Finished spelling issues
This commit is contained in:
parent
6985469009
commit
c90f885938
|
@ -12,9 +12,9 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits an stack based buffer overflow on Yokogawa CS3000. The vulnerability
|
||||
This module exploits a stack based buffer overflow on Yokogawa CS3000. The vulnerability
|
||||
exists in the service BKFSim_vhfd.exe when using malicious user-controlled data to create
|
||||
logs using functions like vsprintf and memcpy in a insecure way. This module has been
|
||||
logs using functions like vsprintf and memcpy in an insecure way. This module has been
|
||||
tested successfully on Yokogawa Centum CS3000 R3.08.50 over Windows XP SP3.
|
||||
},
|
||||
'Author' =>
|
||||
|
|
|
@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'Name' => 'Generic DLL Injection From Shared Resource',
|
||||
'Description' => %q{
|
||||
This is a general-purpose module for exploiting conditions where a DLL can be loaded
|
||||
from an specified SMB share. This module serves payloads as DLLs over an SMB service.
|
||||
from a specified SMB share. This module serves payloads as DLLs over an SMB service.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -22,14 +22,14 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
You are only allowed one attempt with this vulnerability. If
|
||||
the payload fails to execute, the LSASS system service will
|
||||
crash and the target system will automatically reboot itself
|
||||
in 60 seconds. If the payload succeeeds, the system will no
|
||||
in 60 seconds. If the payload succeeds, the system will no
|
||||
longer be able to process authentication requests, denying
|
||||
all attempts to login through SMB or at the console. A
|
||||
reboot is required to restore proper functioning of an
|
||||
exploited system.
|
||||
|
||||
This exploit has been successfully tested with the win32/*/reverse_tcp
|
||||
payloads, however a few problems were encounted when using the
|
||||
payloads, however a few problems were encountered when using the
|
||||
equivalent bind payloads. Your mileage may vary.
|
||||
|
||||
},
|
||||
|
|
|
@ -17,9 +17,9 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
This module exploits a stack buffer overflow in the NetApi32 NetpManageIPCConnect
|
||||
function using the Workstation service in Windows 2000 SP4 and Windows XP SP2.
|
||||
|
||||
In order to exploit this vulnerability, you must specify a the name of a
|
||||
In order to exploit this vulnerability, you must specify the name of a
|
||||
valid Windows DOMAIN. It may be possible to satisfy this condition by using
|
||||
a custom dns and ldap setup, however that method is not covered here.
|
||||
a custom DNS and LDAP setup, however that method is not covered here.
|
||||
|
||||
Although Windows XP SP2 is vulnerable, Microsoft reports that Administrator
|
||||
credentials are required to reach the vulnerable code. Windows XP SP1 only
|
||||
|
|
|
@ -30,7 +30,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
and need a cool down period before the shells rain in again.
|
||||
|
||||
The module will attempt to use Anonymous login, by default, to authenticate to perform the
|
||||
exploit. If the user supplies credentials in the SMBUser,SMBPass, and SMBDomain options it will use
|
||||
exploit. If the user supplies credentials in the SMBUser, SMBPass, and SMBDomain options it will use
|
||||
those instead.
|
||||
|
||||
On some systems, this module may cause system instability and crashes, such as a BSOD or
|
||||
|
|
|
@ -22,7 +22,7 @@ module MetasploitModule
|
|||
super(merge_info(info,
|
||||
'Name' => 'Z/OS (MVS) Command Shell, Reverse TCP',
|
||||
'Description' => 'Provide JCL which creates a reverse shell
|
||||
This implmentation does not include ebcdic character translation,
|
||||
This implementation does not include ebcdic character translation,
|
||||
so a client with translation capabilities is required. MSF handles
|
||||
this automatically.',
|
||||
'Author' => 'Bigendian Smalls',
|
||||
|
|
|
@ -17,7 +17,7 @@ module MetasploitModule
|
|||
def initialize(info = {})
|
||||
super(merge_info(info,
|
||||
'Name' => 'Unix Command Shell, Reverse TCP (via ncat)',
|
||||
'Description' => 'Creates an interactive shell via ncat, utilising ssl mode',
|
||||
'Description' => 'Creates an interactive shell via ncat, utilizing ssl mode',
|
||||
'Author' => 'C_Sto',
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'unix',
|
||||
|
|
|
@ -14,7 +14,7 @@ module MetasploitModule
|
|||
super(merge_info(info,
|
||||
'Name' => 'Firefox XPCOM Execute Command',
|
||||
'Description' => %Q|
|
||||
This module runs a shell command on the target OS withough touching the disk.
|
||||
This module runs a shell command on the target OS without touching the disk.
|
||||
On Windows, this command will flash the command prompt momentarily.
|
||||
This can be avoided by setting WSCRIPT to true, which drops a jscript
|
||||
"launcher" to disk that hides the prompt.
|
||||
|
|
|
@ -22,7 +22,7 @@ module MetasploitModule
|
|||
super(merge_info(info,
|
||||
'Name' => 'Z/OS (MVS) Command Shell, Reverse TCP Inline',
|
||||
'Description' => 'Listen for a connection and spawn a command shell.
|
||||
This implmentation does not include ebcdic character translation,
|
||||
This implementation does not include ebcdic character translation,
|
||||
so a client with translation capabilities is required. MSF handles
|
||||
this automatically.',
|
||||
'Author' => 'Bigendian Smalls',
|
||||
|
|
|
@ -20,7 +20,7 @@ module MetasploitModule
|
|||
'Name' => 'Windows Command Shell, Hidden Bind TCP Inline',
|
||||
'Description' => 'Listen for a connection from certain IP and spawn a command shell.
|
||||
The shellcode will reply with a RST packet if the connections is not
|
||||
comming from the IP defined in AHOST. This way the port will appear
|
||||
coming from the IP defined in AHOST. This way the port will appear
|
||||
as "closed" helping us to hide the shellcode.',
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -26,7 +26,7 @@ class MetasploitModule < Msf::Post
|
|||
super(
|
||||
'Name' => 'BusyBox Jailbreak ',
|
||||
'Description' => %q{
|
||||
This module will send a set of commands to a open session that is connected to a
|
||||
This module will send a set of commands to an open session that is connected to a
|
||||
BusyBox limited shell (i.e. a router limited shell). It will try different known
|
||||
tricks to jailbreak the limited shell and get a full BusyBox shell.
|
||||
},
|
||||
|
|
|
@ -15,7 +15,7 @@ class MetasploitModule < Msf::Post
|
|||
'Name' => 'Linux DoS Xen 4.2.0 2012-5525',
|
||||
'Description' => %q(
|
||||
This module causes a hypervisor crash in Xen 4.2.0 when invoked from a
|
||||
paravirtualised VM, including from dom0. Successfully tested on Debian 7
|
||||
paravirtualized VM, including from dom0. Successfully tested on Debian 7
|
||||
3.2.0-4-amd64 with Xen 4.2.0.),
|
||||
'References' => [ ['CVE', '2012-5525'] ],
|
||||
'License' => MSF_LICENSE,
|
||||
|
|
|
@ -18,7 +18,7 @@ class MetasploitModule < Msf::Post
|
|||
'Description' => %q{
|
||||
Metasploit < 4.4 contains a vulnerable 'pcap_log' plugin which, when used with the default settings,
|
||||
creates pcap files in /tmp with predictable file names. This exploits this by hard-linking these
|
||||
filenames to /etc/passwd, then sending a packet with a priviliged user entry contained within.
|
||||
filenames to /etc/passwd, then sending a packet with a privileged user entry contained within.
|
||||
This, and all the other packets, are appended to /etc/passwd.
|
||||
|
||||
Successful exploitation results in the creation of a new superuser account.
|
||||
|
|
|
@ -10,7 +10,7 @@ class MetasploitModule < Msf::Post
|
|||
super( update_info( info,
|
||||
'Name' => 'Multi Gather DNS Service Record Lookup Scan',
|
||||
'Description' => %q{
|
||||
Enumerates know SRV Records for a given domaon using target host DNS query tool.
|
||||
Enumerates know SRV Records for a given domain using target host DNS query tool.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
|
||||
|
|
|
@ -15,7 +15,7 @@ class MetasploitModule < Msf::Post
|
|||
'Description' => %q{
|
||||
This module will attempt to enumerate any VirtualBox VMs on the target machine.
|
||||
Due to the nature of VirtualBox, this module can only enumerate VMs registered
|
||||
for the current user, thereforce, this module needs to be invoked from a user context.
|
||||
for the current user, therefore, this module needs to be invoked from a user context.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => ['theLightCosine'],
|
||||
|
|
|
@ -15,7 +15,7 @@ class MetasploitModule < Msf::Post
|
|||
the necessary files such as 'signons.sqlite', 'key3.db', and 'cert8.db' for
|
||||
offline decryption with third party tools.
|
||||
|
||||
If necessary, you may also set the PARSE optioin to true to parse the sqlite
|
||||
If necessary, you may also set the PARSE option to true to parse the sqlite
|
||||
file, which contains sensitive information such as the encrypted username/password.
|
||||
However, this feature is not enabled by default, because it requires SQLITE3 gem
|
||||
to be installed on your machine.
|
||||
|
|
|
@ -10,7 +10,7 @@ class MetasploitModule < Msf::Post
|
|||
'Name' => 'Multi Manage System Remote TCP Shell Session',
|
||||
'Description' => %q{
|
||||
This module will create a Reverse TCP Shell on the target system
|
||||
using the system own scripting enviroments installed on the
|
||||
using the system own scripting environments installed on the
|
||||
target.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
|
|
|
@ -12,7 +12,7 @@ class MetasploitModule < Msf::Post
|
|||
'Description' => %q{
|
||||
This module will download the "Chicken of the VNC" client application's
|
||||
profile file, which is used to store other VNC servers' information such
|
||||
as as the IP and password.
|
||||
as the IP and password.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'sinn3r'],
|
||||
|
|
|
@ -14,7 +14,7 @@ class MetasploitModule < Msf::Post
|
|||
This module presents a way to quickly go through the current user's keychains and
|
||||
collect data such as email accounts, servers, and other services. Please note:
|
||||
when using the GETPASS and GETPASS_AUTO_ACCEPT option, the user may see an authentication
|
||||
alert flash briefly on their screen that gets dismissed by a programatically triggered click.
|
||||
alert flash briefly on their screen that gets dismissed by a programmatically triggered click.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'ipwnstuff <e[at]ipwnstuff.com>', 'joev' ],
|
||||
|
|
|
@ -20,7 +20,7 @@ class MetasploitModule < Msf::Post
|
|||
to find the credential for Gmail. The Gmail's last session state may contain the
|
||||
user's credential if his/her first login attempt failed (likely due to a typo),
|
||||
and then the page got refreshed or another login attempt was made. This also means
|
||||
the stolen credential might contains typos.
|
||||
the stolen credential might contain typos.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'sinn3r'],
|
||||
|
|
|
@ -14,7 +14,7 @@ class MetasploitModule < Msf::Post
|
|||
'Description' => %q{
|
||||
This module attempts to determine whether the system is running
|
||||
inside of a virtual environment and if so, which one. This
|
||||
module supports detectoin of Solaris Zone, VMWare, VirtualBox, Xen,
|
||||
module supports detection of Solaris Zone, VMWare, VirtualBox, Xen,
|
||||
and QEMU/KVM.},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
|
||||
|
|
|
@ -15,7 +15,7 @@ class MetasploitModule < Msf::Post
|
|||
'Description' => %q{
|
||||
This module attempts to determine whether the system is running
|
||||
inside of a virtual environment and if so, which one. This
|
||||
module supports detectoin of Hyper-V, VMWare, Virtual PC,
|
||||
module supports detection of Hyper-V, VMWare, Virtual PC,
|
||||
VirtualBox, Xen, and QEMU.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
|
|
|
@ -15,7 +15,7 @@ class MetasploitModule < Msf::Post
|
|||
super(update_info(info,
|
||||
'Name' => 'Windows Gather FlashFXP Saved Password Extraction',
|
||||
'Description' => %q{
|
||||
This module extracts weakly encrypted saved FTP Passwords from FlashFXP. It
|
||||
This module extracts weakly encrypted saved FTP Passwords from FlashFXP. It
|
||||
finds saved FTP connections in the Sites.dat file. },
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'theLightCosine'],
|
||||
|
|
|
@ -18,7 +18,7 @@ class MetasploitModule < Msf::Post
|
|||
'Name' => 'Windows Gather Enumerate Active Domain Users',
|
||||
'Description' => %q{
|
||||
This module will enumerate computers included in the primary Domain and attempt
|
||||
to list all locations the targeted user has sessions on. If a the HOST option is specified
|
||||
to list all locations the targeted user has sessions on. If the HOST option is specified
|
||||
the module will target only that host. If the HOST is specified and USER is set to nil, all users
|
||||
logged into that host will be returned.'
|
||||
},
|
||||
|
|
|
@ -9,7 +9,7 @@ class MetasploitModule < Msf::Post
|
|||
super( update_info(info,
|
||||
'Name' => 'Windows Gather Process Memory Grep',
|
||||
'Description' => %q{
|
||||
This module allows for searching the memory space of a proccess for potentially
|
||||
This module allows for searching the memory space of a process for potentially
|
||||
sensitive data. Please note: When the HEAP option is enabled, the module will have
|
||||
to migrate to the process you are grepping, and will not migrate back automatically.
|
||||
This means that if the user terminates the application after using this module, you
|
||||
|
|
|
@ -12,7 +12,7 @@ class MetasploitModule < Msf::Post
|
|||
'Description' => %q{
|
||||
This module adds a user to the Domain and/or to a Domain group. It will
|
||||
check if sufficient privileges are present for certain actions and run
|
||||
getprivs for system. If you elevated privs to system,the
|
||||
getprivs for system. If you elevated privs to system, the
|
||||
SeAssignPrimaryTokenPrivilege will not be assigned. You need to migrate to
|
||||
a process that is running as system. If you don't have privs, this script
|
||||
exits.
|
||||
|
|
|
@ -15,7 +15,7 @@ class MetasploitModule < Msf::Post
|
|||
This module forwards SSH agent requests from a local socket to a remote Pageant instance.
|
||||
If a target Windows machine is compromised and is running Pageant, this will allow the
|
||||
attacker to run normal OpenSSH commands (e.g. ssh-add -l) against the Pageant host which are
|
||||
tunnelled through the meterpreter session. This could therefore be used to authenticate
|
||||
tunneled through the meterpreter session. This could therefore be used to authenticate
|
||||
with a remote host using a private key which is loaded into a remote user's Pageant instance,
|
||||
without ever having knowledge of the private key itself.
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ class MetasploitModule < Msf::Post
|
|||
super(update_info(info,
|
||||
'Name' => 'Windows Manage Persistent EXE Payload Installer',
|
||||
'Description' => %q(
|
||||
This Module will upload a executable to a remote host and make it Persistent.
|
||||
This Module will upload an executable to a remote host and make it Persistent.
|
||||
It can be installed as USER, SYSTEM, or SERVICE. USER will start on user login,
|
||||
SYSTEM will start on system boot but requires privs. SERVICE will create a new service
|
||||
which will start the payload. Again requires privs.
|
||||
|
|
|
@ -13,7 +13,7 @@ class MetasploitModule < Msf::Post
|
|||
super( update_info( info,
|
||||
'Name' => 'Windows Manage Privilege Based Process Migration ',
|
||||
'Description' => %q{ This module will migrate a Meterpreter session based on session privileges.
|
||||
It will do everything it can to migrate, including spawing a new User level process.
|
||||
It will do everything it can to migrate, including spawning a new User level process.
|
||||
For sessions with Admin rights: It will try to migrate into a System level process in the following
|
||||
order: ANAME (if specified), services.exe, wininit.exe, svchost.exe, lsm.exe, lsass.exe, and winlogon.exe.
|
||||
If all these fail and NOFAIL is set to true, it will fall back to User level migration. For sessions with User level rights:
|
||||
|
|
|
@ -15,7 +15,7 @@ class MetasploitModule < Msf::Post
|
|||
This module will login with the specified username/password and execute the
|
||||
supplied command as a hidden process. Output is not returned by default, by setting
|
||||
CMDOUT to false output will be redirected to a temp file and read back in to
|
||||
display.By setting advanced option SETPASS to true, it will reset the users
|
||||
display. By setting advanced option SETPASS to true, it will reset the users
|
||||
password and then execute the command.
|
||||
),
|
||||
'License' => MSF_LICENSE,
|
||||
|
|
|
@ -11,7 +11,7 @@ class MetasploitModule < Msf::Post
|
|||
super(update_info(info,
|
||||
'Name' => "Windows Manage Set Shadow Copy Storage Space",
|
||||
'Description' => %q{
|
||||
This module will attempt to change the ammount of space
|
||||
This module will attempt to change the amount of space
|
||||
for volume shadow copy storage. This is based on the
|
||||
VSSOwn Script originally posted by Tim Tomes and
|
||||
Mark Baggett.
|
||||
|
|
|
@ -17,7 +17,7 @@ class MetasploitModule < Msf::Post
|
|||
'Description' => %q{
|
||||
On Windows 8/2012 or higher, the Digest Security Provider (WDIGEST) is disabled by default. This module enables/disables
|
||||
credential caching by adding/changing the value of the UseLogonCredential DWORD under the WDIGEST provider's Registry key.
|
||||
Any subsequest logins will allow mimikatz to recover the plain text passwords from the system's memory.
|
||||
Any subsequent logins will allow mimikatz to recover the plain text passwords from the system's memory.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'Kostas Lintovois <kostas.lintovois[at]mwrinfosecurity.com>'],
|
||||
|
|
|
@ -14,7 +14,7 @@ class MetasploitModule < Msf::Post
|
|||
'Description' => %q{ This module uses railgun to discover hostnames and IPs on the network.
|
||||
LTYPE should be set to one of the following values: WK (all workstations), SVR (all servers),
|
||||
SQL (all SQL servers), DC (all Domain Controllers), DCBKUP (all Domain Backup Servers),
|
||||
NOVELL (all Novell servers), PRINTSVR (all Print Que servers), MASTERBROWSER (all Master Browswers),
|
||||
NOVELL (all Novell servers), PRINTSVR (all Print Que servers), MASTERBROWSER (all Master Browsers),
|
||||
WINDOWS (all Windows hosts), or UNIX (all Unix hosts).
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
|
|
|
@ -13,7 +13,7 @@ class MetasploitModule < Msf::Post
|
|||
'Name' => 'Windows Gather Wireless Profile',
|
||||
'Description' => %q{
|
||||
This module extracts saved Wireless LAN profiles. It will also try to decrypt
|
||||
the network key material. Behaviour is slightly different between OS versions
|
||||
the network key material. Behavior is slightly different between OS versions
|
||||
when it comes to WPA. In Windows Vista/7 we will get the passphrase. In
|
||||
Windows XP we will get the PBKDF2 derived key.
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue