Commit Graph

24242 Commits (1faf0691305cb1d063a0e022b46c4ca52fa3cdb9)

Author SHA1 Message Date
William Vu 1faf069130
Land #3284, deprecated module cleanup 2014-04-20 23:10:55 -05:00
James Lee ee413ac385
Remove previously deprecated modules 2014-04-20 22:15:44 -05:00
Brandon Turner fda6ed39f2
Land #3278, use renamed bcrypt gem instead of bcrypt-ruby 2014-04-18 16:33:51 -05:00
Tod Beardsley af19efbd71
Use the new bcrypt gem, not bcrypt-ruby
See the change upstream at:

273946f2ba

Reported by @ZeroChaos
2014-04-18 15:02:42 -05:00
William Vu 7d801e3acc
Land #3200, goodbye LORCON modules :( 2014-04-18 12:32:22 -05:00
sinn3r 32293dfdab
Land #3277 - Be very clear about Redmine's existence 2014-04-18 10:31:16 -05:00
Tod Beardsley fe86886c29
Be very clear about Redmine's existence. 2014-04-18 10:01:54 -05:00
jvazquez-r7 c4d4af031c
Land #3276, @todb-r7's "make msftidy happy"'s fix 2014-04-18 09:54:52 -05:00
jvazquez-r7 5083143971
Land #3238, @Zinterax's timeout addition in openssl_heartbleed 2014-04-18 09:28:04 -05:00
Tod Beardsley 2a729c84f6
Fix disclosure date 2014-04-18 09:27:41 -05:00
jvazquez-r7 8a011ec9f6
Land #3197, @0x3fcoma's module for CVE-2013-5795 and CVE-2013-5880 2014-04-18 08:58:54 -05:00
jvazquez-r7 f3299e3ced Do minor code cleanup 2014-04-18 08:58:11 -05:00
Zinterax c68b7aa18f Merge pull request #1 from jvazquez-r7/review_3238
Clean timeout handling code
2014-04-18 09:50:33 -04:00
jvazquez-r7 2366f77226 Clean timeout handling code 2014-04-18 08:16:28 -05:00
Zinterax e38f4cbfa0 Apply response_timeout to get_once, code cleanup
Add response_timeout to get_once

Change timeout output in establish_connect()

Add disconnect ater timeout output

Made establish_connect timeout check more readable
2014-04-18 07:57:33 -04:00
Zinterax fab091ca88 Fix Action => DUMP
Fix for when Action is set to DUMP. Modifed the check to use action.name.

Console output:

msf auxiliary(openssl_heartbleed) > set action DUMP
action => DUMP
msf auxiliary(openssl_heartbleed) > run

[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Heartbeat data stored in /root/.msf4/loot/20140418070745_default_192.168.1.3_openssl.heartble_135938.bin
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:08:12 -04:00
Zinterax 1cf1616341 Rebase. Add timeout option support
Rebase to account for the KEYS merge.

Modify bleed() to work with timeout option.

Modify establish_connect() to work with timeout option.

Modify loot_and_report() to work with timeout option.

---Test Console Output---

Client Hello Timeout:

msf auxiliary(openssl_heartbleed) > run

[*] 127.0.0.1:443 - Sending Client Hello...
[-] 127.0.0.1:443 - No Client Hello response after 10 seconds...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Patched Apache:

msf auxiliary(openssl_heartbleed) > run

[*] 127.0.0.1:443 - Sending Client Hello...
[*] 127.0.0.1:443 - Sending Heartbeat...
[-] 127.0.0.1:443 - No Heartbeat response...
[-] 127.0.0.1:443 - Looks like there isn't leaked information...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Vulnerable Server:

msf auxiliary(openssl_heartbleed) > run

[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:04:05 -04:00
Zinterax 021ac53911 remove me 2014-04-18 07:03:36 -04:00
Christian Mehlmauer bbed9f4c66
Land #3274, @jjarmoc heartbleed private key extraction 2014-04-18 06:59:10 +02:00
jvazquez-r7 b0e4648d66
Land #2895, @dukebarman's exploit for Flash CVE-2013-0634 2014-04-17 23:35:05 -05:00
jvazquez-r7 acb12a8bef Beautify and fix both ruby an AS 2014-04-17 23:32:29 -05:00
Jeff Jarmoc 94618455b7 Merge pull request #1 from todb-r7/land-3274-rsa-keydump
Deconflict after #3252
2014-04-17 18:53:42 -05:00
Tod Beardsley 845108acf6
Looks like an autocorrect ran wild on TLS_CALLBACK
Whoops.
2014-04-17 17:47:47 -05:00
Tod Beardsley 2aa2cb17f3
Reimplement a check. 2014-04-17 17:10:54 -05:00
Tod Beardsley d40ab039e4
Clean up whitespace. Protip: use commit hooks 2014-04-17 16:28:07 -05:00
Tod Beardsley c34d548e50
First, undo #3252. Sorry about that.
undo #3252 completely. This means a reimplementation of @dchan's work,
but his intent was simply to implement a check_host() that doesn't
actually pull memory, so that should be pretty straight forward with the
new structure of the module.
2014-04-17 16:25:15 -05:00
Jeff Jarmoc e3daf6daf7 Singular 'TLS_CALLBACK' option 2014-04-17 15:51:37 -05:00
Jeff Jarmoc 6c832e22d6 rename scan to loot_and_report 2014-04-17 15:47:57 -05:00
Jeff Jarmoc c12eae66b3 Error and return if public key wasn't retrieved. 2014-04-17 15:44:40 -05:00
Jeff Jarmoc 578002e016 KEYS action gets it's own function 2014-04-17 15:39:05 -05:00
Tod Beardsley 5b0b5d9476
Land #3252, check() functionality for Heartbleed 2014-04-17 15:34:35 -05:00
Tod Beardsley a2d6c58374
Changing << to + per @jlee-r7 2014-04-17 15:34:13 -05:00
jvazquez-r7 91d9f9ea7f Update from master 2014-04-17 15:32:49 -05:00
jvazquez-r7 749e141fc8 Do first clean up 2014-04-17 15:31:56 -05:00
Jeff Jarmoc 9f30976b83 Heartbleed RSA Keydump
Flattened, merge conflicts resolved, etc.
2014-04-17 14:30:47 -05:00
Christian Mehlmauer 71a650fe6e
Land #3259, XMPP Hostname autodetect by @TomSellers 2014-04-17 08:54:15 +02:00
Tom Sellers 1f452aab48 Code cleanup
Changes requested by wvu-R7
2014-04-17 12:46:25 -05:00
Tom Sellers 9e2285619e Additional cleanup
Whitespace cleanup
2014-04-17 10:46:33 -05:00
Tom Sellers ee0d30a1f3 Whitespace fix
Removing extra line feeds
2014-04-16 17:27:39 -05:00
Tom Sellers 92eab6c54b Attribution addition
Per comment from Firefart
2014-04-16 17:26:09 -05:00
Tom Sellers 1f3ec46b8a Heartbleed - Add autodetection of XMPP hostname (round 2)
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.

This version addresses issues that FireFart (Thanks!) brought up about code quality and connection reliability.
2014-04-16 08:49:45 -05:00
sinn3r 54346f3f92
Land #3265 - Windows Post Manage Change Password 2014-04-15 18:45:48 -05:00
sinn3r d7a63003a3
Land #3266 - MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free 2014-04-15 18:35:18 -05:00
sinn3r 23c2a071cd Small name change 2014-04-15 18:35:00 -05:00
sinn3r 7a4e12976c
First little bit at Bug 8498
[FixRM #8489] rhost/rport modification
2014-04-15 18:20:16 -05:00
sinn3r d7513b0eb2 Handle nil properly when no results are found 2014-04-15 18:19:29 -05:00
jvazquez-r7 abd76c5000 Add module for CVE-2014-0322 2014-04-15 17:55:24 -05:00
Meatballs 5bd9721d95
Redundant include 2014-04-15 21:34:21 +01:00
Meatballs 02b11afddc
Merge remote-tracking branch 'upstream/master' into netapi_change_passwd
Conflicts:
	lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb
2014-04-15 21:23:45 +01:00
Meatballs bd9b5add49
Dont report creds
We dont know if a DOMAIN or IP is specified etc.
2014-04-15 21:14:49 +01:00