Fixup on description and some option descrips
parent
3d4d5a84b6
commit
1236a4eb07
|
@ -16,8 +16,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
super(update_info(info,
|
||||
'Name' => 'IBM Lotus Notes Sametime User Enumeration',
|
||||
'Description' => %q{
|
||||
This module extracts users using the IBM Lotus Notes Sametime web
|
||||
interface using either brute-force or dictionary based attack.
|
||||
This module extracts usernames using the IBM Lotus Notes Sametime web
|
||||
interface using either a dictionary attack (which is preferred), or a
|
||||
bruteforce attack trying all usernames of MAXDEPTH length or less.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
@ -38,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
OptEnum.new('CHARSET', [true, 'Charset to use for enumeration', 'alpha', ['alpha', 'alphanum', 'num'] ]),
|
||||
OptEnum.new('TYPE', [true, 'Specify UID or EMAIL', 'UID', ['UID', 'EMAIL'] ]),
|
||||
OptPath.new('DICT', [ false, 'Path to dictionary file to use', '']),
|
||||
OptInt.new('MAXDEPTH', [ true, 'Maximum depth to check during brute-force', 2])
|
||||
OptInt.new('MAXDEPTH', [ true, 'Maximum depth to check during bruteforce', 2])
|
||||
], self.class)
|
||||
|
||||
register_advanced_options(
|
||||
|
@ -74,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
@charset.push(Rex::Text.uri_encode(spec))
|
||||
end
|
||||
end
|
||||
print_status("#{peer} - Performing Brute-Force based attack")
|
||||
print_status("#{peer} - Performing Bruteforce attack")
|
||||
vprint_status("#{peer} - Using CHARSET: [#{@charset.join(",")}]")
|
||||
else
|
||||
print_status("#{peer} - Performing dictionary based attack (#{datastore['DICT']})")
|
||||
|
@ -163,7 +164,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
# provide feedback to user on current test length
|
||||
if datastore['DICT'].blank? and test_current.length > test_length
|
||||
test_length = test_current.length
|
||||
print_status("#{peer} - Beginning brute_force test for #{test_length} character strings")
|
||||
print_status("#{peer} - Beginning bruteforce test for #{test_length} character strings")
|
||||
end
|
||||
|
||||
res = make_request(test_current)
|
||||
|
|
|
@ -14,9 +14,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'IBM Lotus Notes Sametime Room Name Brute-Forcer',
|
||||
'Name' => 'IBM Lotus Notes Sametime Room Name Bruteforce',
|
||||
'Description' => %q{
|
||||
This module brute forces Sametime meeting room names via the IBM
|
||||
This module bruteforces Sametime meeting room names via the IBM
|
||||
Lotus Notes Sametime web interface.
|
||||
},
|
||||
'Author' =>
|
||||
|
@ -34,7 +34,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
register_options(
|
||||
[
|
||||
Opt::RPORT(443),
|
||||
OptString.new('OWNER', [ true, 'The owner to brute-force meeting room names for', '']),
|
||||
OptString.new('OWNER', [ true, 'The owner to bruteforce meeting room names for', '']),
|
||||
OptPath.new('DICT', [ true, 'The path to the userinfo script' ]),
|
||||
OptString.new('TARGETURI', [ true, 'Path to stmeetings', '/stmeetings/'])
|
||||
], self.class)
|
||||
|
@ -47,7 +47,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run
|
||||
print_status("#{peer} - Beginning IBM Lotus Notes Sametime Meeting Room Brute-force")
|
||||
print_status("#{peer} - Beginning IBM Lotus Notes Sametime Meeting Room Bruteforce")
|
||||
print_status("Using owner: #{datastore['OWNER']}")
|
||||
|
||||
# test for expected response code on non-existant meeting room name
|
||||
|
@ -81,10 +81,11 @@ class Metasploit3 < Msf::Auxiliary
|
|||
@test_queue = Queue.new
|
||||
@output_lock = false
|
||||
|
||||
# TODO: If DICT is unreadable (missing, etc) this will stack trace.
|
||||
::File.open(datastore['DICT']).each { |line| @test_queue.push(line.chomp) }
|
||||
vprint_status("Loaded #{@test_queue.length} values from dictionary")
|
||||
|
||||
print_status("#{peer} - Beginning dictionary brute-force using (#{datastore['Threads']} Threads)")
|
||||
print_status("#{peer} - Beginning dictionary bruteforce using (#{datastore['Threads']} Threads)")
|
||||
|
||||
while(not @test_queue.empty?)
|
||||
t = []
|
||||
|
|
|
@ -64,7 +64,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'Name' => 'IBM Lotus Sametime Version Enumeration',
|
||||
'Description' => %q{
|
||||
This module scans an IBM Lotus Sametime web interface to enumerate
|
||||
the version and configuration information.
|
||||
the application's version and configuration information.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -19,10 +19,11 @@ class Metasploit3 < Msf::Auxiliary
|
|||
(Soft) AX Loadbalancer version 2.6.1-GR1-P5/2.7.0 or less. When
|
||||
handling a file download request, the xml/downloads class fails to
|
||||
properly check the 'filename' parameter, which can be abused to read
|
||||
any file outside the virtual directory. Important files include SSL
|
||||
any file outside the virtual directory. Important files include SSL
|
||||
certificates. This module works on both the hardware devices and the
|
||||
Virtual Machine appliances. IMPORTANT NOTE: This will also delete the
|
||||
file on the device after downloading it.
|
||||
Virtual Machine appliances. IMPORTANT NOTE: This module will also delete the
|
||||
file on the device after downloading it. Because of this, the CONFIRM_DELETE
|
||||
option must be set to 'true' either manually or by script.
|
||||
},
|
||||
'References' =>
|
||||
[
|
||||
|
@ -49,7 +50,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def run
|
||||
unless datastore['CONFIRM_DELETE']
|
||||
print_error("This module will delete files on vulnerable systems. Please, set CONFIRM in order to run it.")
|
||||
print_error("This module will delete files on vulnerable systems. Please, set CONFIRM_DELETE in order to run it.")
|
||||
return
|
||||
end
|
||||
|
||||
|
|
|
@ -23,10 +23,10 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'Description' => %q{
|
||||
This module exploits an unauthenticated SQL injection vulnerability affecting Kloxo, as
|
||||
exploited in the wild on January 2014. The SQL injection issue can be abused in order to
|
||||
retrieve the kloxo admin clear text password from the database. With admin access to the
|
||||
retrieve the Kloxo admin cleartext password from the database. With admin access to the
|
||||
web control panel, remote PHP code execution can be achieved by abusing the Command Center
|
||||
function. The module tries to find the first server in the tree view , unless the server
|
||||
information is provided, and executes the payload there.
|
||||
function. The module tries to find the first server in the tree view, unless the server
|
||||
information is provided, in which case it executes the payload there.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
|
|
|
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'Description' => %q{
|
||||
This module exploits a vulnerability found in Pandora FMS 5.0RC1 and lower.
|
||||
It will leverage an unauthenticated command injection in the Anyterm service on
|
||||
port 8023. Commands are executed as the user "pandora". In Pandora FMS 4.1 and 5.0RC1
|
||||
port 8023/TCP. Commands are executed as the user "pandora". In Pandora FMS 4.1 and 5.0RC1
|
||||
the user "artica" is not assigned a password by default, which makes it possible to su
|
||||
to this user from the "pandora" user. The "artica" user has access to sudo without a
|
||||
password, which makes it possible to escalate privileges to root. However, Pandora FMS 4.0
|
||||
|
|
|
@ -15,11 +15,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'KingScada kxClientDownload.ocx ActiveX Remote Code Execution',
|
||||
'Description' => %q{
|
||||
This module abuses the kxClientDownload.ocx distributed with WellingTech KingScada.
|
||||
This module abuses the kxClientDownload.ocx ActiveX control distributed with WellingTech KingScada.
|
||||
The ProjectURL property can be abused to download and load arbitrary DLLs from
|
||||
arbitrary locations, leading to arbitrary code execution, because of a dangerous
|
||||
usage of LoadLibrary. Due to the nature of the vulnerability, this module will work
|
||||
only when there isn't Protected Mode.
|
||||
only when Protected Mode is not present or not enabled.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
|
|
|
@ -15,8 +15,9 @@ class Metasploit3 < Msf::Post
|
|||
super( update_info( info,
|
||||
'Name' => 'Windows Gather Active Directory User Comments',
|
||||
'Description' => %Q{
|
||||
This module will enumerate user accounts in the default AD directory. Which
|
||||
contain 'pass' in their description or comment (case-insensitive) by default.
|
||||
This module will enumerate user accounts in the default Active Domain (AD) directory which
|
||||
contain 'pass' in their description or comment (case-insensitive) by default. In some cases,
|
||||
such users have their passwords specified in these fields.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'Ben Campbell <eat_meatballs[at]hotmail.co.uk>' ],
|
||||
|
|
Loading…
Reference in New Issue