wchen-r7
837b6a4f71
Update description
2015-08-28 14:11:51 -05:00
wchen-r7
d2e758ac8b
Better failure handling
2015-08-28 14:08:29 -05:00
wchen-r7
3d4cb06c67
Land #5807 , Added Module WP Mobile Pack Vuln
2015-08-28 13:43:00 -05:00
wchen-r7
9e7f6d6500
Typos
2015-08-28 13:42:37 -05:00
wchen-r7
29e92aaabe
Land #5806 , WordPress Subscribe Comments File Read Vuln
2015-08-28 11:52:59 -05:00
wchen-r7
62e6b23b4c
Typo
2015-08-28 11:52:13 -05:00
wchen-r7
e82bd10817
Add aux module to be able to open android meterpreter from a browser
2015-08-27 14:36:55 -05:00
jvazquez-r7
8785083722
Ensure disconnect
2015-08-24 12:36:15 -05:00
HD Moore
1e6c53b430
Correct the storage of ssh banners in service.info
2015-08-22 01:21:15 -05:00
jvazquez-r7
1558fabdb2
Land #5844 , @joevennix updates apple_safari_webarchive_uxss to use the webarchive mixin
2015-08-21 17:27:56 -05:00
jvazquez-r7
182c1bc7fe
Disconnect socket when login fails
2015-08-17 18:20:04 -05:00
Brent Cook
b17d8f8d49
Land #5768 , update modules to use metasploit-credential
2015-08-17 17:08:58 -05:00
jvazquez-r7
a560496455
Do minor ruby style fixes
2015-08-14 14:50:03 -05:00
jvazquez-r7
82193f11e7
Minor js fixes
2015-08-14 14:45:48 -05:00
Tod Beardsley
e4cb6872f2
Add exploit for CVE-2015-4495, Firefox PDF.js
2015-08-14 12:07:15 -05:00
joev
0615d908c4
Update description to explain quarantine effects.
2015-08-13 23:46:37 -05:00
joev
84144bf6cf
Update webarchive_uxss to use the webarchive mixin.
...
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
2015-08-13 23:41:27 -05:00
Jon Hart
61e23ad23e
Switch back to ::Net::DNS::Packet.new
2015-08-13 11:29:56 -07:00
Jon Hart
9f2c62d4ce
Use query_name instead of datastore
2015-08-13 11:17:27 -07:00
Tod Beardsley
50041fad2a
Pre-Bloggery cleanup
...
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.
Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823 , mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
Jon Hart
3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts
2015-08-13 08:53:25 -07:00
jvazquez-r7
a611fff7bf
Use Rex::ThreadSafe.select on CVE-2015-1793
2015-08-08 07:43:39 -07:00
jvazquez-r7
c8ba5bb90c
Land #5513 , @rcvalle's exploit for incomplete internal state distinction in JSSE
2015-08-08 07:41:53 -07:00
jvazquez-r7
2707b3b402
Use Rex::ThreadSafe.select
2015-08-08 07:40:19 -07:00
jvazquez-r7
a0eef3880a
Initialize version local variable
2015-08-08 07:35:37 -07:00
jvazquez-r7
bb74b6fecb
Fix data reading
2015-08-08 07:18:01 -07:00
jvazquez-r7
6fe7672732
Improve Rex sockets usage
2015-08-07 00:11:58 -07:00
Josh Abraham
e96717950c
refactored
2015-08-06 08:18:26 -04:00
jvazquez-r7
67f661823a
Land #5614 , @cldrn's module to collect lansweeper credentials
2015-08-04 16:55:49 -05:00
jvazquez-r7
ed3f993b75
Do some style fixes
2015-08-04 16:41:15 -05:00
jvazquez-r7
0e3434ebad
Fix metadata
2015-08-04 16:28:50 -05:00
Roberto Soares
7bb4f9479f
Added new reference and removed empty line.
2015-08-04 03:58:57 -03:00
Roberto Soares
d9b6e9cc58
Changed res condition and some words.
2015-08-04 03:44:25 -03:00
Roberto Soares
19ceccd93a
Added JSON parse output.
2015-08-04 03:13:11 -03:00
Roberto Soares
f4679f5341
Added WP Mobile Pack Info Disclosure Vuln - Functional Module.
2015-08-04 02:21:26 -03:00
Roberto Soares
d221e9d961
Added more references.
2015-08-03 02:46:54 -03:00
Roberto Soares
e59e4828e4
Removed unnecessary DEPTH option.
2015-08-02 22:56:17 -03:00
Roberto Soares
514849bcdc
Added WP Subscribe Comments File Read Vuln - Functional.
2015-08-02 21:24:52 -03:00
Tod Beardsley
cebcf72a99
Add discoverer credit, blog ref, longer desc
2015-08-01 10:31:41 -05:00
William Vu
fcb7981199
Add BIND TKEY DoS
2015-08-01 06:01:35 -05:00
Roberto Soares
fdb2b008f9
Fix a small typo - OSVDB instead of OSVBD.
2015-07-31 02:23:19 -03:00
Greg Mikeska
3c394d673d
altered module to default
...
to replace RHOST with VHOST if it is defined.
MSP-11167
2015-07-30 16:25:15 -05:00
wchen-r7
54c5c6ea38
Another update
2015-07-29 14:31:35 -05:00
William Vu
61b2ca6675
Land #5781 , Msf::Format::Webarchive rename
2015-07-29 13:38:42 -05:00
William Vu
c46ce6c391
Land #5780 , password_prompt fix for Telnet scanner
2015-07-28 17:54:43 -05:00
Josh Abraham
0f4b2e4226
description update
2015-07-28 15:31:51 -04:00
Josh Abraham
27e5557b67
set port using rport instead of only 445
2015-07-28 15:29:23 -04:00
Josh Abraham
fafbc4db3f
GPP enumeration via an AUX module
2015-07-28 15:21:33 -04:00
kn0
2415072c17
Replaced 'and' with '&&'
2015-07-28 14:14:25 -05:00
kn0
ee5e5b1e71
Fixed NoMethodError for .match on nil
2015-07-28 09:03:54 -05:00
HD Moore
7681d73e01
Relocate Webarchive into the Exploit namespace, fixes #5717
2015-07-28 04:11:17 -07:00
Brent Cook
e53419a911
use password_prompt? not @password_prompt
2015-07-27 19:21:59 -05:00
Fabien
3fd18e4844
Update soap_addportmapping.rb
2015-07-26 21:57:49 +02:00
Fabien
1210183930
Update soap_addportmapping.rb
2015-07-26 21:41:47 +02:00
Fabien
8dbd51ae38
Update soap_addportmapping.rb
2015-07-26 20:59:43 +02:00
Fabien
fba81fc539
Create soap_addportmapping.rb
2015-07-26 20:59:04 +02:00
jvazquez-r7
18636e3b9b
Land #5739 , @wchen-r7 fixes #5738 updating L/URI HOST/PORT options
2015-07-24 15:45:31 -05:00
jvazquez-r7
ec7bf606c6
Land #5735 , @rcvalle's for CVE-2015-1793 OpenSSL mitm
2015-07-24 14:38:27 -05:00
jvazquez-r7
45b4334006
Use Rex::Socket::SslTcpServer
...
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
wchen-r7
866a99ed07
This is better
2015-07-23 20:51:21 -05:00
wchen-r7
f5387ab3f2
Fix #5766 , check res for send_request_raw
...
Fix #5766
2015-07-23 20:49:18 -05:00
wchen-r7
8bead5fde2
Modate update on using metasploit-credential
...
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
Tod Beardsley
e32b3c71f4
Fix ZDI ref on sandbox escape module
2015-07-23 17:11:19 -05:00
wchen-r7
91fc213ddf
More metasploit-credential update
2015-07-23 15:50:50 -05:00
Christian Sanders
50074c4617
Fix typo .blank to .blank?
2015-07-22 09:05:16 -05:00
wchen-r7
4561850055
Use metasploit-credential API instead of report_auth_info
2015-07-22 01:11:43 -05:00
rastating
d3f31fb56a
Fix msftidy results
2015-07-21 21:29:44 +01:00
rastating
55be2eff06
Replace return with fail_with
2015-07-21 21:25:42 +01:00
wchen-r7
6a9c934c54
Resolve conflict
2015-07-20 18:44:17 -05:00
wchen-r7
1e17ac4ec7
Use the cred API correctly
2015-07-20 18:40:48 -05:00
Tod Beardsley
f94fe3cefd
More correct URL, not just a bare wiki link
...
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
2015-07-20 16:23:29 -05:00
Tod Beardsley
4cacbcc4f7
Minor fixups on sysaid modules
...
Edited modules/auxiliary/admin/http/sysaid_file_download.rb first landed
in #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
Edited modules/auxiliary/admin/http/sysaid_sql_creds.rb first landed in
2015-07-20 16:19:21 -05:00
rastating
c63fdad1f1
Add URL reference
2015-07-20 18:15:17 +01:00
rastating
f1a909c292
Add WP All In One Migration export module
2015-07-20 18:13:32 +01:00
jvazquez-r7
454dd59da8
Add vuln discoverers
2015-07-17 13:37:30 -05:00
jvazquez-r7
29718ce4e1
Land #5474 , @pedrib's module for sysaid CVE-2015-2996 and CVE-2015-2998
...
* sysaid SQL database cred disclosure
2015-07-17 12:36:48 -05:00
jvazquez-r7
a54b58fc24
Fix port parsing and cleanup
2015-07-17 12:34:46 -05:00
jvazquez-r7
869ac87b64
Land #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
...
* SysAid arbitrary file download
2015-07-17 11:46:00 -05:00
jvazquez-r7
9ac1688eb1
Do code cleanup
2015-07-17 11:45:28 -05:00
jvazquez-r7
787c0e2c41
Land #5470 , @pedrib's module for SysAid CVE-2015-2993
...
* SysAid Help Desk Administrator Account Creation
2015-07-17 11:09:08 -05:00
jvazquez-r7
ca38fc5518
Update description
2015-07-17 11:08:28 -05:00
Ramon de C Valle
449c751521
Add missing info
2015-07-16 09:36:18 -07:00
wchen-r7
8d0e34dbc0
Resolve #5738 , make the LHOST option visible
...
Resolve #5738
2015-07-16 11:00:15 -05:00
Ramon de C Valle
5d6c15a43d
Add openssl_altchainsforgery_mitm_proxy.rb
...
This module exploits a logic error in OpenSSL by impersonating the
server and sending a specially-crafted chain of certificates, resulting
in certain checks on untrusted certificates to be bypassed on the
client, allowing it to use a valid leaf certificate as a CA certificate
to sign a fake certificate. The SSL/TLS session is then proxied to the
server allowing the session to continue normally and application data
transmitted between the peers to be saved. This module requires an
active man-in-the-middle attack.
2015-07-15 22:36:29 -07:00
jvazquez-r7
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
wchen-r7
4f8f640189
Rename autopwnv2 to just autopwn2
2015-07-14 17:38:51 -05:00
wchen-r7
8384be6466
Fix rand_text_alpha and bump max exploit count to 21
2015-07-14 01:02:01 -05:00
Brent Cook
07d05828d0
Land #5688 , remove msfcli
2015-07-13 15:27:38 -05:00
William Vu
0a5119a4ac
Land #5702 , vprint_* optional parameter
2015-07-13 18:47:22 +00:00
William Vu
53bcee011b
Land #5709 , s/Filed/Failed/ typo fixes
2015-07-13 18:37:46 +00:00
wchen-r7
e4e9ac9d28
Remove cold_fusion_version, use coldfusion_version instead
...
Please use auxiliary/scanner/http/coldfusion_version instead.
2015-07-13 12:56:46 -05:00
wchen-r7
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
Mo Sadek
6a5645d747
Changed "Filed" to "Failed" in multiple files
2015-07-13 11:21:20 -05:00
Mo Sadek
d1f23c54c7
Changed Filed to Failed on line 43 in java_rmi_registry.rb
2015-07-13 10:33:15 -05:00
wchen-r7
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
g0tmi1k
d795b2f831
Module cleanup
2015-07-11 19:40:21 +01:00
HD Moore
728b338593
Give msftidy a cookie
2015-07-10 11:28:10 -05:00
HD Moore
cf4b18700d
Fix CVE reference
2015-07-10 11:14:59 -05:00
wchen-r7
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
HD Moore
67666160e8
Add patched server detection
2015-07-08 13:47:59 -05:00
HD Moore
25e0f888dd
Initial commit of R7-2015-08 coverage
2015-07-08 13:42:11 -05:00
cldrn
d3902771b6
Fixes call to the credentials API and adds version info
2015-07-07 13:48:16 -05:00
wchen-r7
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
wchen-r7
9a1500ee96
Change module name a little bit, makes it easier to find in GUI
2015-07-06 22:31:07 -05:00
wchen-r7
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
Donny Maasland
a9edfa1b4b
Fix a small typo
2015-07-06 13:37:36 +02:00
HD Moore
d2063c92e1
Refactor datastore names to match standards
2015-07-05 18:21:45 -05:00
joev
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
HD Moore
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
Josh Abraham
99c29052c7
Merge branch 'smb_enumuser_domain_storage' of github.com:jabra-/metasploit-framework into smb_enumuser_domain_storage
2015-07-02 08:24:04 -04:00
Josh Abraham
dfa71a2b44
update to store creds using the new method
2015-07-02 08:22:21 -04:00
HD Moore
afa442ad89
Fix a stack trace with ipmi_dumphashes when no database was configured.
2015-06-29 00:46:35 -05:00
cldrn
355738909a
Fixes typo
2015-06-28 09:32:16 -05:00
cldrn
5c18fc82f2
Stores credentials using create_credential_login
2015-06-28 09:24:31 -05:00
cldrn
b332b25795
Stores credentials in DB, fixes loop variable and nil dereference bug
2015-06-27 19:06:15 -05:00
jvazquez-r7
52b49503a0
Land #5498 , @hmoore-r7's patch for a number of Net::DNS/enum_dns issues
2015-06-26 18:25:03 -05:00
William Vu
c04490e5eb
Remove comma before coordinating conjunction
...
An independent clause does not follow.
2015-06-26 12:50:37 -05:00
cldrn
2968f52ca4
Removes debug sql output
2015-06-26 12:22:34 -05:00
cldrn
a338920cb3
lansweeper_collector retrieves and decrypts credentials store in the database of Lansweeper
2015-06-26 12:21:35 -05:00
Tod Beardsley
31eedbcfa0
Minor cleanups on recent modules
...
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577 , MS15-034 HTTP.SYS Information Disclosure
Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605 , CVE-2015-3105 flash exploit
Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559 , Adobe Flash Player ShaderJob Buffer Overflow
Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540 ,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
Trevor Rosen
84c0e62fd3
Land #5493 , update OWA scanner creds persistence
2015-06-26 08:46:27 -05:00
cldrn
7f4a96f3dc
Fixes coding style issues
2015-06-26 03:29:17 -05:00
cldrn
3da3595181
MSF module to download and decrypt credentials stored in Lansweeper's database
2015-06-25 19:29:30 -05:00
root
63f584cbfd
Add last_attempted_at
2015-06-25 12:08:38 +05:00
William Vu
827d241482
Land #5539 , Quake scanner fix
2015-06-24 15:00:39 -05:00
joev
8b6fba4988
Tweak and fix some things in Safari file URL module.
2015-06-24 02:08:06 -05:00
Tod Beardsley
18a9585f7a
Add safari module for CVE-2015-1155
2015-06-23 16:15:50 -05:00
Trevor Rosen
c45e42465a
Land #5492 , update PCAnywhere login scanner
2015-06-23 14:48:25 -05:00
William Vu
5751e196bb
Remove extraneous newline
2015-06-23 14:43:37 -05:00
wchen-r7
59af7ef1fc
Remove the extra target_uri
2015-06-23 10:27:50 -05:00
wchen-r7
a2a231c242
Land #5577 , MS15-034 HTTP.SYS Information Disclosure
2015-06-23 10:20:54 -05:00
wchen-r7
11366971da
Oh never mind, user-agent makes it more difficult to use (more crashes)
2015-06-23 01:24:17 -05:00
wchen-r7
6127b8a037
Pass user-agent
2015-06-23 01:23:01 -05:00
wchen-r7
8ce5cc23cf
More consistent filename style
2015-06-23 01:08:34 -05:00
wchen-r7
e9b548e8a2
Changes for ms15034_http_sys_memory_dump.rb
2015-06-23 01:07:33 -05:00
root
302db36daa
Add last_attempted_at to creds object
2015-06-23 09:46:01 +05:00
rwhitcroft
8086a6f8cc
remove unnecessary begin/rescue, change print_* to vprint_* in check()
2015-06-22 20:25:12 -04:00
rwhitcroft
90e17aee6b
clarified affected OSes and error messages
2015-06-22 15:47:26 -04:00
rwhitcroft
774aef7241
add module to dump memory via MS15-034
2015-06-22 10:31:31 -04:00
Ramon de C Valle
7bda1e494b
Use Rex::Socket::Tcp
2015-06-21 13:40:31 -07:00
Ramon de C Valle
7f55f6631c
Remove the timeout option
2015-06-20 20:14:47 -07:00
Ramon de C Valle
01e87282a9
Use Msf::ThreadManager#spawn
2015-06-20 18:48:10 -07:00
Ramon de C Valle
dabc7abae5
Change method names to lowercase
2015-06-20 18:23:34 -07:00
Pedro Ribeiro
50a3a32bfd
Update sysaid_sql_creds.rb
2015-06-20 16:58:42 +01:00
Pedro Ribeiro
78c2f8a3a3
Update sysaid_sql_creds.rb
2015-06-20 16:57:34 +01:00
Pedro Ribeiro
11aca8b27a
Update sysaid_file_download.rb
2015-06-20 16:54:33 +01:00
Pedro Ribeiro
cf8008ed38
Update sysaid_admin_acct.rb
2015-06-20 16:52:13 +01:00
jvazquez-r7
4762e9f62c
Land #5540 , @wchen-r7's changes for multiple auxiliary modules to use the new cred API
2015-06-19 15:39:09 -05:00
jvazquez-r7
fa6e45964e
Provide context to the note
2015-06-19 15:38:26 -05:00
wchen-r7
83427583ea
report_note for group info
2015-06-19 15:09:50 -05:00
wchen-r7
ef286fdfcf
Remove report_auth_info
2015-06-19 15:06:02 -05:00
wchen-r7
b104155cf1
Do Metasploit::Model::Login::Status::UNTRIED
2015-06-19 15:05:42 -05:00
wchen-r7
bd097e3264
Land #5497 , Refactor LoginScanner::SNMP to be fast and less buggy
2015-06-19 14:57:36 -05:00
jvazquez-r7
34d5d92646
Land #5555 , @Th3R3p0's support for for RFB Version 4
2015-06-19 14:15:04 -05:00
Brent Cook
d19c2e7206
Land #5544 , track updates to SSL Labs API
2015-06-19 11:39:38 -05:00
Brent Cook
bf170a195d
the API sometimes returns negative percents - treat these as 0
2015-06-19 11:38:36 -05:00
Brent Cook
5a277389f2
remove some trailing commas
2015-06-19 11:38:22 -05:00
William Vu
2587595a92
Land #5556 , vprint_status fix
2015-06-19 11:24:54 -05:00
jvazquez-r7
ebd376e0f3
Land #5485 , @wchen-r7 updates wordpress_login_enum to use the new cred API
2015-06-19 10:50:07 -05:00
jvazquez-r7
dfae4bbbf0
Do reporting more accurate
2015-06-19 10:48:12 -05:00
wchen-r7
7f56b4635c
Land #5546 , Use the new cred API for auxiliary/server/capture/telnet
2015-06-19 10:46:01 -05:00
William Vu
d86c21e94a
Land #5567 , author fix
2015-06-19 10:41:41 -05:00
aushack
76cd9590a4
Fix author
2015-06-19 19:13:51 +10:00
wchen-r7
9b5770c966
Change to Metasploit::Model::Login::Status::SUCCESSFUL
2015-06-18 23:40:51 -05:00
g0tmi1k
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
Th3R3p0
a6c7f93bbe
changed text to show support for RFB version 4.001
2015-06-17 13:09:03 -04:00
root
fcf6212d2f
Update telnet capture module to use the new creds API
2015-06-16 16:37:36 +05:00
Denis Kolegov
c3d2797f10
Fixed Info fields
2015-06-16 04:22:22 -04:00
Denis Kolegov
2778274e47
Added new SSL Labs API fields and fixed minor errors
2015-06-16 02:59:12 -04:00
wchen-r7
b6379b4d24
Update drupal_views_user_enum
2015-06-16 00:02:02 -05:00
wchen-r7
0b88e86a49
Using the new cred API for multiple auxiliary modules
2015-06-15 16:06:57 -05:00
Jon Hart
fd0b42be4a
Properly store quake service info
2015-06-15 12:45:14 -07:00
Jon Hart
079a9d449c
Use peer
2015-06-15 11:45:55 -07:00
Jon Hart
feb7263137
Wire in recog support for ssh_version
2015-06-15 11:42:20 -07:00
Jon Hart
80f1173fcf
Style and scanner usability cleanup for ssh_version
2015-06-15 10:12:07 -07:00
wchen-r7
907f596de6
Land #5520 , Update titan_ftp_admin_pwd to use the new creds API
2015-06-15 03:26:19 -05:00
wchen-r7
940d045029
Correctly report rport
2015-06-15 03:23:39 -05:00
wchen-r7
308b1a3d7f
Don't deregister username & password
2015-06-15 03:21:09 -05:00
wchen-r7
ebce415957
Land #5507 , Update nessus_xmlrpc_logic to use the new creds API
2015-06-15 02:59:01 -05:00
wchen-r7
c20cf15104
Msut have last_attempted_at key
2015-06-15 02:58:31 -05:00
Joshua Abraham
c801e52f60
Update smb_enumusers_domain.rb
2015-06-13 17:02:43 -04:00
jvazquez-r7
e628d71261
Land #5397 , @espreto's module for WordPress Simple Backup File Read Vulnerability
2015-06-12 15:32:06 -05:00
jvazquez-r7
184c20cd46
Do minor cleanup
2015-06-12 15:31:42 -05:00
wchen-r7
8dad739c76
Land #5508 , Get Ready to Move VMware modules to the VMware directory
2015-06-10 11:59:40 -05:00
Tod Beardsley
0d979f61ae
Minor fixups on newish modules
2015-06-10 11:09:42 -05:00
root
7cb82f594b
Add ftp port for service
2015-06-10 14:24:05 +05:00
root
3ffe006e09
Update titan_ftp_admin_pwd to use the new creds API
2015-06-10 13:36:26 +05:00
root
3fe6ddd10a
Change credential status from untried to successful
2015-06-10 10:09:57 +05:00
root
78a6e1bc90
Change credential status from untried to successful
2015-06-10 10:07:33 +05:00
root
1b3f911f84
Change credential status from untried to successful
2015-06-10 09:54:10 +05:00
root
49e4820c57
Add depcrecated note to the existing modules
2015-06-09 10:42:53 +05:00
Ramon de C Valle
a48d79a2e7
Add jsse_skiptls_mitm_proxy.rb
...
This module exploits an incomplete internal state distinction in Java
Secure Socket Extension (JSSE) by impersonating the server and finishing
the handshake before the peers have authenticated themselves and
instantiated negotiated security parameters, resulting in a plaintext
SSL/TLS session with the client. This plaintext SSL/TLS session is then
proxied to the server using a second SSL/TLS session from the proxy to
the server (or an alternate fake server) allowing the session to
continue normally and plaintext application data transmitted between the
peers to be saved. This module requires an active man-in-the-middle
attack.
2015-06-08 19:41:17 -07:00
Josh Abraham
8381d4f994
update smb_enumusers_domain to store enumerated users in the DB
2015-06-08 19:42:03 -04:00
root
3279518bbd
Move VMware modules to the VMware directory
2015-06-08 14:58:22 +05:00
root
245c76374d
Update nessus_xmlrpc_logic to use the new creds API
2015-06-08 14:40:15 +05:00
HD Moore
c80017992a
A dirty patch for a number of Net::DNS/dns_enum issues
2015-06-06 13:48:52 -05:00
HD Moore
135958a225
Cleanup the udp_(sweep|probe) SNMP generators
2015-06-06 00:54:08 -05:00
HD Moore
6b05302059
Fixes #5459 , refactors LoginScanner::SNMP
2015-06-06 00:50:55 -05:00
root
3ec6d9b7aa
Update owa_login to use new cred API
2015-06-05 15:41:07 +05:00
root
b6936febbe
Update pcanywhere_login to use the new cred API
2015-06-05 12:16:00 +05:00