a8d56afda6
Use store_loot() to save data to local disk
2012-02-20 01:30:11 -06:00
fccb338e29
Merge branch 'master' of github-r7:rapid7/metasploit-framework
2012-02-19 23:01:14 -06:00
e0a75c1b2c
Merge branch 'release/4.2-stable'
...
Conflicts:
lib/msf/core/model/host.rb
2012-02-19 22:57:22 -06:00
ea698864bd
Add aux module to disclose IIS internal IP (Feature #6405 )
2012-02-19 22:44:30 -06:00
95fa97cbd7
This module should be using store_loot() to save downloaded data
2012-02-19 20:48:00 -06:00
6037a2fc7a
Correct type and name for store_loot
2012-02-19 20:20:44 -06:00
f92ddb2475
Revert "Cleanup to the module output for vmware_http_login.rb"
...
This reverts commit 08d91aebdb
2012-02-19 18:55:49 -06:00
a25475fac0
Revert "Add a new vmauthd_version scanner (also pulls in the SSL cert if"
...
This reverts commit c4ea27d32b
2012-02-19 18:53:03 -06:00
d761265b93
Revert "Cosmetic cleanup to the module output for vmauthd_login"
...
This reverts commit 87e7bf4934
2012-02-19 18:52:39 -06:00
648686002b
Cosmetic cleanup of the vmware_http_login module
2012-02-19 18:51:16 -06:00
2521bd7b59
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:34:35 -06:00
00d2497a42
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:32:36 -06:00
c4ea27d32b
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:28:06 -06:00
87e7bf4934
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:16:54 -06:00
08d91aebdb
Cleanup to the module output for vmware_http_login.rb
2012-02-19 18:16:05 -06:00
825ea01f79
Correct report_web_vuln
2012-02-19 16:37:42 -06:00
199e9c518b
Add Generic HTTP Directory Traversal Utility (Feature #6338 )
2012-02-19 00:30:18 -06:00
6ced540e0b
Merge branch 'vmware-api' into vmware-stable
2012-02-18 18:38:20 -06:00
36dc0fee50
Better dynamic soap generation for all the vmware stuff
2012-02-18 18:29:46 -06:00
ebd5438984
Add POST to method
2012-02-17 22:36:33 -06:00
bb5e4a1600
Modules don't need to register VERBOSE, because it's already there
2012-02-17 21:07:44 -06:00
79ce43e3fe
This condition should never trigger, because OptEnum should automatically take care of it
2012-02-17 19:16:07 -06:00
e23f17cac2
Again, validate using OptEnum
2012-02-17 19:14:38 -06:00
d58b8c7b69
Use OptEnum to validate enumeration method
2012-02-17 19:12:47 -06:00
3390bdf312
Validate METHOD with OptEnum
2012-02-17 18:54:53 -06:00
974aea3521
Validate 'METHOD' using OptEnum
2012-02-17 18:46:56 -06:00
36bc31d677
Damn, the indent level is nuts in this thing
2012-02-17 18:43:47 -06:00
ec58b4669e
This module only handles GET, so that's the only option we'll allow
2012-02-17 18:20:16 -06:00
9e17b09632
This module is only meant to handle GET and PUT, so let's be strict on that
2012-02-17 18:17:28 -06:00
7ae58bfd9d
Make sure the HTTP method is always upper-case to make Apache happy
2012-02-17 18:15:23 -06:00
ddb43774c9
Some metadata fixes
2012-02-17 12:21:38 -06:00
ae57a8d9fd
Make sure the HTTP method is always uppercase so we don't get a 501
2012-02-17 03:34:39 -06:00
a0dac593bc
Merge branch 'vmware-api' of github.com:rapid7/metasploit-framework into vmware-api
2012-02-16 02:22:31 -06:00
e9b2e060d6
Permissions scanner for vmware
...
Fixed the way loot was getting stored to set a propper type
2012-02-16 02:19:33 -06:00
8d7ddab2af
Some minor bug fixes
...
Added vm_tag module for 'flag planting'
2012-02-16 00:45:48 -06:00
c5ae56a147
Adding User Enumeration Scanner for vmware
2012-02-15 22:55:11 -06:00
95f54413d8
Create a stable branch of vmware-api
...
Just to pick up the soap library and the esx_fingerprint stuff.
2012-02-15 21:25:56 -06:00
bf9ed96155
Fixes up esx_fingerprint and the host model to ID vmware correctly
...
Uses the proper host.normalize_os methods to fix up the normalization of
ESX servers.
2012-02-15 20:31:51 -06:00
a2778ea297
minor fixes to multi-session terminate
2012-02-15 16:50:12 -06:00
082b4acca8
Changed terminate session module to handle multiple sessions per run
2012-02-15 16:47:02 -06:00
c9cf47bd4c
Add Terminate Session module and some extra goodness to enum sessions
2012-02-15 16:39:13 -06:00
67ba39cc3e
Adds a scanner to pull active login sessions off servers
2012-02-15 02:27:25 -06:00
e0f11992af
Gah screwed up that commit, accidentally chunked out the rescues.
2012-02-15 02:12:06 -06:00
6b539036c9
Fix fingerprinting in the vmware_http_login module
2012-02-15 01:54:34 -06:00
e67e9ab34f
Adds a power off vm aux module
2012-02-14 20:52:45 -06:00
a256a6fb0b
Adds a power on vm module
2012-02-14 20:44:11 -06:00
bbca09458f
Workaround for report_host/service issue
...
See #6370
2012-02-14 11:19:38 -06:00
03884ddb46
Fix to title from copy pasted init section.
2012-02-14 10:36:15 -06:00
ad0594ee5f
Cleanup and add debug for fingerprint_vmware
2012-02-13 19:07:26 -06:00
8c1581567c
Cleanup on the vmware fingerprinting.
...
Add in some new OS constants and seperate out the fingerprinting
function from the connection function in order to avoid having errors
swallowed by a rescue.
2012-02-13 16:40:44 -06:00
727cde00c6
Taking David's version of vmware_http_login over mine
2012-02-13 14:54:47 -06:00
d036da627a
Clear lots of whitespace
2012-02-13 14:13:43 -06:00
31f001ed54
Improved vmware enumerate vm modules
...
now with screenshots!
2012-02-13 12:07:28 -06:00
8c305e1a28
VMWare Web service finerprinting and OS detection.
...
VMWare Screenshot stealer
Improvemenets to the mixin
fix to check method for the login scanner
2012-02-13 12:05:32 -06:00
a758462a32
Remove some whitespace
2012-02-13 11:01:26 -06:00
abb1548d9a
Fix extraneous print_status
2012-02-11 20:09:43 -06:00
676a0c53a0
Working Screenshot capability!
2012-02-11 03:51:18 -06:00
fe69a27bf1
Fix indent level and type
2012-02-10 03:22:51 -06:00
4b47a9e66f
Be gone, whitespace.
2012-02-10 03:16:37 -06:00
52e7743b41
Merge branch 'ipv6_logging' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-ipv6_logging
2012-02-10 03:13:18 -06:00
29b99aa7b4
Fix up titles/add boundary check for reporting external host
2012-02-08 12:23:46 -06:00
705c436ede
added more multicast addresses from wikipedia
2012-02-07 11:45:20 +01:00
e8aa624a16
Added todb's validator over to this working branch
2012-02-06 10:15:05 -06:00
8ad9beef75
Removing javascript_keylogger from master.
2012-02-06 09:37:16 -06:00
91820ad1c3
logging to notes
2012-02-06 08:56:35 +01:00
b2ae8a24dc
Fix go cow art (tabs are bad to align chars)
2012-02-05 02:20:31 -06:00
0dd3ad0efb
Remove naughty trailing commas
2012-02-05 02:03:49 -06:00
26f89f65bd
Fix the bug that causes store_loot() to run twice. Also, other minor format changes.
2012-02-05 02:00:03 -06:00
c2d1f64472
Merge branch 'master' of https://github.com/threatagent/metasploit-framework
2012-02-05 01:44:53 -06:00
db1e400dff
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-05 01:27:21 -06:00
df401f4c94
more fixes to backend stuff, plus updated vmware http login module to use
...
the correct mixin method now.
2012-02-03 15:44:41 -06:00
af506240cf
http_fingerprint reports service info
...
Service info once again is reported when http_fingerprint is run against
a target, along with http status codes.
2012-02-03 12:15:11 -06:00
786d75493c
Fix up VMWware webscan to not false positive
...
Checks to see if a target is actually vmware based on the provided
cookie, using the http_fingerprint() function from HttpClient.
[Fixes #6340 ]
2012-02-02 22:19:57 -06:00
c06b0f7e72
cleaning up an editor glitch.
2012-02-02 17:59:51 -06:00
1a278c55b5
a bit more cleanup
2012-02-02 16:19:21 -06:00
45b58bea06
got rid of bmp generation
2012-02-02 16:07:27 -06:00
e96eceb145
Editing Javascript keylogger
2012-02-02 15:01:22 -06:00
7b3262958d
Merge branch 'master' of github.com:threatagent/metasploit-framework
...
Conflicts:
modules/auxiliary/server/capture/javascript_keylogger.rb
2012-02-02 14:58:23 -06:00
59a44f75ec
Updated Javascript Keylogger
2012-02-02 14:42:13 -06:00
f45528ec68
Update modules/auxiliary/server/capture/javascript_keylogger.rb
2012-02-02 10:33:33 -06:00
3bfb8b3c9d
Adding Javascript Keylogger
2012-02-02 10:30:55 -06:00
e70f9151e5
Merge remote-tracking branch 'upstream/master'
2012-02-02 07:13:03 -06:00
3f48e626a2
Adding a bunch of new VIM API auxiliary stuff
...
Work in progress.
2012-02-01 12:05:20 -06:00
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
0b8987f2af
Merge results initialization fix
2012-01-31 01:29:44 -06:00
1dec4c0c45
These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE']
2012-01-30 13:08:35 -06:00
a0ac4125cd
Add aux module CMS400 default pass scanner (feature #6301 )
2012-01-30 10:40:59 -06:00
ce7f93f5d9
Merge pull request #138 from claudijd/master
...
Added Sequence Filters and MSF Exploit Capture to BNAT Scan
2012-01-29 22:07:25 -08:00
dda3453ac7
Correct a typo
2012-01-28 23:33:26 -06:00
774862508e
Handle another common error type
2012-01-28 23:31:20 -06:00
88298cf847
Added Sequence Filters and MSF Exploit Capture
...
-Sequence Filters (No More False Positives)
-Msf::Exploit::Capture (Use built-in MSF libs over manual threading)
-Immediate Feedback (Don't need to wait until complete to print results)
-Timeout (Includes user configurable timeout)
2012-01-28 22:44:12 -06:00
54ffb01080
This module should use the default list of tomcat users
2012-01-28 18:13:34 -06:00
ca7aa21202
Removed schema features from database hashdump modules
...
now that there are dedicated schemadump modules.
2012-01-28 16:55:39 -06:00
5a095e8ef5
Fixes for PCA modules
2012-01-28 14:35:07 -06:00
c63c7393e3
Print status output
2012-01-28 13:52:38 -06:00
f3eb78199b
Add TCP-based PCA probe
2012-01-28 13:52:38 -06:00
2d7852ddef
Merge PCA scans into udp_sweep/udp_probe
2012-01-28 13:05:24 -06:00
4cd38c5555
Adds login scanner module for VMware Server and ESX
2012-01-27 16:23:56 -06:00
a2d20e25d3
Fix a regression in the workspace inclusion code (only affected
...
non-DB-connected instances). Add a PCA UDP scanner
2012-01-27 12:36:13 -06:00
fe22090a12
Correct e-mail format
2012-01-26 13:04:38 -06:00
d0d964d8ab
Adds an error message if the module couldn't conenct to the target.
...
Fixes #6278
2012-01-26 10:56:07 -06:00
31fb7e7b28
Fallback to writing a new file if resuming fails
2012-01-25 14:49:30 -06:00
49be9996bc
Merge remote-tracking branch 'upstream/master'
2012-01-24 20:23:58 -06:00
35de6a593b
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:14:10 -06:00
2e2726c3c0
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:06:49 -06:00
88b1cd6891
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:03:33 -06:00
71648159a8
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:00:47 -06:00
a20bd78f75
Adding html_frame_payload.rb
2012-01-24 16:56:32 -06:00
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00
7ec5f98480
Adding jhart's natpimp libary and modules.
...
Made some minor corrections -- dropped the #vim splats, switched to msf
constants for service open etc, namely.
[See #106 ]
2012-01-24 10:32:30 -06:00
2f3e976173
Actually fix ruby loop syntax on d20pass
2012-01-24 10:08:19 -06:00
fc00398330
Yup, that's better
2012-01-23 16:02:35 -06:00
39a2a894ee
Fix fh, trailing comma, and ruby loop syntax
2012-01-23 15:15:49 -06:00
455bcda6e8
Print the port so we know which http service
2012-01-23 10:17:32 -07:00
34491970b3
Adds a new VMWare Authentication Daemon login scanner module.
2012-01-22 15:39:53 -06:00
bcb19ab0a3
Fixes an issue with smb_login not properly dealing with abritrary guest access
...
on Samba.
2012-01-22 01:35:36 -06:00
06b1bffcea
Addresses an issue with udp sweep module that recorded services
...
from non-specified hosts when they respond to broadcast probes.
2012-01-20 15:34:15 -06:00
be906023dc
one register_options() should be fine.
2012-01-20 13:02:54 -06:00
d6566aa818
Add CVE-2011-4050 7-Technologies IGSS 9 IGSSdataServer.exe DoS module (Feature #6267 )
2012-01-20 12:57:13 -06:00
bbb4205683
Set default maxpage to 1, because it's faster.
2012-01-20 11:09:38 -06:00
5631774d92
Fix bug: NoMethodError undefined method `each' for nil:NilClass (line 155)
2012-01-20 10:58:02 -06:00
a75b373d7a
Fixing e-mail format for antispam
2012-01-19 10:58:25 -06:00
ed3191bcfe
Adding d20pass module
2012-01-19 10:58:16 -06:00
bb035bfec2
Fix up API option names so they can be set globally
2012-01-18 15:05:39 -06:00
ad6f8257e1
MSFTidy fixes.
2012-01-18 15:01:32 -06:00
7d9ba6f5e9
Fix bug #6256 : uninitialized class variable error
2012-01-17 17:58:53 -06:00
d5443159d7
Merge pull request #110 from jhartftw/soap_xml_6249
...
Improvements to auxiiliary/scanner/http/soap_xml to (#6249 )
2012-01-16 18:19:33 -08:00
fe901b3fb2
Clean up error messages when LOCALSIP isn't defined. Remove
...
now-duplicated code is_ipv4?, clarify SMAC error messages.
2012-01-16 14:32:15 -08:00
6a057560fa
Improvements to auxiiliary/scanner/http/soap_xml to:
...
* Detect additional SOAP faults to reduce false positives
* More obviously support SSL
* Report http/https
* Make it obvious when a SOAP endpoint falls over mid-scan
* Add a few more nouns/verbs
* Add an optional SLEEP to play nice with old/slow SOAP endpoints
https://dev.metasploit.com/redmine/issues/6249
2012-01-16 12:27:17 -08:00
4ac6c0c3ee
A great big pile of fixes to the ssh scanners
...
Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have been merged in prior to
just now.
2012-01-13 13:49:21 -06:00
d52df50a77
Drop a spurious print_error line from smtp_version
2012-01-13 11:46:56 -06:00
6234d13f7c
Added Schema Dump Module for Postgres
2012-01-12 15:20:46 -05:00
52be1c3a7a
Add schemadump module for MySql
2012-01-11 12:16:22 -08:00
8c594798d7
Fix to the AIX jtr module title.
2012-01-11 09:11:23 -08:00
13069990eb
Added module for dumping schema information from Microsoft SQL Server
...
and storing it as loot and notes.
2012-01-10 15:32:09 -08:00
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
ed0dbad243
Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.
...
Fixes #6066
2012-01-10 12:32:47 -08:00
b76767669c
Update Nenad's author name and e-mail
2012-01-09 20:14:47 -06:00
8eee54d1d0
Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb)
2012-01-09 14:23:37 -06:00
eeb3a442de
whitespace correctly smtp_version.rb
2012-01-09 14:11:10 -06:00
15990efd85
Removing useless (?) begin/rescue from smtp_version
...
Let the scanner mixin handle the exceptions.
2012-01-09 14:11:10 -06:00
e12d5588c6
Set data on webdav scanner notes to include webdav path.
...
'Enabled' in the data field was useless since the note existing
already tells you webdav is enabled.
The path that webdav was running on wasn't kept anywhere though.
2012-01-09 08:33:45 -08:00
a1668f2b23
Adds SSHKey gem and some other ssh goodies
...
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.
Squashed commit of the following:
commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 22:23:32 2012 -0600
Updates ssh credentials to easily find common keys
Instead of making the modules do all the work of cross-checking keys,
this introduces a few new methods to the Cred model to make this more
universal.
Also includes the long-overdue workspace() method for credentials.
So far, nothing actually implements it, but it's nice that it's there
now.
commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 20:10:40 2012 -0600
Adding back cross-checking for privkeys.
Needs to test to see if anything depends on order, but should
be okay to mark up the privkey proof with this as well.
commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 16:49:56 2012 -0600
Add SSHKey gem, convert PEM pubkeys to SSH pubkeys
commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 13:51:55 2012 -0600
Store pubkeys as loot for reuse.
Yanked cross checking for now, will drop back in before pushing.
commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 02:10:12 2012 -0600
Fixes up a couple typos in ssh_identify_pubkeys
commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date: Sat Jan 7 17:18:33 2012 -0600
Updates to ssh_identify_pubkeys and friends
Switches reporting to cred-based rather than note-based, accurately deal
with DSA keys, adds disable_agent option to other ssh modules, and
reports successful ssh_login attempts pubkey fingerprints as well.
This last thing Leads to some double accounting of creds, so I'm not
super-thrilled, but it sure makes searching for ssh_pubkey types a lot
easier.... maybe a better solution is to just have a special method for
the cred model, though.
2012-01-08 22:28:37 -06:00
b12baccc49
Quick update, added a research option
2012-01-07 01:13:23 -06:00
6d401b48d1
Fix typo
2012-01-07 00:02:51 -06:00
b7e29191f5
Add Drupal 'Views' module username enumeration (Feature #6194 )
2012-01-06 23:51:32 -06:00
40a1d8bcc8
Fixed issue with a missing nil check in ftp_login
2012-01-06 20:51:58 -08:00
81acfd2126
Adds hashdump and cracking modules for AIX
2012-01-06 20:31:22 -08:00
8e017fd4db
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-01-06 20:30:25 -08:00
bf425a6744
Fixed bug that prevented telnet sessions from opening with good creds
2012-01-06 16:59:08 -08:00
6ceb2f04a3
Add CVE-2011-2474 Sybase EAServer directory traversal vulnerability
2012-01-06 14:24:49 -06:00
7b26e33e19
Initial version
2012-01-06 00:53:50 -06:00
ba86e8a04f
Added PROPFIND support to http_login
...
This allows http_login to test against WebDAV.
Also added XAMPP default usernames and passwords to default wordlists
2012-01-05 12:10:53 -08:00
bc22b7de99
MSFConsole should display hostless loot, also typo fix.
...
Fixes the console to display loot not associated with a host, as when
the CorpWatch modules save loot. Also fixes a typo on
corpwatch_lookup_id.rb
Fixes #6177
2011-12-29 15:11:15 -06:00
b202c29153
Correct e-mail format
2011-12-29 11:27:10 -06:00
a330a5c63a
Add e-mail for Brandon
2011-12-29 10:53:39 -06:00
c88b582f97
Add CorpWatch Name lookup module by bperry
2011-12-28 15:43:21 -06:00
d896f128e5
Add CorpWatch ID Lookup module by bperry
2011-12-28 15:41:28 -06:00
9e1e87508f
Fix to boundary validation for when no db is present
...
Fixes #6171
2011-12-28 08:47:22 -08:00
2ad5c56d48
Typo in comment
2011-12-27 19:11:09 -06:00
617f3250cf
Handle patched systems accurately (requires actually triggering the bug)
2011-12-27 19:04:34 -06:00
f8e3119215
Add references
2011-12-27 17:50:06 -06:00
9b995bc0a5
Adds boundary validation to the framework
...
enforces boudnary checking on netbios probes
2011-12-27 11:33:52 -08:00
ce6b1d6b8c
Improve:
...
- Use 'Actions' to configure which OWA version to try
- Fix a bug where the USER_AS_PASS option might overwrite PASSWORD (and not restoring it) even though a password is already set.
- Increase timeout to 25
- Update description
2011-12-22 16:26:02 -06:00
a03f5e32f8
Merge branch 'master' of github_r7:rapid7/metasploit-framework
2011-12-22 11:11:29 -06:00
2f55f08ebe
Actually describe the module in the title/description
2011-12-22 11:10:24 -06:00
5e1efdcd73
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-12-22 10:49:53 -05:00
30141f3008
Fix typo in the oracle enum aux module
...
The password grace time query was not checking the right value,
spotted by user bNull in the IRC channel.
2011-12-22 10:47:57 -05:00
743a0546f1
Don't blow up if the user doesn't set a filename
...
Can't actually require FILENAME or REMOTE_FILENAME because I don't know
if you're going to upload or download. However, there shouldn't be a
stacktrace when you just try to go with neither.
2011-12-21 16:26:29 -06:00
2db697cd7a
Fixup on checkpoint firewall module
...
get() should get get_once() (intent is to get 4 bytes,
not timeout after 4 seconds), no need to escape equals
signs in regexes, no need to newline the unexpected
responses.
2011-12-21 11:21:46 -06:00
c6297458e6
Adding ref/disclosure date to checkpoint module
...
Talked with patrick, this all looks correct now.
2011-12-21 10:59:02 -06:00
1128c3ec6b
Checkpoint error msg should use res.inspect
...
Otherwise your terminal will go all wonky.
2011-12-20 15:46:31 -06:00
a58ddcae1b
Adds reporting to Patrick's Checkpoint module
...
Also refers to port 264/TCP as the SecuRemote service instead of the
Topology service (I believe this is correct)
Reporting is initially conservative -- if we don't get something for
fw_hostname, then don't bother reporting at all; assume we're
mis-identifying the target.
2011-12-20 15:44:05 -06:00
d439390aa2
Fix typo
2011-12-20 12:19:34 -06:00
c2d59f0307
Fix issue #6133
2011-12-20 11:32:33 -06:00
c83c3d5128
TFTP forgot to commit my rename.
...
Fixes #5291 for real.
2011-12-20 10:45:29 -06:00
1a396ba955
Merge pull request #70 from rapid7/tftp_client
...
Tftp client
2011-12-20 08:42:42 -08:00
11a27a1e61
Renaming TFTP transfer util.
...
See #5291 . Just renaming the file.
2011-12-20 10:06:44 -06:00
24d53efa7c
Final touches on TFTP client
...
See #5291 . Adds an option to mess with the block size in case someone
wants to write a fuzzer or exploit that leverages that. Adds a cleanup
method to the module (pretty much required, it turns out). Looking
nearly final, just need to rename the module and I think we're good to
push to master.
2011-12-20 10:03:04 -06:00
0200b6367a
Add OKI Scanner (Feature #6125 )
2011-12-20 03:09:09 -06:00
677cb4b152
Handle empty data sends sanely for TFTP.
...
Don't just hang forever -- let the user know they just send empty data.
TFTP servers don't like this of course.
2011-12-19 21:56:03 -06:00
2b3e3725ac
TFTP adding comment docs, ability to send w/out a file.
...
Commenting the tricksy parts a little better for general usage.
Adding the ability to set FILEDATA instead of FILENAME, in case
only short bits of data are desired and the user doesn't want
to go to the trouble of creating a source file to upload.
2011-12-19 18:15:19 -06:00
431ef826c9
TFTP client now uses constants, preserves trailing spaces/nulls in data
...
See #5291 , just rediscovered the bug on this.
2011-12-19 16:33:25 -06:00
5eaf2e7535
Adding download and loot functionality.
...
Still need to deal with the use case of not passing a block; blocks
should not be required, it should be okay to invoke and just wait for
the complete attribute to be true. You'll miss out on error messages but
eh, maybe those should be return values.
2011-12-19 15:50:50 -06:00
aecde6fea4
Updating TFTP client. Now with grown-up thread handling.
...
No longer blocks on successful connections.
2011-12-19 12:14:40 -06:00
902d7f5ea7
Adding more to TFTP. Still need a read tho
...
Adds error checking and some helpful messaging in the event of an error.
In the event of a failed transfer the module exits immediately, but in
success, I'm still hanging around for several seconds after. Not a deal
breaker but can be annoying.
Also, need to implement a read as well as a write and store it as loot,
to be actually useful for most TFTP checking.
2011-12-18 21:05:27 -06:00
23aadd04f7
Fixing merge conflict cruft
...
Dangit teach me to merge quickly. TFTP module now loads again.
2011-12-18 13:28:52 -06:00
1201d7fbf2
Merge branch 'tftp_client' of github_r7:rapid7/metasploit-framework into tftp_client
...
Conflicts:
modules/auxiliary/admin/tftp/tftp_upload_file.rb
2011-12-16 22:41:22 -06:00
0b8914021c
Switch to vprint_status, also add skeletal cleanup def.
2011-12-16 21:06:10 -06:00
50fa10679b
First draft of a TFTP client.
...
Could use some actual error checking and also needs to expose
more options.
2011-12-16 18:41:55 -06:00
a6867ef128
First draft of a TFTP client.
...
Could use some actual error checking and also needs to expose
more options.
2011-12-16 18:39:09 -06:00
205637892b
Added checkpoint_hostname aux module.
2011-12-16 10:54:34 -06:00
bb2ea62de8
Add CVE-2008-0926: Novell eDirectory eMBox Unauthenticated Access (Feature #2729 )
2011-12-15 23:09:26 -06:00
7b2a1dc791
Repair dead milw0rm link to exploit-db
2011-12-13 16:11:33 -06:00
a5189917da
Add CVE-2005-4832: Oracle Database Server DBMS_CDC_SUBSCRIBE SUBSCRIPTION_NAME SQL Injection (Feature #6094 )
2011-12-13 15:44:39 -06:00
f402b8598b
Whitespace and File.open binary mode cleanups.
...
Fixes some recent modules: dns_fuzzer, shodan_search,
avidphoneticindexer, and win_privs.
2011-12-12 17:31:28 -06:00
b4f58ef8fd
Trailing commas kill 1.8. dangit.
...
Fixed dns_fuzzer to knock that off.
2011-12-12 10:26:53 -06:00
4736cb1cbe
Merge pull request #48 from swtornio/master
...
add osvdb ref
2011-12-11 20:37:43 -08:00
a9db05e53b
Fix regular expression
2011-12-10 13:24:58 -06:00
cd4d7d3c47
Handle IPv6 properly (host header parsing)
2011-12-10 13:24:58 -06:00
25685c4c74
add osvdb ref
2011-12-10 08:07:21 -06:00
8ccb68c9df
Adding an add_socket() to dhcp and rftp as lauched with a survice
...
when succesful.
Closing the related pull reuquest for this one.
2011-12-10 03:39:25 -06:00
e52436e7ad
Drop the incorrect Id keyword from h323_version
2011-12-09 14:29:55 -06:00
d6d9ac17d2
use store_loot() instead of store_local()
2011-12-08 11:10:31 -06:00
c366e652b9
Revert "Using store_local() to store stuff for dir traversal bugs feels much better than store_loot()"
...
This reverts commit d37daa4934
2011-12-08 10:11:09 -06:00
d37daa4934
Using store_local() to store stuff for dir traversal bugs feels much better than store_loot()
2011-12-07 19:08:24 -06:00
aa5c0c46b6
Fix indent level
2011-12-07 18:44:49 -06:00
feab7f5077
Add CVE-2011-4350
2011-12-07 18:42:52 -06:00
b7ccbcd6b5
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-12-07 12:23:23 -06:00
84682b3615
Apply patch #6072
2011-12-07 12:22:58 -06:00
b8767d5f57
Fix typo on 1.8.7
2011-12-07 10:45:23 -06:00
f1950c2fe1
Adding back bitstruct (current upstream) and dns_fuzzer module
...
Fixes #3289 .
This commit adds back the bit-struct library because in the end,
it is useful for some modules, especially pello's. It's small
and it has a nice license, so why not. After all, it /is/
useful for quicky application headers. Eventually, should
be replaced by StructFu, but that requires some doc work
on my part to get that transition in place.
This also adds pello's DNS fuzzer module which makes use of
BitStruct to create sometimes malformed-on-purpose DNS headers.
Tested against 3 different DNS servers, caused one to reboot,
so I'd say it works.
2011-12-06 17:03:36 -06:00
0bbbcd549d
Add port information, and allow search in data
2011-12-05 22:22:36 -06:00
84af4647db
Merge branch 'issue_1083_oracle'
2011-12-05 17:39:46 -06:00
4da2c32734
Minor update to xdb_side_brute, see #1083
...
Adds a typo fix and adds an explicit VERBOSE option.
2011-12-05 15:11:09 -06:00
dbd00efefe
Merge branch '4.3-schema'
2011-12-05 15:04:35 -06:00
37516134f0
FILTER shouldn't be case-sensitive
2011-12-05 13:19:04 -06:00
97087d88fa
Mark portscan modules as v6 incompatible
2011-12-05 13:07:36 -06:00
cf28713f9a
Mark specific modules as incompatible due to use of quad-dot code
2011-12-05 13:07:36 -06:00
fd2eb200fb
Add Shodan Search Module (Feature #5451 )
2011-12-05 12:50:21 -06:00
3cd2caca1a
Fix #6052
2011-12-04 13:49:13 -06:00
f63a616739
add osvdb ref
2011-12-04 07:48:48 -06:00
2720572a37
Add IPSwitch Whatsup Gold TFTP directory traversal module
2011-12-03 18:46:34 -06:00
dbe7e6aecf
Remove a leftover debugging statement
2011-12-02 00:06:04 -06:00
9f99cfc757
Convert the h323 module to MSF_LICENSE (backport from Pro)
2011-12-01 16:01:01 -06:00
3e5e9a910e
Add h323 scanner
2011-12-01 16:01:01 -06:00
40ab37fa10
Merge branch 'iss5979'
2011-11-30 12:16:33 -08:00
897731f3a5
Check creds (feature #6025 ). Also bringing the 'Inbox' regex back
2011-11-29 11:01:39 -06:00
f503bd9488
Fixes #5749 by converting to unix-style linefeeds and forcing jtr modules to read files as binary, and updating msftidy to allow for r+b as a ghetto append.
2011-11-28 17:52:34 -06:00
c411c216c0
Solved most of msftidy issues with the /modules directory
2011-11-28 17:10:29 -06:00
3a84c31326
Using a better regex for a successful login. Thanks Borys.
2011-11-28 14:29:42 -06:00
bc541c118d
Apply patch #6020
2011-11-28 14:16:24 -06:00
5165865560
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-11-28 14:07:19 -06:00
59ab0c3a18
Fix bug #6021 , Thanks Borys
2011-11-28 14:06:56 -06:00
44a47f9913
Fixing up OWA bruteforce module to conform with the usual print_status
...
messages.
2011-11-28 13:31:54 -06:00
a578db7f56
Apply fix for #6019
2011-11-28 01:12:18 -06:00
ebfe269698
Apply patch for #5824
2011-11-26 16:52:12 -06:00
5e08c93ac9
Apply patch #5580
2011-11-26 15:32:43 -06:00
b7950a752e
Add feature #4929 (MS09-053)
2011-11-26 13:30:35 -06:00
c61d02686a
HTTP login scanners need to set duplicate_ok to true
...
or different web applications on the same server
may wipe eachother's creds out.
2011-11-22 13:04:10 -08:00
9d7f7b1f0e
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-11-22 11:53:14 -08:00
9e40fac8b1
Added a check to the Axis login scanner to ensure
...
that the supplied url is valid.
Need this because we don't currently have a way to fingerprint
for Axis2 so we are relying on Tomcat fingerpinting.
2011-11-22 11:52:06 -08:00
25f4b45bd1
Apply patch #6004
2011-11-22 13:07:46 -06:00
f81567fb6f
Fix to typo in the tables being pushed.
2011-11-21 15:49:57 -08:00
67120d4263
msftidy on aux modules, see #5749
2011-11-20 13:12:07 +11:00
ff22246119
Attempt to fix #5979
2011-11-18 12:53:35 -08:00
c8142043e9
Fixes to credential handling to downcase usernames whenever they are not case sensitive.
...
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
2011-11-14 22:50:52 -08:00
96d2209ca2
Minor fixups for trace report_note patch
2011-11-14 10:40:11 -06:00
5d5c9464cc
Do some report_note while TRACE detection
2011-11-14 12:10:53 +01:00
71599f5ef9
Fix sqlmap aux to work with actual sqlmap.py
...
Commit relates to IssueID #5807
2011-11-13 09:18:33 +01:00
sinn3r
Matt Buck
HD Moore
David Maloney
Tod Beardsley
bperry-r7
HD Moore
m-1-k-3
Marcus J. Carey
Marcus J. Carey
sinn3r
Jonathan Claudius
Jonathan Cran
Joshua J. Drake
Jon Hart
James Lee
Brandon Perry
Tod Beardsley
Patrick Webster
Steve Tornio
Rob Fuller
andurin