infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Minor typos and grammar fixes

bug/bundler_fix
Tod Beardsley 2014-11-13 14:48:23 -06:00
parent 714ce2f3ce
commit dd1920edd6
No known key found for this signature in database
GPG Key ID: BD63D0A3EA19CAAC
8 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/auxiliary/admin/http/manageengine_pmp_privesc.rb
View File

@ -17,7 +17,7 @@ class Metasploit3 < Msf::Auxiliary
ManageEngine Password Manager Pro (PMP) has an authenticated blind SQL injection ManageEngine Password Manager Pro (PMP) has an authenticated blind SQL injection
vulnerability in SQLAdvancedALSearchResult.cc that can be abused to escalate vulnerability in SQLAdvancedALSearchResult.cc that can be abused to escalate
privileges and obtain Super Administrator access. A Super Administrator can then privileges and obtain Super Administrator access. A Super Administrator can then
use its privileges to dump the whole password database in CSV format. PMP can use use his privileges to dump the whole password database in CSV format. PMP can use
both MySQL and PostgreSQL databases but this module only exploits the latter as both MySQL and PostgreSQL databases but this module only exploits the latter as
MySQL does not support stacked queries with Java. PostgreSQL is the default database MySQL does not support stacked queries with Java. PostgreSQL is the default database
in v6.8 and above, but older PMP versions can be upgraded and continue using MySQL, in v6.8 and above, but older PMP versions can be upgraded and continue using MySQL,

6
modules/auxiliary/admin/mssql/mssql_enum_sql_logins.rb
View File

@ -18,10 +18,10 @@ class Metasploit3 < Msf::Auxiliary
Selecting all of the logins from the master..syslogins table is restricted to sysadmins. Selecting all of the logins from the master..syslogins table is restricted to sysadmins.
However, logins with the PUBLIC role (everyone) can quickly enumerate all SQL Server However, logins with the PUBLIC role (everyone) can quickly enumerate all SQL Server
logins using the SUSER_SNAME function by fuzzing the principal_id parameter. This is logins using the SUSER_SNAME function by fuzzing the principal_id parameter. This is
pretty simple, because the principal ids assigned to logins are incremental. Once logins pretty simple, because the principal IDs assigned to logins are incremental. Once logins
have been enumerated they can be verified via sp_defaultdb error analysis. This is have been enumerated they can be verified via sp_defaultdb error analysis. This is
important, because not all of the principal ids resolve to SQL logins. Some resolve to important, because not all of the principal IDs resolve to SQL logins (some resolve to
roles etc. Once logins have been enumerated they can be used in dictionary attacks. roles instead) Once logins have been enumerated, they can be used in dictionary attacks.
}, },
'Author' => ['nullbind <scott.sutherland[at]netspi.com>'], 'Author' => ['nullbind <scott.sutherland[at]netspi.com>'],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,

2
modules/auxiliary/admin/mssql/mssql_escalate_execute_as.rb
View File

@ -15,7 +15,7 @@ class Metasploit3 < Msf::Auxiliary
'Name' => 'Microsoft SQL Server - Escalate EXECUTE AS', 'Name' => 'Microsoft SQL Server - Escalate EXECUTE AS',
'Description' => %q{ 'Description' => %q{
This module can be used escalate privileges if the IMPERSONATION privilege has been This module can be used escalate privileges if the IMPERSONATION privilege has been
assigned to the user. In most cases this results in additional data access, but in assigned to the user. In most cases, this results in additional data access, but in
some cases it can be used to gain sysadmin privileges. some cases it can be used to gain sysadmin privileges.
}, },
'Author' => ['nullbind <scott.sutherland[at]netspi.com>'], 'Author' => ['nullbind <scott.sutherland[at]netspi.com>'],

2
modules/auxiliary/admin/mssql/mssql_escalate_execute_as_sqli.rb
View File

@ -16,7 +16,7 @@ class Metasploit3 < Msf::Auxiliary
'Name' => 'Microsoft SQL Server - SQLi Escalate Execute As', 'Name' => 'Microsoft SQL Server - SQLi Escalate Execute As',
'Description' => %q{ 'Description' => %q{
This module can be used escalate privileges if the IMPERSONATION privilege has been This module can be used escalate privileges if the IMPERSONATION privilege has been
assigned to the user via error based SQL injection. In most cases this results in assigned to the user via error based SQL injection. In most cases, this results in
additional data access, but in some cases it can be used to gain sysadmin privileges. additional data access, but in some cases it can be used to gain sysadmin privileges.
The syntax for injection URLs is: /testing.asp?id=1+and+1=[SQLi];-- The syntax for injection URLs is: /testing.asp?id=1+and+1=[SQLi];--
}, },

4
modules/auxiliary/gather/eventlog_cred_disclosure.rb
View File

@ -19,8 +19,8 @@ class Metasploit3 < Msf::Auxiliary
allow an unauthenticated user to obtain the superuser password of any managed Windows and allow an unauthenticated user to obtain the superuser password of any managed Windows and
AS/400 hosts. This module abuses both vulnerabilities to collect all the available AS/400 hosts. This module abuses both vulnerabilities to collect all the available
usernames and passwords. First the agentHandler servlet is abused to get the hostid and usernames and passwords. First the agentHandler servlet is abused to get the hostid and
slid of each device (CVE-2014-6038); then these numeric id's are used to extract usernames slid of each device (CVE-2014-6038); then these numeric IDs are used to extract usernames
and passwords by abusing the hostdetails servlet (CVE-2014-6039). Note that on version 7 and passwords by abusing the hostdetails servlet (CVE-2014-6039). Note that on version 7,
the TARGETURI has to be prepended with /event. the TARGETURI has to be prepended with /event.
}, },
'Author' => 'Author' =>

2
modules/exploits/multi/http/visual_mining_netcharts_upload.rb
View File

@ -23,7 +23,7 @@ class Metasploit3 < Msf::Exploit::Remote
First, a lack of input validation in the administration console permits First, a lack of input validation in the administration console permits
arbitrary jsp code upload to locations accessible later through the web arbitrary jsp code upload to locations accessible later through the web
service. Authentication is typically required, however a 'hidden' user is service. Authentication is typically required, however a 'hidden' user is
available by default (and non editable). This user, named 'Scheduler', available by default (and non-editable). This user, named 'Scheduler',
can only login to the console after any modification in the user can only login to the console after any modification in the user
database (a user is added, admin password is changed etc). If the database (a user is added, admin password is changed etc). If the
'Scheduler' user isn't available valid credentials must be supplied. The 'Scheduler' user isn't available valid credentials must be supplied. The

4
modules/exploits/windows/fileformat/ms14_064_packager_python.rb
View File

@ -20,8 +20,8 @@ class Metasploit3 < Msf::Exploit::Remote
publicly known as "Sandworm", on systems with Python for Windows installed. Windows Vista publicly known as "Sandworm", on systems with Python for Windows installed. Windows Vista
SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable.
However, based on our testing, the most reliable setup is on Windows platforms running However, based on our testing, the most reliable setup is on Windows platforms running
Office 2013 and Office 2010 SP2. And please keep in mind that some other setups such as Office 2013 and Office 2010 SP2. Please keep in mind that some other setups such as
using Office 2010 SP1 might be less stable, and sometimes may end up with a crash due to a those using Office 2010 SP1 may be less stable, and may end up with a crash due to a
failure in the CPackage::CreateTempFileName function. failure in the CPackage::CreateTempFileName function.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,

4
modules/exploits/windows/fileformat/ms14_064_packager_run_as_admin.rb
View File

@ -20,8 +20,8 @@ class Metasploit3 < Msf::Exploit::Remote
The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms
such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known
to be vulnerable. However, based on our testing, the most reliable setup is on Windows to be vulnerable. However, based on our testing, the most reliable setup is on Windows
platforms running Office 2013 and Office 2010 SP2. And please keep in mind that some other platforms running Office 2013 and Office 2010 SP2. Please keep in mind that some other
setups such as using Office 2010 SP1 might be less stable, and sometimes may end up with a setups such as using Office 2010 SP1 might be less stable, and may end up with a
crash due to a failure in the CPackage::CreateTempFileName function. crash due to a failure in the CPackage::CreateTempFileName function.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,