diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index cc16b68d14..7760ea0dae 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -23239,6 +23239,43 @@ "is_install_path": true, "ref_name": "scanner/smb/impacket/dcomexec" }, + "auxiliary_scanner/smb/impacket/secretsdump": { + "name": "DCOM Exec", + "full_name": "auxiliary/scanner/smb/impacket/secretsdump", + "rank": 300, + "disclosure_date": null, + "type": "auxiliary", + "author": [ + "Alberto Solino", + "Spencer McIntyre" + ], + "description": "Performs various techniques to dump hashes from the remote machine\n without executing any agent there. For SAM and LSA Secrets (including\n cached creds) we try to read as much as we can from the registry and\n then we save the hives in the target system (%SYSTEMROOT%\\Temp dir) and\n read the rest of the data from there.", + "references": [ + "URL-https://github.com/gentilkiwi/kekeo/tree/master/dcsync", + "URL-http://moyix.blogspot.com.ar/2008/02/syskey-and-sam.html", + "URL-http://moyix.blogspot.com.ar/2008/02/decrypting-lsa-secrets.html", + "URL-http://moyix.blogspot.com.ar/2008/02/cached-domain-credentials.html", + "URL-http://www.quarkslab.com/en-blog+read+13", + "URL-https://code.google.com/p/creddump/", + "URL-http://lab.mediaservice.net/code/cachedump.rb", + "URL-http://insecurety.net/?p=768", + "URL-http://www.beginningtoseethelight.org/ntsecurity/index.htm", + "URL-http://www.ntdsxtract.com/downloads/ActiveDirectoryOfflineHashDumpAndForensics.pdf", + "URL-http://www.passcape.com/index.php?section=blog&cmd=details&id=15", + "URL-https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py", + "AKA-secretsdump.py" + ], + "is_server": false, + "is_client": false, + "platform": "", + "arch": "", + "rport": "", + "targets": null, + "mod_time": "2018-05-27 17:12:06 +0000", + "path": "/modules/auxiliary/scanner/smb/impacket/secretsdump.py", + "is_install_path": true, + "ref_name": "scanner/smb/impacket/secretsdump" + }, "auxiliary_scanner/smb/impacket/wmiexec": { "name": "WMI Exec", "full_name": "auxiliary/scanner/smb/impacket/wmiexec", @@ -35412,7 +35449,7 @@ "name": "HID discoveryd command_blink_on Unauthenticated RCE", "full_name": "exploit/linux/misc/hid_discoveryd_command_blink_on_unauth_rce", "rank": 600, - "disclosure_date": "2016-03-28", + "disclosure_date": "2016-03-28 00:00:00 +0000", "type": "exploit", "author": [ "Ricky \"HeadlessZeke\" Lawshae", @@ -39782,7 +39819,7 @@ "name": "GitList v0.6.0 Argument Injection Vulnerability", "full_name": "exploit/multi/http/gitlist_arg_injection", "rank": 600, - "disclosure_date": "2018-04-26", + "disclosure_date": "2018-04-26 00:00:00 +0000", "type": "exploit", "author": [ "Kacper Szurek", diff --git a/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb b/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb index 726a814b17..0a20a3baa6 100644 --- a/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb +++ b/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb @@ -17,7 +17,8 @@ class MetasploitModule < Msf::Auxiliary }, 'References' => [ - ['OSVDB', '60035'], + ['CVE', '2009-4655'], + ['OSVDB', '60035'] ], 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/admin/http/intersil_pass_reset.rb b/modules/auxiliary/admin/http/intersil_pass_reset.rb index 7d4061afe6..136b15d7c2 100644 --- a/modules/auxiliary/admin/http/intersil_pass_reset.rb +++ b/modules/auxiliary/admin/http/intersil_pass_reset.rb @@ -29,6 +29,7 @@ class MetasploitModule < Msf::Auxiliary 'License' => MSF_LICENSE, 'References' => [ + [ 'CVE', '2007-4915' ], [ 'BID', '25676'], [ 'PACKETSTORM', '59347'] ], diff --git a/modules/auxiliary/admin/scada/yokogawa_bkbcopyd_client.rb b/modules/auxiliary/admin/scada/yokogawa_bkbcopyd_client.rb index e062fba641..f65288ee06 100644 --- a/modules/auxiliary/admin/scada/yokogawa_bkbcopyd_client.rb +++ b/modules/auxiliary/admin/scada/yokogawa_bkbcopyd_client.rb @@ -20,6 +20,7 @@ class MetasploitModule < Msf::Auxiliary [ 'Unknown' ], 'References' => [ + [ 'CVE', '2014-5208' ], [ 'URL', 'https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access'] ], 'Actions' => diff --git a/modules/auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb b/modules/auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb index 66a9876fb0..6f5a5a3b99 100644 --- a/modules/auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb +++ b/modules/auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb @@ -32,6 +32,7 @@ class MetasploitModule < Msf::Auxiliary 'License' => MSF_LICENSE, 'References' => [ + [ 'CVE', '2010-2426' ], [ 'OSVDB', '65533'], [ 'URL', 'http://seclists.org/bugtraq/2010/Jun/160' ] ], diff --git a/modules/auxiliary/scanner/http/support_center_plus_directory_traversal.rb b/modules/auxiliary/scanner/http/support_center_plus_directory_traversal.rb index fffdc3d551..7f6abf3710 100644 --- a/modules/auxiliary/scanner/http/support_center_plus_directory_traversal.rb +++ b/modules/auxiliary/scanner/http/support_center_plus_directory_traversal.rb @@ -23,6 +23,7 @@ class MetasploitModule < Msf::Auxiliary 'Author' => 'xistence ', # Discovery, Metasploit module 'References' => [ + ['CVE', '2014-100002'], ['EDB', '31262'], ['OSVDB', '102656'], ['BID', '65199'], diff --git a/modules/auxiliary/scanner/snmp/arris_dg950.rb b/modules/auxiliary/scanner/snmp/arris_dg950.rb index 717c1ed6f1..71793db4a6 100644 --- a/modules/auxiliary/scanner/snmp/arris_dg950.rb +++ b/modules/auxiliary/scanner/snmp/arris_dg950.rb @@ -17,6 +17,7 @@ class MetasploitModule < Msf::Auxiliary }, 'References' => [ + ['CVE','2014-4862'], ['URL', 'https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863'] ], 'Author' => ['Deral "Percent_X" Heiland'],