41b07eeef6
Small changes to servicedesk_plus_traversal
2015-10-05 08:56:00 +07:00
ed8f5456a4
Fix bugs in drupal_views_user_enum.
2015-10-04 05:53:54 -03:00
e6a57d5317
Add ManageEngine ServiceDesk Plus Path Traversal module
2015-10-03 15:54:44 +07:00
2e2d27d53a
Land #5935 , final creds refactor
2015-10-01 00:25:14 -05:00
494b9cf75f
Clean up module
...
Prefer TARGETURI and full_uri.
2015-09-30 22:37:03 -05:00
2e5999a119
Missed colon for output standardization
2015-09-30 16:41:46 -04:00
3d41b4046c
Standardize output and include full uri
2015-09-30 16:33:15 -04:00
1bfa087518
Add IP to testing results
...
When specifying multiple hosts the resulting output is useless because you don't know which bypass goes to what IP address
2015-09-30 15:22:24 -04:00
421fb4dcb8
Rework of the jenkins_command module
2015-09-04 16:56:44 -07:00
04d622b69b
Cleanup Jenkins-CI module titles and option descriptions
2015-09-04 10:25:51 -07:00
d55757350d
Use the latest credential API, no more report_auth_info
2015-09-04 03:04:14 -05:00
5d59e8190e
Added OS detection.
2015-09-03 13:12:07 -05:00
6e4ae1238b
Land #5791 , show the VHOST in module output
2015-09-03 11:36:19 -05:00
b8eee4a9e4
Show the IP address if it doesn't match the VHOST
2015-09-03 11:35:38 -05:00
1b021464fe
Land #5919 , remove deprecated VMware modules & update resource script.
2015-09-03 10:23:48 -05:00
4b8dc143ec
Fixed output
2015-09-02 23:50:03 -04:00
255c8b63b3
Modified output
2015-09-02 23:33:06 -04:00
40176b9e3f
Updated.
2015-09-02 19:36:18 -05:00
f78f6d0a0c
Updated.
2015-09-02 19:03:07 -05:00
59aa3975be
Updated.
2015-09-02 18:27:44 -05:00
284edbe4b0
Update jenkins_command.rb
2015-09-02 16:47:23 -04:00
bde4f40c53
Update jenkins_command.rb
2015-09-02 16:39:49 -04:00
becc599aca
Created Jenkins RCE module
...
This module simply automates the same procedures documented by Royce Davis at https://www.pentestgeek.com/penetration-testing/hacking-jenkins-servers-with-no-password/ .
2015-09-02 16:12:05 -04:00
126fc9881e
Cleanup and tweaks
2015-09-02 12:48:53 -05:00
b89b6b653a
Update trace.rb
2015-09-03 01:26:45 +08:00
73bf812dfd
Update trace.rb
...
removed the cookie
2015-09-03 00:35:23 +08:00
5ecee6aaba
Update trace.rb
...
removed some spaces so that msftidy will be happy
2015-09-03 00:27:22 +08:00
34e0819a6e
Modified the HTTP Trace Detection to XST Checker
...
This was suggested by HD Moore in https://github.com/rapid7/metasploit-framework/pull/5612
2015-09-03 00:19:08 +08:00
8e993d7793
Remove deprecated vmware modules
2015-09-02 13:00:15 +05:00
0c4b020089
Land #5913 , Add WP NextGEN Gallery Directory Traversal Vuln
2015-09-02 00:01:35 -05:00
381297ba93
Fix the regex flags
2015-09-01 23:07:48 -05:00
626704079d
Changed output store_loot
2015-09-02 00:18:10 -03:00
96600a96ab
Changed html parse by @wchen-r7
2015-09-01 22:03:21 -03:00
3c72467b7d
Fixes bug where "cert.rb:47: warning: flags ignored" happens due to some issuer patterns.
2015-09-02 01:02:46 +02:00
35661d0182
Add WP NextGEN Gallery Directory Traversal Vuln
2015-09-01 13:28:04 -03:00
3d4cb06c67
Land #5807 , Added Module WP Mobile Pack Vuln
2015-08-28 13:43:00 -05:00
9e7f6d6500
Typos
2015-08-28 13:42:37 -05:00
29e92aaabe
Land #5806 , WordPress Subscribe Comments File Read Vuln
2015-08-28 11:52:59 -05:00
62e6b23b4c
Typo
2015-08-28 11:52:13 -05:00
b17d8f8d49
Land #5768 , update modules to use metasploit-credential
2015-08-17 17:08:58 -05:00
7bb4f9479f
Added new reference and removed empty line.
2015-08-04 03:58:57 -03:00
d9b6e9cc58
Changed res condition and some words.
2015-08-04 03:44:25 -03:00
19ceccd93a
Added JSON parse output.
2015-08-04 03:13:11 -03:00
f4679f5341
Added WP Mobile Pack Info Disclosure Vuln - Functional Module.
2015-08-04 02:21:26 -03:00
d221e9d961
Added more references.
2015-08-03 02:46:54 -03:00
e59e4828e4
Removed unnecessary DEPTH option.
2015-08-02 22:56:17 -03:00
514849bcdc
Added WP Subscribe Comments File Read Vuln - Functional.
2015-08-02 21:24:52 -03:00
fdb2b008f9
Fix a small typo - OSVDB instead of OSVBD.
2015-07-31 02:23:19 -03:00
3c394d673d
altered module to default
...
to replace RHOST with VHOST if it is defined.
MSP-11167
2015-07-30 16:25:15 -05:00
2415072c17
Replaced 'and' with '&&'
2015-07-28 14:14:25 -05:00
ee5e5b1e71
Fixed NoMethodError for .match on nil
2015-07-28 09:03:54 -05:00
866a99ed07
This is better
2015-07-23 20:51:21 -05:00
f5387ab3f2
Fix #5766 , check res for send_request_raw
...
Fix #5766
2015-07-23 20:49:18 -05:00
8bead5fde2
Modate update on using metasploit-credential
...
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
91fc213ddf
More metasploit-credential update
2015-07-23 15:50:50 -05:00
4561850055
Use metasploit-credential API instead of report_auth_info
2015-07-22 01:11:43 -05:00
07d05828d0
Land #5688 , remove msfcli
2015-07-13 15:27:38 -05:00
0a5119a4ac
Land #5702 , vprint_* optional parameter
2015-07-13 18:47:22 +00:00
e4e9ac9d28
Remove cold_fusion_version, use coldfusion_version instead
...
Please use auxiliary/scanner/http/coldfusion_version instead.
2015-07-13 12:56:46 -05:00
d795b2f831
Module cleanup
2015-07-11 19:40:21 +01:00
728b338593
Give msftidy a cookie
2015-07-10 11:28:10 -05:00
cf4b18700d
Fix CVE reference
2015-07-10 11:14:59 -05:00
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
67666160e8
Add patched server detection
2015-07-08 13:47:59 -05:00
25e0f888dd
Initial commit of R7-2015-08 coverage
2015-07-08 13:42:11 -05:00
c04490e5eb
Remove comma before coordinating conjunction
...
An independent clause does not follow.
2015-06-26 12:50:37 -05:00
31eedbcfa0
Minor cleanups on recent modules
...
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577 , MS15-034 HTTP.SYS Information Disclosure
Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605 , CVE-2015-3105 flash exploit
Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559 , Adobe Flash Player ShaderJob Buffer Overflow
Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540 ,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
84c0e62fd3
Land #5493 , update OWA scanner creds persistence
2015-06-26 08:46:27 -05:00
63f584cbfd
Add last_attempted_at
2015-06-25 12:08:38 +05:00
5751e196bb
Remove extraneous newline
2015-06-23 14:43:37 -05:00
59af7ef1fc
Remove the extra target_uri
2015-06-23 10:27:50 -05:00
a2a231c242
Land #5577 , MS15-034 HTTP.SYS Information Disclosure
2015-06-23 10:20:54 -05:00
11366971da
Oh never mind, user-agent makes it more difficult to use (more crashes)
2015-06-23 01:24:17 -05:00
6127b8a037
Pass user-agent
2015-06-23 01:23:01 -05:00
8ce5cc23cf
More consistent filename style
2015-06-23 01:08:34 -05:00
e9b548e8a2
Changes for ms15034_http_sys_memory_dump.rb
2015-06-23 01:07:33 -05:00
8086a6f8cc
remove unnecessary begin/rescue, change print_* to vprint_* in check()
2015-06-22 20:25:12 -04:00
90e17aee6b
clarified affected OSes and error messages
2015-06-22 15:47:26 -04:00
774aef7241
add module to dump memory via MS15-034
2015-06-22 10:31:31 -04:00
4762e9f62c
Land #5540 , @wchen-r7's changes for multiple auxiliary modules to use the new cred API
2015-06-19 15:39:09 -05:00
fa6e45964e
Provide context to the note
2015-06-19 15:38:26 -05:00
83427583ea
report_note for group info
2015-06-19 15:09:50 -05:00
ef286fdfcf
Remove report_auth_info
2015-06-19 15:06:02 -05:00
b104155cf1
Do Metasploit::Model::Login::Status::UNTRIED
2015-06-19 15:05:42 -05:00
ebd376e0f3
Land #5485 , @wchen-r7 updates wordpress_login_enum to use the new cred API
2015-06-19 10:50:07 -05:00
dfae4bbbf0
Do reporting more accurate
2015-06-19 10:48:12 -05:00
d86c21e94a
Land #5567 , author fix
2015-06-19 10:41:41 -05:00
76cd9590a4
Fix author
2015-06-19 19:13:51 +10:00
9b5770c966
Change to Metasploit::Model::Login::Status::SUCCESSFUL
2015-06-18 23:40:51 -05:00
b6379b4d24
Update drupal_views_user_enum
2015-06-16 00:02:02 -05:00
0b88e86a49
Using the new cred API for multiple auxiliary modules
2015-06-15 16:06:57 -05:00
907f596de6
Land #5520 , Update titan_ftp_admin_pwd to use the new creds API
2015-06-15 03:26:19 -05:00
940d045029
Correctly report rport
2015-06-15 03:23:39 -05:00
308b1a3d7f
Don't deregister username & password
2015-06-15 03:21:09 -05:00
e628d71261
Land #5397 , @espreto's module for WordPress Simple Backup File Read Vulnerability
2015-06-12 15:32:06 -05:00
184c20cd46
Do minor cleanup
2015-06-12 15:31:42 -05:00
7cb82f594b
Add ftp port for service
2015-06-10 14:24:05 +05:00
3ffe006e09
Update titan_ftp_admin_pwd to use the new creds API
2015-06-10 13:36:26 +05:00
78a6e1bc90
Change credential status from untried to successful
2015-06-10 10:07:33 +05:00
49e4820c57
Add depcrecated note to the existing modules
2015-06-09 10:42:53 +05:00
3279518bbd
Move VMware modules to the VMware directory
2015-06-08 14:58:22 +05:00
3ec6d9b7aa
Update owa_login to use new cred API
2015-06-05 15:41:07 +05:00
874e090aa1
Update wordpress_login_enum to use the new cred API
2015-06-04 18:16:14 -05:00
b305fa62f4
Changed vprint_error when nothing was downloaded.
2015-06-03 14:46:59 -03:00
24ec3b2fb5
Changed vprint_error to fail_with method.
2015-06-03 13:46:59 -03:00
80c3022dc1
Deprecate cold_fusion_version. Please use coldfusion_version.
...
auxiliary/scanner/http/cold_fusion_version is deprecated. Please use
auxiliary/scanner/http/coldfusion_version instead.
2015-05-28 15:39:14 -05:00
95b5ff6bea
Minor fixups on recent modules.
...
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301 , @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces
Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in
Edited modules/auxiliary/scanner/http/title.rb first landed in #5333 ,
HTML Title Grabber
Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401 , multi-platform CVE-2015-0311 - Flash uncompress()
UAF
Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290 , Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
b4a6cdbad0
Remove new line in vprint_line.
2015-05-21 12:33:09 -03:00
0135b3639f
Add WordPress Simple Backup File Read Vulnerability.
2015-05-21 12:23:24 -03:00
a4df3468de
unique: should be update:, include uri in data hash
2015-05-20 16:20:09 -05:00
c85b82e8a7
Merge branch 'master' into land-5358-notes
2015-05-20 16:02:59 -05:00
79b9ef008a
Bugfix
2015-05-17 13:55:56 +01:00
dd5060e08c
Land #5340 , @wchen-r7's change to the symantec_web_gateway_login writing style
2015-05-15 13:18:35 -05:00
cf5fa6752e
Use parenthesis
2015-05-15 13:17:54 -05:00
d05cae5faf
Land #5329 , @wchen-r7's add configurable options to jenkins_login
2015-05-15 11:38:21 -05:00
24a989b8a3
Land #5249 , Add Module for Enum on InfluxDB database
2015-05-14 11:22:54 -05:00
005c36b2a6
If data is empty, don't save (or even continue)
2015-05-14 11:22:10 -05:00
ac0e4e747a
Change writing style of symantec_web_gateway_login
2015-05-13 00:23:37 -05:00
202c5e0121
Land #5333 , HTML Title Grabber
2015-05-12 11:19:06 -05:00
faec5844cb
Some fixes
2015-05-12 11:18:21 -05:00
a5267ab77e
Land #4940 , @dnkolegov's modules for F5 BIG-IP devices
2015-05-12 09:59:21 -05:00
f0048b9a6d
Apparently you don't quote the keys with the new syntax
2015-05-12 11:00:18 +01:00
7c81adbd89
MSFTidy is now quiet and happy
2015-05-12 10:47:49 +01:00
1f6bd3e2be
Updated to new ruby hash syntax and removed <> from title
2015-05-12 10:43:32 +01:00
518e28674e
Removed CGI dependency (@hmoore-r7, @wchen-r7)
2015-05-11 21:10:18 +01:00
78e310562b
Readability style change
2015-05-11 19:48:12 +01:00
8e3d803e74
Updated style as per @void-in's comments
2015-05-11 19:46:10 +01:00
62d67469da
Updated code style as per @hmoore-r7's instructions
2015-05-11 19:34:23 +01:00
b8f7c80fd2
Rubocop
2015-05-11 18:50:03 +01:00
8308c2a925
Added check for nonsensical options
2015-05-11 18:48:55 +01:00
99133deabb
Reran tests, sorted out strip problem
2015-05-11 18:29:44 +01:00
c25a5d3859
Fixed a bunch of rubocop errors
2015-05-11 18:14:37 +01:00
34cf90af59
Removed unnecessary include
2015-05-11 17:31:31 +01:00
c001f014ce
HTML Title Grabber
2015-05-11 17:29:22 +01:00
d8cc2c19d3
Fix #5315 , User configurable options for jenkins_login
...
Fix #5315 . This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
efb226a55c
Fixed some minor errors
2015-05-10 02:59:57 -04:00
a8adcda941
Redo port checks
2015-05-08 15:29:30 -05:00
156aac1dff
Use timeout options
2015-05-08 15:23:08 -05:00
bf9ca1f88f
Change module filename
2015-05-08 15:08:59 -05:00
f56115552f
Do code cleanup
2015-05-08 14:56:39 -05:00
b73241882b
Use datastore option
2015-05-08 14:48:19 -05:00
b5f5bacb8c
Use the connect/read timeout as used by the HTTPClient mixin
2015-05-08 14:46:08 -05:00
9fdbfd7031
Use vprint_error
2015-05-08 14:21:36 -05:00
017ae463ed
Fix description style
2015-05-08 14:18:29 -05:00
a7988f9e93
Change credentials to service:service
2015-05-08 22:52:59 +05:00
e8913e5620
Addressed most of @wvu's issues with #5312
2015-05-06 14:47:08 -05:00
f423306b6f
Various post-commit fixups
...
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192 , @joevennix's module for Safari CVE-2015-1126
Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in
Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016 ,
add SSL Labs scanner
Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101 , Add Directory Traversal for GoAhead Web Server
Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158 , OWA internal IP disclosure scanner
Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159 , WordPress Mobile Edition Plugin File Read Vuln
Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131 , WordPress Slideshow Upload
Edited modules/exploits/windows/local/run_as.rb first landed in #4649 ,
improve post/windows/manage/run_as and as an exploit
(These results courtesy of a delightful git alias, here:
```
cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"
```
So that's kind of fun.
2015-05-06 11:39:15 -05:00
7fb99cdaaf
Merged fixed conflicts
2015-05-02 05:37:36 -04:00
f95774c6b4
Fixed bugs
2015-05-02 05:09:03 -04:00
93ac8b48e3
Land #5178 , @jboss_vulnscan check for console default admin
...
* And minor fixes
2015-05-01 17:38:20 -05:00
xistence
Roberto Soares
William Vu
Jake Yamaki
HD Moore
wchen-r7
Alton Johnson
JT
Waqas Ali
Alexander Salmin
Brent Cook
Greg Mikeska
kn0
g0tmi1k
Tod Beardsley
Trevor Rosen
root
rwhitcroft
jvazquez-r7
aushack
Stuart Morgan
Denis Kolegov
void-in