Activity

From 04/26/2012 to 05/25/2012

05/24/2012

11:22 pm Metasploit Framework Feature #403 (Rejected): Binary (nix/win) building of modules (not just exploits): This basically requires a ruby -> arbitrary executable format compiler. While that may be a cool thing to have, I th... James Lee
09:43 pm Metasploit Framework Feature #403 (Assigned): Binary (nix/win) building of modules (not just exploits): while I think the powershell stuff is great, it does nothing to resolve this ticket. Rob Fuller
06:10 pm Metasploit Framework Revision 7c85a279: Whitespace cleanup: James Lee
05:53 pm Unstable Modules Bug #6915 (New): Error getting session listmsfgui.MsfException: error in call: null: I am having a problem using metsaploit. i get this error when i start metasploit "Error getting session listmsfgui.Ms... james frank
05:28 pm Metasploit Framework Revision 5bf97387: Space at EOF cleanup: James Lee
04:50 pm Metasploit Framework Bug #5445 (Rejected): store_loot fails when running with database disabled (-n): Works for me with -n... James Lee
03:48 pm Unstable Modules Bug #6913 (New): Error getting session listmsfgui.MsfException: error in call: null: I am having a problem using armitage and metsaploit. i get this error when i start metasploit "Error getting session ... james frank
03:33 pm Metasploit Framework Bug #3962 (Resolved): linux/x86/meterpreter can't drop to shell: Channels are still not working correctly due to some threading issues (see #6825 and #6414), but I don't think the is... James Lee
03:31 pm Metasploit Framework Feature #4905: Make meterpreter capabilities queryable: Only thing this is missing now is core_* commands. James Lee
02:31 pm Unstable Modules Bug #6912 (New): Error getting session listmsfgui.MsfException: error in call: null: I am having a problem using armitage and metsaploit. i get this error when i start metasploit "Error getting session ... james frank
11:43 am Metasploit Framework Revision e8850178: Make sure state is initialized: Fixes a stack trace when the xml has osmatch before osclass. Thanks Sean
Carolan for the report! James Lee
11:16 am Metasploit Framework Revision 2a24b143: Merge pull request #416 from jvazquez-r7/flexnet_lmgrd_bof_rand_text: flexnet_lmgrd_bof rand_text fix sinn3r .
11:02 am Metasploit Framework Revision f7224ab3: flexnet_lmgrd_bof rand_text fix: Juan Vazquez
10:11 am Metasploit Framework Revision 0ecffd22: Make domain option requirement more clear: Tod Beardsley
02:23 am Metasploit Framework Feature #6827 (Resolved): "RuggedCom Telnet Password Generator" Module: This module is now in the framework, thanks:
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxi... sinn3r .
02:20 am Metasploit Framework Feature #6894: Possible improvement inIomega StorCenter Pro NAS Web Authentication Bypass: Applied in changeset commit:c606896122a4946b77409adb3ba81cc779badc32 sinn3r .
02:16 am Metasploit Framework Revision c6068961: Multiple fixes and improvements:: * Make session ID configurable based on feature #6894's suggestion.
* Fix a potential bug when res is nil.
* Use prin... sinn3r
02:06 am Metasploit Framework Feature #6894: Possible improvement inIomega StorCenter Pro NAS Web Authentication Bypass: That's pretty high. Don't really hava box for testing, but I'll just turn that into something configurable. sinn3r .
12:27 am Metasploit Framework Revision 50045151: Resolved conflicts merging back from release: Merge branch 'release'
Conflicts:
lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
modules/exploits/windows/... Tod Beardsley

05/23/2012

08:41 pm Metasploit Framework Bug #4400 (Resolved): postgres_readfile not saving output: See commit:101abb45a1ead1ea3299db558e413b7be94728e2 sinn3r .
08:38 pm Metasploit Framework Revision 101abb45: Merge branch 'bug/4400-postgres-store-loot' of https://github.com/jlee-r7/meta...: sinn3r
07:07 pm Metasploit Framework Revision 22601180: Save the pilfered file as loot: James Lee
06:34 pm Metasploit Framework Revision ac0d2245: Merge pull request #414 from wchen-r7/apprain: Add CVE-2012-1153 sinn3r .
06:33 pm Metasploit Framework Revision 8d837f5d: Module description update. TARGETURI description update.: sinn3r
05:50 pm Metasploit Framework Revision fab3bfce: Add CVE-2012-1153: sinn3r
03:47 pm Metasploit Framework Bug #6902: Post modules do not display References: Applied in changeset commit:3bd0276ab3a6082e47d924b5627a91ebe812d44d. James Lee
03:47 pm Metasploit Framework Feature #403 (Resolved): Binary (nix/win) building of modules (not just exploits): Applied in changeset commit:125aa43072a95e083082c9ea88caea4685c490ee. Boris Lukashev
03:47 pm Metasploit Framework Bug #6889: NameError uninitialized constant Msf::Post::Unix: Applied in changeset commit:3a4a61da800ea137f4dbcdecfaebb3232a191fb8. James Lee
03:44 pm Metasploit Framework Bug #6525: Meterpreter ipconfig command reports wrong netmask, breaks session_host logic: Applied in changeset commit:42719ab34bb9ca51d2cd623777662fc2253857f1. James Lee
03:42 pm Metasploit Framework Bug #6860 (Resolved): wrong version in firefox detected by lib/rex/exploitation/javascriptosdetec...: Applied in changeset commit:4acb627d13c719703166e6b41480d6f5872b27a1. James Lee
03:42 pm Metasploit Framework Bug #6843: undefined local variable or method `framework' in TFTP's client.rb: Applied in changeset commit:36c805c5ffae730991033fb713c06b5ee44725e2. Tod Beardsley
12:18 pm Metasploit Framework Revision f9886223: Merge pull request #413 from jlee-r7/bug/6893-sniffer-linktype: Default to ethernet if the server doesn't specify sinn3r .
11:06 am Metasploit Framework Revision dc08bc33: Default to ethernet if the server doesn't specify: Still need to recompile sniffer, but this will fix the immediate problem
of stack traces and failing to save the pcap. James Lee
10:27 am Metasploit Framework Revision 0b7b71e2: Correct run-on sentence: sinn3r
10:22 am Metasploit Framework Revision 94f114b6: Fix typos: sinn3r
10:20 am Metasploit Framework Revision 7a4f1a11: Merge branch 'cve-2008-0320_openoffice_bof' of https://github.com/jvazquez-r7/...: sinn3r
10:17 am Metasploit Framework Bug #6414: [POSIX Meterpreter] Backgrounding an interactive channel hoses the session: I'm pretty sure #6825 has the same root cause James Lee
10:15 am Metasploit Framework Bug #6645 (Resolved): db_export stack trace....: James Lee
10:14 am Metasploit Framework Revision 287d68f3: added module for CVE-2008-0320: Juan Vazquez

05/22/2012

04:11 pm Metasploit Framework Bug #6147: Module synflood Argument INTERFACE: ArgumentError interface must be a string. svn upda...: Same problem here with Fedora 16 and auxiliary/spoof/nbns/nbns_response @ metasploit v4.4.0-dev / svn r15311
Ess Weh
03:23 pm Metasploit Framework Revision bf0f5a7e: Merge pull request #410 from jjarmoc/ZDI-12-052-ref: Added reference to vendor advisory sinn3r .
02:12 pm Metasploit Framework Revision a37e98f1: Updating release from master.: Tod Beardsley
01:57 pm Metasploit Framework Bug #6905 (Resolved): ssh_login NoSuchMethodError: Fixed in "e97994fddeb420702c4f1d104b3340742c1744bf":https://github.com/rapid7/metasploit-framework/commit/e97994fddeb... James Lee
01:49 pm Metasploit Framework Revision e97994fd: Make sure matches is set: Fixes a nil issue introduced by 17943c7 James Lee
01:22 pm Metasploit Framework Revision c4b64a51: Added reference to vendor advisory: Jeff Jarmoc
12:55 pm Metasploit Framework Bug #6905 (Resolved): ssh_login NoSuchMethodError: Revision: 15322
=[ metasploit v4.4.0-dev [core:4.4 api:1.0]
+ -- --=[ 852 exploits - 475 auxiliary - 144 p... Raphael Mudge
11:44 am Metasploit Framework Revision 0c1d736f: Hrm, out-of-order commits: Looks like my cherry-pick'ing fu hosed the previous commits and somehow
left two copies of dump_references. James Lee
11:27 am Metasploit Framework Bug #6902 (Resolved): Post modules do not display References: Fixed in https://github.com/rapid7/metasploit-framework/pull/409 , landed as https://github.com/rapid7/metasploit-fra... Tod Beardsley
11:25 am Metasploit Framework Revision 3bd0276a: Add references to info output for post modules: [Fixes #6902] [Closes #409]
Squashed commit of the following:
commit e29bf83196e39853d12b58d77db1ffdb26fbb6eb
Autho... James Lee
11:17 am Metasploit Framework Revision 87ce3fe2: Adding extra ref from jjarmoc: Tod Beardsley
10:55 am Metasploit Framework Bug #6902 (Resolved): Post modules do not display References: This is causing snarky commit messages like this one:
https://github.com/rapid7/metasploit-framework/commit/c9604d... Tod Beardsley
10:52 am Metasploit Framework Revision c9604d89: Add an invisible reference: sinn3r
09:12 am Metasploit Framework Feature #6901 (New): rhosts and vhost: I sent this to the list and Tod B mentioned it wasn't a reported issue so figured I'd add it here as a feature reques... Robin Wood
03:11 am Metasploit Framework Revision d9ab464d: A very quick update to the title.: sinn3r
03:06 am Metasploit Framework Revision c9aa057b: Merge pull request #407 from wchen-r7/osx_voice: OSX Text-to-Speech tool sinn3r .
03:04 am Metasploit Framework Revision c43ef8b5: Merge pull request #406 from jvazquez-r7/lmgrd_bof_randomization: randomization when possible for flexnet_lmgrd_bof sinn3r .
03:03 am Metasploit Framework Revision ca08e225: Add OSX Text-to-Speech tool: sinn3r
01:49 am Metasploit Framework Revision 5cc98b7d: Import NSE script output as notes: HD Moore
01:32 am Metasploit Framework Revision c823e809: randomization when possible for flexnet_lmgrd_bof: Juan Vazquez

05/21/2012

04:32 pm Metasploit Framework Revision cafe8032: Fix typos: sinn3r
04:32 pm Metasploit Framework Revision 72b1f113: Added module for ZDI-12-052: Juan Vazquez
04:29 pm Metasploit Framework Revision 915ba01b: Fix typos: sinn3r
04:28 pm Metasploit Framework Revision df85e4f5: Remove trailing comma: David Maloney
04:27 pm Metasploit Framework Revision e27fdfd5: Merge branch 'lmgrd_overflow' of https://github.com/jvazquez-r7/metasploit-fra...: sinn3r
04:24 pm Metasploit Framework Revision c8173b9f: Added module for ZDI-12-052: Juan Vazquez
04:09 pm Metasploit Framework Revision 0b41d0f7: Fixes an issue where mysql_payload would crash agaisnt: unsupported arch. Due to a bad var name
[Fixes #29957453] David Maloney
04:09 pm Metasploit Framework Revision 17943c7a: Makes it so we don't ever use local config files for Net::SSH: Also makes sure that the :config =>false option keeps
Net:SSH from meddling with knowns_hosts too David Maloney
04:09 pm Metasploit Framework Revision c386e1ce: Add an option to the schemadump modules to not display output to the: screen David Maloney
04:02 pm Metasploit Framework Bug #6825: [POSIX] Creating a second tcp channel fails: There's more to this. It looks like POSIX is not following the same scheduling API as Windows; by calling waitable r... James Lee
03:25 pm Metasploit Framework Revision 0be83dae: Replaces a dead link in HACKING: Tod Beardsley
02:50 pm Metasploit Framework Revision 77f95df1: Banner encoding fix when running against dd-wrt on ruby 1.9.3: Boris Lukashev
02:48 pm Metasploit Framework Revision 125aa430: PowerShell post module download and exec: This adds sempervictus's PowerShell post module, along with a default
post module one can use for quick testing (for ... Boris Lukashev
01:42 pm Metasploit Framework Revision d273a0e4: Check for the right method name: "stdapi_fs_rm" doesn't exist James Lee
01:28 pm Metasploit Framework Bug #6893: [HavePatch] Error: sniffer_dump: TypeError can't convert nil into Integer: Dear M M, you are awesome. Thank you for looking into this and responding so quickly! Raphael Mudge
12:33 pm Metasploit Framework Bug #6893: [HavePatch] Error: sniffer_dump: TypeError can't convert nil into Integer: Think I know what's happening :
ext_server_sniffer.dll was last commited 6 months ago which means it was not recom... M M
11:57 am Metasploit Framework Feature #6894 (New): Possible improvement inIomega StorCenter Pro NAS Web Authentication Bypass: i'm analizing a iomega server and i can bypass the login use values more greatter than 100 in the session_id. i think... daniel martinez
11:28 am Metasploit Framework Revision 4772c125: Removing hashcollision_dos module due to license violation: The description text is a copy-paste of
http://www.ocert.org/advisories/ocert-2011-003.html , which has a
specific cr... Tod Beardsley
11:27 am Metasploit Framework Revision 675dfe4e: Don't keep the weblogi return codes secret: Tod Beardsley
11:19 am Metasploit Framework Revision 1104dccd: Noting rhost/rport, cli.peerhost where appropriate: There's no msftidy check for this, and it's irritating to have to
remember to do this all the time. Tod Beardsley
11:14 am Metasploit Framework Revision 7cc90583: Consistent caps on SVG in batik_svg_java exploit: Also, modules should not refer to themselves as "I" or "me." It's
creepy. Tod Beardsley
11:11 am Metasploit Framework Revision 5dd866ed: Fixed print_status to include rhost:rport: Also don't let the failed user:pass be a mystery to the user. Tod Beardsley
11:06 am Metasploit Framework Revision eea20e77: Capitalization fixups on hashcollision_dos: Tod Beardsley
10:59 am Metasploit Framework Revision 1fc7597a: Msftidy fixes.: Fixed up activecollab_chat, batik_svg_java, and foxit_reader_launch
All whitespace fixes. Tod Beardsley
09:22 am Metasploit Framework Revision 37cdd438: Touching README, mostly to test commits: Tod Beardsley
09:20 am Metasploit Framework Feature #6864: New aux modules HP Printers: sinn3r . wrote:
> Thanks.
>
> What causes the server to return FILEERROR? What does 3 mean? Is there a manual o... Matteo Cantoni
08:34 am Metasploit Framework Bug #6893: [HavePatch] Error: sniffer_dump: TypeError can't convert nil into Integer: It's happening. The linktype is coming back as nil from Win32 meterpreter. I didn't look to figure out why. I won't d... Raphael Mudge
03:49 am Metasploit Framework Bug #6893: [HavePatch] Error: sniffer_dump: TypeError can't convert nil into Integer: Hum, that's strange as linktype is sent in linux and WIN32 sniffer extensions :
external/source/meterpreter/source... M M

05/20/2012

10:01 pm Metasploit Framework Revision 3f1a7293: Merge pull request #401 from rsmudge/armitage: Armitage 05.21.12 sinn3r .
09:54 pm Metasploit Framework Revision c14a3e65: Armitage 05.21.12: This release improves collaboration performance and fixes a few Windows specific issues. Raphael Mudge
08:58 pm Metasploit Framework Bug #6893: [HavePatch] Error: sniffer_dump: TypeError can't convert nil into Integer: Here's the value of the res dictionary after it comes back from meterpreter [sniffer.rb:129]
"Before changes {:pac... Raphael Mudge
08:45 pm Metasploit Framework Bug #6893: [HavePatch] Error: sniffer_dump: TypeError can't convert nil into Integer: To reproduce, make sure the pcap file you output to does not exist. This codepath does not trigger when the file exists. Raphael Mudge
08:33 pm Metasploit Framework Bug #6893 (New): [HavePatch] Error: sniffer_dump: TypeError can't convert nil into Integer: msf > version
Framework: 4.4.0-dev.15205
Console : 4.4.0-dev.15168
meterpreter > sysinfo
Computer : ACM... Raphael Mudge
06:43 pm Metasploit Framework Bug #6890 (New): MSF file handle leakage: I believe there is a file handle leak somewhere in shell session or general session management. The following tests s... Raphael Mudge
06:20 pm Metasploit Framework Feature #6748 (Rejected): adobe_pdf_embedded_exe exploit for Windows XP Spanish: Same as: http://dev.metasploit.com/redmine/issues/6855-- probably a dup to get our attention.
Rejected. sinn3r .
06:18 pm Metasploit Framework Bug #6879 (Resolved): Error when starting metasploit: Related to: http://dev.metasploit.com/redmine/issues/6889#change-29732
Already resolved. sinn3r .
09:58 am Metasploit Framework Revision 822e109b: Merge pull request #398 from wchen-r7/foxit_reader_launch: CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action BoF sinn3r .
09:58 am Metasploit Framework Revision 38dfd806: Merge pull request #400 from swtornio/master: add osvdb refs sinn3r .
07:13 am Metasploit Framework Revision ba2787df: add osvdb ref: Steve Tornio
07:13 am Metasploit Framework Revision c95a06e2: add osvdb ref: Steve Tornio

05/19/2012

04:14 pm Metasploit Framework Revision 628233d1: Merge pull request #399 from wchen-r7/hp_storageworks: Add HP StorageWorks VSA command execution vulnerability sinn3r .
02:53 pm Metasploit Framework Revision d8c3edd3: Add HP StorageWorks VSA command execution vulnerability: sinn3r
02:24 pm Metasploit Framework Feature #6784: Generic XSLT+Java and XSLT+PHP modules: Thanks, will check it out soon. sinn3r .
01:27 pm Metasploit Framework Bug #6889 (Resolved): NameError uninitialized constant Msf::Post::Unix: Redmine, y u no close from commit message?
Closed in commit:3a4a61da800ea137f4dbcdecfaebb3232a191fb8 https://githu... James Lee
12:44 pm Metasploit Framework Revision 3a4a61da: Add missing require for `msf/post/unix`: [Fixes #6889] James Lee
12:43 pm Metasploit Framework Bug #6889 (Resolved): NameError uninitialized constant Msf::Post::Unix: Ran an msfupdate and had a nice friendly message waiting for me:
[-] WARNING! The following modules could not be l... Raphael Mudge
02:24 am Metasploit Framework Revision f9bcb959: Correct EDB references: sinn3r
02:06 am Metasploit Framework Revision 964a6af4: Add Active Collab chat module PHP injection exploit, by mr_me: sinn3r

05/18/2012

05:32 pm Metasploit Framework Revision f6e9ae65: Merge pull request #397 from rapid7/normalize-memleak: Update MDM from upstream Tod Beardsley
05:24 pm Metasploit Framework Revision d5d285ae: Adding aczid's minimal exploit configurator: Note the syntax change, need to chase this down before pushing upstream
and make sure nobody's relying on that.... an... Aram Verstegen
05:12 pm Metasploit Framework Revision e4f80a1f: Francisco is the the one who found it according to advisory: sinn3r
04:44 pm Metasploit Framework Revision 48e96e75: Adding Powershell post module to unstable: Just so we don't lose it.
[See #251] Tod Beardsley
04:39 pm Metasploit Framework Revision 7811b0a3: Landing sempervictus's Powershell features: Adding the payload generator, but not the post module -- couldn't get a
satisfactory test out of the module (see the ... Tod Beardsley
01:42 pm Metasploit Framework Feature #6864: New aux modules HP Printers: Thanks.
What causes the server to return FILEERROR? What does 3 mean? Is there a manual or something I could read? sinn3r .
01:25 pm Metasploit Framework Revision 41aac751: Add CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action Buffer Overflow: This was added last year, but yanked due to some reliability issues.
bannedit gave me the updated version recently, a... sinn3r
12:04 pm Metasploit Framework Revision 373c174a: Updates MDM from upstream.: This pulls in a few recent changes to MDM. Tod Beardsley
11:25 am Metasploit Framework Revision 52183aa2: Unbreak the migrate command: The server is not returning the core_migrate command. This is a bandaid
to make migrate work again until that gets s... James Lee
11:21 am Metasploit Framework Revision fec2ec37: Squashed commit of the following:: commit fa9b2841cfcb7c833da5454f108f15ad229e6b75
Author: syndrowm <syndrowm@gmail.com>
Date: Mon Apr 2 17:00:59 2012... syndrowm
10:22 am Metasploit Framework Feature #6864: New aux modules HP Printers: sinn3r . wrote:
> Is it even a normal thing for the server to return an error?
Yes and in this specific case the ... Matteo Cantoni
10:06 am Metasploit Framework Feature #6864: New aux modules HP Printers: Is it even a normal thing for the server to return an error? sinn3r .
04:19 am Metasploit Framework Feature #6864: New aux modules HP Printers: sinn3r . wrote:
> Updated. Could you please test again?
Good, but in some cases (for example downloading a file ... Matteo Cantoni

05/17/2012

06:41 pm Metasploit Framework Revision b324d868: Squashed commit of the following:: commit fa9b2841cfcb7c833da5454f108f15ad229e6b75
Author: syndrowm <syndrowm@gmail.com>
Date: Mon Apr 2 17:00:59 2012... syndrowm
06:28 pm Metasploit Framework Revision d080a3ec: Merge branch 'bea_wl' of https://github.com/jvazquez-r7/metasploit-framework i...: sinn3r
06:23 pm Metasploit Framework Revision bedf0106: description modified: Juan Vazquez
06:13 pm Metasploit Framework Revision e7f5bf13: trying to improve bea weblogic connector bof: Juan Vazquez
06:01 pm Metasploit Framework Revision 6ff8c988: Don't do getpid checks if it's not implemented: Important for java, which has get_processes, but not getpid James Lee
05:51 pm Metasploit Framework Revision 2197332c: Add a test for listing processes: James Lee
03:00 pm Metasploit Framework Revision c0d17734: Improve run-on sentences.: sinn3r
02:52 pm Metasploit Framework Revision 32a0596a: Merge branch 'oracle_bea_post_bof' of https://github.com/jvazquez-r7/metasploi...: sinn3r
02:41 pm Metasploit Framework Revision c4ab521d: better tab indentation: Juan Vazquez
02:15 pm Metasploit Framework Revision c6d91481: Updating to skip blank/nil service infos too: Tod Beardsley
02:02 pm Metasploit Framework Feature #6864: New aux modules HP Printers: Updated. Could you please test again? sinn3r .
01:58 pm Metasploit Framework Revision 4a5064a2: Typo on fingerprintable: Tod Beardsley
01:50 pm Metasploit Framework Revision 2238363e: Fixes the normalize mem leak in host.rb MDM model: This should not be pushed up though, because we really need to fix in
MDM proper. Tod Beardsley
12:50 pm Metasploit Framework Bug #6880 (Resolved): mozilla_attribchildremoved web server doesn't start: Your output does indicate the web server is listening on port 8080. But based on your other bug report, I'm guessing... sinn3r .
12:34 pm Metasploit Framework Revision 0b35ab6a: If the target isn't support, make sure we warn the user: sinn3r
12:21 pm Metasploit Framework Revision a21e8323: fingerprinting bea connector with Transfer-Encoding: Juan Vazquez
11:39 am Metasploit Framework Bug #6878 (Resolved): mozilla_nssvgvalue firefox 7 as target error: Fixed in commit:952ada1742cf300de739661b46b0421745a64157 sinn3r .
11:37 am Metasploit Framework Revision 952ada17: Fix broken target (variable naming): sinn3r
11:29 am Metasploit Framework Bug #6878: mozilla_nssvgvalue firefox 7 as target error: Nice catch. Problem reproduced. Happens if you set the target manually to 1. Fixing. sinn3r .
11:04 am Metasploit Framework Revision 2fccf467: Be explicit on what version we've tested: sinn3r
10:55 am Metasploit Framework Revision 1b70ba82: Merge branch 'batik_module' of https://github.com/jvazquez-r7/metasploit-frame...: sinn3r
10:23 am Metasploit Framework Revision 0fd3f967: errata fixed: Juan Vazquez
10:01 am Metasploit Framework Feature #6864: New aux modules HP Printers: * Yeah, I don't have much to modify for snmp_enum_hp_laserjet.rb, I think.
* HD usually wants get_once instead of ge... sinn3r .
09:48 am Metasploit Framework Revision 14d8ba00: Added batik svg java module: Juan Vazquez
09:37 am Metasploit Framework Revision 99368d27: Fix a missing require: HD Moore
05:03 am Metasploit Framework Bug #6880 (Resolved): mozilla_attribchildremoved web server doesn't start: Hello,
During test of mozilla_attribchildremoved the related web server doesn't start.
[*] Exploit running as b... Eric Romang
05:00 am Metasploit Framework Bug #6879 (Resolved): Error when starting metasploit: Hello,
after starting metasploit, i have these errors
msf > version
Framework: 4.4.0-dev.15205
Console : 4.... Eric Romang
04:18 am Metasploit Framework Bug #6878 (Resolved): mozilla_nssvgvalue firefox 7 as target error: Hello,
Testing mozilla_nssvgvalue i got the following error when specifying mozilla firefox 7 as target.
------... Eric Romang
04:07 am Metasploit Framework Revision 9a5e4d65: Added target BEA Weblogic 8.1 SP4: Juan Vazquez
03:40 am Metasploit Framework Feature #6864: New aux modules HP Printers: sinn3r . wrote:
> Made changes to these modules, please test and review before I can do pull requests for you. than... Matteo Cantoni
03:28 am Metasploit Framework Revision 445bd90a: Added module for CVE-2008-3257: Juan Vazquez

05/16/2012

11:57 pm Metasploit Framework Revision a88af1dd: Merge pull request #391 from rsmudge/armitage: add color to armitage's presentation of the Metasploit console sinn3r .
09:31 pm Metasploit Framework Feature #6203: Request for features for RC scripts: sticking in the backlog Jonathan Cran
09:30 pm Metasploit Framework Bug #702: Windows adduser payload fails on NT 4.0: pulling out of my queue Jonathan Cran
09:19 pm Metasploit Framework Feature #4668 (Closed): Add ESXi suppor to the lab plugin: closing this up. Jonathan Cran
09:19 pm Metasploit Framework Bug #3157 (Closed): define & document issue priorities.: Jonathan Cran
09:18 pm Metasploit Framework Feature #5703: Portable Windows version: pulling this off my queue, but this would still be a neat feature Jonathan Cran
07:07 pm Metasploit Framework Revision fe7928c1: Merge pull request #390 from jlee-r7/consolidate-250-254-375: Consolidate #250, #254, #375 jlee-r7
06:47 pm Metasploit Framework Revision de22d76a: Blank fields exist legitimately: The first process in Windows is usually [System Process] which has no
associated path, arch, or user, causing this co... James Lee
06:22 pm Metasploit Framework Revision 5bd374e6: Refactor the processlist into its own class: *NOTE* Possible backwards compatibility issue! Changes get_processes
hash key from 'parentpid' to 'ppid' James Lee
06:14 pm Metasploit Framework Feature #6864: New aux modules HP Printers: Made changes to these modules, please test and review before I can do pull requests for you. thanks. sinn3r .
05:14 pm Metasploit Framework Revision aee9c829: Undo mode change from last commit: >_< James Lee
05:13 pm Metasploit Framework Revision f60429ea: Linux binaries for consolidation: This includes ps support, sniffer enhancements and the new loadlib API
changes.
[See #250][See #254][See #375] James Lee
05:09 pm Metasploit Framework Revision 709f860e: Undo mode change from previous commit: James Lee
05:07 pm Metasploit Framework Revision 62f6ed97: Windows binaries for new loadlib API: James Lee
04:43 pm Metasploit Framework Feature #6864: New aux modules HP Printers: >> redmine is more practical.. I will try with github for the next request.
I can do it. No problem. And then yo... sinn3r .
02:34 pm Metasploit Framework Revision dd4aaa07: Fixing CVE reference: Tod Beardsley
02:34 pm Metasploit Framework Revision 336a00bc: Fixing CVE reference: Tod Beardsley
01:47 pm Metasploit Framework Revision 7a78c99c: Adding credit to original PoC guy for RuggedCom: Just added and commented. It'd be nice to have a real spot for this kind
of credit, because it comes up a lot and it'... Tod Beardsley
11:51 am Metasploit Framework Feature #6864: New aux modules HP Printers: sinn3r . wrote:
> * Do you mind doing pull requests instead?
> * Do these modules cause the printer to print stuff?... Matteo Cantoni
11:15 am Metasploit Framework Feature #6864: New aux modules HP Printers: * Do you mind doing pull requests instead?
* Do these modules cause the printer to print stuff?
* I don't think we ... sinn3r .
04:15 am Metasploit Framework Feature #6864 (New): New aux modules HP Printers: Hi,
I wrote 5 aux modules useful during a penetration test. Briefly, they permit three actions:
discovery (HP pri... Matteo Cantoni
03:23 am Metasploit Framework Revision 74e48129: add color to armitage's presentation of the Metasploit console: Raphael Mudge
02:40 am Metasploit Framework Revision 0b2a8e0b: Correct e-mail format: sinn3r

05/15/2012

11:05 pm Metasploit Framework Revision 4943b4c6: Bug fix from mubix (ruby 1.8 syntax): HD Moore
07:28 pm Metasploit Framework Feature #6855 (Resolved): adobe_pdf_embedded_exe exploit for Windows XP Spanish: Added, thanks!
https://github.com/rapid7/metasploit-framework/commit/b89e77c84213870b9800bb966c711586efb00ccf sinn3r .
07:27 pm Metasploit Framework Revision b89e77c8: Add Spanish dir path. Thanks Miguel: sinn3r
07:21 pm Metasploit Framework Revision 8428d16d: Format correction: sinn3r
06:35 pm Metasploit Framework Revision 3cd66402: Merge branch 'master' of https://github.com/FireFart/metasploit-framework into...: sinn3r
06:00 pm Metasploit Framework Revision 42719ab3: Squashed commit of the following:: commit 6a3ad1d887df9d277e4878de94f8700ed8e404f9
Author: James Lee <egypt@metasploit.com>
Date: Wed May 9 16:22:49 2... James Lee
05:58 pm Metasploit Framework Revision 55bb7abc: Squashed commit of the following:: commit 2027502c5c1364161854794529738344dddb5c50
Author: MM <gaspmat@gmail.com>
Date: Thu Mar 22 18:12:07 2012 +0100... M M
05:57 pm Metasploit Framework Revision 5d7190e8: Squashed commit of the following:: commit df6eef12147a294d7f198d057c27e87ed4ffbeb3
Author: MM <gaspmat@gmail.com>
Date: Tue Mar 20 18:01:50 2012 +0100... M M
05:53 pm Metasploit Framework Feature #6855: adobe_pdf_embedded_exe exploit for Windows XP Spanish: No, none of these are Unicode. Best regards… Miguel Lopez
05:42 pm Metasploit Framework Revision 406661f6: Better object for FF6: James Lee
05:29 pm Metasploit Framework Revision 740c493b: Add a Windows Mobile fingerprint: James Lee
04:59 pm Metasploit Framework Revision 19e32c21: Added more references: Christian Mehlmauer
04:53 pm Metasploit Framework Revision 46e58f86: Ruby naming style: Christian Mehlmauer
04:28 pm Metasploit Framework Revision 5f0075e2: Revert API change: Christian Mehlmauer
04:25 pm Metasploit Framework Revision 37d6af76: Revert API change: Christian Mehlmauer
04:16 pm Metasploit Framework Feature #6863: Avoid receiving a response when sending a HTTP request: hdm recommends the following solution:... sinn3r .
04:13 pm Metasploit Framework Feature #6863 (New): Avoid receiving a response when sending a HTTP request: When we use either send_request_cgi() or send_request_raw(), it always tries to receive a response from the server. ... sinn3r .
03:58 pm Metasploit Framework Revision 4acb627d: Add more detections for newer Firefox: Object detections are not extensively tested, but everything came from
the "Firefox for developers" series of documen... James Lee
03:45 pm Metasploit Framework Revision 82885cc6: Fixing author tags: Ensuring a space between name and email. Tod Beardsley
03:45 pm Metasploit Framework Revision f5698f4b: Msftidy on mozilla_attribchildremoved.rb: was executable, had bad spacing. Tod Beardsley
03:43 pm Metasploit Framework Revision 898398fd: Fixing author tags: Ensuring a space between name and email. Tod Beardsley
03:39 pm Metasploit Framework Revision 9b3f6029: Msftidy on mozilla_attribchildremoved.rb: was executable, had bad spacing. Tod Beardsley
03:09 pm Metasploit Framework Bug #6860: wrong version in firefox detected by lib/rex/exploitation/javascriptosdetect.js: ff from fedora 16:
about: 12.0
site:
Javascript OS Detection
Unknown Firefox buildID, please email the text on ... Artur Szymczak
03:07 pm Metasploit Framework Bug #6860: wrong version in firefox detected by lib/rex/exploitation/javascriptosdetect.js: IE9 from Windows 7 SP1:
About:
9.0.8112.16421
Update Version: 9.0.6 (KB2675157)
Site:
Javascript OS Detection
... Artur Szymczak
03:05 pm Metasploit Framework Bug #6860: wrong version in firefox detected by lib/rex/exploitation/javascriptosdetect.js: ff from windows:
about: 12.0
site:
Javascript OS Detection
Unknown Firefox buildID, please email the text on th... Artur Szymczak
03:03 pm Metasploit Framework Bug #6860: wrong version in firefox detected by lib/rex/exploitation/javascriptosdetect.js: From ArchLinux:
About: 12.0
egyp7.com:
Javascript OS Detection
Unknown Firefox buildID, please email the text o... Artur Szymczak
02:37 pm Metasploit Framework Bug #6860: wrong version in firefox detected by lib/rex/exploitation/javascriptosdetect.js: IE9 is on Windows 7 SP1.
FF on linux (arch linux full updated): 20120426140011
FF on linux (Fedora 16 full update... Artur Szymczak
02:32 pm Metasploit Framework Bug #6860: wrong version in firefox detected by lib/rex/exploitation/javascriptosdetect.js: This discussion might be faster over IRC, can you please join #metasploit on FreeNode? James Lee
02:30 pm Metasploit Framework Bug #6860: wrong version in firefox detected by lib/rex/exploitation/javascriptosdetect.js: Is that win7 sp1?
Are you saying Firefox doesn't give you a number with alert(navigator.buildID) ? James Lee
02:25 pm Metasploit Framework Bug #6860: wrong version in firefox detected by lib/rex/exploitation/javascriptosdetect.js: From IE9.0:
9016443
From FF... it doesn't work (either from urlbar nor from html file). Artur Szymczak
02:17 pm Metasploit Framework Bug #6860 (Assigned): wrong version in firefox detected by lib/rex/exploitation/javascriptosdetec...: James Lee
02:15 pm Metasploit Framework Bug #6860: wrong version in firefox detected by lib/rex/exploitation/javascriptosdetect.js: And in Firefox:... James Lee
02:09 pm Metasploit Framework Revision ee84195b: Add fingerprint for latest Ubuntu build: James Lee
02:06 pm Metasploit Framework Bug #6860: wrong version in firefox detected by lib/rex/exploitation/javascriptosdetect.js: Firefox is a little harder to get an accurate version without resorting to the User-Agent header (which is also easie... James Lee
02:04 pm Metasploit Framework Bug #6860: wrong version in firefox detected by lib/rex/exploitation/javascriptosdetect.js: Same with Firefox on Fedora 16 (full updated):
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 F... Artur Szymczak
01:52 pm Metasploit Framework Bug #6860: wrong version in firefox detected by lib/rex/exploitation/javascriptosdetect.js: Windows 7 Professional with IE9 (64bit Polish version) (full patched) reported as:
JavaScript Report: Microsoft Wind... Artur Szymczak
01:44 pm Metasploit Framework Bug #6860: wrong version in firefox detected by lib/rex/exploitation/javascriptosdetect.js: My version:
Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
Distro: Arch Linux (32bit) Artur Szymczak
01:33 pm Metasploit Framework Bug #6860 (Resolved): wrong version in firefox detected by lib/rex/exploitation/javascriptosdetec...: Hi,
I have FF 12.0, but lib/rex/exploitation/javascriptosdetect.js detects it as 3.6:
[*] 127.0.0.1 browser_... Artur Szymczak
12:53 pm Metasploit Framework Revision bc6ec537: Fix a ruby 1.8 compat error: Can't have commas at the end of argument lists. James Lee
12:43 pm Metasploit Framework Revision b2985972: Switched to Http Library, Code formatting issues: Christian Mehlmauer
08:14 am Metasploit Framework Revision 64270ea7: Adding default user/pass for CCTV module: User/pass combos that come from manuals and independant research. Tod Beardsley
08:03 am Metasploit Framework Revision 4ee24f7e: Adding Justin's CCTV module.: Tod Beardsley
01:31 am Metasploit Framework Feature #6855: adobe_pdf_embedded_exe exploit for Windows XP Spanish: Would any of these be unicode? Just wondering. sinn3r .
01:26 am Metasploit Framework Revision 8b068351: Make changes to proper API usage, whitespace, and extra characters.: sinn3r
01:20 am Metasploit Framework Revision 3c683fcf: Merge branch 'pyoor' of https://github.com/pyoor/metasploit-framework into pyo...: sinn3r
01:16 am Metasploit Framework Revision d54a228f: Correct version number: sinn3r

05/14/2012

10:32 pm Metasploit Framework Feature #6855 (Resolved): adobe_pdf_embedded_exe exploit for Windows XP Spanish: Modification to add to Windows XP SP3 Spanish as a Target on adobe_pdf_embedded_exe exploit:
127: dirs = [ "Deskto... Miguel Lopez
09:03 pm Metasploit Framework Revision c4052b3f: add missing import methods?: Brandon Perry
07:03 pm Metasploit Framework Revision a8b534dd: Cisco Secure ACS Module - Updated error handling: pyoor
06:50 pm Metasploit Framework Revision 2e49e561: Made suggested changes: pyoor
06:40 pm Metasploit Framework Revision 1beaeb8e: OpenVAS import functionality. See qa/sample_data for two openvas reports.: Brandon Perry
06:02 pm Metasploit Framework Revision 06b12bcd: Merge pull request #385 from brandonprry/wapiti_report: Wapiti XML report import sinn3r .
05:52 pm Metasploit Framework Revision 595df442: Delete vmware_update_manager_traversal.rb, because the latest: version is committed to master. Applied in changeset:
f4a446a6c1b6388fe6530daadbe06a0f044125c0 sinn3r
05:51 pm Metasploit Framework Bug #6815 (Resolved): Exception while running post/windows/gather/hashdump - stdapi_registry_quer...: Fix applied in changeset commit:6bbf0184237429c3818f9e64b57ecf881edbb201 based on HD's suggestion.
Still couldn't ... sinn3r .
05:44 pm Metasploit Framework Revision 6bbf0184: Fix bug #6815: A race condition that results in an invalid handle.: Under certain conditions, the module may run into an "The handle
is invalid" while obtaining registry keys and values... sinn3r
03:17 pm Metasploit Framework Revision 30338389: Correct reflective DLL references: HD Moore
03:11 pm Metasploit Framework Feature #6005 (Resolved): Implement CVE-2011-4404 (VMWare dir traversal): Applied in changeset commit:f4a446a6c1b6388fe6530daadbe06a0f044125c0 sinn3r .
03:10 pm Metasploit Framework Revision 84269f39: Correct EDB reference: sinn3r
03:08 pm Metasploit Framework Revision f4a446a6: Add module CVE-2011-4404: sinn3r
02:18 pm Metasploit Framework Feature #6005 (Assigned): Implement CVE-2011-4404 (VMWare dir traversal): Tested by Alexey, reopening... sinn3r .
09:26 am Metasploit Framework Revision 5aeab774: fix tabs that I missed in db.rb: Damon Jones
09:26 am Metasploit Framework Revision d17b07a6: Merge pull request #387 from swtornio/master: add osvdb refs sinn3r .
07:14 am Metasploit Framework Revision 7690e86a: add osvdb ref: Steve Tornio
07:13 am Metasploit Framework Revision bcfa96ce: add osvdb ref: Steve Tornio

05/13/2012

06:17 pm Metasploit Framework Revision 0b817944: Merge pull request #386 from jlee-r7/fix-posix-execute: Fix posix execute sinn3r .
06:15 pm Metasploit Framework Revision 2e8b11ca: Merge pull request #383 from rsmudge/armitage: Armitage 05.14.12 sinn3r .
04:43 pm Metasploit Framework Revision 99a5d1a7: fix :pname in the web_vuln_info hash to no include the parameter value: Damon Jones
04:31 pm Metasploit Framework Revision ecb106d7: throw is not the same as raise: Clearly this code never gets called. James Lee
04:30 pm Metasploit Framework Revision 2906686d: forgot to git add db.rb. oops: Damon Jones
04:28 pm Metasploit Framework Revision d5cec05c: fix tabs: Damon Jones
04:19 pm Metasploit Framework Revision 25380276: Remove extraneous puts: Damon Jones
03:58 pm Metasploit Framework Revision d0f49c12: Finished! Importing wapiti now adds Mdm::WebVulns to the db.: However, I see no way to actually seeing the webvulns in framework
after importing the report. Damon Jones
03:55 pm Metasploit Framework Revision 73331b66: Fix execution with spaces in args by using sh -c: In posix, a command like "echo 'foo bar'" would previously get parsed
out into arguments for execve like [ "echo", "'... James Lee
03:16 pm Metasploit Framework Revision 6b6dc60b: Cisco Secure ACS Auth Bypass Module: pyoor
01:59 pm Metasploit Framework Revision dc10fac8: Ported my Hashcollision Script to Ruby: Christian Mehlmauer
01:13 pm Metasploit Framework Revision 79a590cc: Merge pull request #380 from wchen-r7/bmerinofe-telnet_ruggedcom: Modified version of pull request #379 - RuggedCom Telnet Password Generator by bmerinofe sinn3r .
01:02 pm Metasploit Framework Revision b0b72b05: Adding the beginning of the wapiti report import nokogiri document: Brandon Perry
12:56 pm Metasploit Framework Revision c7b9b711: Armitage 05.14.12: This release SSL-enables the red team collaboration architecture, adds several keyboard
shortcuts and it improves the... Raphael Mudge
04:42 am Metasploit Framework Revision d2c26f98: Cleanup whitespace: sinn3r
04:37 am Metasploit Framework Revision c1fbf1f9: Merge branch 'mozilla_attribchildremoved' of https://github.com/corelanc0d3r/m...: sinn3r
04:31 am Metasploit Framework Revision dd42c309: added exploit for Firefox 8&9 AttributeChildRemoved UAF: Peter Van Eeckhoutte
04:09 am Metasploit Framework Revision 15fbb1e8: This the modified version of pull request #379. Changes include:: * Add more references
* Update description
* MSF license disclaimer
* Remove the to() function. Instead it's in run_h... sinn3r
03:56 am Metasploit Framework Revision 32581ebb: This the modified version of pull request #379. Changes include:: * Add more references
* Update description
* MSF license disclaimer
* Remove the to() function. Instead it's in run_h... sinn3r

05/12/2012

05:53 pm Metasploit Framework Revision e2bf3c57: throw is not the same as raise: Clearly this code never gets called. James Lee
08:14 am Metasploit Framework Revision b2a27bb2: added telnet password generator for ruggedcom devices: Borja Merino

05/11/2012

05:48 pm Metasploit Framework Revision bc1c9a7f: Prepend all messages with victim host:port: Redefining print_status locally to handle this. Seems like an easy way
to do this kind of thing for a particular modu... Tod Beardsley
05:12 pm Metasploit Framework Revision ab655677: Fixed typo, converted to OptEnum for fakedns targetaction: Tod Beardsley
05:01 pm Metasploit Framework Revision af71cdaf: Update modules/auxiliary/server/fakedns.rb: Jose Selvi
05:01 pm Metasploit Framework Revision 1d6b2eb3: Added TARGETACTION options and wildcard support: Jose Selvi
03:14 pm Metasploit Framework Revision 5d8fbefc: Merge pull request #378 from wchen-r7/distinct: Add OSVDB-80984 - Distinct TFTP Directory traversal sinn3r .
03:07 pm Metasploit Framework Revision 653d7e59: Add OSVDB-80984: sinn3r
09:39 am Metasploit Framework Bug #6846 (New): Nexpose console duplicate name/address allowed: Duplicate nexpose consoles (name and address) are allowed to be configured but should generate a page error and not b... Eric Thompson
03:23 am Metasploit Framework Bug #6844: Errno::EISCONN Socket is already connected in tftp_transfer_util: Please note: This seems to be a OSX specific problem. I cannot reproduce it on my Ubuntu box. sinn3r .
03:08 am Metasploit Framework Bug #6844 (New): Errno::EISCONN Socket is already connected in tftp_transfer_util: Not sure if this is because I don't know how to use the module, or there's actually a bug. But here it is:... sinn3r .

05/10/2012

09:42 pm Metasploit Framework Revision aa3930fc: Typo on fixed tftp module: Tod Beardsley
09:22 pm Metasploit Framework Bug #6843 (Resolved): undefined local variable or method `framework' in TFTP's client.rb: So, the framework object used to be there, and now it's not.
Fixed in https://github.com/rapid7/metasploit-framewo... Tod Beardsley
09:21 pm Metasploit Framework Revision 36c805c5: Move the context setting to the module: Apparently you can't hit the framework object before running the module
any more. Bummer.
[Fixes #6843] Tod Beardsley
05:52 pm Metasploit Framework Bug #6843: undefined local variable or method `framework' in TFTP's client.rb: Line 55 would be:... sinn3r .
05:50 pm Metasploit Framework Bug #6843 (Resolved): undefined local variable or method `framework' in TFTP's client.rb: [05/10/2012 17:45:44] [e(0)] core: Exploit exception (distinct_tftp_traversal): NameError: undefined local variable o... sinn3r .
12:18 pm Metasploit Framework Revision 7eabce88: Add comment for PrependEncoder: sinn3r
12:13 pm Metasploit Framework Revision 2b133304: Merge pull request #376 from wchen-r7/wikkawiki: Add CVE-2011-4449 sinn3r .
12:06 pm Metasploit Framework Revision 6e8c3ad1: It's "inject", not "upload"... because technically that's what really happens.: sinn3r
12:02 pm Metasploit Framework Revision c69e34d4: Update description: sinn3r
11:57 am Metasploit Framework Revision 86c3ad5e: Add CVE-2011-4449: sinn3r
10:35 am Metasploit Framework Bug #6840: auxiliary/scanner/http/cold_fusion_version: If you're using backtrack5, metasploit should be using it's own ruby version unless you are invoking it with ./msfcon... Joshua Smith

05/09/2012

12:47 pm Metasploit Framework Revision 65800f7c: Whitespace on solarwinds: Tod Beardsley
11:42 am Metasploit Framework Bug #6782 (Resolved): API Documentation Issue: Thao Doan
09:08 am Metasploit Framework Bug #6840: auxiliary/scanner/http/cold_fusion_version: Hmm
I'm using the default ruby install with Backtrack 5. I guess I can update to ruby 1.9.3 :-) Jim Kelly
08:56 am Metasploit Framework Bug #6840: auxiliary/scanner/http/cold_fusion_version: Neat! I mean, too bad!
Have you tried with ruby 1.9.3 (we like 1.9.3-p125)? We've never had much luck with Ruby 1.... Tod Beardsley
07:52 am Metasploit Framework Bug #6840 (New): auxiliary/scanner/http/cold_fusion_version: when using contents of file for RHOSTS input ie: file:/path/to/file
Ruby crashes when I run the scanner module
ms... Jim Kelly

05/08/2012

10:24 pm Metasploit Framework Revision b29f2265: Merge pull request #369 from jlee-r7/psnuffle-cleanup: Psnuffle cleanup sinn3r .
05:51 pm Metasploit Framework Revision 7a05f3ea: Mark failed logins as inactive: James Lee
05:40 pm Metasploit Framework Revision 318b14af: Fix improper reporting and stack traces when we missed a banner: Also makes sure we delete the session if we got a 221 response, even if
we haven't seen a login yet. James Lee
05:39 pm Metasploit Framework Revision 1eec1ceb: Fix improper reporting: :proto is always tcp, udp, etc., name is the higher layer name James Lee
05:38 pm Metasploit Framework Revision 536fa39a: Keep the client and the server on tracked tcp sessions: James Lee
02:50 pm Metasploit Framework Revision 88b35a32: Make permissions consistent: James Lee
02:49 pm Metasploit Framework Revision 421630ef: Binaries with fixed timestamps: [See #304] James Lee
02:48 pm Metasploit Framework Revision 5bf03aff: Squashed commit of the following:: commit db8a4fe575ec09607036ae5550adb83b345d9f2c
Author: Michael Schierl <schierlm@gmx.de>
Date: Wed Apr 11 00:41:51... Michael Schierl
02:41 pm Metasploit Framework Revision 452cead1: Merge psnuffle ntlmv2 support from Alex Malateaux: Testing this with smbclient requires setting "client ntlmv2 auth = yes"
in /etc/samba/smb.conf
Squashed commit of th... Alexandre Maloteaux
08:47 am Metasploit Framework Revision 86500aad: Author is always singular.: Tod Beardsley
01:30 am Metasploit Framework Revision 91a8ff27: Use print_good when SQL injection is found: sinn3r
01:26 am Metasploit Framework Revision fa9d23d8: When a blind SQL injection, it's a good thing (for the attacker), so we should...: sinn3r
12:22 am Metasploit Framework Revision ce16ab66: Cosmetic changes. Also lower the rank for now, because I picked up a state whe...: sinn3r
12:00 am Metasploit Framework Revision 22585ad9: Merge branch 'firefox_exploit' of https://github.com/lincoln-corelan/metasploi...: sinn3r

05/07/2012

09:41 pm Metasploit Framework Revision b8227b8a: Firefox Exploit: B C
03:53 pm Metasploit Framework Revision 122a3b78: Merge pull request #366 from rsmudge/armitage: give source code a correct home. sinn3r .
10:38 am Metasploit Framework Revision 6bd0e6ef: Merge pull request #365 from rsmudge/armitage: include armitage source in MSF tree. HD Moore
02:48 am Metasploit Framework Bug #6815: Exception while running post/windows/gather/hashdump - stdapi_registry_query_value: Op...: This is unfortunately a race condition, sometimes it can beat it by retrying, we probably need more aggressive retrie... HD Moore
02:46 am Metasploit Framework Revision 8ac11e60: Merge pull request #364 from jlee-r7/php-meterp-improvements: Php meterp improvements HD Moore
02:44 am Metasploit Framework Revision 1cf0e555: Merge pull request #363 from rsmudge/armitage: Armitage 05.07.12 HD Moore
02:42 am Metasploit Framework Revision 1a30e221: See #362 by changing the exitfunc arguments to be the correct type: HD Moore
02:41 am Metasploit Framework Revision f6c88377: Fixes #362 by changing the exitfunction arguments to be the correct type: HD Moore
02:01 am Metasploit Framework Revision 7ef965da: Add md5 and sha1 support to php meterp: James Lee
01:41 am Metasploit Framework Revision af6589b7: Add mkdir and rmdir support for PHP: I swear I've written this code before, i wonder where git hid it. James Lee
12:40 am Metasploit Framework Revision 3a256585: Add a test for doing md5 and sha1 of remote files: James Lee
12:33 am Metasploit Framework Revision cf664eb6: Fix the test for having an iface w/an ip matching session_host: ifaces can have multiple addresses, loop through all of 'em. James Lee

05/06/2012

11:16 pm Metasploit Framework Bug #6837 (Closed): ship ruby.h so users can install native gems: HD Moore
07:31 am Metasploit Framework Bug #6837: ship ruby.h so users can install native gems: Hello,
After upgrading to metasploit v4.4.0-dev [core:4.4 api:1.0] they're are no more troubles.
You can close ... Eric Romang
05:08 am Metasploit Framework Bug #6837 (Closed): ship ruby.h so users can install native gems: Hello,
I have try to load the "lab" plugin, but have this error :
msf > load lab
[-] Failed to load plugin fro... Eric Romang
12:52 am Metasploit Framework Revision 24a9cd92: give source code a correct home.: Raphael Mudge

05/05/2012

10:30 pm Metasploit Framework Bug #6836 (New): Invalid IP address in report_host() for enum_dns: ... sinn3r .
02:48 pm Metasploit Framework Revision 20120570: include armitage source in MSF tree.: Raphael Mudge
01:49 pm Metasploit Framework Revision da50bf90: Merge pull request #361 from swtornio/master: add osvdb refs sinn3r .
01:20 pm Metasploit Framework Revision 5b688124: Armitage 05.07.12: This release overhauls Armitage's collaboration architecture and
introduces several requested improvements:
1. Users... Raphael Mudge
10:14 am Metasploit Framework Revision ba4ae384: add osvdb ref: Steve Tornio
10:13 am Metasploit Framework Revision cef2da61: add osvdb ref: Steve Tornio
10:13 am Metasploit Framework Revision 92e07aab: Add osvdb ref: Steve Tornio

05/04/2012

06:32 pm Metasploit Framework Revision 18a44148: Randomize case for ini true/false values: James Lee
04:11 pm Metasploit Framework Bug #6815: Exception while running post/windows/gather/hashdump - stdapi_registry_query_value: Op...: Not reproducing this issue. Got a backtrace? sinn3r .
03:54 pm Metasploit Framework Bug #6808 (Assigned): Auxiliary module vmware_enum_sessions bug on ESXi: sinn3r .
03:52 pm Metasploit Framework Bug #6500 (Resolved): snmp_enum doesn't show the processes enumerated: https://github.com/rapid7/metasploit-framework/commit/f48d36ca314b2187ff372cd05144142c5788c5ce sinn3r .
03:49 pm Metasploit Framework Bug #6253 (Rejected): vmware_server_dir_trav throwing argument error: Not reproducing this issue. Will need a new backtrace since this one is pointing at report_auth_info(), not the one ... sinn3r .
03:47 pm Metasploit Framework Revision 9c3d2355: Allow this module to be more verbose for future debugging: sinn3r
03:26 pm Metasploit Framework Bug #5919 (Resolved): multi_post has undefined variable 'script': Not reproducing this issue anymore. Assuming this is fixed, if not please reopen. sinn3r .
03:21 pm Metasploit Framework Bug #6782 (Assigned): API Documentation Issue: Not sure what API documentation you're talking about.... assigning this to tdoan. sinn3r .
03:11 pm Metasploit Framework Revision f48d36ca: Output changes. #6511: sinn3r
03:10 pm Metasploit Framework Bug #6440 (Rejected): [windows/http/servu_session_cookie] No encoders encoded the buffer successf...: Have not heard from Robin again. sinn3r .
02:53 pm Metasploit Framework Bug #6438 (Resolved): osx post modules report creds incorrectly: https://github.com/rapid7/metasploit-framework/commit/454a20b07984494a2d3a7a3040227dff4b8a4c33 sinn3r .
02:52 pm Metasploit Framework Revision 454a20b0: Fix bug #6438: sinn3r
02:39 pm Metasploit Framework Bug #6438: osx post modules report creds incorrectly: egyp7 probably means enum_osx.rb sinn3r .
02:35 pm Metasploit Framework Bug #6511 (Resolved): snmp_set prints a misleading warning message: https://github.com/rapid7/metasploit-framework/commit/f48d36ca314b2187ff372cd05144142c5788c5ce sinn3r .
02:33 pm Metasploit Framework Revision 457ca44f: Fix #6511: sinn3r
01:27 pm Metasploit Framework Bug #6559 (Rejected): auxiliary/gather/dns_info: Not reproducing this issue. But there's something wrong with .txt() in the most current version + recommended setup ... sinn3r .
01:26 pm Metasploit Framework Feature #6560 (Rejected): auxiliary/gather/dns_info: OUTFILE isn't our typical recommendation. Instead we store data to database, which we do also in this case. sinn3r .
01:23 pm Metasploit Framework Revision babababe: 1. Fix enum_dns: .txt is not (or no longer a method): 2. Patch snmp_enum: bug #6500 sinn3r
12:36 pm Metasploit Framework Bug #6537 (Resolved): Access is denied when call 'get_imperstoken' with administrator privs: Fixed in commit:69b60b88f8eb5cca7d756b6727b995d19a8629ee sinn3r .
12:32 pm Metasploit Framework Bug #6761 (Resolved): OWA Brute Force Utility misses a working L/P when user had never login: Fixed in the following, assuming by "preference window" you mean the Options page:
https://github.com/rapid7/metaspl... sinn3r .
12:30 pm Metasploit Framework Revision 8b3b952c: Fix bug #6761 - false negative when OWA brings the user to the Options page in...: sinn3r
12:17 pm Metasploit Framework Revision 423437c6: Woops, small typo in disable_functions: HD Moore
12:15 pm Metasploit Framework Revision c6b39e8e: Add additional definitions to disable safe_mode, open_basedir, suhosin. (thank...: HD Moore
11:46 am Metasploit Framework Bug #6801 (Resolved): enum_dirperms throws stack trace when access is denied: sinn3r .
11:46 am Metasploit Framework Bug #6801: enum_dirperms throws stack trace when access is denied: Fixed in:
https://github.com/rapid7/metasploit-framework/commit/69b60b88f8eb5cca7d756b6727b995d19a8629ee sinn3r .
11:44 am Metasploit Framework Revision 69b60b88: Fix bug #6801: Error handling for get_imperstoken(): sinn3r
11:30 am Metasploit Framework Bug #6809 (Resolved): Auxiliary module vmware_enum_vms bug: I put a patch in there by checking if vm_index_array is actually an array or not before using delete_if:
https://git... sinn3r .
11:26 am Metasploit Framework Revision 4f2226e3: Make sure vim_index_array is actually an array before doing the delete_if. Bug...: sinn3r
10:33 am Metasploit Framework Bug #6826 (Resolved): msfvenom fails with NoMethodError undefined method `supports?' for [Msf::Mo...: https://github.com/rapid7/metasploit-framework/commit/1cdc376f2b8e39ae76e60273ffc24148e82dd789 sinn3r .
10:19 am Metasploit Framework Revision 2ce3558b: Bump the rank: HD Moore
10:06 am Metasploit Framework Revision bed48467: A little more module cleanup: HD Moore
09:59 am Metasploit Framework Revision d668e232: Rename this to a more suitable location: HD Moore
09:58 am Metasploit Framework Revision 6cf6a954: Fix up the PHP CGI exploit, remove debug lines: HD Moore
03:21 am Metasploit Framework Bug #6826 (HavePatch): msfvenom fails with NoMethodError undefined method `supports?' for [Msf::M...: Fixed the issue and changes have been merged with the master branch. Silviu-Mihai Popescu
12:11 am Metasploit Framework Revision d5d35551: Add EDB reference: sinn3r
12:02 am Metasploit Framework Revision 6d5ceb07: Merge pull request #359 from wchen-r7/solarwinds_storage_manager_sql: Add Solarwinds Storage Manager 5.1.0 SQL Injection (code execution) sinn3r .
12:01 am Metasploit Framework Revision 9a360172: no unicode: sinn3r

05/03/2012

08:37 pm Metasploit Framework Revision 25b11a02: Update the comment for check(): sinn3r
08:34 pm Metasploit Framework Revision 4bf674ec: Pff, and of course, I had to make a typo on that one: sinn3r
08:33 pm Metasploit Framework Revision 1a4d3f84: A little change to the description: sinn3r
08:29 pm Metasploit Framework Revision 1cdc376f: Merge branch 'msfvenom_nomethoderror' of https://github.com/silviupopescu/meta...: sinn3r
08:24 pm Metasploit Framework Revision 7ca69f00: Add Solarwinds Storage Manager 5.1.0 SQL Injection (code execution): sinn3r
08:00 pm Metasploit Framework Revision 2d1f4d4f: Add hdm's better check method: James Lee
07:51 pm Metasploit Framework Revision 40ec3d9d: Add an exploit module for the recent php cgi bug (CVE-2012-1823): James Lee
12:58 pm Metasploit Framework Bug #6829: msfrpcd deadlock when interacting with console from multiple simultaneous clients: Here's another crash log. These logs capture what led me to produce this test case. Once msf updated to the new Rails... Raphael Mudge
12:44 pm Metasploit Framework Bug #6829: msfrpcd deadlock when interacting with console from multiple simultaneous clients: Here's another crash with the framework.log attached. Raphael Mudge
12:36 pm Metasploit Framework Bug #6829: msfrpcd deadlock when interacting with console from multiple simultaneous clients: This looks specific to 32-bit, I was able to repro a dead msfrpcd service thread (but not a crash). The framework.log... HD Moore
12:11 pm Metasploit Framework Bug #6829: msfrpcd deadlock when interacting with console from multiple simultaneous clients: Here's the Ruby crash stack trace from the BT5r1 system. Raphael Mudge
12:04 pm Metasploit Framework Bug #6829 (New): msfrpcd deadlock when interacting with console from multiple simultaneous clients: Steps to reproduce:
1) Start msfrpcd:
msfrpcd -U msf -P test -a 127.0.0.1 -p 55554 -S -f
2) start msfrpc A:
... Raphael Mudge
11:57 am Metasploit Framework Bug #6828 (New): HTTP Scanners should accept a list of hostnames: Currently, when using a scanner against a webserver, you must set RHOSTS and VHOST. This limits you to a single VHOST... Jonathan Cran
11:16 am Metasploit Framework Feature #6827 (Resolved): "RuggedCom Telnet Password Generator" Module: This module just calculate the password for the hidden account "factory" in the RuggedCom Rugged Operating
System (R... Borja Merino
09:47 am Metasploit Framework Revision 605e1929: Fixed msfvenom NoMethodError with alpha_mixed encoder.: The issue was reported on Github[1] and Redmine[2].
The error consisted of trying to use the supports?() method
on a... Silviu-Mihai Popescu
01:17 am Metasploit Framework Bug #6825: [POSIX] Creating a second tcp channel fails: notify ID is hardcoded for POSIX version (0x5a5a5a5a)
if memory serves, when inserting the notify in the list, it al... M M
12:33 am Metasploit Framework Revision 5151a4c5: Cosmetic: HD Moore
12:31 am Metasploit Framework Revision 99d7b260: Cosmetic: HD Moore
12:31 am Metasploit Framework Revision 7f87d518: Cosmetic: HD Moore

05/02/2012

10:19 pm Metasploit Framework Bug #6826: msfvenom fails with NoMethodError undefined method `supports?' for [Msf::Module::Platf...: Twin github issue here:
https://github.com/rapid7/metasploit-framework/issues/357
I get semi-conflicting answers ... Brandon Perry
10:18 pm Metasploit Framework Bug #6826 (Resolved): msfvenom fails with NoMethodError undefined method `supports?' for [Msf::Mo...: The offending code is:
68 def init_platform(platform)
69 if(platform.supports?(::Msf::Module::PlatformList.win32)... Brandon Perry
09:57 pm Metasploit Framework Revision 43d730d5: Squashed commit of minor cosmetic fixes:: commit eed15ea9ecc88683c8d922fe155d4777a7ce1286
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed May 2 21:55:5... Tod Beardsley
07:06 pm Metasploit Framework Revision dd7bc23d: Whitespace: James Lee
06:20 pm Metasploit Framework Bug #6825: [POSIX] Creating a second tcp channel fails: It's a thread starvation issue:... James Lee
05:11 pm Metasploit Framework Bug #6825 (New): [POSIX] Creating a second tcp channel fails: No error, just doesn't give back a channel. Here's the relevant bits of a meterpreter debug log:... James Lee
03:56 pm Metasploit Framework Bug #6316: exception in StreamMonitorRemote thread when pivoting: Also affects linux, but strangely, not Windows. James Lee
02:53 pm Metasploit Framework Feature #6822: Enhancements to auxiliary/scanner/http/coldfusion_locale_traversal and cold_fusio...: If i understand what you are saying correctly, the way you originally approached it actually worked quite well...
... Thomas Ring
02:49 pm Metasploit Framework Feature #6822: Enhancements to auxiliary/scanner/http/coldfusion_locale_traversal and cold_fusio...: since you are updating the module, you can add a check if the traversal is working. i've been using
/CFIDE/adminis... Chris Gates
02:20 pm Metasploit Framework Feature #6822 (HavePatch): Enhancements to auxiliary/scanner/http/coldfusion_locale_traversal an...: Reading CGs blog here: http://carnal0wnage.attackresearch.com/2012/04/from-low-to-pwned-2-coldfusion.html
I was re... Thomas Ring
01:59 pm Metasploit Framework Feature #6784: Generic XSLT+Java and XSLT+PHP modules: Here's a new version, much more elegant and robust. The Java and PHP features were merged.
Thanks to egypt for helpi... Nicolas Gregoire
11:40 am Metasploit Framework Bug #6815: Exception while running post/windows/gather/hashdump - stdapi_registry_query_value: Op...: +1 to this. I usually experience this when running hashdump post module against an XP/2003 system. Sometimes it works... Raphael Mudge

05/01/2012

11:34 pm Metasploit Framework Bug #6815: Exception while running post/windows/gather/hashdump - stdapi_registry_query_value: Op...: The session was generated using psexec against a Windows XP host. Was the SYSTEM process migrate necessary? Jonathan Cran
11:33 pm Metasploit Framework Bug #6815 (Resolved): Exception while running post/windows/gather/hashdump - stdapi_registry_quer...: Relatively new regression. Was not occurring against the same system / same setup before Apr 16, 2012 11PM - unclear ... Jonathan Cran
05:29 pm Metasploit Framework Revision c26dff4c: Clear whitespace: sinn3r
04:21 pm Metasploit Framework Revision 1c03c2b1: Fix indentation: James Lee
04:21 pm Metasploit Framework Revision 194c0906: Fix a stack trace when SMBUser is nil: James Lee
04:21 pm Metasploit Framework Revision d68d832c: Squashed commit of the following:: commit a0b50c394962fc90afc8d6232e1875588ed7ecb3
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date: Fri Apr 2... Alexandre Maloteaux
04:21 pm Metasploit Framework Revision 6ab66dc5: Fix a stack trace when the SMBUser isn't set: For some reason an invalid user/pass don't seem to trigger
STATUS_ACCESS_DENIED responses, but an empty user does. James Lee
04:13 pm Metasploit Framework Revision c27fb73b: Removing temp test dir for git user training: Tod Beardsley
04:03 pm Metasploit Framework Revision 63934fc3: Adding another test file (ignore): [Closes #356] Tod Beardsley
03:59 pm Metasploit Framework Revision 06926a30: Merge remote branch 'mcfakepants/new_test_file': Tod Beardsley
03:48 pm Metasploit Framework Revision 5063b3e7: Adding a file to the Git Repo (ignore): This file will be edited a few times then removed. It is here just for
GitHub user training for metasploit developers. Tod Beardsley
03:48 pm Metasploit Framework Revision 22befa59: module for cve-2012-1775 added: juan
03:48 pm Metasploit Framework Revision ba64bf0e: Forgot... I don't need to print the client's IP manually anymore: sinn3r
03:48 pm Metasploit Framework Revision f3ecce5d: We no longer have to print the client's IP, because it's now a built-in feature.: sinn3r
03:42 pm Metasploit Framework Revision 7e969a98: Adding a new file to test/git.txt: Fakey McFakepants
03:04 pm Metasploit Framework Bug #6809 (Resolved): Auxiliary module vmware_enum_vms bug: Hello,
I have test the vmware_enum_vms auxiliary module on a ESXi 5.0 with one running VM.
You can find here un... Eric Romang
02:52 pm Metasploit Framework Bug #6808 (Assigned): Auxiliary module vmware_enum_sessions bug on ESXi: Hello I have test the auxiliary module vmware_enum_sessions on a ESXi 5.0.0, and the module is not able to gather the... Eric Romang
01:14 pm Metasploit Framework Revision 4cdef9ab: Adding a file to the Git Repo (ignore): This file will be edited a few times then removed. It is here just for
GitHub user training for metasploit developers. Tod Beardsley
12:56 pm Metasploit Framework Revision 3e72f555: Forgot... I don't need to print the client's IP manually anymore: sinn3r
12:47 pm Metasploit Framework Revision 30992360: We no longer have to print the client's IP, because it's now a built-in feature.: sinn3r
12:27 pm Metasploit Framework Revision 094e7d03: Merge branch 'cve-2012-1775_vlc_mms_bof' of https://github.com/juanvazquez/met...: sinn3r
10:33 am Metasploit Framework Revision 3195e713: Remove reference to missing dispatch_ninja: HD Moore
10:31 am Metasploit Framework Revision bbca2c46: Remove reference to missing dispatch_ninja: HD Moore
09:39 am Metasploit Framework Revision 01b0d855: module for cve-2012-1775 added: juan
12:43 am Metasploit Framework Revision a9dd2f49: Bump versions to 4.4.0-dev: HD Moore
12:35 am Metasploit Framework Revision 172456b6: Fix a mangled merge that prevent imported vulns from being registered in some ...: HD Moore
12:35 am Metasploit Framework Revision 9988d6a4: Tabs. Sweet sweet tabs: HD Moore
12:35 am Metasploit Framework Revision 0367b7b3: Fix a mangled merge that prevent imported vulns from being registered in some ...: HD Moore

04/30/2012

06:38 pm Metasploit Framework Revision 1f6d0ad4: Squashed commit of the following:: commit a0b50c394962fc90afc8d6232e1875588ed7ecb3
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date: Fri Apr 2... Alexandre Maloteaux
06:29 pm Metasploit Framework Revision 82b8042d: Fix an error condition with the afp server info module: Better exception handling is probably needed for the entire thing David Maloney
04:23 pm Metasploit Framework Revision 5fec29e6: Add McAfee Virtual Technician ActiveX MVTControl vulnerability: sinn3r
04:00 pm Metasploit Framework Bug #6801 (Resolved): enum_dirperms throws stack trace when access is denied: ... Jonathan Cran
02:18 pm Metasploit Framework Bug #6800 (Assigned): Modules should not be building their own URI manually: Instead of building an URI manually, the following modules should use get_uri()
modules/exploits/windows/browser/a... sinn3r .
01:49 pm Metasploit Framework Revision fd2e4c12: Fix possible "can't convert Fixnum into String" error: sinn3r
12:22 pm Metasploit Framework Revision 348da8e5: Fixes an issue with mysql probes not timing out properly.: David Maloney

04/29/2012

06:40 pm Metasploit Framework Revision e12c29a5: Fix up the check so it doesn't throw a marshal exception: HD Moore
06:11 pm Metasploit Framework Revision ffd91793: Make RMI easier to correlate, add a vulnerability check to the scanner module: HD Moore

04/28/2012

02:32 am Metasploit Framework Revision 46ad5996: Add CVE-2012-1495 WebCalendar settings.php code injection: sinn3r

04/27/2012

08:16 pm Metasploit Framework Revision 7904fe5b: Fixes load error for post/multi/general/execute.rb: Need to require 'msf/core/post/common' before including
Msf::Post::Common Tod Beardsley
03:22 pm Metasploit Framework Revision f1cd488f: Overrirdes the autofilter results from the HTTPServer mixin for the rmi: exploit David Maloney
03:20 pm Metasploit Framework Bug #6797 (New): Exploit::Remote::TcpServer can't use Meterpreter TcpServerChannel: Setup: Meterpreter session on target (192.168.1.110), route added to use that session for traffic to/from that addres... Daniel Miller
01:24 pm Metasploit Framework Revision a0790055: Fixups on exploit for ms09-022: * Adding a platform
* Using Rex's thread factory so the thread manager can deal with the
module correctly. Tod Beardsley
11:48 am Metasploit Framework Revision cacf7c94: Msftidy fixes on ms09_022_enumprinters.rb: * Stack buffer overflow, not stack overflow
* Tons of lines full of whitespace. Tod Beardsley
11:38 am Metasploit Framework Revision 01a6f489: Add xero's ms09-022: sinn3r
01:23 am Metasploit Framework Revision 67fe5b77: Bump this up: HD Moore
01:02 am Metasploit Framework Revision ec831a16: Smarter RMI class loader logic: HD Moore
12:07 am Metasploit Framework Revision 4c2e1c28: Small updates to the rmi modules: HD Moore

04/26/2012

01:50 pm Metasploit Framework Bug #6787 (New): Problems with msfupdate on 4.3.0: ... Jonathan Cran
09:44 am Metasploit Framework Feature #6594: Liferay XSL Command Execution: FYI, I created ticket #6784 (https://dev.metasploit.com/redmine/issues/6784) regarding some generic Xalan-J and PHP m... Nicolas Gregoire
09:42 am Metasploit Framework Feature #6784 (HavePatch): Generic XSLT+Java and XSLT+PHP modules: Ticket #6594 describes a module exploiting a feature in the "XSL Portlet" of Liferay. This feature allows to execute ... Nicolas Gregoire
07:04 am Metasploit Framework Feature #6783 (New): MSF Improvement Notes From Last Pentest: Here are some things I noticed during a recent pentest which I was able to work around but could help pentesters in t... Tessier Ashpool
02:38 am Metasploit Framework Revision 63ed7fcc: Whitespace, be gone!: sinn3r
02:36 am Metasploit Framework Revision d985ba5e: Clean up whitespace: sinn3r

« Previous

Also available in: Atom