Commit Graph

14745 Commits (28af6a490b22fa4eec1b1b48bd35497e84def0e3)

Author SHA1 Message Date
jvazquez-r7 eb55c7108b Fix indentantion again 2014-09-19 16:41:07 -05:00
jvazquez-r7 cbfb7e600d Use Rex::MIME::Message 2014-09-19 16:29:09 -05:00
jvazquez-r7 cffb28b5d3 Fix indentantion 2014-09-19 16:18:46 -05:00
jvazquez-r7 c00094ba6e
Land #3345, @mvdevnull's auxiliary module for OSVDB 106815, Alienvault sqli 2014-09-19 15:01:21 -05:00
jvazquez-r7 62414e2214 Add Timeout to exploit sqli 2014-09-19 15:00:54 -05:00
jvazquez-r7 db6372ec8b Do minor module cleanup 2014-09-19 14:43:35 -05:00
jvazquez-r7 4a9294e3bf Mark module as not executable 2014-09-19 14:36:44 -05:00
jvazquez-r7 405ac34a16 Fix author name 2014-09-19 13:56:13 -05:00
jvazquez-r7 79d5fb56d4
Land #3829, @jhart-r7's UDP emtpy probe scanner 2014-09-19 13:54:35 -05:00
Jon Hart 737f77d31a
Cleaner output when PORTS is invalid 2014-09-19 11:12:14 -07:00
Jon Hart 3493987300
report_service when we find something this way 2014-09-19 10:45:06 -07:00
Josh Abraham 43171141da update for ntp modules 2014-09-19 11:14:11 -04:00
mfadzilr 677d035ce8 added proper regex for check function
add comment for changed code
2014-09-19 11:30:51 +08:00
Jon Hart a54b23642e
Relocate empty UDP scanner 2014-09-18 12:31:52 -07:00
Brendan Coles 6cad5d9aeb Add ManageEngine DeviceExpert User Credentials 2014-09-18 19:18:59 +00:00
Tod Beardsley 5dad73a28f
Explicitly require credential_collection
Otherwise, you run into a require ordering problem on some platforms.
This is not a great way to fix this -- but it's a fast way, and possibly
even a good way, since you're being explicit about what your module
requirements are.
2014-09-17 15:47:30 -05:00
jvazquez-r7 64ac1e6b26 Rand padding 2014-09-17 08:09:09 -05:00
sinn3r 50fa5745bb Rm print_debug line
I forgot to remove this line while testing the module
2014-09-16 16:46:40 -05:00
jvazquez-r7 e593a4c898 Add comment about gadgets origin 2014-09-16 16:38:03 -05:00
sinn3r 07c14f5ee8
Land #3388 - Post mod to check Win32_QuickFixEngineering 2014-09-16 16:18:04 -05:00
sinn3r 36a3abe036 Add a reference 2014-09-16 16:17:22 -05:00
jvazquez-r7 80f02c2a05 Make module ready to go 2014-09-16 15:18:11 -05:00
sinn3r 169d04020d
Land #3571 - Add Wordpress XML-RPC Login Scanner (with LoginScanner) 2014-09-16 14:51:24 -05:00
sinn3r 4ed1fa55f5 Don't need this header 2014-09-16 14:50:32 -05:00
William Vu 35b8c2be4b
Land #3800, release fixes 2014-09-16 14:05:23 -05:00
Joe Vennix 59dfa624c4
Add a REMOTE_JS datastore option for BeEf hooks etc. 2014-09-16 13:31:03 -05:00
sinn3r 3e09283ce5
Land #3777 - Fix struts_code_exec_classloader on windows 2014-09-16 13:09:58 -05:00
sinn3r 158d4972d9 More references and pass msftidy 2014-09-16 12:54:27 -05:00
Tod Beardsley bd17c96a6e
Dropped a hyphen in the title 2014-09-16 12:47:44 -05:00
Vincent Herbulot 7a7b6cb443 Some refactoring
Use EDB instead of URL for Exploit-DB.
Remove peer variable as peer comes from HttpClient.
2014-09-16 17:49:45 +02:00
mfadzilr 978803e9d8 add proper regex 2014-09-16 21:49:02 +08:00
us3r777 4c615ecf94 Module for CVE-2014-5519, phpwiki/ploticus RCE 2014-09-16 00:09:41 +02:00
jvazquez-r7 7d4c4c3658
Land #3699, @dmaloney-r7's ipboard login refactor 2014-09-15 08:29:42 -05:00
mfadzilr 783b03efb6 change line 84 as mubix advice, update disclosure date according to
bugtraq security list.
2014-09-15 17:21:05 +08:00
mfadzilr 9860ed340e run msftidy, make correction for CVE format and space at EOL (line 77) 2014-09-15 13:13:25 +08:00
mfadzilr f1d3c44f4f exploit module for HTTP File Server version 2.3b, exploiting HFS scripting commands 'save' and 'exec'. 2014-09-15 12:59:27 +08:00
mfadzilr 74ef83812a update module vulnerability information 2014-09-15 01:43:18 +08:00
mfadzilr 8b4b66fcaa initial test 2014-09-14 12:26:02 +08:00
jvazquez-r7 3a6066792d Work in rop chain... 2014-09-13 17:38:19 -05:00
jvazquez-r7 83bf220a10
Land #3730, @TomSellers's post module for Remote Desktop Connection Manager 2014-09-12 15:38:33 -05:00
jvazquez-r7 5da6a450f1 fix find condition 2014-09-12 15:21:50 -05:00
jvazquez-r7 1749fc73c2 Change module filename 2014-09-12 15:05:33 -05:00
jvazquez-r7 95b6529579 Fix run method 2014-09-12 14:27:25 -05:00
jvazquez-r7 373861abb0
Land #3526, @jhart-r7's soap_xml scanner cleanup 2014-09-12 13:29:52 -05:00
jvazquez-r7 12f949781a Use double quote for xml strings 2014-09-12 13:18:48 -05:00
jvazquez-r7 67c0ee654b Use Gem::Version 2014-09-12 10:35:12 -05:00
jvazquez-r7 0d054d8354 Update with master changes 2014-09-12 09:52:32 -05:00
jvazquez-r7 e2ef927177 Add first version for ZDI-14-255 2014-09-12 08:57:54 -05:00
William Vu 60b29cbd5e
Fix word splitting problem 2014-09-12 06:50:53 -05:00
William Vu 8a6a205e39
Land #3724, NetworkManager creds module 2014-09-12 05:48:35 -05:00
William Vu 131401f024
Remove unused method 2014-09-12 05:48:11 -05:00
Luke Imhoff 706655f755
Land #3779, Glassfish LoginScanner exception
MSP-11343
2014-09-11 15:57:47 -05:00
Tod Beardsley d2f2b142b4
Land #3760, Arris WEP/WPA leak from @dheiland-r7 2014-09-11 15:39:19 -05:00
Tod Beardsley 4fc1ec09c7
Land #3759, Android UXSS, with ref/desc fixes
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)

Also fixes #3782 (opened by accident).
2014-09-11 14:27:51 -05:00
Tod Beardsley fbba4b32e0
Update the title and desc to be more descriptive
See #3759
2014-09-11 14:06:14 -05:00
Tod Beardsley d627ab7628
Add refs for Android UXSS
See #3759
2014-09-11 14:05:50 -05:00
James Lee 8aa06b8605
Better api for check_setup 2014-09-10 23:43:54 -05:00
James Lee c1658e5d51 Add a check_setup method 2014-09-10 20:09:46 -05:00
James Lee 84e4db9035 Don't raise in the middle
MSP-11343

This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
2014-09-10 20:09:33 -05:00
Deral Heiland 872ba6a53b Update arris_dg950 module with required changes
Collapsed several levels of the if/else statement and changed out 2 with
case. Changed print_good to print_line. Removed rescue ::Interrupt and
altered variable names to make them more readable
2014-09-10 19:07:53 -04:00
jvazquez-r7 373eb3dda0 Make struts_code_exec_classloader to work on windows 2014-09-10 18:00:16 -05:00
Jon Hart e317bfe0d5
Add preliminary module for discovering services with empty UDP probes 2014-09-10 10:58:22 -07:00
sinn3r 280e16c241
Land #3677 - Updated shodan_search for new API 2014-09-10 11:39:00 -05:00
sinn3r 006393360e Add conditions to check healthy shodan results 2014-09-10 11:38:06 -05:00
James Lee 257f0fc93e
Quick fix for ssh_login_pubkey
Fixes #3772, closes #3774
2014-09-10 09:57:17 -05:00
Jon Hart 495e1c14a1
Land #3721, @brandonprry's module for Railo CVE-2014-5468 2014-09-09 19:10:46 -07:00
Jon Hart 26d8432a22
Minor style and usability changes to @brandonprry's #3721 2014-09-09 19:09:45 -07:00
Brandon Perry db6052ec6a Update check method 2014-09-09 18:51:42 -05:00
sinn3r 0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP 2014-09-09 17:21:03 -05:00
sinn3r 027f543bdb
Land #3732 - Eventlog Analzyer exploit 2014-09-09 11:33:20 -05:00
sinn3r 75269fd0fa Make sure we're not doing a 'negative' timeout 2014-09-09 11:26:49 -05:00
Joe Vennix 7793ed4fea
Add some common UXSS scripts. 2014-09-09 02:31:27 -05:00
James Lee b8000517cf
Land #3746, reinstate DB_ALL_CREDS 2014-09-08 17:24:12 -05:00
David Maloney 2ac15f2088
some fixes based on Christruncer's feedback
fixed some stuff i borked, back to you chris
2014-09-08 15:27:01 -05:00
David Maloney cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor 2014-09-08 14:48:37 -05:00
Tod Beardsley 4abee39ab2
Fixup for release
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
David Maloney 09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds 2014-09-08 12:52:25 -05:00
William Vu ae5a8f449c
Land #3691, gdbserver hax 2014-09-08 11:48:39 -05:00
Deral Heiland 9a6ee5090a Add Arris DG950A SNMP data extraction module
This module will extract critical data such as WPA and WEP keys from
the Arris DG950a model cable modem via the SNMP protocal.
2014-09-08 11:04:31 -04:00
sinn3r 0ccb39c057
Land #3726 - Fix typos in wordpress login 2014-09-08 09:40:57 -05:00
cx 1b5e40ff78 New Creds model added 2014-09-08 11:42:05 +03:00
Joe Vennix 27889ea411
Add a safety fallback on js load. 2014-09-08 00:46:47 -05:00
Joe Vennix 8407d45c9c
Rework the timers. 2014-09-08 00:40:00 -05:00
Joe Vennix 5c9c8edfcf
Fix refs. 2014-09-07 23:33:45 -05:00
Joe Vennix 5efaf7d4cf
rename module, handle asyncness. 2014-09-07 23:25:08 -05:00
jvazquez-r7 10bb77af9f
Land #3716, @wchen-r7's Glassfish LoginScanner update 2014-09-07 21:54:34 -05:00
Joe Vennix 1bf89fb6bd Add Android <= 4.3 AOSP UXSS module. 2014-09-07 20:44:03 -05:00
jvazquez-r7 c86d01a667 Fix win.ini signature 2014-09-07 01:46:38 -05:00
sinn3r 44b9dc9b28 Update tmlisten_traversal 2014-09-06 01:18:11 -05:00
jvazquez-r7 df278dd2dc Conver to exploit 2014-09-05 14:47:33 -05:00
jvazquez-r7 d4a8b7e00d Move to exploits 2014-09-05 10:38:28 -05:00
jvazquez-r7 892f72e4ce Move module path 2014-09-05 10:30:27 -05:00
jvazquez-r7 d041ee6629 Delete exploit modules from this branch 2014-09-05 10:29:24 -05:00
Chris Hebert abffdd8705 Update alienvault_newpolicyform_sqli.rb
cleaned up according to msftidy.rb suggestions

modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
2014-09-04 21:46:37 -04:00
Chris Hebert 664cc131e3 Update alienvault_newpolicyform_sqli.rb
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
2014-09-04 21:34:24 -04:00
sinn3r 08ce278cca Got these wrong 2014-09-04 17:05:51 -05:00
sinn3r cb490fc00e [SeeRM #8836] Change boot.ini to win.ini 2014-09-04 17:03:21 -05:00
jvazquez-r7 d83131f1d9
Land #3750, @wvu favoring unless 2014-09-04 16:17:07 -05:00
jvazquez-r7 ff210a7c0a delete parenthesis 2014-09-04 16:16:29 -05:00
sinn3r 85b48fd437
Land #3736 - Revert initial ff xpi prompt bypass for Firefox 22-27 2014-09-04 16:08:15 -05:00
jvazquez-r7 f063dcf0f4
Land #3741, @pedrib's module for CVE-2014-5005 Desktop Central file upload 2014-09-04 15:44:21 -05:00
jvazquez-r7 f466b112df Minor cleaning on check 2014-09-04 15:43:59 -05:00
jvazquez-r7 74b8e8eb40 Change module filename 2014-09-04 15:39:34 -05:00
jvazquez-r7 c32b977a27
Land #3747, @wvu changes to printer_ready_message 2014-09-04 15:26:52 -05:00
William Vu 2d8c7a7a4d
Refactor if statement to early return
This eliminates the protracted if statement and aligns the code body.
2014-09-04 15:05:30 -05:00
William Vu 614c7c178d
Land #3749, jtr_oracle_fast missing require fix 2014-09-04 15:03:37 -05:00
jvazquez-r7 c1bca5c138
Land #3742, @pedrib's changes to desktopcentral_file_upload check method 2014-09-04 14:47:36 -05:00
jvazquez-r7 7563c0bd0e Use Gem::Version 2014-09-04 14:40:13 -05:00
HD Moore 34455b5dc6 Fix missing require for jtr_oracle_fast 2014-09-04 14:38:07 -05:00
William Vu 50ac8366fd
Refactor CHANGE/RESET to actions
Missed in c1fdc4d945.
2014-09-04 14:36:04 -05:00
jvazquez-r7 2615a7a3be Favor \&\& and || operands 2014-09-04 14:35:37 -05:00
sinn3r 0dcf481d76 This one is good to go 2014-09-04 14:13:33 -05:00
William Vu 84f9ec0aad
Refactor implicit options hash
Missed in c1fdc4d945.
2014-09-04 13:30:06 -05:00
David Maloney 00ec47fb83
call new prepend cred methods
add method calls o all the lgoinscanner modules
so that they call the prepend_db_* methods as approrpiate
these methods automatically check to see if DB_ALL_CREDS was
selected
2014-09-04 12:32:35 -05:00
David Maloney c5755824a6
pass in vhost and useragent
have http loginscanner modules pass in VHOST
and Useragent to the LoginScanner classes
2014-09-04 11:02:19 -05:00
sinn3r dd4fd7bb39 The reporting part 2014-09-03 16:32:23 -05:00
sinn3r e1694ec3e5 LoginScanner update for hp_sys_mgmt_login
Work in progress
2014-09-03 16:23:57 -05:00
Joe Vennix 0e18d69aab
Add extended mode to prevent service from dying. 2014-09-03 16:07:27 -05:00
Joe Vennix 4293500a5e
Implement running exe in multi. 2014-09-03 15:56:21 -05:00
Pedro Ribeiro f0e3fa18a3 Restore the original filename 2014-09-03 21:32:05 +01:00
Joe Vennix 268d42cf07
Add PrependFork to payload options. 2014-09-03 14:56:22 -05:00
jvazquez-r7 185ce36859
Land #3701, @wchen-ru's AppleTV modules 2014-09-03 12:30:50 -05:00
jvazquez-r7 10dee28fbd Add http socket to the module sockets and allow the framework to cleanup 2014-09-03 12:01:48 -05:00
sinn3r 5acbcc80e2 no threading 2014-09-03 11:37:30 -05:00
Pedro Ribeiro ded085f5cc Add CVE ID 2014-09-03 07:22:10 +01:00
Brandon Perry ee3e5c9159 Add check method 2014-09-02 21:35:47 -05:00
Pedro Ribeiro c672fad9ef Add OSVDB ID, remove comma from Author field 2014-09-02 23:17:10 +01:00
Pedro Ribeiro d69049008c Refactor and rename desktopcentra_file_upload
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
2014-09-02 23:12:33 +01:00
Pedro Ribeiro 05856016c9 Add exploit for CVE-2014-5005 2014-09-02 23:09:10 +01:00
Joe Vennix f7617183d9
Revert "Add initial firefox xpi prompt bypass."
This reverts commit ebcf972c08.
2014-09-02 12:27:41 -05:00
cx aaeb5a2f5f jhart-r7 suggestions added 2014-09-02 12:05:54 +03:00
John Sawyer 3281781f6a Addressed r7 comments, fixed bug in results loop 2014-09-01 13:43:31 -04:00
Pedro Ribeiro d480a5e744 Credit h0ng10 properly 2014-09-01 07:58:26 +01:00
Pedro Ribeiro 59847eb15b Remove newline at the top 2014-09-01 07:56:53 +01:00
Pedro Ribeiro 6a370a5f69 Add exploit for eventlog analyzer file upload 2014-09-01 07:56:01 +01:00
Matthew Kienow 7dd73084bb
Added WiFi ifindex discovery and enhanced error handling 2014-09-01 00:49:10 -04:00
Matthew Kienow cf0f00a376 Variable name changes per ruby style guide 2014-08-31 23:57:20 -04:00
Matthew Kienow 0735de0fd4 Changes to error output per PR comments 2014-08-31 23:57:20 -04:00
Matthew Kienow 0a01da1ca9 Changed default value for SNMP Version option 2014-08-31 23:57:20 -04:00
Matthew Kienow e6126fde72 Modified to pull username and password first 2014-08-31 23:57:19 -04:00
Matthew Kienow 5153886077 Added disclosure URL and cleaned up output fields 2014-08-31 23:57:19 -04:00
inokii 4ef369112f Cleanup per msftidy report of Spaces at EOL 2014-08-31 23:57:19 -04:00
inokii e37d56766f Corrected extraction of WEP keys, current key, RADIUS server and port 2014-08-31 23:57:19 -04:00
inokii f1cd601401 Modified logic to attempt to process WiFi key data even if primary Wifi interface is not up 2014-08-31 23:57:19 -04:00
inokii e5111f7634 Simplified get_radius_info method and cleaned up comments 2014-08-31 23:57:19 -04:00
inokii c556a6e331 Fixed syntax issue 2014-08-31 23:57:19 -04:00
inokii 81047e911a Corrected OIDs to all numeric 2014-08-31 23:57:19 -04:00
inokii b253e444cb Initial commit of SBG6580 scanner after cleanup 2014-08-31 23:57:18 -04:00
Tom Sellers 20a02a9d29 Cleanup 2014-08-31 14:01:13 -05:00
Tom Sellers 6f7bc94db4 Creation of rdcmanager_creds.rb 2014-08-31 13:38:08 -05:00
jvazquez-r7 c05edd4b63 Delete debug print_status 2014-08-31 01:34:47 -05:00
jvazquez-r7 8b1791da22 Modify modules to keep old behavior 2014-08-31 01:18:53 -05:00
jvazquez-r7 559ec4adfe Add module for ZDI-14-299 2014-08-31 01:11:46 -05:00
DrDinosaur 8ba5488198 Update wordpress_login_enum.rb
Fixed some typos.
2014-08-30 13:37:48 -10:00
jvazquez-r7 e1b6ee283f Allow Msf::Payload::JSP to guess system shell path if it isnt provided 2014-08-30 16:27:02 -05:00
Brandon Perry 438f0e6365 typos 2014-08-30 09:22:58 -05:00
Brandon Perry f72cce9ff2 Update railo_cfml_rfi.rb 2014-08-29 17:33:15 -05:00
David Maloney a142e78a66
refactor wordpress_xml_rpc_login
refactor the login module to use the loginscanner class
2014-08-29 13:09:09 -05:00
David Maloney 0e14b271a1
Merge branch 'master' into wordpress-xmlrpc-login-scanner 2014-08-29 12:50:34 -05:00
Spencer McIntyre 1cdf1c2c6e
Land #3709, @nnam's wing ftp admin console cmd exec 2014-08-29 13:46:01 -04:00
Spencer McIntyre 8095b4893c Rename and apply rubocop style to wing_ftp_admin_exec 2014-08-29 13:42:11 -04:00
cx bd9417490e Merge branch 'master' into linux-post-enum-psk 2014-08-29 15:50:28 +03:00
cx eaf73f9f84 Linux Gather 802-11-Wireless Security Credentials 2014-08-29 11:08:08 +03:00
sinn3r f7091d854e Add a timeout 2014-08-28 22:26:38 -05:00
jvazquez-r7 40f581458a
Land #3570, @ikkini scanner for rsync 2014-08-28 18:48:32 -05:00
jvazquez-r7 9fb9ab813c Add URL reference 2014-08-28 18:47:56 -05:00
jvazquez-r7 bc542a011d Change module filename 2014-08-28 18:42:30 -05:00
jvazquez-r7 213fe23970 Clean rsync_modules_list 2014-08-28 18:40:55 -05:00
nnam 02bbd53b82 Fix failure messages for check(). 2014-08-28 12:09:35 -07:00
Nicholas Nam 6c90a50e47 Handle res.nil case in check(). Revert check for res.nil in
execute_command() because it was failing prior to the reverse_shell
connecting.
2014-08-28 10:57:52 -07:00
Nicholas Nam 0788ce9745 Removed unused require and import. Handle the res.nil case in
execute_command() and authenticate().
2014-08-28 10:30:30 -07:00
sinn3r f097ef96e0 Use && 2014-08-28 12:13:03 -05:00
sinn3r d0d9949d91 Do SSL options correctly 2014-08-28 12:04:14 -05:00
jvazquez-r7 58091b9e2b
Land #3708, @pedrib fix for manage_engine_dc_pmp_sqli 2014-08-28 10:47:03 -05:00
jvazquez-r7 d8c15766bd
Land #3567 @OJ's fixes to the MQAC local exploit solving conflicts 2014-08-28 10:19:47 -05:00
jvazquez-r7 9d3d25a3b3 Solve conflicts 2014-08-28 10:19:12 -05:00
Matt Andreko 784ece574e Found additional typos. 2014-08-28 09:03:19 -05:00
Matt Andreko cb634cfef3 Fixed annoying typo that shows up in validation screenshots 2014-08-28 08:50:30 -05:00
Brandon Perry f4965ec5cf Create railo_cfml_rfi.rb 2014-08-28 08:42:07 -05:00
inkrypto 4a479d17a9 Randomize padding on aux module, fix spacing on exploits 2014-08-27 20:41:33 -04:00
Tom Sellers 0b820c59b1 Fix to self.refname 2014-08-27 18:34:15 -05:00
Tod Beardsley 6d45f75b47
Land #3690, credential_collect refactor
@TomSellers strikes again!
2014-08-27 18:31:59 -05:00
Tom Sellers 9b0c5dfb0c Minor fix 2014-08-27 18:31:13 -05:00
sinn3r 0ba2f1e457 Leave a note about the old empty password issue 2014-08-27 17:06:11 -05:00
sinn3r d5b70cca24 "Auth bypass" does not really describe what the feature actually does 2014-08-27 16:56:07 -05:00
sinn3r a32ffc4c26 Add the final portion for Glassfish login module 2014-08-27 15:09:11 -05:00
sinn3r 633eaab466
Land #3714 - Firefox 22-27 WebIDL Privileged Javascript Injection 2014-08-27 01:45:18 -05:00
sinn3r 5d8cbe0544 Early version of Glassfish using LoginScanner 2014-08-27 01:23:02 -05:00
Joe Vennix 26cfed6c6a
Rename exploit module. 2014-08-26 23:05:41 -05:00
Joe Vennix 96276aa6fa
Get the disclosure date right. 2014-08-26 20:36:58 -05:00
Joe Vennix 52f33128cd
Add Firefox WebIDL Javascript exploit.
Also removes an incorrect reference from another FF exploit.
2014-08-26 20:35:17 -05:00
HD Moore fde2687c9e Store edition,version,build in the fingerprint.match 2014-08-26 18:44:08 -05:00
Tom Sellers d5e39ae284 Adjustments for new LoginScanner code 2014-08-26 18:13:00 -05:00
HD Moore ba1f7c3bf6 Land #3687, reworks the nat-pmp portscanner 2014-08-26 14:34:46 -05:00
HD Moore ed9bb3e52c Fix a small typo 2014-08-26 14:34:10 -05:00
Jon Hart 775ebce56b
Correct natpmp_portscan's print_* usage to include peer 2014-08-26 12:27:12 -07:00
HD Moore 3b8bbdf10c Merge master back in before landing #3545 2014-08-26 14:07:58 -05:00
HD Moore 4e19d9ade1 Land #3545, fix up sip scanners, msftidy, db services cmd 2014-08-26 14:07:21 -05:00
Jon Hart 5826d7b164
vprint_status when no external address obtained, print_ is too noisy 2014-08-26 12:05:40 -07:00
Jon Hart e75e213b52
Clarify SIP mixin method name, store header values as string, etc 2014-08-26 11:40:49 -07:00
Jon Hart 246f021437 Update natpmp_external_address to use Msf::Auxiliary::UDPScanner 2014-08-26 10:49:53 -07:00
Jon Hart 5c57f9b4eb Don't overload RPORT/LPORT for mapping external -> internal ports 2014-08-26 10:49:53 -07:00
Jon Hart 162508f532 Update NAT-PMP modules to use new/updated mixins 2014-08-26 10:49:53 -07:00
Jon Hart 816404bb88 Move common NAT-PMP functionality into a central place 2014-08-26 10:49:53 -07:00
Jon Hart ca11eae3a9 Show a useful failure message when the external address probe fails 2014-08-26 10:49:52 -07:00
William Vu 9f6a40dfd6
Fix bad pack in mswin_tiff_overflow
Reported by @egyjuzer in #3706.
2014-08-26 11:14:44 -05:00
Jon Hart bb00c97f46
Add a CERT reference 2014-08-26 08:29:28 -07:00
Jon Hart 40fe2fd3a9
Remove DRDoS references, as this just proves amplification 2014-08-26 08:23:50 -07:00
Jon Hart 10f52d8765
Use MX of 1 to speed up responses from endpoints that respect it 2014-08-26 08:00:30 -07:00
Jon Hart 333c3a90ae
Space between SSDP headers and values, which is sometimes required 2014-08-26 07:57:59 -07:00
Jon Hart 337cd02dd7
Change Auxiliary::DRDoS' prove_drdos to prove_amplification 2014-08-26 07:48:44 -07:00
Jon Hart 04fbd07a16
vprint_error in the unlikely event we get an unexpected response 2014-08-26 07:30:14 -07:00
Nicholas Nam 40b66fae33 Add Wing FTP Server post-auth remote command execution module 2014-08-26 07:28:41 -07:00
Jon Hart 79b05db409
Correct minor style issues 2014-08-26 07:26:30 -07:00
Pedro Ribeiro a8d03aeb59 Fix bug with PMP db paths 2014-08-26 12:54:31 +01:00
Pedro Ribeiro 473341610c Update name to mention DC; correct servlet name 2014-08-26 12:39:48 +01:00
xistence 63b75a0093 SSDP Amplification module changes 2014-08-26 16:03:32 +07:00
xistence a90d142140 Add UPnP SSDP Amplication Scanner 2014-08-26 12:53:14 +07:00
HD Moore 73e4ec709f Fix smb_port and require 'recog' when no DB/MDM 2014-08-25 15:42:18 -05:00
sinn3r 463815d240 Add AppleTV modules (imge, video and login) 2014-08-25 15:24:41 -05:00
Jon Hart 6a522cc105 Remove unused BATCHSIZE from SIP options_tcp, duplicate from options 2014-08-25 13:12:29 -07:00
Jon Hart bfa89bb3a5 Enforce binary encoding on non-modules, no encoding on modules 2014-08-25 13:12:29 -07:00
Jon Hart 6185721a61 Address @hmoore-r7's feedback regarding binary encoding 2014-08-25 13:11:22 -07:00
Jon Hart 9955cb5b27 Enforce proper protocol case where necessary 2014-08-25 13:11:22 -07:00
Jon Hart 637f86f37d Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner 2014-08-25 13:11:21 -07:00
Jon Hart c2e70446ed Move SIP module stuff to Msf::Exploit::Remote::SIP 2014-08-25 13:11:21 -07:00
Jon Hart 02e41c27e7 Split SIP response parsing out on its own, add unit tests.
Passes rspec but fails in framework. WIP.
2014-08-25 13:11:20 -07:00
Jon Hart d4ea3e9f29 Pass protocol down to parse_reply for report_* purposes 2014-08-25 13:09:39 -07:00
Jon Hart a2e2e37a69 Fix SIP options scanning 2014-08-25 13:09:39 -07:00
Jon Hart 2a4d73ee35 Add status message that displays delay between requests 2014-08-25 12:55:27 -07:00
Jon Hart 5c61c09c6b auxiliary/scanner/http/soap_xml cleanup
This:

* Corrects Ruby style (most) everywhere
* Uses Rex's sleep, converts to milliseconds -- seconds are too granular
* Moves begin/rescue inside nested verb+noun loop
* Prints errors even if not in verbose mode
* Corrects URI construction when PATH ends with /
2014-08-25 12:55:27 -07:00
Joe Vennix 6d3255a3b5
Update bad config error. 2014-08-25 14:43:23 -05:00
David Maloney 152ddb2f32
refactor the ipboard-login module
now that we have the loginScanner class, we simplify the module
by using the scanner and credcollection classes to handle all
the real work for us
2014-08-25 14:32:47 -05:00
Joe Vennix b652ebb44f
Add other gdb-supported platforms that run on allowed arches. 2014-08-25 14:15:20 -05:00
Joe Vennix c4a173e943
Remove automatic target, couldn't figure out generic payloads. 2014-08-25 14:14:47 -05:00
Tod Beardsley 6d9833e32b
Minor pre-release updates with descriptions 2014-08-25 13:34:45 -05:00
Tod Beardsley 03a1f4455d
No need to escape single quotes in %q{} strigns 2014-08-25 13:03:33 -05:00
Tod Beardsley 2f87c880df
Add link to blog post for NTP modules 2014-08-25 12:58:10 -05:00
Tod Beardsley c3213a73e5
Use peer when writing scanner modules
This fixes the module seen in PR rapid7#3684 to use the peer method at
the beginning of print_* messages, rather than the vhost method at the
end. Doing this tends to make reading the output much easier since it's
more consistent.

Incidentally, this module has an msftidy complaint:

````
--- Checking new and changed module syntax with tools/msftidy.rb ---
modules/auxiliary/scanner/http/ipboard_login.rb - [INFO] Please use
vars_get in send_request_cgi: send_request_cgi({ 'uri' =>
normalize_uri(target_uri.path,
"index.php?app=core&module=global&section=login&do=process"
````

This should be fixed as well, or explained why it's not being honored.
2014-08-25 12:48:32 -05:00
William Vu 1ee83ff57e
Land #3696, pile of NTP DRDoS 0days
Dr. DoS in da house?
2014-08-25 11:47:28 -05:00
William Vu 7a76efa7f7
Add reference and disclosure date 2014-08-25 11:46:47 -05:00
OJ a39f7b94ec
Land #3684 - IP Board Login Scanner 2014-08-25 11:54:42 +10:00
Christopher Truncer 302e4025ba Removed unnecessary function 2014-08-24 20:45:28 -04:00
Christopher Truncer 2b59063d6c Updated based on feedback 2014-08-24 19:53:29 -04:00
Tom Sellers fa502c9c69 Minor adjustments 2014-08-24 17:39:13 -05:00
Tom Sellers 601c5515f8 Corrected 3 issues identified by jlee-r7 2014-08-24 17:18:31 -05:00
jvazquez-r7 c20b4dc0ff
Land #3645, @jlee-r7's fix for mremoge credentials gather module 2014-08-24 15:53:29 -05:00
Tom Sellers 081a3437a4 Refactor for Credentials gem 2014-08-24 09:38:15 -05:00
Joe Vennix 6313b29b7a
Add #arch method to Msf::EncodedPayload.
This allows exploits with few one automatic target to support many
different architectures.
2014-08-24 02:22:15 -05:00
Joe Vennix 88f626184c
Remove linux platform limitation, target depends on arch only. 2014-08-24 01:39:04 -05:00