infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
51,630 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

5063 Commits (master)

Author SHA1 Message Date
Hendrik Van Belleghem aed609d6f0 Changes in couchdb_enum to also include fill database enumeration 2018-09-15 13:58:54 +02:00
Adam Cammack 04cc7843a4
Typo fixes 2018-09-13 11:19:13 -05:00
Jacob Robles d0e67c5b60
Add SMB2 support to smb_enumshares 2018-09-11 19:05:26 -05:00
Adam Cammack a8f766cfd5
Update heartbleed description to mention `repeat` 2018-09-11 17:41:06 -05:00
Brent Cook ea2fcb6fc4
Land #10593, Refactor SSH mixins and update modules 2018-09-10 15:38:53 -05:00
William Vu 3ec4d2f22b Normalize loot type OID 
1. Include the vendor, product, and technology
2. Content type is already reported, extension changed
3. Original filename including extension is also reported

Can we get some sort of standard on the OID?
 2018-09-10 15:06:07 -05:00
h00die 39a2d9d2a8 save xml files as xml 2018-09-09 21:24:39 -04:00
Shaksham Jaiswal 552ff027cd
fixes 2018-09-07 15:18:11 +05:30
Shaksham Jaiswal bc1173a857
code fixes 2018-09-07 15:11:49 +05:30
William Vu 35fb0d19ab Refactor SSH mixins and update modules 2018-09-05 23:53:11 -05:00
BrianWGray 3546b9388c correct CVE Reference 2018-09-05 10:29:49 -04:00
BrianWGray b8687d501c msftidy corrections 2018-08-31 18:55:20 -04:00
Erin Bleiweiss 69a785ff46
Update json for python modules 2018-08-31 16:56:22 -05:00
Erin Bleiweiss eb17d9b198
Refactor AKA references for modules 2018-08-31 16:56:05 -05:00
egre55 2304c377db
Add IIS ShortName Scanner module 2018-08-30 08:46:22 +00:00
AverageSecurityGuy d21c108adf Fix syntax error. 2018-08-28 12:00:31 -04:00
AverageSecurityGuy 44df7939e9 Added docs. Made suggested code changes. 2018-08-28 10:56:05 -04:00
AverageSecurityGuy 0ba1d11218 Add FrontPage Credential Dump 2018-08-27 15:02:39 -04:00
AverageSecurityGuy 4e45100251 Add FrontPage Credential Dump 2018-08-27 14:20:26 -04:00
William Vu 6df235062b
Land #10505, post-auth and default creds info 2018-08-24 18:08:15 -05:00
William Vu 578d2375d7 Add full disclosure for CVE-2018-15473 2018-08-22 14:49:13 -05:00
Wei Chen 2780ae6ba9 Update false negatives 2018-08-21 08:50:26 -05:00
William Vu 06582a00a0 Add module doc for ssh_enumusers 
And update description in module.
 2018-08-20 19:26:51 -05:00
William Vu 819b8504e2 Add a little better randomization 2018-08-20 17:10:14 -05:00
William Vu b38a442bb0 Refactor once more with feeling 
Also flesh out malformed-packet auth method. Let's not be lazy here. :-)
 2018-08-20 16:25:32 -05:00
William Vu 75403d7e05 Add testing note about logging 2018-08-17 20:20:12 -05:00
William Vu 7287779555 Make false positive check optional 
I couldn't repro this with pubkey-only auth. It also goes to the log.
 2018-08-17 20:05:04 -05:00
William Vu 8e3af2dcfc Add CVE-2018-15473 to ssh_enumusers 2018-08-17 18:48:44 -05:00
William Vu 60c0272270 Make style consistent 2018-08-15 21:27:40 -05:00
Kevin Kirsche 45e0b53fc8 Fix spacing issue with rocket 2018-08-15 14:59:52 -07:00
Kevin Kirsche 09434bd57c Fix tabbing caused by incorrect VM nvim configuration 2018-08-15 07:00:45 -07:00
Kevin Kirsche 905f26372d Remove host key checks on ssh scanner modules 2018-08-15 06:48:35 -07:00
Jacob Robles 85a137e0a0
Land #10420, cgit < 1.2.1 Directory Traversal 2018-08-13 16:25:23 -05:00
Jacob Robles 5a3d040d71
Fix module, Add documentation 2018-08-13 15:48:21 -05:00
Shelby Pace ce8cbd64d4
Land #10404, Add Path Traversal Oracle GlassFish 2018-08-13 11:15:26 -05:00
Dhiraj Mishra 14b12f38d0
Fixing 2018-08-05 23:26:18 +05:30
Dhiraj Mishra 9502c26dc1
Updated 2018-08-05 19:14:12 +05:30
Dhiraj Mishra 8a175f50cd
Indentation 2018-08-05 00:15:04 +05:30
Dhiraj Mishra ebcc9a3c20
Fixing Indentation 2018-08-04 19:16:12 +05:30
Dhiraj Mishra 502c103d37
cgit < 1.2.1 Directory Traversal 2018-08-04 18:52:24 +05:30
Dhiraj Mishra 458fca6ff0
Fixing 
Thanks bcoles
 2018-08-04 13:15:25 +05:30
Brendan Coles 1c82592882
Land #10358, Add Dicoogle PACS Directory Traversal scanner module 2018-08-04 05:31:16 +00:00
h00die e5dcfa62c9 remove encoding and escaping 2018-08-03 20:23:33 -04:00
Wei Chen 0785d59146
Land #10412, Add Cisco directory traversal auxiliary module 2018-08-02 16:44:59 -05:00
Shelby Pace 10d4061672
changed default port 2018-08-01 13:30:19 -05:00
Shelby Pace de83926e6c
separated list_users into two functions 2018-08-01 12:59:53 -05:00
Shelby Pace 0264eb2ea3
cleaned up module 2018-08-01 09:51:45 -05:00
Shelby Pace 021264fd5a
listing files and grabbing logged in user names 2018-07-31 16:03:17 -05:00
William Vu 090624fe17 Correctly set proto and sname in joomla_pages 2018-07-31 11:51:34 -05:00
William Vu 41ce96b19d Clean up module 2018-07-31 11:01:02 -05:00
Dhiraj Mishra 323c814abf
Fixing some tweaks 2018-07-31 19:52:39 +05:30
Dhiraj Mishra 55dce52bea
Fixing some tabbed indent 2018-07-31 18:24:28 +05:30
Dhiraj Mishra 3a7d18a98d
Fixing, Warning of EOL 2018-07-31 18:11:09 +05:30
Dhiraj Mishra d9e94f94dc
Oracle GlassFish 2018-07-31 17:59:03 +05:30
Sergey Gorbaty a0b7a4986e Making sure we connect to RMI 2018-07-30 23:25:32 -07:00
Alexander Halbarth 80d5d1d4ee
use variable port instead of datastore 2018-07-31 07:38:09 +02:00
Alexander Halbarth b0fa17ccfb
Better output added to joomla_pages 2018-07-31 07:29:56 +02:00
Shelby Pace ca8a01d27c
getting filenames in http responses 2018-07-30 16:25:45 -05:00
Sergey Gorbaty c3534a479e JMX scanner 2018-07-30 13:25:15 -07:00
Shelby Pace 7cf2c840a3
metadata set up 2018-07-30 14:25:58 -05:00
Shelby Pace d58785f959
Land #10247, add WordPress Arbitrary File Deletion 2018-07-30 09:05:23 -05:00
h00die c440eeaa31 rogue end 2018-07-29 10:35:33 -04:00
h00die 53cca07442 bcoles suggestions 2018-07-29 10:31:01 -04:00
Brent Cook c1418955f5
Land #10319, enable VHOST for ms15_034_http_sys_memory_dump 2018-07-25 18:51:57 -05:00
Jacob Robles 5a7c25b498
Fix description 2018-07-25 15:13:41 -05:00
Jacob Robles 1105474fb9
Modify options for smb_login 
Change default value for DETECT_ANY_AUTH
and add option for DETECT_ANY_DOMAIN
 2018-07-25 14:53:06 -05:00
William Vu 9fde9127ad
Land #10370, minor CouchDB fix 2018-07-25 01:11:23 -05:00
William Vu d3b7dffcdc Prefer res.body over res 2018-07-25 01:05:18 -05:00
William Vu bc89d7fe52
Land #10357, CouchDB improvements and docs 2018-07-25 00:54:55 -05:00
Wei Chen 625ea87ea9
Land #10368, PhpMyAdmin Login Scanner Module 2018-07-24 23:25:27 -05:00
Wei Chen 5df5ab30f6 Use store_valid_credential to save good credentials 2018-07-24 23:21:59 -05:00
Shelby Pace efa3a77adc
modified name 2018-07-24 15:00:14 -05:00
Shelby Pace 4f81fcdc87
retn versions in chk_setup, tests to reflect, doc 2018-07-24 14:51:00 -05:00
Shelby Pace 976a3464e1
added phpmyadmin login scanner and aux module 2018-07-24 09:47:01 -05:00
timoles aaf664db42
Update jboss_vulnscan.rb 
Fixed a paste error, or sneaked in character in the app url.
 2018-07-24 04:24:49 -07:00
Matthew Kienow dac5780feb
Land #10176, creds data service CRUD operations 2018-07-23 23:36:32 -04:00
Timo 01acaa3ad9 Changed the app scan layout to reduce the complexity of the app_check branch. (as of suggestion by bcoles) 2018-07-23 00:41:49 -07:00
h00die 83ae5cb14d fix backup_file.rb and add a few docs 2018-07-22 20:50:22 -04:00
h00die 2a969d70db dicoogle 2018-07-21 21:31:45 -04:00
h00die abfed97e03 remove EOL spaces 2018-07-21 11:21:11 -04:00
h00die 8b324c19d8 update couchdb scanner 2018-07-21 11:02:50 -04:00
Timo c9e47d6d2b Added check and response for CVE-2017-12149 in jboss_vulnscan.rb 2018-07-20 03:52:29 -07:00
James Barnett 65d42380d3
Merge branch 'master' into remote_creds_data 2018-07-19 16:25:06 -05:00
Sunny Neo 8e1f68f384
Update ms15_034_http_sys_memory_dump.rb with VHOST 
Added VHOST to cater to targets that require virtual hostname to be defined
 2018-07-16 15:13:23 +08:00
asoto-r7 1a3a4ef5e4
Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
William Vu cce3b6f369 Clean up module 2018-07-12 02:57:14 -05:00
Agora Security 7d8b9a90d7 Add more reporting 2018-07-11 17:22:48 -04:00
Agora Security 30c43e22d9 Fix typo 2018-07-11 17:04:31 -04:00
Agora Security bb8ac4a7ab Add info & update_info 2018-07-11 16:52:16 -04:00
James Barnett c26fcc0af1 Merge branch 'master' into remote_creds_data 2018-07-11 10:27:49 -05:00
Agora Security 1f0045fa03 Improve Description 2018-07-11 01:27:10 -04:00
Agora Security 00f4d3967c Add basic reporting 2018-07-11 00:47:43 -04:00
Agora Security d488b51264 Use peer instead of ip & port 2018-07-11 00:41:55 -04:00
Agora Security 5a89642ddd Simplify the module greatly 2018-07-11 00:15:56 -04:00
Agora Security ffc2f044cc Remove lines that were not required 2018-07-11 00:04:44 -04:00
Agora Security 7b1e7eb085 Minor improvement to description 2018-07-11 00:04:12 -04:00
Agora Security 2b2029b487 Align Hashrockets 2018-07-11 00:03:26 -04:00
Agora Security 9491c63778 Fix several minor details 2018-07-10 23:56:05 -04:00
Agora Security 66c207a124 Remove timeout of 25 seconds 2018-07-10 23:53:13 -04:00
Agora Security 718606c9f2 Add Auxiliary module to enumerate the Docker Server Version 2018-07-10 19:34:49 -04:00
Jacob Robles 4403a4ab47
Fix CVE number 2018-07-09 12:56:00 -05:00
James Barnett bbc16e1873 Merge branch 'master' into remote_creds_data 2018-07-09 09:49:14 -05:00
Wei Chen aff39e65d5 Update missing CVE references for auxiliary modules 
Based on existing references such as BID, OSVDB, blog posts, etc
 2018-07-08 19:00:11 -05:00
Jacob Robles 1c448de882
Land #10107, Add the scanner/smb/impacket/secretsdump module 2018-07-06 14:59:33 -05:00
Aloïs Thévenot e1a9aae109 Add Wordress Arbitrary File Deletion module 2018-07-03 12:21:38 +02:00
Adam Cammack ce7d4cd280
Land #10109, Teradata login scanner and SQL runner 2018-06-27 15:35:57 -05:00
Adam Cammack 9d8294fcc9
Mark Teradata login scanner executable 2018-06-27 15:35:13 -05:00
Adam Cammack 3985191e0f
Add `userpass` option to Teradata login scanner 2018-06-27 15:10:02 -05:00
Adam Cammack ef309e0d5f
Fixup metadata whitespace 2018-06-27 15:09:23 -05:00
Wei Chen 76535b5e51 Check hidden val && check auth requirement 2018-06-25 17:24:13 -05:00
Shelby Pace 10c36bbd7d
modified get_creds, renamed make_request 2018-06-25 12:45:06 -05:00
Shelby Pace 81bdbd712c
added disclosureDate and modified style 2018-06-22 15:58:21 -05:00
Shelby Pace 510c2d04ef
add auxiliary module and documentation - SickRage 2018-06-22 11:18:02 -05:00
Wei Chen b315886f9b Update option description 2018-06-19 14:55:53 -05:00
Wei Chen 9be8aa6877 Be more verbose on error handling 2018-06-19 14:54:27 -05:00
Shelby Pace a0189cc3f6
made suggested changes to module 2018-06-19 12:22:44 -05:00
Shelby Pace b78bb78f95
added auxiliary module and documentation 2018-06-18 10:25:33 -05:00
James Barnett 2ded48a510 Merge branch 'master' into remote_creds_data 2018-06-15 10:26:10 -05:00
James Barnett 9f2f61c481
Implement create_credential_and_login in the dataproxy 2018-06-14 13:28:03 -05:00
Jacob Robles 3b2889cd77
Land #10106, Add the scanner/smb/impacket/wmiexec module 2018-06-05 08:33:34 -05:00
Aaron Soto 2bf5e26bfe
Removed `Deprecated` include from `udp_probe` 2018-05-31 14:32:31 -05:00
Aaron Soto 918705d510
Removed deprecated modules: `epmp1000_cmd_exec` and `cambium_snmp_loot` 2018-05-31 14:31:58 -05:00
actuated b0d8e93e79 Added Teradata ODBC Login and SQL modules and documentation 2018-05-29 10:12:43 -05:00
Spencer McIntyre 7ac8af03d2 Remove the LD_PRELOAD hook for proxychains 2018-05-27 17:12:06 -04:00
Spencer McIntyre 28d15a113f Add the secretsdump impacket module and docs 2018-05-27 17:09:59 -04:00
Spencer McIntyre 9fab2316c5 Add the wmiexec impacket module and documentation 2018-05-27 16:24:56 -04:00
James Barnett 0472b9df3f
Land #10024, Fix find_or_create_* methods for remote data service 
This PR updates the find_or_create_* methods associated with each model to
no longer just proxy to the report_* model. It now performs a lookup through
the DataProxy and returns the found object if it exists, or creates a new
record if needed.
 2018-05-22 17:08:46 -05:00
Matthew Kienow 4ecc1ff551
Modify loots, notes and services search methods 
Modify loots and services method signatures. Remove workspace as a
positional argument, move into opts hash argument and update callers.
Made host search for these models more uniform. Update find_or_create
methods to handle difference in opts between find and report
operations.
 2018-05-21 17:37:51 -04:00
Brent Cook 7af7587519
Land #9999, Optionally test empty group in cisco_ssl_vpn 2018-05-18 10:57:15 -05:00
Jacob Robles 999b895735
Land #9816, Add the scanner/smb/impacket/dcomexec module 2018-05-16 07:15:32 -05:00
Jacob Robles cc0fdee788
EmptyGroup advanced option, just in case... 2018-05-10 09:57:50 -05:00
Jacob Robles 79a0610436
remove empty group 2018-05-09 11:11:03 -05:00
Brent Cook a4ecd43a8f remove unused constants 2018-05-07 00:24:38 -05:00
nixawk 273e25265b Add a QUERY OPTION 2018-04-23 20:51:04 -05:00
nixawk 6ac30d1987 update influxdb_enum 2018-04-23 04:56:28 -05:00
Spencer McIntyre 0a3bcf570c Add the scanner/smb/impacket/dcomexec module 2018-04-04 17:34:41 -04:00
Jon Hart 63aabc00f1
etcd rubocop style 2018-04-04 11:01:38 -07:00
Jon Hart a8c76638d3
Rename 2018-04-04 10:54:20 -07:00
Jon Hart 518e17118a
Add DisclosureDate 2018-04-04 10:52:47 -07:00
Jon Hart a6c31aceb2
Refactor common etc capabilities; add separate version scanner 2018-04-04 10:48:27 -07:00
Brent Cook 3a54f0d5f8
Land #9776, if data is nil, stop reading the heartbleed socket 2018-03-29 11:23:08 -05:00
Jon Hart a1e83ce835
Land #9760, @h00die's etcd scanner 2018-03-28 10:41:22 -07:00
Jon Hart 5cdfadd0df
Fix more style issues 2018-03-28 09:43:30 -07:00
Jon Hart 7767505678
Fix some style issues 2018-03-28 09:43:22 -07:00
h00die c97743925f jhart suggestions 2018-03-27 18:46:31 -04:00
Jeffrey Martin 288bd28d3a
if data is nil stop reading the heartbleed socket 2018-03-27 15:51:14 -05:00
William Vu 862a3ff74d
Land #9618, pipe auditing improvements 2018-03-26 17:01:48 -05:00
h00die 327b2176c0 change and 2018-03-26 17:35:58 -04:00
Andrew Morris 217dea60fc
Update blog link to up-to-date blog post 2018-03-26 15:43:10 -04:00
h00die e462cb49a2 updated docs 2018-03-25 14:53:30 -04:00
h00die d739a9a057 working etcd scanner 2018-03-25 13:54:55 -04:00
William Vu 09cb4a52df Update smb_ms17_010 scanner with PipeAuditor mixin 2018-03-22 15:37:45 -05:00
William Vu e4c026fffd Update pipe_auditor module with PipeAuditor mixin 2018-03-22 15:37:45 -05:00
Jacob Robles ca7caae622
Change External Module Type Names 
Change the a couple of external module type names
to be consistent with the template files.
 2018-03-20 10:19:57 -05:00
Brent Cook 65ae1e33e1
Land #9694, move ssh platforms to lib 2018-03-16 12:49:57 -05:00
h00die 97dbc1273a copy pasta 2018-03-12 20:14:08 -04:00
Auxilus ef515d256d msftidy fixes 2018-03-13 00:34:25 +05:30
Auxilus 2c52498d4a
Update smb_ms17_010.rb 2018-03-13 00:28:37 +05:30
Auxilus 6e9a4916f5 scanner update 2018-03-13 00:23:18 +05:30
Brent Cook d86dcbc237
Land #9632, owa_login and auth_brute enhancements 2018-03-12 10:31:20 -05:00
Jacob Robles 615f6b02af
varnish no auth file read 2018-03-09 11:25:13 -06:00
Jacob Robles 1fd0087a97
Land #7654, varnish file read 2018-03-09 10:59:04 -06:00
Jacob Robles a458cb9ebc
varnish file read msftidy fixes 2018-03-09 10:56:52 -06:00
Jacob Robles 037559023a
Update connect/disconnect varnish 
[ticket: #7654]
 2018-03-09 10:37:14 -06:00
Auxilus 9df99e8ce3
Update smb_ms17_010.rb 2018-03-09 16:10:20 +05:30
Auxilus 56fe70d84b
Update smb_ms17_010.rb 2018-03-09 16:07:09 +05:30
h00die ec7a62bc4c move ssh platforms to lib 2018-03-08 21:23:11 -05:00
Auxilus 478f01d0d9 fix format 2018-03-09 02:25:58 +05:30
Jon Hart a69c2e29d2
Correct comment 2018-03-06 18:16:22 -08:00
Jon Hart 1e04fa009f
Fix style 2018-03-06 18:13:50 -08:00
Jon Hart 74ec9f00e7
Add WIP memcached UDP version scanner 2018-03-06 17:54:00 -08:00
Jon Hart e72372d6d8
Add disclosure date and correct CVE for memcached amp 2018-03-06 16:04:00 -08:00
Brent Cook d6871f5733
Land #9614, Juniper post enum module 2018-03-06 10:29:56 -06:00
Jon Hart f2de2a7f21
Appease most of rubocop's concerns 2018-03-04 07:17:25 -08:00
Jon Hart 2edb2dd8d0
Add CVE; clarify vuln name 2018-03-04 07:13:28 -08:00
Jon Hart e7a7b557bc
Randomize and doc memcached stats probe; catch multi-packet responses 2018-03-01 16:56:34 -08:00
Jon Hart 155f45fc28
Simplify memcached amplification scanner to use UDPScanner for most of the work 2018-03-01 15:37:23 -08:00
Jon Hart 9e1a7c869c
Use drdos mixin for memcached amp module 2018-02-27 22:51:27 -08:00
xistence 05c99ffb5c Add Memcached amplification scanner 2018-02-28 11:24:17 +07:00
Auxilus a1587bcd68
Update smb_ms17_010.rb 2018-02-24 09:05:35 +05:30
Auxilus 46af6239df
Update smb_ms17_010.rb 2018-02-24 08:50:39 +05:30
Auxilus 9bae6246b2
Check for accessible named pipe on vuln targets 
```
msf5 auxiliary(scanner/smb/smb_ms17_010) > run

[+] 192.168.0.2:445       - Host is likely VULNERABLE to MS17-010! - Windows 7 Ultimate 7601 Service Pack 1 x64 (64-bit)
[*] 192.168.0.2:445       - Checking for accessible named pipes
[+] 192.168.0.2:445       - Found accessible named pipe: netlogon
[+] 192.168.0.2:445       - Found accessible named pipe: lsarpc
[+] 192.168.0.2:445       - Found accessible named pipe: samr
[+] 192.168.0.2:445       - Found accessible named pipe: browser
[+] 192.168.0.2:445       - Found accessible named pipe: atsvc
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
 2018-02-24 03:20:34 +05:30
James Barnett 133b34827f
Fix false+ login in a few more places 2018-02-23 13:16:41 -06:00
h00die c7bbc6eca4 juniper post enum module 2018-02-22 21:08:21 -05:00
James Barnett 5815b626d9
Dont save email addresses as valid 
Also add module doc for owa_login module
 2018-02-22 14:58:11 -06:00
James Barnett e531dbc976
Fix bug causing all logins to appear valid 
The headers we were looking for were a little too loose
and were incorrectly identifying all responses as successful
login attempts
 2018-02-22 11:25:35 -06:00
Jacob Robles 738d6ab33a
Land #9604, Fix logged errors when running without Python 3.6 / gmpy2 2018-02-22 08:11:30 -06:00
Brent Cook 7e665ab287 check for extra libraries explicitly, fail gracefully 2018-02-21 21:54:58 -06:00
William Vu 3880f6a65e Finally fix "Unknown admin user ''" after 2yrs 
The failed password auth was necessary after all. I misread the PoC. :'(

Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
 2018-02-21 20:44:35 -06:00
William Vu cc2495dd9c Explain fortinet-backdoor -> FortinetBackdoor 2018-02-21 17:05:30 -06:00
William Vu a5d78b82d4 Add require for Net::SSH::CommandStream 2018-02-21 15:51:53 -06:00
William Vu 854ac67b8e Use start_session in fortinet_backdoor 
Still get "Unknown admin user ''" from a shell channel request,
@busterb's more complete implementation notwithstanding.

Hoping we fix this in a subsequent commit or related PR.

Please see #6612 and #9524.
 2018-02-21 15:33:34 -06:00
Brent Cook 78822fd799
Land #9524, prefer 'shell' channels over 'exec' channels for ssh CommandStream 2018-02-21 06:59:09 -06:00
William Vu 9cbc55ce40
Land #9593, finger_users regex fix 2018-02-21 01:27:40 -06:00
James Lee d6206dc046
Better regex in finger_users 2018-02-20 15:48:00 -06:00
Brent Cook 56c00a8cb6 initial OWA 2016 support 2018-02-19 21:43:49 -06:00
Brent Cook c4c864f391
Land #9558, Fix #9417, map timeout exp to a var for telnet_encrypt_overflow 2018-02-15 15:54:23 -06:00
Wei Chen ef948ccc38 Fix #9417, map timeout exp to a var for telnet_encrypt_overflow 
Fix #9417
 2018-02-14 09:19:28 -06:00
HD Moore 7cfc17860d udp_probe is necessary for pivot scans 2018-02-14 08:45:46 -06:00
HD Moore 234f5a316b Revert "Remove old deprecated modules" 
This reverts commit a2c5cc0ffb.
 2018-02-14 08:42:44 -06:00
Wei Chen fbeba8bfd2 Fix #9513, Add private_type to be able to store password for Tomcat 
If there is no :private_type, the create_credential method in
Metasploit::Credential::Creation will quietly skip the password,
which makes it look like a bug when the user is trying to view
the password from the creds command.

Fix #9513
 2018-02-13 14:31:56 -06:00
follower ecb5fffb0b
Typo fix: "withint" --> "within" 2018-02-13 06:20:57 +13:00
Brent Cook 44b08feeb0
Land #9525, Update mysql_hashdump for MySQL 5.7 and above 2018-02-08 13:56:26 -06:00
Brent Cook 1bb5499fce fix whitespace 2018-02-08 13:55:40 -06:00
Osanda Malith Jayathissa 00ead05237
Update for MySQL 5.7 and above 
Starting from MySQL 5.7 the password column was changed to authentication_string. I've added a check to determine the version. Tested on both MySQL 5.6 and 5.7.
 2018-02-08 13:40:35 +00:00
Brent Cook b1d0529161 prefer 'shell' channels over 'exec' channels for ssh 
If a command is not specified to CommandStream, request a "shell"
session rather than running exec. This allows targets that do not have a
true "shell" which supports exec to instead return a raw shell session.
 2018-02-08 02:21:16 -06:00
Adam Cammack 51e098da35
Add scanner for Bleichenbacher oracle (ROBOT) 2018-02-02 16:29:07 -06:00
Matthew Kienow 6caba521d3
Land #9424, Add SharknAT&To external scanner 2018-01-24 12:40:29 -05:00
Pearce Barry eb572a3ef5
Land #8632, colorado ftp fixes 2018-01-23 17:45:07 -06:00
Adam Cammack be08af5404
More Python style fixes 2018-01-23 09:17:22 -06:00
Brent Cook 10fde42adc
Land #9431, Fix owa_login to handle inserting credentials for a hostname 2018-01-22 16:46:39 -06:00
Brent Cook b12953fa85
Land #9404, update module author 2018-01-22 16:41:50 -06:00
Wei Chen 394c31c1e3 Remove NoMethod Rescue for cerberus_sftp_enumusers 
Please see reasons in #9436
 2018-01-22 11:10:23 -06:00
Wei Chen 38d056b930
Land #9436 - Fix cerberus_sftp_enumusers undefined method start for nil 
Land #9436

Thanks Steve!
 2018-01-22 11:07:23 -06:00
Wei Chen 85d018096b Pass password_prompt and non_interactive to fix #8970 
Fix #8970
 2018-01-22 11:06:12 -06:00
Pearce Barry 2a6b3671bf
Add connection addr+port info to http response object. 
Update owa_login to use this instead of doing lookups on its own.
 2018-01-19 13:37:33 -06:00
Steve Embling 8f75d3a46b Possible fix to changes in net::ssh usage 2018-01-19 15:10:14 +00:00
Pearce Barry e9ce2374e5
Auto-resolve target if it's a hostname (owa_login). 
Ensures the module does save the creds which it claims to be saving.  See MS-2968.
 2018-01-17 16:47:21 -06:00
Adam Cammack 0f0b116751
Rename scanner bits to avoid confusion 2018-01-17 14:46:31 -06:00
Adam Cammack c7894f1d74
Split long lines and add comments 2018-01-17 12:04:12 -06:00
Adam Cammack 37bf68869f
Add scanner for the open proxy from 'SharknAT&To' 2018-01-16 21:05:19 -06:00
Brendan Coles d172259f5d
umlaut 2018-01-13 16:06:11 +11:00
William Vu eb8429cbd3
Revert "umlaut" 
This reverts commit ffd7073420.
 2018-01-12 22:57:22 -06:00
Brendan Coles ffd7073420
umlaut 2018-01-13 15:48:45 +11:00
Wei Chen dd737c3bc8
Land #9317, remove multiple deprecated modules 
Land #9317

The following modules are replaced by the following:

auxiliary/scanner/discovery/udp_probe
is replaced by:
auxiliary/scanner/discovery/udp_sweep

exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload
is replaced by:
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload

exploit/windows/misc/regsvr32_applocker_bypass_server
is replaced by:
exploits/multi/script/web_delivery
 2018-01-10 15:47:20 -06:00
jgor 51e5fb450f Detect and return on bad VNC negotiations 2018-01-05 10:12:13 -06:00
Aaron Soto 7849155347
Land #9359, Improve DCE/RPC fault handling 2018-01-03 20:42:17 -06:00
Adam Cammack a98de2d9a3
Land #9358, Support password protected key files 2018-01-03 15:12:28 -06:00
bka-dev 086f657c56
Fix early termination of auxiliary/scanner/dcerpc/hidden 
This commit fixes an issue, where auxiliary/scanner/dcerpc/hidden terminates directly, once an endpoint can't be reached or access is denied. Instead the next endpoint in list should be checked, instead of terminating directly.
 2017-12-31 14:41:33 +01:00
RageLtMan f2a8d68a1f Permit encrypted SSH keys for login scanner 
Net::SSH::KeyFactory permits loading keys using a passphrase.
The Framework SSH modules were implemented back when we had a fork
of net-ssh in our tree, and can now use functionality provided by
the upstream gem.
Update the ssh key login scanner to add a KEY_PASS datastore
OptString which is then passed to the KeyCollection class and used
in the updated :read_key method which now calls the KeyFactory to
read data and give us the appropriate String representation of the
key in the KeyCollection's cache.
A bit of cleanup performed as well, removing legacy code paths no
longer hit by the module. Shamelessly added self to authors, fair
amount of blood and sweat in the SSH subsystem over the years, hope
nobody objects.

Testing:
  None yet
 2017-12-31 02:53:06 -05:00
Brent Cook 8de760f1f7
Land #9348, Only use basic auth in couchdb_enum when credentials are provided 2017-12-28 21:24:45 -06:00
Brent Cook c2bb144d0f
Land #9302, Implement ARD auth and add remote CVE-2017-13872 (iamroot) module 2017-12-28 14:11:26 -06:00
james fad4ccece9 Only use basic auth in couchdb_enum when credentials are provided 2017-12-27 20:16:01 -06:00
Jon Hart bbed7db13c
Merge branch 'upstream-master' into feature/mqtt-login 2017-12-27 13:08:44 -08:00
Tod Beardsley e6de25d63b
Land #9316 Cambium modules and mixins, tx @juushya 
These cover several of the CVEs mentioned in

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/
 2017-12-26 12:39:51 -06:00
Tod Beardsley 1bb2bb9d2c Oops, no admin in that path 2017-12-26 12:06:45 -06:00
Tod Beardsley 9af88681a2
Move deprecation out 60 days 2017-12-26 11:56:47 -06:00
juushya 038119d9df Use of get_cookies_parsed, changing dirs, marking deprecated in 2 mods, more 2017-12-23 00:14:27 +05:30
Tod Beardsley 5dfb5d581a
Switch get_cookies to get_cookies_parsed 
Am I doing it right? See #9333
 2017-12-21 09:00:56 -06:00
Jon Hart 962bc71d10
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 18:58:36 -08:00
Jon Hart 298cb16b1a
Set default USER/PASS files 2017-12-20 18:44:43 -08:00
Jon Hart b9af835d06
Style 2017-12-20 18:05:00 -08:00
Jon Hart d0b3abc14b
Better handling of MQTT endpoints which don't require authentication 
Arguably this is working around LoginScanner's inability to provide
blank usernames AND passwords
 2017-12-20 18:02:52 -08:00
Jon Hart 495c649c7d
Better printing 2017-12-20 14:40:42 -08:00
Jon Hart ed5f177fcd
syntax 2017-12-20 14:20:08 -08:00
Jon Hart e66ec85677
Set default u/p 2017-12-20 14:18:33 -08:00
Jeffrey Martin 8cd7185a7f
Land #9313, Add DirectAdmin login_scanner module 2017-12-20 15:23:24 -06:00
Jeffrey Martin 7f8a5d3834
improved credential reporting 2017-12-20 15:09:11 -06:00
Jon Hart 14c779b945
Fix rubocop warning 2017-12-20 12:44:27 -08:00
Jon Hart c817df0bbc
Add module for bruteforcing authentication on MQTT endpoints 2017-12-20 12:30:21 -08:00