Commit Graph

24717 Commits (05e24326a60b6960e8609f029e50d3fb8e2e64ed)

Author SHA1 Message Date
James Lee 05e24326a6
Style compliance 2014-05-28 14:31:34 -05:00
James Lee 3ac2182984
First stab at axis2 login scanner 2014-05-27 23:53:04 -05:00
dmaloney-r7 85737d1235 Merge pull request #22 from rapid7/feature/MSP-9646/afp-loginscanner
AFP login scanner
2014-05-22 15:05:24 -05:00
dmaloney-r7 e062e88081 Merge pull request #23 from rapid7/feature/MSP-9671/tomcat-loginscanner
Add Tomcat login scanner
2014-05-22 15:01:47 -05:00
David Maloney 75d19e198b Merge branch 'staging/electro-release' of github.com:rapid7/metasploit-framework-private into staging/electro-release 2014-05-22 14:38:53 -05:00
David Maloney dcc6ed5351 Merge branch 'master' into staging/electro-release 2014-05-22 14:37:09 -05:00
William Vu ebd70cbd8f
Land #3382, references for IBM Sametime modules 2014-05-22 12:12:18 -05:00
William Vu d31908b72e
Land #3374, RPC deadlock fix
[FixRM #8794]
2014-05-22 12:07:23 -05:00
Tod Beardsley fa353e6bd9
Add CVE, IBM ref for SameTime modules 2014-05-22 11:34:04 -05:00
James Lee 5d1a0397ed
Add Tomcat login scanner 2014-05-21 14:28:54 -05:00
Spencer McIntyre e3630278ce
Land #3379, [FixRM #8803] - Improve fb_cnct_group check 2014-05-21 11:39:10 -04:00
jvazquez-r7 b9464e626e Delete unnecessary line 2014-05-21 10:18:03 -05:00
sinn3r a22c089aa0
Land #3378 - Add Reference for katello_satellite_priv_esc 2014-05-21 01:30:59 -05:00
jvazquez-r7 af415c941b [SeeRM #8803] Avoid false positives when checking fb_cnct_group 2014-05-20 18:44:28 -05:00
James Lee 8be35b90f4
Add some more specs for AFP login scanner 2014-05-20 17:44:41 -05:00
jvazquez-r7 8a9c005f13 Add URL 2014-05-20 17:43:07 -05:00
James Lee d061d36229 Merge branch 'staging/electro-release' into feature/MSP-9646/afp-loginscanner 2014-05-20 17:25:42 -05:00
James Lee 21de14ac3d
Initial stab at AFP login scanner 2014-05-20 17:08:12 -05:00
jvazquez-r7 727054df0b
Land #3375, @bugch3ck's support for Safari 2014-05-20 16:38:55 -05:00
Samuel Huckins 62bae8e23b Merge pull request #21 from rapid7/feature/MSP-9687/winrm-loginscanner
Specs and functional steps passing. 

MSP-9687 #land
2014-05-20 11:32:37 -05:00
David Maloney 0b1d9d8cd0 Merge branch 'master' into staging/electro-release 2014-05-20 10:27:55 -05:00
Jonas Vestberg 7cabfacfa3 Test adobe_flash_pixel_bender_bof on Safari 5.1.7
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
2014-05-20 01:43:19 +02:00
Meatballs 52b182d212
Add a small note to bypassuac_injection concerning EXE::Custom 2014-05-19 22:00:35 +01:00
Meatballs b84379ab3b
Note about EXE::Custom 2014-05-19 22:00:09 +01:00
Meatballs eeae071468
Land #3363, Workstation Length Auth Bug 2014-05-19 21:46:57 +01:00
William Vu a30d6b1f2d
Quick cleanup for sap_icm_urlscan 2014-05-19 09:21:26 -05:00
William Vu dc0e649a10
Clean up case statement 2014-05-19 09:21:07 -05:00
William Vu bc64e47698
Land #3370, cleanup for sap_icm_urlscan 2014-05-19 09:16:18 -05:00
William Vu 8235556cec
Land #3372, release fixes 2014-05-19 09:10:38 -05:00
Tod Beardsley 0ef2e07012
Minor desc and status updates, cosmetic 2014-05-19 08:59:54 -05:00
Tod Beardsley 1ef16fb722
Land #3367, new wordlists from unhash
Thanks @tkisason!
2014-05-19 08:44:54 -05:00
Meatballs 848227e18a
401 should be a valid url 2014-05-19 10:59:38 +01:00
Meatballs 5d96f54410
Be verbose about 307 2014-05-19 10:52:06 +01:00
Meatballs 88b7dc3def
re-add content length 2014-05-19 10:46:47 +01:00
Meatballs e59f104195
Use unless 2014-05-19 10:41:01 +01:00
sinn3r bf52c0b888
Land #3364 - Symantec Workspace Streaming Arbitrary File Upload 2014-05-19 00:25:33 -05:00
jvazquez-r7 2fb0dbb7f8 Delete debug print_status 2014-05-18 23:34:04 -05:00
jvazquez-r7 d35ba208ed
Land #3369 @bugch3ck's support for plugin flash exploitation on adobe_flash_pixel_bender 2014-05-18 23:25:08 -05:00
jvazquez-r7 975cdcb537 Allow exploitation also on FF 2014-05-18 23:24:01 -05:00
Jonas Vestberg 033757812d Updates to adobe_flash_pixel_bender_bof:
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).

Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
2014-05-18 22:43:51 +02:00
Tonimir Kisasondi 9b29c572a7 Comments dont work with auth_brute.rb 2014-05-18 21:14:17 +02:00
Tonimir Kisasondi c9bb2d5165 Added headers to files 2014-05-18 20:55:50 +02:00
Tonimir Kisasondi 97b63d708c Corrected naming to be in line with msf convention 2014-05-18 18:18:23 +02:00
Tonimir Kisasondi 7d79f8a4c2 Removed wrongly named list. 2014-05-18 18:15:17 +02:00
Tonimir Kisasondi d7bf66973c Fixed userpass delimiters. 2014-05-18 18:13:03 +02:00
Tonimir Kisasondi 6ec926b573 Added separate users/pass/userpass dictionaries 2014-05-18 10:18:07 +02:00
William Vu a97d9ed54f
Land #3148, check_urlprefixes for sap_icm_urlscan 2014-05-17 16:10:52 -05:00
sappirate dd1a47f31f Modified sap_icm_urlscan to check for authentication of custom URLs
Fixed ruby coding style
2014-05-17 22:47:49 +02:00
Tonimir Kisasondi af82ae262c Added a large default password list for services. 2014-05-16 23:27:18 +02:00
James Lee d2ebab09aa
Add timeout for SSL renegotiation after migrating
[SeeRM #8794]
2014-05-16 15:42:46 -05:00