Skip to content

Commit bfbae5f

Browse files
David MaloneyDavid Maloney
authored andcommitted
Merge branch 'upstream-master' into WinRM_piecemeal
Conflicts: lib/msf/core/exploit/winrm.rb
2 parents 1dcbbdf + b3e02f1 commit bfbae5f

File tree

323 files changed

+1117
-530
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

323 files changed

+1117
-530
lines changed

lib/msf/core/exploit/winrm.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
require 'rex/proto/ntlm/constants'
66
require 'rex/proto/ntlm/utils'
77
require 'rex/proto/ntlm/exceptions'
8+
89
module Msf
910
module Exploit::Remote::WinRM
1011
include Exploit::Remote::NTLM::Client

lib/msf/core/module/author.rb

Lines changed: 33 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -12,38 +12,39 @@ class Msf::Module::Author
1212
# A hash of known author names
1313
Known =
1414
{
15-
'hdm' => 'hdm' + 0x40.chr + 'metasploit.com',
16-
'spoonm' => 'spoonm' + 0x40.chr + 'no$email.com',
17-
'skape' => 'mmiller' + 0x40.chr + 'hick.org',
18-
'vlad902' => 'vlad902' + 0x40.chr + 'gmail.com',
19-
'optyx' => 'optyx' + 0x40.chr + 'no$email.com',
20-
'anonymous' => 'anonymous-contributor' + 0x40.chr + 'metasploit.com',
21-
'stinko' => 'vinnie' + 0x40.chr + 'metasploit.com',
22-
'MC' => 'mc' + 0x40.chr + 'metasploit.com',
23-
'cazz' => 'bmc' + 0x40.chr + 'shmoo.com',
24-
'pusscat' => 'pusscat' + 0x40.chr + 'metasploit.com',
25-
'skylined' => 'skylined' + 0x40.chr + 'edup.tudelft.nl',
26-
'patrick' => 'patrick' + 0x40.chr + 'osisecurity.com.au',
27-
'Ramon de C Valle'=> 'rcvalle' + 0x40.chr + 'metasploit.com',
28-
'I)ruid' => 'druid' + 0x40.chr + 'caughq.org',
29-
'egypt' => 'egypt' + 0x40.chr + 'metasploit.com',
30-
'kris katterjohn' => 'katterjohn' + 0x40.chr + 'gmail.com',
31-
'CG' => 'cg' + 0x40.chr + 'carnal0wnage.com',
32-
'et' => 'et' + 0x40.chr + 'metasploit.com',
33-
'sf' => 'stephen_fewer' + 0x40.chr + 'harmonysecurity.com',
34-
'kf' => 'kf_list' + 0x40.chr + 'digitalmunition.com',
35-
'ddz' => 'ddz' + 0x40.chr + 'theta44.org',
36-
'jduck' => 'jduck' + 0x40.chr + 'metasploit.com',
37-
'natron' => 'natron' + 0x40.chr + 'metasploit.com',
38-
'todb' => 'todb' + 0x40.chr + 'metasploit.com',
39-
'msmith' => 'msmith' + 0x40.chr + 'metasploit.com',
40-
'jcran' => 'jcran' + 0x40.chr + 'metasploit.com',
41-
'sinn3r' => 'sinn3r' + 0x40.chr + 'metasploit.com',
42-
'bannedit' => 'bannedit' + 0x40.chr + 'metasploit.com',
43-
'amaloteaux' => 'alex_maloteaux' + 0x40.chr + 'metasploit.com',
44-
'Carlos Perez' => 'carlos_perez' + 0x40.chr + 'darkoperator.com',
45-
'juan vazquez' => 'juan.vazquez' + 0x40.chr + 'metasploit.com',
46-
'theLightCosine' => 'theLightCosine' + 0x40.chr + 'metasploit.com'
15+
'hdm' => 'hdm' + 0x40.chr + 'metasploit.com',
16+
'spoonm' => 'spoonm' + 0x40.chr + 'no$email.com',
17+
'skape' => 'mmiller' + 0x40.chr + 'hick.org',
18+
'vlad902' => 'vlad902' + 0x40.chr + 'gmail.com',
19+
'optyx' => 'optyx' + 0x40.chr + 'no$email.com',
20+
'anonymous' => 'anonymous-contributor' + 0x40.chr + 'metasploit.com',
21+
'stinko' => 'vinnie' + 0x40.chr + 'metasploit.com',
22+
'MC' => 'mc' + 0x40.chr + 'metasploit.com',
23+
'cazz' => 'bmc' + 0x40.chr + 'shmoo.com',
24+
'pusscat' => 'pusscat' + 0x40.chr + 'metasploit.com',
25+
'skylined' => 'skylined' + 0x40.chr + 'edup.tudelft.nl',
26+
'patrick' => 'patrick' + 0x40.chr + 'osisecurity.com.au',
27+
'Ramon de C Valle' => 'rcvalle' + 0x40.chr + 'metasploit.com',
28+
'I)ruid' => 'druid' + 0x40.chr + 'caughq.org',
29+
'egypt' => 'egypt' + 0x40.chr + 'metasploit.com',
30+
'kris katterjohn' => 'katterjohn' + 0x40.chr + 'gmail.com',
31+
'CG' => 'cg' + 0x40.chr + 'carnal0wnage.com',
32+
'et' => 'et' + 0x40.chr + 'metasploit.com',
33+
'sf' => 'stephen_fewer' + 0x40.chr + 'harmonysecurity.com',
34+
'kf' => 'kf_list' + 0x40.chr + 'digitalmunition.com',
35+
'ddz' => 'ddz' + 0x40.chr + 'theta44.org',
36+
'jduck' => 'jduck' + 0x40.chr + 'metasploit.com',
37+
'natron' => 'natron' + 0x40.chr + 'metasploit.com',
38+
'todb' => 'todb' + 0x40.chr + 'metasploit.com',
39+
'msmith' => 'msmith' + 0x40.chr + 'metasploit.com',
40+
'jcran' => 'jcran' + 0x40.chr + 'metasploit.com',
41+
'sinn3r' => 'sinn3r' + 0x40.chr + 'metasploit.com',
42+
'bannedit' => 'bannedit' + 0x40.chr + 'metasploit.com',
43+
'amaloteaux' => 'alex_maloteaux' + 0x40.chr + 'metasploit.com',
44+
'Carlos Perez' => 'carlos_perez' + 0x40.chr + 'darkoperator.com',
45+
'juan vazquez' => 'juan.vazquez' + 0x40.chr + 'metasploit.com',
46+
'theLightCosine' => 'theLightCosine' + 0x40.chr + 'metasploit.com',
47+
'mubix' => 'mubix' + 0x40.chr + 'hak5.org'
4748
}
4849

4950
#

lib/msf/core/modules/loader/base.rb

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -541,7 +541,9 @@ def restore_namespace_module(parent_module, relative_name, namespace_module)
541541
# the const may have been redefined by {#create_namespace_module}, in which case that new namespace_module needs
542542
# to be removed so the original can replace it.
543543
if parent_module.const_defined? relative_name
544-
remove_const relative_name
544+
parent_module.instance_eval do
545+
remove_const relative_name
546+
end
545547
end
546548

547549
parent_module.const_set(relative_name, namespace_module)

lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb

Lines changed: 66 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,14 @@ class Console::CommandDispatcher::Stdapi::Sys
4343
"-t" => [ true, "The registry value type (E.g. REG_SZ)." ],
4444
"-v" => [ true, "The registry value name (E.g. Stuff)." ],
4545
"-r" => [ true, "The remote machine name to connect to (with current process credentials" ],
46-
"-w" => [ false, "Set KEY_WOW64 flag, valid values [32|64]." ])
46+
"-w" => [ false, "Set KEY_WOW64 flag, valid values [32|64]." ])
47+
48+
@@ps_opts = Rex::Parser::Arguments.new(
49+
"-h" => [ false, "Help menu." ],
50+
"-S" => [ true, "Filters processes on the process name using the supplied RegEx"],
51+
"-A" => [ true, "Filters processes on architecture (x86 or x86_64)" ],
52+
"-s" => [ false, "Show only SYSTEM processes" ],
53+
"-U" => [ true, "Filters processes on the user using the supplied RegEx" ])
4754

4855
#
4956
# List of supported commands.
@@ -274,6 +281,54 @@ def cmd_kill(*args)
274281
#
275282
def cmd_ps(*args)
276283
processes = client.sys.process.get_processes
284+
@@ps_opts.parse(args) do |opt, idx, val|
285+
case opt
286+
when "-h"
287+
cmd_ps_help
288+
return true
289+
when "-S"
290+
print_line "Filtering on process name..."
291+
searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
292+
processes.each do |proc|
293+
if val.nil? or val.empty?
294+
print_line "You must supply a search term!"
295+
return false
296+
end
297+
searched_procs << proc if proc["name"].match(/#{val}/)
298+
end
299+
processes = searched_procs
300+
when "-A"
301+
print_line "Filtering on arch..."
302+
searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
303+
processes.each do |proc|
304+
next if proc['arch'].nil? or proc['arch'].empty?
305+
if val.nil? or val.empty? or !(val == "x86" or val == "x86_64")
306+
print_line "You must select either x86 or x86_64"
307+
return false
308+
end
309+
searched_procs << proc if proc["arch"] == val
310+
end
311+
processes = searched_procs
312+
when "-s"
313+
print_line "Filtering on SYSTEM processes..."
314+
searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
315+
processes.each do |proc|
316+
searched_procs << proc if proc["user"] == "NT AUTHORITY\\SYSTEM"
317+
end
318+
processes = searched_procs
319+
when "-U"
320+
print_line "Filtering on user name..."
321+
searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
322+
processes.each do |proc|
323+
if val.nil? or val.empty?
324+
print_line "You must supply a search term!"
325+
return false
326+
end
327+
searched_procs << proc if proc["user"].match(/#{val}/)
328+
end
329+
processes = searched_procs
330+
end
331+
end
277332
if (processes.length == 0)
278333
print_line("No running processes were found.")
279334
else
@@ -284,6 +339,15 @@ def cmd_ps(*args)
284339
return true
285340
end
286341

342+
def cmd_ps_help
343+
print_line "Use the command with no arguments to see all running processes."
344+
print_line "The following options can be used to filter those results:"
345+
346+
print_line @@ps_opts.usage
347+
end
348+
349+
350+
287351
#
288352
# Reboots the remote computer.
289353
#
@@ -595,6 +659,7 @@ def cmd_shutdown(*args)
595659
client.sys.power.shutdown
596660
end
597661

662+
598663
end
599664

600665
end

modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,13 +35,11 @@ def initialize
3535
'Author' => 'jduck',
3636
'License' => MSF_LICENSE,
3737
'Version' => '$Revision$',
38-
'Platform' => [ 'win' ],
3938
'References' =>
4039
[
4140
[ 'OSVDB', '65533'],
4241
[ 'URL', 'http://seclists.org/bugtraq/2010/Jun/160' ]
4342
],
44-
'Privileged' => true,
4543
'DisclosureDate' => 'Jun 15 2010'
4644
)
4745

modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ def initialize
3636
[ 'OSVDB', '73447' ],
3737
[ 'CVE', '2008-2938' ],
3838
[ 'URL', 'http://www.securityfocus.com/archive/1/499926' ],
39-
[ 'EDB', 17388 ],
39+
[ 'EDB', '17388' ],
4040
[ 'BID', '48225' ],
4141
],
4242
'Author' => [ 'patrick' ],

modules/auxiliary/admin/http/typo3_sa_2009_002.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ def initialize(info = {})
3232
['OSVDB', '52048'],
3333
['CVE', '2009-0815'],
3434
['URL', 'http://secunia.com/advisories/33829/'],
35-
['EDB', 8038],
35+
['EDB', '8038'],
3636
['URL', 'http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/'],
3737
],
3838
'DisclosureDate' => 'Feb 10 2009',

modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,8 +26,7 @@ def initialize(info = {})
2626
},
2727
'Author' => [ 'nullbind <scott.sutherland[at]netspi.com>' ],
2828
'License' => MSF_LICENSE,
29-
'Platform' => [ 'Windows' ],
30-
'References' => [[ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ]],
29+
'References' => [[ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ]]
3130
))
3231

3332
register_options(

modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,8 +33,7 @@ def initialize(info = {})
3333
[ 'Automatic', { } ],
3434
],
3535
'DefaultTarget' => 0,
36-
'Platform' => [ 'Windows' ],
37-
'References' => [[ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ]],
36+
'References' => [[ 'URL', 'http://en.wikipedia.org/wiki/SMBRelay' ]]
3837
))
3938

4039
register_options(

modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,6 @@ def initialize
4545
['URL', 'http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000898.1-1']
4646
],
4747
# Tested OK against sol8.tor 20100624 -jjd
48-
'Privileged' => true,
4948
'DisclosureDate' => 'Jan 22 2003')
5049

5150
register_options(

0 commit comments

Comments
 (0)