Commit Graph

6580 Commits (0eab2fa98d3e0ba07042c29362747c96c29e8940)

Author SHA1 Message Date
kn0 ee5e5b1e71 Fixed NoMethodError for .match on nil 2015-07-28 09:03:54 -05:00
HD Moore 7681d73e01 Relocate Webarchive into the Exploit namespace, fixes #5717 2015-07-28 04:11:17 -07:00
Brent Cook e53419a911 use password_prompt? not @password_prompt 2015-07-27 19:21:59 -05:00
Fabien 3fd18e4844 Update soap_addportmapping.rb 2015-07-26 21:57:49 +02:00
Fabien 1210183930 Update soap_addportmapping.rb 2015-07-26 21:41:47 +02:00
Fabien 8dbd51ae38 Update soap_addportmapping.rb 2015-07-26 20:59:43 +02:00
Fabien fba81fc539 Create soap_addportmapping.rb 2015-07-26 20:59:04 +02:00
jvazquez-r7 18636e3b9b
Land #5739, @wchen-r7 fixes #5738 updating L/URI HOST/PORT options 2015-07-24 15:45:31 -05:00
jvazquez-r7 ec7bf606c6
Land #5735, @rcvalle's for CVE-2015-1793 OpenSSL mitm 2015-07-24 14:38:27 -05:00
jvazquez-r7 45b4334006
Use Rex::Socket::SslTcpServer
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
wchen-r7 866a99ed07 This is better 2015-07-23 20:51:21 -05:00
wchen-r7 f5387ab3f2 Fix #5766, check res for send_request_raw
Fix #5766
2015-07-23 20:49:18 -05:00
wchen-r7 8bead5fde2 Modate update on using metasploit-credential
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
Tod Beardsley e32b3c71f4
Fix ZDI ref on sandbox escape module 2015-07-23 17:11:19 -05:00
wchen-r7 91fc213ddf More metasploit-credential update 2015-07-23 15:50:50 -05:00
Christian Sanders 50074c4617 Fix typo .blank to .blank? 2015-07-22 09:05:16 -05:00
wchen-r7 4561850055 Use metasploit-credential API instead of report_auth_info 2015-07-22 01:11:43 -05:00
rastating d3f31fb56a Fix msftidy results 2015-07-21 21:29:44 +01:00
rastating 55be2eff06 Replace return with fail_with 2015-07-21 21:25:42 +01:00
wchen-r7 6a9c934c54 Resolve conflict 2015-07-20 18:44:17 -05:00
wchen-r7 1e17ac4ec7 Use the cred API correctly 2015-07-20 18:40:48 -05:00
Tod Beardsley f94fe3cefd
More correct URL, not just a bare wiki link
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
2015-07-20 16:23:29 -05:00
Tod Beardsley 4cacbcc4f7
Minor fixups on sysaid modules
Edited modules/auxiliary/admin/http/sysaid_file_download.rb first landed
in #5472, @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997

Edited modules/auxiliary/admin/http/sysaid_sql_creds.rb first landed in
2015-07-20 16:19:21 -05:00
rastating c63fdad1f1 Add URL reference 2015-07-20 18:15:17 +01:00
rastating f1a909c292 Add WP All In One Migration export module 2015-07-20 18:13:32 +01:00
jvazquez-r7 454dd59da8
Add vuln discoverers 2015-07-17 13:37:30 -05:00
jvazquez-r7 29718ce4e1
Land #5474, @pedrib's module for sysaid CVE-2015-2996 and CVE-2015-2998
* sysaid SQL database cred disclosure
2015-07-17 12:36:48 -05:00
jvazquez-r7 a54b58fc24
Fix port parsing and cleanup 2015-07-17 12:34:46 -05:00
jvazquez-r7 869ac87b64
Land #5472, @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
* SysAid arbitrary file download
2015-07-17 11:46:00 -05:00
jvazquez-r7 9ac1688eb1
Do code cleanup 2015-07-17 11:45:28 -05:00
jvazquez-r7 787c0e2c41
Land #5470, @pedrib's module for SysAid CVE-2015-2993
* SysAid Help Desk Administrator Account Creation
2015-07-17 11:09:08 -05:00
jvazquez-r7 ca38fc5518
Update description 2015-07-17 11:08:28 -05:00
Ramon de C Valle 449c751521 Add missing info 2015-07-16 09:36:18 -07:00
wchen-r7 8d0e34dbc0 Resolve #5738, make the LHOST option visible
Resolve #5738
2015-07-16 11:00:15 -05:00
Ramon de C Valle 5d6c15a43d Add openssl_altchainsforgery_mitm_proxy.rb
This module exploits a logic error in OpenSSL by impersonating the
server and sending a specially-crafted chain of certificates, resulting
in certain checks on untrusted certificates to be bypassed on the
client, allowing it to use a valid leaf certificate as a CA certificate
to sign a fake certificate. The SSL/TLS session is then proxied to the
server allowing the session to continue normally and application data
transmitted between the peers to be saved. This module requires an
active man-in-the-middle attack.
2015-07-15 22:36:29 -07:00
jvazquez-r7 886ca47dfb
Land #5650, @wchen-r7's browser autopwn 2 2015-07-15 10:21:44 -05:00
wchen-r7 4f8f640189 Rename autopwnv2 to just autopwn2 2015-07-14 17:38:51 -05:00
wchen-r7 8384be6466 Fix rand_text_alpha and bump max exploit count to 21 2015-07-14 01:02:01 -05:00
Brent Cook 07d05828d0
Land #5688, remove msfcli 2015-07-13 15:27:38 -05:00
William Vu 0a5119a4ac
Land #5702, vprint_* optional parameter 2015-07-13 18:47:22 +00:00
William Vu 53bcee011b
Land #5709, s/Filed/Failed/ typo fixes 2015-07-13 18:37:46 +00:00
wchen-r7 e4e9ac9d28 Remove cold_fusion_version, use coldfusion_version instead
Please use auxiliary/scanner/http/coldfusion_version instead.
2015-07-13 12:56:46 -05:00
wchen-r7 884b779b36
Land #5593, CVE-2015-1155 Safari file:// Redirection Sandbox Escape 2015-07-13 11:28:39 -05:00
Mo Sadek 6a5645d747 Changed "Filed" to "Failed" in multiple files 2015-07-13 11:21:20 -05:00
Mo Sadek d1f23c54c7 Changed Filed to Failed on line 43 in java_rmi_registry.rb 2015-07-13 10:33:15 -05:00
wchen-r7 e638d85f30
Merge branch 'upstream-master' into bapv2 2015-07-12 02:01:09 -05:00
g0tmi1k d795b2f831 Module cleanup 2015-07-11 19:40:21 +01:00
HD Moore 728b338593 Give msftidy a cookie 2015-07-10 11:28:10 -05:00
HD Moore cf4b18700d Fix CVE reference 2015-07-10 11:14:59 -05:00
wchen-r7 f59c99e2ff Remove msfcli, please use msfconsole -x instead
msfcli is no longer supported, please use msfconsole.

Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
HD Moore 67666160e8 Add patched server detection 2015-07-08 13:47:59 -05:00
HD Moore 25e0f888dd Initial commit of R7-2015-08 coverage 2015-07-08 13:42:11 -05:00
cldrn d3902771b6 Fixes call to the credentials API and adds version info 2015-07-07 13:48:16 -05:00
wchen-r7 fdb715c9dd
Merge branch 'upstream-master' into bapv2 2015-07-07 13:45:39 -05:00
wchen-r7 9a1500ee96 Change module name a little bit, makes it easier to find in GUI 2015-07-06 22:31:07 -05:00
wchen-r7 4a70e23f9a Add ExploitReloadTimeout datastore option
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
Donny Maasland a9edfa1b4b Fix a small typo 2015-07-06 13:37:36 +02:00
HD Moore d2063c92e1 Refactor datastore names to match standards 2015-07-05 18:21:45 -05:00
joev b577f79845 Fix some bugs in the safari file navigation module. 2015-07-05 16:46:18 -05:00
HD Moore 43d47ad83e Port BAPv2 to Auxiliary 2015-07-02 15:29:24 -05:00
Josh Abraham 99c29052c7 Merge branch 'smb_enumuser_domain_storage' of github.com:jabra-/metasploit-framework into smb_enumuser_domain_storage 2015-07-02 08:24:04 -04:00
Josh Abraham dfa71a2b44 update to store creds using the new method 2015-07-02 08:22:21 -04:00
HD Moore afa442ad89 Fix a stack trace with ipmi_dumphashes when no database was configured. 2015-06-29 00:46:35 -05:00
cldrn 355738909a Fixes typo 2015-06-28 09:32:16 -05:00
cldrn 5c18fc82f2 Stores credentials using create_credential_login 2015-06-28 09:24:31 -05:00
cldrn b332b25795 Stores credentials in DB, fixes loop variable and nil dereference bug 2015-06-27 19:06:15 -05:00
jvazquez-r7 52b49503a0
Land #5498, @hmoore-r7's patch for a number of Net::DNS/enum_dns issues 2015-06-26 18:25:03 -05:00
William Vu c04490e5eb Remove comma before coordinating conjunction
An independent clause does not follow.
2015-06-26 12:50:37 -05:00
cldrn 2968f52ca4 Removes debug sql output 2015-06-26 12:22:34 -05:00
cldrn a338920cb3 lansweeper_collector retrieves and decrypts credentials store in the database of Lansweeper 2015-06-26 12:21:35 -05:00
Tod Beardsley 31eedbcfa0
Minor cleanups on recent modules
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577, MS15-034 HTTP.SYS Information Disclosure

Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605, CVE-2015-3105 flash exploit

Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559, Adobe Flash Player ShaderJob Buffer Overflow

Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
Trevor Rosen 84c0e62fd3
Land #5493, update OWA scanner creds persistence 2015-06-26 08:46:27 -05:00
cldrn 7f4a96f3dc Fixes coding style issues 2015-06-26 03:29:17 -05:00
cldrn 3da3595181 MSF module to download and decrypt credentials stored in Lansweeper's database 2015-06-25 19:29:30 -05:00
root 63f584cbfd Add last_attempted_at 2015-06-25 12:08:38 +05:00
William Vu 827d241482
Land #5539, Quake scanner fix 2015-06-24 15:00:39 -05:00
joev 8b6fba4988 Tweak and fix some things in Safari file URL module. 2015-06-24 02:08:06 -05:00
Tod Beardsley 18a9585f7a
Add safari module for CVE-2015-1155 2015-06-23 16:15:50 -05:00
Trevor Rosen c45e42465a
Land #5492, update PCAnywhere login scanner 2015-06-23 14:48:25 -05:00
William Vu 5751e196bb Remove extraneous newline 2015-06-23 14:43:37 -05:00
wchen-r7 59af7ef1fc Remove the extra target_uri 2015-06-23 10:27:50 -05:00
wchen-r7 a2a231c242
Land #5577, MS15-034 HTTP.SYS Information Disclosure 2015-06-23 10:20:54 -05:00
wchen-r7 11366971da Oh never mind, user-agent makes it more difficult to use (more crashes) 2015-06-23 01:24:17 -05:00
wchen-r7 6127b8a037 Pass user-agent 2015-06-23 01:23:01 -05:00
wchen-r7 8ce5cc23cf More consistent filename style 2015-06-23 01:08:34 -05:00
wchen-r7 e9b548e8a2 Changes for ms15034_http_sys_memory_dump.rb 2015-06-23 01:07:33 -05:00
root 302db36daa Add last_attempted_at to creds object 2015-06-23 09:46:01 +05:00
rwhitcroft 8086a6f8cc remove unnecessary begin/rescue, change print_* to vprint_* in check() 2015-06-22 20:25:12 -04:00
rwhitcroft 90e17aee6b clarified affected OSes and error messages 2015-06-22 15:47:26 -04:00
rwhitcroft 774aef7241 add module to dump memory via MS15-034 2015-06-22 10:31:31 -04:00
Ramon de C Valle 7bda1e494b Use Rex::Socket::Tcp 2015-06-21 13:40:31 -07:00
Ramon de C Valle 7f55f6631c Remove the timeout option 2015-06-20 20:14:47 -07:00
Ramon de C Valle 01e87282a9 Use Msf::ThreadManager#spawn 2015-06-20 18:48:10 -07:00
Ramon de C Valle dabc7abae5 Change method names to lowercase 2015-06-20 18:23:34 -07:00
Pedro Ribeiro 50a3a32bfd Update sysaid_sql_creds.rb 2015-06-20 16:58:42 +01:00
Pedro Ribeiro 78c2f8a3a3 Update sysaid_sql_creds.rb 2015-06-20 16:57:34 +01:00
Pedro Ribeiro 11aca8b27a Update sysaid_file_download.rb 2015-06-20 16:54:33 +01:00
Pedro Ribeiro cf8008ed38 Update sysaid_admin_acct.rb 2015-06-20 16:52:13 +01:00
jvazquez-r7 4762e9f62c
Land #5540, @wchen-r7's changes for multiple auxiliary modules to use the new cred API 2015-06-19 15:39:09 -05:00
jvazquez-r7 fa6e45964e
Provide context to the note 2015-06-19 15:38:26 -05:00
wchen-r7 83427583ea report_note for group info 2015-06-19 15:09:50 -05:00
wchen-r7 ef286fdfcf Remove report_auth_info 2015-06-19 15:06:02 -05:00
wchen-r7 b104155cf1 Do Metasploit::Model::Login::Status::UNTRIED 2015-06-19 15:05:42 -05:00
wchen-r7 bd097e3264
Land #5497, Refactor LoginScanner::SNMP to be fast and less buggy 2015-06-19 14:57:36 -05:00
jvazquez-r7 34d5d92646
Land #5555, @Th3R3p0's support for for RFB Version 4 2015-06-19 14:15:04 -05:00
Brent Cook d19c2e7206
Land #5544, track updates to SSL Labs API 2015-06-19 11:39:38 -05:00
Brent Cook bf170a195d the API sometimes returns negative percents - treat these as 0 2015-06-19 11:38:36 -05:00
Brent Cook 5a277389f2 remove some trailing commas 2015-06-19 11:38:22 -05:00
William Vu 2587595a92
Land #5556, vprint_status fix 2015-06-19 11:24:54 -05:00
jvazquez-r7 ebd376e0f3
Land #5485, @wchen-r7 updates wordpress_login_enum to use the new cred API 2015-06-19 10:50:07 -05:00
jvazquez-r7 dfae4bbbf0
Do reporting more accurate 2015-06-19 10:48:12 -05:00
wchen-r7 7f56b4635c
Land #5546, Use the new cred API for auxiliary/server/capture/telnet 2015-06-19 10:46:01 -05:00
William Vu d86c21e94a
Land #5567, author fix 2015-06-19 10:41:41 -05:00
aushack 76cd9590a4 Fix author 2015-06-19 19:13:51 +10:00
wchen-r7 9b5770c966 Change to Metasploit::Model::Login::Status::SUCCESSFUL 2015-06-18 23:40:51 -05:00
g0tmi1k ce9481d2b7 Inconstancy - If datastore['VERBOSE'] vs vprint 2015-06-18 09:27:01 +01:00
Th3R3p0 a6c7f93bbe changed text to show support for RFB version 4.001 2015-06-17 13:09:03 -04:00
root fcf6212d2f Update telnet capture module to use the new creds API 2015-06-16 16:37:36 +05:00
Denis Kolegov c3d2797f10 Fixed Info fields 2015-06-16 04:22:22 -04:00
Denis Kolegov 2778274e47 Added new SSL Labs API fields and fixed minor errors 2015-06-16 02:59:12 -04:00
wchen-r7 b6379b4d24 Update drupal_views_user_enum 2015-06-16 00:02:02 -05:00
wchen-r7 0b88e86a49 Using the new cred API for multiple auxiliary modules 2015-06-15 16:06:57 -05:00
Jon Hart fd0b42be4a
Properly store quake service info 2015-06-15 12:45:14 -07:00
Jon Hart 079a9d449c
Use peer 2015-06-15 11:45:55 -07:00
Jon Hart feb7263137
Wire in recog support for ssh_version 2015-06-15 11:42:20 -07:00
Jon Hart 80f1173fcf
Style and scanner usability cleanup for ssh_version 2015-06-15 10:12:07 -07:00
wchen-r7 907f596de6
Land #5520, Update titan_ftp_admin_pwd to use the new creds API 2015-06-15 03:26:19 -05:00
wchen-r7 940d045029 Correctly report rport 2015-06-15 03:23:39 -05:00
wchen-r7 308b1a3d7f Don't deregister username & password 2015-06-15 03:21:09 -05:00
wchen-r7 ebce415957
Land #5507, Update nessus_xmlrpc_logic to use the new creds API 2015-06-15 02:59:01 -05:00
wchen-r7 c20cf15104 Msut have last_attempted_at key 2015-06-15 02:58:31 -05:00
Joshua Abraham c801e52f60 Update smb_enumusers_domain.rb 2015-06-13 17:02:43 -04:00
jvazquez-r7 e628d71261
Land #5397, @espreto's module for WordPress Simple Backup File Read Vulnerability 2015-06-12 15:32:06 -05:00
jvazquez-r7 184c20cd46
Do minor cleanup 2015-06-12 15:31:42 -05:00
wchen-r7 8dad739c76
Land #5508, Get Ready to Move VMware modules to the VMware directory 2015-06-10 11:59:40 -05:00
Tod Beardsley 0d979f61ae
Minor fixups on newish modules 2015-06-10 11:09:42 -05:00
root 7cb82f594b Add ftp port for service 2015-06-10 14:24:05 +05:00
root 3ffe006e09 Update titan_ftp_admin_pwd to use the new creds API 2015-06-10 13:36:26 +05:00
root 3fe6ddd10a Change credential status from untried to successful 2015-06-10 10:09:57 +05:00
root 78a6e1bc90 Change credential status from untried to successful 2015-06-10 10:07:33 +05:00
root 1b3f911f84 Change credential status from untried to successful 2015-06-10 09:54:10 +05:00
root 49e4820c57 Add depcrecated note to the existing modules 2015-06-09 10:42:53 +05:00
Ramon de C Valle a48d79a2e7 Add jsse_skiptls_mitm_proxy.rb
This module exploits an incomplete internal state distinction in Java
Secure Socket Extension (JSSE) by impersonating the server and finishing
the handshake before the peers have authenticated themselves and
instantiated negotiated security parameters, resulting in a plaintext
SSL/TLS session with the client. This plaintext SSL/TLS session is then
proxied to the server using a second SSL/TLS session from the proxy to
the server (or an alternate fake server) allowing the session to
continue normally and plaintext application data transmitted between the
peers to be saved. This module requires an active man-in-the-middle
attack.
2015-06-08 19:41:17 -07:00
Josh Abraham 8381d4f994 update smb_enumusers_domain to store enumerated users in the DB 2015-06-08 19:42:03 -04:00
root 3279518bbd Move VMware modules to the VMware directory 2015-06-08 14:58:22 +05:00
root 245c76374d Update nessus_xmlrpc_logic to use the new creds API 2015-06-08 14:40:15 +05:00
HD Moore c80017992a A dirty patch for a number of Net::DNS/dns_enum issues 2015-06-06 13:48:52 -05:00
HD Moore 135958a225 Cleanup the udp_(sweep|probe) SNMP generators 2015-06-06 00:54:08 -05:00
HD Moore 6b05302059 Fixes #5459, refactors LoginScanner::SNMP 2015-06-06 00:50:55 -05:00
root 3ec6d9b7aa Update owa_login to use new cred API 2015-06-05 15:41:07 +05:00
root b6936febbe Update pcanywhere_login to use the new cred API 2015-06-05 12:16:00 +05:00
wchen-r7 874e090aa1 Update wordpress_login_enum to use the new cred API 2015-06-04 18:16:14 -05:00
John Sherwood d3c3741478 Use run_host so that we can use THREADS
- The refactor left the module using run_batch even though the
  features of the code that made this desirable were removed (i.e.,
  it was no longer doing one batch per community string).  By now
  switching back to run_host, we can again take advantage of the
  built-in metasploit multithreading capabilities.

- Also, added back in the display of the result.proof field.  This
  aids in identifying false positives (which have a blank response)
  and is functionality worth keeping.
2015-06-03 18:08:38 -04:00
Pedro Ribeiro 7f35c3b4f5 Update sysaid_sql_creds.rb 2015-06-03 22:00:08 +01:00
Pedro Ribeiro 54bfe29527 Update and rename sysaid_file_ to sysaid_file_download.rb 2015-06-03 21:59:45 +01:00
Pedro Ribeiro 42e84cd7d5 Update sysaid_admin_acct.rb 2015-06-03 21:59:04 +01:00
Pedro Ribeiro 6683b86822 Create sysaid_sql_creds.rb 2015-06-03 21:46:48 +01:00
Pedro Ribeiro 72b7982e7a Create sysaid_file_ 2015-06-03 21:46:13 +01:00
Pedro Ribeiro 765077d741 Create sysaid_admin_acct.rb 2015-06-03 21:38:43 +01:00
Roberto Soares b305fa62f4 Changed vprint_error when nothing was downloaded. 2015-06-03 14:46:59 -03:00
Roberto Soares 24ec3b2fb5 Changed vprint_error to fail_with method. 2015-06-03 13:46:59 -03:00
jvazquez-r7 6669665d6d
Land #5402, @nstarke's module to extract accouns information from a AVTECH744_DVR device 2015-05-29 16:14:50 -05:00
jvazquez-r7 843572df6d
Change module filename 2015-05-29 16:14:16 -05:00
jvazquez-r7 acb0af3826
Update description 2015-05-29 16:13:43 -05:00
jvazquez-r7 39ae6263e9
Use Rex::Text.encode_base64 2015-05-29 16:12:21 -05:00
jvazquez-r7 8338b21f6c
Make some code cleanup 2015-05-29 16:04:29 -05:00
wchen-r7 b6b055a5f2
Land #5431, deprecate cold_fusion_version, use coldfusion_version instead. 2015-05-28 15:40:34 -05:00
wchen-r7 80c3022dc1 Deprecate cold_fusion_version. Please use coldfusion_version.
auxiliary/scanner/http/cold_fusion_version is deprecated. Please use
auxiliary/scanner/http/coldfusion_version instead.
2015-05-28 15:39:14 -05:00
Christian Mehlmauer 52e30d4fc2
Land #5434, OSVDB reference 2015-05-28 22:00:44 +02:00
wchen-r7 068198c980
Land #5386, automatically find file for ms15_034 2015-05-28 14:52:31 -05:00
wchen-r7 f9f35db7f3 Update description 2015-05-28 14:52:03 -05:00
Tod Beardsley 818dbf58f0
Adding an OSVDB number to the Netgear module 2015-05-28 14:37:39 -05:00
erwanlr a74c3372c0 Uses vprint instead of print in #check_host 2015-05-28 15:46:51 +01:00
erwanlr 6d01d7f986 Uses peer instead of ip:port across all the module 2015-05-28 09:32:05 +01:00
erwanlr 447c4ee7df Allows the targetèuri to be shared between the #check and #dos 2015-05-28 09:30:04 +01:00
wchen-r7 2ae9e39719
Land #5376, Report ipmi_dumphashes credentials with create_credential_login 2015-05-27 13:11:07 -05:00
Tod Beardsley 95b5ff6bea
Minor fixups on recent modules.
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301, @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces

Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in

Edited modules/auxiliary/scanner/http/title.rb first landed in #5333,
HTML Title Grabber

Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401, multi-platform CVE-2015-0311 - Flash uncompress()
UAF

Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290, Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
Nicholas Starke a3ff9859c8 Adding Credentials Capabilities
This commit adds the ability for credentials
to be retrieved via the 'creds' command.  It
also contains a few miscellaneous stylistic
syntax changes.
2015-05-24 15:03:06 -05:00
Nicholas Starke 9430d38a09 Adding AVTECH744_DVR Module
This module retrieves account information from
an AVTECH 744 DVR, including username, cleartext
password, account role, and the device PIN.
2015-05-21 16:33:06 -05:00
jvazquez-r7 e1f10772b3
Use create_cracked_credential 2015-05-21 16:30:42 -05:00
jvazquez-r7 305da46491
Land #5301, @m-1-k-3's aux module to extract passwords from Netgear soap interfaces 2015-05-21 16:07:05 -05:00
Roberto Soares b4a6cdbad0 Remove new line in vprint_line. 2015-05-21 12:33:09 -03:00
Roberto Soares 0135b3639f Add WordPress Simple Backup File Read Vulnerability. 2015-05-21 12:23:24 -03:00
erwanlr d9d8634948 Changes the message displayed when vulnerable 2015-05-21 08:46:16 +01:00
Brent Cook a4df3468de unique: should be update:, include uri in data hash 2015-05-20 16:20:09 -05:00
Brent Cook c85b82e8a7 Merge branch 'master' into land-5358-notes 2015-05-20 16:02:59 -05:00
erwanlr 4f6fe2abce Avoids swallowing exceptions 2015-05-20 21:36:03 +01:00
erwanlr 202a77fc12 Improves detection of the MS15-034 2015-05-20 18:08:00 +01:00
wchen-r7 23c77adc68
Land #5377, Update cred reporting method for http_ntlm 2015-05-20 11:57:42 -05:00
jvazquez-r7 55c07b1bdd
Report credentials with create_credential_login 2015-05-19 00:14:55 -05:00
jvazquez-r7 d564a85f6f
Fix jtr_format 2015-05-18 19:55:48 -05:00
jvazquez-r7 f49362492a
Report hash's username correctly 2015-05-18 19:46:17 -05:00
jvazquez-r7 c6fcb9c6c5
Report credentials with create_credential_login 2015-05-18 19:39:03 -05:00
David Maloney 69a7a89936
use the correct print_error message
vrpint_error feeds through the old authbrute mixin
which does not behave properly anymore. use
print_error instead

5266
2015-05-18 13:51:23 -05:00
David Maloney 09d735e855
remove proof from failure message
the snmp login scanner will only have
proof on success, not on failure. remove it from
the failure message for cleaner formatting

5266
2015-05-18 13:45:01 -05:00
Stuart Morgan 79b9ef008a Bugfix 2015-05-17 13:55:56 +01:00
jvazquez-r7 dd5060e08c
Land #5340, @wchen-r7's change to the symantec_web_gateway_login writing style 2015-05-15 13:18:35 -05:00
jvazquez-r7 cf5fa6752e
Use parenthesis 2015-05-15 13:17:54 -05:00
jvazquez-r7 d05cae5faf
Land #5329, @wchen-r7's add configurable options to jenkins_login 2015-05-15 11:38:21 -05:00
wchen-r7 24a989b8a3
Land #5249, Add Module for Enum on InfluxDB database 2015-05-14 11:22:54 -05:00
wchen-r7 005c36b2a6 If data is empty, don't save (or even continue) 2015-05-14 11:22:10 -05:00
wchen-r7 ac0e4e747a Change writing style of symantec_web_gateway_login 2015-05-13 00:23:37 -05:00
wchen-r7 202c5e0121
Land #5333, HTML Title Grabber 2015-05-12 11:19:06 -05:00
wchen-r7 faec5844cb Some fixes 2015-05-12 11:18:21 -05:00
jvazquez-r7 a5267ab77e
Land #4940, @dnkolegov's modules for F5 BIG-IP devices 2015-05-12 09:59:21 -05:00
Stuart Morgan f0048b9a6d Apparently you don't quote the keys with the new syntax 2015-05-12 11:00:18 +01:00
Stuart Morgan 7c81adbd89 MSFTidy is now quiet and happy 2015-05-12 10:47:49 +01:00
Stuart Morgan 1f6bd3e2be Updated to new ruby hash syntax and removed <> from title 2015-05-12 10:43:32 +01:00
Stuart Morgan 518e28674e Removed CGI dependency (@hmoore-r7, @wchen-r7) 2015-05-11 21:10:18 +01:00
Stuart Morgan 78e310562b Readability style change 2015-05-11 19:48:12 +01:00
Stuart Morgan 8e3d803e74 Updated style as per @void-in's comments 2015-05-11 19:46:10 +01:00
Stuart Morgan 62d67469da Updated code style as per @hmoore-r7's instructions 2015-05-11 19:34:23 +01:00
Stuart Morgan b8f7c80fd2 Rubocop 2015-05-11 18:50:03 +01:00
Stuart Morgan 8308c2a925 Added check for nonsensical options 2015-05-11 18:48:55 +01:00
Stuart Morgan 99133deabb Reran tests, sorted out strip problem 2015-05-11 18:29:44 +01:00
Stuart Morgan c25a5d3859 Fixed a bunch of rubocop errors 2015-05-11 18:14:37 +01:00
Stuart Morgan 34cf90af59 Removed unnecessary include 2015-05-11 17:31:31 +01:00
Stuart Morgan c001f014ce HTML Title Grabber 2015-05-11 17:29:22 +01:00
wchen-r7 d8cc2c19d3 Fix #5315, User configurable options for jenkins_login
Fix #5315. This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
Denis Kolegov efb226a55c Fixed some minor errors 2015-05-10 02:59:57 -04:00
jvazquez-r7 a8adcda941
Redo port checks 2015-05-08 15:29:30 -05:00
jvazquez-r7 156aac1dff
Use timeout options 2015-05-08 15:23:08 -05:00
jvazquez-r7 bf9ca1f88f
Change module filename 2015-05-08 15:08:59 -05:00
jvazquez-r7 f56115552f
Do code cleanup 2015-05-08 14:56:39 -05:00
jvazquez-r7 b73241882b
Use datastore option 2015-05-08 14:48:19 -05:00
jvazquez-r7 b5f5bacb8c
Use the connect/read timeout as used by the HTTPClient mixin 2015-05-08 14:46:08 -05:00
jvazquez-r7 9fdbfd7031
Use vprint_error 2015-05-08 14:21:36 -05:00
jvazquez-r7 017ae463ed
Fix description style 2015-05-08 14:18:29 -05:00
jvazquez-r7 2e01eb519d
Do minor fixes 2015-05-08 14:04:44 -05:00
jvazquez-r7 5588ad36b3
Print status message 2015-05-08 13:51:00 -05:00
jvazquez-r7 7e62ba85a1
Do code cleanup 2015-05-08 13:33:28 -05:00
jvazquez-r7 60c2c7a7cd
Delete unused variable 2015-05-08 13:19:39 -05:00
jvazquez-r7 c0f21c3ae1
Fix metadata 2015-05-08 13:19:23 -05:00
void-in a7988f9e93 Change credentials to service:service 2015-05-08 22:52:59 +05:00
William Vu 508574970c
Land #5307, Brocade login scanner resurrection 2015-05-07 22:43:39 -05:00
William Vu 8d3737d13c Fix some stylistic issues 2015-05-07 22:43:23 -05:00
William Vu c9cb9ad564 Fix extraneous comma 2015-05-07 15:32:48 -05:00
Tod Beardsley 4df622c76b
Oops, one last for #5312. 2015-05-06 14:48:17 -05:00
Tod Beardsley e8913e5620
Addressed most of @wvu's issues with #5312 2015-05-06 14:47:08 -05:00
Tod Beardsley f423306b6f
Various post-commit fixups
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150, @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys

Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192, @joevennix's module for Safari CVE-2015-1126

Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in

Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016,
add SSL Labs scanner

Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101, Add Directory Traversal for GoAhead Web Server

Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158, OWA internal IP disclosure scanner

Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159, WordPress Mobile Edition Plugin File Read Vuln

Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924, @m-1-k-3's DLink CVE-2015-1187 exploit

Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131, WordPress Slideshow Upload

Edited modules/exploits/windows/local/run_as.rb first landed in #4649,
improve post/windows/manage/run_as and as an exploit

(These results courtesy of a delightful git alias, here:

```
  cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"

```

So that's kind of fun.
2015-05-06 11:39:15 -05:00
Brent Cook 93c785560b remove brocade_telnet scanner, extend telnet
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
Mike dc053aeb58 Spelling Fix
s/Brocde/Brocade/ as per bcook-r7
2015-05-05 21:16:24 -05:00
root fc1c0028a8 moved array definition to avoid error 2015-05-05 21:16:23 -05:00
root 7949daf42b brocade_enable_login msftidy success 2015-05-05 21:16:23 -05:00
root 6b5aaa5479 brocade enable command bruteforcer 2015-05-05 21:16:23 -05:00
Denis Kolegov 7fb99cdaaf Merged fixed conflicts 2015-05-02 05:37:36 -04:00
Denis Kolegov f95774c6b4 Fixed bugs 2015-05-02 05:09:03 -04:00
jvazquez-r7 93ac8b48e3
Land #5178, @jboss_vulnscan check for console default admin
* And minor fixes
2015-05-01 17:38:20 -05:00
jvazquez-r7 697c6c20cb
Do minor cleanup 2015-05-01 17:37:45 -05:00
jvazquez-r7 04fa626eab
Save credentials as UNTRIED 2015-05-15 14:58:55 -05:00