478e43170a
Report credentials to database
2014-07-21 12:26:13 -05:00
63fca1bfdd
Make some datastore options required
2014-07-21 12:10:52 -05:00
436ac706e8
Rescue Rex::ConnectionError while finding the uri
2014-07-21 12:00:24 -05:00
30de4cdf8d
Fix get_login_hidden
2014-07-21 11:57:37 -05:00
ff3a21b520
Refactor do_web_login
2014-07-21 11:35:19 -05:00
22f41e4435
Use vars_post
2014-07-21 11:07:00 -05:00
92fd3bc72b
Deleting REQUEST_TYPE option because I don't think has sense here
2014-07-21 10:53:43 -05:00
986b8e5d02
First style issues cleanup
2014-07-21 09:49:05 -05:00
5ba96d6054
Fix peer(rhost)->peer() usage in mediawiki_svg_fileaccess
2014-07-19 15:56:41 -05:00
7a5f3b8991
Implementing Ruby Style Guide and replace send_request_raw send_request_cgi
2014-07-18 14:31:38 -05:00
088f208c7c
Added auxiliary module jboss_bshdeployer
...
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
1f02891dc7
Change name of module and implementation of the recommended changes 2
2014-07-18 00:17:35 -05:00
0168a99eaa
Change name of module and implementation of the recommended changes
2014-07-17 23:49:25 -05:00
f2eabdba94
implementation of the recommended changes
2014-07-17 23:36:37 -05:00
ad2e7c3713
print header only if there are results...
2014-07-17 18:02:24 -05:00
06fd1ead9d
Address more style issues
2014-07-17 09:37:27 -07:00
7e6e154a39
Fix null pointer dereference
2014-07-17 08:51:12 -05:00
bebf11c969
Resolves some Login::Status migration issues
...
MSP-10730
2014-07-16 21:52:08 -05:00
ceff18de9d
Add modifiable UserAgent and translations to English
2014-07-16 20:44:20 -05:00
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
b6ded9813a
Remove EOL whitespace
2014-07-16 14:56:34 -05:00
5534599cfc
fix for jtr warnings
...
remmove include for Jtr mixin in deprecated jtr_unshadow module
remove deprecated postgres_crack module
2014-07-16 12:52:29 -05:00
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
9e5c24a97e
Address some Ruby style issues
2014-07-15 16:55:54 -07:00
674447c891
final cleanup steps
2014-07-15 15:31:51 -05:00
7ac6640cfd
Merge branch 'staging/electro-release' into feature/MSP-10711/login-status
...
Conflicts:
Gemfile
Gemfile.lock
modules/auxiliary/scanner/smb/smb_login.rb
2014-07-15 15:12:33 -05:00
51a9a763c0
Move error_name to InvalidPacket and check for nil
...
MSP-10713
2014-07-15 15:02:53 -05:00
34635ab968
module login status cleanup
...
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
3becfff41e
Add Bruteforce Joomla
2014-07-14 14:07:23 -05:00
7184d2ed5e
Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor
...
Refactor pop3_login
2014-07-14 13:27:11 -05:00
e68dcdbb06
Refactor pop3_login
...
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.
See http://wiki2.dovecot.org/Authentication/Penalty
2014-07-11 17:26:49 -05:00
2fd7bcf8bf
Land #3514 , report_note for scraper
2014-07-11 17:17:10 -05:00
5d833cbb16
http_header report_note remove to_s
2014-07-11 17:14:45 -05:00
7e9eb84531
http_header report_note remove brackets, move rport
2014-07-11 17:14:45 -05:00
a8ec733a3a
Interpolate all the things!
2014-07-11 17:14:09 -05:00
4abe856fc1
Rescue http_header notes from getting truncated
...
Seems that only one header line gets added to host notes, and the rest are thrown away. This adds the counter number to the type string, so that each header line entry is unique and correctly saved. I also added port in case you want headers from several ports on one host without the previous getting overwritten.
(scanning shodanhq.com)
----BEFORE----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: deleted header Expires
[*] 162.159.245.38:80: CF-RAY: 1485d013ca880773-EWR
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 14:50:20 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 7 headers
[*] Scanned 1 of 1 hosts (100% complete)
msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 14:50:19 UTC Note: host=162.159.245.38 type=HTTP header data="SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >
----AFTER----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: CF-RAY: 14869ad5c0970f57-FRA
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 17:08:45 GMT
[*] 162.159.245.38:80: EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 8 headers
[*] Scanned 1 of 1 hosts (100% complete)
msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.0 data="CF-RAY: 14869ad5c0970f57-FRA"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.1 data="CACHE-CONTROL: max-age=15"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.2 data="CONNECTION: keep-alive"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.3 data="CONTENT-TYPE: text/html; charset=UTF-8"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.4 data="DATE: Fri, 11 Jul 2014 17:08:45 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.5 data="EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.6 data="SERVER: cloudflare-nginx"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.7 data="SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >
2014-07-11 17:14:09 -05:00
6ef69b4014
scraper report_note, remove eol whitespace
2014-07-11 21:21:56 +02:00
ad46c37988
scraper report_note, remove unnecessary to_s
2014-07-11 21:08:35 +02:00
7a7d149dc5
scraper report_note, change note type string
2014-07-11 21:01:20 +02:00
b09fab13f0
Fix one flubbed author address
2014-07-11 13:50:37 -05:00
8b302cd472
Add report_note to scraper.rb
...
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:31:46 +02:00
b834e7d3cb
Update scraper.rb
2014-07-11 20:20:40 +02:00
da67a63ad0
Add report_note to scraper.rb
...
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:07:48 +02:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
43f41de124
Land #3508 , CVE-2014-4671 Flash JSONP disclosure
2014-07-11 10:11:48 -05:00
b8225ae2dc
Remove unnecessary ||= and ivars.
2014-07-10 16:06:28 -05:00
e0389dfbc3
Update code as per @wvu's code review.
2014-07-10 15:03:40 -05:00
62a2f1dc0a
Credential -> Model for realm key constants
2014-07-10 14:30:25 -05:00
dd439066ca
Patch rhost to display hostname of JSONP_URL.
2014-07-10 12:02:22 -05:00
841cb6a590
STEAL_URL -> STEAL_URLS.
2014-07-10 09:14:32 -05:00
fad30bc874
Add flash rosetta exploit module for stealing URLs.
2014-07-10 09:09:10 -05:00
c5226352de
Un-login-able should be print_status, not good
2014-07-09 17:45:41 -05:00
7d9c0da691
Record correct creds with non-success status
2014-07-09 13:26:49 -05:00
afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
...
Conflicts:
lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
aeda74f394
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-07 16:41:23 -05:00
2a9ac0a007
Axe SSHKey in favor of a unified SSH
2014-07-07 13:35:17 -05:00
1500f33e1b
Default to only fuzzing versions 2-4
2014-07-03 07:32:44 -07:00
b15297eee0
Land #3490 , @Meatballs1 tns listener verbose output
2014-07-03 16:20:38 +02:00
c6675a2900
Add verbosity to Jenkins Enum
2014-07-02 13:25:18 -04:00
68ba79aa16
Remove access_level, since we don't have access
2014-07-01 17:53:18 -05:00
5fa0981026
Add login and move print_status
2014-07-01 17:48:42 -05:00
1830bdc7a5
Add rspec coverage for Rex::Proto::NTP
2014-07-01 12:29:47 -07:00
864f0f1bbc
Update description, loot -> creds
2014-07-01 11:46:21 -05:00
bc274b358f
Move NTP message code to Rex::Proto::NTP, simplify option handling
2014-06-30 23:57:47 -07:00
3079c47d41
Refactor oracle_hashdump creds
2014-07-01 01:07:22 -05:00
bf9c64d3ee
Land #3483 , @hmoore-r7's title change for ipmi_cipher_zero
2014-06-30 17:31:12 -05:00
cf720a88e8
Be verbose about error codes
2014-06-30 19:10:03 +01:00
f8ef6c50b4
Land #3470 , Cerberus SFTP User Enumeration
2014-06-30 19:01:15 +01:00
94c5a0b603
More verbose around connection errors
2014-06-30 18:56:30 +01:00
183d601aae
Small tidyup
2014-06-30 18:17:49 +01:00
004afa6e0c
Clean commit of Cerberus FTP User Enumeration Module
2014-06-30 17:53:46 +01:00
72d8d8a40c
RAKP defines auth, not cipher-0 bypass, see below.
...
Dan Farmer noted that the RAKP reference in the title was not correct
and that RAKP is a separate issue and protocol implementation than
the use of Cipher Zero to perform an authentication bypass.
Cosmetic only change
2014-06-30 00:52:40 -05:00
4bff68ff2b
Use the specified UA, dont duplicate ports
2014-06-30 00:49:21 -05:00
6e8415143c
Fix msftidy and tweak a few modules missing timeouts
2014-06-30 00:46:28 -05:00
90eccefcc8
Fix sock.get use and some minor bugs
2014-06-28 16:17:15 -05:00
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
3868348045
Fix incorrect use of sock.get that leads to indefinite hang
2014-06-28 15:48:58 -05:00
3ae91410f5
Fix incorrect use of sock.get(), remove rundant return values
2014-06-28 15:24:02 -05:00
6d0d8a911d
Fix incorrect use of sock.get() that could lead to indefinite hang
2014-06-28 15:22:16 -05:00
a9cd9c584a
Respect RPORT even if additional ports are specified
2014-06-28 15:21:54 -05:00
43420aa984
Fix incorrect use of sock.get that can lead to an indefinite timeout
...
console1:
```
msf> use auxiliary/scanner/http/open_proxy
msf auxiliary(open_proxy) > set RHOSTS 192.168.0.4
msf auxiliary(open_proxy) > set RPORT 8888
msf auxiliary(open_proxy) > run
< the connection never times out >
```
console2:
```
$ nc -vlp 8888
Listening on [0.0.0.0] (family 0, port 8888)
Connection from [192.168.0.4] port 8888 [tcp/*] accepted (family 2, sport 43245)
GET http://209.85.148.147/ HTTP/1.1
Host: 209.85.148.147
Connection: close
User-Agent: user_agent
Accept-Encoding: *
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7
Cache-Control: no
Accept-Language: de,en;q=0.7,en-us;q=0.3
```
After the patch, requests timeout after 10 seconds:
```
msf auxiliary(open_proxy) > run
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-06-28 15:18:11 -05:00
3e1ac3fee1
This module was broken due to a hardcoded IP address for google.com
2014-06-28 15:14:29 -05:00
9cec330f05
Merge branch 'master' into staging/electro-release
2014-06-26 10:22:30 -05:00
48e93b7fc2
Merge branch 'feature/MSP-9715/linux_hashcracker' into staging/electro-release
2014-06-25 16:15:44 -05:00
34c57f51b1
Merge branch 'staging/electro-release' of github.com:rapid7/metasploit-framework-private into staging/electro-release
2014-06-25 15:02:35 -05:00
ac61a8fe4f
deprecate jtr_unshadow
2014-06-25 15:01:35 -05:00
75be200b97
Merge branch 'feature/MSP-9714/jtr_aix' into staging/electro-release
2014-06-25 14:34:41 -05:00
70fd3344fd
Merge branch 'feature/MSP-9713/jtr_crack_fast' into staging/electro-release
2014-06-25 14:15:50 -05:00
61d8597a00
missing require
2014-06-25 10:13:41 -05:00
5b0a356045
properly strip extra colons
2014-06-25 10:04:48 -05:00
4e0bcc123d
More useful msg when domain is ignored
2014-06-25 10:01:07 -05:00
f225ac92ab
Refactor smb_login
...
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
560fc93834
jtr_aix refactor
...
updated the aix cracker for jtr
2014-06-24 15:34:28 -05:00
85611702f9
Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor
2014-06-23 23:58:47 -05:00
b9925bb24c
Minor option cleanup
2014-06-23 18:38:47 -07:00
002234993f
SMB lib fixes, unattend.xml cred gathering
2014-06-23 20:08:42 -05:00
615aeb66a5
Dont use or
2014-06-23 23:11:04 +01:00
752007848b
Tidy up code
...
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
2014-06-23 23:08:33 +01:00
6651af2d9b
refactor jtr_linux cracker
2014-06-23 16:27:28 -05:00
2772d84a18
Major rework of this module, please see the diff
2014-06-23 16:13:42 -05:00
57c4ed51e9
fix mssql incremental modes
2014-06-23 15:37:37 -05:00
1cbc324774
fix up incremental modes
...
those incrmenetal rules don't exist
in all versions. All and Alnum are too long
for a 'fast-mode' crack. We wwill do Digits though
which does all digits 0-8 and gets us blank passwords
for free.
2014-06-23 15:36:17 -05:00
520c82d7fc
deal with blank password in ntlm
2014-06-23 15:32:50 -05:00
c5f2efda18
fixed up casing
2014-06-23 15:26:12 -05:00
b246e66eb8
successfully cracking ntlm hashes
...
still need to handle casing for lm
2014-06-23 14:40:32 -05:00
050091d0dd
Fuzz all 255 possible mode 7 request codes
2014-06-23 11:38:30 -07:00
57cc390681
fix how we save mssql hashes
...
since the 0x prefix is neccisary, just save the hash that way in the first place
2014-06-23 12:38:36 -05:00
c61f59d8a9
make sure to report the realm
2014-06-23 12:08:49 -05:00
dadd959c6a
refactor postgres hash cracking
...
refactored postgres_hashdump to report the creds
it logged in with. added a new jtr module for
dealing with postgres hashes instead of the
crappy old md5 one we had before
2014-06-23 12:02:39 -05:00
a0aca251f5
Land #3472 , releae fixes
2014-06-23 11:41:35 -05:00
0219c4974a
Release fixups, word choice, refs, etc.
2014-06-23 11:17:00 -05:00
40d1ec551e
Add WEP, PSK, and MGT
2014-06-21 23:15:20 -05:00
61f4c769eb
Land #3461 , Chromecast factory reset module
2014-06-21 17:43:31 -04:00
79bf80e6bf
Add generic error handling
...
Just in case a factory reset happens to fail.
2014-06-21 15:35:03 -05:00
469fae7058
Land #3465 , @hmoore-r7's module for SMC IPMI Port 49152 file exposure vulnerability
2014-06-20 17:22:28 -05:00
252d917bbb
Fix msftidy and favor && over and
2014-06-20 17:21:10 -05:00
8cfba5770a
missing require
2014-06-20 15:22:37 -05:00
d80f4d9e67
refactor jtr_mysql_fast and mysql_hashdump
...
have mysql_hashdump report the cred it logged in with
refactor jtr_mysql to use the new jtr cracker
2014-06-20 15:21:35 -05:00
669779defb
SMB cred creation refactor
2014-06-20 15:17:40 -05:00
35c0ef0c68
Merge branch 'feature/MSP-9716/mssql_crack' into staging/electro-release
2014-06-20 12:39:07 -05:00
a929a55404
fix show command parsing
...
this ius better than a regex and handles special charachters
in usernames and passwords far better than the previous way
2014-06-20 10:48:42 -05:00
93da4dc561
account for mssql12 format
...
mssql2012 and later uses a new format. some versions
of john support this and some do not yet
2014-06-19 16:11:14 -05:00
4453dcdc8e
some minor fixes
2014-06-19 15:45:24 -05:00
fa5fc724eb
Fix the disclosure date
2014-06-19 15:36:17 -05:00
f7fd17106a
Add the final cari.net URL
2014-06-19 15:33:06 -05:00
aca532b994
making egypt happy
...
it's a full time job
2014-06-19 15:07:33 -05:00
9421beedb3
Refactor http_login
2014-06-19 14:12:21 -05:00
6f03f6657f
Support only fuzzing specific mode 6 operations
2014-06-19 11:10:11 -07:00
0ff8708e6d
some minor fixes
2014-06-19 13:08:43 -05:00
53352924d2
Merge branch 'staging/electro-release' into feature/MSP-9716/mssql_crack
...
Conflicts:
Gemfile
2014-06-19 12:45:53 -05:00
20f7cde9cc
add incremental and single modes
...
make sure we run single mode and incremnetal modes
during our runs through these hashes.
2014-06-19 12:38:01 -05:00
bb120fd1e2
report access level on mssql_hashdump
...
if we know we have admin access on mssql hashdumop
we should report that on the Login object.
2014-06-19 12:20:42 -05:00
d3c77b345c
report cracked credentials
...
also makes mssql_hashdump report the credentials it logged in with
2014-06-19 12:16:49 -05:00
62f4054858
startring refactor on jtr_mssql
...
started work on the mssql hash cracker
fixed some minor bugs with the underlying mixin
crackers now runs. still have to have the cred objects created
2014-06-18 14:50:08 -05:00
190923e9a7
Merge pull request #79 from rapid7/feature/MSP-9699/axis2-refactor
...
Refactor axis_login
2014-06-18 11:43:23 -05:00
4c3cc793ba
fix missing .present?
2014-06-18 10:52:27 -05:00
58b016202b
Merge branch 'staging/electro-release' into feature/MSP-9709/ssh-pubkey
2014-06-18 10:50:29 -05:00
2b0bb608b1
Merge branch 'master' into staging/electro-release
2014-06-18 10:49:58 -05:00
075eec39e1
Add Chromecast factory reset module
2014-06-18 10:04:17 -05:00
c685e0d06e
Land #3444 , chromecast wifi enumeration
2014-06-17 22:09:58 -04:00
5f176a56cb
Fix typo
2014-06-17 17:16:46 -05:00
d114dd1da2
Fix bugs. :fail != :failed
2014-06-17 17:12:50 -05:00
d6de0da5a7
Refactor axis_login
2014-06-17 17:07:53 -05:00
1394ad1431
Break my double quote habit
...
Doesn't it feel better? C doesn't love me anymore.
2014-06-17 14:22:55 -05:00
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
8376b4aa2b
Map constants to readable values
...
Thanks, @zeroSteiner and @kernelsmith. :)
2014-06-17 13:10:08 -05:00
6237d56398
Refactor ssh_login_pubkey
...
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
where the ssh_socket accessor was not being set because of a
shadowing local var
* Fix a bug in the db command dispatcher where an extra column was
added to the table, causing an unhandled exception when running the
creds command
* Add a big, ugly, untested class for imitating
Metasploit::Framework::CredentialCollection for ssh keys. This class
continues the current behavoir of silently ignoring files that are a)
encrypted or b) not private keys.
* Remove unnecessary proof gathering in the module (it's already
handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
1a82a20c09
re-added incorrectly removed SMBSHARE option
2014-06-16 20:10:11 +01:00
8fa81de3bb
Fuzz mode 7 more correctly. Cleanup.
...
Provide empty 188-byte payload for mode 7 messages, otherwise nothing
seems to response. Provide more useful defaults for versions/modes.
Allow control over what mode 7 stuff is fuzzed.
2014-06-16 11:56:27 -07:00
0352a5305c
When fuzzing mode 6 (control) and 7 (private) messages, print out each version tested since these tend to take a long time
2014-06-16 10:31:08 -07:00
jvazquez-r7
HD Moore
root
us3r777
Jon Hart
Trevor Rosen
William Vu
David Maloney
James Lee
nodeofgithub
Tod Beardsley
joev
Christian Mehlmauer
Rob Fuller
Meatballs
attackdebris
Spencer McIntyre
j0hnf