Activity
From 08/04/2010 to 09/02/2010
09/01/2010
- 08:15 pm Metasploit Framework Bug #2482 (New): Microsoft Windows Authenticated User Code Execution with Windows Add User Payload
- Hi,
I was trying the above exploit using a NTLM hash to exploit and then deploying windows adduser payload
Connec... - 07:02 pm Metasploit Framework Bug #2481 (New): "O" option no longer works with msfpayload
- When using the O option, msfpayload responds by generating the raw output of the payload. e.g. "./msfpayload /windows...
- 04:26 pm Metasploit Framework Revision 10216: Whoops forgot the x.
- 03:47 pm Metasploit Framework Feature #2480 (New): Addition of the Alpha3 Encoder
- Since the Alpha3 Encoder apparently has a smaller decoder and the additional encoding options, it could be a good add...
- 03:40 pm Metasploit Framework Revision 10214: Adds xml_char_encode. Like html_encode, but allows xml-safe character through.
- 03:06 pm Metasploit Framework Revision 10213: Handle updating the updated_at time for just-checked credentials better.
- 02:26 am Metasploit Framework Feature #2306: ARM payload - Linux Execute Command
- Hi Joshua,
Try with new attached file.
regards, - 02:26 am Metasploit Framework Bug #2474: Microsoft Windows Authenticated User Code Execution with Windows Add User Payload
- Revision 10155
- 01:54 am Metasploit Framework Bug #2474 (New): Microsoft Windows Authenticated User Code Execution with Windows Add User Payload
- Hi,
I was trying the above exploit using a NTLM hash to exploit and then deploying windows adduser payload
Conne...
08/31/2010
- 11:36 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- ext_server_stdapi.so needs to go to data/meterpreter/ext_server_stdapi.so
msflinker.bin needs to go to data/msflinke... - 08:35 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- I will go through the build process information in the documentation I wrote to see what's missing / could be improve...
- 06:57 pm Metasploit Framework Revision 10211: fix a typo
- 06:49 pm Metasploit Framework Revision 10210: put scanner modules in the scanner directory
- 06:43 pm Metasploit Framework Revision 10209: coldfusion directory traversal module
- 04:24 pm Metasploit Framework Bug #2465 (Resolved): msfrpcd has activerecord weirdness
- Applied in changeset r10207.
- 04:24 pm Metasploit Framework Revision 10207: Initialize framework after forking when running msfrpcd as a daemon. Fixes #2465 ...
- 01:33 pm Metasploit Framework Bug #2466: Metasploit history is inconsistent
- In addition, external commands (like msfpayload) or commands with a typo do not appear in the history at all, which i...
- 01:33 pm Metasploit Framework Revision 10205: Checking in missing reporting stuff for bruteforce. Namely, report_exploit, also ...
- 10:55 am Metasploit Framework Revision 10204: update test notes
- 08:11 am Metasploit Framework Revision 10203: add termio.h back, see #2418
- 08:10 am Metasploit Framework Revision 10202: sync up with Philip's code, see #2418
- 08:05 am Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- Philip, I'm working to sync things up here. I noticed there are no binaries, and unfortunately, my attempts to recrea...
- 04:44 am Metasploit Framework Revision 10201: add osvdb ref
- 01:53 am Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- Here's a patch that applies cleanly against svn head....
08/30/2010
- 11:14 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- < metasploit >
------------
\ ,__,
\ (oo)____
(__) )\
||--|| *
... - 06:09 pm Metasploit Framework Bug #2465: msfrpcd has activerecord weirdness
- Ok, the problem is the thread dies on the line ...
- 04:49 pm Metasploit Framework Bug #2465: msfrpcd has activerecord weirdness
- The processing seems to die as soon as the rpcd backgrounds. Everything will function correctly when -f is used to ke...
- 04:43 pm Metasploit Framework Bug #2465: msfrpcd has activerecord weirdness
- What I'm seeing with debug statements is that in lib/msf/core/db.rb the report_host function calls ...
- 04:31 pm Metasploit Framework Revision 10199: add Win7 IE8 target
- 03:59 pm Metasploit Framework Revision 10198: Use new search command and script for search/download in gui.
- 03:17 pm Metasploit Framework Revision 10197: dunno why i never thought of this before. clean up spawned exploits when stoppin...
- 02:52 pm Metasploit Framework Revision 10196: add CVE reference
- 02:36 pm Metasploit Framework Revision 10195: make the LPORT_JAVA option actually visible
- 01:50 pm Metasploit Framework Revision 10194: update description
- 01:44 pm Metasploit Framework Revision 10193: nudge reliability up
- 01:42 pm Metasploit Framework Revision 10192: add exploit for quicktime backdoor
- 01:41 pm Metasploit Framework Revision 10191: style compliance fixes
- 01:40 pm Metasploit Framework Revision 10190: style compliance fixes
- 12:09 pm Metasploit Framework Bug #2466 (New): Metasploit history is inconsistent
- The meterpreter history is inconsistent.
History from a meterpreter session is available from the msf> prompt.
... - 11:09 am Metasploit Framework Revision 10188: Error in variable declaration, minor output improvement
- 02:50 am Metasploit Framework Revision 10187: Meterpreter search support to leverage the index on older systems (2000/XP/2003) ...
08/29/2010
- 11:39 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- Some other changes:
Added PTY support to execute -f /bin/sh -i
Added a dlsocket() routine in case msflinker is st... - 06:55 pm Metasploit Framework Revision 10186: Meterpreter script for finding and saving name and path to file for easy selectio...
- 06:33 pm Metasploit Framework Revision 10185: missed an end
- 06:30 pm Metasploit Framework Revision 10184: Fixed typo on 2 xmmp SRV record typos, wildcard management of CNAME records and r...
- 05:20 pm Metasploit Framework Bug #507: dns_enum gives error about undefined address method (2)
- After lots of testing I'm beginning to believe the problem might be in the lib, since it is version 0.4 and net-dns i...
08/28/2010
- 07:50 pm Metasploit Framework Revision 10182: Allow viewing connection details.
- 12:56 pm Metasploit Framework Revision 10180: Only enable menus when connected to an msfrpc server
- 12:43 pm Metasploit Framework Revision 10179: Simplify calling RPC functions in gui with implicit argument array.
- 12:24 pm Metasploit Framework Feature #2433 (Closed): XMLRPCD DB support
- fixed by r10177
- 12:23 pm Metasploit Framework Revision 10178: Basic gui plugin support.
- 11:21 am Metasploit Framework Bug #2292 (Resolved): Allow loading plugins from rpc
- Applied in changeset r10177.
- 11:21 am Metasploit Framework Revision 10177: Add plugin support to rpc. Fixes #2292
- 11:09 am Metasploit Framework Revision 10176: Add support for database connect and disconnect, saving connection details.
- 10:37 am Metasploit Framework Feature #2464 (Resolved): db_connect/driver/status commands for xmlrpc
- Applied in changeset r10175.
- 10:37 am Metasploit Framework Revision 10175: Fixes #2464
- 12:06 am Metasploit Framework Bug #2465 (Resolved): msfrpcd has activerecord weirdness
- Scriptjunkie pointed me to some oddness with msfrpcd. When loading xmlrpc plugin through msfconsole, report_host wor...
08/27/2010
- 11:42 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- Here's a new patch with various fixes.
execute -f /bin/sh -i works (with no pty support).
commit 249804e7a93fb6... - 10:42 pm Metasploit Framework Feature #2464 (Resolved): db_connect/driver/status commands for xmlrpc
- these should cover the basics for db_connections remotely
- 02:26 pm Metasploit Framework Revision 10173: style compliance fixes
- 02:19 pm Metasploit Framework Revision 10172: add dest adjust option to omelete hunter
- 01:58 pm Metasploit Framework Bug #2462 (New): DLLHijackink exploit dosen't work
- when I launch the webdav_dll_hijacker exploit it dosen't work here the output :
msf exploit(webdav_dll_hijacker) ... - 11:46 am Metasploit Framework Feature #2296: Adding RPORTS to scanner modules
- Yes that would be true if only checking one port on one system; however, if you are checking say ports 1521-1526 on a...
- 11:28 am Metasploit Framework Bug #2334 (Resolved): bz2'd distribution should follow the framework-3.x.x convention for extract...
- Applied in changeset r10171.
- 11:27 am Metasploit Framework Revision 10171: do the tar.bz2 as part of the normal build process. fixes #2334
- 11:20 am Metasploit Framework Feature #2296: Adding RPORTS to scanner modules
- Most scanners presume that a RST or other connection fail is the end of the show, but this shouldn't be too hard to i...
- 10:46 am Metasploit Framework Bug #2439: Add an executable template that is compatible with NT4
- Trying editbin (from VS2008) on the template EXEs result in:...
- 10:28 am Metasploit Framework Bug #2439: Add an executable template that is compatible with NT4
- Not sure what revs changed this, but it seems the default EXE template is now working just fine on NT4. It may have j...
- 10:24 am Metasploit Framework Revision 10170: improve reliability, add automatic cleanup functionality (if using meterpreter pa...
- 10:23 am Metasploit Framework Revision 10169: expose the payload exe filename, remove the concat operator
- 10:16 am Metasploit Framework Revision 10168: default to no concatenation
- 08:18 am Metasploit Framework Bug #2459: Msf::Util:EXE.to_win32pe fails with Metasm parse error
- HD committed r10164 in response to this bug. We will need more testing to know if it fixes it since it seems rare tha...
- 07:59 am Metasploit Framework Revision 10167: Commit the ruby side for meterpreter file search. If available, will leverage Win...
- Find all .PDF files on the host system:
meterpreter>search *.pdf
Find all files on bob's desktop:
meterprete... - 07:45 am Metasploit Framework Revision 10166: ...and the bins for file searching.
- 07:44 am Metasploit Framework Revision 10165: Commit the source for meterpreter file searching...
- 05:26 am Metasploit Framework Bug #2314: db_autopwn Waiting...
- Any news on this bug?
08/26/2010
- 10:21 pm Metasploit Framework Feature #2461 (New): More exploits should use on_new_session to clean up after themselves
- 10:20 pm Metasploit Framework Bug #2460 (New): Exceptions raised in an exploit's on_new_session callback silently aborts sessio...
- This just needs to be wrapped in a rescue with some logging in lib/msf/core/payload.rb
- 10:11 pm Metasploit Framework Revision 10164: This should fix #2459 - the "short" qualifiers were not being removed from all as...
- 10:00 pm Metasploit Framework Bug #2459 (New): Msf::Util:EXE.to_win32pe fails with Metasm parse error
- The error was:...
- 09:44 pm Metasploit Framework Revision 10163: dont let close exceptions slow us down
- 08:14 pm Metasploit Framework Bug #2264: rexploit changes exploit settings
- I just realized the use case where this makes sense - passive modules (eg modules running as a job).
rexploit/reru... - 08:06 pm Metasploit Framework Feature #2455 (New): allow returning to a running job's module context
- Currently, in order to return to the module you spawned you must re-"use <module>".
It would be nice if there was ... - 07:41 pm Metasploit Framework Bug #2264: rexploit changes exploit settings
- In our current code, when the exploit is reloaded the default options re-populate the datastore. Changing this behavi...
- 07:39 pm Metasploit Framework Bug #2438: Psexec does not work against NT4
- HD, would you care to comment on this one?
- 07:23 pm Metasploit Framework Feature #2453 (New): Split up stdapi meterpreter into posix/windows interface
- There is a large amount of commands that are (for the foreseeable future) mostly irrelevant towards posix.
When us... - 07:12 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- I am currently working on execute / shell support. I won't add pty code just yet (though the pty will be a major feat...
- 07:01 pm Metasploit Framework Feature #2452 (New): POSIX linker should support non executable patches
- Currently, the POSIX linker only supports hosts where you can mmap() PROT_READ|PROT_WRITE|PROT_EXEC.
Depending on ... - 06:03 pm Metasploit Framework Feature #2306: ARM payload - Linux Execute Command
- Hrm. There is some disconnect between Android and the ARM Linux you're using then. I'll have to look deeper into it. ...
- 04:49 pm Metasploit Framework Revision 10161: Tabs disabled until loaded from database, auto-load database on connect, and more...
- 03:30 pm Metasploit Framework Bug #2435: DHCP server fails to send to broadcast
- That was the problem! I assume Carlos Perez had the same issue; the backtrack VM I was testing was connected with a v...
- 01:42 pm Metasploit Framework Feature #2306: ARM payload - Linux Execute Command
- Hi,
I have tested and it works. see attached file "demo2.txt" - 01:21 pm Metasploit Framework Revision 10160: style compliance fixes
- 12:40 pm Metasploit Framework Feature #2306: ARM payload - Linux Execute Command
- Also, I tested using:...
- 12:39 pm Metasploit Framework Feature #2306: ARM payload - Linux Execute Command
- Perhaps your payload depends on a particular starting context to succeed?
- 12:37 pm Metasploit Framework Bug #2435: DHCP server fails to send to broadcast
- I probably look like a silly silly man for splitting this and then just committing basically the same change. I did i...
- 12:35 pm Metasploit Framework Bug #2435 (Resolved): DHCP server fails to send to broadcast
- Applied in changeset r10159.
- 12:34 pm Metasploit Framework Revision 10159: fixes #2435, add BROADCAST option to DHCP server, use in cases where sending to 2...
- 12:11 pm Metasploit Framework Bug #2450: webdav_dll_hijacker doesn't allow 4-letter extensions
- This patch to simply allow 4 character extensions is likely to break the default action of providing the HTML data th...
- 12:00 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- Philip,
Feel free to create additional tickets for feature requests etc. I have some pty code if you want to integ... - 10:32 am Metasploit Framework Revision 10158: resolve some case insensitive filename issues
- 08:31 am Metasploit Framework Revision 10157: remove unnecessary stuff from the old msfgui
- 02:04 am Metasploit Framework Feature #2306: ARM payload - Linux Execute Command
- No, I don't tested with Android.
So, I have generate payload on my original os (archlinux-x86) and I have tested wit... - 01:32 am Metasploit Framework Bug #2450 (New): webdav_dll_hijacker doesn't allow 4-letter extensions
- Here's a check in webdav_dll_hijacker.rb that determines whether to send a fake document or a redirect:...
- 12:25 am Metasploit Framework Revision 10156: update additional files, see #2418
08/25/2010
- 11:14 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- ah. I thought there was stuff missing when I looked at http://www.metasploit.com/redmine/projects/framework/repositor...
- 11:11 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
Try something along the lines of:
git clone git://github.com/philip-k-sanderson/metasploit-posix-meterpreter.git...- 10:58 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- There is a fair lot of stuff missing, such as not nuking ulibc directory / other changes. Let me have a look at it, a...
- 10:24 pm Metasploit Framework Revision 10155: remove the old elf server, see #2418, should have been part of r10154
- 10:17 pm Metasploit Framework Bug #2418 (Assigned): Complete support for the POSIX Meterpreter
- Hey Philip,
It's an absolute nightmare to merge your changes from git->svn due to the number of false-positive diffe... - 10:16 pm Metasploit Framework Revision 10154: first attempt to merge in Philip Sanderson's work on the POSIX meterpreter
- 08:26 pm Metasploit Framework Feature #2306: ARM payload - Linux Execute Command
- I tested on android and it was a no-go. I don't (nor do I expect many others to) have a copy of Ubuntu or ArchLinux f...
- 07:14 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- linker 0 FOUND server_setup in metsrv_main (00004bdd) 00000455
linker[ metsrv server_setup is at 00136bdd, callin... - 03:59 pm Metasploit Framework Feature #2306: ARM payload - Linux Execute Command
- Hi,
See attached file "demo.txt"
regards, - 02:46 pm Metasploit Framework Feature #2306 (Assigned): ARM payload - Linux Execute Command
- Jonathan,
I merged your payload but it didn't work in my test. See r10152. - 02:44 pm Metasploit Framework Revision 10152: add two contributed linux armle payloads, thx guys!
- 02:03 pm Metasploit Framework Revision 10151: rename x86 elf template src file
- 01:59 pm Metasploit Framework Feature #684 (Assigned): Egghunter Improvements
- 01:55 pm Metasploit Framework Revision 10150: see #684, adds checksum support, updates modules to use it, fixes some wfs_delay/...
- 01:54 pm Metasploit Framework Revision 10149: default badchars to payload_badchars
- 01:31 pm Metasploit Framework Revision 10148: overhaul smtp to add support for authentication and STARTTLS. can now send email...
- 01:23 pm Metasploit Framework Revision 10147: add syscall name comment
- 12:22 pm Metasploit Framework Revision 10145: Remove the duplicate copy
- 10:46 am Metasploit Framework Revision 10144: oops, semicolon is a comment except when used in metasm_shell
- 09:52 am Metasploit Framework Revision 10143: merge in checksum support, add quick-n-dirty unit test
- 09:18 am Metasploit Framework Revision 10142: correct typo, thx jcran
- 08:13 am Metasploit Framework Revision 10141: Updated with revision data, additional bug fixes
- 08:13 am Metasploit Framework Revision 10140: Add a revision
- 08:11 am Metasploit Framework Revision 10139: Add a packaging script
- 08:09 am Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- Here's the first patch.
It contains:
1) Instructions
2) Modified bionic libc / libm (well, added a makefile fo... - 08:05 am Metasploit Framework Revision 10138: Use the same wait logic for analyze
- 08:04 am Metasploit Framework Revision 10137: Fix CSV parsing when the timestamp has a comma, extend the wait period during the...
- 07:33 am Metasploit Framework Revision 10136: Regenerated binaries, error when CSV is missing
- 07:21 am Metasploit Framework Revision 10135: Actually track this in SVN
08/24/2010
- 11:57 pm Metasploit Framework Revision 10134: Better, Faster, Stronger: DLLHijackAuditKit v2
- 07:28 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- ulibc is not used for anything else.
I'm currently preparing a clean source tree and removing unused code (such as... - 07:05 pm Metasploit Framework Revision 10133: Add import capability and simplify reloading database.
- 06:21 pm Metasploit Framework Revision 10132: add forward search, reset between eggs, move options into a hash
- 02:58 pm Metasploit Framework Bug #2444 (Assigned): Add a exploited_hosts table
- No blog post for this update, since it just adds new stuff, doesn't change old stuff.
Note that exploited hosts ar... - 02:57 pm Metasploit Framework Bug #2444 (Resolved): Add a exploited_hosts table
- Applied in changeset r10130.
- 02:57 pm Metasploit Framework Revision 10130: Fixes #2444. Adds an ExploitedHost table, adds the db_exploited command, adds the...
- Tested with meterpreter, shell, and clientside exploit sessions.
- 02:54 pm Metasploit Framework Bug #2444 (Assigned): Add a exploited_hosts table
- This will make scorekeeping a lot easier.
- 12:29 pm Metasploit Framework Revision 10129: bugfix for the revert command
- 11:22 am Metasploit Framework Revision 10128: style compliance fixes
- 11:22 am Metasploit Framework Revision 10127: add svn keywords
- 11:20 am Metasploit Framework Revision 10126: add no-js version of adobe_pdf_embedded_exe from Jeremy Conway
- 07:13 am Metasploit Framework Revision 10125: Add /accepteula to the batch script
- 02:03 am Metasploit Framework Bug #2440 (New): Keystroke_dump
- Hi,
I have a https reverse meterpreter payload connecting back to the listener via a NAT network.
I was trying ...
08/23/2010
- 05:56 pm Metasploit Framework Feature #502 (Closed): The msfgui interface is no longer supported
- done.
- 05:29 pm Metasploit Framework Bug #2243 (Closed): msfrpc shell_read function blocks
- And now I can't reproduce. Closing.
- 05:22 pm Metasploit Framework Revision 10124: Initial Database support, with improved basic view.
- 04:06 pm Metasploit Framework Bug #2439: Add an executable template that is compatible with NT4
- Issue #2046 has been updated by Stephen Fewer.
Don't know if this is useful for this ticket but to get Meterpreter... - 04:04 pm Metasploit Framework Bug #2439 (New): Add an executable template that is compatible with NT4
- This issue was recreated to replace the accidentally deleted #2046.
Using ms01-026 with nt4sp6 doesn't work withou... - 04:01 pm Metasploit Framework Feature #654: Windows 'cmd' stagers required
- scriptjunkie - wrote:
> vbs down/exec. https://www.metasploit.com/redmine/issues/1876 </shameless plug for 1876>
... - 04:00 pm Metasploit Framework Feature #654: Windows 'cmd' stagers required
- To close this ticket, we really need to figure out how to permanently integrate cmd stagers into our exploit/aux modu...
- 03:58 pm Metasploit Framework Bug #2438 (New): Psexec does not work against NT4
- The psexec exploit does not execute on Windows NT 4. It doesn't get to the uploading phase.
** This bug is a repl... - 03:56 pm Metasploit Framework Feature #1876: More windows CMD payloads
- sj,
We do not currently include the "cmd /c" part in the payloads, as that may or may not be required depending on... - 03:50 pm Metasploit Framework Feature #1876 (Resolved): More windows CMD payloads
- Applied in changeset r10122.
- 03:50 pm Metasploit Framework Revision 10122: add two windows cmd payloads from scriptjunkie, fixes #1876
- 03:49 pm Metasploit Framework Revision 10121: add svn:keywords property
- 03:32 pm Metasploit Framework Revision 10120: remove asm file now that the assembly is inlined in the class
- 02:30 pm Metasploit Framework Feature #738: enable creating a resource file from the commands executed since the start of the s...
- I went one step further and made it so the "makerc" command reset after saving. That way you can create multiple rc's...
- 02:27 pm Metasploit Framework Feature #654: Windows 'cmd' stagers required
- vbs down/exec. https://www.metasploit.com/redmine/issues/1876 </shameless plug for 1876>
- 02:19 pm Metasploit Framework Feature #738 (Resolved): enable creating a resource file from the commands executed since the sta...
- Applied in changeset r10119.
- 02:19 pm Metasploit Framework Revision 10119: add the "makerc" command for quick resource script generation, fixes #738
- 02:03 pm Metasploit Framework Revision 10118: another omelet update from Peter, this time with in-line assembly
- 01:56 pm Metasploit Framework Revision 10117: only read the history file if we have no history
- 01:19 pm Metasploit Framework Feature #654: Windows 'cmd' stagers required
- So far we have:
TFTP client download & exec
Debug.exe via editing memory block / writing file
Debug.exe via asse... - 12:53 pm Metasploit Framework Revision 10116: couple minor fixes to omelet mixin/class
- 12:28 pm Metasploit Framework Revision 10115: Fix typo in audit.rb
- 12:19 pm Metasploit Framework Revision 10114: Update to reflect outstanding msf2 ports.
- 11:49 am Metasploit Framework Revision 10113: typo'd Matthias' name. i suck
- 11:05 am Metasploit Framework Revision 10112: fix broken free, type in require
- 10:45 am Metasploit Framework Revision 10111: Updating importing to deal with importing credentials from Metasploit Express XML.
- 10:43 am Metasploit Framework Revision 10110: add omlet stub asm source
- 10:37 am Metasploit Framework Revision 10109: typo in error string
- 10:35 am Metasploit Framework Revision 10108: add omlet mixin from Peter Van Eeckhoutte
- 09:58 am Metasploit Framework Revision 10107: add exploit from dookie, thx!
- 09:45 am Metasploit Framework Revision 10106: fix some 1.8/1.9 incompatabilities, should be last commit on #2329
- 09:43 am Metasploit Framework Bug #2329 (Resolved): PXE module
- RE: Note 6: The add_socket calls were added to the dhcp/tftp mixins in r10012. Note that we cannot add these for non-...
- 09:42 am Metasploit Framework Bug #2435 (Resolved): DHCP server fails to send to broadcast
- Also, the sendto(pkt, '255.255.255.255', 68) call fails, but a subnet broadcast address will work.
This was origin... - 09:39 am Metasploit Framework Revision 10105: add note about string indexing
- 09:27 am Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- I don't see any major problem with patching bionic after a check out. In fact, we often fork things and maintain our ...
- 09:17 am Metasploit Framework Revision 10104: Added tomcat utf8 traversal aux module.
- 08:27 am Metasploit Framework Bug #2434 (Resolved): hashdump meterpreter script broken
- Applied in changeset r10103.
- 08:27 am Metasploit Framework Revision 10103: Fixes #2434 by using the new report_auth_info API.
- 08:16 am Metasploit Framework Bug #2434 (Resolved): hashdump meterpreter script broken
- Reported from the framework mailing list:...
- 06:41 am Metasploit Framework Revision 10101: Set manual ranking until we have a vulnerable extension list added by default
08/22/2010
- 10:43 pm Metasploit Framework Revision 10100: Tools for testing DLL hijack flaws
- 08:09 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- so far so good:...
- 04:36 pm Metasploit Framework Bug #2427: winenum meterpreter scripts incorrectly detects windows 7
- I unfortunately can't test the patch as I don't have access to the machine anymore, but the bug is most probably fixe...
- 03:29 pm Metasploit Framework Bug #2329: PXE module
- Thanks to Carlos Perez for reporting.
- 03:28 pm Metasploit Framework Bug #2329: PXE module
- DHCP module fails on Backtrack (ruby 1.8.7) due to string indexing incompatibilities "\x01abc"[0] = "\x01" on 1.9.1 b...
- 02:16 pm Metasploit Framework Bug #2329 (Assigned): PXE module
- Still need to put add_socket calls in the pxexploit.rb module so it can close the DHCP server and TFTP server sockets.
- 01:19 pm Metasploit Framework Revision 10098: add egg override param for egghunter
08/21/2010
- 09:01 am Metasploit Framework Feature #2433 (Closed): XMLRPCD DB support
- Add support for db_connect to rpc so console commands are not needed. Otherwise rpcd users cannot easily connect. See...
- 04:50 am Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- Just a quick status update:
Due to problems with the existing rtld and linking against new headers (and failing to... - 12:53 am Metasploit Framework Revision 10096: make it a little easier to distinguish these two from their output
- 12:27 am Metasploit Framework Revision 10095: add source code for cve-2010-0840
- 12:20 am Metasploit Framework Revision 10094: Add a badchars argument
- 12:19 am Metasploit Framework Revision 10093: duh, dont actually need this
08/20/2010
- 11:38 pm Metasploit Framework Revision 10092: Add exploit module for cve-2010-08040. This is an awesome bug and my description...
- 11:28 pm Metasploit Framework Revision 10091: spawn out into another process so killing the browser won't drop our shell
- 01:49 pm Metasploit Framework Revision 10089: add java support to browser_autopwn
- 01:36 pm Metasploit Framework Revision 10088: add arch and platform filtering
- 01:35 pm Metasploit Framework Revision 10087: generate returning nil in payload.size
- 01:31 pm Metasploit Framework Revision 10086: 1.8.6 compatibility fix
- 12:39 pm Metasploit Framework Revision 10085: add payload length tool
- 12:17 pm Metasploit Framework Bug #2427: winenum meterpreter scripts incorrectly detects windows 7
- You will not see the entry because I removed that piece of code and changed it with the mixin call in Revision r10079...
- 12:07 pm Metasploit Framework Revision 10084: Add logging support to console sessions.
- 11:45 am Metasploit Framework Revision 10083: add -h and invalid param error to cmd_show
- 11:13 am Metasploit Framework Bug #2431: No payload with exploit mailapp_image_exec
- So far it looks like an oddity of this particular exploit--...
- 11:13 am Metasploit Framework Revision 10082: set ranking to manual, since there is no default target
- 11:04 am Metasploit Framework Bug #2432 (Resolved): uninitialized constant Msf::Payload::Java
- Applied in changeset r10081.
- 11:04 am Metasploit Framework Revision 10081: load java payload mixin, fixes #2432
- 10:59 am Metasploit Framework Bug #2427: winenum meterpreter scripts incorrectly detects windows 7
- Also, we should not be catching ::Exception, we should only catch specific exceptions.
It might make more sense to... - 10:58 am Metasploit Framework Bug #2427: winenum meterpreter scripts incorrectly detects windows 7
- I'm afraid I don't see any place where there isn't a begin/rescue block around such a registry access.
- 10:55 am Metasploit Framework Revision 10080: correct regex again, see #2427
- 10:40 am Metasploit Framework Bug #2432 (Resolved): uninitialized constant Msf::Payload::Java
- ...
- 09:50 am Metasploit Framework Bug #2431 (New): No payload with exploit mailapp_image_exec
- msf exploit(mailapp_image_exec) > show options
Module options:
Name Current Setting Required De... - 06:09 am Metasploit Framework Bug #2427: winenum meterpreter scripts incorrectly detects windows 7
- Made some changes in r10079 do test and let us know if the exception still happens. Also fixed another one of the reg...
- 06:07 am Metasploit Framework Revision 10079: Ticket #2427 Fixed regex in main part of the code and changed the UAC check to th...
- 04:36 am Metasploit Framework Revision 10078: add osvdb ref
- 12:15 am Metasploit Framework Revision 10077: refactor
- 12:13 am Metasploit Framework Revision 10076: missed this
- 12:09 am Metasploit Framework Revision 10075: add source code for javapayload, thanks mihi. see #406
- 12:04 am Metasploit Framework Revision 10074: and the bins. see #406
- 12:01 am Metasploit Framework Revision 10073: add preliminary support for the new java payloads. Working meterpreter and shell...
08/19/2010
- 11:57 pm Metasploit Framework Revision 10072: add a simple test exploit for using java payloads
- 04:55 pm Metasploit Framework Revision 10070: bring ranking down
- 04:52 pm Metasploit Framework Revision 10069: add exploit for sonicwall aventail activex format string
- 04:49 pm Metasploit Framework Support #2354: additional default password for root_userpass.txt
- someone may find this very useful?
Massive amount of default passes for routers and such.
[[http://www.phenoeli... - 04:22 pm Metasploit Framework Revision 10068: Ability to close consoles and discover old consoles.
- 04:19 pm Metasploit Framework Revision 10067: Don't overwrite source_id just because we don't have one.
- 04:02 pm Metasploit Framework Revision 10066: Do not poll for output on hidden windows. Improves performance with many windows ...
- 02:16 pm Metasploit Framework Bug #1604 (Closed): info command fails on generic payloads
- verified:...
- 02:14 pm Metasploit Framework Bug #2304 (Closed): msfgui: Exception during event dispatch Java bug
- closing.
- 02:13 pm Metasploit Framework Bug #2236 (Closed): job.info msfrpc call broken
- verified. to test:
* start msfconsole, run background job
* in the console, run msf > load xmlrpc Pass="whatever" ... - 02:08 pm Metasploit Framework Revision 10065: make exe template names more consistent
- 01:55 pm Metasploit Framework Feature #2430: Adding a few things to rex/proto/http/response
- Since using pre bombed for me miserably, attached is updated file.
- 01:55 pm Metasploit Framework Bug #2279 (Closed): problem handling validation leads to nil exception
- verified....
- 01:53 pm Metasploit Framework Feature #2430 (New): Adding a few things to rex/proto/http/response
- For use by later code that'll i will hopefully be submitting by end of week
Summary:
title - Search res.body for... - 01:53 pm Metasploit Framework Bug #2331 (Closed): getgui.rb missing quote (probably typo)
- verified....
- 01:49 pm Metasploit Framework Revision 10064: add amd64 dll pe template
- 01:49 pm Metasploit Framework Bug #1010 (Closed): unloading xmlrpc plugin leaves socket listening
- verified.
- 01:49 pm Metasploit Framework Revision 10063: add a 64-bit compile mode for pe/dll
- 01:47 pm Metasploit Framework Support #2354 (Closed): additional default password for root_userpass.txt
- verified.
- 01:46 pm Metasploit Framework Feature #589 (Closed): allow msfpayload functionality inside msfconsole
- Verified. Usage is as follows: ...
- 12:51 pm Metasploit Framework Revision 10062: Wrapping credential migration in a rescue to ensure it never fails; there are no ...
- 12:16 pm Metasploit Framework Bug #2266 (Closed): multi/handler behaves strangely after yesterday's exploit exception fixes
OKI:...- 12:14 pm Metasploit Framework Bug #2267 (Closed): job_id unexpectedly hangs around after job termination
verified:
should_error.msfrc:...- 12:07 pm Metasploit Framework Revision 10061: add dll output to msfencode, refactor some junk
- 12:06 pm Metasploit Framework Bug #2330 (Closed): Fix meterpreter option typo
- verified.
- 12:04 pm Metasploit Framework Bug #2310 (Closed): ms08_067_netapi and some others exploit does nor wotk since rev9914
- ...
- 12:03 pm Metasploit Framework Bug #2342 (Closed): multicommand.rb meterpreter script error
- verified working.
- 12:00 pm Metasploit Framework Support #2353 (Closed): correction vuln_versions for nginx_source_disclosure.rb
- verified.
- 11:44 am Metasploit Framework Revision 10060: whitespace fixes
- 11:40 am Metasploit Framework Bug #2429: error 7022 when creating process w/ incognito token
- a google search for http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=windows+error+7022 indicates it could be ...
- 11:34 am Metasploit Framework Bug #2429: error 7022 when creating process w/ incognito token
- i've tried to reproduce with the following
* windows 2003 DC, Windows 7 client - everything works as expected
* win... - 11:31 am Metasploit Framework Revision 10059: add support for generating dlls with msfpayload, thanks to an anonymous contributor
- 11:31 am Metasploit Framework Bug #2429 (New): error 7022 when creating process w/ incognito token
- there's been at least one report of an error when using a token while creating a process.
to reproduce:... - 10:35 am Metasploit Framework Revision 10058: See #2412. Migrates existing auth.* notes to the new Creds table. Anything unexpe...
- 10:17 am Metasploit Framework Bug #2428 (New): ftp_pre_post.rb fuzzer not able to fuzz ftp servers on windows platforms
- While trying my teeth on an ftp server running on WinXP, I found that ftp_pre_post.rb fuzzer was not able to fuzz it ...
- 10:08 am Metasploit Framework Revision 10057: add a Jar class to Rex::Zip
- 10:04 am Metasploit Framework Revision 10056: less verbose Entry#inspect
- 07:41 am Metasploit Framework Bug #2427: winenum meterpreter scripts incorrectly detects windows 7
- If this function call fails :
open_key = @client.sys.registry.open_key(root_key, base_key, K... - 04:37 am Metasploit Framework Revision 10055: Add meterpreter client side support for cleaning up loaded extensions upon server...
- 04:35 am Metasploit Framework Revision 10054: ...and the bins
- 04:34 am Metasploit Framework Revision 10053: Add meterpreter server side support for cleaning up loaded extensions upon server...
- 04:25 am Metasploit Framework Revision 10052: Add a list_shift() function to the common linked list code.
- 03:26 am Metasploit Framework Bug #507: dns_enum gives error about undefined address method (2)
- Today I've tested the module again, but it doesn't work as expected. I don't get the error above anymore, but the mod...
08/18/2010
- 05:36 pm Metasploit Framework Feature #1547 (Closed): specified scripts/meterperter/credcollect helpmessage
- 05:10 pm Metasploit Framework Bug #1604 (Resolved): info command fails on generic payloads
- Applied in changeset r10051.
- 05:10 pm Metasploit Framework Revision 10051: rescue NoCompatiblePayloadError inside size method, fixes #1604
- 05:07 pm Metasploit Framework Bug #1604: info command fails on generic payloads
- ...
- 05:01 pm Metasploit Framework Bug #1705: TikiWiki information disclosure module fails to parse username/password against vulner...
- Jon, try to repro this again after r10046 plz.
- 04:57 pm Metasploit Framework Bug #1895 (Assigned): Debian distro sqlite3 drivers
- Did you use the .bin installer from our website?
- 04:55 pm Metasploit Framework Bug #1922 (Resolved): HTTP packet.rb doesn't treat responses and requests separately per rfc2616
- This got fixed today with r10046 as part of #2396.
- 04:52 pm Metasploit Framework Bug #1982: Backgrounded sessions have no output handle
- I guess this is still open. We should probably create some kind of buffer driver that will print the stuff logged whi...
- 04:39 pm Metasploit Framework Feature #2305 (Closed): route didnt yet work as expected
- Closing as dupe of #1396
- 04:36 pm Metasploit Framework Bug #2313 (Closed): db_autopwn Waiting
- 04:35 pm Metasploit Framework Bug #2329 (Resolved): PXE module
- Applied in changeset r10049.
- 04:35 pm Metasploit Framework Revision 10049: remove client ip send, remove puts lines, fixes #2329
- 04:20 pm Metasploit Framework Bug #2352 (Resolved): browser_autopwn breaks with "Exception handling request: wrong number of ar...
- Applied in changeset r10048.
- 04:20 pm Metasploit Framework Revision 10048: add args to call, fixes #2352
- 04:15 pm Metasploit Framework Bug #2424 (Closed): ms10_046_shortcut_icon_dllloader does not deliver exploit!
- 04:10 pm Metasploit Framework Support #2354 (Resolved): additional default password for root_userpass.txt
- Applied in changeset r10047.
- 04:09 pm Metasploit Framework Revision 10047: add addtl root passwords from xanda, fixes #2354
- 04:08 pm Metasploit Framework Bug #2427: winenum meterpreter scripts incorrectly detects windows 7
- I handled the regex, as well as removed a duplicate call to sysinfo, in r10046. I didn't encounter the exception that...
- 04:06 pm Metasploit Framework Support #2354: additional default password for root_userpass.txt
- Oops, r10046 was for #2427, my bad.
- 04:05 pm Metasploit Framework Revision 10046: fix regex and remove extra call to sysinfo, see #2354
- 03:48 pm Metasploit Framework Bug #2427 (New): winenum meterpreter scripts incorrectly detects windows 7
- Hello,
on some systems, the winenum script fails.
if winversion['OS']=~ /(Vista|7)/
incorrectly detects so... - 03:45 pm Metasploit Framework Bug #2396 (Resolved): Bug with HTTP Client/Response Parsing on 200 Document follows
- After some fun playing around, I managed to nail this one *crossing-fingers*
r10045 contains the fix. - 03:43 pm Metasploit Framework Support #2426: unit tests for http client/server need revisiting
- I'm attaching my test scripts for client/server side of the fix for #2396 here.
- 03:42 pm Metasploit Framework Support #2426 (Assigned): unit tests for http client/server need revisiting
- I looked around for an HTTP protocol compliance test app but wasn't successful in locating one. Maybe someone else kn...
- 03:41 pm Metasploit Framework Revision 10045: read responses until EOF per RFC
- 03:36 pm Metasploit Framework Revision 10044: fix this unit test
- 02:27 pm Metasploit Framework Feature #2389 (Closed): XMLRPC Db Integration
- Fixed in r10043.
- 02:26 pm Metasploit Framework Revision 10043: add database access to rpc. thanks Ryan Linn for the patch\!
- 01:38 pm Metasploit Framework Feature #406: Full Java Payload Support
- As discussed yesterday with James Lee on IRC, here is a special java payload version for Metasploit: One single Paylo...
- 01:01 pm Metasploit Framework Bug #2341 (Resolved): transaction id generation in bailiwicked_host, bailiwicked_domain
- Applied in changeset r10042.
- 01:01 pm Metasploit Framework Revision 10042: regen payload after updating req.id, fixes #2341
- 12:18 pm Metasploit Framework Revision 10041: See #2412. Fixes the meterpreter script credcollect.rb and the plugin db_credcoll...
- 10:27 am Metasploit Framework Bug #2424: ms10_046_shortcut_icon_dllloader does not deliver exploit!
- There is no "samba service" here. This module implements a WebDav service which must be on port 80.
If the client ... - 10:24 am Metasploit Framework Revision 10040: remove custom function in favor of new NO RECV flags to smb client methods
- 10:21 am Metasploit Framework Revision 10039: indicate not to attempt to read a resposne
- 10:21 am Metasploit Framework Revision 10038: add a NO RECV flag to the client call function
- 10:20 am Metasploit Framework Revision 10037: add a flag indication not to recv to various smb/client methods
- 05:09 am Metasploit Framework Bug #2424 (Closed): ms10_046_shortcut_icon_dllloader does not deliver exploit!
- =[ metasploit v3.4.2-dev [core:3.4 api:1.0]
+ -- --=[ 577 exploits - 296 auxiliary
+ -- --=[ 212 payloads - ... - 03:46 am Metasploit Framework Support #2405 (Closed): if ms09_004 requires credentials the username/password should not be opti...
- 03:46 am Metasploit Framework Support #2405: if ms09_004 requires credentials the username/password should not be optional
- yes thanks jduck!
- 03:19 am Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- Re-attaching the two patches mentioned earlier.
I have gotten the android libc (bionic) up and running for experi...
08/17/2010
- 09:39 pm Metasploit Framework Revision 10036: add update_checksum, size, and length methods
- 08:54 pm Metasploit Framework Bug #2418: Complete support for the POSIX Meterpreter
- philip, Whatever you want to do here is great ok by us. We would all definitely like to see this come to fruition aft...
- 08:51 pm Metasploit Framework Bug #2418 (Assigned): Complete support for the POSIX Meterpreter
- NOTE: This was originally bug #300, but I screwed up and deleted it. :((
Added by HD Moore 12 months ago. Updated le... - 08:27 pm Metasploit Framework Support #2405 (Assigned): if ms09_004 requires credentials the username/password should not be op...
- From lib/msf/core/exploit/mssql.rb -...
- 08:26 pm Metasploit Framework Revision 10035: add note about authentication to module description, see #2405
- 08:22 pm Metasploit Framework Feature #2417 (New): Revamp PeParsey to allow writing changes back to disk easily
- Currently, the only way to modify the file is rather manual and hackish. Ideally there would be a nice way to modify ...
- 06:39 pm Metasploit Framework Feature #2412: Create a Creds table for credentials
- db_credcollect plugin is probably quite broken, but I'm still figuring out if it's been obviated completely by db_cre...
- 05:58 pm Metasploit Framework Feature #2412 (Resolved): Create a Creds table for credentials
- Applied in changeset r10034.
- 05:58 pm Metasploit Framework Revision 10034: Fixes #2412. Adds a creds table, modifies the db_report_auth API, adds the db_cre...
- 05:56 pm Metasploit Framework Feature #2412 (Resolved): Create a Creds table for credentials
- Notes kind of suck.
- 05:30 pm Metasploit Framework Revision 10033: Add console support to gui. Includes tab completion.
- 05:07 pm Metasploit Framework Revision 10032: Default to user.admin = true
- 04:46 pm Metasploit Framework Revision 10030: Update db schema to add user.admin and project_membership table.
- 03:57 pm Metasploit Framework Revision 10029: reduce verbosity for printed exceptions when processing on_request
- 03:53 pm Metasploit Framework Revision 10028: Add the console api to xmlrpc
- 11:04 am Metasploit Framework Revision 10026: express rpc sample
- 09:02 am Metasploit Framework Support #2405 (Closed): if ms09_004 requires credentials the username/password should not be opti...
- since ms09_004_sp_replwritetovarbin requires valid credentials the username/password options should NOT be optional.
...
08/16/2010
- 07:01 pm Metasploit Framework Bug #2403 (New): Meterpreter run command Auto complete
- I think I have found a issue, the meterpreter "run" command tab completes on the framework_dir/scripts directory but ...
- 06:35 pm Metasploit Framework Revision 10024: add ws2ord payload compat
- 12:22 pm Metasploit Framework Bug #2292: Allow loading plugins from rpc
- i wrote a basic one with 3 functions
plugin.load
plugin.unload
plugin.loaded
load takes 3 args: token, plugin... - 10:13 am Metasploit Framework Revision 10023: Remove the 10,000 banner
- 10:12 am Metasploit Framework Revision 10022: style compliance fixes
- 10:11 am Metasploit Framework Revision 10021: add two more cisco spoofing modules from Spencer
- 09:34 am Metasploit Framework Revision 10020: allow multi/handler to work with java
08/14/2010
- 03:04 pm Metasploit Framework Bug #2399 (Assigned): ruby/cygwin spit out fatal error messages when running external commands
- The environment was win7 / x64 with the 3.4.1-framework.exe installer.
I was running as a normal user (which ended... - 02:37 pm Metasploit Framework Revision 10019: typo fixes, thanks enaqx
- 01:52 pm Metasploit Framework Revision 10018: un-break the tree! *facepalm* -- see #2398
- 01:45 pm Metasploit Framework Feature #2398: Ability to specify a template exe for .to_win32_service similar to .to_win32pe
- erm, reference fail in the commit message, see also r10016
- 01:43 pm Metasploit Framework Feature #2398 (Resolved): Ability to specify a template exe for .to_win32_service similar to .to_...
- Applied in changeset r10017.
- 01:43 pm Metasploit Framework Revision 10017: change existing to_win*pe_service uses to pass a hash instead of a string, r10016...
- 01:40 pm Metasploit Framework Revision 10016: change remaining methods to take an opts hash and allow template override for them
- 01:21 pm Metasploit Framework Revision 10015: fix port bug, add diff from sj, see #2329
- 01:18 pm Metasploit Framework Feature #2398 (Resolved): Ability to specify a template exe for .to_win32_service similar to .to_...
- entered at jduck's request
when generating a payload with .to_win32pe(framework, code, opts={}) you can use opts to ... - 11:19 am Metasploit Framework Bug #2329: PXE module
- DHCP requests are sent from port 68 to 67, and replies from 67 to 68, (RFC 1531) so the send_packet should be sending...
08/13/2010
- 11:47 pm Metasploit Framework Revision 10014: stop leaking sockets/jobs when using rerun on aux modules
- 11:42 pm Metasploit Framework Revision 10013: a few minor cleanups
- 09:58 pm Metasploit Framework Revision 10012: fix problem with unclosed sockets
- 04:11 pm Metasploit Framework Revision 10011: add exploit for cve-2010-1799
- 04:11 pm Metasploit Framework Revision 10010: style compliance fixes
- 01:02 pm Metasploit Framework Revision 10009: wtf copy/paste fail :/
- 01:00 pm Metasploit Framework Revision 10008: oops, should be able to load from a file - lab_load_file [labdef] works properly now
- 12:46 pm Metasploit Framework Revision 10007: check the os before adding output redirection to commands
- 12:17 pm Metasploit Framework Bug #2396: Bug with HTTP Client/Response Parsing on 200 Document follows
- So I jumped down that rabbit hole...wow it was deep. I think the problem is with get_once in around line 345 of lib/...
- 10:24 am Metasploit Framework Revision 10006: change the timeout to something sane
- 09:55 am Metasploit Framework Revision 10005: tagged id / rev - slight mods to editor
- 09:54 am Metasploit Framework Revision 10004: tagging id / rev
- 09:10 am Metasploit Framework Revision 10000: 10,000
- 09:10 am Metasploit Framework Revision 9999: Cosmetic
- 09:10 am Metasploit Framework Revision 9998: Cosmetic
- 09:09 am Metasploit Framework Revision 9997: add a list chunk function
- 09:01 am Metasploit Framework Bug #2396: Bug with HTTP Client/Response Parsing on 200 Document follows
- Just a note, we are severely lacking in the existence of tests for our http server. There are definitely cases it wil...
- 08:02 am Metasploit Framework Bug #2396: Bug with HTTP Client/Response Parsing on 200 Document follows
- The HTTP client has to guess a bit when there is not HTTP content-length in the reply
- 07:53 am Metasploit Framework Bug #2396 (Resolved): Bug with HTTP Client/Response Parsing on 200 Document follows
- code sample (modules/auxiliary/scanner/http/test.rb)...
- 04:45 am Metasploit Framework Revision 9995: will show help if wrong option given
- 04:38 am Metasploit Framework Bug #2394 (Closed): multicommand.rb does not give error message on wrong switches
- Fixed in 9994
- 04:38 am Metasploit Framework Revision 9994: Fix for #2394
08/12/2010
- 11:36 pm Metasploit Framework Bug #2394: multicommand.rb does not give error message on wrong switches
- kicking to carlos for now. proposed patch attached.
- 11:20 pm Metasploit Framework Bug #2394 (Closed): multicommand.rb does not give error message on wrong switches
- Just some feedback, when the correct syntax is used for multicommand.rb is used, it runs fine. When the wrong switch...
- 11:12 pm Metasploit Framework Revision 9993: added validation for the meterpreter route command - thanks robin for pointing it out
- 11:11 pm Metasploit Framework Revision 9992: added validation for the route command - thanks robin wood
- 08:25 pm Metasploit Framework Revision 9991: merge tftp.diff from scriptjunkie, see #2329
- 08:11 pm Metasploit Framework Revision 9990: merge dhcp.diif from scriptjunkie, see #2329
- 07:24 pm Metasploit Framework Revision 9989: Josh Wright SSID List Beacon module
- 05:34 pm Metasploit Framework Revision 9988: Thanks to Robin Wood for pointing out problems with the script, quick fix, will be...
- 04:28 pm Metasploit Framework Bug #2329: PXE module
- pxelinux begins a TFTP download by sending an ack for block 0. If we send an error in response, the boot will fail. I...
- 11:08 am Metasploit Framework Feature #2391 (Closed): meterpreter script to list mapped drivers
- mtgarden: ok, so once the exploit is run, I can utilize two commands: run migrate explorer.exe & run get_env
mtgarde... - 09:56 am Metasploit Framework Revision 9984: move riff support from ani_loadimage browser sploit to mixin
- 09:45 am Metasploit Framework Revision 9983: randomize triggers a bit
- 08:00 am Metasploit Framework Revision 9981: Create a new mixin that changes SMBUser/SMBPass to normal options, include this mi...
- 07:45 am Metasploit Framework Revision 9980: Patch from Robin Wood
08/11/2010
- 04:44 pm Metasploit Framework Support #2350 (Rejected): I can update my frame work
- 04:44 pm Metasploit Framework Support #2350: I can update my frame work
- Tell subversion to trust it. Reading the documentation is helpful. Also, google.
Reproduced from http://www.meta... - 04:39 pm Metasploit Framework Support #2351 (Rejected): udating problem
- dup of #2350
- 04:36 pm Metasploit Framework Support #2379 (Rejected): Download_exec Need help
- You need a vulnerability scanner, not metasploit.
- 03:07 pm Metasploit Framework Revision 9979: comment trigger value, remove loop and debug print, add little wait
- 02:33 pm Metasploit Framework Feature #2391 (Closed): meterpreter script to list mapped drivers
- would be handy for further exploitation. migrate to user process, run a net use. novell may require special interacti...
- 01:52 pm Metasploit Framework Feature #2389 (Closed): XMLRPC Db Integration
- This should allow for xmlrpc to surface db queries. Initial basic supported stuff is import_* (import_file is inplac...
- 12:54 pm Metasploit Framework Revision 9978: add DoS trigger for MS10-054
08/10/2010
- 01:45 pm Metasploit Framework Revision 9977: add osvdb ref
- 08:44 am Metasploit Framework Support #2379 (Rejected): Download_exec Need help
- Hey
i want to upload files and execute them on my other pc .. i'm having a problem i'm scanning my ip found open po... - 03:38 am Metasploit Framework Bug #2361: db_autopwn dos not work
- Tiago Ferreira you also gave problems when working with end Waiting...? Example:
http://www.metasploit.com/redmine...
08/09/2010
- 03:06 pm Metasploit Framework Revision 9976: Example script for generating a vxworks password hash
- 10:49 am Metasploit Framework Revision 9975: stupid missing files. /me grumbles
- 10:35 am Metasploit Framework Support #2353 (Resolved): correction vuln_versions for nginx_source_disclosure.rb
- Applied in changeset r9974.
- 10:34 am Metasploit Framework Revision 9974: fix up vuln version info, fixes #2353
- 10:32 am Metasploit Framework Support #2353: correction vuln_versions for nginx_source_disclosure.rb
- Unfortunately, there is a conflict between the module, what you provided, and the following external references:
h... - 10:23 am Metasploit Framework Bug #2361 (New): db_autopwn dos not work
- When i run the db_autopwn the following error message appears:...
- 09:18 am Metasploit Framework Revision 9973: i swear i added this before.
- 05:20 am Metasploit Framework Support #2354 (Closed): additional default password for root_userpass.txt
- http://www.metasploit.com/redmine/projects/framework/repository/entry/data/wordlists/root_userpass.txt
additional ... - 04:40 am Metasploit Framework Support #2353 (Closed): correction vuln_versions for nginx_source_disclosure.rb
- http://www.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/scanner/http/nginx_source_dis...
08/08/2010
- 08:13 pm Metasploit Framework Support #2351: udating problem
- same issues with #2350
http://www.metasploit.com/redmine/issues/2350
solution:
svn co http://metasploit.com/... - 08:12 pm Metasploit Framework Support #2350: I can update my frame work
- hurm...
svn co http://metasploit.com/svn/framework3/trunk/ ./ - 06:37 pm Metasploit Framework Bug #2352 (Resolved): browser_autopwn breaks with "Exception handling request: wrong number of ar...
- [*] Request '/employee_portal' from 10.10.10.10:50082
[*] Request '/employee_portal?ns=1' from 10.10.10.10:50082
[*... - 05:53 pm Metasploit Framework Support #2351 (Rejected): udating problem
- when i try to update is tell me Server certificate verification failed: issuer is not trusted .hlep me please.
- 05:51 pm Metasploit Framework Support #2350 (Rejected): I can update my frame work
- when issue the svn update command it tells me Server certificate verification failed: issuer is not trusted .plz help...
- 02:59 am Metasploit Framework Bug #2314: db_autopwn Waiting...
- Any news?
08/07/2010
- 05:03 pm Metasploit Framework Revision 9972: Apply patch provided by Michael Messner to localize for German systems.
- 05:45 am Metasploit Framework Feature #2104: Add "missing" features from meta-phish to exploit/multi/browser/java_signed_applet
- After some minor additional thought, I figured out to call java_signed_applet from within an iframe in the intended t...
08/06/2010
- 11:59 pm Metasploit Framework Revision 9971: split http exploit mixin into http/server and http/client
- 11:45 pm Metasploit Framework Revision 9970: merge cleanup.diff from scriptjunkie, rewrote set_option, see #2329
- 10:57 pm Metasploit Framework Revision 9969: remove rails dependency from module.replicant
- 08:39 pm Metasploit Framework Bug #2343 (Closed): Packetrecorder broken ?
- you are giving it the wrong value, you should give it the interface ID not the IP, normaly this would be the ID 1 on ...
- 07:46 pm Metasploit Framework Bug #2329: PXE module
- This should be a little prettier. Also fixes a constructor bug of not defining last_ip
- 05:51 pm Metasploit Framework Revision 9968: add osvdb ref
- 04:16 pm Metasploit Framework Revision 9967: update from dookie.
- 01:16 pm Metasploit Framework Bug #2348: Incorrect URI string in efs_easychatserver_username.rb
- updated with Brennon's fix.
- 01:12 pm Metasploit Framework Revision 9966: fix from Brennon Thomas.
- 01:09 pm Metasploit Framework Revision 9965: add wm downloader exploit from dookie
- 12:43 pm Metasploit Framework Revision 9964: oops, add updateX data files, see #2329
- 10:39 am Metasploit Framework Bug #2329 (Assigned): PXE module
- sj, this is almost finished. the only thing I'm holding off closing this ticket for is the hardcoded stuff in the dhc...
- 10:37 am Metasploit Framework Revision 9963: add dhcp/pxe stuff from scriptjunkie, see #2329
- 10:21 am Metasploit Framework Revision 9962: add support for various options
- 09:14 am Metasploit Framework Bug #2348 (New): Incorrect URI string in efs_easychatserver_username.rb
- Changed uri variable in modules/exploits/windows/http/efs_easychatserver_username.rb from:
uri = "/chat.ghp?userna... - 08:45 am Metasploit Framework Revision 9961: make sure it saves logs to proper folder
- 07:43 am Metasploit Framework Bug #2346 (New): Rex unit tests failing
- Rex unit tests are currently passing only 66% - some of this is due to methods that have been moved, but the majority...
- 07:38 am Metasploit Framework Feature #2345 (New): Create a Word and Excel based embedded payload module
- Since this is currently a manual process it would be nice to have this ability in module form, possibly allowing a in...
- 07:36 am Metasploit Framework Bug #2344 (New): VBA import into Word 2007 not working
- an "Unexpected Error" occurs in some instances and simple just doesn't do anything in others.
- 05:21 am Metasploit Framework Bug #2343 (Closed): Packetrecorder broken ?
- =[ metasploit v3.4.2-dev [core:3.4 api:1.0]
+ -- --=[ 576 exploits - 290 auxiliary
+ -- --=[ 212 payloads - ...
08/05/2010
- 11:52 pm Metasploit Framework Bug #2341: transaction id generation in bailiwicked_host, bailiwicked_domain
- I would argue with "a lot" : the inner loop is typically 2-3 cycles ( the nr. of nameservers),
but that is just spli... - 06:09 pm Metasploit Framework Bug #2342 (Resolved): multicommand.rb meterpreter script error
- Applied in changeset r9960.
- 06:09 pm Metasploit Framework Revision 9960: fixes #2342
- 06:06 pm Metasploit Framework Bug #2341: transaction id generation in bailiwicked_host, bailiwicked_domain
- moving it into the inner loop is likely to slow things down alot. if it is moved, it should probably be moved right a...
- 03:08 pm Metasploit Framework Bug #2342 (Closed): multicommand.rb meterpreter script error
- Hello,
There is an error in the multicommand.rb meterpreter script at line 70. It reads:
when "-c"
but shou... - 06:20 am Metasploit Framework Bug #2341 (Resolved): transaction id generation in bailiwicked_host, bailiwicked_domain
- Dear Sirs,
I run across a piece of code in the above-mentioned modules I believe is buggy.
In bailiwicked_domain...
08/04/2010
- 07:24 pm Metasploit Framework Revision 9959: add -n (disable database) option for msfconsole, gives 33% startup time reduction
- 07:23 pm Metasploit Framework Revision 9958: uniq-ify class names
- 02:21 pm Metasploit Framework Revision 9957: add osvdb ref
Also available in: Atom