Commit Graph

6580 Commits (0eab2fa98d3e0ba07042c29362747c96c29e8940)

Author SHA1 Message Date
root b6936febbe Update pcanywhere_login to use the new cred API 2015-06-05 12:16:00 +05:00
wchen-r7 874e090aa1 Update wordpress_login_enum to use the new cred API 2015-06-04 18:16:14 -05:00
John Sherwood d3c3741478 Use run_host so that we can use THREADS
- The refactor left the module using run_batch even though the
  features of the code that made this desirable were removed (i.e.,
  it was no longer doing one batch per community string).  By now
  switching back to run_host, we can again take advantage of the
  built-in metasploit multithreading capabilities.

- Also, added back in the display of the result.proof field.  This
  aids in identifying false positives (which have a blank response)
  and is functionality worth keeping.
2015-06-03 18:08:38 -04:00
Pedro Ribeiro 7f35c3b4f5 Update sysaid_sql_creds.rb 2015-06-03 22:00:08 +01:00
Pedro Ribeiro 54bfe29527 Update and rename sysaid_file_ to sysaid_file_download.rb 2015-06-03 21:59:45 +01:00
Pedro Ribeiro 42e84cd7d5 Update sysaid_admin_acct.rb 2015-06-03 21:59:04 +01:00
Pedro Ribeiro 6683b86822 Create sysaid_sql_creds.rb 2015-06-03 21:46:48 +01:00
Pedro Ribeiro 72b7982e7a Create sysaid_file_ 2015-06-03 21:46:13 +01:00
Pedro Ribeiro 765077d741 Create sysaid_admin_acct.rb 2015-06-03 21:38:43 +01:00
Roberto Soares b305fa62f4 Changed vprint_error when nothing was downloaded. 2015-06-03 14:46:59 -03:00
Roberto Soares 24ec3b2fb5 Changed vprint_error to fail_with method. 2015-06-03 13:46:59 -03:00
jvazquez-r7 6669665d6d
Land #5402, @nstarke's module to extract accouns information from a AVTECH744_DVR device 2015-05-29 16:14:50 -05:00
jvazquez-r7 843572df6d
Change module filename 2015-05-29 16:14:16 -05:00
jvazquez-r7 acb0af3826
Update description 2015-05-29 16:13:43 -05:00
jvazquez-r7 39ae6263e9
Use Rex::Text.encode_base64 2015-05-29 16:12:21 -05:00
jvazquez-r7 8338b21f6c
Make some code cleanup 2015-05-29 16:04:29 -05:00
wchen-r7 b6b055a5f2
Land #5431, deprecate cold_fusion_version, use coldfusion_version instead. 2015-05-28 15:40:34 -05:00
wchen-r7 80c3022dc1 Deprecate cold_fusion_version. Please use coldfusion_version.
auxiliary/scanner/http/cold_fusion_version is deprecated. Please use
auxiliary/scanner/http/coldfusion_version instead.
2015-05-28 15:39:14 -05:00
Christian Mehlmauer 52e30d4fc2
Land #5434, OSVDB reference 2015-05-28 22:00:44 +02:00
wchen-r7 068198c980
Land #5386, automatically find file for ms15_034 2015-05-28 14:52:31 -05:00
wchen-r7 f9f35db7f3 Update description 2015-05-28 14:52:03 -05:00
Tod Beardsley 818dbf58f0
Adding an OSVDB number to the Netgear module 2015-05-28 14:37:39 -05:00
erwanlr a74c3372c0 Uses vprint instead of print in #check_host 2015-05-28 15:46:51 +01:00
erwanlr 6d01d7f986 Uses peer instead of ip:port across all the module 2015-05-28 09:32:05 +01:00
erwanlr 447c4ee7df Allows the targetèuri to be shared between the #check and #dos 2015-05-28 09:30:04 +01:00
wchen-r7 2ae9e39719
Land #5376, Report ipmi_dumphashes credentials with create_credential_login 2015-05-27 13:11:07 -05:00
Tod Beardsley 95b5ff6bea
Minor fixups on recent modules.
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301, @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces

Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in

Edited modules/auxiliary/scanner/http/title.rb first landed in #5333,
HTML Title Grabber

Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401, multi-platform CVE-2015-0311 - Flash uncompress()
UAF

Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290, Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
Nicholas Starke a3ff9859c8 Adding Credentials Capabilities
This commit adds the ability for credentials
to be retrieved via the 'creds' command.  It
also contains a few miscellaneous stylistic
syntax changes.
2015-05-24 15:03:06 -05:00
Nicholas Starke 9430d38a09 Adding AVTECH744_DVR Module
This module retrieves account information from
an AVTECH 744 DVR, including username, cleartext
password, account role, and the device PIN.
2015-05-21 16:33:06 -05:00
jvazquez-r7 e1f10772b3
Use create_cracked_credential 2015-05-21 16:30:42 -05:00
jvazquez-r7 305da46491
Land #5301, @m-1-k-3's aux module to extract passwords from Netgear soap interfaces 2015-05-21 16:07:05 -05:00
Roberto Soares b4a6cdbad0 Remove new line in vprint_line. 2015-05-21 12:33:09 -03:00
Roberto Soares 0135b3639f Add WordPress Simple Backup File Read Vulnerability. 2015-05-21 12:23:24 -03:00
erwanlr d9d8634948 Changes the message displayed when vulnerable 2015-05-21 08:46:16 +01:00
Brent Cook a4df3468de unique: should be update:, include uri in data hash 2015-05-20 16:20:09 -05:00
Brent Cook c85b82e8a7 Merge branch 'master' into land-5358-notes 2015-05-20 16:02:59 -05:00
erwanlr 4f6fe2abce Avoids swallowing exceptions 2015-05-20 21:36:03 +01:00
erwanlr 202a77fc12 Improves detection of the MS15-034 2015-05-20 18:08:00 +01:00
wchen-r7 23c77adc68
Land #5377, Update cred reporting method for http_ntlm 2015-05-20 11:57:42 -05:00
jvazquez-r7 55c07b1bdd
Report credentials with create_credential_login 2015-05-19 00:14:55 -05:00
jvazquez-r7 d564a85f6f
Fix jtr_format 2015-05-18 19:55:48 -05:00
jvazquez-r7 f49362492a
Report hash's username correctly 2015-05-18 19:46:17 -05:00
jvazquez-r7 c6fcb9c6c5
Report credentials with create_credential_login 2015-05-18 19:39:03 -05:00
David Maloney 69a7a89936
use the correct print_error message
vrpint_error feeds through the old authbrute mixin
which does not behave properly anymore. use
print_error instead

5266
2015-05-18 13:51:23 -05:00
David Maloney 09d735e855
remove proof from failure message
the snmp login scanner will only have
proof on success, not on failure. remove it from
the failure message for cleaner formatting

5266
2015-05-18 13:45:01 -05:00
Stuart Morgan 79b9ef008a Bugfix 2015-05-17 13:55:56 +01:00
jvazquez-r7 dd5060e08c
Land #5340, @wchen-r7's change to the symantec_web_gateway_login writing style 2015-05-15 13:18:35 -05:00
jvazquez-r7 cf5fa6752e
Use parenthesis 2015-05-15 13:17:54 -05:00
jvazquez-r7 d05cae5faf
Land #5329, @wchen-r7's add configurable options to jenkins_login 2015-05-15 11:38:21 -05:00
wchen-r7 24a989b8a3
Land #5249, Add Module for Enum on InfluxDB database 2015-05-14 11:22:54 -05:00
wchen-r7 005c36b2a6 If data is empty, don't save (or even continue) 2015-05-14 11:22:10 -05:00
wchen-r7 ac0e4e747a Change writing style of symantec_web_gateway_login 2015-05-13 00:23:37 -05:00
wchen-r7 202c5e0121
Land #5333, HTML Title Grabber 2015-05-12 11:19:06 -05:00
wchen-r7 faec5844cb Some fixes 2015-05-12 11:18:21 -05:00
jvazquez-r7 a5267ab77e
Land #4940, @dnkolegov's modules for F5 BIG-IP devices 2015-05-12 09:59:21 -05:00
Stuart Morgan f0048b9a6d Apparently you don't quote the keys with the new syntax 2015-05-12 11:00:18 +01:00
Stuart Morgan 7c81adbd89 MSFTidy is now quiet and happy 2015-05-12 10:47:49 +01:00
Stuart Morgan 1f6bd3e2be Updated to new ruby hash syntax and removed <> from title 2015-05-12 10:43:32 +01:00
Stuart Morgan 518e28674e Removed CGI dependency (@hmoore-r7, @wchen-r7) 2015-05-11 21:10:18 +01:00
Stuart Morgan 78e310562b Readability style change 2015-05-11 19:48:12 +01:00
Stuart Morgan 8e3d803e74 Updated style as per @void-in's comments 2015-05-11 19:46:10 +01:00
Stuart Morgan 62d67469da Updated code style as per @hmoore-r7's instructions 2015-05-11 19:34:23 +01:00
Stuart Morgan b8f7c80fd2 Rubocop 2015-05-11 18:50:03 +01:00
Stuart Morgan 8308c2a925 Added check for nonsensical options 2015-05-11 18:48:55 +01:00
Stuart Morgan 99133deabb Reran tests, sorted out strip problem 2015-05-11 18:29:44 +01:00
Stuart Morgan c25a5d3859 Fixed a bunch of rubocop errors 2015-05-11 18:14:37 +01:00
Stuart Morgan 34cf90af59 Removed unnecessary include 2015-05-11 17:31:31 +01:00
Stuart Morgan c001f014ce HTML Title Grabber 2015-05-11 17:29:22 +01:00
wchen-r7 d8cc2c19d3 Fix #5315, User configurable options for jenkins_login
Fix #5315. This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
Denis Kolegov efb226a55c Fixed some minor errors 2015-05-10 02:59:57 -04:00
jvazquez-r7 a8adcda941
Redo port checks 2015-05-08 15:29:30 -05:00
jvazquez-r7 156aac1dff
Use timeout options 2015-05-08 15:23:08 -05:00
jvazquez-r7 bf9ca1f88f
Change module filename 2015-05-08 15:08:59 -05:00
jvazquez-r7 f56115552f
Do code cleanup 2015-05-08 14:56:39 -05:00
jvazquez-r7 b73241882b
Use datastore option 2015-05-08 14:48:19 -05:00
jvazquez-r7 b5f5bacb8c
Use the connect/read timeout as used by the HTTPClient mixin 2015-05-08 14:46:08 -05:00
jvazquez-r7 9fdbfd7031
Use vprint_error 2015-05-08 14:21:36 -05:00
jvazquez-r7 017ae463ed
Fix description style 2015-05-08 14:18:29 -05:00
jvazquez-r7 2e01eb519d
Do minor fixes 2015-05-08 14:04:44 -05:00
jvazquez-r7 5588ad36b3
Print status message 2015-05-08 13:51:00 -05:00
jvazquez-r7 7e62ba85a1
Do code cleanup 2015-05-08 13:33:28 -05:00
jvazquez-r7 60c2c7a7cd
Delete unused variable 2015-05-08 13:19:39 -05:00
jvazquez-r7 c0f21c3ae1
Fix metadata 2015-05-08 13:19:23 -05:00
void-in a7988f9e93 Change credentials to service:service 2015-05-08 22:52:59 +05:00
William Vu 508574970c
Land #5307, Brocade login scanner resurrection 2015-05-07 22:43:39 -05:00
William Vu 8d3737d13c Fix some stylistic issues 2015-05-07 22:43:23 -05:00
William Vu c9cb9ad564 Fix extraneous comma 2015-05-07 15:32:48 -05:00
Tod Beardsley 4df622c76b
Oops, one last for #5312. 2015-05-06 14:48:17 -05:00
Tod Beardsley e8913e5620
Addressed most of @wvu's issues with #5312 2015-05-06 14:47:08 -05:00
Tod Beardsley f423306b6f
Various post-commit fixups
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150, @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys

Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192, @joevennix's module for Safari CVE-2015-1126

Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in

Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016,
add SSL Labs scanner

Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101, Add Directory Traversal for GoAhead Web Server

Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158, OWA internal IP disclosure scanner

Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159, WordPress Mobile Edition Plugin File Read Vuln

Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924, @m-1-k-3's DLink CVE-2015-1187 exploit

Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131, WordPress Slideshow Upload

Edited modules/exploits/windows/local/run_as.rb first landed in #4649,
improve post/windows/manage/run_as and as an exploit

(These results courtesy of a delightful git alias, here:

```
  cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"

```

So that's kind of fun.
2015-05-06 11:39:15 -05:00
Brent Cook 93c785560b remove brocade_telnet scanner, extend telnet
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
Mike dc053aeb58 Spelling Fix
s/Brocde/Brocade/ as per bcook-r7
2015-05-05 21:16:24 -05:00
root fc1c0028a8 moved array definition to avoid error 2015-05-05 21:16:23 -05:00
root 7949daf42b brocade_enable_login msftidy success 2015-05-05 21:16:23 -05:00
root 6b5aaa5479 brocade enable command bruteforcer 2015-05-05 21:16:23 -05:00
Denis Kolegov 7fb99cdaaf Merged fixed conflicts 2015-05-02 05:37:36 -04:00
Denis Kolegov f95774c6b4 Fixed bugs 2015-05-02 05:09:03 -04:00
jvazquez-r7 93ac8b48e3
Land #5178, @jboss_vulnscan check for console default admin
* And minor fixes
2015-05-01 17:38:20 -05:00
jvazquez-r7 697c6c20cb
Do minor cleanup 2015-05-01 17:37:45 -05:00
jvazquez-r7 04fa626eab
Save credentials as UNTRIED 2015-05-15 14:58:55 -05:00
jvazquez-r7 16c3bf91a1
Do code cleanup 2015-05-15 14:46:34 -05:00
jvazquez-r7 c6806b4e5f
Land #5102, @wchen-r7's ManageEngine Desktop Central Login Utility 2015-05-01 15:20:21 -05:00
jvazquez-r7 b037560c90
Do minor style fixes 2015-05-01 15:01:13 -05:00
William Vu 83288ff391 Fix typo 2015-04-30 17:58:26 -05:00
James Lee ee5dc1d6e4
Land #5277, typo in telnet_encrypt_overflow 2015-04-30 10:44:55 -05:00
Brent Cook 4c9f44b00c
Revert "Land #4888, @h00die's brocade credential bruteforcer"
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
William Vu 9b17191e48 Remove unnecessary {,dis}connect 2015-04-28 15:09:16 -05:00
William Vu 28e661e204 Fix false positive in POODLE scanner
If SSL is false somehow.
2015-04-28 14:19:48 -05:00
m-1-k-3 0a4554a204 reporting included, extract device details 2015-04-28 13:01:51 +02:00
Christian Mehlmauer 7523e592d2
Land #5198, WordPress contus video gallery 2.7 scanner 2015-04-27 23:24:57 +02:00
m-1-k-3 ce697ee44c netgear soap password extractor 2015-04-27 17:56:30 +02:00
Brandon Perry 7a2084cdc5 Rename wordpress_contus_video_gallery_sqli.rb to wp_contus_video_gallery_sqli.rb 2015-04-26 16:54:21 -05:00
m-1-k-3 b330b1d41c typo in title of telnet_encrypt_overflow.rb 2015-04-26 02:32:14 +02:00
Roberto Soares c41c7a1ba2 Rewrote the conditions of res. 2015-04-25 17:18:38 -03:00
Roberto Soares d01da0c522 Changed if conditions and exception handling 2015-04-25 15:08:36 -03:00
Roberto Soares 3a84396f32 Removed authorization header. 2015-04-25 14:30:21 -03:00
Roberto Soares b810a96dac Add Module for Enum on InfluxDB database. 2015-04-25 04:41:33 -03:00
Brent Cook ff96101dba
Land #5218, fix #3816, remove print_debug / DEBUG 2015-04-24 13:41:07 -05:00
jvazquez-r7 896d6e8cb7
Fix title 2015-04-24 11:09:39 -05:00
jvazquez-r7 1825b45ac3
Land #5242, @espreto's module for GI-Media Library Plugin Directory Traversal 2015-04-24 11:08:52 -05:00
jvazquez-r7 7af6f31c3a
Fix message 2015-04-24 11:08:00 -05:00
jvazquez-r7 5ca6fe3cb0
Do code cleanup 2015-04-24 11:07:13 -05:00
Brent Cook f457f36cdd
Land #5213, improvements to MS15-035 DoS 2015-04-24 10:54:48 -05:00
kaospunk bb0b2eee37 Fix missing . in SRV query
This update adds a missing . to the end of the
_ldap._tcp SRV record so that it properly forms
the DNS query.
2015-04-24 10:42:31 -04:00
Roberto Soares e51897d64e Filepath option 2015-04-24 04:35:59 -03:00
Roberto Soares 7b0b59b5f6 Add WordPress GI-Media Library Plugin File Read. 2015-04-24 04:24:16 -03:00
Brandon Perry e9f8b25987 Update wordpress_contus_video_gallery_sqli.rb
Update to use the Wordpress mixin
2015-04-22 14:43:55 -05:00
Brandon Perry 26d208f089 Update wordpress_contus_video_gallery_sqli.rb
remove 'uri'
2015-04-22 14:42:03 -05:00
Brent Cook 3963289519
Land #4888, @h00die's brocade credential bruteforcer 2015-04-21 18:27:03 -05:00
Mike 3a1778ef7c Spelling Fix
s/Brocde/Brocade/ as per bcook-r7
2015-04-21 17:57:36 -04:00
jvazquez-r7 3db0e12b67
Modify autopwn comment 2015-04-21 14:19:15 -05:00
jvazquez-r7 ab94f15a60
Take care of modules using the 'DEBUG' option 2015-04-21 12:13:40 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
Brent Cook 073850c5ad
Land #5158, OWA internal IP disclosure scanner 2015-04-21 11:10:39 -05:00
Brent Cook 5296c6507d
Land #5157, OWA login scanner auth timing logs 2015-04-21 11:06:08 -05:00
wchen-r7 a44da8e6d7 URL refs 2015-04-21 09:29:08 -05:00
Brent Cook 9a49538c1a
Land #5016, add SSL Labs scanner 2015-04-20 21:34:16 -05:00
Brent Cook 752c3243f6 wrap print* functions in report_* wrappers
Preserve the semantics in the code, but don't call functions like 'print_error'
unless there is an actual error running the module. Fix spelling of 'Overall'.
2015-04-20 21:13:43 -05:00
wchen-r7 ff32d6cee3 Improve MS15-034 DOS 2015-04-20 20:36:08 -05:00
jvazquez-r7 c6c7560aed
Land #4846, @joevennix's android 4.3 uxss module 2015-04-20 18:43:24 -05:00
jvazquez-r7 9b240e1d8f Use parenthesis 2015-04-20 18:42:34 -05:00
William Vu 79ca0a56f9
Land #4171, Steam protocol support 2015-04-20 15:35:06 -05:00
jvazquez-r7 f762873a31
Land #5192, @joevennix's module for Safari CVE-2015-1126
* Module to profit cross domain vulnerability on safari
2015-04-20 15:19:54 -05:00
jvazquez-r7 e2eaff6b3a
Don't modify datastore options 2015-04-20 15:16:21 -05:00
jvazquez-r7 88c52ae7ae
Delete second stop_service, the mixin should had done the job 2015-04-20 15:13:11 -05:00
jvazquez-r7 dc0549d2dd
Use #wait 2015-04-20 15:06:01 -05:00
jvazquez-r7 c1234e05e2
Delete parenthesis from condition 2015-04-20 14:56:37 -05:00
jvazquez-r7 0283ac05e5
Do minor style fixes 2015-04-20 14:54:39 -05:00
jvazquez-r7 69b8edda4a
Use single quotes 2015-04-20 14:53:38 -05:00
jvazquez-r7 16daa935dd
Do minor code cleanup 2015-04-20 13:08:51 -05:00
Brandon Perry b622aae97f Update wordpress_contus_video_gallery_sqli.rb 2015-04-19 18:24:12 -05:00
Brandon Perry c393f7c398 add contus video gallery scanner 2015-04-19 17:58:08 -05:00
Christian Mehlmauer ed9175d73f
Land #5167, WordPress CP Multi-View Calendar SQLI Scanner 2015-04-19 23:36:23 +02:00
Brandon Perry 8c0bcd2e03 Update wordpress_cp_calendar_sqli.rb
Use the new WPVDB
2015-04-19 16:32:57 -05:00
joev 2010e966b3 Add non-httponly cookie theft module for ios/osx safari. 2015-04-19 11:32:37 -05:00
wchen-r7 4f903a604c Fix #5103, Revert unwanted URI encoding
Fix #5103. By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
Christian Mehlmauer 6653c9e33d
Land #5162, WordPress Dukapress File Read Vulnerability 2015-04-17 11:20:55 +02:00
Christian Mehlmauer 6c77b64dae
wrong method name 2015-04-17 11:20:14 +02:00
Christian Mehlmauer aef464fc2e
Land #5159, WordPress Mobile Edition Plugin File Read Vuln 2015-04-17 11:13:00 +02:00
William Vu 3422501d91
Land #5174, deprecated module cleanup 2015-04-16 17:43:28 -05:00
Christian Mehlmauer 153344a1dd
fix Unkown typo 2015-04-16 23:59:28 +02:00
Christian Mehlmauer 2b9fd93729
remove deprecated modules 2015-04-16 22:49:22 +02:00
Roberto Soares ed588e335b Changed the print_error output. 2015-04-16 17:32:59 -03:00
Roberto Soares bf3bdcffb4 Changed the deph value to 7. 2015-04-16 17:30:28 -03:00
Roberto Soares dd474757fe Changed the print_error output. 2015-04-16 17:26:44 -03:00
Roberto Soares f50cedeafd Changed the depth value to 7. 2015-04-16 17:22:49 -03:00
Christian Mehlmauer 352e170624
more failure reasons 2015-04-16 22:04:11 +02:00
Christian Mehlmauer b4b8ac0849
moar fail_with's 2015-04-16 21:26:37 +02:00
Christian Mehlmauer 4dc402fd3c
moar fail_with's 2015-04-16 21:16:52 +02:00
Christian Mehlmauer 0e186fa617
first fail_with fixes 2015-04-16 21:08:33 +02:00
William Vu 1455d4e94d Fix AUTH_TIME 2015-04-16 11:39:33 -05:00
William Vu 7c572777e1 Fix whitespace 2015-04-16 11:34:50 -05:00
William Vu 7a9167b235 Fix comments 2015-04-16 11:34:47 -05:00
Nate Power 9bcc988266 Update owa_login 2015-04-16 11:23:04 -05:00
Brandon Perry 75b88f199a Create wordpress_cp_calendar_sqli.rb 2015-04-16 09:53:00 -05:00
Roberto Soares ecc67b1a57 Fix loot name 2015-04-16 10:42:20 -03:00
Roberto Soares d898af5513 Add check version and removed HttpClient 2015-04-16 10:40:35 -03:00
Roberto Soares 768294710b Add check and removed HttpClient 2015-04-16 10:22:10 -03:00
Roberto Soares 890561bff3 Rewriting the condition 'if' for only one line 2015-04-16 09:23:56 -03:00
Roberto Soares b90ff36ef4 Rewriting the condition 'if' for only one line 2015-04-16 09:15:17 -03:00
Roberto Soares 21e964e699 Add Author and references.. 2015-04-16 07:20:48 -03:00
Roberto Soares f6f4bd0746 Add WordPress Dukapress File Read Vulnerability 2015-04-16 07:17:46 -03:00
Roberto Soares c8e1185a04 Included Wordpress mixin. 2015-04-16 05:02:39 -03:00
William Vu 42ff0decc7
Land #4722, timing options for snmp_login 2015-04-16 02:25:29 -05:00
William Vu 88062a578d Clean up PR 2015-04-16 02:25:06 -05:00
William Vu bec6270f07 Fix regex 2015-04-15 23:47:03 -05:00
William Vu 0a4ab99aa5
Land #5149, couchdb_enum cleanup 2015-04-15 21:50:30 -05:00
William Vu 4410f8da6e Clean up module some more 2015-04-15 21:48:19 -05:00
Brent Cook 30d60975ba
Land #5144, add missing report_note in apache_range_dos 2015-04-15 21:47:18 -05:00
William Vu 01ae7002cf Fix EOF whitespace 2015-04-15 21:27:53 -05:00
William Vu 20d4d1ce3f Move report_goods before the return 2015-04-15 21:22:41 -05:00
Roberto Soares 0031f09d60 Add author, EDB, WPVDB and fix loot. 2015-04-15 20:03:36 -03:00
Roberto Soares 0f1cf1d1b1 Add Module WP Mobile Edition Plugin File Read Vuln 2015-04-15 19:45:08 -03:00
William Vu 66b7179a97 Rename module to owa_iis_internal_ip 2015-04-15 17:10:01 -05:00
William Vu a109dae033 Fix EOL whitespace 2015-04-15 16:58:59 -05:00
William Vu cc422eeeea Fix splat 2015-04-15 16:58:18 -05:00
Nate Power 34ce4edacb Add exchange_iis_internal_ip 2015-04-15 16:55:19 -05:00
sinn3r 7cc80c418b Correct a bad spelling in ms15_034_ulonglongadd.rb 2015-04-15 15:32:55 -05:00
sinn3r 76d36a46dc Missing a checkcode 2015-04-15 14:04:18 -05:00
sinn3r 8a542b841c Don't check Server header 2015-04-15 13:33:09 -05:00
sinn3r 90ed6ee0b6 No "vhost" 2015-04-15 13:32:11 -05:00
sinn3r 3aa8e6908d Converted to a DOS module 2015-04-15 13:13:16 -05:00
sinn3r 19ab71aa43 Final update i swear 2015-04-15 10:20:15 -05:00
sinn3r 7a77dbc9f0 Update description 2015-04-15 10:15:40 -05:00
sinn3r 2206ae48a1 Match the PR title 2015-04-15 01:50:59 -05:00
sinn3r 63048a7385 Newline
-_-
2015-04-15 01:38:09 -05:00
sinn3r 6f874b81ff Add MS15-034 check (CVE-2015-1635) 2015-04-15 01:37:43 -05:00
Roberto Soares 1d6300991c Clean the code of the module couchdb_enum. 2015-04-15 02:58:51 -03:00
William Vu 3cdc84bf27 Fix missing type in report_note 2015-04-14 14:02:20 -05:00
Tod Beardsley d87483b28d
Squashed commit of the following:
commit 49f480af8b9d27e676c02006ae8873a119e1aae6
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Apr 13 10:42:13 2015 -0500

    Fix funny punctuation on rootpipe exploit title

    See #5119

commit 0b439671efd6dabcf1a69fd0b089c28badf5ccff
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Apr 13 10:37:39 2015 -0500

    Fix vendor caps

    Trusting the github repo README at

    https://github.com/embedthis/goahead

    See #5101
2015-04-13 10:46:47 -05:00
sinn3r 284ef5bbbb
Land #5112, Nessus REST Login Module 2015-04-10 13:32:53 -05:00
Jon Cave b2b7da2dc5 Fix spelling of Microsoft in module name 2015-04-10 11:09:16 +01:00
root 7810f3d9a3 Add previous nessus_xmlrpc_login file 2015-04-10 12:32:42 +05:00
root bbbd4d3634 change name to keep both XML and REST modules 2015-04-10 12:20:43 +05:00
root b6e750d7eb Nessus auxiliary scanner for updated REST API 2015-04-09 11:36:17 +05:00
William Vu c9bf8f3140
Land #5105, @joevennix's cable modem 0day 2015-04-08 16:09:46 -05:00
William Vu 831a59b10b Fix whitespace 2015-04-08 16:09:28 -05:00
Tod Beardsley 52f1b95222 Add disclosure link 2015-04-08 16:07:33 -05:00
sinn3r 1bfda9e78f
Land #5101, Add Directory Traversal for GoAhead Web Server 2015-04-08 15:30:23 -05:00
Brent Cook e03f2df691
Land #5002, RMI/JMX improvements 2015-04-08 15:23:29 -05:00
Tod Beardsley 7ed1655976
Adding module for R7-2015-01
Disclosure coming soon, will update this module with a pointer to the
correct reference.
2015-04-08 12:34:31 -05:00
sinn3r 5f389cf3c2 Add ManageEngine Desktop Central Login Utility 2015-04-08 02:05:56 -05:00
Roberto Soares dc14c770be Changed the traversal variable to just one line 2015-04-08 02:26:59 -03:00
Roberto Soares 441042ed37 Removed the segments variable 2015-04-08 01:29:45 -03:00
Roberto Soares d399d05383 Add Directory Traversal for GoAhead Web Server 2015-04-07 20:22:06 -03:00
Zach Grace 42e82cc644 Rubocop fixes 2015-04-07 18:21:08 -05:00
Zach Grace 7275d5745f Fixes, refactoring and adding JBoss AS default creds scanning 2015-04-07 17:40:25 -05:00
William Vu e1af495d21 Add extra release fixes 2015-04-06 13:08:40 -05:00
William Vu 56dc7afea6
Land #5068, @todb-r7's module author cleanup 2015-04-03 16:00:36 -05:00
jvazquez-r7 79b2a23dff
Land #5015, @espreto file traversal scanner for RIPS 2015-04-03 15:35:58 -05:00
jvazquez-r7 ce6e5e12d8
Make depth an option 2015-04-03 15:33:27 -05:00
jvazquez-r7 70fad73092
Add metadata 2015-04-03 15:27:28 -05:00
jvazquez-r7 e3bbb7c297 Solve conflicts 2015-04-03 14:57:49 -05:00
jvazquez-r7 e729185804
Land #5051, @nullbind's new options for mssql_enum_domain_accounts_sqli 2015-04-03 14:44:20 -05:00
jvazquez-r7 fe9fbfd157
Make calculations easier 2015-04-03 14:43:01 -05:00
root 452ebcf9ad travis 2015-04-03 16:29:35 +05:00
root be829e77ba cravis error solve 2015-04-03 16:25:18 +05:00
root 4bd40fed7f yard doc and comment corrections for auxiliary 2015-04-03 16:12:23 +05:00
Denis Kolegov c9e8f9cbea Add BigIP HTTP VS scanner and fix connection errors 2015-04-03 02:30:03 -04:00
Tod Beardsley 6532fad579
Remove credits to Alligator Security Team
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.

The one that didn't was credited to dflah_ specifically, so merely
changed the author name.

Longer description, if needed, wrapped at 72 characters.

[See #5012]
2015-04-02 15:12:22 -05:00
sinn3r a592f645f0
Land #5039, Webdorado gallery wd 1.2.5 unauthenticated SQLi scanner 2015-04-01 14:34:58 -05:00
nullbind 91aeef0a8a added startrid and endrid 2015-04-01 10:09:13 -05:00
Tod Beardsley d1318d1b48
Fixups for release 2015-03-31 11:02:12 -05:00
Brandon Perry e73286cfa5 update stale references 2015-03-30 17:17:48 -05:00
sinn3r 613f4777ce Land #5024, add joomla_ecommercewd_sqli_scanner.rb 2015-03-30 12:45:09 -05:00
jvazquez-r7 8ff54ff98d
Add msb reference 2015-03-30 10:58:08 -05:00
sinn3r 9af1e76bf7 Obfuscate js 2015-03-30 10:52:01 -05:00
sinn3r c7fa01c5ae Rename file 2015-03-30 10:39:33 -05:00
Denis Kolegov 9d78aa96d9 Add output of API errors to console 2015-03-30 02:42:09 -04:00
Brandon Perry de2bf0181c add first pass at gallerywd sqli scanner 2015-03-28 16:15:51 -05:00
Brandon Perry 9f0483248c add TARGETURI datastore option 2015-03-28 15:46:41 -05:00
Brandon Perry 6ede476423 Update joomla_ecommercewd_sqli_scanner.rb 2015-03-28 08:38:12 -05:00
Brandon Perry 0dbd8544b4 Update joomla_ecommercewd_sqli_scanner.rb 2015-03-27 21:20:59 -05:00
Brandon Perry 31be47d5bc Create joomla_ecommercewd_sqli_scanner.rb 2015-03-27 20:25:33 -05:00
Denis Kolegov 45f8738cfe Fix stdout errors 2015-03-27 07:53:59 -04:00
Denis Kolegov 3515a0a71f Initial commit for supporting SSL Labs API 2015-03-27 07:34:11 -04:00
Roberto Soares 3e104fd8e6
Add Directory Traversal for RIPS Scanner 2015-03-27 05:08:43 -03:00
sinn3r f996c5a888 Update description 2015-03-27 02:31:36 -05:00
sinn3r 67dc46791d Limit the module to IE 8 and IE9 2015-03-27 02:30:04 -05:00
sinn3r f88d9651b6 I don't think it's worth putting the js in ie_addons.js 2015-03-27 02:26:50 -05:00
sinn3r bd2763292a Properly credit Soroush Dalili 2015-03-26 23:36:16 -05:00
sinn3r 560f31c34d Minor changes 2015-03-26 23:29:44 -05:00
sinn3r 68624dd56e Final for ie_files_disclosure.rb 2015-03-26 22:49:22 -05:00
sinn3r b0b17775c2 First working version 2015-03-26 21:53:26 -05:00
jvazquez-r7 0540e25db2
Calculate the java/rmi/registry/RegistryImpl_Stub hash dinamically 2015-03-25 11:29:07 -05:00
dnkolegov 5d80ef9325 Fix minor issues 2015-03-25 02:53:36 -04:00
dnkolegov 040a1af9c5 Delete useless ecnryption cookie detection, fix minor issues 2015-03-25 02:34:33 -04:00
rastating 7a0fe05803 Add CVE-ID to module references 2015-03-24 22:30:43 +00:00
Christian Mehlmauer 7bf00f8f47
Land #4789, @rastating WPLMS wordpress module 2015-03-24 20:46:38 +01:00
jvazquez-r7 39e87f927a
Make code consistent 2015-03-24 11:44:26 -05:00
Tod Beardsley 49a6057f74
Grammaring harder 2015-03-24 11:10:36 -05:00
dnkolegov ee17d6e606 Deleted spaces at EOL 2015-03-23 04:34:38 -04:00
dnkolegov 2a0deaa6c8 Deleted default options and SYN scan 2015-03-23 04:31:08 -04:00
jvazquez-r7 8c3e39acf0
Land #4847 @rastating's module for WordPress WP EasyCart privilege escalation 2015-03-20 18:23:05 -05:00
jvazquez-r7 349d7cb9ee
Do minor cleanup 2015-03-20 18:20:45 -05:00
William Vu 6f51946aa0
Land #4969, GitLab module references 2015-03-20 17:26:51 -05:00
William Vu 99f3de0843 Clean up info hash formatting 2015-03-20 17:26:21 -05:00
jvazquez-r7 1226b3656f
Land #4945, @wchen-r7's login scanner for Symantec web gateway 2015-03-20 14:44:05 -05:00
jvazquez-r7 2f35fcff99
Fix require 2015-03-20 14:43:42 -05:00
Meatballs 8ee520e749
Add reference 2015-03-20 19:17:34 +00:00
sinn3r b19f766728
Land #4942, Gitlab Login Scanner 2015-03-20 13:02:12 -05:00
sinn3r a2ce14a31e
Land #4941, Gitlab Unauth User Enumeration 2015-03-20 12:28:35 -05:00
sinn3r 235124a40a Fix typo 2015-03-20 12:27:23 -05:00
sinn3r 84164b44b2 Should also rescue JSON::ParserError for banner parsing 2015-03-20 12:27:02 -05:00
jvazquez-r7 b839547dc3 Add documentation for Registry modules and methods 2015-03-19 17:57:21 -05:00
jvazquez-r7 a7f1244251
Finish the java_rmi_registry gather module 2015-03-19 17:33:45 -05:00
sinn3r 94ab2f94fd Remove symbols that aren't used
These symbols belong to the AuthBrute mixin, but we are not using
AuthBrute for login testing.
2015-03-19 14:14:01 -05:00
jvazquez-r7 5c3134a616
Add first support to gather information from RMI registries 2015-03-19 11:16:04 -05:00
OJ e943cb550f
Land #4585 : CVE-2015-0975 XXE in OpenNMS 2015-03-18 22:34:52 +10:00
OJ d1a2f58303 Fix of regex for file capture and format tweaks 2015-03-18 22:17:44 +10:00
OJ fa7242388b Move the module to the correct location 2015-03-18 18:18:54 +10:00
jvazquez-r7 14be07a2c4
Update java_rmi_server modules 2015-03-17 21:29:52 -05:00
James Lee bd4738b93e
Land #4827, capture and nbns fixups 2015-03-17 17:37:55 -05:00
James Lee d7fa0ec669
Let IPAddr#hton do the calculating 2015-03-17 17:36:45 -05:00
jvazquez-r7 1242404085
Delete comment 2015-03-17 14:18:07 -05:00
William Vu d1d6378179
Land #4566, Misfortune Cookie scanner improvements 2015-03-17 12:32:35 -05:00
sinn3r f95b783193 I don't need these eitehr 2015-03-17 11:33:49 -05:00
jvazquez-r7 ebe7ad07b0 Add specs, plus modify java_rmi_server modules 2015-03-17 11:26:27 -05:00
Meatballs e1ebc6c7fe
Update date, remove URL (will replace later) 2015-03-17 12:50:47 +00:00
Meatballs 0cd85cb052
Correct capitilzation of GitLab 2015-03-17 11:33:57 +00:00
Meatballs d18224e3cb
Correct capitilzation of GitLab 2015-03-17 11:32:14 +00:00
Meatballs f4a1e981ab
Add gitlab login scanner 2015-03-17 11:19:23 +00:00
Meatballs 878247f495
Small modifications 2015-03-17 10:03:32 +00:00
Meatballs f1d5d8f1ce
Store to loot as well 2015-03-17 09:55:28 +00:00
Meatballs 9f40826f8e Store creds in database 2015-03-17 09:17:08 +00:00
Meatballs 3830e71257 Catch 7.5 401 2015-03-17 09:17:08 +00:00
Meatballs 1b565b0290 Check revision 2015-03-17 09:17:07 +00:00
Meatballs 7216f2a971 Initial commit 2015-03-17 09:17:07 +00:00
sinn3r 14296826f7 A cleaner way to set datastore options 2015-03-17 03:07:49 -05:00
sinn3r ff58f7d270 Add Symantec Web Gateway Login Module 2015-03-17 02:51:57 -05:00
dnkolegov e01f824b2c Fix capitalization warnings 2015-03-17 03:46:00 -04:00
dnkolegov 78be03623f Fix indent warnings 2015-03-17 03:39:04 -04:00
dnkolegov 34c30502fd Add SSL/TLS support, fix minor errors, change default parameters 2015-03-17 02:49:11 -04:00
dnkolegov dd751a3371 Add ssl/tls support, change default parameters 2015-03-17 02:23:13 -04:00
jvazquez-r7 0a37df67a0 Add initial support for better RMI calls 2015-03-16 23:44:16 -05:00
HD Moore 2ea984423b while(true)->loop, use thread.join 2015-03-16 14:08:01 -05:00
William Vu ac0e23d783
Land #4932, hardcoded username fix
For mssql_escalate_execute_as_sqli.
2015-03-16 01:46:13 -05:00
Scott Sutherland 00dbcc12ca Removed imp_user var from escalate_privs func 2015-03-15 22:02:12 -07:00
nullbind 5bebabb005 fixed hardcoded username 2015-03-15 19:45:02 -05:00
Sven Vetsch 4d3a1a2f71 fix all duplicated keys in modules 2015-03-14 13:10:42 +01:00
William Vu a32cd2ae9e
Land #4877, CVE-2015-0240 (Samba) aux module 2015-03-13 00:03:53 -05:00
sinn3r 0d36115112 Update MS15-018 MSB reference 2015-03-12 10:13:37 -05:00
dnkolegov bc0276a9c8 Add scanner for F5 web management interfaces 2015-03-12 06:50:29 -04:00
Tod Beardsley df80d56fda
Land #4898, prefer URI to open-uri 2015-03-09 09:14:10 -05:00
root 5b25ba5df3 moved array definition to avoid error 2015-03-07 12:57:44 -05:00
root fac777da3d brocade_enable_login msftidy success 2015-03-06 20:33:09 -05:00
joev ccd0712d43 Use ===, doh. 2015-03-06 12:29:34 -06:00
joev fefd4e271a Don't hardcode the hex. 2015-03-06 12:16:03 -06:00
root 591716e557 brocade enable command bruteforcer 2015-03-06 09:41:14 -05:00
dnkolegov 252557227d Add F5 BigIP APM DoS module 2015-03-06 01:55:42 -05:00
joev 3fb4fbe8e6 Add 'not allowed' check instead of magic check. 2015-03-06 00:01:31 -06:00
joev 7db3277731 Actually hide the iframe. 2015-03-05 23:52:29 -06:00
joev d7295959ca Remove open-uri usage in msf. 2015-03-05 23:45:28 -06:00
joev 3c5d7b3ef0 Okay, putting source code in a quoted string is horrible. 2015-03-05 23:25:37 -06:00
Tod Beardsley e429d4c04f Add reference and description for PTH on Postgres
Dave and William did most of the work already over on PR #4871, this
just points it out in the module.
2015-03-05 14:36:56 -06:00
sinn3r 16c86227e2 Change to OptBool and default to explicit 2015-03-05 13:07:03 -06:00
aushack 2f4df39dc9 Fixed typo 2015-03-05 17:40:51 +11:00
sinn3r d40e7485dd Add CVE-2015-0240 auxiliary module 2015-03-04 23:50:14 -06:00
David Maloney c8f23b2903
fix jtr_postgres_fast too
the JtR hash cracker for postgres hashes now uses
the new PostgresMD5 class for finding it's hashes

MSP-12244
2015-03-03 18:46:47 -06:00
David Maloney 199c3ba96c
postgres hashdump now stores PostgresMD5 objects
instead of nonreplayabke hashes the postgres_hashdump
aux module now saves them approriately as PostgresMD5s
with the md5 tag intact at the front

MSP-12244
2015-03-03 16:45:13 -06:00
sinn3r 5f3ed83922
Land #4836, Solarwinds Core Orion Service SQL injection 2015-03-02 11:44:26 -06:00
Brandon Perry f8e3874203 add nil check 2015-02-28 20:43:19 -06:00
rastating 3b21de3906 Add WPVDB reference 2015-02-26 13:37:23 +00:00
Brandon Perry ceb92cdf5e update login method 2015-02-26 07:33:51 -06:00
joev c4b85603d2 Fix encoding, oops. 2015-02-25 22:56:33 -06:00
joev d486d17302 Add reference to 2014 fix. 2015-02-25 21:04:01 -06:00
joev a410d2ec25 Add android 4.3 stock browser cookie/password theft. 2015-02-25 21:02:15 -06:00
William Vu f24da1b178 Add file checking to printer_delete_file 2015-02-25 18:14:13 -06:00
William Vu dc3ba40e5d Add file checking to printer_upload_file 2015-02-25 18:13:36 -06:00
William Vu 513d11ce93 Complete replacement of "pathname" with "path"
See e8c2c3687d.
2015-02-25 15:52:26 -06:00
William Vu b3d4fc798f Add printer_delete_file module 2015-02-25 15:47:53 -06:00
William Vu 90d179e56f Add printer_upload_file module 2015-02-25 15:01:01 -06:00
William Vu 3cf94740e6
Land #4817, CHECK_TCP option for Lantronix module 2015-02-25 13:16:14 -06:00
William Vu d301752a88 Fix whitespace 2015-02-25 13:16:03 -06:00
rastating e2dfdd60c0 Update version range 2015-02-25 19:11:15 +00:00
Jon Hart a1c80d9f18
Fix URL 2015-02-25 08:54:08 -08:00
Jon Hart ab0d0d4ad4
Remove UDPScanner from MDNS and LLMNR mixin -- leave that for modules 2015-02-25 08:53:38 -08:00
Jon Hart e48425db31
Update LLMNR code to use MDNS, since the format is the same 2015-02-24 16:06:07 -08:00
Jon Hart efd10ee08a Show name in status 2015-02-24 15:37:40 -08:00
Jon Hart 54495a4f4c Correct URL 2015-02-24 15:37:40 -08:00
Jon Hart 9ccd59cefc Simplify mdns query response printing (for now) 2015-02-24 15:37:40 -08:00
Jon Hart 5396618a2e Build LLMNR data ourselves, since Net::DNS is too restrictive. 2015-02-24 15:37:40 -08:00
Jon Hart c0d1775d86 Show rport in each batch 2015-02-24 15:37:40 -08:00
Jon Hart 093606ae23 stash 2015-02-24 15:37:40 -08:00
Jon Hart 80f5e68e8e Add basic descriptions 2015-02-24 15:37:40 -08:00
Jon Hart 95353da107 Cleanup, new base mDNS query module 2015-02-24 15:37:39 -08:00
Jon Hart ece84c0e30 Use build_probe 2015-02-24 15:37:39 -08:00
Jon Hart 4feda7f3e7 Allow friendly LLMNR type (PTR, ptr, 12) and class (IN, in, 1) 2015-02-24 15:37:39 -08:00
Jon Hart 4d82976740 Store LLMNR results 2015-02-24 15:37:39 -08:00
Jon Hart b3787ded6b Add mDNS mixins, update query module to use them 2015-02-24 15:37:38 -08:00
Jon Hart 9d21f29298 Update LLMNR query to use new UDPScanner functionality 2015-02-24 15:37:38 -08:00
Jon Hart fef19dd2a8 Add preliminary module for scanning mDNS 2015-02-24 15:37:38 -08:00
Jon Hart 5f4c4ee4be Use correct options to Packet.new 2015-02-24 15:37:38 -08:00
Jon Hart 1e38a5db86 Use Net::DNS::Packet to build queries, static probe 2015-02-24 15:37:38 -08:00
Jon Hart 473213849f More truthy method to determine whether to print, better inspection 2015-02-24 15:37:38 -08:00
Jon Hart 392ba483f9 Better handling of *print_ 2015-02-24 15:37:38 -08:00
Jon Hart 5cb14255c1 Inspect any responses 2015-02-24 15:37:38 -08:00
Jon Hart d2bddd6bcd Parse and print each response (for real. 3rd time's a charm...) 2015-02-24 15:37:38 -08:00
Jon Hart 25d85b60f3 Parse and print each response (for real) 2015-02-24 15:37:38 -08:00
Jon Hart 0f5aaaf607 Parse and print each response (for now) 2015-02-24 15:37:37 -08:00
Jon Hart 9ad0fc38f7 Print something more useful with LLMNR responses 2015-02-24 15:37:37 -08:00
Jon Hart a9a6a564c6 Use LLMNR multicast address for RHOSTS by default 2015-02-24 15:37:37 -08:00
Jon Hart f4a1ce7fb6 Default RHOSTS to 224.0.0.252, the multicast group for LLMNR 2015-02-24 15:37:37 -08:00
Jon Hart 7917a70216 Initial commit of some code for LLMNR research
This is largely useless right now because LLMNR is only supposed to
work in the same multicast/broadcast domain and implementations are
supposed to ignore requests with an IP TTL != 1.
2015-02-24 15:37:37 -08:00
rastating 242d3b8680 Add WP EasyCart privilege escalation module 2015-02-24 21:11:22 +00:00
Tod Beardsley 6feae9524b
Fix up funny indent on description
[See #4770]
2015-02-24 12:25:48 -06:00
Brandon Perry 1134b0a6fa fix dataastore to datastore 2015-02-24 10:34:33 -06:00
William Vu f3cad229d3 Fix duplicate hash key "References"
In modules/auxiliary/scanner/http/http_login.rb.
2015-02-24 05:19:58 -06:00
William Vu 8c5ff858d0
Land #4812, hp_sys_mgmt_login configurable URIs 2015-02-23 19:04:14 -06:00
Brandon Perry c9439addf8 fix url 2015-02-23 16:50:58 -06:00
HD Moore bf103def9e Add the /ews/ path to enable easy OWA brute force 2015-02-23 14:03:39 -06:00
William Vu bcfbcb7eea Clean up whitespace 2015-02-23 13:15:21 -06:00
sinn3r c39d6e152e
Land #4819, Normalize HTTP LoginScanner modules 2015-02-23 11:43:42 -06:00
HD Moore 1b1716bcf6 Fix a handful of bugs that broke this modules. Fixes #4799 2015-02-22 22:01:01 -06:00
HD Moore 9730a1655e Small cleanups to the LLMR responder module 2015-02-22 22:00:42 -06:00
HD Moore 615d71de6e Remove extraneous calls to GC.start() 2015-02-22 21:51:33 -06:00
Brandon Perry 3d82c7755b add solarwinds module 2015-02-22 15:35:42 -06:00
rastating 61bdd58fbe Fix required flag on options 2015-02-22 16:20:47 +00:00
rastating 37a55cce74 Abstracted version comparison code 2015-02-22 16:20:46 +00:00
rastating 31cdd757f6 Add WordPress WPLMS privilege escalation module 2015-02-22 16:20:46 +00:00