Commit Graph

24302 Commits (04f2632972932e4ed92980b96988daae75763586)

Author SHA1 Message Date
Arnaud SOULLIE 04f2632972 Implement jvazquez-r7 comments 2014-04-29 16:09:47 +02:00
Arnaud SOULLIE a0add34a7d Removed warning message and changed default unit number to 1 2014-04-28 15:47:10 +02:00
Arnaud SOULLIE a2ccbf9833 Add read/write capabilities to modbusclient 2014-04-28 15:29:55 +02:00
William Vu c2bb26590c
Land #3250, version handling for Heartbleed server 2014-04-25 00:17:26 -05:00
Ramon de C Valle fd232b1acd Use the protocol version from the handshake
I used the protocol version from the record layer thinking I was using
the protocol version from the handshake. This commit fix this and uses
the protocol version from the handshake instead of from the record layer
as in https://gist.github.com/rcvalle/10335282, which is how it should
have been initially.

Thanks to @wvu-r7 for finding this out!
2014-04-25 01:48:17 -03:00
Tod Beardsley fb3b6f577d
Land #3279, upper bound check for AR 2014-04-24 15:09:07 -05:00
sinn3r 1353c62967
Land #3295 - Fix NoMethodError undefined method `body' for nil:NilClass 2014-04-24 13:53:58 -05:00
sinn3r ba4b507cc7
Land #3280 - Multiplatform WLAN Enumeration and Geolocation 2014-04-24 13:52:32 -05:00
sinn3r 5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit 2014-04-24 13:43:20 -05:00
sinn3r 656e60c35c
Land #3254 - Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack BoF 2014-04-24 13:20:50 -05:00
sinn3r cde9080a6a Move module to fileformat 2014-04-24 13:17:08 -05:00
sinn3r a39855e20d Works for XP SP3 too 2014-04-24 13:16:24 -05:00
sinn3r ba8d7801f4 Remove default target because there is no auto-select 2014-04-24 13:15:49 -05:00
sinn3r 2e76db01d7 Try to stick to the 100 columns per line rule 2014-04-24 13:15:12 -05:00
Tom Sellers 8f47edb899 JBoss_Maindeployer: improve feedback against CVE-2010-0738
The exploit against CVE-2010-0738 won't work when using GET or POST.  In the existing code the request would fail and the function would return a nil.  This would be passed to detect_platform without being checked and cause the module to crash ungracefully with the error:

Exploit failed: NoMethodError undefined method `body' for nil:NilClass

The first changes detect a 401 authentication message and provide useful feedback.  Given that if, in any case, 'res' is not a valid or useful response the second change just terminates processing.

I've stayed with the module's coding style for consistency.
2014-04-24 12:37:14 -05:00
Christian Mehlmauer ef815ca992
Land #3288, Postgres support for Heartbleed scanner 2014-04-24 18:03:13 +02:00
Trevor Rosen e556997bf7
Land #3269 (Pro) fix report import issue 2014-04-24 08:27:06 -05:00
Tom Sellers d4c0d015c1 Update wlan_geolocate.rb
Updated based on feedback.  Also added enumeration only support for BSD and Solaris.
2014-04-24 07:04:50 -05:00
Spencer McIntyre 9ccb9397e3
Land #3264, throttl and csv output support for module 2014-04-23 19:00:28 -04:00
Spencer McIntyre e2b92a824f Change white space for authors in dns_reverse_lookup 2014-04-23 18:56:27 -04:00
JoseMi fd95d9ef38 Added english windows xp sp2 target 2014-04-23 17:32:56 +01:00
William Vu 15bd92dd50
Fix OpenSSH timing attack module 2014-04-23 10:10:37 -05:00
William Vu 0a108acea3
Fix missing comma
Commas will be the death of me.
2014-04-23 10:10:12 -05:00
William Vu 6d7fde4302
Land #3157, OpenSSH user enumeration timing attack 2014-04-23 10:01:10 -05:00
William Vu 1a2899d57b
Fix up whitespace 'n' stuff 2014-04-23 10:00:34 -05:00
Thanat0s 457c48b89b Error on sleep 2014-04-23 11:38:23 +02:00
Joe Vennix 143aede19c
Add osx nfs_mount module. 2014-04-23 02:32:42 -05:00
kenkeiras 96f042110f return is not needed when it's the last lifunction line 2014-04-22 22:33:47 +02:00
kenkeiras c9d8da991a Use Rex.sleep instead of select 2014-04-22 22:33:19 +02:00
kenkeiras d2a558dc85 Removed unused code 2014-04-22 22:33:02 +02:00
William Vu 39a7a049c4
Land #3283, msftidy vars_get check update
Now with more cyan.
2014-04-22 12:27:44 -05:00
Christian Mehlmauer 3f4e9ab18d
msftidy: only check send_request_cgi for vars_get 2014-04-22 19:24:06 +02:00
Wiesław Kielas 8f6567967d Heartbleed PostgreSQL TLS support improvements 2014-04-22 17:36:06 +02:00
Wiesław Kielas fbe392a896 Add PostgreSQL TLS support to the Heartbleed scanner 2014-04-21 23:27:40 +02:00
William Vu 284b474591
Land #3286, release fixes 2014-04-21 14:03:00 -05:00
Tod Beardsley e514ff3607
Description and print_status fixes for release
@cdoughty-r7, I choose you! Or @wvu-r7.
2014-04-21 14:00:03 -05:00
JoseMi e25ca64641 It's solved the crash when double-click on the pcap file 2014-04-21 17:49:40 +01:00
Christian Mehlmauer b864c4619d
msftidy - added info messages
this commit adds info messages to msftidy to show some info,
but stil exit with status 0 if there are not errors.
2014-04-21 18:04:14 +02:00
William Vu 1faf069130
Land #3284, deprecated module cleanup 2014-04-20 23:10:55 -05:00
James Lee ee413ac385
Remove previously deprecated modules 2014-04-20 22:15:44 -05:00
Christian Mehlmauer fc803ae277
Changed msftidy check
send_request_raw does not support vars_get so change
the message to switch to send_request_cgi.
See #3272 for more info
2014-04-20 22:41:32 +02:00
Tom Sellers 2fd004b69e New module: Multiplatform Wireless LAN Geolocation
This is a new POST module that allows Windows, Linux, and OSX targets to be geolocated using Google services if the target has an active and functional wireless adapter.
2014-04-19 17:31:48 -05:00
JoseMi 3861541204 Add more rand_text_alpha functions 2014-04-19 18:37:58 +01:00
JoseMi 7bc546e69a Add rand_text_alpha function 2014-04-19 17:45:28 +01:00
Brandon Turner 97ef53a1d1
Add upper bound for active-* gems
We do not yet support ActiveRecord and ActiveSupport 4.x, so ensure our
Gemfile declares this.
2014-04-18 16:45:07 -05:00
Brandon Turner fda6ed39f2
Land #3278, use renamed bcrypt gem instead of bcrypt-ruby 2014-04-18 16:33:51 -05:00
Tod Beardsley af19efbd71
Use the new bcrypt gem, not bcrypt-ruby
See the change upstream at:

273946f2ba

Reported by @ZeroChaos
2014-04-18 15:02:42 -05:00
kenkeiras b8e0187647 Use OptPath for file path options 2014-04-18 21:56:17 +02:00
kenkeiras fb0af8a799 Remove unnecesary ssh_socket variable 2014-04-18 21:50:54 +02:00
kenkeiras c875bdadf5 Change THRESHOLD into a datastore option 2014-04-18 21:18:48 +02:00