Tod Beardsley
1eb3c323ed
Land #2175 , force string encoding for RPC
...
Metasploit takes great pains to ensure that all strings are encoded as
plain old US-ASCII. This PR enforces this conversion over RPC as well.
[FixRM #7888 ]
2013-08-16 16:09:24 -05:00
Tod Beardsley
7937fbcc49
More idiomatic ruby with symbols and spaces
2013-08-16 15:59:04 -05:00
sinn3r
a94c6aa72b
[FixRM 6264] Check required vulnerable component before testing
...
tomcat_enum requires the admin web app package for it to work, but
by default many Apache Tomcat don't actually have this. The module
should check that first before trying usernames.
[FixRM 6264], see:
http://dev.metasploit.com/redmine/issues/6264
I also made changes to do_login in order to verify successful/bad
attempts more specific.
2013-08-16 15:45:23 -05:00
jvazquez-r7
e50ef209b2
Land #2233 , @bperry-r7's module for nexpose
2013-08-16 14:21:22 -05:00
jvazquez-r7
f42797fc5c
Fix indentation
2013-08-16 14:19:37 -05:00
Nicholas Davis
5da714f748
fixed bug #8296 where help table was not displaying properly
2013-08-16 15:10:38 -04:00
Tod Beardsley
f7339f4f77
Cleanup various style issues
...
* Unset default username and password
* Register SSL as a DefaultOption instead of redefining it
* Use the HttpClient mixin `ssl` instead of datastore.
* Unless is better than if !
* Try to store loot even if you can't cleanup the site ID.
2013-08-16 14:03:59 -05:00
jvazquez-r7
dfa1310304
Commas in the author array
2013-08-16 13:54:46 -05:00
Tod Beardsley
24b8fb0d7b
Whitespace retab, add rport 3780 as default
2013-08-16 13:31:05 -05:00
jvazquez-r7
85b050112a
Land #2231 , @wchen-r7's patch for [SeeRM #8114 ]
2013-08-16 12:52:10 -05:00
sinn3r
a86b247077
Land #2224 - Add brute force module for Cisco IronPort
2013-08-16 12:07:14 -05:00
sinn3r
bbe57dbf3a
Some cleanup, also remove TARGETURI because not registered by default
2013-08-16 12:06:24 -05:00
sinn3r
d4dbea5594
Check 200
2013-08-16 11:34:32 -05:00
Tod Beardsley
e436d31d23
Use SSL by defailt
2013-08-16 11:32:10 -05:00
Tod Beardsley
60a229c71a
Use rhost and rport, not local host and port
2013-08-16 11:12:39 -05:00
Tod Beardsley
646d55b638
Description should be present tense
2013-08-16 11:06:34 -05:00
Tod Beardsley
f0237f07d6
Correct author and references
2013-08-16 11:04:51 -05:00
Brandon Perry
46d6fb3b42
Add module for xxe
2013-08-16 10:51:05 -05:00
Karn Ganeshen
e4885b2017
updated module
...
removed the csrfkey parameter from login uri.
2013-08-16 13:04:02 +05:30
sinn3r
3762b84ea4
Land #2232 - CVE-2013-2465: Java storeImageArray() Invalid Array Indexing
2013-08-16 01:32:44 -05:00
jvazquez-r7
1a3b4eebdb
Fix directory name on ruby
2013-08-15 22:54:31 -05:00
jvazquez-r7
795ad70eab
Change directory names
2013-08-15 22:52:42 -05:00
Josh
7d3c67614d
add .sublime-project to gitignore
2013-08-15 22:25:29 -05:00
jvazquez-r7
c5c2aebf15
Update references
2013-08-15 22:04:15 -05:00
jvazquez-r7
cc5804f5f3
Add Port for OSVDB 96277
2013-08-15 18:34:51 -05:00
James Lee
79acc96e9a
Land #2230 , enum_shares nil deref
...
[FixRM #8224 ]
2013-08-15 16:55:39 -05:00
sinn3r
0f4196d641
Land #2229 - Re-implement fail_with() function
2013-08-15 16:51:03 -05:00
sinn3r
462ccc3d36
Missed these little devils
2013-08-15 16:50:13 -05:00
sinn3r
cd734acf3e
[See RM 8114] - Reduce false positive if traffic is redirected
...
Fix complaint for hitting this false positive when the user has
all the traffic redirected.
2013-08-15 16:33:10 -05:00
sinn3r
83a179ff08
[Fix RM 8224] - undefined method `include?' for nil:NilClass
...
Bug due to registry_enumkeys returning nil.
2013-08-15 16:04:35 -05:00
HD Moore
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
HD Moore
bec15ebf7c
Remove Failure (moved to parent class)
2013-08-15 13:31:21 -05:00
HD Moore
4706f8b54c
Add fail_with() stub and move Failure from Exploit
2013-08-15 13:30:47 -05:00
Tod Beardsley
0ef4b4c982
Land #2222 , remove Version from module info
2013-08-15 11:56:21 -05:00
Karn Ganeshen
a65181d51b
new revision - cisco_ironport_enum
...
Added code to check successful conn first, so now if there is no connectivity on target port, script aborts run.
New check to ensure 'set-cookie' is set by the app as expected, before any further fingerprinting & b-f starts.
If the app is not Ironport, 'set-cookie' will not be set & remains null, and so script aborts run.
De-registered 'TARGETURI.'
Registered 'username' and 'password' with default value.
Changed some run messages.
And lastly, changed the csrf key piece cos I miss a cold beer right now.
2013-08-15 04:06:30 +05:30
sinn3r
5032ed8966
Land #2226 - Ensure checksum* methods return a Fixnum
2013-08-14 16:45:34 -05:00
Brandon Turner
d4a56a319e
Merge pull request #2112 from shuckins-r7/bug/remove-rname-validation
...
Update to MDM 0.16.6
2013-08-14 13:25:15 -07:00
James Lee
ed00b8c19e
Ensure checksum* methods return a Fixnum
...
Fixes a bug in reverse_http* stagers where requests for the root URI
(i.e., "/") cause a NoMethodError on nil returned by checksum8.
[See #2216 ]
2013-08-14 14:09:37 -05:00
sinn3r
23c5f02e9a
Land #2225 - Fix dlink_dir300_exec_telnet
2013-08-14 13:11:42 -05:00
sinn3r
eac05ebcab
Land #2223 - MiniWeb (Build 300) Arbitrary File Upload
2013-08-14 13:07:32 -05:00
sinn3r
98e0053dc6
Fix indent level
2013-08-14 13:07:01 -05:00
jvazquez-r7
178a7b0dbb
Fix author's email format
2013-08-14 11:56:47 -05:00
Karn Ganeshen
ec36970ffa
cisco_ironport_enum module
...
This module scans for Cisco Ironport SMA, WSA and ESA web login portals, finds AsyncOS version and performs login brute force to identify valid credentials.
2013-08-14 22:22:06 +05:30
jvazquez-r7
2a4b8e4a64
Add useful comment
2013-08-14 11:49:32 -05:00
jvazquez-r7
e6c36864c4
Fix telnet related stuff
2013-08-14 11:47:57 -05:00
Juushya
d526663a53
Add module to brute force the Cisco IronPort application
2013-08-14 09:16:49 -07:00
sinn3r
bd6a45fffa
Get rid of version() use
2013-08-14 11:00:09 -05:00
bcoles
7145a85fb4
Add MiniWeb (Build 300) Arbitrary File Upload
2013-08-15 01:01:46 +09:30
sinn3r
163c13526d
Land #2221 - Add more refs to joomla_media_upload_exec
2013-08-14 02:38:51 -05:00
sinn3r
83aec3b231
Remove module version display
...
Since modules no longer use the 'Version' key, there's no point to
collect and show them. It's all 0 anyway.
[See RM 8278]
2013-08-14 02:26:39 -05:00