Land #2971 - Fixup on description and some option descrips

bug/bundler_fix
sinn3r 2014-02-10 14:50:39 -06:00
commit 0709aac3c5
No known key found for this signature in database
GPG Key ID: 2384DB4EF06F730B
8 changed files with 27 additions and 23 deletions

View File

@ -16,8 +16,9 @@ class Metasploit3 < Msf::Auxiliary
super(update_info(info, super(update_info(info,
'Name' => 'IBM Lotus Notes Sametime User Enumeration', 'Name' => 'IBM Lotus Notes Sametime User Enumeration',
'Description' => %q{ 'Description' => %q{
This module extracts users using the IBM Lotus Notes Sametime web This module extracts usernames using the IBM Lotus Notes Sametime web
interface using either brute-force or dictionary based attack. interface using either a dictionary attack (which is preferred), or a
bruteforce attack trying all usernames of MAXDEPTH length or less.
}, },
'Author' => 'Author' =>
[ [
@ -38,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
OptEnum.new('CHARSET', [true, 'Charset to use for enumeration', 'alpha', ['alpha', 'alphanum', 'num'] ]), OptEnum.new('CHARSET', [true, 'Charset to use for enumeration', 'alpha', ['alpha', 'alphanum', 'num'] ]),
OptEnum.new('TYPE', [true, 'Specify UID or EMAIL', 'UID', ['UID', 'EMAIL'] ]), OptEnum.new('TYPE', [true, 'Specify UID or EMAIL', 'UID', ['UID', 'EMAIL'] ]),
OptPath.new('DICT', [ false, 'Path to dictionary file to use', '']), OptPath.new('DICT', [ false, 'Path to dictionary file to use', '']),
OptInt.new('MAXDEPTH', [ true, 'Maximum depth to check during brute-force', 2]) OptInt.new('MAXDEPTH', [ true, 'Maximum depth to check during bruteforce', 2])
], self.class) ], self.class)
register_advanced_options( register_advanced_options(
@ -74,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary
@charset.push(Rex::Text.uri_encode(spec)) @charset.push(Rex::Text.uri_encode(spec))
end end
end end
print_status("#{peer} - Performing Brute-Force based attack") print_status("#{peer} - Performing Bruteforce attack")
vprint_status("#{peer} - Using CHARSET: [#{@charset.join(",")}]") vprint_status("#{peer} - Using CHARSET: [#{@charset.join(",")}]")
else else
print_status("#{peer} - Performing dictionary based attack (#{datastore['DICT']})") print_status("#{peer} - Performing dictionary based attack (#{datastore['DICT']})")
@ -163,7 +164,7 @@ class Metasploit3 < Msf::Auxiliary
# provide feedback to user on current test length # provide feedback to user on current test length
if datastore['DICT'].blank? and test_current.length > test_length if datastore['DICT'].blank? and test_current.length > test_length
test_length = test_current.length test_length = test_current.length
print_status("#{peer} - Beginning brute_force test for #{test_length} character strings") print_status("#{peer} - Beginning bruteforce test for #{test_length} character strings")
end end
res = make_request(test_current) res = make_request(test_current)

View File

@ -14,9 +14,9 @@ class Metasploit3 < Msf::Auxiliary
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'IBM Lotus Notes Sametime Room Name Brute-Forcer', 'Name' => 'IBM Lotus Notes Sametime Room Name Bruteforce',
'Description' => %q{ 'Description' => %q{
This module brute forces Sametime meeting room names via the IBM This module bruteforces Sametime meeting room names via the IBM
Lotus Notes Sametime web interface. Lotus Notes Sametime web interface.
}, },
'Author' => 'Author' =>
@ -34,7 +34,7 @@ class Metasploit3 < Msf::Auxiliary
register_options( register_options(
[ [
Opt::RPORT(443), Opt::RPORT(443),
OptString.new('OWNER', [ true, 'The owner to brute-force meeting room names for', '']), OptString.new('OWNER', [ true, 'The owner to bruteforce meeting room names for', '']),
OptPath.new('DICT', [ true, 'The path to the userinfo script' ]), OptPath.new('DICT', [ true, 'The path to the userinfo script' ]),
OptString.new('TARGETURI', [ true, 'Path to stmeetings', '/stmeetings/']) OptString.new('TARGETURI', [ true, 'Path to stmeetings', '/stmeetings/'])
], self.class) ], self.class)
@ -47,7 +47,7 @@ class Metasploit3 < Msf::Auxiliary
end end
def run def run
print_status("#{peer} - Beginning IBM Lotus Notes Sametime Meeting Room Brute-force") print_status("#{peer} - Beginning IBM Lotus Notes Sametime Meeting Room Bruteforce")
print_status("Using owner: #{datastore['OWNER']}") print_status("Using owner: #{datastore['OWNER']}")
# test for expected response code on non-existant meeting room name # test for expected response code on non-existant meeting room name
@ -81,10 +81,11 @@ class Metasploit3 < Msf::Auxiliary
@test_queue = Queue.new @test_queue = Queue.new
@output_lock = false @output_lock = false
# TODO: If DICT is unreadable (missing, etc) this will stack trace.
::File.open(datastore['DICT']).each { |line| @test_queue.push(line.chomp) } ::File.open(datastore['DICT']).each { |line| @test_queue.push(line.chomp) }
vprint_status("Loaded #{@test_queue.length} values from dictionary") vprint_status("Loaded #{@test_queue.length} values from dictionary")
print_status("#{peer} - Beginning dictionary brute-force using (#{datastore['Threads']} Threads)") print_status("#{peer} - Beginning dictionary bruteforce using (#{datastore['Threads']} Threads)")
while(not @test_queue.empty?) while(not @test_queue.empty?)
t = [] t = []

View File

@ -64,7 +64,7 @@ class Metasploit3 < Msf::Auxiliary
'Name' => 'IBM Lotus Sametime Version Enumeration', 'Name' => 'IBM Lotus Sametime Version Enumeration',
'Description' => %q{ 'Description' => %q{
This module scans an IBM Lotus Sametime web interface to enumerate This module scans an IBM Lotus Sametime web interface to enumerate
the version and configuration information. the application's version and configuration information.
}, },
'Author' => 'Author' =>
[ [

View File

@ -21,8 +21,9 @@ class Metasploit3 < Msf::Auxiliary
properly check the 'filename' parameter, which can be abused to read properly check the 'filename' parameter, which can be abused to read
any file outside the virtual directory. Important files include SSL any file outside the virtual directory. Important files include SSL
certificates. This module works on both the hardware devices and the certificates. This module works on both the hardware devices and the
Virtual Machine appliances. IMPORTANT NOTE: This will also delete the Virtual Machine appliances. IMPORTANT NOTE: This module will also delete the
file on the device after downloading it. file on the device after downloading it. Because of this, the CONFIRM_DELETE
option must be set to 'true' either manually or by script.
}, },
'References' => 'References' =>
[ [
@ -49,7 +50,7 @@ class Metasploit3 < Msf::Auxiliary
def run def run
unless datastore['CONFIRM_DELETE'] unless datastore['CONFIRM_DELETE']
print_error("This module will delete files on vulnerable systems. Please, set CONFIRM in order to run it.") print_error("This module will delete files on vulnerable systems. Please, set CONFIRM_DELETE in order to run it.")
return return
end end

View File

@ -23,10 +23,10 @@ class Metasploit3 < Msf::Exploit::Remote
'Description' => %q{ 'Description' => %q{
This module exploits an unauthenticated SQL injection vulnerability affecting Kloxo, as This module exploits an unauthenticated SQL injection vulnerability affecting Kloxo, as
exploited in the wild on January 2014. The SQL injection issue can be abused in order to exploited in the wild on January 2014. The SQL injection issue can be abused in order to
retrieve the kloxo admin clear text password from the database. With admin access to the retrieve the Kloxo admin cleartext password from the database. With admin access to the
web control panel, remote PHP code execution can be achieved by abusing the Command Center web control panel, remote PHP code execution can be achieved by abusing the Command Center
function. The module tries to find the first server in the tree view , unless the server function. The module tries to find the first server in the tree view, unless the server
information is provided, and executes the payload there. information is provided, in which case it executes the payload there.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => 'Author' =>

View File

@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Description' => %q{ 'Description' => %q{
This module exploits a vulnerability found in Pandora FMS 5.0RC1 and lower. This module exploits a vulnerability found in Pandora FMS 5.0RC1 and lower.
It will leverage an unauthenticated command injection in the Anyterm service on It will leverage an unauthenticated command injection in the Anyterm service on
port 8023. Commands are executed as the user "pandora". In Pandora FMS 4.1 and 5.0RC1 port 8023/TCP. Commands are executed as the user "pandora". In Pandora FMS 4.1 and 5.0RC1
the user "artica" is not assigned a password by default, which makes it possible to su the user "artica" is not assigned a password by default, which makes it possible to su
to this user from the "pandora" user. The "artica" user has access to sudo without a to this user from the "pandora" user. The "artica" user has access to sudo without a
password, which makes it possible to escalate privileges to root. However, Pandora FMS 4.0 password, which makes it possible to escalate privileges to root. However, Pandora FMS 4.0

View File

@ -15,11 +15,11 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info, super(update_info(info,
'Name' => 'KingScada kxClientDownload.ocx ActiveX Remote Code Execution', 'Name' => 'KingScada kxClientDownload.ocx ActiveX Remote Code Execution',
'Description' => %q{ 'Description' => %q{
This module abuses the kxClientDownload.ocx distributed with WellingTech KingScada. This module abuses the kxClientDownload.ocx ActiveX control distributed with WellingTech KingScada.
The ProjectURL property can be abused to download and load arbitrary DLLs from The ProjectURL property can be abused to download and load arbitrary DLLs from
arbitrary locations, leading to arbitrary code execution, because of a dangerous arbitrary locations, leading to arbitrary code execution, because of a dangerous
usage of LoadLibrary. Due to the nature of the vulnerability, this module will work usage of LoadLibrary. Due to the nature of the vulnerability, this module will work
only when there isn't Protected Mode. only when Protected Mode is not present or not enabled.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => 'Author' =>

View File

@ -15,8 +15,9 @@ class Metasploit3 < Msf::Post
super( update_info( info, super( update_info( info,
'Name' => 'Windows Gather Active Directory User Comments', 'Name' => 'Windows Gather Active Directory User Comments',
'Description' => %Q{ 'Description' => %Q{
This module will enumerate user accounts in the default AD directory. Which This module will enumerate user accounts in the default Active Domain (AD) directory which
contain 'pass' in their description or comment (case-insensitive) by default. contain 'pass' in their description or comment (case-insensitive) by default. In some cases,
such users have their passwords specified in these fields.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => [ 'Ben Campbell <eat_meatballs[at]hotmail.co.uk>' ], 'Author' => [ 'Ben Campbell <eat_meatballs[at]hotmail.co.uk>' ],