Commit Graph

5917 Commits (27353d62cabab26550589e7d56b7ceadf9a2ff87)

Author SHA1 Message Date
Pedro Ribeiro 39a25fc549 Update manageengine_file_download.rb 2015-02-01 10:49:48 +00:00
Pedro Ribeiro e9b5aa94c3 Add OSVDB id and full disclosure URL 2015-02-01 10:49:11 +00:00
Christian Catalan 8740fd9015 Convert #find_all_by_X to #where 2015-01-31 21:07:50 -06:00
Christian Mehlmauer 2c956c0a0f
add wordpress platform theme rce 2015-01-31 22:02:44 +01:00
jvazquez-r7 11502bad39 Clean code 2015-01-30 15:26:25 -06:00
jvazquez-r7 1916c92e3a Clean metadata 2015-01-30 15:21:17 -06:00
jvazquez-r7 c9ac56442d No modify datastore option 2015-01-30 15:05:46 -06:00
jvazquez-r7 bb640b90ef Refactor login_it360 2015-01-30 15:02:23 -06:00
jvazquez-r7 d4359c4f1c Rework login_it360 code 2015-01-30 15:00:34 -06:00
William Vu efd7a8c962
Land #4670, dns_amp RA flag fix 2015-01-30 14:46:15 -06:00
jvazquez-r7 c5db13fba9 Do minor style fixes 2015-01-30 14:13:11 -06:00
jvazquez-r7 89f760c94e Clean metadata 2015-01-30 14:08:55 -06:00
Christian Mehlmauer 7504358db3
code style and typos 2015-01-30 15:57:32 +01:00
Christian Mehlmauer 9ce2dd9815
msftidy 2015-01-30 15:41:11 +01:00
Christian Mehlmauer a0eaf2f626
add wordpress ghost scanner module 2015-01-30 15:29:51 +01:00
Guillaume Delacour 42ef5716e8 Don't test ra flag to get upward referrals/additional RRs 2015-01-30 02:20:24 +01:00
Guillaume Delacour 2c05b1ee50 Use QUERYTYPE instead of hardcode ANY type 2015-01-29 22:54:06 +01:00
Pedro Ribeiro a806cb401a Create manageengine_dir_listing.rb 2015-01-28 19:44:48 +00:00
Pedro Ribeiro 62ac536b7d Create manageengine_file_download.rb 2015-01-28 19:42:17 +00:00
William Vu 46210a4963
Fix punctuation 2015-01-26 12:05:54 -06:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
jvazquez-r7 c6901caf39 Change module location 2015-01-24 10:14:46 -06:00
jvazquez-r7 23c9d4f0fb Do final cleanup 2015-01-23 17:54:58 -06:00
jvazquez-r7 05e803f85b Rewrite get_wifi_info 2015-01-23 17:50:52 -06:00
jvazquez-r7 fe61b274bd Rewrite get_router_ssid 2015-01-23 17:38:55 -06:00
jvazquez-r7 abe9c85ad6 Rewrite get_router_dhcp_info 2015-01-23 17:37:20 -06:00
jvazquez-r7 70b6f94f14 Rewrite get_router_wan_info 2015-01-23 17:32:20 -06:00
jvazquez-r7 aeed72f726 Rewrite get_router_info 2015-01-23 17:29:12 -06:00
jvazquez-r7 26b17d5556 Clean get_router_mac_filter_info 2015-01-23 17:18:07 -06:00
jvazquez-r7 a63625ab51 Refactor response parsing 2015-01-23 17:09:01 -06:00
jvazquez-r7 c9a13bda2f Do a first easy clean up 2015-01-23 16:37:55 -06:00
jvazquez-r7 dcf0d7f596 Make msftidy happy 2015-01-23 16:23:21 -06:00
jvazquez-r7 f83b87f611 Rebase #3019 2015-01-23 16:14:01 -06:00
sinn3r f3a2d6663f Fix #4616 and Fix #3798 - Correctly use OptRegexp
This patch fixes a problem with OptRegexp. The OptRegexp class is
always forcing the value to be converted to a string first, which
causes the EXCLUDE option in browser_autopwn to kick in and match
every found autopwn module, so it ignores all of them and you load
nothing (#4616).

It is important to understand that nil actually represents an option
not being set, which is a completely different behavior than having
an empty value (technically "" is still a value, and if there's a
value, it means the option is set). We need to watcher for these
scenarios.

I am restoring the #default method to avoid forcing a to_s, which should
fix the browser autopwn loading problem. And then I changed scraper.rb's
default value for datastore option PATTERN to a string, because still
fixes #3798. The way I see it, #3798 is actually a module-specific issue.

Fix #4616
Fix #3798
2015-01-23 02:38:26 -06:00
William Vu 980a010e15
Land #4627, explicit rubygems require fix
And a couple extraneous comma fixes.
2015-01-22 13:49:31 -06:00
Tod Beardsley bd06b48b30
Extra commas. 2015-01-22 13:45:08 -06:00
Tod Beardsley 2e606cd097
Don't require rubygems 2015-01-22 13:44:58 -06:00
Jon Hart e46395f592
Land #4596, @pdeardorff-r7's memcached extractor 2015-01-22 08:00:19 -08:00
Jon Hart 1cdcd3ccfa
Use a more consistent format in Rex table and loot for memcache 2015-01-22 07:59:48 -08:00
Jon Hart a5e14d5869
Use checkcode status text when not obviously vulnerable, more consistent text 2015-01-20 13:55:48 -08:00
Jon Hart 14fc8d4cd0
Only allow 401/403/404 2015-01-20 13:36:06 -08:00
pdeardorff-r7 0d4d06fb83 Print table for all scans, add preview size option 2015-01-20 11:12:47 -08:00
Jon Hart f1bf607386
Minor Ruby style cleanup 2015-01-20 08:47:47 -08:00
Jon Hart ef89a3d323
Add protocol reference 2015-01-20 08:34:08 -08:00
Jon Hart 9c97824d5c
Move MAXKEYS to advanced 2015-01-20 08:28:49 -08:00
Jon Hart 9d430eb1d5
Use the simpler 'version' command to get the version 2015-01-20 08:16:22 -08:00
Jon Hart 6588f92206
Move rex connection errors to vprint since this is a Scanner 2015-01-20 08:11:09 -08:00
Jon Hart 10100df054
report_service 2015-01-20 08:09:35 -08:00
Jon Hart b0bbce1190
Include peer in most prints 2015-01-20 08:00:02 -08:00
Christian Mehlmauer 354e952841
fix msftidy warnings 2015-01-18 23:55:57 +01:00
Christian Mehlmauer 5b964bba6a
Land #4518, Wordpress long password DoS 2015-01-18 23:55:06 +01:00
Christian Mehlmauer 6014ff8a31
fix msftidy warnings 2015-01-18 23:54:16 +01:00
William Vu 84ecde30d1
Land #4586, mcafee_epo_xxe aux module 2015-01-18 00:50:10 -06:00
William Vu 57ca285f8a
Fix msftidy warnings 2015-01-18 00:49:52 -06:00
pdeardorff-r7 db3185231a add maxkeys option, dont store loot if localhost and improve streaming 2015-01-17 09:25:32 -08:00
pdeardorff-r7 f1bcbb7d78 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-16 09:57:17 -08:00
Brent Cook 6a68888712
Land #4590, jvennix-r7's fix for same-scheme URLs
made a trivial string formatting tweak
2015-01-16 09:10:56 -06:00
Brent Cook 7ef721bdd6 Might as well format the url all at once. 2015-01-16 09:01:25 -06:00
James Lee 488847cecc
Split smb_cmd_session_setup into with/without esn
Extended Security Negotiation
2015-01-16 07:05:10 -06:00
James Lee 6b6a7e81c9
Style fixes 2015-01-16 06:39:21 -06:00
James Lee 273ba54a21
Fix server/capture/smb to use create_credential 2015-01-15 22:39:11 -06:00
Brandon Perry 1929f36050 Update mcafee_epo_xxe.rb 2015-01-15 16:50:14 -06:00
Joe Vennix 8c3d4c8d07
Spelling tweak. 2015-01-15 15:19:46 -06:00
Jon Hart d68b62cf21
Make canary value (URI) configurable 2015-01-15 13:12:32 -08:00
Joe Vennix 35c9a13199 Handle the usage of // (same-scheme) URLs. 2015-01-15 15:09:50 -06:00
Jon Hart 2dca18265e
Track and vprint canary value and code 2015-01-15 12:34:53 -08:00
Jon Hart 3489ea540e
Make status code checking configurable 2015-01-15 12:22:16 -08:00
Jon Hart 4641b02646
Base canary path from TARGET_URI 2015-01-15 12:05:10 -08:00
pdeardorff-r7 507050b316 rescue from down memcached server or timeout 2015-01-15 09:51:42 -08:00
pdeardorff-r7 0e893cd772 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-15 09:40:21 -08:00
pdeardorff-r7 4d2ad8865f remove debug line 2015-01-15 09:37:51 -08:00
pdeardorff-r7 154eb7956c fix storing of loot and support localhost session 2015-01-15 09:36:15 -08:00
Brandon Perry 4e4ca15422 Update mcafee_epo_xxe.rb 2015-01-15 11:02:11 -06:00
Brandon Perry e53522b64b Update mcafee_epo_xxe.rb 2015-01-15 10:28:52 -06:00
Brandon Perry 86d5358299 Update mcafee_epo_xxe.rb 2015-01-15 09:56:02 -06:00
Brandon Perry 53e1304afb Update mcafee_epo_xxe.rb 2015-01-14 18:19:27 -06:00
jvazquez-r7 621cada2ac Undo build_gc_call_data refactoring 2015-01-14 16:47:28 -06:00
Jon Hart 1f6defda73
Use more correct check codes 2015-01-14 13:10:35 -08:00
Brandon Perry 1ed07bac32 Update mcafee_epo_xxe.rb 2015-01-14 11:01:14 -06:00
Brandon Perry 794bb65817 Create mcafee_epo_xxe.rb 2015-01-14 10:54:58 -06:00
Jon Hart b7eb4d24aa
Squash another rogue 5009 2015-01-13 10:36:43 -08:00
Jon Hart 69f03f5c5d
Move ACPP default port into Rex 2015-01-12 19:43:57 -08:00
Jon Hart 01a9fb1483
Spelling 2015-01-12 19:29:41 -08:00
Jon Hart a076a9ab89
report_vuln 2015-01-12 19:23:08 -08:00
Jon Hart d5cdfe73ed
Big style cleanup 2015-01-12 19:11:14 -08:00
Jon Hart 9721993b8f
Allow blank password, remote more unused opts, print private 2015-01-12 18:43:54 -08:00
pdeardorff-r7 99cf668441 add memcached extractor module 2015-01-12 16:40:06 -08:00
Jon Hart 44059a6e34
Disable more unused options 2015-01-12 14:15:40 -08:00
Jon Hart ec506af8ea
Make ACPP login work 2015-01-12 14:01:23 -08:00
Jon Hart e9557ffe58 Simplify module in prep for some authbrute cleanups 2015-01-12 13:08:12 -08:00
Jon Hart 97f5cbdf08 Add initial Airport ACPP login scanner 2015-01-12 13:08:12 -08:00
Jon Hart 9e76e0b0d8
Simplify. Document. Handle edge cases
Simplify detection logic.

Document testing method better

Ensure that body doesn't include canary cookie name too

Use full_uri in prints when possible
2015-01-12 11:40:17 -08:00
Jon Hart d4843f46ed
Make auth checking optional and off by default 2015-01-11 12:15:57 -08:00
Jon Hart 9491e4c977
Use send_request_raw; set realistic (and often necessary) Referer 2015-01-11 12:10:40 -08:00
jvazquez-r7 05d364180b Beautify descriptions 2015-01-10 01:10:08 -06:00
jvazquez-r7 a2d479a894 Refactor run method 2015-01-10 01:06:56 -06:00
jvazquez-r7 cf9d7d583e Do first code cleanup 2015-01-10 00:51:31 -06:00
jvazquez-r7 000d7dd1eb Minor beautification 2015-01-10 00:32:10 -06:00
jvazquez-r7 1d0e9a2dca Use snake_case filename 2015-01-10 00:29:28 -06:00
jvazquez-r7 070e833d46 Use snake_case filename 2015-01-10 00:28:01 -06:00
jvazquez-r7 59d602f37d Refactor cisco_cucdm_callforward 2015-01-10 00:27:31 -06:00
jvazquez-r7 511a7f8cca send_request_cgi already URI encodes 2015-01-10 00:06:26 -06:00
jvazquez-r7 5d8167dca6 Beautify description 2015-01-10 00:02:42 -06:00
jvazquez-r7 9fb4cfb442 Do First callforward cleanup 2015-01-10 00:00:27 -06:00
jvazquez-r7 f7af0d9cf0
Test landing #4065 into up to date branch 2015-01-09 23:40:16 -06:00
jvazquez-r7 bedbffa377
Land #3700, @ringt fix for oracle_login
* Avoid retrying logins when connection cannot be stablished
2015-01-09 22:59:32 -06:00
jvazquez-r7 38c36b49fb Report when nothing is rescued 2015-01-09 22:58:19 -06:00
Jon Hart b1ca1cc110
Add back TARGETURI because Exploit::Remote::HttpClient doesn't define one (...) 2015-01-09 13:20:18 -08:00
Jon Hart 831ba8b470
Improve (mis)Fortune Cookie (CVE-2014-9222) scanner 2015-01-09 12:58:35 -08:00
jvazquez-r7 ca765e2cc5 Refactor client mixin 2015-01-08 15:46:24 -06:00
jvazquez-r7 3debcef00b Fix call from aux module 2015-01-08 14:24:27 -06:00
jvazquez-r7 c205ef28d4 Refactor build_gc_call 2015-01-08 14:01:04 -06:00
jvazquez-r7 73e3cd19c3 Convert java_rmi_server aux mod to use new mixin 2015-01-08 00:29:50 -06:00
jvazquez-r7 d59805568e Do first module refactoring try 2015-01-07 19:06:09 -06:00
James Lee da2e088118
Land #4536, Ruby 2.2 compat fixes
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
2015-01-07 15:33:23 -06:00
David Maloney df70678762
tell suer KoreLogic rules have been applied
make sure to rpovide console feedback that we are
actually applying the KoreLogic rules to wordlist mode
2015-01-07 12:36:07 -06:00
David Maloney 4ad7021336
give user option to turn on KoreLogic rules
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
rastating a5f48b23df Add use of Msf::ThreadManager 2015-01-07 17:27:06 +00:00
rastating e90e98547b Add configurable timeout to WordPress login 2015-01-07 17:06:31 +00:00
dmooray 8c23e8c2e8 ruby 2.2 compatibility
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
sinn3r 44dfa746eb Resolve #4513 - Change #inspect to #to_s
Resolve #4513
2015-01-05 11:50:51 -06:00
sinn3r 4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module 2015-01-05 10:31:28 -06:00
jvazquez-r7 e7affb9048
Land #4493, @pedrib's module for ManageEngine Central Desktop create admin 2015-01-04 23:46:31 -06:00
jvazquez-r7 c5e72fb324 Change module filename 2015-01-04 23:14:12 -06:00
jvazquez-r7 4798f2328d Change module filename 2015-01-04 23:13:17 -06:00
jvazquez-r7 6bb3171328 Do minor cleanup 2015-01-04 23:12:42 -06:00
jvazquez-r7 711b97ecc5 Beautify metadata 2015-01-04 23:08:46 -06:00
rastating 92015ac124 Replace custom login with wordpress_login mixin 2015-01-04 23:07:07 +00:00
rastating 39412c4a48 Add WordPress long password DoS module 2015-01-04 18:50:23 +00:00
Pedro Ribeiro 32d4bf03c3 Add OSVDB id and full disclosure URL 2015-01-04 12:36:51 +00:00
Tod Beardsley 264d3f9faa
Minor grammar fixes on modules 2014-12-31 11:45:14 -06:00
Christian Mehlmauer 4f11dc009a
fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
Pedro Ribeiro e81e68bdaf Create me_dc9_admin.rb 2014-12-31 02:02:52 +00:00
sinn3r 555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support) 2014-12-29 16:09:28 -06:00
sinn3r f2130311fa Add the MSF blog reference 2014-12-29 16:08:35 -06:00
Tod Beardsley 1dd9d60e34
Land #4461, Android cookie database theft
`
Thanks @jvennix-r7!
2014-12-29 08:15:21 -06:00
Tod Beardsley d10222365b
Add Rafay's blog as a reference 2014-12-29 08:12:19 -06:00
Tod Beardsley 1236684954
Use get_uri instead, note lack of Rex::Text method
See rapid7#4461
2014-12-28 15:06:34 -06:00
Tod Beardsley 788e315fd4
Fix msftidy warnings 2014-12-28 14:53:29 -06:00
jvazquez-r7 85ab11cf52 Use print_warning consistently 2014-12-26 09:54:38 -06:00
jvazquez-r7 f31a2e070e Use print_warning to print the Kerberos error 2014-12-26 09:22:09 -06:00
jvazquez-r7 d148848d31 Support Kerberos error codes 2014-12-24 18:05:48 -06:00
jvazquez-r7 89d0a0de8d Delete unnecessary connect 2014-12-23 19:35:59 -06:00
jvazquez-r7 265e0a7744 Upper case domain 2014-12-23 19:16:50 -06:00
jvazquez-r7 ed2d0cd07b Use USER_SID instead of DOMAIN_SID and USER_RID 2014-12-23 19:11:05 -06:00
Joe Vennix 8d73794cc8
Add hint for exploit on old devices. 2014-12-23 12:29:08 -06:00
jvazquez-r7 708cbd7b65 Allow to provide USER SID 2014-12-22 18:24:50 -06:00
jvazquez-r7 56eadc0d55 Delete default values from options 2014-12-22 18:11:43 -06:00
jvazquez-r7 787dab998d Fix description 2014-12-22 17:51:44 -06:00
jvazquez-r7 a7faf798bf Use explicit encryption algorithms 2014-12-22 15:51:17 -06:00
jvazquez-r7 f37cf555bb Use random subkey 2014-12-22 15:39:08 -06:00
jvazquez-r7 b0a178e0a3 Delete blank line 2014-12-22 14:40:32 -06:00
jvazquez-r7 5a6c915123 Clean options 2014-12-22 14:37:37 -06:00
jvazquez-r7 20ab14d7a3 Clean module code 2014-12-22 14:29:02 -06:00
jvazquez-r7 dabc890b2f Change module filename again 2014-12-22 12:35:15 -06:00
jvazquez-r7 2b46bdd929 Add references and authors 2014-12-22 12:34:31 -06:00
jvazquez-r7 4319dbaaef Change module filename 2014-12-22 12:29:28 -06:00
jvazquez-r7 60d4525632 Add specs for Msf::Kerberos::Client::Pac 2014-12-21 17:49:36 -06:00
jvazquez-r7 9f1403a63e Add initial specs for Msf::Kerberos::Client::TgsResponse 2014-12-20 20:29:00 -06:00
jvazquez-r7 b0ac68fbc3 Create build_subkey method 2014-12-19 19:46:57 -06:00
jvazquez-r7 4a106089b9 Move options to build_tgs_request_body 2014-12-19 19:12:17 -06:00
jvazquez-r7 e6781fcbea Build AuthorizationData from the module 2014-12-19 18:59:39 -06:00
jvazquez-r7 9bd454d288 Build PAC extensions from the module 2014-12-19 18:47:41 -06:00
jvazquez-r7 def1695e80 Use options by call 2014-12-19 18:23:11 -06:00
jvazquez-r7 f332860c19 Clean creation of client and server principal names 2014-12-19 18:16:22 -06:00
jvazquez-r7 bd85723a9d Build pre auth array out of the mixin 2014-12-19 18:10:14 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
jvazquez-r7 d058bd5259 Refact extraction of kerberos cache credentials 2014-12-19 15:53:24 -06:00
HD Moore fffa8cfdd1
Lands #4426 by cleaning up the module description 2014-12-19 14:54:17 -06:00
jvazquez-r7 fad08d7fca Add specs for Rex Kerberos client 2014-12-19 12:14:33 -06:00
Joe Vennix e45af903d9
Add patch discovery date. 2014-12-19 12:04:41 -06:00
Joe Vennix 25313b1712
Use the hash to pass the script. 2014-12-19 02:30:37 -06:00
Jon Hart 8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222 2014-12-18 17:21:26 -08:00
jvazquez-r7 f325d2f60e Add support for cache credentials in the mixin 2014-12-18 16:31:46 -06:00
Tod Beardsley c15bad44a6
Be clearer on backslash usage.
See #4282
2014-12-18 16:16:02 -06:00
jvazquez-r7 9a58617387 Add dummy test module 2014-12-17 19:57:10 -06:00
sinn3r 6b0a98b69c
Resolve #4408 - bad uncaught nil get_once 2014-12-17 14:02:42 -06:00
Joe Vennix 84ea628284
Add Android cookie theft attack. 2014-12-16 19:12:01 -06:00
William Vu f6af86a06d
Land #4402, ms12_020_check NilClass fix 2014-12-16 15:34:25 -06:00
William Vu 2604746fb7
Land #4361, Kippo detector 2014-12-15 14:54:48 -06:00
William Vu 8394cc13a8
Perform final cleanup of detect_kippo 2014-12-15 14:38:38 -06:00
sinn3r c611249723 Take full advantage of the check command 2014-12-15 12:50:59 -06:00
sinn3r 9edb2b4fab Fix #4378 - Do exception handling
Fix #4378
2014-12-15 12:37:36 -06:00
Brandon Perry eb47ca593e update desc to include domain admin information 2014-12-13 13:01:41 -06:00
Brandon Perry 2e94280cba mv bmc to scanner/http 2014-12-13 12:58:16 -06:00
Brandon Perry 8c6b95c39c Merge branch 'landing-4359' of https://github.com/jhart-r7/metasploit-framework into bmc_trackit 2014-12-13 11:37:57 -06:00
Brandon Perry cd1e61a201 Merge branch 'master' into bmc_trackit 2014-12-13 11:36:30 -06:00
Andrew Morris 8dd5da9d64 added blog post reference 2014-12-12 18:53:26 -08:00
HD Moore f676b72767
Add Kademlia scanner, lands #4210 2014-12-12 16:40:58 -06:00
HD Moore 338cce02c9 Downcase the service name for consistency 2014-12-12 16:40:42 -06:00
Andrew Morris f5374d1552 Added report_service method for database support, added port number in the print_status output, removed arbitrary comments, fixed some spacing. Ready for another review from msf devs 2014-12-12 11:57:35 -08:00
jvazquez-r7 c683e7bc67
Fix banner 2014-12-12 13:01:51 -06:00
jvazquez-r7 b1f7682713 Make msftidy happy 2014-12-12 12:59:00 -06:00
jvazquez-r7 493034ad10 Land #3305, @claudijd Cisco SSL VPN Privilege Escalation exploit 2014-12-12 12:57:00 -06:00
jvazquez-r7 047bc3d752 Make msftidi happy 2014-12-12 12:49:12 -06:00
jvazquez-r7 a1876ce6fc
Land #4282, @pedrib's module for CVE-2014-5445, NetFlow Analyzer arbitrary download 2014-12-12 12:47:50 -06:00
jvazquez-r7 a0b181b698
Land #4335, @us3r777 JBoss DeploymentFileRepository aux module 2014-12-12 10:40:03 -06:00
jvazquez-r7 3059cafbcb Do minor cleanup 2014-12-12 10:37:50 -06:00
Jon Hart 751bc7a366 Revert "Move to a more appropriate location"
This reverts commit 6c82529266.
2014-12-12 07:42:22 -08:00
Jon Hart 6c82529266
Move to a more appropriate location 2014-12-12 07:40:37 -08:00
Christian Mehlmauer 0f27c63720
fix msftidy warnings 2014-12-12 13:16:21 +01:00
Jon Hart 65b316cd8c
Land #4372 2014-12-11 18:48:16 -08:00
Jon Hart 3c2a33a316
Allow new password to be specified as an option 2014-12-11 17:26:42 -08:00
Jon Hart a013dbf536
Correct and add more prints 2014-12-11 17:16:43 -08:00
Jon Hart 48dcfd9809
Use random security Q/A 2014-12-11 17:10:33 -08:00
Jon Hart f208f31a33
Use correct username/domain in report_vuln
It would be nice if 'vulns' showed this
2014-12-11 16:59:21 -08:00
Jon Hart 70fce0bb33
Report the changed password 2014-12-11 16:56:22 -08:00
Jon Hart f64a3be742
Avoid death by a thousand functions 2014-12-11 16:53:36 -08:00
Jon Hart 0627f708a2
Better handling of failed requests 2014-12-11 16:51:41 -08:00
Jon Hart f2bda05d42 Correct last of the print_ 2014-12-11 16:28:08 -08:00
Jon Hart 9486f67fbc report_vuln upon exploitation with more specific details 2014-12-11 16:28:08 -08:00
Jon Hart 37d0959fd6 Include info in report_vuln. More style 2014-12-11 16:28:08 -08:00
Jon Hart cfb02fe909 Add check support 2014-12-11 16:28:07 -08:00
Jon Hart 44818ba623 Minor style and usage updates as a result of Scanner 2014-12-11 16:28:07 -08:00
Jon Hart 0a29326ce7 Mixin Scanner. Yay speed! 2014-12-11 16:28:07 -08:00
Jon Hart c9acd7a233 Remove unnecessary RPORT, which comes from HttpClient 2014-12-11 16:28:07 -08:00
Jon Hart f8c25d83e5 Use get_cookies instead 2014-12-11 16:26:51 -08:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Christian Mehlmauer de88908493
code style 2014-12-11 23:30:20 +01:00
dmaloney-r7 47c38ed04e Merge pull request #4364 from todb-r7/bug/bruteforce-speed-3904
Modules should respect bruteforce_speed again
2014-12-11 13:19:42 -06:00
Tod Beardsley 51762e1194
Explicitly include the HTTP Login scanner
This should be the last commit that fixes #3904.
2014-12-11 11:08:08 -06:00
Tod Beardsley b533f74024
Add a bruteforce_speed option to all LoginScanners 2014-12-11 11:06:32 -06:00
Brandon Perry 54e8254a82 Update bmc_trackit_passwd_reset.rb 2014-12-11 10:59:43 -06:00
Andrew Morris 7afa87f168 screwed up formatting. updated indention at the end. ok seriously, going to bed now 2014-12-11 01:05:56 -08:00
Andrew Morris 291166e1ff forgot to run through msftidy.rb. made a few minor corrections 2014-12-11 00:47:39 -08:00
Andrew Morris a1624c15ae Addressed some recommendations made by wvu-r7. Need to remove some comments, add reporting, etc. 2014-12-11 00:40:20 -08:00
Andrew Morris 22c9db5818 added detect_kippo.rb 2014-12-10 19:37:35 -08:00
Brandon Perry 67cf3e74c0 Update bmc_trackit_passwd_reset.rb 2014-12-10 20:45:54 -06:00
Brandon Perry 90cc9a9bed Update bmc_trackit_passwd_reset.rb 2014-12-10 19:05:46 -06:00
Brandon Perry f37dc13a19 Create bmc_trackit_passwd_reset.rb 2014-12-10 18:54:37 -06:00
Spencer McIntyre 86ae104580
Land #4325, consistent mssql module names 2014-12-09 21:52:05 -05:00
sinn3r 87c83cbb1d Another round of name corrections 2014-12-09 20:16:24 -06:00
Jonathan Claudius e89a399f95 Merge remote-tracking branch 'upstream/master' into add_cisco_ssl_vpn_priv_esc 2014-12-09 20:55:01 -05:00
Tod Beardsley 09617f990b Implement BRUTEFORCE_SPEED respect (telnet)
This implements just for telnet, but assuming this strategy is kosher,
it's not too painful to add for the rest of the LoginScanner using the
old defaults used by `AuthBrute`.

See #3904, @dmaloney-r7 or @jlee-r7
2014-12-09 15:40:43 -06:00
sinn3r bb8dfdb15f Ensure consistency for mssql modules 2014-12-09 10:28:45 -06:00
Christian Mehlmauer 916503390d
use get_data 2014-12-08 22:49:02 +01:00
Christian Mehlmauer fb9724e89d
fix heartbleed cert parsing, fix #4309 2014-12-08 21:58:38 +01:00
us3r777 4abfb84cfc Upload WAR through Jboss DeploymentFileRepository 2014-12-08 19:02:51 +01:00
Pedro Ribeiro 98e416f6ec Correct OSVDB id 2014-12-07 17:54:31 +00:00
Pedro Ribeiro e474ecc9cf Add OSVDB id 2014-12-07 17:41:35 +00:00
jvazquez-r7 54705eee48 Fix option parsing 2014-12-06 21:50:54 -06:00
William Vu 2f98a46241
Land #4314, @todb-r7's module cleanup 2014-12-05 14:05:09 -06:00
sinn3r 4b06334455 Minor title change for mssql_enum_domain_accounts_sqli
We don't really do "-" for naming

Kind of stands up on a list
2014-12-05 11:42:08 -06:00
Jon Hart 85e0d72711
Land #4229, @tatehansen's module for CVE-2014-7992 2014-12-04 17:20:49 -08:00
Jon Hart f0cfcd4faf
Update dlsw_leak_capture name and print_
This makes it more obvious exactly what is being scanned for
2014-12-04 17:20:01 -08:00
Pedro Ribeiro e5bdf225a9 Update netflow_file_download.rb 2014-12-04 21:32:19 +00:00
Jon Hart 52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT 2014-12-04 13:26:16 -08:00
Jon Hart 6bd56ac225
Update any modules that deregistered NETMASK 2014-12-04 13:22:06 -08:00
Tod Beardsley 79f2708a6e
Slight fixes to grammar/desc/whitespace
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00