/scheduler.c
  16. +1 −1 external/source/meterpreter/source/extensions/stdapi/server/fs/dir.c
  17. +4 −4 external/source/meterpreter/source/extensions/stdapi/server/net/config/route.c
  18. +140 −0 external/source/shellcode/windows/x86/src/block/block_reverse_http.asm
  19. +2 −2 external/source/shellcode/windows/x86/src/block/block_reverse_https.asm
  20. +160 −0 external/source/shellcode/windows/x86/src/block/block_reverse_https_proxy.asm
  21. +19 −0 external/source/shellcode/windows/x86/src/stager/stager_reverse_https_proxy.asm
  22. +1 −1 lib/msf/base/sessions/meterpreter.rb
  23. +7 −1 lib/msf/base/simple/auxiliary.rb
  24. +17 −3 lib/msf/base/simple/exploit.rb
  25. +4 −0 lib/msf/base/simple/payload.rb
  26. +7 −1 lib/msf/base/simple/post.rb
  27. +0 −15 lib/msf/core/auxiliary/nmap.rb
  28. +3 −1 lib/msf/core/auxiliary/scanner.rb
  29. +49 −26 lib/msf/core/auxiliary/wmapmodule.rb
  30. +3 −1 lib/msf/core/data_store.rb
  31. +6 −0 lib/msf/core/encoded_payload.rb
  32. +13 −0 lib/msf/core/exploit/http/client.rb
  33. +50 −6 lib/msf/core/handler/reverse_http.rb
  34. +51 −5 lib/msf/core/handler/reverse_https.rb
  35. +8 −1 lib/msf/core/option_container.rb
  36. +95 −7 lib/msf/core/payload/linux.rb
  37. +2 −1 lib/msf/ui/console/command_dispatcher/core.rb
  38. +91 −11 lib/msf/ui/console/command_dispatcher/db.rb
  39. +3 −1 lib/rex/mime/message.rb
  40. +2 −2 lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb
  41. +2 −11 lib/rex/post/meterpreter/extensions/stdapi/net/config.rb
  42. +1 −1 lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb
  43. +3 −2 lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
  44. +46 −38 lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb
  45. +11 −5 lib/rex/proto/dcerpc/packet.rb
  46. +14 −14 lib/rex/socket.rb
  47. +20 −0 lib/rex/text.rb
  48. +0 −1 modules/auxiliary/admin/http/contentkeeper_fileaccess.rb
  49. +1 −1 modules/auxiliary/admin/http/tomcat_administration.rb
  50. +2 −2 modules/auxiliary/admin/http/tomcat_utf8_traversal.rb
  51. +1 −2 modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb
  52. +1 −1 modules/auxiliary/admin/mysql/mysql_enum.rb
  53. +2 −2 modules/auxiliary/admin/natpmp/natpmp_map.rb
  54. +3 −4 modules/auxiliary/admin/postgres/postgres_readfile.rb
  55. +2 −3 modules/auxiliary/admin/postgres/postgres_sql.rb
  56. +10 −30 modules/auxiliary/admin/smb/check_dir_file.rb
  57. +1 −1 modules/auxiliary/gather/natpmp_external_address.rb
  58. +229 −0 modules/auxiliary/scanner/afp/afp_server_info.rb
  59. +0 −1 modules/auxiliary/scanner/db2/db2_auth.rb
  60. +0 −1 modules/auxiliary/scanner/db2/db2_version.rb
  61. +1 −1 modules/auxiliary/scanner/discovery/ipv6_neighbor.rb
  62. +1 −1 modules/auxiliary/scanner/http/apache_userdir_enum.rb
  63. +1 −1 modules/auxiliary/scanner/http/axis_local_file_include.rb
  64. +1 −1 modules/auxiliary/scanner/http/axis_login.rb
  65. +16 −8 modules/auxiliary/scanner/http/backup_file.rb
  66. +358 −208 modules/auxiliary/scanner/http/blind_sql_query.rb
  67. +16 −9 modules/auxiliary/scanner/http/brute_dirs.rb
  68. +1 −1 modules/auxiliary/scanner/http/cert.rb
  69. +0 −1 modules/auxiliary/scanner/http/cisco_nac_manager_traversal.rb
  70. +13 −6 modules/auxiliary/scanner/http/copy_of_file.rb
  71. +25 −11 modules/auxiliary/scanner/http/dir_listing.rb
  72. +15 −7 modules/auxiliary/scanner/http/dir_scanner.rb
  73. +8 −4 modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb
  74. +8 −7 modules/auxiliary/scanner/http/drupal_views_user_enum.rb
  75. +1 −1 modules/auxiliary/scanner/http/ektron_cms400net.rb
  76. +26 −12 modules/auxiliary/scanner/http/error_sql_injection.rb
  77. +13 −6 modules/auxiliary/scanner/http/file_same_name_dir.rb
  78. +14 −7 modules/auxiliary/scanner/http/files_dir.rb
  79. +10 −9 modules/auxiliary/scanner/http/frontpage_login.rb
  80. +2 −2 modules/auxiliary/scanner/http/glassfish_login.rb
  81. +1 −2 modules/auxiliary/scanner/http/http_login.rb
  82. +12 −4 modules/auxiliary/scanner/http/http_put.rb
  83. +2 −2 modules/auxiliary/scanner/http/http_traversal.rb
  84. +6 −2 modules/auxiliary/scanner/http/http_version.rb
  85. +0 −5 modules/auxiliary/scanner/http/lucky_punch.rb
  86. +1 −1 modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb
  87. +16 −3 modules/auxiliary/scanner/http/open_proxy.rb
  88. +3 −3 modules/auxiliary/scanner/http/options.rb
  89. +13 −6 modules/auxiliary/scanner/http/prev_dir_same_name_file.rb
  90. +17 −7 modules/auxiliary/scanner/http/replace_ext.rb
  91. +1 −1 modules/auxiliary/scanner/http/robots_txt.rb
  92. +0 −1 modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb
  93. +0 −1 modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb
  94. +0 −1 modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb
  95. +0 −1 modules/auxiliary/scanner/http/sap_businessobjects_version_enum.rb
  96. +15 −6 modules/auxiliary/scanner/http/scraper.rb
  97. +78 −77 modules/auxiliary/scanner/http/soap_xml.rb
  98. +1 −1 modules/auxiliary/scanner/http/sqlmap.rb
  99. +3 −3 modules/auxiliary/scanner/http/squiz_matrix_user_enum.rb
  100. +1 −1 modules/auxiliary/scanner/http/ssl.rb
  101. +25 −14 modules/auxiliary/scanner/http/svn_scanner.rb
  102. +1 −2 modules/auxiliary/scanner/http/tomcat_mgr_login.rb
  103. +2 −1 modules/auxiliary/scanner/http/trace.rb
  104. +4 −3 modules/auxiliary/scanner/http/trace_axd.rb
  105. +13 −7 modules/auxiliary/scanner/http/verb_auth_bypass.rb
  106. +4 −3 modules/auxiliary/scanner/http/vhost_scanner.rb
  107. +8 −3 modules/auxiliary/scanner/http/web_vulndb.rb
  108. +2 −2 modules/auxiliary/scanner/http/webdav_internal_ip.rb
  109. +2 −2 modules/auxiliary/scanner/http/webdav_scanner.rb
  110. +2 −2 modules/auxiliary/scanner/http/webdav_website_content.rb
  111. +2 −2 modules/auxiliary/scanner/http/wordpress_login_enum.rb
  112. +1 −1 modules/auxiliary/scanner/http/xpath.rb
  113. +2 −2 modules/auxiliary/scanner/mongodb/mongodb_login.rb
  114. +1 −1 modules/auxiliary/scanner/natpmp/natpmp_portscan.rb
  115. +4 −4 modules/auxiliary/scanner/postgres/postgres_version.rb
  116. +0 −1 modules/auxiliary/scanner/sap/sap_mgmt_con_abaplog.rb
  117. +0 −1 modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb
  118. +0 −1 modules/auxiliary/scanner/sap/sap_mgmt_con_extractusers.rb
  119. +0 −1 modules/auxiliary/scanner/sap/sap_mgmt_con_getaccesspoints.rb
  120. +0 −1 modules/auxiliary/scanner/sap/sap_mgmt_con_getenv.rb
  121. +0 −1 modules/auxiliary/scanner/sap/sap_mgmt_con_getlogfiles.rb
  122. +0 −1 modules/auxiliary/scanner/sap/sap_mgmt_con_getprocessparameter.rb
  123. +0 −1 modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb
  124. +0 −1 modules/auxiliary/scanner/sap/sap_mgmt_con_listlogfiles.rb
  125. +0 −1 modules/auxiliary/scanner/sap/sap_mgmt_con_startprofile.rb
  126. +1 −2 modules/auxiliary/scanner/sap/sap_mgmt_con_version.rb
  127. +1 −1 modules/auxiliary/scanner/telnet/lantronix_telnet_version.rb
  128. +1 −1 modules/encoders/x86/alpha_upper.rb
  129. +147 −0 modules/exploits/multi/http/lcms_php_exec.rb
  130. +15 −0 modules/exploits/multi/http/tomcat_mgr_deploy.rb
  131. +1 −1 modules/exploits/unix/ftp/vsftpd_234_backdoor.rb
  132. +374 −0 modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
  133. +28 −13 modules/exploits/windows/browser/adobe_flash_sps.rb
  134. +5 −5 modules/exploits/windows/browser/asus_net4switch_ipswcom.rb
  135. +1 −1 modules/exploits/windows/browser/java_ws_vmargs.rb
  136. +98 −54 modules/exploits/windows/browser/ms12_004_midi.rb
  137. +1 −1 modules/exploits/windows/browser/trendmicro_extsetowner.rb
  138. +73 −0 modules/exploits/windows/fileformat/djstudio_pls_bof.rb
  139. +4 −3 modules/exploits/windows/fileformat/ibm_pcm_ws.rb
  140. +141 −0 modules/exploits/windows/fileformat/vlc_realtext.rb
  141. +1 −1 modules/exploits/windows/http/xampp_webdav_upload_php.rb
  142. +2 −4 modules/exploits/windows/scada/igss9_misc.rb
  143. +1 −6 modules/exploits/windows/smb/ms05_039_pnp.rb
  144. +242 −0 modules/exploits/windows/ssh/sysax_ssh_username.rb
  145. +1 −1 modules/payloads/singles/generic/custom.rb
  146. +143 −0 modules/payloads/singles/linux/armle/shell_bind_tcp.rb
  147. +23 −23 modules/payloads/stagers/windows/reverse_http.rb
  148. +3 −3 modules/payloads/stagers/windows/reverse_https.rb
  149. +23 −22 modules/payloads/stagers/windows/reverse_ipv6_http.rb
  150. +3 −3 modules/payloads/stagers/windows/reverse_ipv6_https.rb
  151. +1 −1 modules/post/aix/hashdump.rb
  152. +39 −20 modules/post/{windows → multi}/gather/apple_ios_backup.rb
  153. +6 −3 modules/post/multi/gather/firefox_creds.rb
  154. +13 −17 modules/post/windows/gather/credentials/filezilla_server.rb
  155. +8 −6 modules/post/windows/gather/credentials/outlook.rb
  156. +37 −5 modules/post/windows/gather/enum_chrome.rb
  157. +5 −5 modules/post/windows/manage/vss_create.rb
  158. +3 −3 modules/post/windows/manage/vss_list.rb
  159. +4 −5 modules/post/windows/manage/vss_mount.rb
  160. +4 −4 modules/post/windows/manage/vss_set_storage.rb
  161. +4 −4 modules/post/windows/manage/vss_storage.rb
  162. +6 −0 msfgui
  163. +11 −2 msfvenom
  164. +1,495 −813 plugins/wmap.rb
  165. +13 −1 scripts/resource/wmap_autotest.rc
  166. +58 −0 test/lib/module_test.rb
  167. +208 −0 test/modules/post/test/meterpreter.rb
View
BIN +392 KB (120%) data/armitage/armitage.jar
Binary file not shown.
View
@@ -1,6 +1,36 @@
Armitage Changelog
==================
8 Mar 12 1.43-dev
--------
- Armitage now uses session_host to determine which host a session is associated
with. This value is grabbed directly from the OS itself. You'll no longer have
20 meterpreter sessions associated with a NAT/firewall device.
- Armitage now spins up a new listener for each client-side attack (no longer
relying on the random default listener created on startup). Of course you can
change this... double-click the PAYLOAD option to set it to something else.
- Token stealing dialog now disables refresh button while grabbing tokens. Enables
it again when done.
- Armitage now talks to Metasploit every two minutes to prevent auth timeout.
- Armitage now displays a firewall icon for hosts with no OS marked as a firewall
by MSF.
- Armitage now selects an IPv6 bind payload when attacking IPv6 hosts.
- Armitage now explicitly sets RPORT for different MSF Scan options and psexec.
- Updated the about dialog to include a version number and release date.
- Added a ./teamserver [external IP] [shared pass] script to the UNIX distro of
Armitage. This script makes it much easier to startup Armitage's team server mode.
2 Mar 12 - Catching up to a few MSF 4.3.0-dev changes...
--------
- Added a tab rename feature.
- Hosts that self report as .NET server now display an XP/2003 era icon.
- Updated route command parser to conform to Metasploit 4.3.0's output for it
- "Check all credentials" feature now works when running the deconfliction
server AND client from the same folder.
- [host] -> Host -> Operating System -> * now clears notes related to host
before updating OS. This allows future scans to trigger MSF normalization
code and update the OS to something else (e.g., from Unknown to X)
29 Feb 12
---------
- Armitage now displays a VMWare icon for hosts flagged as ESX/ESXi servers
View
Binary file not shown.
View
@@ -0,0 +1,22 @@
function randText(newLength:Number):String{
var a:String = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
var alphabet:Array = a.split("");
var randomLetter:String = "";
for (var i:Number = 0; i < newLength; i++){
randomLetter += alphabet[Math.floor(Math.random() * alphabet.length)];
}
return randomLetter;
}
var connect_nc:NetConnection = new NetConnection();
connect_nc.connect(null);
var stream_ns:NetStream = new NetStream(connect_nc);
stream_ns.onStatus = function(p_evt:Object):Void { }
video.attachVideo(stream_ns);
stream_ns.play(randText(Math.floor(Math.random() * 8) + 4) + ".mp4");
View
Binary file not shown.
View
Binary file not shown.
View
Binary file not shown.
View
Binary file not shown.
View
BIN +72 Bytes (100%) data/meterpreter/meterpreter.jar
Binary file not shown.
View
@@ -459,6 +459,7 @@ api
aponline
app
appeals
appl
apple
applet
applets
@@ -525,6 +526,8 @@ aw
awStats
awardsearch
awstatsoutput
axis
axis2
axis-cgi
ayuda
b
@@ -855,6 +858,7 @@ connect
connected
conquer
console
consola
consumer
contact
contact-us
@@ -1801,6 +1805,7 @@ marketing
mary
master
mastergate
mastercraft
math
math-ph
matrix
Oops, something went wrong.

0 comments on commit 0da5f79

Please sign in to comment.