Commit Graph

5879 Commits (2c5c94288d8e5fd3b280a6ce9b4189b7218d2f95)

Author SHA1 Message Date
sinn3r 75c697c4dc Final 2015-02-05 04:36:44 -06:00
sinn3r 1ccfb6cb43 IE UXSS 2015-02-05 03:03:28 -06:00
William Vu 9c1487c944
Fix dns_fuzzer datastore 2015-02-05 02:53:14 -06:00
William Vu c22865fb71
Fix nexpose_xxe_file_read datastore 2015-02-05 02:53:00 -06:00
sinn3r 434bca0b27
Land #4613, auxiliary/server/capture/smb credential creation 2015-02-04 22:45:36 -06:00
jvazquez-r7 c0e1440572
Land #4685, @FireFart's module for Wordpress Platform Theme RCE 2015-02-03 17:35:59 -06:00
William Vu 54a5dd69a9
Land #4698, WP GHOST scanner dead code removal 2015-02-02 16:54:09 -06:00
Christian Mehlmauer c8864c93d7
remove unused code 2015-02-02 20:04:10 +01:00
jvazquez-r7 d0cf316758
Land #4659, @pedrib's ManageEngine directory listing module 2015-02-01 14:19:46 -06:00
jvazquez-r7 128ca47aa7 Fix banner 2015-02-01 14:19:03 -06:00
jvazquez-r7 41232c0f91
Land #4758, @pedrib's ManageEngine arbitrary file download module 2015-02-01 14:17:04 -06:00
jvazquez-r7 361aaa7551 Fix banner 2015-02-01 14:16:09 -06:00
Pedro Ribeiro 39a25fc549 Update manageengine_file_download.rb 2015-02-01 10:49:48 +00:00
Pedro Ribeiro e9b5aa94c3 Add OSVDB id and full disclosure URL 2015-02-01 10:49:11 +00:00
Christian Catalan 8740fd9015 Convert #find_all_by_X to #where 2015-01-31 21:07:50 -06:00
Christian Mehlmauer 2c956c0a0f
add wordpress platform theme rce 2015-01-31 22:02:44 +01:00
jvazquez-r7 11502bad39 Clean code 2015-01-30 15:26:25 -06:00
jvazquez-r7 1916c92e3a Clean metadata 2015-01-30 15:21:17 -06:00
jvazquez-r7 c9ac56442d No modify datastore option 2015-01-30 15:05:46 -06:00
jvazquez-r7 bb640b90ef Refactor login_it360 2015-01-30 15:02:23 -06:00
jvazquez-r7 d4359c4f1c Rework login_it360 code 2015-01-30 15:00:34 -06:00
William Vu efd7a8c962
Land #4670, dns_amp RA flag fix 2015-01-30 14:46:15 -06:00
jvazquez-r7 c5db13fba9 Do minor style fixes 2015-01-30 14:13:11 -06:00
jvazquez-r7 89f760c94e Clean metadata 2015-01-30 14:08:55 -06:00
Christian Mehlmauer 7504358db3
code style and typos 2015-01-30 15:57:32 +01:00
Christian Mehlmauer 9ce2dd9815
msftidy 2015-01-30 15:41:11 +01:00
Christian Mehlmauer a0eaf2f626
add wordpress ghost scanner module 2015-01-30 15:29:51 +01:00
Guillaume Delacour 42ef5716e8 Don't test ra flag to get upward referrals/additional RRs 2015-01-30 02:20:24 +01:00
Guillaume Delacour 2c05b1ee50 Use QUERYTYPE instead of hardcode ANY type 2015-01-29 22:54:06 +01:00
Pedro Ribeiro a806cb401a Create manageengine_dir_listing.rb 2015-01-28 19:44:48 +00:00
Pedro Ribeiro 62ac536b7d Create manageengine_file_download.rb 2015-01-28 19:42:17 +00:00
William Vu 46210a4963
Fix punctuation 2015-01-26 12:05:54 -06:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
jvazquez-r7 c6901caf39 Change module location 2015-01-24 10:14:46 -06:00
jvazquez-r7 23c9d4f0fb Do final cleanup 2015-01-23 17:54:58 -06:00
jvazquez-r7 05e803f85b Rewrite get_wifi_info 2015-01-23 17:50:52 -06:00
jvazquez-r7 fe61b274bd Rewrite get_router_ssid 2015-01-23 17:38:55 -06:00
jvazquez-r7 abe9c85ad6 Rewrite get_router_dhcp_info 2015-01-23 17:37:20 -06:00
jvazquez-r7 70b6f94f14 Rewrite get_router_wan_info 2015-01-23 17:32:20 -06:00
jvazquez-r7 aeed72f726 Rewrite get_router_info 2015-01-23 17:29:12 -06:00
jvazquez-r7 26b17d5556 Clean get_router_mac_filter_info 2015-01-23 17:18:07 -06:00
jvazquez-r7 a63625ab51 Refactor response parsing 2015-01-23 17:09:01 -06:00
jvazquez-r7 c9a13bda2f Do a first easy clean up 2015-01-23 16:37:55 -06:00
jvazquez-r7 dcf0d7f596 Make msftidy happy 2015-01-23 16:23:21 -06:00
jvazquez-r7 f83b87f611 Rebase #3019 2015-01-23 16:14:01 -06:00
sinn3r f3a2d6663f Fix #4616 and Fix #3798 - Correctly use OptRegexp
This patch fixes a problem with OptRegexp. The OptRegexp class is
always forcing the value to be converted to a string first, which
causes the EXCLUDE option in browser_autopwn to kick in and match
every found autopwn module, so it ignores all of them and you load
nothing (#4616).

It is important to understand that nil actually represents an option
not being set, which is a completely different behavior than having
an empty value (technically "" is still a value, and if there's a
value, it means the option is set). We need to watcher for these
scenarios.

I am restoring the #default method to avoid forcing a to_s, which should
fix the browser autopwn loading problem. And then I changed scraper.rb's
default value for datastore option PATTERN to a string, because still
fixes #3798. The way I see it, #3798 is actually a module-specific issue.

Fix #4616
Fix #3798
2015-01-23 02:38:26 -06:00
William Vu 980a010e15
Land #4627, explicit rubygems require fix
And a couple extraneous comma fixes.
2015-01-22 13:49:31 -06:00
Tod Beardsley bd06b48b30
Extra commas. 2015-01-22 13:45:08 -06:00
Tod Beardsley 2e606cd097
Don't require rubygems 2015-01-22 13:44:58 -06:00
Jon Hart e46395f592
Land #4596, @pdeardorff-r7's memcached extractor 2015-01-22 08:00:19 -08:00
Jon Hart 1cdcd3ccfa
Use a more consistent format in Rex table and loot for memcache 2015-01-22 07:59:48 -08:00
Jon Hart a5e14d5869
Use checkcode status text when not obviously vulnerable, more consistent text 2015-01-20 13:55:48 -08:00
Jon Hart 14fc8d4cd0
Only allow 401/403/404 2015-01-20 13:36:06 -08:00
pdeardorff-r7 0d4d06fb83 Print table for all scans, add preview size option 2015-01-20 11:12:47 -08:00
Jon Hart f1bf607386
Minor Ruby style cleanup 2015-01-20 08:47:47 -08:00
Jon Hart ef89a3d323
Add protocol reference 2015-01-20 08:34:08 -08:00
Jon Hart 9c97824d5c
Move MAXKEYS to advanced 2015-01-20 08:28:49 -08:00
Jon Hart 9d430eb1d5
Use the simpler 'version' command to get the version 2015-01-20 08:16:22 -08:00
Jon Hart 6588f92206
Move rex connection errors to vprint since this is a Scanner 2015-01-20 08:11:09 -08:00
Jon Hart 10100df054
report_service 2015-01-20 08:09:35 -08:00
Jon Hart b0bbce1190
Include peer in most prints 2015-01-20 08:00:02 -08:00
Christian Mehlmauer 354e952841
fix msftidy warnings 2015-01-18 23:55:57 +01:00
Christian Mehlmauer 5b964bba6a
Land #4518, Wordpress long password DoS 2015-01-18 23:55:06 +01:00
Christian Mehlmauer 6014ff8a31
fix msftidy warnings 2015-01-18 23:54:16 +01:00
William Vu 84ecde30d1
Land #4586, mcafee_epo_xxe aux module 2015-01-18 00:50:10 -06:00
William Vu 57ca285f8a
Fix msftidy warnings 2015-01-18 00:49:52 -06:00
pdeardorff-r7 db3185231a add maxkeys option, dont store loot if localhost and improve streaming 2015-01-17 09:25:32 -08:00
pdeardorff-r7 f1bcbb7d78 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-16 09:57:17 -08:00
Brent Cook 6a68888712
Land #4590, jvennix-r7's fix for same-scheme URLs
made a trivial string formatting tweak
2015-01-16 09:10:56 -06:00
Brent Cook 7ef721bdd6 Might as well format the url all at once. 2015-01-16 09:01:25 -06:00
James Lee 488847cecc
Split smb_cmd_session_setup into with/without esn
Extended Security Negotiation
2015-01-16 07:05:10 -06:00
James Lee 6b6a7e81c9
Style fixes 2015-01-16 06:39:21 -06:00
James Lee 273ba54a21
Fix server/capture/smb to use create_credential 2015-01-15 22:39:11 -06:00
Brandon Perry 1929f36050 Update mcafee_epo_xxe.rb 2015-01-15 16:50:14 -06:00
Joe Vennix 8c3d4c8d07
Spelling tweak. 2015-01-15 15:19:46 -06:00
Jon Hart d68b62cf21
Make canary value (URI) configurable 2015-01-15 13:12:32 -08:00
Joe Vennix 35c9a13199 Handle the usage of // (same-scheme) URLs. 2015-01-15 15:09:50 -06:00
Jon Hart 2dca18265e
Track and vprint canary value and code 2015-01-15 12:34:53 -08:00
Jon Hart 3489ea540e
Make status code checking configurable 2015-01-15 12:22:16 -08:00
Jon Hart 4641b02646
Base canary path from TARGET_URI 2015-01-15 12:05:10 -08:00
pdeardorff-r7 507050b316 rescue from down memcached server or timeout 2015-01-15 09:51:42 -08:00
pdeardorff-r7 0e893cd772 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-15 09:40:21 -08:00
pdeardorff-r7 4d2ad8865f remove debug line 2015-01-15 09:37:51 -08:00
pdeardorff-r7 154eb7956c fix storing of loot and support localhost session 2015-01-15 09:36:15 -08:00
Brandon Perry 4e4ca15422 Update mcafee_epo_xxe.rb 2015-01-15 11:02:11 -06:00
Brandon Perry e53522b64b Update mcafee_epo_xxe.rb 2015-01-15 10:28:52 -06:00
Brandon Perry 86d5358299 Update mcafee_epo_xxe.rb 2015-01-15 09:56:02 -06:00
Brandon Perry 53e1304afb Update mcafee_epo_xxe.rb 2015-01-14 18:19:27 -06:00
jvazquez-r7 621cada2ac Undo build_gc_call_data refactoring 2015-01-14 16:47:28 -06:00
Jon Hart 1f6defda73
Use more correct check codes 2015-01-14 13:10:35 -08:00
Brandon Perry 1ed07bac32 Update mcafee_epo_xxe.rb 2015-01-14 11:01:14 -06:00
Brandon Perry 794bb65817 Create mcafee_epo_xxe.rb 2015-01-14 10:54:58 -06:00
Jon Hart b7eb4d24aa
Squash another rogue 5009 2015-01-13 10:36:43 -08:00
Jon Hart 69f03f5c5d
Move ACPP default port into Rex 2015-01-12 19:43:57 -08:00
Jon Hart 01a9fb1483
Spelling 2015-01-12 19:29:41 -08:00
Jon Hart a076a9ab89
report_vuln 2015-01-12 19:23:08 -08:00
Jon Hart d5cdfe73ed
Big style cleanup 2015-01-12 19:11:14 -08:00
Jon Hart 9721993b8f
Allow blank password, remote more unused opts, print private 2015-01-12 18:43:54 -08:00
pdeardorff-r7 99cf668441 add memcached extractor module 2015-01-12 16:40:06 -08:00
Jon Hart 44059a6e34
Disable more unused options 2015-01-12 14:15:40 -08:00
Jon Hart ec506af8ea
Make ACPP login work 2015-01-12 14:01:23 -08:00
Jon Hart e9557ffe58 Simplify module in prep for some authbrute cleanups 2015-01-12 13:08:12 -08:00
Jon Hart 97f5cbdf08 Add initial Airport ACPP login scanner 2015-01-12 13:08:12 -08:00
Jon Hart 9e76e0b0d8
Simplify. Document. Handle edge cases
Simplify detection logic.

Document testing method better

Ensure that body doesn't include canary cookie name too

Use full_uri in prints when possible
2015-01-12 11:40:17 -08:00
Jon Hart d4843f46ed
Make auth checking optional and off by default 2015-01-11 12:15:57 -08:00
Jon Hart 9491e4c977
Use send_request_raw; set realistic (and often necessary) Referer 2015-01-11 12:10:40 -08:00
jvazquez-r7 05d364180b Beautify descriptions 2015-01-10 01:10:08 -06:00
jvazquez-r7 a2d479a894 Refactor run method 2015-01-10 01:06:56 -06:00
jvazquez-r7 cf9d7d583e Do first code cleanup 2015-01-10 00:51:31 -06:00
jvazquez-r7 000d7dd1eb Minor beautification 2015-01-10 00:32:10 -06:00
jvazquez-r7 1d0e9a2dca Use snake_case filename 2015-01-10 00:29:28 -06:00
jvazquez-r7 070e833d46 Use snake_case filename 2015-01-10 00:28:01 -06:00
jvazquez-r7 59d602f37d Refactor cisco_cucdm_callforward 2015-01-10 00:27:31 -06:00
jvazquez-r7 511a7f8cca send_request_cgi already URI encodes 2015-01-10 00:06:26 -06:00
jvazquez-r7 5d8167dca6 Beautify description 2015-01-10 00:02:42 -06:00
jvazquez-r7 9fb4cfb442 Do First callforward cleanup 2015-01-10 00:00:27 -06:00
jvazquez-r7 f7af0d9cf0
Test landing #4065 into up to date branch 2015-01-09 23:40:16 -06:00
jvazquez-r7 bedbffa377
Land #3700, @ringt fix for oracle_login
* Avoid retrying logins when connection cannot be stablished
2015-01-09 22:59:32 -06:00
jvazquez-r7 38c36b49fb Report when nothing is rescued 2015-01-09 22:58:19 -06:00
Jon Hart b1ca1cc110
Add back TARGETURI because Exploit::Remote::HttpClient doesn't define one (...) 2015-01-09 13:20:18 -08:00
Jon Hart 831ba8b470
Improve (mis)Fortune Cookie (CVE-2014-9222) scanner 2015-01-09 12:58:35 -08:00
jvazquez-r7 ca765e2cc5 Refactor client mixin 2015-01-08 15:46:24 -06:00
jvazquez-r7 3debcef00b Fix call from aux module 2015-01-08 14:24:27 -06:00
jvazquez-r7 c205ef28d4 Refactor build_gc_call 2015-01-08 14:01:04 -06:00
jvazquez-r7 73e3cd19c3 Convert java_rmi_server aux mod to use new mixin 2015-01-08 00:29:50 -06:00
jvazquez-r7 d59805568e Do first module refactoring try 2015-01-07 19:06:09 -06:00
James Lee da2e088118
Land #4536, Ruby 2.2 compat fixes
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
2015-01-07 15:33:23 -06:00
David Maloney df70678762
tell suer KoreLogic rules have been applied
make sure to rpovide console feedback that we are
actually applying the KoreLogic rules to wordlist mode
2015-01-07 12:36:07 -06:00
David Maloney 4ad7021336
give user option to turn on KoreLogic rules
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
rastating a5f48b23df Add use of Msf::ThreadManager 2015-01-07 17:27:06 +00:00
rastating e90e98547b Add configurable timeout to WordPress login 2015-01-07 17:06:31 +00:00
dmooray 8c23e8c2e8 ruby 2.2 compatibility
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
sinn3r 44dfa746eb Resolve #4513 - Change #inspect to #to_s
Resolve #4513
2015-01-05 11:50:51 -06:00
sinn3r 4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module 2015-01-05 10:31:28 -06:00
jvazquez-r7 e7affb9048
Land #4493, @pedrib's module for ManageEngine Central Desktop create admin 2015-01-04 23:46:31 -06:00
jvazquez-r7 c5e72fb324 Change module filename 2015-01-04 23:14:12 -06:00
jvazquez-r7 4798f2328d Change module filename 2015-01-04 23:13:17 -06:00
jvazquez-r7 6bb3171328 Do minor cleanup 2015-01-04 23:12:42 -06:00
jvazquez-r7 711b97ecc5 Beautify metadata 2015-01-04 23:08:46 -06:00
rastating 92015ac124 Replace custom login with wordpress_login mixin 2015-01-04 23:07:07 +00:00
rastating 39412c4a48 Add WordPress long password DoS module 2015-01-04 18:50:23 +00:00
Pedro Ribeiro 32d4bf03c3 Add OSVDB id and full disclosure URL 2015-01-04 12:36:51 +00:00
Tod Beardsley 264d3f9faa
Minor grammar fixes on modules 2014-12-31 11:45:14 -06:00
Christian Mehlmauer 4f11dc009a
fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
Pedro Ribeiro e81e68bdaf Create me_dc9_admin.rb 2014-12-31 02:02:52 +00:00
sinn3r 555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support) 2014-12-29 16:09:28 -06:00
sinn3r f2130311fa Add the MSF blog reference 2014-12-29 16:08:35 -06:00
Tod Beardsley 1dd9d60e34
Land #4461, Android cookie database theft
`
Thanks @jvennix-r7!
2014-12-29 08:15:21 -06:00
Tod Beardsley d10222365b
Add Rafay's blog as a reference 2014-12-29 08:12:19 -06:00
Tod Beardsley 1236684954
Use get_uri instead, note lack of Rex::Text method
See rapid7#4461
2014-12-28 15:06:34 -06:00
Tod Beardsley 788e315fd4
Fix msftidy warnings 2014-12-28 14:53:29 -06:00
jvazquez-r7 85ab11cf52 Use print_warning consistently 2014-12-26 09:54:38 -06:00
jvazquez-r7 f31a2e070e Use print_warning to print the Kerberos error 2014-12-26 09:22:09 -06:00
jvazquez-r7 d148848d31 Support Kerberos error codes 2014-12-24 18:05:48 -06:00
jvazquez-r7 89d0a0de8d Delete unnecessary connect 2014-12-23 19:35:59 -06:00
jvazquez-r7 265e0a7744 Upper case domain 2014-12-23 19:16:50 -06:00
jvazquez-r7 ed2d0cd07b Use USER_SID instead of DOMAIN_SID and USER_RID 2014-12-23 19:11:05 -06:00
Joe Vennix 8d73794cc8
Add hint for exploit on old devices. 2014-12-23 12:29:08 -06:00
jvazquez-r7 708cbd7b65 Allow to provide USER SID 2014-12-22 18:24:50 -06:00
jvazquez-r7 56eadc0d55 Delete default values from options 2014-12-22 18:11:43 -06:00
jvazquez-r7 787dab998d Fix description 2014-12-22 17:51:44 -06:00
jvazquez-r7 a7faf798bf Use explicit encryption algorithms 2014-12-22 15:51:17 -06:00
jvazquez-r7 f37cf555bb Use random subkey 2014-12-22 15:39:08 -06:00
jvazquez-r7 b0a178e0a3 Delete blank line 2014-12-22 14:40:32 -06:00
jvazquez-r7 5a6c915123 Clean options 2014-12-22 14:37:37 -06:00
jvazquez-r7 20ab14d7a3 Clean module code 2014-12-22 14:29:02 -06:00
jvazquez-r7 dabc890b2f Change module filename again 2014-12-22 12:35:15 -06:00
jvazquez-r7 2b46bdd929 Add references and authors 2014-12-22 12:34:31 -06:00
jvazquez-r7 4319dbaaef Change module filename 2014-12-22 12:29:28 -06:00
jvazquez-r7 60d4525632 Add specs for Msf::Kerberos::Client::Pac 2014-12-21 17:49:36 -06:00
jvazquez-r7 9f1403a63e Add initial specs for Msf::Kerberos::Client::TgsResponse 2014-12-20 20:29:00 -06:00
jvazquez-r7 b0ac68fbc3 Create build_subkey method 2014-12-19 19:46:57 -06:00
jvazquez-r7 4a106089b9 Move options to build_tgs_request_body 2014-12-19 19:12:17 -06:00
jvazquez-r7 e6781fcbea Build AuthorizationData from the module 2014-12-19 18:59:39 -06:00
jvazquez-r7 9bd454d288 Build PAC extensions from the module 2014-12-19 18:47:41 -06:00
jvazquez-r7 def1695e80 Use options by call 2014-12-19 18:23:11 -06:00
jvazquez-r7 f332860c19 Clean creation of client and server principal names 2014-12-19 18:16:22 -06:00
jvazquez-r7 bd85723a9d Build pre auth array out of the mixin 2014-12-19 18:10:14 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
jvazquez-r7 d058bd5259 Refact extraction of kerberos cache credentials 2014-12-19 15:53:24 -06:00
HD Moore fffa8cfdd1
Lands #4426 by cleaning up the module description 2014-12-19 14:54:17 -06:00
jvazquez-r7 fad08d7fca Add specs for Rex Kerberos client 2014-12-19 12:14:33 -06:00
Joe Vennix e45af903d9
Add patch discovery date. 2014-12-19 12:04:41 -06:00
Joe Vennix 25313b1712
Use the hash to pass the script. 2014-12-19 02:30:37 -06:00
Jon Hart 8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222 2014-12-18 17:21:26 -08:00
jvazquez-r7 f325d2f60e Add support for cache credentials in the mixin 2014-12-18 16:31:46 -06:00
Tod Beardsley c15bad44a6
Be clearer on backslash usage.
See #4282
2014-12-18 16:16:02 -06:00
jvazquez-r7 9a58617387 Add dummy test module 2014-12-17 19:57:10 -06:00
sinn3r 6b0a98b69c
Resolve #4408 - bad uncaught nil get_once 2014-12-17 14:02:42 -06:00
Joe Vennix 84ea628284
Add Android cookie theft attack. 2014-12-16 19:12:01 -06:00
William Vu f6af86a06d
Land #4402, ms12_020_check NilClass fix 2014-12-16 15:34:25 -06:00
William Vu 2604746fb7
Land #4361, Kippo detector 2014-12-15 14:54:48 -06:00
William Vu 8394cc13a8
Perform final cleanup of detect_kippo 2014-12-15 14:38:38 -06:00
sinn3r c611249723 Take full advantage of the check command 2014-12-15 12:50:59 -06:00
sinn3r 9edb2b4fab Fix #4378 - Do exception handling
Fix #4378
2014-12-15 12:37:36 -06:00
Brandon Perry eb47ca593e update desc to include domain admin information 2014-12-13 13:01:41 -06:00
Brandon Perry 2e94280cba mv bmc to scanner/http 2014-12-13 12:58:16 -06:00
Brandon Perry 8c6b95c39c Merge branch 'landing-4359' of https://github.com/jhart-r7/metasploit-framework into bmc_trackit 2014-12-13 11:37:57 -06:00
Brandon Perry cd1e61a201 Merge branch 'master' into bmc_trackit 2014-12-13 11:36:30 -06:00