joev
fad30bc874
Add flash rosetta exploit module for stealing URLs.
2014-07-10 09:09:10 -05:00
James Lee
c5226352de
Un-login-able should be print_status, not good
2014-07-09 17:45:41 -05:00
James Lee
7d9c0da691
Record correct creds with non-success status
2014-07-09 13:26:49 -05:00
James Lee
afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
...
Conflicts:
lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
David Maloney
aeda74f394
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-07 16:41:23 -05:00
James Lee
2a9ac0a007
Axe SSHKey in favor of a unified SSH
2014-07-07 13:35:17 -05:00
Jon Hart
1500f33e1b
Default to only fuzzing versions 2-4
2014-07-03 07:32:44 -07:00
Christian Mehlmauer
b15297eee0
Land #3490 , @Meatballs1 tns listener verbose output
2014-07-03 16:20:38 +02:00
Rob Fuller
c6675a2900
Add verbosity to Jenkins Enum
2014-07-02 13:25:18 -04:00
William Vu
68ba79aa16
Remove access_level, since we don't have access
2014-07-01 17:53:18 -05:00
William Vu
5fa0981026
Add login and move print_status
2014-07-01 17:48:42 -05:00
Jon Hart
1830bdc7a5
Add rspec coverage for Rex::Proto::NTP
2014-07-01 12:29:47 -07:00
William Vu
864f0f1bbc
Update description, loot -> creds
2014-07-01 11:46:21 -05:00
Jon Hart
bc274b358f
Move NTP message code to Rex::Proto::NTP, simplify option handling
2014-06-30 23:57:47 -07:00
William Vu
3079c47d41
Refactor oracle_hashdump creds
2014-07-01 01:07:22 -05:00
jvazquez-r7
bf9c64d3ee
Land #3483 , @hmoore-r7's title change for ipmi_cipher_zero
2014-06-30 17:31:12 -05:00
Meatballs
cf720a88e8
Be verbose about error codes
2014-06-30 19:10:03 +01:00
Meatballs
f8ef6c50b4
Land #3470 , Cerberus SFTP User Enumeration
2014-06-30 19:01:15 +01:00
Meatballs
94c5a0b603
More verbose around connection errors
2014-06-30 18:56:30 +01:00
Meatballs
183d601aae
Small tidyup
2014-06-30 18:17:49 +01:00
attackdebris
004afa6e0c
Clean commit of Cerberus FTP User Enumeration Module
2014-06-30 17:53:46 +01:00
HD Moore
72d8d8a40c
RAKP defines auth, not cipher-0 bypass, see below.
...
Dan Farmer noted that the RAKP reference in the title was not correct
and that RAKP is a separate issue and protocol implementation than
the use of Cipher Zero to perform an authentication bypass.
Cosmetic only change
2014-06-30 00:52:40 -05:00
HD Moore
4bff68ff2b
Use the specified UA, dont duplicate ports
2014-06-30 00:49:21 -05:00
HD Moore
6e8415143c
Fix msftidy and tweak a few modules missing timeouts
2014-06-30 00:46:28 -05:00
HD Moore
90eccefcc8
Fix sock.get use and some minor bugs
2014-06-28 16:17:15 -05:00
HD Moore
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
HD Moore
3868348045
Fix incorrect use of sock.get that leads to indefinite hang
2014-06-28 15:48:58 -05:00
HD Moore
3ae91410f5
Fix incorrect use of sock.get(), remove rundant return values
2014-06-28 15:24:02 -05:00
HD Moore
6d0d8a911d
Fix incorrect use of sock.get() that could lead to indefinite hang
2014-06-28 15:22:16 -05:00
HD Moore
a9cd9c584a
Respect RPORT even if additional ports are specified
2014-06-28 15:21:54 -05:00
HD Moore
43420aa984
Fix incorrect use of sock.get that can lead to an indefinite timeout
...
console1:
```
msf> use auxiliary/scanner/http/open_proxy
msf auxiliary(open_proxy) > set RHOSTS 192.168.0.4
msf auxiliary(open_proxy) > set RPORT 8888
msf auxiliary(open_proxy) > run
< the connection never times out >
```
console2:
```
$ nc -vlp 8888
Listening on [0.0.0.0] (family 0, port 8888)
Connection from [192.168.0.4] port 8888 [tcp/*] accepted (family 2, sport 43245)
GET http://209.85.148.147/ HTTP/1.1
Host: 209.85.148.147
Connection: close
User-Agent: user_agent
Accept-Encoding: *
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7
Cache-Control: no
Accept-Language: de,en;q=0.7,en-us;q=0.3
```
After the patch, requests timeout after 10 seconds:
```
msf auxiliary(open_proxy) > run
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-06-28 15:18:11 -05:00
HD Moore
3e1ac3fee1
This module was broken due to a hardcoded IP address for google.com
2014-06-28 15:14:29 -05:00
David Maloney
9cec330f05
Merge branch 'master' into staging/electro-release
2014-06-26 10:22:30 -05:00
James Lee
48e93b7fc2
Merge branch 'feature/MSP-9715/linux_hashcracker' into staging/electro-release
2014-06-25 16:15:44 -05:00
David Maloney
34c57f51b1
Merge branch 'staging/electro-release' of github.com:rapid7/metasploit-framework-private into staging/electro-release
2014-06-25 15:02:35 -05:00
David Maloney
ac61a8fe4f
deprecate jtr_unshadow
2014-06-25 15:01:35 -05:00
James Lee
75be200b97
Merge branch 'feature/MSP-9714/jtr_aix' into staging/electro-release
2014-06-25 14:34:41 -05:00
James Lee
70fd3344fd
Merge branch 'feature/MSP-9713/jtr_crack_fast' into staging/electro-release
2014-06-25 14:15:50 -05:00
David Maloney
61d8597a00
missing require
2014-06-25 10:13:41 -05:00
David Maloney
5b0a356045
properly strip extra colons
2014-06-25 10:04:48 -05:00
James Lee
4e0bcc123d
More useful msg when domain is ignored
2014-06-25 10:01:07 -05:00
James Lee
f225ac92ab
Refactor smb_login
...
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
David Maloney
560fc93834
jtr_aix refactor
...
updated the aix cracker for jtr
2014-06-24 15:34:28 -05:00
James Lee
85611702f9
Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor
2014-06-23 23:58:47 -05:00
Jon Hart
b9925bb24c
Minor option cleanup
2014-06-23 18:38:47 -07:00
HD Moore
002234993f
SMB lib fixes, unattend.xml cred gathering
2014-06-23 20:08:42 -05:00
Meatballs
615aeb66a5
Dont use or
2014-06-23 23:11:04 +01:00
Meatballs
752007848b
Tidy up code
...
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
2014-06-23 23:08:33 +01:00
David Maloney
6651af2d9b
refactor jtr_linux cracker
2014-06-23 16:27:28 -05:00
HD Moore
2772d84a18
Major rework of this module, please see the diff
2014-06-23 16:13:42 -05:00
David Maloney
57c4ed51e9
fix mssql incremental modes
2014-06-23 15:37:37 -05:00
David Maloney
1cbc324774
fix up incremental modes
...
those incrmenetal rules don't exist
in all versions. All and Alnum are too long
for a 'fast-mode' crack. We wwill do Digits though
which does all digits 0-8 and gets us blank passwords
for free.
2014-06-23 15:36:17 -05:00
David Maloney
520c82d7fc
deal with blank password in ntlm
2014-06-23 15:32:50 -05:00
David Maloney
c5f2efda18
fixed up casing
2014-06-23 15:26:12 -05:00
David Maloney
b246e66eb8
successfully cracking ntlm hashes
...
still need to handle casing for lm
2014-06-23 14:40:32 -05:00
Jon Hart
050091d0dd
Fuzz all 255 possible mode 7 request codes
2014-06-23 11:38:30 -07:00
David Maloney
57cc390681
fix how we save mssql hashes
...
since the 0x prefix is neccisary, just save the hash that way in the first place
2014-06-23 12:38:36 -05:00
David Maloney
c61f59d8a9
make sure to report the realm
2014-06-23 12:08:49 -05:00
David Maloney
dadd959c6a
refactor postgres hash cracking
...
refactored postgres_hashdump to report the creds
it logged in with. added a new jtr module for
dealing with postgres hashes instead of the
crappy old md5 one we had before
2014-06-23 12:02:39 -05:00
William Vu
a0aca251f5
Land #3472 , releae fixes
2014-06-23 11:41:35 -05:00
Tod Beardsley
0219c4974a
Release fixups, word choice, refs, etc.
2014-06-23 11:17:00 -05:00
William Vu
40d1ec551e
Add WEP, PSK, and MGT
2014-06-21 23:15:20 -05:00
Spencer McIntyre
61f4c769eb
Land #3461 , Chromecast factory reset module
2014-06-21 17:43:31 -04:00
William Vu
79bf80e6bf
Add generic error handling
...
Just in case a factory reset happens to fail.
2014-06-21 15:35:03 -05:00
jvazquez-r7
469fae7058
Land #3465 , @hmoore-r7's module for SMC IPMI Port 49152 file exposure vulnerability
2014-06-20 17:22:28 -05:00
jvazquez-r7
252d917bbb
Fix msftidy and favor && over and
2014-06-20 17:21:10 -05:00
David Maloney
8cfba5770a
missing require
2014-06-20 15:22:37 -05:00
David Maloney
d80f4d9e67
refactor jtr_mysql_fast and mysql_hashdump
...
have mysql_hashdump report the cred it logged in with
refactor jtr_mysql to use the new jtr cracker
2014-06-20 15:21:35 -05:00
James Lee
669779defb
SMB cred creation refactor
2014-06-20 15:17:40 -05:00
James Lee
35c0ef0c68
Merge branch 'feature/MSP-9716/mssql_crack' into staging/electro-release
2014-06-20 12:39:07 -05:00
David Maloney
a929a55404
fix show command parsing
...
this ius better than a regex and handles special charachters
in usernames and passwords far better than the previous way
2014-06-20 10:48:42 -05:00
David Maloney
93da4dc561
account for mssql12 format
...
mssql2012 and later uses a new format. some versions
of john support this and some do not yet
2014-06-19 16:11:14 -05:00
David Maloney
4453dcdc8e
some minor fixes
2014-06-19 15:45:24 -05:00
HD Moore
fa5fc724eb
Fix the disclosure date
2014-06-19 15:36:17 -05:00
HD Moore
f7fd17106a
Add the final cari.net URL
2014-06-19 15:33:06 -05:00
David Maloney
aca532b994
making egypt happy
...
it's a full time job
2014-06-19 15:07:33 -05:00
James Lee
9421beedb3
Refactor http_login
2014-06-19 14:12:21 -05:00
Jon Hart
6f03f6657f
Support only fuzzing specific mode 6 operations
2014-06-19 11:10:11 -07:00
David Maloney
0ff8708e6d
some minor fixes
2014-06-19 13:08:43 -05:00
David Maloney
53352924d2
Merge branch 'staging/electro-release' into feature/MSP-9716/mssql_crack
...
Conflicts:
Gemfile
2014-06-19 12:45:53 -05:00
David Maloney
20f7cde9cc
add incremental and single modes
...
make sure we run single mode and incremnetal modes
during our runs through these hashes.
2014-06-19 12:38:01 -05:00
David Maloney
bb120fd1e2
report access level on mssql_hashdump
...
if we know we have admin access on mssql hashdumop
we should report that on the Login object.
2014-06-19 12:20:42 -05:00
David Maloney
d3c77b345c
report cracked credentials
...
also makes mssql_hashdump report the credentials it logged in with
2014-06-19 12:16:49 -05:00
David Maloney
62f4054858
startring refactor on jtr_mssql
...
started work on the mssql hash cracker
fixed some minor bugs with the underlying mixin
crackers now runs. still have to have the cred objects created
2014-06-18 14:50:08 -05:00
dmaloney-r7
190923e9a7
Merge pull request #79 from rapid7/feature/MSP-9699/axis2-refactor
...
Refactor axis_login
2014-06-18 11:43:23 -05:00
David Maloney
4c3cc793ba
fix missing .present?
2014-06-18 10:52:27 -05:00
David Maloney
58b016202b
Merge branch 'staging/electro-release' into feature/MSP-9709/ssh-pubkey
2014-06-18 10:50:29 -05:00
David Maloney
2b0bb608b1
Merge branch 'master' into staging/electro-release
2014-06-18 10:49:58 -05:00
William Vu
075eec39e1
Add Chromecast factory reset module
2014-06-18 10:04:17 -05:00
Spencer McIntyre
c685e0d06e
Land #3444 , chromecast wifi enumeration
2014-06-17 22:09:58 -04:00
James Lee
5f176a56cb
Fix typo
2014-06-17 17:16:46 -05:00
James Lee
d114dd1da2
Fix bugs. :fail != :failed
2014-06-17 17:12:50 -05:00
James Lee
d6de0da5a7
Refactor axis_login
2014-06-17 17:07:53 -05:00
William Vu
1394ad1431
Break my double quote habit
...
Doesn't it feel better? C doesn't love me anymore.
2014-06-17 14:22:55 -05:00
Christian Mehlmauer
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
William Vu
8376b4aa2b
Map constants to readable values
...
Thanks, @zeroSteiner and @kernelsmith. :)
2014-06-17 13:10:08 -05:00
James Lee
6237d56398
Refactor ssh_login_pubkey
...
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
where the ssh_socket accessor was not being set because of a
shadowing local var
* Fix a bug in the db command dispatcher where an extra column was
added to the table, causing an unhandled exception when running the
creds command
* Add a big, ugly, untested class for imitating
Metasploit::Framework::CredentialCollection for ssh keys. This class
continues the current behavoir of silently ignoring files that are a)
encrypted or b) not private keys.
* Remove unnecessary proof gathering in the module (it's already
handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
j0hnf
1a82a20c09
re-added incorrectly removed SMBSHARE option
2014-06-16 20:10:11 +01:00
Jon Hart
8fa81de3bb
Fuzz mode 7 more correctly. Cleanup.
...
Provide empty 188-byte payload for mode 7 messages, otherwise nothing
seems to response. Provide more useful defaults for versions/modes.
Allow control over what mode 7 stuff is fuzzed.
2014-06-16 11:56:27 -07:00
Jon Hart
0352a5305c
When fuzzing mode 6 (control) and 7 (private) messages, print out each version tested since these tend to take a long time
2014-06-16 10:31:08 -07:00
Jon Hart
28bf9f8d50
Correct order of mixins so RHOSTS works properly
2014-06-16 10:02:27 -07:00
Jon Hart
9e5281d0c6
Mixin Msf::Auxiliary::Scanner, switch to run_host to fix DNS lookup issues
2014-06-16 09:58:20 -07:00
Tod Beardsley
2aa26fa290
Minor spacing and word choice fixups
2014-06-16 11:40:21 -05:00
Jon Hart
c7c0528e44
Fuzz NTP private messages too
2014-06-15 20:23:33 -07:00
scriptjunkie
5fe8814af6
Land #3330 adding admin check to smb_login
2014-06-15 14:42:26 -05:00
Samuel Huckins
fa8c9bc4f3
Merge pull request #75 from rapid7/feature/MSP-9692/afp_login
...
MSP-9692 #land
2014-06-13 10:51:26 -05:00
Samuel Huckins
f452652f54
Merge pull request #61 from rapid7/feature/MSP-9708/ssh-bruteforce
...
Functional steps updated and passing, along with specs. Proof being maintained seemed off, but it's not persisted, just used for setting platform.
MSP-9708 #land
2014-06-12 18:37:44 -05:00
Samuel Huckins
d215b8e5b2
Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
...
45 merged, steps passing.
MSP-9712 #land
2014-06-12 16:04:17 -05:00
Samuel Huckins
52d63f51bb
Merge pull request #50 from rapid7/feature/MSP-9705/postgres_login
...
Verily verified.
MSP-9705 #land
2014-06-12 15:49:39 -05:00
David Maloney
539f30e720
refactor afp_login
2014-06-12 14:16:05 -05:00
Tod Beardsley
1ab379a0fe
Land #3448 , ident =! indent
2014-06-12 14:15:06 -05:00
Tod Beardsley
e9783200f2
Land #3447 , fix variable typo
2014-06-12 14:07:34 -05:00
David Maloney
96e492f572
Merge branch 'master' into staging/electro-release
2014-06-12 14:02:27 -05:00
William Vu
cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key)
2014-06-12 13:41:44 -05:00
Jon Cave
a647246148
Use correct variable name
2014-06-12 19:38:41 +01:00
William Vu
62a4991508
Land #3446 , some code cleanup from @todb-r7
2014-06-12 13:35:36 -05:00
Tod Beardsley
3f5e50d18f
Aux modules don't have ranking.
...
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
2014-06-12 13:21:59 -05:00
Tod Beardsley
1aa029dbed
Avoid double quotes in the initialize/elewhere
...
There is no need to have double quotes there for uninterpolated strings,
and every other module uses single quotes.
2014-06-12 13:20:59 -05:00
Samuel Huckins
fe33444858
Merge pull request #58 from rapid7/feature/MSP-9693/db2_auth
...
Errors resolved, cred created
MSP-9693 #land
2014-06-12 12:49:54 -05:00
jvazquez-r7
e85f829ee4
modules living inside scanner should include the Scanner mixin
2014-06-12 12:20:44 -05:00
HD Moore
fa4e835804
Fix up scanner mixin usage, actual test/bug fix
2014-06-12 11:52:34 -05:00
Samuel Huckins
430b3d181e
Merge pull request #67 from rapid7/feature/MSP-9695/ftp_login
...
Access level string clarified, specs passing, valid looking cores with proper info
MSP-9695 #land
2014-06-12 11:33:18 -05:00
Samuel Huckins
71a4f1ab33
Clarified RW access level
...
MSP-9695
2014-06-12 11:32:20 -05:00
jvazquez-r7
67d4097e1d
Land #3271 , @claudijd's Cisco ASA SSL VPN Bruteforce Aux Module
2014-06-12 11:27:23 -05:00
HD Moore
487bf219f0
Rename to match the title
2014-06-12 11:23:34 -05:00
jvazquez-r7
7650067b41
Fix metadata
2014-06-12 11:22:52 -05:00
jvazquez-r7
e76c85c5d1
Fix usage of print_*
2014-06-12 11:13:45 -05:00
David Maloney
e4ff07dfa8
Merge branch 'staging/electro-release' into feature/MSP-9693/db2_auth
2014-06-12 10:52:06 -05:00
David Maloney
88f8b585a3
Merge branch 'staging/electro-release' into feature/MSP-9705/postgres_login
...
Conflicts:
Gemfile
Gemfile.lock
2014-06-12 10:47:02 -05:00
Samuel Huckins
a5d88fd2ab
Space in arg list, because I don't hate feedom.
2014-06-12 10:29:14 -05:00
joev
6bc37cca0c
Land #3430 , @brandonprry's generic MongoDB injection enum.
2014-06-11 21:41:23 -05:00
William Vu
23f7fe45ed
Add Chromecast wifi enumeration module
2014-06-11 21:00:47 -05:00
David Maloney
c074ebda7b
refactor telnet_login
2014-06-11 17:46:42 -05:00
dmaloney-r7
85bee6ea12
Update ftp_login.rb
2014-06-11 17:29:23 -05:00
Brandon Perry
cca91dd7c5
Update mongodb_js_inject_collection_enum.rb
...
some @jvennix-r7 fixes
2014-06-11 17:07:57 -05:00
David Maloney
83a2dc250d
make ftp guest attempts optional
2014-06-11 16:37:59 -05:00
James Lee
c8e1fab6ec
Merge branch 'staging/electro-release' into feature/MSP-9708/ssh-bruteforce
...
Conflicts:
lib/metasploit/framework/credential.rb
2014-06-11 16:28:01 -05:00
James Lee
b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
...
Conflicts:
lib/metasploit/framework/credential_collection.rb
spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
David Maloney
1164cf5363
refactor ftp_login
...
uses new cred goodness
2014-06-11 16:21:55 -05:00
Jon Hart
7ce9114a1e
Initial commit of an NTP fuzzer
2014-06-11 13:46:08 -07:00
Trevor Rosen
87a9ee9a69
Merge pull request #59 from rapid7/feature/MSP-9697/tomcat_login
...
Feature/msp 9697/tomcat login
MSP-9697 #land
2014-06-11 15:35:09 -05:00
HD Moore
81019ed850
Supermicro work
2014-06-11 15:03:54 -05:00
Trevor Rosen
6c0d668f0a
Merge pull request #55 from rapid7/feature/MSP-9701/msssql_login
...
Feature/msp 9701/msssql login
MSP-9701 #land
2014-06-11 13:48:59 -05:00
Samuel Huckins
84aa0d42ed
Merge pull request #57 from rapid7/bug/MSP-10004/rubyzip
...
Trevor added a 0.4.1 tag right before this PR landed, making this unmergable. Pulled in staging/electro-release, specs passing.
2014-06-11 13:48:03 -05:00
Samuel Huckins
1903542683
Merge branch 'staging/electro-release' into bug/MSP-10004/rubyzip
...
Conflicts:
Gemfile
Gemfile.lock
2014-06-11 13:42:26 -05:00
Trevor Rosen
e8752f9c56
Point to correct creds version
2014-06-11 13:38:35 -05:00
Trevor Rosen
651871bd7a
Resolve upstream conflict
2014-06-11 13:34:45 -05:00
David Maloney
9593422f9c
Merge branch 'master' into staging/electro-release
2014-06-11 10:23:56 -05:00
William Vu
6ca5cf6c26
Add Chromecast YouTube remote control
2014-06-11 00:08:08 -05:00
James Lee
fb8c1f4c4b
Refactor ssh_login to use LoginScanner stuffs
...
Also, Metasploit::Credential::Creation stuffs.
2014-06-10 17:30:06 -05:00
David Maloney
c06fd21fb1
refactor tomcat_mgr_login
...
uses the new Metasploit::Credential magic now
2014-06-10 15:59:00 -05:00
David Maloney
693c4aae66
make sure we capture realms
...
need to account for the possability of
realms in mssql_login
2014-06-10 14:41:45 -05:00
Luke Imhoff
b05e7fb9ac
Fix require
...
MSP-10004
Change 'zip/zip' to 'zip' to match >= 1.0.0 rubyzip API.
2014-06-10 13:58:07 -05:00
David Maloney
74d376e387
refactor db2_auth module
...
you know what it is
2014-06-10 13:43:07 -05:00
Luke Imhoff
4d923a4809
Update to Rubyzip 1.X API
...
MSP-10004
`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
Tod Beardsley
44540e6d00
Land #3437 , CSS Injection MITM scanner
2014-06-10 13:36:35 -05:00
jvazquez-r7
4aa1fee398
Land #3326 , @FireFart's Heartbleed - server response parsing
2014-06-10 13:27:28 -05:00
David Maloney
0c89d6cdce
refactor mssql_login
...
now uses all the Metasploit::Credential goodness
2014-06-10 11:49:08 -05:00
David Maloney
15ceb1e826
put calls in right place it helps
2014-06-10 11:17:19 -05:00
David Maloney
63ec83ea90
missing public
...
missing the public in the invalidate_login call
now fixed
2014-06-10 11:12:17 -05:00
David Maloney
6362eac0b0
add invalidate_login call
2014-06-10 11:11:22 -05:00
David Maloney
e9d9806408
invalidate_login
...
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
David Maloney
dc590008a7
add invalidate_login call
...
add the new invalidate login call to make sure
we update the status on failed logins appropriately
2014-06-10 10:58:27 -05:00
Tod Beardsley
521284253f
Be more clear about the vuln and impact
2014-06-10 10:29:23 -05:00
jvazquez-r7
9b55f5143a
Add module for CVE-2014-0224
2014-06-09 17:38:11 -05:00
James Lee
e629fdb47d
Report the realm, too
...
derp
2014-06-09 17:06:56 -05:00
David Maloney
32f87b985c
refactor mysql_login
...
refactor mysql_login to use the new
Metasploit::Credential apradigm
2014-06-09 14:20:58 -05:00
David Maloney
61fd962331
refactor vnc_login
...
refactor for new credential usage
2014-06-09 13:55:24 -05:00
Tod Beardsley
4103f2295b
Missing comma
2014-06-09 13:44:46 -05:00
Tod Beardsley
0e14d77dba
Minor fixup on DTLS module
2014-06-09 13:42:30 -05:00
jvazquez-r7
0e611b5d64
Land #3429 , @jhart-r7's auxiliary module for CVE-2014-0195
2014-06-09 13:34:38 -05:00
jvazquez-r7
ed5d83a41b
Add vulnerability discoverer
2014-06-09 13:25:33 -05:00
jvazquez-r7
daf662b3c0
Do minor cleanup
2014-06-09 13:23:56 -05:00
David Maloney
a4e96d8f59
Merge branch 'master' into staging/electro-release
2014-06-09 13:07:22 -05:00
David Maloney
f8f5691eee
refactor postgres_login module
...
postgres_login now uses all the new components
such as Metasploit::Credential and the LoginScanner
class
2014-06-09 12:59:05 -05:00
jvazquez-r7
1f33566033
Land #3432 , @Meatballs1 sap_soap_rfc_brute_login's clean up
2014-06-09 11:39:52 -05:00
jvazquez-r7
b39b41e29f
Land #3371 , @Meatballs1 fix for sap_mgmt_con_getprocessparameter
2014-06-09 11:25:01 -05:00
Jon Hart
06e45e8253
Clean up TLS fragment building
2014-06-09 08:39:30 -07:00
David Maloney
482aa2ea08
Merge branch 'master' into staging/electro-release
2014-06-09 10:27:22 -05:00
Christian Mehlmauer
099003708c
Land #3422 , SAP Bruterforcer datastore cleanup
2014-06-08 08:42:27 +02:00
Brandon Perry
4367e8ef0c
Update mongodb_js_inject_collection_enum.rb
...
Fix some logic bugs that caused incorrect results.
2014-06-07 21:03:28 -05:00
Brandon Perry
dc89621d5c
Update mongodb_js_inject_collection_enum.rb
...
No need to make extra requests. Off by one.
2014-06-07 20:09:00 -05:00
Brandon Perry
2663af986b
Update mongodb_js_inject_collection_enum.rb
...
This adds a bit more error handling, and better decision making in regards to false responses.
2014-06-07 19:58:12 -05:00
Jon Hart
a7a1a2bf3b
Move dtls_fragment_overflow.rb under ssl where it belongs
2014-06-07 12:56:34 -07:00
Brandon Perry
4071fb332b
Create mongodb_js_inject_collection_enum.rb
...
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7
https://gist.github.com/brandonprry/c2de8ac2be825007c4de
2014-06-07 11:20:34 -05:00
Jon Hart
8637a1fff1
OpenSSL DTLS CVE-2014-0195 POC
2014-06-06 19:24:47 -07:00
Meatballs
fe20e6e1c4
Merge remote-tracking branch 'upstream/master' into soap_brute_fix
...
Conflicts:
modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
2014-06-07 02:44:16 +01:00
Meatballs
8624ddfc3e
Clean up SAP SOAP RFC Brute Login
...
Honour the user supplied settings
Abort a host on connection error
Check a 200 response for some appropriate data
Let datastore validation handle things like options being present
Be more verbose if needed
Use the HTTPClient more appropriately
2014-06-07 02:34:49 +01:00
Meatballs
b997c2ac1f
Further tidies
2014-06-07 02:00:35 +01:00
dmaloney-r7
ff8e6d2c50
Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
...
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
James Lee
2ee408e9db
Refactor winrm_login with Credentials
2014-06-05 14:26:29 -05:00
James Lee
8b6e188ba8
Add support for realm in CredentialCollection
...
MSP-9988
2014-06-04 17:03:52 -05:00
David Maloney
4960503a59
fix jtr_format
...
use raw-md5 as that sort of works
2014-06-04 14:10:28 -05:00
David Maloney
30c35907bf
refactor psotgres_hashdump
...
refactor psotgres_hashdump to now save
hashes as Metasploit::Credential objects
2014-06-04 12:21:49 -05:00
David Maloney
d1f7f93e4b
refactor mysql_hashdump
...
mysql_hashdump now uses Metasploit::Credential to
save hashes.
2014-06-04 11:59:47 -05:00
David Maloney
201e6e9866
Merge branch 'feature/MSP-9750/MSSQL_hashdump' into feature/MSP-9751/mysql_hashdump
2014-06-04 11:58:58 -05:00
David Maloney
28bf29980e
Merge branch 'master' into staging/electro-release
2014-06-04 10:21:08 -05:00
David Maloney
d3949b3d6c
refactor mssql_hashdump
...
refactor mssql_hashdump to use Metasploit:Credential
2014-06-03 15:02:59 -05:00
Meatballs
0e3549ebc4
mc brute tidy
2014-06-03 17:27:46 +01:00
Tod Beardsley
b7dc89f569
I prefer "bruteforce" to "brute force" for search
...
Just makes it easier to search for, since it's an industry term of art.
2014-06-02 13:09:46 -05:00