Commit Graph

2243 Commits (25de6844b8910707ea23391726dcec74662648e5)

Author SHA1 Message Date
HD Moore d148c95c84 The ssh login code can now create sessions
git-svn-id: file:///home/svn/framework3/trunk@8598 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-23 07:12:54 +00:00
HD Moore 80f1f48b2d Merge in loot and user, fix up telnet to handle eof better
git-svn-id: file:///home/svn/framework3/trunk@8594 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 23:45:43 +00:00
Joshua Drake b810e9665f add comment about autofilter mapping
git-svn-id: file:///home/svn/framework3/trunk@8592 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 22:30:38 +00:00
Joshua Drake b818536e46 corrected comment text
git-svn-id: file:///home/svn/framework3/trunk@8590 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 22:27:15 +00:00
Joshua Drake e3b009471b move code in autofilter into check
git-svn-id: file:///home/svn/framework3/trunk@8589 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 22:26:28 +00:00
Joshua Drake f8ca490b98 move meterpreter on_session functionality into a mixin
git-svn-id: file:///home/svn/framework3/trunk@8586 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 21:05:08 +00:00
HD Moore 479f2939fc Track the target host/workspace through the entire tree, expose to RPC, and use this telnet_login
git-svn-id: file:///home/svn/framework3/trunk@8583 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 17:54:44 +00:00
Joshua Drake 1faec528de fix InitAutoRunScript -> InitialAutoRunScript
git-svn-id: file:///home/svn/framework3/trunk@8582 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 17:52:19 +00:00
Steve Tornio 6e9a992396 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8580 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 17:26:09 +00:00
Joshua Drake 6414821ea8 add exploit modules for CVEs 2005-2877 and 2004-1037
git-svn-id: file:///home/svn/framework3/trunk@8578 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-21 20:31:09 +00:00
HD Moore c9973be2d7 make the smb_login module smarted about lockouts, disabled accounts, and samba
git-svn-id: file:///home/svn/framework3/trunk@8577 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-21 19:31:20 +00:00
HD Moore a2383611c2 Fix single user/pass usage
git-svn-id: file:///home/svn/framework3/trunk@8576 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-21 19:08:36 +00:00
Joshua Drake 865969e059 whitespace adjustments - finally closes #773
git-svn-id: file:///home/svn/framework3/trunk@8575 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-21 01:44:34 +00:00
Joshua Drake 32bf50c627 add exploit module to get code exec from jboss.system:MainDeployer access
git-svn-id: file:///home/svn/framework3/trunk@8574 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-21 01:41:24 +00:00
HD Moore 9fc58c1e1f Collect command output and report it
git-svn-id: file:///home/svn/framework3/trunk@8569 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-20 16:06:01 +00:00
HD Moore 0ba3d18032 Updated the report format to match new syntax
git-svn-id: file:///home/svn/framework3/trunk@8566 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-20 05:50:05 +00:00
HD Moore 0a8696436e Fix up the telnet login code to handle varied responses better
git-svn-id: file:///home/svn/framework3/trunk@8565 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-20 05:49:40 +00:00
Joshua Drake 8446a0c305 add auto-targeting to tomcat_mgr_deploy, fixes #887
git-svn-id: file:///home/svn/framework3/trunk@8564 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-20 01:14:39 +00:00
Steve Tornio 93acc977fe fix osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8563 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 19:42:08 +00:00
Joshua Drake 6e8eddcf5e add exploit module for cve-2008-0506
git-svn-id: file:///home/svn/framework3/trunk@8562 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 07:31:12 +00:00
Joshua Drake 007930c784 add svn keywords property
git-svn-id: file:///home/svn/framework3/trunk@8561 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 07:13:31 +00:00
HD Moore 1a53411282 Filter out the other test modules from automation
git-svn-id: file:///home/svn/framework3/trunk@8559 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 05:18:43 +00:00
HD Moore 0db3ada840 Filter this from automation
git-svn-id: file:///home/svn/framework3/trunk@8558 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 05:15:03 +00:00
natron 5b3c87c9c5 Add option to save java code to file.
git-svn-id: file:///home/svn/framework3/trunk@8557 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 05:11:56 +00:00
Tod Beardsley ab3b173040 So, funny story with net-ssh. Turns out, there's insufficient housekeeping on closing out connections in the event of authentication failures, which means you can start sucking up connections pretty good when you fail authentication a whole bunch of times. Fixed in the library, so now, if you pass a block to Net::SSH.start, and the authentication fails, the connection will still close out correctly, just as it would when the authentication succeeds.
Protip: If you don't pass a block, it's *still on the caller* to deal with the connection somehow. You'll want to basically always assign the connection to someplace you control, like so: sock = Net::SSH.start(whatever); sock.close). Otherwise, if you just Net::SSH.start without a block /or/ without assignment, you'll be stuck with all these useless connections hanging around.



git-svn-id: file:///home/svn/framework3/trunk@8556 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 03:02:25 +00:00
Tod Beardsley 78aa6f5ba4 Added DB2 remote administration scan to udp_sweep
git-svn-id: file:///home/svn/framework3/trunk@8554 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 21:21:17 +00:00
Tod Beardsley f58558f605 Updated all the brute force login modules to record successful logins and avoid duplicating credentials.
git-svn-id: file:///home/svn/framework3/trunk@8553 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 19:04:51 +00:00
Joshua Drake 2e77c76824 add exploit module to get code exec on a tomcat manager instance, closes #772
git-svn-id: file:///home/svn/framework3/trunk@8552 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 18:18:43 +00:00
Tod Beardsley 38a3b8203e Properly checking for credential duplication.
git-svn-id: file:///home/svn/framework3/trunk@8551 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 18:11:18 +00:00
Joshua Drake 534d56cdd8 adjust text wrap
git-svn-id: file:///home/svn/framework3/trunk@8550 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 18:04:11 +00:00
Tod Beardsley c24a708db6 See #859. Adds keyboard-interactive as an acceptable method of authentication.
git-svn-id: file:///home/svn/framework3/trunk@8548 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 16:11:58 +00:00
Patrick Webster 350c189a34 Added exploit module qbik_wingate_wwwproxy.
git-svn-id: file:///home/svn/framework3/trunk@8547 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 15:58:26 +00:00
Tod Beardsley 27c3266c0a Serializes telnet brute forcing so it's a little bit faster (as it happens) and
about a zillion times more reliable.



git-svn-id: file:///home/svn/framework3/trunk@8543 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 00:22:02 +00:00
Tod Beardsley 4197f00701 Moves @credentials_tried and @credentials_good into auth_brute proper, though modules still
need to handle them themselves... which telnet and ssh both do now.



git-svn-id: file:///home/svn/framework3/trunk@8542 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 21:55:02 +00:00
Joshua Drake 797ab55f52 add exploit module for cve-2009-2011
git-svn-id: file:///home/svn/framework3/trunk@8541 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 20:14:40 +00:00
Tod Beardsley 443e82bc75 Reworked ssh_login to a) handle all SSH errors, b) cease trying users if we already guessed a password and c) cease trying the same user:pass combo more than once.
git-svn-id: file:///home/svn/framework3/trunk@8540 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 20:12:02 +00:00
Steve Tornio a71a24b6d3 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8538 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 18:56:05 +00:00
Steve Tornio ed395fcda4 add osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@8537 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 18:48:34 +00:00
Steve Tornio b17fc35986 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8536 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 18:35:01 +00:00
Steve Tornio 3314e6a10b add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8535 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 17:25:47 +00:00
Steve Tornio fa877eb567 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8534 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 17:11:45 +00:00
Steve Tornio e5609bbf82 add cve and osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@8533 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 17:07:54 +00:00
HD Moore 1686931efe More SSH versions
git-svn-id: file:///home/svn/framework3/trunk@8532 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 14:42:11 +00:00
Joshua Drake b4ead057f6 add exploit module for cve-2000-0917
git-svn-id: file:///home/svn/framework3/trunk@8530 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 00:56:28 +00:00
Tod Beardsley 5fce04ce22 See #843, but this really just masks the problem. Investigate more thoroughly.
git-svn-id: file:///home/svn/framework3/trunk@8529 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 23:35:22 +00:00
Tod Beardsley 25ec6e8021 Removing the require rescues for SSH, now that it's shipping in lib directly.
git-svn-id: file:///home/svn/framework3/trunk@8528 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 23:21:51 +00:00
Tod Beardsley 206b70ace7 Indentation fixes (wrapping everything in a begin;rescue;end, didn't want
to obfuscate that with the last change).



git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 18:09:51 +00:00
Tod Beardsley b45cfb8793 Fixes #808. Removes the pre-connect test from login and version.
git-svn-id: file:///home/svn/framework3/trunk@8521 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 18:05:51 +00:00
Steve Tornio ceb65d7dc0 Add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8519 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 16:38:58 +00:00
Joshua Drake 4800d6841c commit cmd stager stuff from bannedit
git-svn-id: file:///home/svn/framework3/trunk@8518 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 16:38:19 +00:00