Activity

From 01/05/2012 to 02/03/2012

Today

07:13 pm Metasploit Framework Bug #6339: Railgun Error: Judging from the error, a stray "(" got into the user's declaration for "NetGetJoinInformation". The mistake is not i... Chao Mu
05:25 pm Metasploit Framework Bug #6252: Upload fails from meterpreter session: Related to Fastlib. Commenting out the Kernel.require override fixes it. James Lee
05:11 pm Metasploit Framework Bug #6252: Upload fails from meterpreter session: Reproduced. The key here is the 'lcd' command which changes the working dir for all of the msfconsole process. James Lee
05:04 pm Metasploit Framework Bug #6147 (Feedback): Module synflood Argument INTERFACE: ArgumentError interface must be a strin...: Can't reproduce on Linux. It looks like you're on a BSD of some variety, do any of the other pcap modules work for you? James Lee
05:01 pm Metasploit Framework Revision f89853d3: Squashed commit of the following:: commit 69bb41a8176fb814485225e0c3b0e1c44342e652
Author: matugm <matugm@gmail.com>
Date: Tue Jan 31 11:30:52 2012 +0... matugm
03:31 pm Metasploit Framework Revision 148dddba: http_fingerprint should use the ssl() function: Instead of re-declaring ssl as a variable, just use the library's SSL
function, since it's there and it's incidentall... Tod Beardsley
03:27 pm Metasploit Framework Bug #6346: Concurrent access to console for printing when using multiple threads: This could be hairy.... James Lee
03:10 pm Metasploit Framework Revision c0e98255: Whitespace and a typo: James Lee
12:15 pm Metasploit Framework Revision af506240: http_fingerprint reports service info: Service info once again is reported when http_fingerprint is run against
a target, along with http status codes. Tod Beardsley
11:13 am Metasploit Framework Bug #6346 (New): Concurrent access to console for printing when using multiple threads: When using multiple threads with auxiliary modules , data output can be "mixed" between threads.
For instance, mssql... M M
11:12 am Metasploit Framework Feature #6343: [POSIX meterpreter] needs a 'make debug' target: Agreed, I think this adds too much to the payload size to be changed in the main trunk. I'll work on getting a 'make... James Lee
10:27 am Metasploit Framework Revision 864a6815: Merge pull request #152 from argp/mozilla_mchannel_lion: Modified (and tested) to work on Lion 10.7.2 and 10.7.3 sinn3r .
10:20 am Metasploit Framework Feature #6343: [POSIX meterpreter] needs a 'make debug' target: What do you think, egypt7? I'n not super-thrilled about dropping 400k back into meterpreter. Tod Beardsley
09:47 am Metasploit Framework Bug #6344 (Resolved): [meterpreter] double call to stdapi_net_config_get_interfaces when using "i...: Applied in changeset commit:6623988fc09a2dd8241977e2c31bfe938802f91f. HD Moore
09:46 am Metasploit Framework Revision 6623988f: Remove duplicate interfaces call, fixes #6344: HD Moore
09:42 am Metasploit Framework Bug #6344 (Resolved): [meterpreter] double call to stdapi_net_config_get_interfaces when using "i...: When using the command "ipconfig" in meterpreter, 2 calls to stdapi_net_config_get_interfaces are performed :
I... M M
08:49 am Metasploit Framework Feature #6343 (New): [POSIX meterpreter] needs a 'make debug' target: As posix meterpreter is still in development, crashes can occur.
As librairies are stripped before before being add... M M
04:39 am Metasploit Framework Revision ed34fd70: Modified (and tested) to work on Lion 10.7.2 and 10.7.3: Patroklos Argyroudis

02/02/2012

10:22 pm Metasploit Framework Bug #6340 (Resolved): vmware_http_login false positives all over the place: Applied in changeset commit:786d75493ca0e24244821e64db4b05828f4d2e7f. Tod Beardsley
10:19 pm Metasploit Framework Revision 786d7549: Fix up VMWware webscan to not false positive: Checks to see if a target is actually vmware based on the provided
cookie, using the http_fingerprint() function from... Tod Beardsley
10:19 pm Metasploit Framework Bug #6340 (Resolved): vmware_http_login false positives all over the place: The module should check to see if a service is actually VMWare Web Services before it calls a success. Tod Beardsley
10:09 pm Metasploit Framework Revision 0e4fd204: Change Msm -> Mdm in migrations. This is what was preventing migrations from f...: Matt Buck
04:33 pm Metasploit Framework Bug #6339: Railgun Error: Copypaste for posterity:... Tod Beardsley
04:32 pm Metasploit Framework Bug #6339 (New): Railgun Error: DarkOperator says this:
https://github.com/rapid7/metasploit-framework/issues/144
Someday we'll drop one of the... Tod Beardsley
01:26 pm Metasploit Framework Bug #6336 (Resolved): [meterpreter] ls output not sorted correctly: Fixed in commit:cd0a806a0663a573e2edc6032b1e037100eaa09c James Lee
01:14 pm Metasploit Framework Bug #6303 (Resolved): Sessions are sorted lexicographically instead of numerically: Applied in changeset commit:b347418f90ecd6dacd8c610f66ce554a6d55ee3c. James Lee
01:13 pm Metasploit Framework Revision cd0a806a: Sort by filename instead of the default first column: [Fixes 6336] James Lee
01:13 pm Metasploit Framework Revision b347418f: Add checks for numeric column data: [Fixes #6303] James Lee
01:13 pm Metasploit Framework Revision eb795514: Add a SortIndex option to rex Table: Allows Table#to_s to do the right thing when the first column isn't the
one we want sorted. James Lee
01:12 pm Metasploit Framework Bug #6336: [meterpreter] ls output not sorted correctly: This was broken by the fix for #2052. James Lee
12:22 pm Metasploit Framework Feature #6338 (New): LFI Downloader: This module will download an arbitrary readable file based in a wordlist through LFI vulnerability Ewerson Guimaraes (Crash)
11:27 am Metasploit Framework Revision aa44eb95: Correct author e-mail format: sinn3r
11:13 am Metasploit Framework Revision 1676bd3c: Add MSF License header. Use print once to print the whole table instead of ru...: sinn3r
10:21 am Metasploit Framework Revision d230eeed: Merge branch 'mount.smbfs-creds' of https://github.com/jhartftw/metasploit-fra...: sinn3r
10:19 am Metasploit Framework Bug #6336 (Resolved): [meterpreter] ls output not sorted correctly: when doing a "ls" in meterpreter, filenames should be sorted, which is not the case :... M M
07:48 am Metasploit Framework Bug #6334 (New): [POSIX meterpreter] enabling debug makes meterpreter crash: some parameters are missing in calls to dprintf, which leads to stack corruption and segfault when trying to print me... M M
03:22 am Metasploit Framework Bug #6328 (Resolved): Linux meterpreter uses libpcap for listing interfaces: Fixed in commit:e045accf James Lee
03:11 am Metasploit Framework Revision 6b29af5c: Add user-agent check. Auto-migrate.: sinn3r
02:54 am Metasploit Framework Revision 6be65acf: Merge branch 'CVE-2008-2551_c6_DownloaderActiveX' of https://github.com/juanva...: sinn3r
02:53 am Metasploit Framework Feature #6331 (Resolved): Sunway ForceControl <= 6.1 sp3 SNMP NetDBServer.exe Stack Overflow: Module committed. Thanks! commit:de675c349a822d0186115a25265e93633f14360a sinn3r .
02:49 am Metasploit Framework Revision de675c34: Upgrade exploit rank, because it fits the description: sinn3r
02:43 am Metasploit Framework Revision 28b4f4b6: Add Sunway ForceControl NetDBServer.exe Buffer Overflow (Feature #6331): sinn3r
02:40 am Metasploit Framework Feature #6331: Sunway ForceControl <= 6.1 sp3 SNMP NetDBServer.exe Stack Overflow: Tested Sunway Force Control 6.0 on:
- Windows XP SP3
- Windows Vista SP0
- Windows Vista SP2
- Windows 7 SP1 sinn3r .
02:39 am Metasploit Framework Feature #6331: Sunway ForceControl <= 6.1 sp3 SNMP NetDBServer.exe Stack Overflow: Final version to be committed. sinn3r .
01:14 am Metasploit Framework Revision 026c24c1: Replace the root-only pcap iface listing technique: Leaks memory, will remedy momentarily
[See #6328] James Lee
01:14 am Metasploit Framework Revision e045accf: Refactor interface listing: [See #6328] James Lee
01:14 am Metasploit Framework Revision 10bd708a: Just rm libpcap add re-extract instead of cleaning: It's faster. James Lee
01:08 am Metasploit Framework Bug #6318: POSIX meterpreter cannot be compiled with GCC 4.6: Page at http://dev.metasploit.com/redmine/projects/framework/wiki/Compiling_Meterpreter has been updated with releva... M M
12:53 am Metasploit Framework Feature #6331 (HavePatch): Sunway ForceControl <= 6.1 sp3 SNMP NetDBServer.exe Stack Overflow: sinn3r .
12:52 am Metasploit Framework Feature #6331: Sunway ForceControl <= 6.1 sp3 SNMP NetDBServer.exe Stack Overflow: Thanks. Looking into it... sinn3r .

02/01/2012

07:29 pm Metasploit Framework Feature #6331 (Resolved): Sunway ForceControl <= 6.1 sp3 SNMP NetDBServer.exe Stack Overflow: Hey guys, submitting a new module for Sunway ForceControl SCADA HMI. When installing Sunway, make sure that you go t... James Fitts
04:26 pm Metasploit Framework Revision 82eacbe2: Added module for CVE-2008-2551: juan
04:14 pm Metasploit Framework Bug #6325 (Closed): NoMethodError undefined method `id' for nil:NilClass (db_record): Jonathan Cran
04:14 pm Metasploit Framework Bug #6322 (Closed): [POSIX meterpreter] pwd and ls not working as wanted: Jonathan Cran
04:14 pm Metasploit Framework Feature #6307 (Closed): Add vBSEO proc_deutf() PHP Code Injection Exploit: Jonathan Cran
04:14 pm Metasploit Framework Bug #6298 (Closed): check_vm module fails with NoMethodError undefined method `report_vm': Jonathan Cran
04:14 pm Metasploit Framework Bug #6294 (Closed): Meterpreter uses native Windows stat struct for file info: Jonathan Cran
04:14 pm Metasploit Framework Bug #6278 (Closed): vmauthd module should alert user when it's unable to connect: Jonathan Cran
04:14 pm Metasploit Framework Bug #6277 (Closed): http_fingerprint should report_web_site instead of report_service.: Jonathan Cran
04:14 pm Metasploit Framework Feature #6267 (Closed): 7-Technologies IGSS 9 IGSSdataServer.exe Denial of Service: Jonathan Cran
04:14 pm Metasploit Framework Bug #6259 (Closed): exploit/windows/oracle/tns_auth_sesskey EOFError: Jonathan Cran
04:14 pm Metasploit Framework Bug #6256 (Closed): ftp_login fails with "unintialized class variable" error: Jonathan Cran
04:14 pm Metasploit Framework Bug #6250 (Closed): Typo, misleading error messages and duplicate code in auxiliary/spoof/arp/arp...: Jonathan Cran
04:14 pm Metasploit Framework Bug #6249 (Closed): Several defects with auxiliary/scanner/http/soap_xml: Jonathan Cran
04:14 pm Metasploit Framework Feature #6246 (Closed): Exploit contribution for CVE-2011-4786: HP Easy Printer Care XMLCacheMgr ...: Jonathan Cran
04:14 pm Metasploit Framework Feature #6245 (Closed): Exploit contribution for CVE-2011-3167: HP OpenView NNM ov.dll _OVBuildPa...: Jonathan Cran
04:14 pm Metasploit Framework Feature #6207 (Closed): Various edits + new target for CoDeSys webserver exploit module: Jonathan Cran
04:14 pm Metasploit Framework Feature #6202 (Closed): FreeBSD based telnetd encrypt_key_id brute force: Jonathan Cran
04:14 pm Metasploit Framework Bug #6198 (Closed): HTTP evasions are busted: Jonathan Cran
04:14 pm Metasploit Framework Feature #6194 (Closed): Drupal Users Enumeration - AUX Module: Jonathan Cran
04:14 pm Metasploit Framework Bug #6152 (Closed): persistence module not producing correct VBScript: Jonathan Cran
04:14 pm Metasploit Framework Feature #6145 (Closed): RC scripts for automating oracle scans: Jonathan Cran
04:14 pm Metasploit Framework Feature #6128 (Closed): Add ability for railgun to reverse lookup constants (and error codes): Jonathan Cran
04:13 pm Metasploit Framework Bug #6066 (Closed): mssql_ping only reports the first mssql instance running on a host and ignore...: Jonathan Cran
04:13 pm Metasploit Framework Feature #2170 (Closed): Add a module to test and exploit XAMPP's default WebDAV password: Jonathan Cran
04:13 pm Metasploit Framework Feature #6301 (Closed): New Auxiliary Module: Ektron CMS400.NET Default Password Scanner: Jonathan Cran
12:48 pm Metasploit Framework Revision c94a2961: Changed Gemfile to use new gem name: Trevor Rosen
12:47 pm Metasploit Framework Revision 245c2063: Did find/replace for final namespace of Mdm: Trevor Rosen
12:29 pm Metasploit Framework Bug #6325 (Resolved): NoMethodError undefined method `id' for nil:NilClass (db_record): Applied in changeset commit:36e37e04fb356a28f148ce6744a8227af7c5cd72. David Maloney
12:26 pm Metasploit Framework Revision 36e37e04: Fixes to post module cred reporting.: call to session.db_record.id would error if no db
was connected.
Fixes #6325 David Maloney
11:39 am Metasploit Framework Bug #6328 (Resolved): Linux meterpreter uses libpcap for listing interfaces: ... Which requires root. Rewrite so it doesn't. James Lee
10:59 am Metasploit Framework Revision e371f0f6: MSFTidy commits: Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit... Tod Beardsley
10:50 am Metasploit Framework Revision 4aa52203: Renamed, switched partially to store_loot: Jon Hart
10:25 am Metasploit Framework Bug #6325: NoMethodError undefined method `id' for nil:NilClass (db_record): Yes it can be nil if the session was created when there was no database or if the insert failed for whatever reason. James Lee
03:42 am Metasploit Framework Revision 890885d0: Merge branch 'master' of github.com:rapid7/metasploit-framework: sinn3r
03:41 am Metasploit Framework Revision 98fbf84d: Module should inform where the files are saved: sinn3r
03:34 am Metasploit Framework Bug #6325 (Closed): NoMethodError undefined method `id' for nil:NilClass (db_record): While testing post/windows/gather/credentials/filezilla_server, I came across this issue:... sinn3r .
02:08 am Metasploit Framework Revision 46d40b89: Make sure at least one character is returned: HD Moore
01:41 am Metasploit Framework Revision 0c2a18d7: Fix up reverse_tcp ipv6 stager for freebsd: HD Moore
12:58 am Metasploit Framework Revision 29d8feaa: Use the ADDR6 type, not ADDR: HD Moore
12:54 am Metasploit Framework Revision 7630ef17: Add BSD IPv6 payloads (source only for now): HD Moore
12:54 am Metasploit Framework Revision 45a785fd: Adds BSD IPv6 payloads and stagers: HD Moore
12:54 am Metasploit Framework Revision aed27a2f: Add missing trailing quote: HD Moore
12:49 am Metasploit Framework Revision 06f7165e: Add Metasploit license header (it's already MSF licensed): sinn3r
12:48 am Metasploit Framework Revision f23ebbc7: Change how creds are displayed and saved: sinn3r

01/31/2012

10:45 pm Metasploit Framework Revision 187f6302: Merge branch 'netrc-creds' of https://github.com/jhartftw/metasploit-framework...: sinn3r
08:49 pm Metasploit Framework Revision a6d59bd8: special case handler: Jonathan Cran
08:43 pm Metasploit Framework Revision c3bd1511: add a ranking: Jonathan Cran
08:38 pm Metasploit Framework Revision 47c7f47f: Merge branch 'master' of r7.github.com:rapid7/metasploit-framework: Jonathan Cran
08:38 pm Metasploit Framework Revision d9ee43d3: add disclosure date: Jonathan Cran
08:35 pm Metasploit Framework Revision a814a9dc: add disclosure date: Jonathan Cran
06:35 pm Metasploit Framework Bug #6322 (Resolved): [POSIX meterpreter] pwd and ls not working as wanted: Applied in changeset commit:c56d32636852c509a4a3d8d902eda9eace3409a7. James Lee
06:33 pm Metasploit Framework Revision a8e3d7b4: New bin after fix from #6322: [See #6322] James Lee
06:31 pm Metasploit Framework Revision c56d3263: Use the proper dirsep and allocate correctly: Thanks, mm__ for the bug report and the patch!
[Fixes #6322] James Lee
04:03 pm Metasploit Framework Bug #4370: Nmap problems (did reinstall of metasploit): If you use Metasploit Community Edition, you can upgrade Nmap through the Software Updates menu item in the product. ... HD Moore
03:47 pm Metasploit Framework Bug #6322 (Closed): [POSIX meterpreter] pwd and ls not working as wanted: ls list files correctly only for the current directory (ls /tmp list only the filenames, not the stats of files. stat... M M
02:43 pm Metasploit Framework Revision a00e75dc: Merge pull request #149 from olliwolli/seattle_lab_typo: Fix typo in seattlelab_pass.rb exploit. sinn3r .
02:09 pm Metasploit Framework Revision 0ba75578: Fix typo in seattlelab_pass.rb exploit.: Also remove the $ from the end of the regex which stopped
the exploit from being executed. Oliver-Tobias Ripka
12:08 pm Metasploit Framework Revision a188e41b: Replace callcc with break: I believe this is semantically equivalent but it could use some more
eyes before it's ready for the main trunk. This... James Lee
11:12 am Metasploit Framework Revision ba50f842: More i386 and -m32 fixes for compiling meterpreter: This should be the last change necessary to compile a 32-bit meterpreter
from a 64-bit build host.
See #6268 James Lee
10:06 am Metasploit Framework Bug #6318 (New): POSIX meterpreter cannot be compiled with GCC 4.6: POSIX Meterpreter cannot be compiled with GCC 4.6, some symbols in libpcap cannot be resolved when loading the lib.
... M M
10:00 am Metasploit Framework Revision bced98ad: Merge pull request #148 from swtornio/master: add osvdb ref sinn3r .
09:57 am Metasploit Framework Bug #6308: setg rhosts to an unreachable network can wang up framework's startup: Update from the community thread:
Framework Version: 4.1.1-release

A swift msfupdate later:
Updated to revisi... Tod Beardsley
07:06 am Metasploit Framework Revision e392958d: add osvdb ref: Steve Tornio
04:03 am Metasploit Framework Bug #6316 (New): exception in StreamMonitorRemote thread when pivoting: Occurred when working with connect command through a php meterpreter session. May not be specific to PHP.... James Lee
03:46 am Metasploit Framework Revision fae4f5d1: Move IPv6 handling into connect(): This allows portfwd and friends to work through the session. James Lee
02:08 am Metasploit Framework Revision 77c98694: Proper fix for IPv6 postgresql connections: HD Moore
01:49 am Metasploit Framework Revision a74cf1ee: Missing argument: HD Moore
01:44 am Metasploit Framework Revision 52004b1e: A little more cleanup for IPv6 in HTTP mixins: HD Moore
01:29 am Metasploit Framework Revision 0b8987f2: Merge results initialization fix: HD Moore
01:11 am Metasploit Framework Revision ec5fd723: Merge in additional IPv6 support for PHP payloads: HD Moore
01:08 am Metasploit Framework Revision b0df29c3: Switch to store_loot, since report_auth_info only works with Host: objects or IPs, currently (see
https://dev.metasploit.com/redmine/issues/6313) Jon Hart
12:41 am Metasploit Framework Bug #6309: "Stream is closed" error may be encountered when obtaining a session with the https pa...: More than likely this did affect the session (the session doesnt know if its valid til the next connect-back) HD Moore
12:33 am Metasploit Framework Revision 3ed8643d: Permission changes: HD Moore
12:32 am Metasploit Framework Revision 32f2d675: Handle ipv6 addresses, choose more obvious 'bad' password for: fingerprinting HD Moore

01/30/2012

07:57 pm Metasploit Framework Revision 25fbe1c7: Merge branch 'master' of https://github.com/darkoperator/metasploit-framework: sinn3r
07:38 pm Metasploit Framework Bug #6309 (New): "Stream is closed" error may be encountered when obtaining a session with the ht...: As shown in the screenshot. This doesn't appear to affect the session,but throws a nasty error. Jonathan Cran
07:27 pm Metasploit Framework Bug #6308 (New): setg rhosts to an unreachable network can wang up framework's startup: Check this:
https://community.rapid7.com/message/2806 Tod Beardsley
07:23 pm Metasploit Framework Revision 60685808: Should fix the report_auth_info call -- needs a host, not a session. Be nice i...: [See #146] Tod Beardsley
05:48 pm Metasploit Framework Revision 025bde5d: Merge branch 'release/20120124000001': Matt Buck
05:48 pm Metasploit Framework Revision 057a2256: Merge branch 'release/20120124000001' into stable: Matt Buck
05:34 pm Metasploit Framework Revision bfd4734c: Forgot to add CMD as a datastore option, here it is: sinn3r
05:30 pm Metasploit Framework Feature #6307: Add vBSEO proc_deutf() PHP Code Injection Exploit: Secunia reference: "SA47699":http://secunia.com/advisories/47699/ EgiX .
04:19 pm Metasploit Framework Revision 24747e18: The directory path for the accounts.xml was not set properly for windows systems: Carlos Perez
04:17 pm Metasploit Framework Revision 08134ad6: Add Exploit-DB reference: sinn3r
04:16 pm Metasploit Framework Feature #6307 (Resolved): Add vBSEO proc_deutf() PHP Code Injection Exploit: Committed: commit:f3c340a9ab4d143630055acdb6bece57b6ddb4c5 sinn3r .
04:15 pm Metasploit Framework Revision f3c340a9: Add vBSEO proc_deutf() Remote Code Execution (Feature #6307): sinn3r
04:13 pm Metasploit Framework Feature #6307 (Closed): Add vBSEO proc_deutf() PHP Code Injection Exploit: This is a submission by EgiX. pcap available for msf devs upon request. sinn3r .
03:49 pm Metasploit Framework Revision b96beb06: Correct regex syntax. Also some whitespace fix.: sinn3r
03:45 pm Metasploit Framework Revision ab7de3a1: Merge branch 'master' of https://github.com/darkoperator/metasploit-framework ...: sinn3r
03:27 pm Metasploit Framework Bug #6304: https (and http) sessions mysteriously stop working: migrate may trigger this. Jonathan Cran
02:05 pm Metasploit Framework Bug #6304: https (and http) sessions mysteriously stop working: This is probably the same (?) issue that #4928 has been talking about. The way to start diagnosing is dropping in dlo... Tod Beardsley
02:00 pm Metasploit Framework Bug #6303: Sessions are sorted lexicographically instead of numerically: To appease jduck:... James Lee
01:56 pm Metasploit Framework Feature #6305 (New): Advanced/evasion options in table format: Maybe add a verbose flag to "show options" to see advanced and evasion options in the same table. James Lee
01:20 pm Metasploit Framework Bug #6304: https (and http) sessions mysteriously stop working: just verifying that sessions open as expected: ... Jonathan Cran
01:18 pm Metasploit Framework Bug #6304 (New): https (and http) sessions mysteriously stop working: To reproduce:
* open an https shell
* wait
Try opening serveral sessions if it doesn't immediately repro.
Th... Jonathan Cran
01:09 pm Metasploit Framework Revision 8d75e144: Merge branch 'master' of github.com:rapid7/metasploit-framework: sinn3r
01:09 pm Metasploit Framework Bug #4991: Multiple shells coming in causes msfconsole to exit: ... James Lee
01:08 pm Metasploit Framework Revision 1dec4c0c: These modules should use vprint_xxx() instead of print_xxx() ... if datastore[...: sinn3r
12:55 pm Metasploit Framework Bug #4991: Multiple shells coming in causes msfconsole to exit: Finally reproduced. The trick is having ExitOnSession true and not using 'exploit -j'. If I'd actually read the com... James Lee
12:42 pm Metasploit Framework Bug #4991: Multiple shells coming in causes msfconsole to exit: Nobody is reproducing the issue. Changing the priority to Low for now, so we can move on to more important things. sinn3r .
12:42 pm Metasploit Framework Bug #6303 (Resolved): Sessions are sorted lexicographically instead of numerically: ... James Lee
12:33 pm Metasploit Framework Revision 564899e4: Merge pull request #143 from argp/osx_x64_exec: Execute (execve) arbitrary command payload for Mac OS X x64 sinn3r .
11:39 am Metasploit Framework Bug #6302 (New): need an ipv6 stager for php: James Lee
11:01 am Metasploit Framework Revision fed0df35: Merge branch 'osx_x64_exec' of https://github.com/argp/metasploit-framework in...: sinn3r
10:55 am Metasploit Framework Revision 9e705d73: Indent level again round 2: sinn3r
10:48 am Metasploit Framework Revision 9c4dc5ce: Tabs suck at aligning chars.: sinn3r
10:44 am Metasploit Framework Revision af78117a: Merge branch 'matugm-patch-1': sinn3r
10:44 am Metasploit Framework Revision fa6c3f31: Merge branch 'patch-1' of https://github.com/matugm/metasploit-framework: sinn3r
10:43 am Metasploit Framework Feature #6301 (Resolved): New Auxiliary Module: Ektron CMS400.NET Default Password Scanner: Added, thanks.
wordlist: commit:df57529b9cfcb5defef640ee443b65f8dc8b959a
module: commit:a0ac4125cd62ed1ed37b31166... sinn3r .
10:41 am Metasploit Framework Revision 570a2922: Merge branch 'master' of github.com:rapid7/metasploit-framework: sinn3r
10:40 am Metasploit Framework Revision a0ac4125: Add aux module CMS400 default pass scanner (feature #6301): sinn3r
10:40 am Metasploit Framework Revision df57529b: Add CMS400 wordlist (for feature #6301): sinn3r
10:21 am Metasploit Framework Revision 1b03a485: Use desired [at] format for email: Jon Hart
10:05 am Metasploit Framework Revision 16610d88: Update email address to use desired [at] format: Jon Hart
08:40 am Metasploit Framework Feature #6301 (Closed): New Auxiliary Module: Ektron CMS400.NET Default Password Scanner: Ektron CMS400.NET is a web content management system based on .NET. This module tests for installations that are uti... Justin Cacak
04:15 am Metasploit Framework Revision ba572a2b: fixed indentation: matugm
03:01 am Metasploit Framework Revision 4e1029ae: Execute (execve) arbitrary command payload for Mac OS X x64: Patroklos Argyroudis
01:52 am Metasploit Framework Revision 4d61a120: add a note so we can alert: Jonathan Cran
12:45 am Metasploit Framework Bug #6298 (Resolved): check_vm module fails with NoMethodError undefined method `report_vm': Should be fixed in this commit now: commit:21a05ce1d62db34f313105a0f2dd918cf495f790 sinn3r .
12:44 am Metasploit Framework Revision 21a05ce1: Fix bug: NoMethodError undefined method `report_vm' (#6298): sinn3r
12:07 am Metasploit Framework Revision ce7f93f5: Merge pull request #138 from claudijd/master: Added Sequence Filters and MSF Exploit Capture to BNAT Scan sinn3r .
12:00 am Metasploit Framework Revision f788fa36: Merge branch 'patch-1' of https://github.com/matugm/metasploit-framework into ...: sinn3r

01/29/2012

08:22 pm Metasploit Framework Bug #6299 (New): Nessus plugins failing with call stack errors (Msf::Plugin::Nessus::ConsoleComma...: After authenticating with the Nessus plugin on MSF, scan commands are working, but after scans are finished seems tha... Artur Morandi
04:03 pm Metasploit Framework Revision 37d467ea: Loot .netrc files, generic enum_user_directories: Jon Hart
02:04 pm Metasploit Framework Revision 5294fb57: Add post module to obtain SMB credentials stored for mount.smbfs: Jon Hart
01:03 pm Metasploit Framework Revision 5acc0c62: Have the the load command also look at the ~/.msf4/plugins folder: Carlos Perez
11:42 am Metasploit Framework Bug #6298 (Closed): check_vm module fails with NoMethodError undefined method `report_vm': ... Jonathan Cran
07:56 am Metasploit Framework Bug #6268: Linux meterpreter crashing on i586 processors due to i686 instruction (SIGILL raised): Some more debugging, here it "works" but with problems:... M M
04:28 am Metasploit Framework Revision 34666ef6: Merge pull request #137 from scriptjunkie/master: Get output format list in msfgui dynamically from RPC. sinn3r .
03:45 am Metasploit Framework Revision ffcf728a: Change large elsifs for case and add default case for invalid commands.: matugm

01/28/2012

11:33 pm Metasploit Framework Revision dda3453a: Correct a typo: HD Moore
11:31 pm Metasploit Framework Revision 77486250: Handle another common error type: HD Moore
10:44 pm Metasploit Framework Revision 88298cf8: Added Sequence Filters and MSF Exploit Capture: -Sequence Filters (No More False Positives)
-Msf::Exploit::Capture (Use built-in MSF libs over manual threading)
-Imm... Jonathan Claudius
10:38 pm Metasploit Framework Revision fd9aab4d: Get output format list in msfgui dynamically from RPC.: Matthew Weeks
08:43 pm Metasploit Framework Revision 41ca655d: Merge pull request #135 from scriptjunkie/master: Allow RPC clients to discover supported encoding formats. sinn3r .
06:13 pm Metasploit Framework Revision 54ffb010: This module should use the default list of tomcat users: Jonathan Cran
05:39 pm Metasploit Framework Revision b6491815: Merge branch 'master' of r7.github.com:rapid7/metasploit-framework: Jonathan Cran
04:55 pm Metasploit Framework Revision ca7aa212: Removed schema features from database hashdump modules: now that there are dedicated schemadump modules. David Maloney
03:11 pm Metasploit Framework Feature #6295: Radmin scanner: The banner looks something like:
"200-RAP 1 <version> <hostname> radmind access protocol"
HD Moore
02:46 pm Metasploit Framework Revision 086b2e4b: Allow RPC clients to discover supported encoding formats.: Matthew Weeks
02:35 pm Metasploit Framework Revision 5a095e8e: Fixes for PCA modules: HD Moore
01:52 pm Metasploit Framework Revision f3eb7819: Add TCP-based PCA probe: HD Moore
01:52 pm Metasploit Framework Revision c63c7393: Print status output: HD Moore
01:18 pm Metasploit Framework Revision fbac9a72: Forgot to remove this comment: sinn3r
01:05 pm Metasploit Framework Revision 2d7852dd: Merge PCA scans into udp_sweep/udp_probe: HD Moore
11:09 am Metasploit Framework Bug #6268: Linux meterpreter crashing on i586 processors due to i686 instruction (SIGILL raised): Files that still need patching to make compilation works on 64bits:... M M
09:24 am Metasploit Framework Feature #6295 (New): Radmin scanner: lenar_aga from the R7 Community wants an Radmin scanner:
https://community.rapid7.com/thread/1593
Tod Beardsley

01/27/2012

08:10 pm Metasploit Framework Bug #6294 (Resolved): Meterpreter uses native Windows stat struct for file info: Applied in changeset commit:e0a312e38dc326e0e3592a09bb606fedd74fb302. James Lee
08:07 pm Metasploit Framework Revision e48da7b7: Merge branch 'stat-struct-fixes': Conflicts:
data/meterpreter/ext_server_stdapi.lso James Lee
07:58 pm Metasploit Framework Revision 21820263: Bin for stat fixes: James Lee
07:56 pm Metasploit Framework Revision e0a312e3: Get the return values in the right place: This should convert stat values to something portable enough to work on
POSIX and Windows.
Fixes #6294 James Lee
07:13 pm Metasploit Framework Bug #6294 (Closed): Meterpreter uses native Windows stat struct for file info: Java and PHP fake it, but POSIX no worky James Lee
07:10 pm Metasploit Framework Revision 4fb3f164: New bins, hopefully all the compile flags are happy: See #6268 James Lee
07:02 pm Metasploit Framework Revision 628f85ce: Add -m32 and -march=i386 to the Jam build for bionic: This is hopefully the last thing that needs to be fixed up for i386
compatibility.
See #6268 James Lee
06:45 pm Metasploit Framework Revision 3d19d521: Merge branch 'stat-struct-fixes' (early part): James Lee
06:20 pm Metasploit Framework Revision 5bc1701a: Ensure make.sh returns success: James Lee
06:20 pm Metasploit Framework Revision e7b15180: Add clean targets for openssl and libpcap: Also, a 'really-clean' target that does everything James Lee
06:20 pm Metasploit Framework Revision 289dc81d: Add -m32 to all the Makefiles: This is in an attempt to get it compilation working on 64-bit hosts. James Lee
06:13 pm Metasploit Framework Revision 1a187c00: Add a platform-independent stat struct: This should help with various issues on linux James Lee
05:37 pm Metasploit Framework Revision 5be58513: Ensure make.sh returns success: James Lee
05:33 pm Metasploit Framework Revision 8108bf88: Add clean targets for openssl and libpcap: Also, a 'really-clean' target that does everything James Lee
04:35 pm Metasploit Framework Bug #4928: Reverse Https cannot load stdapi and cannot establish meterpreter session: carnal0wnage is reporting random failures with https as well. The http and https reverse handlers could use a once-ov... Tod Beardsley
04:23 pm Metasploit Framework Revision 4cd38c55: Adds login scanner module for VMware Server and ESX: David Maloney
04:14 pm Metasploit Framework Revision abf031f2: Add -m32 to all the Makefiles: This is in an attempt to get it compilation working on 64-bit hosts. James Lee
12:50 pm Metasploit Framework Revision 7b866eee: Use the proper function for verbose prints: sinn3r
12:36 pm Metasploit Framework Revision a2d20e25: Fix a regression in the workspace inclusion code (only affected: non-DB-connected instances). Add a PCA UDP scanner HD Moore
11:34 am Metasploit Framework Bug #6268: Linux meterpreter crashing on i586 processors due to i686 instruction (SIGILL raised): The CPU is important because all the processors I have access to at the moment are i686, so I can't test new builds. ... James Lee
11:18 am Metasploit Framework Revision 64651e52: Credit Shane of X-Force for the discovery: sinn3r
11:14 am Metasploit Framework Bug #6268: Linux meterpreter crashing on i586 processors due to i686 instruction (SIGILL raised): hum, the CPU itself is not really important, you can find info about it at the beginning of the thread (just a S3 CPU... M M
11:12 am Metasploit Framework Revision c5e667a1: Post Module to enumerate VirtualBox VMs for the current user.: David Maloney
11:12 am Metasploit Framework Revision 0e0aa33c: Merge branch 'master' of github.com:rapid7/metasploit-framework: David Maloney
11:12 am Metasploit Framework Revision 56be45f3: A few minor fixes to the find vmx module: David Maloney
11:04 am Metasploit Framework Bug #4928: Reverse Https cannot load stdapi and cannot establish meterpreter session: Seems like I've found out what causes the problem and how it can be "fixed".
As everyone else who reported this pr... Disenchant -
10:11 am Metasploit Framework Bug #6268: Linux meterpreter crashing on i586 processors due to i686 instruction (SIGILL raised): Curses. The build must be pulling from the wrong place, then. Would it be possible for you to give me access to thi... James Lee
09:15 am Metasploit Framework Revision b4e22284: Fix exitfunc option name: HD Moore
03:48 am Metasploit Framework Revision 298b94d3: Add MS12-004 MIDI Heap Overflow Remote Code Execution Exploit (CVE-2012-003): sinn3r
02:17 am Metasploit Framework Revision a4c876a4: No need to manually add VERBOSE as an option, it already is (built-in): sinn3r
02:17 am Metasploit Framework Revision ac582cd0: Change the error handling message for read_file_meterpreter(), because this on...: sinn3r
01:58 am Metasploit Framework Revision 3f4dbd9d: Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-fram...: sinn3r
12:37 am Metasploit Framework Bug #6268: Linux meterpreter crashing on i586 processors due to i686 instruction (SIGILL raised): Hi James,
FYI, despite your latest commit https://dev.metasploit.com/redmine/projects/framework/repository/revisio... M M

01/26/2012

06:35 pm Metasploit Framework Revision efda420e: Updates to enum_artifacts: Stephen Haywood
05:24 pm Metasploit Framework Revision 9b78b6bd: Hmm, the indent level of the description looks a bit funny. Fixing.: sinn3r
04:25 pm Metasploit Framework Revision 494c37c6: Adds a Multi-System post module for finding VMWare Virtual Machines: David Maloney
03:03 pm Metasploit Framework Bug #3579 (Rejected): error while running 'info' in meterpreter without parameters: Doesn't appear to be happening any more. Reopen if you see this again. James Lee
01:04 pm Metasploit Framework Revision 5afc164c: Merge branch 'vm-stuff': Tod Beardsley
01:04 pm Metasploit Framework Revision fe22090a: Correct e-mail format: Tod Beardsley
01:02 pm Metasploit Framework Revision 33c53b1f: Updates vm checking: Tod Beardsley
11:36 am Metasploit Framework Revision 90c87433: Merge branch 'master' of github.com:rapid7/metasploit-framework: sinn3r
11:35 am Metasploit Framework Revision 3952a062: Minor changes: sinn3r
11:24 am Metasploit Framework Revision 8ce4ad49: Correct e-mail format: Tod Beardsley
11:06 am Metasploit Framework Bug #6277 (Resolved): http_fingerprint should report_web_site instead of report_service.: Applied in changeset commit:31f6c4dfff5d4d2d749629b795ea045f8dc42abb. David Maloney
11:05 am Metasploit Framework Revision 31f6c4df: http_fingerprint now reports website isntead of just a service: fixes #6277 David Maloney
11:00 am Metasploit Framework Revision 67274e2e: Merge branch 'hp_magentservice' of https://github.com/linuxgeek247/metasploit-...: sinn3r
10:57 am Metasploit Framework Bug #6278 (Resolved): vmauthd module should alert user when it's unable to connect: Applied in changeset commit:d0d964d8abe0fe8f4b39886769d066a9b94ae91a. David Maloney
10:56 am Metasploit Framework Revision d0d964d8: Adds an error message if the module couldn't conenct to the target.: Fixes #6278 David Maloney

01/25/2012

06:59 pm Metasploit Framework Revision bddeb991: New (hopefully) i386-compat bins for linux meterp: Another stab at getting compatibility for older processors
See #6268 James Lee
06:54 pm Metasploit Framework Revision 10237f7c: Changes openssl/build.sh to create its own target: This should ensure we build everything for i386 and only link the lib
files we mean to. Also no longer builds any of... James Lee
04:27 pm Metasploit Framework Bug #6276: MSSQL driver doesn't support MSSQL 7: I've got a PCAP of the failing connection but sent it direct to HD rather than post it here as it may not be fully sa... Robin Wood
03:58 pm Metasploit Framework Revision dd50d98b: Merge pull request #127 from scriptjunkie/master: New VBA support to msfvenom Tod Beardsley
03:54 pm Metasploit Framework Revision fa53ac43: Merge pull request #130 from jduck/master: Address Robin Wood's bug report in the framework mailing list Tod Beardsley
03:53 pm Metasploit Framework Bug #6274: mssql_enum bails on MSSQL 7 and prior: THis is now a dupe of #6276 which has more data. Tod Beardsley
02:49 pm Metasploit Framework Revision 31fb7e7b: Fallback to writing a new file if resuming fails: Joshua J. Drake
02:42 pm Metasploit Framework Bug #6278 (Closed): vmauthd module should alert user when it's unable to connect: currently just exits Jonathan Cran
01:24 pm Metasploit Framework Bug #6277 (Closed): http_fingerprint should report_web_site instead of report_service.: http_fingerprint located in msf/core/exploit/http/client.rb is reporting a service instead of a web_site wich also re... Efrain Torres
12:51 pm Metasploit Framework Revision 4b814d7d: Merge pull request #128 from davehull/patch-1: Update modules/post/windows/gather/dumplinks.rb David Maloney
12:04 pm Metasploit Framework Revision 1af6740b: Initial checking of hp_magentservice module: Christopher McBee

01/24/2012

11:16 pm Metasploit Framework Revision 76ebbc48: Update modules/post/windows/gather/dumplinks.rb: Dave Hull
10:56 pm Metasploit Framework Bug #6276 (New): MSSQL driver doesn't support MSSQL 7: I reported this on the mailing list earlier but here it is as an official bug...
When running mssql_enum and mssql... Robin Wood
09:08 pm Metasploit Framework Revision 0453f7dc: Add new vba support to msfvenom.: Matthew Weeks
03:57 pm Metasploit Framework Revision d18efa95: Msftidy run over the recent changed+added modules: Tod Beardsley
03:52 pm Metasploit Framework Revision f6a69637: Msftidy run over the recent changed+added modules: Tod Beardsley
01:10 pm Metasploit Framework Bug #6274 (New): mssql_enum bails on MSSQL 7 and prior: Reported on the mailing list by Robin Wood:
http://mail.metasploit.com/pipermail/framework/2012-January/008393.html
Tod Beardsley
12:33 pm Metasploit Framework Bug #6244: running db_nmap -sV -Pn --script=all ip leading to an error: realized I don't even know how to start the community edition to do the update... Joshua Smith
12:27 pm Metasploit Framework Bug #6244: running db_nmap -sV -Pn --script=all ip leading to an error: I never activated the free Community Ed License (I don't believe), but I'm still getting the error, should I use the ... Joshua Smith
10:48 am Metasploit Framework Revision 6ed9bf84: Fix a bunch of namespace issues: Trevor Rosen
10:32 am Metasploit Framework Revision 7ec5f984: Adding jhart's natpimp libary and modules.: Made some minor corrections -- dropped the #vim splats, switched to msf
constants for service open etc, namely.
[See... Jon Hart
10:27 am Metasploit Framework Revision 4cc6b8fb: Update Gemfile.lock.: Matt Buck
10:27 am Metasploit Framework Revision 2fe08d9e: Update Msm contstants in migrations for initial DB builds.: Matt Buck
10:27 am Metasploit Framework Revision 1cc655b6: Errant Workspaces needed namespace: Trevor Rosen
10:27 am Metasploit Framework Revision 607a7828: Refactored all models to use the new namespace: * Every model using DBManager::* namespace is now Msm namespace
* Almost all of this in msf/base/core
* Some in modules Trevor Rosen
10:25 am Metasploit Framework Revision a690cd95: Move bundler setup: Trevor Rosen
10:25 am Metasploit Framework Revision dae115cc: Moved ActiveSupport dep to gem: Trevor Rosen
10:25 am Metasploit Framework Revision d0c74cff: Update some more finds: Trevor Rosen
10:25 am Metasploit Framework Revision d32f8edb: Removed model require file: Trevor Rosen
10:25 am Metasploit Framework Revision a75febcb: Fixing deletion: Trevor Rosen
10:25 am Metasploit Framework Revision 4eb79ea6: Yet another dumb commit: Trevor Rosen
10:22 am Metasploit Framework Revision 45861122: Drop ActiveRecord/ActiveSupport in preparation for upgrade: Trevor Rosen
10:22 am Metasploit Framework Revision dc139ff2: Fixed erroneous commit: Trevor Rosen
10:22 am Metasploit Framework Revision 531c1e61: Remove AR patch stuff; attempting to debug non-connection between MSF and Pro: Trevor Rosen
10:08 am Metasploit Framework Revision 2f3e9761: Actually fix ruby loop syntax on d20pass: Tod Beardsley
05:18 am Metasploit Framework Support #6144: OKI scannaer and brute-forcer: I wasn't returning the correct parameters from do_login function. done and dusted. änthräX .
04:55 am Metasploit Framework Support #6144: OKI scannaer and brute-forcer: Turning the STOP_ON_SUCCESS and VERBOSE options does not work. I made a slight modification by adding few print_statu... änthräX .

01/23/2012

10:14 pm Metasploit Framework Revision 7f50272a: Merge pull request #125 from scriptjunkie/master: Compatibility - don't assign LongPtr to Long on x64 sinn3r .
09:17 pm Metasploit Framework Revision ee2823d2: Compatibility - don't assign LongPtr to Long on x64: Matthew Weeks
07:55 pm Metasploit Framework Bug #6268: Linux meterpreter crashing on i586 processors due to i686 instruction (SIGILL raised): Ok, it looks like it's libcrypto that's causing the problems. Should have it resolved as soon as I can find all the ... James Lee
06:36 pm Metasploit Framework Bug #6268: Linux meterpreter crashing on i586 processors due to i686 instruction (SIGILL raised): Hrm. It must be, but I don't see where yet. I'll try to track it down. For what it's worth, "objdump -d -j.text ms... James Lee
05:45 pm Metasploit Framework Revision 54429ca5: Add stripped, non-debug versions of bins: Makes for much smaller extensions, although the main stage is still pretty
hefty. James Lee
05:39 pm Metasploit Framework Bug #6268 (Assigned): Linux meterpreter crashing on i586 processors due to i686 instruction (SIGI...: Sorry, but the problem persists :... M M
05:07 pm Metasploit Framework Bug #5259 (Rejected): Previous job not killed when you run reload, and then rexploit: By reloading the module, you throw away the existing context, e.g. the job_id. James Lee
04:35 pm Metasploit Framework Revision 5cf9db50: Merge branch 'meterpreter-i386': James Lee
04:29 pm Metasploit Framework Bug #6268 (Resolved): Linux meterpreter crashing on i586 processors due to i686 instruction (SIGI...: Applied in changeset commit:e928efaa8c660be12e3de247a04ab5a90511cfeb. James Lee
04:24 pm Metasploit Framework Revision 53eb850c: Adds i386 bins for linux meterpreter: See #6268 James Lee
04:20 pm Metasploit Framework Revision f6b951ac: Reintroduces chao-mu's OptRegexp: Revert "Revert "Merge pull request #101 from chao-mu/master""
[See #101]
This reverts commit c5ce575543ef56455df276... Tod Beardsley
04:20 pm Metasploit Framework Revision 92ccdc31: Yup, that's better: sinn3r
04:20 pm Metasploit Framework Revision 89279b68: Fix fh, trailing comma, and ruby loop syntax: sinn3r
04:20 pm Metasploit Framework Revision 3522a608: Adds a default context for the TFTP Client lib.: For use with nonstandard routing. Tod Beardsley
04:20 pm Metasploit Framework Revision e928efaa: Force gcc to compile for i386: Makes meterpreter for linux work on older CPUs.
Fixes #6268 James Lee
04:02 pm Metasploit Framework Revision 96d43b31: Merge branch 'master' of github.com:rapid7/metasploit-framework: sinn3r
04:02 pm Metasploit Framework Revision fc003983: Yup, that's better: sinn3r
04:00 pm Metasploit Framework Revision 26836cab: Adds a default context for the TFTP Client lib.: For use with nonstandard routing. Tod Beardsley
03:15 pm Metasploit Framework Revision 39a2a894: Fix fh, trailing comma, and ruby loop syntax: sinn3r
02:21 pm Metasploit Framework Revision 31dea384: Reintroduces chao-mu's OptRegexp: Revert "Revert "Merge pull request #101 from chao-mu/master""
[See #101]
This reverts commit c5ce575543ef56455df276... Tod Beardsley
02:18 pm Metasploit Framework Bug #6272: OptRegexp treats slashes differently between msfconsole and rc scripts and RPC interfaces: Note the test case wants to find a match with the first regexp and a miss with the second. Tod Beardsley
02:18 pm Metasploit Framework Bug #6272 (New): OptRegexp treats slashes differently between msfconsole and rc scripts and RPC i...: Attaching a contrived module as a test case, and an rc script to run it. You will need to adjust the rhosts/user/pass... Tod Beardsley
01:00 pm Metasploit Framework Support #6144: OKI scannaer and brute-forcer: I've seen modules stopping manually when they see the STOP_ON_SUCCESS option. But if you look at the AuthBrute file ... sinn3r .
12:02 pm Metasploit Framework Feature #5248: Using a client meterpreter session to download arbitrary files from the internet: commit:ea9e9852cf8efcb7a81a0fc132d3fce6a9e7827e sinn3r .
11:59 am Metasploit Framework Revision a328bb21: Merge pull request #123 from scriptjunkie/master: x64 LongPtr support for in-mem VBA shellcode sinn3r .
11:59 am Metasploit Framework Revision ea9e9852: ah man, typo!: sinn3r
11:56 am Metasploit Framework Revision 621567dc: Merge branch 'master' of github.com:rapid7/metasploit-framework: sinn3r
11:54 am Metasploit Framework Revision afc547e0: Improve: Proper use of cmd_exec() and correct cmd path. More error handling fo...: sinn3r
11:43 am Metasploit Framework Revision c5590a6c: Add x64 support to VBA in-mem shellcode execution.: Matthew Weeks
11:17 am Metasploit Framework Revision 455bcda6: Print the port so we know which http service: James Lee
10:28 am Metasploit Framework Revision 60d5f6d0: Merge branch 'download_and_execute' of https://github.com/sempervictus/metaspl...: sinn3r
09:54 am Metasploit Framework Revision 9df2770a: Merge pull request #120 from scriptjunkie/master: Add in-memory shellcode execution via VBA macro. sinn3r .
09:51 am Metasploit Framework Revision 00021b6c: Merge pull request #122 from argp/osx_exec_fix: bug fix for hardcoded max command length sinn3r .
06:01 am Metasploit Framework Support #6144: OKI scannaer and brute-forcer: do I have to implicitly code to stop brute-forcing upon successful login? ... änthräX .
02:24 am Metasploit Framework Revision c6eb1041: bug fix for hardcoded max command length: Patroklos Argyroudis

01/22/2012

10:25 pm Metasploit Framework Revision 5671e2f6: Downloand and execute (railgun): Boris Lukashev
03:39 pm Metasploit Framework Revision 34491970: Adds a new VMWare Authentication Daemon login scanner module.: David Maloney
03:39 pm Metasploit Framework Revision 75712d3c: Merge branch 'master' of github.com:rapid7/metasploit-framework: David Maloney
06:23 am Metasploit Framework Revision c6f66f6b: Add in-memory shellcode execution via VBA macro.: Keep old embedded exe method as 'vba-exe'. Matthew Weeks
01:35 am Metasploit Framework Revision bcb19ab0: Fixes an issue with smb_login not properly dealing with abritrary guest access: on Samba. David Maloney

01/21/2012

05:57 pm Metasploit Framework Revision 2c361ef5: Merge pull request #119 from scriptjunkie/master: Fix "failed to generate" error when passing a preferred encoder to "payload.generate" method using RPC from, for exam... sinn3r .

01/20/2012

09:06 pm Metasploit Framework Revision 9d759146: Fix "failed to generate" error when passing a preferred encoder to "payload.ge...: framework.encoders[reqs['Encoder']] returns nil when, for example, reqs['Encoder'] is in UTF-8 encoding and the corre... Matthew Weeks
06:08 pm Metasploit Framework Bug #6263: exploiting tikiwiki_graph_formula_exec can result in multiple shells: That's hilarious. Shell Assurance? sinn3r .
06:06 pm Metasploit Framework Bug #6259 (Resolved): exploit/windows/oracle/tns_auth_sesskey EOFError: Fixed by jduck: commit:292332d35566b9601322d506412f075107528917 sinn3r .
05:11 pm Metasploit Framework Bug #6259: exploit/windows/oracle/tns_auth_sesskey EOFError: -Never mind about this statement-. I forgot jduck added error handling for this. case closed. sinn3r .
05:09 pm Metasploit Framework Bug #6263: exploiting tikiwiki_graph_formula_exec can result in multiple shells: doesn't repro on latest / clean metasploitable. Jonathan Cran
03:34 pm Metasploit Framework Revision 06b1bffc: Addresses an issue with udp sweep module that recorded services: from non-specified hosts when they respond to broadcast probes. David Maloney
02:37 pm Metasploit Framework Revision ea223327: Update Msm contstants in migrations for initial DB builds.: Matt Buck
02:37 pm Metasploit Framework Revision dd563d41: Update Gemfile.lock.: Matt Buck
01:02 pm Metasploit Framework Revision be906023: one register_options() should be fine.: sinn3r
12:59 pm Metasploit Framework Feature #6267 (Resolved): 7-Technologies IGSS 9 IGSSdataServer.exe Denial of Service: Module has been committed. Thanks: commit:d6566aa818e1f96ac4604af5d0c51a99f1a704d2 sinn3r .
12:57 pm Metasploit Framework Revision d6566aa8: Add CVE-2011-4050 7-Technologies IGSS 9 IGSSdataServer.exe DoS module (Feature...: sinn3r
11:19 am Metasploit Framework Support #6144: OKI scannaer and brute-forcer: Maybe do something like?... sinn3r .
11:09 am Metasploit Framework Revision bbb42056: Set default maxpage to 1, because it's faster.: sinn3r
10:58 am Metasploit Framework Revision 5631774d: Fix bug: NoMethodError undefined method `each' for nil:NilClass (line 155): sinn3r
09:19 am Metasploit Framework Support #6144: OKI scannaer and brute-forcer: when work with a small dictionary to brute-force, it works ok. but with a large one, it throws "[-] Auxiliary failed:... änthräX .
04:21 am Metasploit Framework Bug #6268 (Assigned): Linux meterpreter crashing on i586 processors due to i686 instruction (SIGI...: Meterpreter for linux crashes on old CPUs via SIGILL, more precisely on a CMOV instruction.
Meterpreter or associate... M M

01/19/2012

08:16 pm Metasploit Framework Feature #6267: 7-Technologies IGSS 9 IGSSdataServer.exe Denial of Service: sinn3r . wrote:
> Instead of the sleep() function, we prefer people to use select() to avoid issues-- it's explained... j fa
06:19 pm Metasploit Framework Feature #6267: 7-Technologies IGSS 9 IGSSdataServer.exe Denial of Service: Instead of the sleep() function, we prefer people to use select() to avoid issues-- it's explained in your HACKING fi... sinn3r .
05:27 pm Metasploit Framework Feature #6267 (Closed): 7-Technologies IGSS 9 IGSSdataServer.exe Denial of Service: The 7-Technologies SCADA IGSS Data Server (IGSSdataServer.exe) <= 9.0.0.10306 can be brought down by sending a crafte... j fa
03:13 pm Metasploit Framework Revision 0abfcef1: Merge branch 'master' of r7.github.com:rapid7/metasploit-framework: Jonathan Cran
01:28 pm Metasploit Framework Revision 6f341934: Merge branch 'wmap_autotest.rc' of https://github.com/m-1-k-3/metasploit-frame...: sinn3r
01:26 pm Metasploit Framework Revision 9e5d2ff6: Improve URI, plus some other minor changes.: sinn3r
01:17 pm Metasploit Framework Revision ca514920: Merge branch 'master' of https://github.com/joernchen/metasploit-framework int...: sinn3r
01:15 pm Metasploit Framework Revision 44f09437: Merge pull request #118 from jduck/master: Add error handling for tns_version method sinn3r .
01:13 pm Metasploit Framework Bug #6264 (New): auxiliary/scanner/http/tomcat_enum false negative on metasploitable: ... Jonathan Cran
01:11 pm Metasploit Framework Bug #6259: exploit/windows/oracle/tns_auth_sesskey EOFError: See https://github.com/rapid7/metasploit-framework/pull/118 Joshua J. Drake
01:03 pm Metasploit Framework Revision 292332d3: Add some error handling for tns_version method: Joshua J. Drake
12:50 pm Metasploit Framework Revision 2199cd18: fine tuning thx to sinn3r: joernchen of Phenoelit
12:26 pm Metasploit Framework Bug #6263 (New): exploiting tikiwiki_graph_formula_exec can result in multiple shells: ... Jonathan Cran
12:19 pm Metasploit Framework Revision df938050: disclosure date added: joernchen of Phenoelit
11:48 am Metasploit Framework Revision 74a958be: Errant Workspaces needed namespace: Trevor Rosen
11:39 am Metasploit Framework Revision 8ce47ab8: Changing license for KillBill module: Talked with Solar Eclipse, and he's consented to change his module
license from GPL to BSD, thus striking a blow for ... Tod Beardsley
10:58 am Metasploit Framework Revision a75b373d: Fixing e-mail format for antispam: Tod Beardsley
10:58 am Metasploit Framework Revision ed3191bc: Adding d20pass module: Tod Beardsley
10:28 am Metasploit Framework Revision b73f28f2: Adding the d20tftp ansync backdoor module.: It works as is, but needs some strategy to get this usuable in all UI
contexts. Right now, it's pretty msfconsole dep... Tod Beardsley
10:01 am Metasploit Framework Revision ab0c73ef: Merge pull request #115 from rsmudge/armitage: Armitage 01.19.12 sinn3r .
09:49 am Metasploit Framework Bug #6259: exploit/windows/oracle/tns_auth_sesskey EOFError: verified on windows. Jonathan Cran
09:41 am Metasploit Framework Bug #6259 (Closed): exploit/windows/oracle/tns_auth_sesskey EOFError: as reported by indi303: ... Jonathan Cran
09:23 am Metasploit Framework Revision 3fe5b7b0: Merge branch 'master' of r7.github.com:rapid7/metasploit-framework: Jonathan Cran
08:10 am Metasploit Framework Revision dcc982d3: wmap_autotest.rc: Michael Messner
06:27 am Metasploit Framework Support #6144: OKI scannaer and brute-forcer: Implemented brute force functionality änthräX .
04:36 am Metasploit Framework Revision 197eb16f: gitorious remote command exec exploit: joernchen of Phenoelit

01/18/2012

04:23 pm Metasploit Framework Revision 335bbcf3: Armitage 01.19.12: This release exports more data and fixes several bugs. Raphael Mudge
03:05 pm Metasploit Framework Revision bb035bfe: Fix up API option names so they can be set globally: HD Moore
03:01 pm Metasploit Framework Revision ad6f8257: MSFTidy fixes.: Tod Beardsley
02:09 pm Metasploit Framework Feature #6245: Exploit contribution for CVE-2011-3167: HP OpenView NNM ov.dll _OVBuildPath Remote...: Thank YOU man!!
As always nice to see modules committed!! :)
Regards,
juan juan vazquez
01:33 pm Metasploit Framework Revision d6e8f0b5: Add Felipe as an author (plus a reference) because looks like the PoC original...: sinn3r
01:13 pm Metasploit Framework Bug #6236 (Rejected): mysterious stack trace: this is a problem in the RC file. check your syntax. Jonathan Cran
01:12 pm Metasploit Framework Bug #6253: vmware_server_dir_trav throwing argument error: snagging this to repro. Jonathan Cran
12:09 pm Metasploit Framework Feature #6245 (Resolved): Exploit contribution for CVE-2011-3167: HP OpenView NNM ov.dll _OVBuild...: Module added, thanks! commit:064a71fb1df20d8fa2a28d38e23cc0848155e2b7 sinn3r .
12:05 pm Metasploit Framework Revision 064a71fb: Add CVE-2011-3167 HP OpenView NNM exploit (Feature #6245): sinn3r
11:19 am Metasploit Framework Revision 955b02e2: Allow 'port' option in module searching (idea originally from Brandon Perry's ...: sinn3r
09:56 am Metasploit Framework Support #6144: OKI scannaer and brute-forcer: scanner looks for the oki printers and put in workspace as a host and login attempt to use the default credentials. S... änthräX .

01/17/2012

10:16 pm Metasploit Framework Revision e1d74aee: Merge pull request #113 from scriptjunkie/master: Add x64 LoadLibrary payload sinn3r .
09:16 pm Metasploit Framework Revision 9fe18cdc: Add x64 LoadLibraryA payload. Because it should exist.: Matthew Weeks
07:56 pm Metasploit Framework Support #6144: OKI scannaer and brute-forcer: I would say two -- you can't guarantee that nmap is going to be available, and you may want to extend oki_scanner to ... Tod Beardsley
07:21 pm Metasploit Framework Revision 984850b1: Merge branch 'master' of r7.github.com:rapid7/metasploit-framework: Jonathan Cran
06:16 pm Metasploit Framework Revision e4ed3c96: Add OSVDB and BID references: sinn3r
06:11 pm Metasploit Framework Revision 75f543f3: Hilarious, I forgot to change the disclosure date.: sinn3r
06:05 pm Metasploit Framework Revision d60812e2: Update modules/auxiliary/scanner/ftp/ftp_login.rb: redmine_issue parser
06:02 pm Metasploit Framework Revision 6c2a8cd3: add a comment detailing the bug, and remove the offending lines: Jonathan Cran
06:00 pm Metasploit Framework Bug #6256 (Resolved): ftp_login fails with "unintialized class variable" error: commit:7d9ba6f5e9f6db16ce1d614ee3e17ddd74fe56fd sinn3r .
05:58 pm Metasploit Framework Revision 7d9ba6f5: Fix bug #6256: uninitialized class variable error: sinn3r
05:38 pm Metasploit Framework Bug #6256: ftp_login fails with "unintialized class variable" error: note that this occurs even when the database is connected. Jonathan Cran
05:25 pm Metasploit Framework Bug #6252: Upload fails from meterpreter session: Hmmm, works for me:... sinn3r .
05:23 pm Metasploit Framework Support #6144: OKI scannaer and brute-forcer: Genaral scan (using nmap) collect all the details I do in oki_scanner. Is it a good idea to write one module (instead... änthräX .
05:03 pm Metasploit Framework Bug #6256 (Closed): ftp_login fails with "unintialized class variable" error: When running the ftp_login module in the default configuration, an error is encountered when a (running) server is sc... Jonathan Cran
03:50 pm Metasploit Framework Bug #6252: Upload fails from meterpreter session: See output:... Joel Eames
03:44 pm Metasploit Framework Revision 97d651aa: Refactored all models to use the new namespace: * Every model using DBManager::* namespace is now Msm namespace
* Almost all of this in msf/base/core
* Some in modules Trevor Rosen
03:33 pm Metasploit Framework Revision c5ce5755: Revert "Merge pull request #101 from chao-mu/master": Reverting the OptRegexp commit from chao-mu. Before committing to
master, this option type needs to be tested on the ... Tod Beardsley
02:54 pm Metasploit Framework Revision 2e8122dc: Better MSF style compliance: sinn3r
02:37 pm Metasploit Framework Bug #6254: 'version' command fails on git: Note that I did not tackle the call in lib/msf/ui/console/driver.rb -- this has to do with event handling, and I'm no... Tod Beardsley
02:35 pm Metasploit Framework Revision cfca7914: Version info toggle for git vs svn checkouts: Version numbers are kind of meaningless in git development branches, but
are reportedly useful for SVN checkouts.
[S... Tod Beardsley
02:34 pm Metasploit Framework Bug #6253: vmware_server_dir_trav throwing argument error: I have also tried modifying /opt/framework-4.0.0/msf3/lib/msf/core/auxiliary/report.rb and adding 'puts opts.inspect'... Brandon McCann
02:33 pm Metasploit Framework Bug #6255 (New): resizing a console in linux can cause libreadline errors: Simply resizing the window with msfconsole can cause libreadline errors: ... Jonathan Cran
02:32 pm Metasploit Framework Bug #6254: 'version' command fails on git: So here's the fix in action, about to commit.
On Git:... Tod Beardsley
02:21 pm Metasploit Framework Bug #6254: 'version' command fails on git: This is still important for all SVN checkouts, it just needs to not crash in Git HD Moore
02:20 pm Metasploit Framework Bug #6254: 'version' command fails on git: Only two calls to Framework::Revision that I can see:... Tod Beardsley
02:15 pm Metasploit Framework Bug #6254 (New): 'version' command fails on git: ... Jonathan Cran
02:11 pm Metasploit Framework Bug #6253 (New): vmware_server_dir_trav throwing argument error: When running the vmware_server_dir_trav module I am encountering an error about invalid argument. I am running the l... Brandon McCann
02:07 pm Metasploit Framework Bug #6252: Upload fails from meterpreter session: seems okay in the default case on latest, can you run msfupdate?... Jonathan Cran
01:43 pm Metasploit Framework Revision 74a7d8fa: Merge branch 'master' of r7.github.com:rapid7/metasploit-framework: Jonathan Cran
01:42 pm Metasploit Framework Bug #6252: Upload fails from meterpreter session: looking into this. Jonathan Cran
01:41 pm Metasploit Framework Revision 2f6d7661: Move bundler setup: Trevor Rosen
01:37 pm Metasploit Framework Bug #6252 (New): Upload fails from meterpreter session: ... Joel Eames
12:32 pm Metasploit Framework Feature #6246 (Resolved): Exploit contribution for CVE-2011-4786: HP Easy Printer Care XMLCacheMg...: Committed. Thank you sir! commit:a682e680730e6d92ac48d2c79da05541779d6c61 sinn3r .
12:28 pm Metasploit Framework Revision a682e680: Add CVE-2011-4786 HP Easy Printer Care XMLCacheMgr exploit (Feature #6246): sinn3r
12:27 pm Metasploit Framework Feature #6246: Exploit contribution for CVE-2011-4786: HP Easy Printer Care XMLCacheMgr Class Act...: Test log:... sinn3r .
12:18 pm Metasploit Framework Revision b3138ce3: We don't want this one due to bad naming: sinn3r
12:16 pm Metasploit Framework Revision 3fef26c8: Correct naming style: sinn3r
12:15 pm Metasploit Framework Revision 0931d4b7: Correct ident level: sinn3r
12:12 pm Metasploit Framework Revision 30361ed6: Correct file naming style: Michael Messner
12:10 pm Metasploit Framework Revision 61b19b62: Merge branch 'rc-pass-the-hash' of https://github.com/m-1-k-3/metasploit-frame...: sinn3r
11:28 am Metasploit Framework Revision 7f9cd45d: Merge branch 'release/20120110000001' into stable: Jonathan Cran
10:59 am Metasploit Framework Revision ae3cf724: changes in the path handling: Michael Messner
09:52 am Metasploit Framework Revision 41585f2d: Update README: HD Moore
05:44 am Metasploit Framework Revision c0dd41f6: auto-pth RC file: Michael Messner
03:00 am Metasploit Framework Revision 4f16caed: Change naming style for MS type bug: sinn3r

01/16/2012

10:49 pm Metasploit Framework Bug #6250 (Resolved): Typo, misleading error messages and duplicate code in auxiliary/spoof/arp/a...: Fixed by Jon himself: commit:fe901b3fb2580c1fe2b4c754cfe62c0f2294b308 sinn3r .
10:41 pm Metasploit Framework Revision 57610353: This payload shouldn't be in here. Instead of adding a new one, exec.rb shoul...: sinn3r
08:21 pm Metasploit Framework Bug #6249 (Resolved): Several defects with auxiliary/scanner/http/soap_xml: See commit:d5443159d7b9254d985d16b98e902d322e0be846 sinn3r .
08:19 pm Metasploit Framework Revision d5443159: Merge pull request #110 from jhartftw/soap_xml_6249: Improvements to auxiiliary/scanner/http/soap_xml to (#6249) sinn3r .
08:02 pm Metasploit Framework Revision 7b8bfd40: Merge branch 'argp-osx_mozilla_mchannel': sinn3r
07:56 pm Metasploit Framework Revision eb564182: Merge branch 'master' of github.com:rapid7/metasploit-framework: sinn3r
07:55 pm Metasploit Framework Revision 618097ba: Whitespace and keyword cleanup: sinn3r
07:35 pm Metasploit Framework Revision 17ffc06f: Merge branch 'osx_mozilla_mchannel' of https://github.com/argp/metasploit-fram...: sinn3r
07:34 pm Metasploit Framework Revision d2dbf600: Merge pull request #111 from jhartftw/arp_poisoning_6250: Bug #6250 sinn3r .
06:44 pm Metasploit Framework Revision c15e7da0: Add ZDI-12-012 McAfee SaaS ShowReport code execution: sinn3r
05:54 pm Metasploit Framework Revision d34a9f38: Adding bperry's various and sundry regex fixes: [Closes #109]
Squashed commit of the following:
commit 692568d02fbfd547ef2d05ad9887427fc53f8abb
Author: Brandon Per... Brandon Perry
04:32 pm Metasploit Framework Revision fe901b3f: Clean up error messages when LOCALSIP isn't defined. Remove: now-duplicated code is_ipv4?, clarify SMAC error messages. Jon Hart
04:28 pm Metasploit Framework Bug #6250 (Closed): Typo, misleading error messages and duplicate code in auxiliary/spoof/arp/arp...: I was trying to use earlier and noticed:
* When LOCALSIP can't be determined, it complains about LOCALIP (notice t... Jon Hart
04:03 pm Metasploit Framework Revision 46894212: Correct variable naming style: sinn3r
04:02 pm Metasploit Framework Revision 485d6e98: Merge pull request #108 from m-1-k-3/portcleaner.rc: Portcleaner.rc sinn3r .
03:53 pm Metasploit Framework Feature #6245: Exploit contribution for CVE-2011-3167: HP OpenView NNM ov.dll _OVBuildPath Remote...: Definitely seems that the problem on Windows XP SP3 is a file permission problem. So on Windows XP SP3 it's migrating... juan vazquez
02:27 pm Metasploit Framework Revision 6a057560: Improvements to auxiiliary/scanner/http/soap_xml to:: * Detect additional SOAP faults to reduce false positives
* More obviously support SSL
* Report http/https
* Make it ... Jon Hart
01:24 pm Metasploit Framework Revision 11fc4233: Merge pull request #102 from cbgabriel/bsplayer-m3u: modules/exploits/windows/fileformat/bsplayer_m3u.rb Tod Beardsley
10:50 am Metasploit Framework Bug #6249 (Closed): Several defects with auxiliary/scanner/http/soap_xml: # It uses a GET against datastore['PATH'], checking for a 200 response code, to determine if the endpoint is valid. ... Jon Hart
01:32 am Metasploit Framework Feature #6245: Exploit contribution for CVE-2011-3167: HP OpenView NNM ov.dll _OVBuildPath Remote...: Nice to listen! This night I'll work on testing this and I'll try to figure migration is possible on Windows XP :)
... juan vazquez

01/15/2012

09:55 pm Metasploit Framework Feature #6245: Exploit contribution for CVE-2011-3167: HP OpenView NNM ov.dll _OVBuildPath Remote...: Yeah that migration code works. sinn3r .
05:37 pm Metasploit Framework Bug #6247 (Rejected): db_autopwn dissapeared: db_autopwn was deprecated and has since been removed. See this blog post about it: https://community.rapid7.com/comm... James Lee
05:12 pm Metasploit Framework Feature #6245: Exploit contribution for CVE-2011-3167: HP OpenView NNM ov.dll _OVBuildPath Remote...: Hi sinn3r,
I've started to review the post exploitation support because I'm not very familiar with it. Something l... juan vazquez
03:49 pm Metasploit Framework Feature #6245: Exploit contribution for CVE-2011-3167: HP OpenView NNM ov.dll _OVBuildPath Remote...: I'm not sure why only XP gets an error when it tries to migrate... permission problems, it seems.
I think a possible... sinn3r .
02:12 pm Metasploit Framework Feature #6248: import DnsRecon XML: Current importer (not SAX) is here: https://github.com/darkoperator/dnsrecon/blob/master/msf_plugin/dnsr_import.rb Jonathan Cran
02:11 pm Metasploit Framework Feature #6248 (New): import DnsRecon XML: It'd be handy if we could import xml from DarkOperators DNSRecon tool (http://www.darkoperator.com/blog/2009/4/3/dns-... Jonathan Cran
01:26 pm Metasploit Framework Bug #6247 (Rejected): db_autopwn dissapeared: Ive searched around and found nothing on this issue except that is caused by using postgresql. After updating (now at... john dirt
09:38 am Metasploit Framework Feature #6246: Exploit contribution for CVE-2011-4786: HP Easy Printer Care XMLCacheMgr Class Act...: Sorry, I forgot to delete a comment which doesn't have sense in this case. Problems of reusing code :)
I attach ne... juan vazquez
09:35 am Metasploit Framework Feature #6246 (Closed): Exploit contribution for CVE-2011-4786: HP Easy Printer Care XMLCacheMgr ...: I would like to make a contribution to metasploit with a module for "CVE-2011-4786: HP Easy Printer Care XMLCacheMgr ... juan vazquez
05:34 am Metasploit Framework Feature #6245 (Closed): Exploit contribution for CVE-2011-3167: HP OpenView NNM ov.dll _OVBuildPa...: Hi,
I would like to make a contribution to metasploit with a module for "CVE-2011-3167: HP OpenView NNM ov.dll _OV... juan vazquez

01/14/2012

12:55 pm Metasploit Framework Bug #6244: running db_nmap -sV -Pn --script=all ip leading to an error: If you used the 4.1.4 installer and activated a free Community Edition license, apply the latest update via the Web U... HD Moore
09:25 am Metasploit Framework Revision 84db5a21: Merge pull request #101 from chao-mu/master: Created Regexp option type Tod Beardsley
07:24 am Metasploit Framework Bug #6244 (New): running db_nmap -sV -Pn --script=all ip leading to an error: run db_nmap -sV -Pn --script=all ip
leading to:
Nmap: 'nmap: relocation error: /lib/libnss_mdns4_minimal.so.2: symb... s l
05:17 am Metasploit Framework Revision 580c8187: all scripts fixed: Michael Messner

01/13/2012

06:54 pm Metasploit Framework Revision 24aaf85a: Merge pull request #98 from brandonprry/master: Offline registry reading library for rex (Rex::Registry) Tod Beardsley
03:26 pm Metasploit Framework Revision 14a35da0: Merge pull request #104 from swtornio/master: add osvdb ref sinn3r .
01:49 pm Metasploit Framework Revision 4ac6c0c3: A great big pile of fixes to the ssh scanners: Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have b... Tod Beardsley
01:48 pm Metasploit Framework Revision 5700bf9d: Merge branch 'release/20120110000001' of framework.github.com:rapid7/metasploi...: Jonathan Cran
01:47 pm Metasploit Framework Revision b3925c44: Drop a spurious print_error line from smtp_version: Tod Beardsley
01:45 pm Metasploit Framework Feature #6145: RC scripts for automating oracle scans: Applied in changeset commit:335c422a6e0c0127400fd6099b49b8b495c3df47. Tod Beardsley
01:45 pm Metasploit Framework Feature #6128: Add ability for railgun to reverse lookup constants (and error codes): Applied in changeset commit:335c422a6e0c0127400fd6099b49b8b495c3df47. Tod Beardsley
01:45 pm Metasploit Framework Bug #6066: mssql_ping only reports the first mssql instance running on a host and ignores others: Applied in changeset commit:335c422a6e0c0127400fd6099b49b8b495c3df47. Tod Beardsley
01:21 pm Metasploit Framework Revision bd31f3f4: add osvdb ref: Steve Tornio
12:34 pm Metasploit Framework Revision a68b1b10: Merge branch 'master' of r7.github.com:rapid7/metasploit-framework: Jonathan Cran
11:46 am Metasploit Framework Revision d52df50a: Drop a spurious print_error line from smtp_version: Tod Beardsley
11:42 am Metasploit Framework Bug #6236: mysterious stack trace: > ruby update and rubygems
Ah. You shouldn't do that :) Metasploit ships with an optimized build of ruby for what ... Tod Beardsley
11:04 am Metasploit Framework Revision 335c422a: Merging ssh_pubkey branch with master: Syncing up for more dev work.
Squashed commit of the following:
commit 2eb35728f6903392d8ca57b09f61b6d4e9a6ff94
Aut... Tod Beardsley
10:50 am Metasploit Framework Bug #6236: mysterious stack trace: ruby update and rubygems root hash
10:43 am Metasploit Framework Bug #6236: mysterious stack trace: ruby update and rubygems root hash
10:42 am Metasploit Framework Bug #6236: mysterious stack trace: Tod Beardsley wrote:
> From https://community.rapid7.com/message/2645
>
> No background given, other than the mys... root hash
09:44 am Metasploit Framework Bug #6236 (Rejected): mysterious stack trace: From https://community.rapid7.com/message/2645
No background given, other than the mysterious title of "CentOS," w... Tod Beardsley
09:37 am Metasploit Framework Bug #4345: Users' guide is woefully out of date: This is an ongoing effort on our side - most of the user guide has already been rewritten and we plan to have the fin... HD Moore
09:26 am Metasploit Framework Revision 33d53517: portcleaner initial commit: Michael Messner
08:23 am Metasploit Framework Revision 8661f618: portscan.rc: Michael Messner
04:12 am Metasploit Framework Revision e4a0205c: Merge branch 'master' of git://github.com/rapid7/metasploit-framework into msf...: Michael Messner
03:41 am Metasploit Framework Revision f6ed7dfb: else included: Michael Messner
02:11 am Metasploit Framework Revision 420d1286: changes included: Michael Messner

01/12/2012

08:54 pm Metasploit Framework Revision a8ef3417: Fixed the date: Damon Jones
07:25 pm Metasploit Framework Bug #4345: Users' guide is woefully out of date: I've started working on updating the User's Guide in my "Github fork":https://github.com/soh-cah-toa/metasploit-frame... Kevin Polulak
06:40 pm Metasploit Framework Revision b6b49ad6: Merge remote branch 'upstream/master': Chao Mu
06:39 pm Metasploit Framework Revision a8a3d4d2: Updatted railgun_reverse_lookups test module to use the new regex options. Cor...: Chao Mu
06:37 pm Metasploit Framework Revision 2eb35728: Randomize nops: sinn3r
06:13 pm Metasploit Framework Revision e75e23b9: Removed more unused variables and fixed some formatting: Sam Sharps
06:05 pm Metasploit Framework Revision f22f5403: Removed unused variables: Sam Sharps
06:02 pm Metasploit Framework Revision ffe81584: updated author: Damon Jones
06:01 pm Metasploit Framework Revision 87ee6905: Modified exploit to not need egg hunter shellcode: Sam Sharps
05:46 pm Metasploit Framework Revision e42e0004: Merge branch 'ms05_054_onload' of https://github.com/SamSharps/metasploit-fram...: sinn3r
05:26 pm Metasploit Framework Revision 6ad2eda2: Windows artifacts module: Stephen Haywood
05:06 pm Metasploit Framework Revision 02bd1f34: Merge branch 'master' of https://github.com/averagesecurityguy/metasploit-fram...: sinn3r
03:12 pm Metasploit Framework Revision ad0b745b: new file: modules/exploits/windows/fileformat/bsplayer_m3u.rb: Damon Jones
02:20 pm Metasploit Framework Revision 6234d13f: Added Schema Dump Module for Postgres: David Maloney
11:49 am Metasploit Framework Revision cb146f90: Used msf library for digest, fixed name.: Stephen Haywood
11:47 am Metasploit Framework Revision 8d19bca2: Added remote digest methods: Stephen Haywood
10:33 am Metasploit Framework Revision bfd52abf: initial commit: Michael Messner
10:31 am Metasploit Framework Revision cbb9a037: test: Michael Messner

01/11/2012

02:17 pm Metasploit Framework Revision a3749f1d: Merge branch 'master' of github.com:rapid7/metasploit-framework: David Maloney
02:16 pm Metasploit Framework Revision 52be1c3a: Add schemadump module for MySql: David Maloney
02:06 pm Metasploit Framework Revision f40df691: Removing telnet_encrypt_keyid_bruteforce.rb to unstable: can't ship for a few problems, will be fixed up soonish but
about to release a build. Tod Beardsley
02:02 pm Metasploit Framework Revision f7376434: Moving telnet_encrypt_keyid_bruteforce.rb to unstable-modules: Missing some things. An ExploitRanking to start, also has some hardcoded
NOPs, and really probably should just be com... Tod Beardsley
02:00 pm Metasploit Framework Revision 500cfa6d: Removing telnet_encrypt_keyid_bruteforce.rb to unstable: can't ship for a few problems, will be fixed up soonish but
about to release a build. Tod Beardsley
02:00 pm Metasploit Framework Revision dd42f241: Death to unicode: Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee ... Tod Beardsley
01:17 pm Metasploit Framework Revision 5f121fe1: Workaround postgresql.fingerprint dlog message: Came up as a concern, this special-cases notes of
"postgresql.fingerprint". Not thrilled with this fix, though. Tod Beardsley
11:15 am Metasploit Framework Revision 15065ba6: fixup title: Jonathan Cran
11:11 am Metasploit Framework Revision 1a037775: Merge branch 'master' of github.com:rapid7/metasploit-framework: David Maloney
11:11 am Metasploit Framework Revision 8c594798: Fix to the AIX jtr module title.: David Maloney
07:31 am Metasploit Framework Revision 092b226c: Updating tns_auth_sesskey to use a user-supplied SID: Applying the patch suggested by Lukas, here: http://mail.metasploit.com/pipermail/framework/2012-January/008374.html Tod Beardsley

01/10/2012

06:45 pm Metasploit Framework Revision 0236a699: registry stuff: Brandon Perry
05:32 pm Metasploit Framework Revision 13069990: Added module for dumping schema information from Microsoft SQL Server: and storing it as loot and notes. David Maloney
02:54 pm Metasploit Framework Revision 7e25f9a6: Death to unicode: Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee ... Tod Beardsley
02:35 pm Metasploit Framework Bug #6066 (Resolved): mssql_ping only reports the first mssql instance running on a host and igno...: Applied in changeset commit:ed0dbad243490bc07ce4e61bf708aaca7b418d17. David Maloney
02:32 pm Metasploit Framework Revision ed0dbad2: Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.: Fixes #6066 David Maloney
11:31 am Metasploit Framework Feature #6203: Request for features for RC scripts: bgrun would sort of work but it doesn't appear as an option for auxiliary modules plus you would have the problem of ... Thomas Ring
10:59 am Metasploit Framework Feature #6203: Request for features for RC scripts: I agree, I'd think that threading would be out of scope for RC scripts. The module should handle its own threading, o... Tod Beardsley
09:49 am Metasploit Framework Revision 9a377923: Merge branch 'release/2012011000000' into stable: Jonathan Cran
08:22 am Metasploit Framework Revision b23b7b8a: Adds support for a regular expression based Option (RegexpOpt). Also introduce...: Chao Mu
04:36 am Metasploit Framework Revision 753ddb27: Make all the EXE options OptPath: James Lee
04:25 am Metasploit Framework Revision 1eb49001: Make EXE::Custom an OptPath so it can be tab'd: James Lee
12:11 am Metasploit Framework Feature #6203: Request for features for RC scripts: the arguments question is one that needs to be tackled.
one thing that may work, but i've not verified, is sticki... Jonathan Cran

01/09/2012

11:52 pm Metasploit Framework Feature #6207 (Resolved): Various edits + new target for CoDeSys webserver exploit module: patch applied: commit:bc9014e91215504c11d348edc3b0e3d208686181, thanks. sinn3r .
11:51 pm Metasploit Framework Revision bc9014e9: Add new v3.4 target by Michael Coppola (Feature #6207): sinn3r
11:29 pm Metasploit Framework Revision 444efd4a: Cleaning ssh print messages: Normalizing out a bunch of hyphens, touchup on auth_brute's
print_brute() method, and expanding ssh_key_matches?() Cr... Tod Beardsley
09:50 pm Metasploit Framework Revision d7b0bf41: Clean up the keyfile mess for ssh modules: Now keyfiles are handled in a sensible way. Good keys, when validated,
are stored in loot, and if several credentials... Tod Beardsley
08:49 pm Metasploit Framework Feature #6207 (Closed): Various edits + new target for CoDeSys webserver exploit module: Made some updates to the CoDeSys module:
* Added new target for v3.4 SP4 Patch 2
* Updated size, badchars
* Update... Michael Coppola
08:14 pm Metasploit Framework Revision b7676766: Update Nenad's author name and e-mail: sinn3r
07:36 pm Metasploit Framework Feature #6202 (Resolved): FreeBSD based telnetd encrypt_key_id brute force: Done. Thanks: commit:90eb2b9a75a6efceee5cb1bfccfbee73cd514056 sinn3r .
07:35 pm Metasploit Framework Revision 90eb2b9a: Add CVE-2011-4862 encrypt_key_id using the brute-force method (Feature #6202): sinn3r
03:51 pm Metasploit Framework Revision 91d10518: Moved ActiveSupport dep to gem: Trevor Rosen
02:40 pm Metasploit Framework Revision 076af4e0: Removed model require file: Trevor Rosen
02:31 pm Metasploit Framework Revision c54dec2a: Update some more finds: Trevor Rosen
02:31 pm Metasploit Framework Revision 2efa4af9: Yet another dumb commit: Trevor Rosen
02:30 pm Metasploit Framework Revision 24670a74: Fixing deletion: Trevor Rosen
02:29 pm Metasploit Framework Revision 8ac47529: Fixed erroneous commit: Trevor Rosen
02:25 pm Metasploit Framework Revision 199fa3ab: Remove AR patch stuff; attempting to debug non-connection between MSF and Pro: Trevor Rosen
02:24 pm Metasploit Framework Revision badd2790: Drop ActiveRecord/ActiveSupport in preparation for upgrade: Trevor Rosen
02:23 pm Metasploit Framework Revision 8eee54d1: Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp...: sinn3r
02:11 pm Metasploit Framework Revision eeb3a442: whitespace correctly smtp_version.rb: Tod Beardsley
02:11 pm Metasploit Framework Revision 15990efd: Removing useless (?) begin/rescue from smtp_version: Let the scanner mixin handle the exceptions. Tod Beardsley
01:56 pm Metasploit Framework Revision 4b924bef: Merge branch 'master' of r7.github.com:rapid7/metasploit-framework: Jonathan Cran
01:34 pm Metasploit Framework Feature #6202: FreeBSD based telnetd encrypt_key_id brute force: Pls find attached the pcap file of the IronPort.
Cheers,
Nenad Nenad Stojanovski
01:09 pm Metasploit Framework Feature #6202: FreeBSD based telnetd encrypt_key_id brute force: Unfortunately no such appliances for testing, asking for a pcap. sinn3r .
12:44 pm Metasploit Framework Feature #6203: Request for features for RC scripts: and altho you can't provide script arguments, you can use erb to preprocess the rc file and change it's behavior. Ad... Joshua Smith
12:36 pm Metasploit Framework Feature #6203: Request for features for RC scripts: friggin markdown... the 1. and 2. were really comments (#) Joshua Smith
12:35 pm Metasploit Framework Feature #6203: Request for features for RC scripts: I would think the thing to do would be to wrap the commands you're worried about in <ruby> tags and handling any erro... Joshua Smith
12:19 pm Unstable Modules Feature #6205: RC script for trying default usernames/passwords on telnet: You should be able to git cherry-pick whatever you want into a new branch and just pull request from there, then. But... Tod Beardsley
12:00 pm Unstable Modules Feature #6205: RC script for trying default usernames/passwords on telnet: Its actually out there...
https://github.com/ringt/rc_script_additions
It unfortunately has a mix of the other ... Thomas Ring
11:44 am Unstable Modules Feature #6205: RC script for trying default usernames/passwords on telnet: Thanks! BTW you should totally get a GitHub account. All the cool kids are doing it.
Tod Beardsley
11:24 am Unstable Modules Feature #6205 (New): RC script for trying default usernames/passwords on telnet: It works but is more than a little crude (hence unstable submission). Enhancements here: http://dev.metasploit.com/r... Thomas Ring
11:22 am Metasploit Framework Revision e7d73026: Dropping the umlaut, sacrificing accuracy for usability. Can't guarantee a vie...: Tod Beardsley
10:33 am Metasploit Framework Revision e12d5588: Set data on webdav scanner notes to include webdav path.: 'Enabled' in the data field was useless since the note existing
already tells you webdav is enabled.
The path that we... David Maloney
10:12 am Metasploit Framework Revision f5244593: Merge branch 'release/20120103000001' into stable: Jonathan Cran
09:54 am Metasploit Framework Feature #6203: Request for features for RC scripts: > Ability to check result of previous command, both the output and a simple flag
This in particular, I've been try... Tod Beardsley
09:29 am Metasploit Framework Feature #6203 (New): Request for features for RC scripts: Debated whether or not to ask but figured it wouldn't hurt. As I put the RC scripts together, I kept finding myself ... Thomas Ring
08:43 am Metasploit Framework Feature #6128 (Resolved): Add ability for railgun to reverse lookup constants (and error codes): Applied in changeset commit:9e78eff96868e8e4be426baa8af2b871344be289. Anonymous
08:43 am Metasploit Framework Revision 9e78eff9: Merge pull request #96 from chao-mu/master: Updates to Railgun
[Fixes #6128] among other things. Tod Beardsley
08:39 am Metasploit Framework Feature #6145 (Resolved): RC scripts for automating oracle scans: Applied in changeset commit:51a7f05d8574d6338eee516d4823951fd943dd18. Tod Beardsley
08:36 am Metasploit Framework Revision 51a7f05d: Adding oracle RC scripts from nebulus: Also adds at least title/attribution to the scripts. Should probably get
a proper format for that if we get more of t... Tod Beardsley
08:04 am Metasploit Framework Feature #5967 (Rejected): Transparent Proxy && Inject HTML/JAVASCRIPT: Added to the unstable branch, here:
https://github.com/rapid7/metasploit-framework/commit/60520ccc8c97adc5f858ca2c... Tod Beardsley
08:00 am Metasploit Framework Revision 60520ccc: Adds clshack's transparent WebRICK http proxy.: Can't really use as is because it uses WebRICK instead of
Msf::Exploit::Remote::HttpServer . Tod Beardsley
07:46 am Metasploit Framework Feature #5967: Transparent Proxy && Inject HTML/JAVASCRIPT: So this is totally a neat idea, and I'm sure many people would find this module useful. However, because you depend o... Tod Beardsley
07:41 am Metasploit Framework Bug #6001 (Closed): sytax error in modules: Seems to have been resolved, looks like you happened across a brief development bug.
Tod Beardsley
07:40 am Metasploit Framework Bug #6002 (Rejected): Nmap XML import fails to pull hosts from an -sn scan: We specifically avoid importing hosts with no services available, since with no services, we really don't have any at... Tod Beardsley
07:38 am Metasploit Framework Feature #6006 (Rejected): smb_enumusers_domain.rb should stored data in the DB in a query'able form.: Is there a use case for this that's not already covered? I know that Metasploit Pro is smart enough to look for the n... Tod Beardsley
07:34 am Metasploit Framework Feature #6049 (HavePatch): powershell support for msfencode: Tod Beardsley
06:19 am Metasploit Framework Revision 5a20b7d7: Fixed small typo: Patroklos Argyroudis
04:12 am Metasploit Framework Revision 9a62b41a: Mac OS X x86 payload that executes Calculator.app: Patroklos Argyroudis
04:10 am Metasploit Framework Revision 5d359785: Firefox 3.6.16 mChannel exploit for Mac OS X 10.6.8, 10.6.7 and 10.6.6: Patroklos Argyroudis
04:09 am Metasploit Framework Feature #6194: Drupal Users Enumeration - AUX Module: My bad, the module you commited works like a charm, i was just messing up with the vhosts.
Thanks again. Robin François
03:00 am Metasploit Framework Feature #6194: Drupal Users Enumeration - AUX Module: I don't think I saw Drupal doing redirects on me during testing. Which version (Drupal + Views) do you have? I'll r... sinn3r .
02:42 am Metasploit Framework Feature #6194: Drupal Users Enumeration - AUX Module: Hi sinn3r,
I am having issues in my testing environment for the module you commited: it is not following 301 redirec... Robin François
02:21 am Metasploit Framework Revision 03a39f7f: Whitespace cleanup, also change print_status usage when verbose: sinn3r
02:14 am Metasploit Framework Revision 2f9d5630: Update reference: sinn3r
01:45 am Metasploit Framework Feature #6202 (Closed): FreeBSD based telnetd encrypt_key_id brute force: The module exploits FreeBSD based appliances: Cisco IronPort 7.x (possibly 6.x) versions and Citrix NetScaler 9.x app... Nenad Stojanovski

01/08/2012

10:48 pm Metasploit Framework Revision 28c89bac: Merge branch 'master' into ssh_pubkey: Silly whitespace merge conflict
Conflicts:
lib/msf/core/model/cred.rb Tod Beardsley
10:45 pm Metasploit Framework Revision badf62d8: Add back in ssh_key_matches?(): Tod Beardsley
10:28 pm Metasploit Framework Revision a1668f2b: Adds SSHKey gem and some other ssh goodies: Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which pr... Tod Beardsley
10:23 pm Metasploit Framework Revision 036d2eb6: Updates ssh credentials to easily find common keys: Instead of making the modules do all the work of cross-checking keys,
this introduces a few new methods to the Cred m... Tod Beardsley
08:11 pm Metasploit Framework Revision c28430a7: Adding back cross-checking for privkeys.: Needs to test to see if anything depends on order, but should
be okay to mark up the privkey proof with this as well. Tod Beardsley
04:51 pm Metasploit Framework Revision dd356399: Add SSHKey gem, convert PEM pubkeys to SSH pubkeys: Tod Beardsley
04:18 pm Metasploit Framework Revision f7a95189: In railgun mixin, "error_lookup" has been renamed "lookup_error" and now accep...: Chao Mu
01:51 pm Metasploit Framework Revision 11fc363e: Store pubkeys as loot for reuse.: Yanked cross checking for now, will drop back in before pushing. Tod Beardsley
10:35 am Metasploit Framework Feature #6128: Add ability for railgun to reverse lookup constants (and error codes): We're getting a bit off topic now, hehe.
I submitted a pull request that (among other things) includes reverse loo... Chao Mu
10:16 am Metasploit Framework Revision d0fb9424: Updated to use "reject!" instead of "select!" so older versions of ruby are happy: Chao Mu
10:05 am Metasploit Framework Revision 6591bd3a: Completed test coverage for pointer_util.rb and fixed the bugs I found: Chao Mu
02:10 am Metasploit Framework Revision aad12b31: Fixes up a couple typos in ssh_identify_pubkeys: Tod Beardsley

01/07/2012

10:45 pm Metasploit Framework Feature #6145: RC scripts for automating oracle scans: Ack, no category, this slipped by my RSS feed of bugs/features. Sorry Thomas! Will get this in. Tod Beardsley
06:06 pm Metasploit Framework Revision f9d123a8: Merge remote branch 'upstream/master': Chao Mu
05:18 pm Metasploit Framework Revision 48937728: Updates to ssh_identify_pubkeys and friends: Switches reporting to cred-based rather than note-based, accurately deal
with DSA keys, adds disable_agent option to ... Tod Beardsley
03:18 pm Metasploit Framework Revision 243dbe50: Correct author name. Unfortunately not all editors can print unicode correctly.: sinn3r
03:14 pm Metasploit Framework Revision 181fe2d9: Merge branch 'master' of github.com:rapid7/metasploit-framework: sinn3r
03:13 pm Metasploit Framework Revision 4e858aba: Add CVE-2012-0262 Op5 welcome.php Remote Code Execution: sinn3r
03:12 pm Metasploit Framework Revision 4645c1c2: Add CVE-2012-0261 Op5 license.php Remote Code Execution: sinn3r
01:13 am Metasploit Framework Revision b12baccc: Quick update, added a research option: HD Moore
12:05 am Metasploit Framework Bug #6152 (Resolved): persistence module not producing correct VBScript: Sounds like it's fixed. Ticket closed. Please feel free to reopen if not. sinn3r .
12:02 am Metasploit Framework Revision 6d401b48: Fix typo: sinn3r

01/06/2012

11:52 pm Metasploit Framework Feature #6194 (Resolved): Drupal Users Enumeration - AUX Module: Committed, thanks: commit:b7e29191f5240a519bdfa3f6882c14c40773cd3a sinn3r .
11:51 pm Metasploit Framework Revision b7e29191: Add Drupal 'Views' module username enumeration (Feature #6194): sinn3r
11:02 pm Metasploit Framework Feature #6194: Drupal Users Enumeration - AUX Module: Second revision. sinn3r .
10:51 pm Metasploit Framework Revision 40a1d8bc: Fixed issue with a missing nil check in ftp_login: David Maloney
10:31 pm Metasploit Framework Revision 81acfd21: Adds hashdump and cracking modules for AIX: David Maloney
10:30 pm Metasploit Framework Revision 8e017fd4: Merge branch 'master' of github.com:rapid7/metasploit-framework: David Maloney
10:13 pm Metasploit Framework Revision c2406e0e: Fix whitespace at EOL: James Lee
10:10 pm Metasploit Framework Revision c35c7f5f: Add tab completion for pushm: [See #6165] James Lee
09:14 pm Metasploit Framework Bug #6198 (Resolved): HTTP evasions are busted: Applied in changeset commit:7ea5f8796074215f61ae8c36b8ef12aca3887a6a. James Lee
09:05 pm Metasploit Framework Bug #6198 (Closed): HTTP evasions are busted: *As reported to the mailing list by Ashish:*
I am trying to use various HTTP evasions for some HTTP server bas... James Lee
09:05 pm Metasploit Framework Revision 7ea5f879: Allow proper ruby types for evasion configuration: At some point in the distant past, the datastore was all strings and the
various option types got parsed out in the a... James Lee
08:07 pm Metasploit Framework Revision c59e08ce: Moved utility codde and expanded railgun test suite runner: Chao Mu
07:56 pm Metasploit Framework Revision f41fc7a0: Moved platform_util.rb and added the tests for the new utilities to railgun.rb...: Chao Mu
07:27 pm Metasploit Framework Revision bd52f228: Merge remote branch 'upstream/master': Chao Mu
07:20 pm Metasploit Framework Revision 78ec687a: Merge remote branch 'origin/master': Chao Mu
06:59 pm Metasploit Framework Revision bf425a67: Fixed bug that prevented telnet sessions from opening with good creds: David Maloney
04:46 pm Metasploit Framework Revision 2e60d2e0: Merge branch 'master' of git://github.com/rapid7/metasploit-framework: Stephen Haywood
04:43 pm Metasploit Framework Revision 72072c4e: Added enum_artifacts: Stephen Haywood
02:44 pm Metasploit Framework Feature #6194: Drupal Users Enumeration - AUX Module: first revision (this one is still incomplete, but I'm working on it) sinn3r .
02:26 pm Metasploit Framework Feature #6194: Drupal Users Enumeration - AUX Module: Thanks, will look into this shortly. sinn3r .
02:24 pm Metasploit Framework Revision 6ceb2f04: Add CVE-2011-2474 Sybase EAServer directory traversal vulnerability: sinn3r
02:02 pm Metasploit Framework Feature #2170 (Resolved): Add a module to test and exploit XAMPP's default WebDAV password: Applied in changeset commit:9cf2af6a94902b653de0464125786d2bb3b40c48. David Maloney
02:00 pm Metasploit Framework Revision 9cf2af6a: Adds exploit/windows/htt/xampp_webdav_upload_php: This exploit abuses weak default passwords on XAMPP
for windows to uplaod a php payload and execute it.
Fixes #2170 David Maloney
01:09 pm Metasploit Framework Bug #6191: bind handlers are noisy and, for slow connections/exploits, flaky: BTW, if you want more stealthy exploitation you probably don't really want to use a bind handler at all. Joshua J. Drake
01:08 pm Metasploit Framework Bug #6191: bind handlers are noisy and, for slow connections/exploits, flaky: Perhaps we could expose some option to start the bind handler whenever "handler" is called?
Joshua J. Drake
12:58 pm Metasploit Framework Bug #6177 (Closed): Loot not associated with a host is invisible in the console: Jonathan Cran
12:58 pm Metasploit Framework Bug #6175 (Closed): myworkspace class variable not updated when reporting: Jonathan Cran
12:58 pm Metasploit Framework Bug #6174 (Closed): rename non existent local variable 'options' to correct session.options: Jonathan Cran
12:58 pm Metasploit Framework Feature #6168 (Closed): Exploit Module for CoCSoft Stream Down 6.8.0 buffer over flow: Jonathan Cran
12:58 pm Metasploit Framework Feature #6165 (Closed): pushd/popd-like functionality for msfconsole: Jonathan Cran
12:58 pm Metasploit Framework Feature #5966 (Closed): CorpWatch API integration for metasploit: Jonathan Cran
10:11 am Metasploit Framework Bug #6152: persistence module not producing correct VBScript: Hi.
First, let me appologise for the late response. I couldn't answer if the problem is fixed (at least on a parti... Dejan Lukan
08:43 am Metasploit Framework Feature #6194 (Closed): Drupal Users Enumeration - AUX Module: Hi,
I have written a small module to enumerate users of a Drupal website using the following vulnerability (http://w... Robin François
01:03 am Metasploit Framework Revision 06414c24: changed author to my actual name: Sam Sharps
12:53 am Metasploit Framework Revision c2a71d63: Tweak the logic here: HD Moore
12:53 am Metasploit Framework Revision 7b26e33e: Initial version: HD Moore
12:47 am Metasploit Framework Revision b26ed374: Added description, urls, and another author: Sam Sharps
12:16 am Metasploit Framework Revision 5c05ceba: Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790: Sam Sharps
12:12 am Metasploit Framework Revision f3a9bc2d: Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790: sam

01/05/2012

11:09 pm Metasploit Framework Revision e578a13c: Revert "Revert "make the esx driver dependent on meterpreter"": This reverts commit 7a71d226253c95687bcb726750cce1a89e1dfe5c. Jonathan Cran
11:09 pm Metasploit Framework Revision 7a71d226: Revert "make the esx driver dependent on meterpreter": This reverts commit eec70706d073503832fda61e9e28e24c5097c579. Jonathan Cran
08:54 pm Metasploit Framework Bug #6191: bind handlers are noisy and, for slow connections/exploits, flaky: If anything, it's not WfsDelay, but ctimeout in bind_tcp.rb etc. that should be increased.
Regarding the extraneou... bugme not
08:42 pm Metasploit Framework Revision eec70706: make the esx driver dependent on meterpreter: Jonathan Cran
08:39 pm Metasploit Framework Bug #6191: bind handlers are noisy and, for slow connections/exploits, flaky: Is there a problem that this patch solves? Are the extraneous connection attempts preventing exploitation? HD Moore
08:13 pm Metasploit Framework Bug #6191: bind handlers are noisy and, for slow connections/exploits, flaky: This is a bit tricky to solve - while I agree that WfsDelay should be increased if it is causing reliability problems... HD Moore
06:26 pm Metasploit Framework Revision bedc34ad: Merge branch 'master' of r7.github.com:rapid7/metasploit-framework: Jonathan Cran
06:26 pm Metasploit Framework Revision c5225140: update the meterpreter modifier to reflect the new copy_ api: Jonathan Cran
05:33 pm Metasploit Framework Bug #6191: bind handlers are noisy and, for slow connections/exploits, flaky: For the record I agree with this ticket. The bind handler really shouldn't fire so early.
However, there is also t... Joshua J. Drake
05:12 pm Metasploit Framework Bug #6191: bind handlers are noisy and, for slow connections/exploits, flaky: I rigged up an ugly patch that adds a QueuePayloadHandler variable. If you set it to true, the code will set DisableP... bugme not
04:13 pm Metasploit Framework Bug #6191: bind handlers are noisy and, for slow connections/exploits, flaky: If I understand it right, setting WfsDelay will prevent Metasploit for some seconds from killing the handler after th... bugme not
02:59 pm Metasploit Framework Bug #6191: bind handlers are noisy and, for slow connections/exploits, flaky: Have you tried setting WfsDelay? (by default it's 0) sinn3r .
02:25 pm Metasploit Framework Revision 54bca49e: Slightly better fix to the digest request header issue: David Maloney
02:10 pm Metasploit Framework Revision ba86e8a0: Added PROPFIND support to http_login: This allows http_login to test against WebDAV.
Also added XAMPP default usernames and passwords to default wordlists David Maloney
02:10 pm Metasploit Framework Revision 9c827abc: net-ssh hackery to disable agent support, disable private key support,: and add a callback HD Moore
02:03 pm Metasploit Framework Revision 6cd38100: Merge branch 'master' of github.com:rapid7/metasploit-framework: David Maloney
02:02 pm Metasploit Framework Revision e61b4ed6: Fixed issue with send_digest_request_cgi not keeping user supplied headers.: David Maloney
01:05 pm Metasploit Framework Revision e28ccc33: Merge pull request #92 from rsmudge/armitage: Armitage 1.5.12 Tod Beardsley
12:00 pm Metasploit Framework Bug #6191 (New): bind handlers are noisy and, for slow connections/exploits, flaky: (I'm basing this bug report on bind_tcp, but it should be similar for other bind handlers.)
Since the bind_tcp han... bugme not
03:55 am Metasploit Framework Revision 46964a6b: Armitage 1.5.12 - Performance and bandwidth optimizations in the team server, ...: greatly overhauled Armitage's data export capability. Now users may select to export all data or any workspace. Raphael Mudge

« Previous

Also available in: Atom