Land #5839, pre-bloggery cleanup edits

bug/bundler_fix blog-20150813
Mo Sadek 2015-08-13 13:43:57 -05:00
commit 677ec341dd
No known key found for this signature in database
GPG Key ID: 005BFB70E7624F28
4 changed files with 19 additions and 23 deletions

View File

@ -6,14 +6,16 @@ class Metasploit3 < Msf::Auxiliary
def initialize(info = {})
super(update_info(info,
'Name' => 'Lansweeper Collector',
'Name' => 'Lansweeper Credential Collector',
'Description' => %q(
Lansweeper stores the credentials it uses to scan the computers in its MSSQL database.
The passwords are XTea-encrypted with a 68 character long key, which first 8 character
are stored with the password in the database, and the other 60 is static. Lansweeper by
default creates an MSSQL user "lansweeperuser" whose password is "mysecretpassword0*",
and stores its data in a database called "lansweeperdb". This module will query the MSSQL
database for the credentials.
Lansweeper stores the credentials it uses to scan the computers
in its Microsoft SQL database. The passwords are XTea-encrypted with a
68 character long key, in which the first 8 characters are stored with
the password in the database and the other 60 is static. Lansweeper, by
default, creates an MSSQL user "lansweeperuser" with the password is
"mysecretpassword0*", and stores its data in a database called
"lansweeperdb". This module will query the MSSQL database for the
credentials.
),
'Author' =>
[

View File

@ -15,35 +15,29 @@ class Metasploit3 < Msf::Auxiliary
This module will automatically serve browser exploits. Here are the options you can
configure:
The Include option allows you to specify the kind of exploits to be loaded. For example,
The INCLUDE_PATTERN option allows you to specify the kind of exploits to be loaded. For example,
if you wish to load just Adobe Flash exploits, then you can set Include to 'adobe_flash'.
The Exclude option will ignore exploits. For example, if you don't want any Adobe Flash
The EXCLUDE_PATTERN option will ignore exploits. For example, if you don't want any Adobe Flash
exploits, you can set this. Also note that the Exclude option will always be evaludated
after the Include option.
The MaxExploits option specifies the max number of exploits to load by Browser Autopwn.
The MaxExploitCount option specifies the max number of exploits to load by Browser Autopwn.
By default, 20 will be loaded. But note that the client will probably not be vulnerable
to all 20 of them, so only some will actually be served to the client.
The Content option allows you to provide a basic webpage. This is what the user behind
The HTMLContent option allows you to provide a basic webpage. This is what the user behind
the vulnerable browser will see. You can simply set a string, or you can do the file://
syntax to load an HTML file. Note this option might break exploits so try to keep it
as simple as possible.
The WhiteList option can be used to avoid visitors that are outside the scope of your
pentest engagement. IPs that are not on the list will not be attacked.
The MaxSessions option is used to limit how many sessions Browser Autopwn is allowed to
The MaxSessionCount option is used to limit how many sessions Browser Autopwn is allowed to
get. The default -1 means unlimited. Combining this with other options such as RealList
and Custom404, you can get information about which visitors (IPs) clicked on your malicious
link, what exploits they might be vulnerable to, redirect them to your own internal
training website without actually attacking them.
The RealList is an option that will list what exploits the client might be vulnerable to
based on basic browser information. If possible, you can run the exploits for validation.
For more information about Browser Autopwn, please see the reference link.
For more information about Browser Autopwn, please see the referenced blog post.
},
'License' => MSF_LICENSE,
'Author' => [ 'sinn3r' ],

View File

@ -319,3 +319,4 @@ class Metasploit3 < Msf::Exploit::Remote
res
end
end

View File

@ -14,11 +14,10 @@ class Metasploit3 < Msf::Post
This module suggests local meterpreter exploits that can be used. The
exploits are suggested based on the architecture and platform that
the user has a shell opened as well as the available exploits in
meterpreter. Additionally, the ShowDescription option can be set
to 'true' to a detailed description on the suggested exploits.
meterpreter.
It's important to note that not all local exploits will be fired.
They are chosen based on these conditions: session type,
Exploits are chosen based on these conditions: session type,
platform, architecture, and required default options.
},
'License' => MSF_LICENSE,