Commit Graph

6795 Commits (0871fe25e87fab1539fc760c59122c3b2a0730fc)

Author SHA1 Message Date
Jon Hart 962cf77873
Not all modules have comments 2015-11-02 09:14:41 -08:00
Jon Hart 4effd3aa81
Handle case where motd comes after negotiation 2015-11-02 09:12:57 -08:00
Jon Hart d18b6ff9cd
More doc, error handling 2015-10-30 13:13:44 -07:00
Jon Hart ff1d0709e0
vprint if the thing isn't rsync 2015-10-30 12:39:06 -07:00
William Vu f8a39ecc21
Land #6145, better RPC exception handling 2015-10-30 13:25:52 -05:00
Jon Hart eb99aaa216
Print out modules before building/reporting table 2015-10-30 09:49:07 -07:00
Jon Hart 86b48490f0
Merge branch 'master' into poc/rsunk 2015-10-30 09:42:41 -07:00
Louis Sato 57304a30a8
Land #6139, remove bad ref links 2015-10-29 16:00:43 -05:00
wchen-r7 93df45eff1
Land #6138, Land joomla plugin com_realestatemanager Error Based SQLi 2015-10-28 13:36:14 -05:00
wchen-r7 09b79414ee Report hash 2015-10-28 13:33:00 -05:00
wchen-r7 1805774b16 Resolve #6020, Better RPC exception handling
Resolve #6020. Avoid trying to rescue RuntimeError.
2015-10-28 11:16:44 -05:00
wchen-r7 e7d6493311 Replace links 2015-10-28 10:45:02 -05:00
Jon Hart b5d0804442 Detect if an rsync module requires authentication 2015-10-27 18:15:18 -07:00
Jon Hart 4a3848cc4f Handle rsync motd 2015-10-27 18:15:18 -07:00
Jon Hart 73a6b47606 Split out negotiation and listing 2015-10-27 18:15:18 -07:00
Jon Hart 6dd40ec063 Better reporting 2015-10-27 18:15:18 -07:00
Jon Hart caf848ddf4 Store table better 2015-10-27 18:15:18 -07:00
Jon Hart 3e7f7f2eec Remove unnecessary table options, as these are the default 2015-10-27 18:15:18 -07:00
Jon Hart 4f468dbcd7 Usability improvements for rsync modules_list 2015-10-27 18:15:18 -07:00
Jon Hart 6781dfa6ee Style cleanup for rsync modules_list 2015-10-27 18:15:18 -07:00
Jon Hart 78ad9908d2 Doc 2015-10-27 18:10:18 -07:00
Jon Hart f2b6d37630 Add WIP module for Cisco Talos' NTP 'NAK to the future' 2015-10-27 18:10:07 -07:00
wchen-r7 154fb585f4 Remove bad references (dead links)
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
William Vu a65172bbcb
Land #6125, Joomla SQLi creds gather module 2015-10-27 11:21:30 -05:00
William Vu 9041f95511 Perform final cleanup 2015-10-27 11:21:17 -05:00
nixawk 132cbf0cd7 joomla plugin com_realestatemanager Error Based SQL Ijnection 2015-10-27 15:18:17 +00:00
Brandon Perry c7fe014854 remove global variables 2015-10-26 17:13:51 -05:00
Brandon Perry 8b4f2290ed no more session ids in desc 2015-10-25 11:01:17 -05:00
nixawk f738dd2acb replace print_* with vprint_* / fix check method 2015-10-25 06:57:56 +00:00
nixawk a6628110f6 rebuild joomla_contenthistory_sqli (cve-2015-7297) 2015-10-25 03:56:36 +00:00
Brandon Perry 949a4c797b Update joomla_contenthistory_sqli.rb 2015-10-23 09:33:12 -05:00
Brandon Perry 07d549d783 Update joomla_contenthistory_sqli.rb
Remove sessions for now
2015-10-23 09:32:15 -05:00
William Vu f00f90532a Fix SSH_DEBUG for ssh_login{,_pubkey} 2015-10-22 15:14:45 -05:00
Brandon Perry e4281dd1fb Create joomla_contenthistory_sqli.rb 2015-10-22 15:05:02 -05:00
fraf0 4e50f3ebde Update dns_srv_enum.rb
Patch for :
	- Split record srvrcd one entry by line for readability.
	- Add record for Default-First-Site-Name :
	(according to https://technet.microsoft.com/en-us/library/cc759550%28v=ws.10%29.aspx)
		'_gc._tcp.Default-First-Site-Name._sites.',
		'_kerberos._tcp.Default-First-Site-Name._sites.',
		'_kerberos.tcp.Default-First-Site-Name._sites.dc._msdcs.',
		'_ldap._tcp.Default-First-Site-Name._sites.',
		'_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.',
		'_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.',
	- Remove double entry '_kerberos.tcp.dc._msdcs.'
	- Add fqdn query in logs.
	- Add report_note to store and preserve the fqdn query.

Ps : I'm not very familiar with the code and patch rules for modules. Thank you to excuse my eventual errors.
2015-10-21 18:27:14 +02:00
William Vu 88159edf9f Fix double raise in vnc_none_auth
Not necessary for what it's trying to accomplish, being a scanner.
2015-10-19 18:22:06 -05:00
jvazquez-r7 28ca34c40a
Fix conflicts 2015-10-16 15:38:59 -05:00
wchen-r7 896099b297
Land #6082, Directory Traversal for Elasticsearch 2015-10-16 11:00:27 -05:00
wchen-r7 e59a4e36b7 Fix check 2015-10-16 10:59:04 -05:00
Roberto Soares 41e9f8a91b Some code changes from Roberto 2015-10-16 10:47:19 -05:00
jvazquez-r7 67820f8b61
Fix Packetstorm references 2015-10-15 12:42:59 -05:00
jvazquez-r7 4517270627
Fix modules using Msf::HTTP::JBoss 2015-10-15 11:49:15 -05:00
jvazquez-r7 d4cf9a4eb9
Update moduels using Msf::HTTP::Typo3 2015-10-15 11:48:27 -05:00
jvazquez-r7 cf9ddbb701
Update moduels using Msf::HTTP::Wordpress 2015-10-15 11:47:13 -05:00
jvazquez-r7 db5d83a40a
Move namespaces 2015-10-15 09:17:06 -05:00
William Vu 2a2d8d941d
Land #6054, HTTP Host header injection module 2015-10-13 23:37:31 -05:00
jaguasch d933962ff9 Last fix, including espreto minor changes 2015-10-13 18:41:51 +01:00
William Vu c642057fa0 Clean up module 2015-10-13 12:03:41 -05:00
jaguasch 772f9d8742 Changes based on espreto recommendations 2015-10-13 16:06:26 +01:00
jaguasch 7790f14af2 Auxiliary module to exploit CVE-2015-5531 (Directory traversal) in Elasticsearch before 1.6.1 2015-10-13 13:05:58 +01:00
Tod Beardsley 185e947ce5
Spell 'D-Link' correctly 2015-10-12 17:12:01 -05:00
jvazquez-r7 ed0b9b0721
Land #6072, @hmoore-r7's lands Fix #6050 and moves RMI/JMX mixin namespace 2015-10-10 00:24:12 -05:00
HD Moore cd2e9d4232 Move Msf::Java to the normal Msf::Exploit::Remote namespace 2015-10-09 13:24:34 -07:00
William Vu b95d5790f6 Improve output 2015-10-09 11:13:50 -05:00
William Vu 6d2a89e9a6 Be more descriptive about EOFError
There are other modules that could be updated, surely.
2015-10-09 11:05:17 -05:00
jvazquez-r7 5fab1cc71a
Add loop timeout 2015-10-09 11:05:05 -05:00
wchen-r7 3a0f7ce699
Land #6044, ManageEngine ServiceDesk Plus Arbitrary File Download 2015-10-07 15:24:14 -05:00
wchen-r7 f0b6d3c68e Change error message to avoid an undef method bug 2015-10-07 15:23:29 -05:00
wchen-r7 a2c9e2549d
Land #6014, support TCP advanced options for loginscanner mods 2015-10-07 14:26:25 -05:00
William Vu ddea0ea708
Fix #5797, extraneous nil fix 2015-10-07 01:11:51 -05:00
William Vu 0182f394b4 Remove extraneous nil
Didn't need it, forgot to remove it.
2015-10-07 01:10:33 -05:00
JT 205b175a95 Update host_header_injection.rb 2015-10-07 13:20:06 +08:00
JT 6b3da7f7d8 Update host_header_injection.rb
made some changes as suggested by @espreto
2015-10-07 13:01:49 +08:00
JT a1e0e0cdd9 Add HTTP Host-Header Injection Detection 2015-10-07 11:19:00 +08:00
wchen-r7 5fac0a6ae5
Land #5995, advanced options on Metasploit::Framework::LoginScanner::SMB 2015-10-06 16:36:18 -05:00
William Vu 3f2d5d7f06 Add newline back in 2015-10-05 11:42:58 -05:00
xistence 41b07eeef6 Small changes to servicedesk_plus_traversal 2015-10-05 08:56:00 +07:00
Roberto Soares ed8f5456a4 Fix bugs in drupal_views_user_enum. 2015-10-04 05:53:54 -03:00
xistence e6a57d5317 Add ManageEngine ServiceDesk Plus Path Traversal module 2015-10-03 15:54:44 +07:00
Brent Cook dea0142da1 catch network exceptions 2015-10-02 18:26:37 -05:00
William Vu 55895c6305 Fix nil bug in mssql_idf 2015-10-02 18:20:06 -05:00
jvazquez-r7 1f26ec1252
Land #6018, @pedrib's module for Kaseya VSA ZDI-15-448 2015-10-02 08:58:43 -05:00
Pedro Ribeiro d334dc237f Update kaseya_master_admin.rb 2015-10-02 13:21:28 +01:00
jvazquez-r7 1b21cd9481
Do code cleanup 2015-10-01 13:37:18 -05:00
William Vu 2ab779ad3d
Land #6010, capture_sendto fixes 2015-10-01 10:54:24 -05:00
William Vu 2e2d27d53a
Land #5935, final creds refactor 2015-10-01 00:25:14 -05:00
William Vu 494b9cf75f Clean up module
Prefer TARGETURI and full_uri.
2015-09-30 22:37:03 -05:00
Jake Yamaki 2e5999a119 Missed colon for output standardization 2015-09-30 16:41:46 -04:00
Jake Yamaki 3d41b4046c Standardize output and include full uri 2015-09-30 16:33:15 -04:00
Jake Yamaki 1bfa087518 Add IP to testing results
When specifying multiple hosts the resulting output is useless because you don't know which bypass goes to what IP address
2015-09-30 15:22:24 -04:00
Pedro Ribeiro 8af5a8e310 Create exploit for Kaseya privilege escalation 2015-09-29 11:51:21 +01:00
jvazquez-r7 269641a0ff
Update vmauthd_login to have into account advanced TCP options 2015-09-28 14:38:35 -05:00
jvazquez-r7 2f46335c90
Update brocade_enbale_login to have into account advanced TCP options 2015-09-28 14:36:23 -05:00
jvazquez-r7 adb76a9223
Update telnet_login to have into account advanced TCP options 2015-09-28 14:35:58 -05:00
jvazquez-r7 0eed30ce05
Update pop3_login to have into account advanced TCP options 2015-09-28 14:29:50 -05:00
jvazquez-r7 d02193aaeb
Update mysql_login to have into account advanced TCP options 2015-09-28 14:28:32 -05:00
jvazquez-r7 0abb387c1a Update mssql_login to have into account advanced TCP options 2015-09-28 14:22:19 -05:00
jvazquez-r7 df3e4e8afd
Update ftp_login to have into account advanced TCP options 2015-09-28 14:18:05 -05:00
jvazquez-r7 a99e44b43a
Update vnc_login to have into account advanced TCP options 2015-09-28 14:13:08 -05:00
jvazquez-r7 4d8f0a6ec4
Update db2_auth to have into account advanced Tcp options 2015-09-28 14:10:55 -05:00
jvazquez-r7 07b44fccb9
Update AFP login scanner to have into account advanced options 2015-09-28 14:03:55 -05:00
jvazquez-r7 1e4e5c5bae
Update ACPP login scanner to have into account advanced options 2015-09-28 13:50:20 -05:00
Jon Hart 989fe49750
Fix #6008 for synflood 2015-09-27 14:50:59 -07:00
Jon Hart 7ad7db7442
Fix #6008 for rogue_send. Correctly. 2015-09-27 14:48:58 -07:00
Jon Hart 7b026676f1
Fix #6008 for avahi_portzero 2015-09-27 14:47:05 -07:00
Jon Hart 20ddb65ff8
Fix #6008 for bnat_scan 2015-09-27 14:18:51 -07:00
Jon Hart 06a10e136a
Fix #6008 for rogue_send 2015-09-27 14:12:23 -07:00
Jon Hart d3a41323b8
Fix #6008 for ipidseq.rb 2015-09-27 14:05:05 -07:00
Jon Hart 5b1ee8c8ca
Fix #6008 for syn.rb 2015-09-27 13:54:11 -07:00
Jon Hart 3888b793bd
Fix #6008 for ack.rb 2015-09-27 13:53:47 -07:00
Jon Hart 766829c939
Fix #6008 for xmas.rb 2015-09-27 13:46:00 -07:00
jvazquez-r7 c85913fd12
Land #5983, @jhart-r7's SOAP PortMapping UPnP auxiliary module 2015-09-26 15:47:04 -05:00
jvazquez-r7 f6f3efea75
print the body as verbose 2015-09-25 13:51:18 -05:00
jvazquez-r7 80c9cd4e6f
Restore required option 2015-09-25 13:41:27 -05:00
jvazquez-r7 e4e9609bc2
Use single quotes 2015-09-25 13:35:38 -05:00
jvazquez-r7 a5698ebce0
Fix metadata 2015-09-25 13:34:16 -05:00
William Vu 44fa188e71
Land #5984, android_mercury_parseuri module 2015-09-23 02:44:53 -05:00
jvazquez-r7 2b7ffdc312
Use datastore advanced options used by smb_login 2015-09-21 17:48:05 -05:00
wchen-r7 060acbc496 newline 2015-09-17 11:39:39 -05:00
wchen-r7 08b5b8ebb2 Add ADDITIONAL_FILES option 2015-09-17 11:30:58 -05:00
joevennix 0d94b8a48f Make andorid_mercury_parseuri better 2015-09-17 09:59:31 -05:00
Jon Hart 0113cbd353
Nokogiri::XML::Builder instead 2015-09-16 19:53:33 -07:00
jvazquez-r7 adab9f9548
Do final cleanup 2015-09-16 20:59:32 -05:00
jvazquez-r7 4d0d806e1d
Do minor cleanup 2015-09-16 19:30:40 -05:00
jvazquez-r7 46168e816b Merge for retab 2015-09-16 17:13:08 -05:00
jvazquez-r7 688a5c9123
Land #5972, @xistence's portmapper amplification scanner 2015-09-16 14:58:19 -05:00
jvazquez-r7 8ae884c1fc Do code cleanup 2015-09-16 14:46:27 -05:00
wchen-r7 b4aab70d18 Fix another typo 2015-09-16 11:34:22 -05:00
wchen-r7 bef658f699 typo 2015-09-16 11:32:09 -05:00
wchen-r7 63bb0cd0ec Add Android Mercury Browser Intent URI Scheme & Traversal 2015-09-16 00:48:57 -05:00
xistence 0657fdbaa7 Replaced RPORT 2015-09-13 09:19:05 +07:00
xistence 521636a016 Small changes 2015-09-13 08:31:19 +07:00
xistence 79e3a7f84b Portmap amplification scanner 2015-09-12 16:25:06 +07:00
HD Moore cddf72cd57 Show errors when no results are found 2015-09-10 14:05:40 -07:00
wchen-r7 5646f2e0c4 successful status should include last_attempted_at 2015-09-04 13:45:44 -05:00
wchen-r7 cf6d5fac2a Use the latest cred API, no more report_auth_info 2015-09-04 13:43:15 -05:00
wchen-r7 d55757350d Use the latest credential API, no more report_auth_info 2015-09-04 03:04:14 -05:00
HD Moore 6e4ae1238b
Land #5791, show the VHOST in module output 2015-09-03 11:36:19 -05:00
HD Moore b8eee4a9e4 Show the IP address if it doesn't match the VHOST 2015-09-03 11:35:38 -05:00
HD Moore 1b021464fe
Land #5919, remove deprecated VMware modules & update resource script. 2015-09-03 10:23:48 -05:00
HD Moore 9f9bbce034
Land #5840, add LLMNR & mDNS modules 2015-09-02 18:30:29 -05:00
HD Moore 0120e5c443 Cosmetic tweaks, don't report duplicate responses 2015-09-02 18:30:03 -05:00
Jon Hart 42a2a86f32
Back out all changes to ms11_030_dnsapi 2015-09-02 13:53:10 -07:00
Jon Hart 6d1ab101ed
Back out all changes to llmnr_response 2015-09-02 13:52:38 -07:00
HD Moore 126fc9881e Cleanup and tweaks 2015-09-02 12:48:53 -05:00
Jon Hart 3d04d53e3a
first pass at better output and report_service 2015-09-02 10:31:46 -07:00
JT b89b6b653a Update trace.rb 2015-09-03 01:26:45 +08:00
JT 73bf812dfd Update trace.rb
removed the cookie
2015-09-03 00:35:23 +08:00
JT 5ecee6aaba Update trace.rb
removed some spaces so that msftidy will be happy
2015-09-03 00:27:22 +08:00
JT 34e0819a6e Modified the HTTP Trace Detection to XST Checker
This was suggested by HD Moore in https://github.com/rapid7/metasploit-framework/pull/5612
2015-09-03 00:19:08 +08:00
Waqas Ali 8e993d7793 Remove deprecated vmware modules 2015-09-02 13:00:15 +05:00
wchen-r7 0c4b020089
Land #5913, Add WP NextGEN Gallery Directory Traversal Vuln 2015-09-02 00:01:35 -05:00
HD Moore 381297ba93 Fix the regex flags 2015-09-01 23:07:48 -05:00
Roberto Soares 626704079d Changed output store_loot 2015-09-02 00:18:10 -03:00
Roberto Soares 96600a96ab Changed html parse by @wchen-r7 2015-09-01 22:03:21 -03:00
Alexander Salmin 3c72467b7d Fixes bug where "cert.rb:47: warning: flags ignored" happens due to some issuer patterns. 2015-09-02 01:02:46 +02:00
Brent Cook 9dd14eb747 Merge branch 'upstream-master' into land-5899-android 2015-09-01 17:11:58 -05:00
Roberto Soares 35661d0182 Add WP NextGEN Gallery Directory Traversal Vuln 2015-09-01 13:28:04 -03:00
Jon Hart 9a2696aed4
Add Reference 2015-08-31 12:03:17 -07:00
Jon Hart c14cae1425
Make INTERNAL_PORT optional, allowing DELETE to work 2015-08-31 11:30:18 -07:00
Jon Hart 44813370d5
Better name, description and author 2015-08-31 10:42:50 -07:00
Jon Hart 8665134691
Add add/delete action. update logging. rename module again 2015-08-31 10:22:36 -07:00
Jon Hart 436910b25f
Clean up map description 2015-08-28 15:49:29 -07:00
Jon Hart e6e05814d0
Use an OptAddress instead, revert back to client name 2015-08-28 15:43:04 -07:00
Jon Hart 66616eeb95
Remove unused 2015-08-28 15:38:23 -07:00
Jon Hart 35555f5f24
Make most everything configurable and provide useful output 2015-08-28 15:36:49 -07:00
Jon Hart 13dd8222ec
Expose lease duration as an option 2015-08-28 15:22:19 -07:00
Jon Hart d57041136f
Use random port mapping description 2015-08-28 15:09:58 -07:00
Jon Hart 840be71683
Add support for specifying protocol
UDP is fun too.  Are there others?
2015-08-28 14:53:41 -07:00
Jon Hart 45fde928fc
More minor style cleanup 2015-08-28 14:49:57 -07:00
Jon Hart ba95a7d2ac
Convert to using HttpClient 2015-08-28 14:47:13 -07:00
Jon Hart a0aaf93f27
Relocate module to more correct location 2015-08-28 14:20:33 -07:00
Jon Hart 45c2422981
First pass at style cleanup 2015-08-28 14:19:28 -07:00
Jon Hart cba3650488
report_service for mdns/llmnr query 2015-08-28 14:04:52 -07:00
wchen-r7 0c7d2af6bc
Land #5750, Add WP All In One Migration Export Module 2015-08-28 14:12:14 -05:00
wchen-r7 837b6a4f71 Update description 2015-08-28 14:11:51 -05:00
wchen-r7 d2e758ac8b Better failure handling 2015-08-28 14:08:29 -05:00
wchen-r7 3d4cb06c67
Land #5807, Added Module WP Mobile Pack Vuln 2015-08-28 13:43:00 -05:00
wchen-r7 9e7f6d6500 Typos 2015-08-28 13:42:37 -05:00
wchen-r7 29e92aaabe
Land #5806, WordPress Subscribe Comments File Read Vuln 2015-08-28 11:52:59 -05:00
wchen-r7 62e6b23b4c Typo 2015-08-28 11:52:13 -05:00
wchen-r7 e82bd10817 Add aux module to be able to open android meterpreter from a browser 2015-08-27 14:36:55 -05:00
jvazquez-r7 8785083722
Ensure disconnect 2015-08-24 12:36:15 -05:00
HD Moore 1e6c53b430 Correct the storage of ssh banners in service.info 2015-08-22 01:21:15 -05:00
jvazquez-r7 1558fabdb2
Land #5844, @joevennix updates apple_safari_webarchive_uxss to use the webarchive mixin 2015-08-21 17:27:56 -05:00
jvazquez-r7 182c1bc7fe
Disconnect socket when login fails 2015-08-17 18:20:04 -05:00
Brent Cook b17d8f8d49
Land #5768, update modules to use metasploit-credential 2015-08-17 17:08:58 -05:00
jvazquez-r7 a560496455 Do minor ruby style fixes 2015-08-14 14:50:03 -05:00
jvazquez-r7 82193f11e7 Minor js fixes 2015-08-14 14:45:48 -05:00
Tod Beardsley e4cb6872f2
Add exploit for CVE-2015-4495, Firefox PDF.js 2015-08-14 12:07:15 -05:00
joev 0615d908c4 Update description to explain quarantine effects. 2015-08-13 23:46:37 -05:00
joev 84144bf6cf Update webarchive_uxss to use the webarchive mixin.
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
2015-08-13 23:41:27 -05:00
Jon Hart 61e23ad23e
Switch back to ::Net::DNS::Packet.new 2015-08-13 11:29:56 -07:00
Jon Hart 9f2c62d4ce
Use query_name instead of datastore 2015-08-13 11:17:27 -07:00
Tod Beardsley 50041fad2a
Pre-Bloggery cleanup
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.

Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.

Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823, mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
Jon Hart 3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts 2015-08-13 08:53:25 -07:00
jvazquez-r7 a611fff7bf
Use Rex::ThreadSafe.select on CVE-2015-1793 2015-08-08 07:43:39 -07:00
jvazquez-r7 c8ba5bb90c
Land #5513, @rcvalle's exploit for incomplete internal state distinction in JSSE 2015-08-08 07:41:53 -07:00
jvazquez-r7 2707b3b402
Use Rex::ThreadSafe.select 2015-08-08 07:40:19 -07:00
jvazquez-r7 a0eef3880a
Initialize version local variable 2015-08-08 07:35:37 -07:00
jvazquez-r7 bb74b6fecb
Fix data reading 2015-08-08 07:18:01 -07:00
jvazquez-r7 6fe7672732
Improve Rex sockets usage 2015-08-07 00:11:58 -07:00
Josh Abraham e96717950c refactored 2015-08-06 08:18:26 -04:00
jvazquez-r7 67f661823a
Land #5614, @cldrn's module to collect lansweeper credentials 2015-08-04 16:55:49 -05:00
jvazquez-r7 ed3f993b75
Do some style fixes 2015-08-04 16:41:15 -05:00
jvazquez-r7 0e3434ebad
Fix metadata 2015-08-04 16:28:50 -05:00
Roberto Soares 7bb4f9479f Added new reference and removed empty line. 2015-08-04 03:58:57 -03:00
Roberto Soares d9b6e9cc58 Changed res condition and some words. 2015-08-04 03:44:25 -03:00
Roberto Soares 19ceccd93a Added JSON parse output. 2015-08-04 03:13:11 -03:00
Roberto Soares f4679f5341 Added WP Mobile Pack Info Disclosure Vuln - Functional Module. 2015-08-04 02:21:26 -03:00
Roberto Soares d221e9d961 Added more references. 2015-08-03 02:46:54 -03:00
Roberto Soares e59e4828e4 Removed unnecessary DEPTH option. 2015-08-02 22:56:17 -03:00
Roberto Soares 514849bcdc Added WP Subscribe Comments File Read Vuln - Functional. 2015-08-02 21:24:52 -03:00
Tod Beardsley cebcf72a99
Add discoverer credit, blog ref, longer desc 2015-08-01 10:31:41 -05:00
William Vu fcb7981199 Add BIND TKEY DoS 2015-08-01 06:01:35 -05:00
Roberto Soares fdb2b008f9 Fix a small typo - OSVDB instead of OSVBD. 2015-07-31 02:23:19 -03:00
Greg Mikeska 3c394d673d
altered module to default
to replace RHOST with VHOST if it is defined.
MSP-11167
2015-07-30 16:25:15 -05:00
wchen-r7 54c5c6ea38 Another update 2015-07-29 14:31:35 -05:00
William Vu 61b2ca6675
Land #5781, Msf::Format::Webarchive rename 2015-07-29 13:38:42 -05:00
William Vu c46ce6c391
Land #5780, password_prompt fix for Telnet scanner 2015-07-28 17:54:43 -05:00
Josh Abraham 0f4b2e4226 description update 2015-07-28 15:31:51 -04:00
Josh Abraham 27e5557b67 set port using rport instead of only 445 2015-07-28 15:29:23 -04:00
Josh Abraham fafbc4db3f GPP enumeration via an AUX module 2015-07-28 15:21:33 -04:00
kn0 2415072c17 Replaced 'and' with '&&' 2015-07-28 14:14:25 -05:00
kn0 ee5e5b1e71 Fixed NoMethodError for .match on nil 2015-07-28 09:03:54 -05:00
HD Moore 7681d73e01 Relocate Webarchive into the Exploit namespace, fixes #5717 2015-07-28 04:11:17 -07:00
Brent Cook e53419a911 use password_prompt? not @password_prompt 2015-07-27 19:21:59 -05:00
Fabien 3fd18e4844 Update soap_addportmapping.rb 2015-07-26 21:57:49 +02:00
Fabien 1210183930 Update soap_addportmapping.rb 2015-07-26 21:41:47 +02:00
Fabien 8dbd51ae38 Update soap_addportmapping.rb 2015-07-26 20:59:43 +02:00
Fabien fba81fc539 Create soap_addportmapping.rb 2015-07-26 20:59:04 +02:00
jvazquez-r7 18636e3b9b
Land #5739, @wchen-r7 fixes #5738 updating L/URI HOST/PORT options 2015-07-24 15:45:31 -05:00
jvazquez-r7 ec7bf606c6
Land #5735, @rcvalle's for CVE-2015-1793 OpenSSL mitm 2015-07-24 14:38:27 -05:00
jvazquez-r7 45b4334006
Use Rex::Socket::SslTcpServer
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
wchen-r7 866a99ed07 This is better 2015-07-23 20:51:21 -05:00
wchen-r7 f5387ab3f2 Fix #5766, check res for send_request_raw
Fix #5766
2015-07-23 20:49:18 -05:00
wchen-r7 8bead5fde2 Modate update on using metasploit-credential
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
Tod Beardsley e32b3c71f4
Fix ZDI ref on sandbox escape module 2015-07-23 17:11:19 -05:00
wchen-r7 91fc213ddf More metasploit-credential update 2015-07-23 15:50:50 -05:00
Christian Sanders 50074c4617 Fix typo .blank to .blank? 2015-07-22 09:05:16 -05:00
wchen-r7 4561850055 Use metasploit-credential API instead of report_auth_info 2015-07-22 01:11:43 -05:00
rastating d3f31fb56a Fix msftidy results 2015-07-21 21:29:44 +01:00
rastating 55be2eff06 Replace return with fail_with 2015-07-21 21:25:42 +01:00
wchen-r7 6a9c934c54 Resolve conflict 2015-07-20 18:44:17 -05:00
wchen-r7 1e17ac4ec7 Use the cred API correctly 2015-07-20 18:40:48 -05:00
Tod Beardsley f94fe3cefd
More correct URL, not just a bare wiki link
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
2015-07-20 16:23:29 -05:00
Tod Beardsley 4cacbcc4f7
Minor fixups on sysaid modules
Edited modules/auxiliary/admin/http/sysaid_file_download.rb first landed
in #5472, @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997

Edited modules/auxiliary/admin/http/sysaid_sql_creds.rb first landed in
2015-07-20 16:19:21 -05:00
rastating c63fdad1f1 Add URL reference 2015-07-20 18:15:17 +01:00
rastating f1a909c292 Add WP All In One Migration export module 2015-07-20 18:13:32 +01:00
jvazquez-r7 454dd59da8
Add vuln discoverers 2015-07-17 13:37:30 -05:00
jvazquez-r7 29718ce4e1
Land #5474, @pedrib's module for sysaid CVE-2015-2996 and CVE-2015-2998
* sysaid SQL database cred disclosure
2015-07-17 12:36:48 -05:00
jvazquez-r7 a54b58fc24
Fix port parsing and cleanup 2015-07-17 12:34:46 -05:00
jvazquez-r7 869ac87b64
Land #5472, @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
* SysAid arbitrary file download
2015-07-17 11:46:00 -05:00
jvazquez-r7 9ac1688eb1
Do code cleanup 2015-07-17 11:45:28 -05:00
jvazquez-r7 787c0e2c41
Land #5470, @pedrib's module for SysAid CVE-2015-2993
* SysAid Help Desk Administrator Account Creation
2015-07-17 11:09:08 -05:00
jvazquez-r7 ca38fc5518
Update description 2015-07-17 11:08:28 -05:00
Ramon de C Valle 449c751521 Add missing info 2015-07-16 09:36:18 -07:00
wchen-r7 8d0e34dbc0 Resolve #5738, make the LHOST option visible
Resolve #5738
2015-07-16 11:00:15 -05:00
Ramon de C Valle 5d6c15a43d Add openssl_altchainsforgery_mitm_proxy.rb
This module exploits a logic error in OpenSSL by impersonating the
server and sending a specially-crafted chain of certificates, resulting
in certain checks on untrusted certificates to be bypassed on the
client, allowing it to use a valid leaf certificate as a CA certificate
to sign a fake certificate. The SSL/TLS session is then proxied to the
server allowing the session to continue normally and application data
transmitted between the peers to be saved. This module requires an
active man-in-the-middle attack.
2015-07-15 22:36:29 -07:00
jvazquez-r7 886ca47dfb
Land #5650, @wchen-r7's browser autopwn 2 2015-07-15 10:21:44 -05:00