bb36cd016e
Fix #6643 , Pcap.lookupaddrs does not exist
2016-03-06 22:15:39 -06:00
eea8fa86dc
unify the SSLVersion fields between modules and mixins
...
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
66c697d2e4
Land #6602 , update author info for dahua_dvr_auth_bypass
2016-03-06 15:13:01 -06:00
4711191def
remove non-specific URL
2016-03-06 15:12:25 -06:00
c7c0e12bb3
remove various module hacks for the datastore defaults not preserving types
2016-03-05 23:11:39 -06:00
b1e9f44ca2
IPv6 Neighbor Advertisement Enhancement
...
http://seclists.org/nmap-dev/2011/q2/79
1. Shorten router advertisement payload lifetime.
2. Randomize address prefix.
3. Prevent from getting into default router list.
2016-03-06 03:23:37 +08:00
c5a9d59455
Land #6612 , one final missing change
2016-02-29 15:08:42 -06:00
cb0493e5bb
Recreate Msf::Exploit::Remote::Fortinet
...
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
8c2ce9687a
Land #6620 , fix typo in jtr_linux
2016-02-29 14:58:58 -06:00
a6a37b3089
Land #6612 , missing commits included
2016-02-29 14:06:21 -06:00
f5ad1286d2
Fix #6615 , fix typo "format"
...
Fix #6615
2016-02-29 12:44:25 -06:00
300fdc87bb
Move Fortinet backdoor to module and library
2016-02-29 12:06:33 -06:00
2950996cb8
Land #6612 , Add aux module for Fortinet backdoor
2016-02-29 12:02:49 -06:00
53d703355f
Move Fortinet backdoor to module and library
2016-02-29 11:57:42 -06:00
53ff3051e1
Land #6531 , NETGEAR ProSafe Network Management System 300 auth'd File Download
2016-02-26 10:53:16 -06:00
bc050410a6
Allow max traversal depth as an option, and report cred
2016-02-26 10:52:30 -06:00
051506694f
Land #6574 , add Linknat Vos Manager Traversal aux module
2016-02-25 22:02:56 -06:00
d14ec657e2
Land #6564 , Add Apache Karaf Command Execution Module
2016-02-25 14:47:40 -06:00
1d2ec7a239
Rescue OpenSSL::Cipher::CipherError
...
Our current net/ssh library is out of date, so we need to rescue
OpenSSL::Cipher::CipherError.
2016-02-25 14:46:53 -06:00
2e268a25da
Land #6596 , Apache Karaf Login Utility
2016-02-25 14:39:51 -06:00
aa7c3f01a8
Update name and description
2016-02-25 14:39:19 -06:00
7e25c7b87b
Handle OpenSSL::Cipher::CipherError
...
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
2016-02-25 14:35:37 -06:00
7d20e26a35
Move to aux/scanner/ssh
2016-02-25 11:22:50 -06:00
f52f44cde0
Remove session_setup, since we're not in a shell
...
A real shell. A real human bean.
2016-02-25 11:21:45 -06:00
ff3a554b4d
added an unless to wrap around the print and report_creds func for nas module to only execute if ftpuser and ftppass is non-blank
2016-02-24 13:53:30 -05:00
16d7b2e6ff
cleaned up unless code for nas module and setup ftpuser and ftppass to only if non blank
2016-02-23 17:37:47 -05:00
6aa6280eff
Try USERNAME before DEFAULTCRED
2016-02-23 13:44:44 -06:00
4eabe43273
fixed issues with capturing regex
2016-02-23 12:27:07 -05:00
c191e5b8e1
corrected authors file and cleaned up debug statements
2016-02-23 11:41:12 -05:00
c79eab2c7f
Land #6241 , @talos-arch3y's aux module for Dahua DVR CVE-2013-6117
2016-02-23 08:20:54 -08:00
5710c85a9e
Style changes
2016-02-23 15:15:57 +07:00
07ac13326e
Allow user to try other login credentials
2016-02-22 17:47:32 -06:00
c0180b23fa
Update description
2016-02-19 13:39:13 -06:00
33aaeb4ac9
Update authors
2016-02-19 11:53:17 -06:00
a82ce40c40
Update ibm_tsm_dos name
...
For some reason I actually modified the name, but I didn't mean
to.
2016-02-18 16:07:46 -06:00
adb175136e
Fix extra whitespace and unused vars in call
2016-02-18 15:18:29 -06:00
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
7ca0255ea1
Module should not be marked executable
2016-02-15 12:57:43 +08:00
f35230b908
add Linknat Vos Manager Traversal
2016-02-15 12:39:40 +08:00
3416a24dda
Adding vprint_status for loot path
...
Adding a vprint_status to show users the loot
path as per a comment on the pull request.
2016-02-14 11:19:20 -06:00
c9c4f49aca
Add get_file method and parse the server response
2016-02-13 17:20:37 -05:00
b2765a296f
Land #6547 , IBM Tivoli Storage Manager Fastback Denial of Service
2016-02-11 22:05:21 -06:00
3121093898
Update metadata, plus other minor changes
2016-02-11 22:04:05 -06:00
cdaa2a8c43
Adding Apache Karaf Command Execution Module
...
This module establishes an SSH session using default
credentials and then executes a user defined operating system
command. This is part of GitHub Issue #4358 .
2016-02-10 16:48:08 -06:00
c874699b82
removed ranking
2016-02-10 11:45:09 -06:00
4c6cb03548
more build errors
2016-02-10 11:40:21 -06:00
72f5a33804
addressed CI errors
2016-02-10 11:34:05 -06:00
51604fa24a
made necessary inheritance changes
2016-02-10 10:59:11 -06:00
5f0add2a8b
Land #6541 , typo fix for cisco_ssl_vpn
2016-02-09 17:13:24 -06:00
240cbb91be
s/resp/res/
2016-02-09 17:12:09 -06:00
eadbb6b582
moved module to modules/auxiliary/dos/misc
2016-02-09 11:44:01 -06:00
c0a8b01c2b
Addition of multiple read/write to auxiliary/scanner/scada/modbusclient.rb
2016-02-08 13:13:51 +01:00
cd7046f233
Change method name "method" to "http_method" for http_traversal.rb
...
We accidentally override "#method", which is bad.
2016-02-07 23:15:46 -06:00
40633ea7cd
Check filepath length
2016-02-08 01:11:18 +00:00
df825913b8
Use default timeout
2016-02-07 07:11:47 +00:00
e0e67f5507
Remove unnecessary check for FILEPATH
2016-02-07 02:05:15 +00:00
2171c344e5
Fix #6539 , correct a typo in report_cred
...
Fix #6539
2016-02-06 13:23:21 -06:00
b64294abc9
Create file for CERT VU 777024 (auth download)
2016-02-04 07:57:48 +08:00
47c0a3b4a7
Get some stragglers that had a different format
2016-02-01 16:21:10 -06:00
8094eb631b
Do the same for aux modules
2016-02-01 16:06:34 -06:00
f5ee6ce2f3
Better service reporting for snmp_login
...
Report the snmp string and update the module title & description
to better clarify what the module really does.
2016-02-01 12:24:19 -06:00
cd56470759
Land #6493 , move SSL to the default options, other fixes
2016-01-29 11:09:51 -06:00
8af751be41
Land #6470 , Telisca IPS Lock (and Unlock)
2016-01-27 16:41:25 -06:00
86c025de25
Title and description fixes for #6470
2016-01-27 16:40:06 -06:00
115c63e4ba
karaf default credential scanner PoC
2016-01-27 03:27:48 -05:00
6187354392
Land #6226 , Add Wordpress XML-RPC system.multicall Credential BF
2016-01-23 00:12:46 -06:00
064af0d670
Remove unwanted comment
2016-01-23 00:11:58 -06:00
ad3eed525b
Handing newer version of WP, fallback CHUNKSIE to 1
2016-01-23 08:06:27 +03:00
53e9bd7f51
This line does nothing
2016-01-22 18:55:45 -06:00
0f9cf812b7
Bring wordpress_xmlrpc_login back, make wordpress_multicall as new
2016-01-22 18:54:20 -06:00
91db2597c7
normalize URIs
2016-01-22 11:27:26 -06:00
b02c762b93
Grab zeroSteiner's module/jenkins-cmd branch
2016-01-22 10:17:32 -06:00
484d57614a
remove re-registered ssl options
2016-01-22 09:54:52 +01:00
216986f7af
Do API documentation, rspec, and other small changes
2016-01-21 17:22:14 -06:00
a8feb8cad5
make passwords faster for reading huge wordlest files
2016-01-21 03:32:50 +03:00
4cb19c75a6
Enhance the module and add version check
2016-01-21 03:19:31 +03:00
fcaef76215
Do a version check
...
This attack is not suitable for newer versions due to the
mitigation in place.
2016-01-20 17:14:44 -06:00
ad107a2d1c
Show - No Auth Required - Just Once
2016-01-19 08:29:33 +08:00
0b78406d29
clear Metasploit::Framework::LoginScanner::REDIS.new
2016-01-16 13:12:04 +08:00
b2983e1ee7
replace #{rhost}: #{rport} with #{peer}
2016-01-16 13:05:35 +08:00
2abaca3f6b
include Msf::Auxiliary::Redis / Remove default RPORT option
2016-01-16 12:58:02 +08:00
3d04f405b4
Update telisca_ips_lock_control.rb
...
commit the changes mad by sinn3r and replace headers on lock and unlock
2016-01-15 15:05:24 +00:00
477dc64e1e
Rename module
2016-01-14 19:45:00 -06:00
eb6cff77bc
Update the code to today's standards
...
Mainly making sure it is following the Ruby style guide, and
avoid unrecommended coding practices.
2016-01-14 19:38:59 -06:00
46f06516ad
Update /telisca_ips_lock_abuse
...
cleaning the code
2016-01-14 11:13:10 +00:00
c18253d313
deleted: modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb
2016-01-14 00:03:25 +00:00
60ef1eae90
adding modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-01-14 00:00:04 +00:00
1e37ff9701
Merge branch 'master' of github:kfr-ma/metasploit-framework into test_telisca_ipslock
...
merge
2016-01-13 23:20:50 +00:00
01b8302db1
delte modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb
2016-01-13 23:19:35 +00:00
1b9563b82a
rm modules/auxiliary/voip/telisca_ips_lock_abuse
2016-01-13 23:09:35 +00:00
c68d2a8e0a
replace telisca_ips_lock_abuse.rb
2016-01-13 22:59:18 +00:00
457e569f3b
replacing telisca-ips-lock
2016-01-13 22:50:58 +00:00
8b03b719e8
Adding auxialiary modules :
...
+ symantec_brightmail_ldapcreds.rb
+ telisca_ips_lock_abuse.rb
2016-01-13 15:19:07 +00:00
5266860cec
Squashed more commits back into 1
2016-01-07 17:53:49 -06:00
c245e64239
added peer to each print statement and rex table
2016-01-06 13:22:30 -05:00
6e65d1d871
Land #6411 , chinese caidao asp/aspx/php backdoor bruteforce
2016-01-06 12:03:17 -06:00
a54a7aeb02
redis only need password for authentication
2016-01-06 17:05:49 +08:00
bdda8650a2
Do not support username, because the backdoor doesn't use one
2016-01-06 02:02:11 -06:00
d626d7f0c9
Land #6416 , @all3g's rewrite/improvements to redis_server
2016-01-05 19:02:26 -08:00
90ea88e5ba
Make command used configurable
2016-01-05 16:23:10 -08:00
Brent Cook
Fakhri Zulkifli
William Vu
wchen-r7
Tyler Bennett
dmohanty-r7
Jon Hart
Pedro Ribeiro
James Lee
nixawk
Nicholas Starke
Spencer McIntyre
William Webb
alexandrinetorrents
Brendan Coles
Tod Beardsley
KINGSABRI
Christian Mehlmauer
kfr-ma
Fakhir Karim Reda
Jonathan Harms