Commit Graph

11940 Commits (33da3a414b145de60f23a5534e2b2e75ab1804ed)

Author SHA1 Message Date
Meatballs1 982795ee5d Merge pull request #32 from todb-r7/saner-ifs-pr1473
Clean up the if.nils?
2014-01-23 15:50:25 -08:00
Meatballs 790e4d7559
Move options to mixin 2014-01-23 23:47:46 +00:00
Tod Beardsley e066d86d41
Clean up the if.nils? 2014-01-23 17:36:10 -06:00
Meatballs 62729dd9ab
Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2014-01-22 10:06:54 +00:00
Tod Beardsley f5809423a3
Let's spell right in my spellcheck PR
Updates #2900
2014-01-21 15:57:59 -06:00
Meatballs 720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2014-01-21 21:00:51 +00:00
Tod Beardsley b3b51eb48c
Pre-release fixup
* Updated descriptions to be a little more descriptive.

  * Updated store_loot calls to inform the user where the
loot is stored.

  * Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.

Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
2014-01-21 13:29:08 -06:00
sinn3r 7cc3c47349
Land #2891 - HP Data Protector Backup Client Service Directory Traversal 2014-01-20 20:08:01 -06:00
jvazquez-r7 e2fa581b8c Delete empty line 2014-01-17 22:05:14 -06:00
sinn3r 57318ef009 Fix nil bug in jboss_invoke_deploy.rb
If there is a connection timeout, the module shouldn't access the
"code" method because that does not exist.
2014-01-17 11:47:18 -06:00
jvazquez-r7 c670259539 Fix protocol handling 2014-01-17 00:49:44 -06:00
jvazquez-r7 eaf1b0caf6 Add minor clean up 2014-01-16 17:55:45 -06:00
jvazquez-r7 f3c912bd32 Add module for ZDI-14-003 2014-01-16 17:49:49 -06:00
jvazquez-r7 ac9e634cbb
Land #2874, @mandreko's sercomm exploit fixes 2014-01-16 16:35:32 -06:00
jvazquez-r7 272fe5ddfd Delete debug comments 2014-01-16 16:12:12 -06:00
sinn3r a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules 2014-01-16 15:57:38 -06:00
jvazquez-r7 8213eed49f Delete Netgear N150 target, ist's a Netgear DGN1000 model 2014-01-16 15:14:31 -06:00
William Vu 9bf90b836b Add environment variables support 2014-01-16 14:53:25 -06:00
jvazquez-r7 139119d32c Add Manual targets to sercomm_exec 2014-01-16 12:44:26 -06:00
jvazquez-r7 0922aef8d1 Update module description 2014-01-16 11:16:11 -06:00
jvazquez-r7 2e6b1c7552
Land #2878, @mandreko's fix for sercomm credentials parsing 2014-01-16 07:27:55 -06:00
William Vu 311704fc0a Perform final cleanup 2014-01-15 13:49:37 -06:00
joev 1197426b40
Land PR #2881, @jvazquez-r7's mips stagers. 2014-01-15 12:46:41 -06:00
joev 0833da465a
Lands #2832, @jvazquez-r7's fixes to mipsel shellcode. 2014-01-15 12:03:17 -06:00
jvazquez-r7 0b1671f1b8 Undo debugging comment 2014-01-14 17:02:30 -06:00
jvazquez-r7 6372ae6121 Save some parsing 2014-01-14 17:00:00 -06:00
jvazquez-r7 a056d937e7 Fluch data cache and improve documentation 2014-01-14 14:06:01 -06:00
jvazquez-r7 a8806887e9 Add support for MIPS reverse shell staged payloads 2014-01-14 12:25:11 -06:00
William Vu 5d387c96ec
Land #2879, minor code formatting missed in #2863 2014-01-14 11:22:09 -06:00
sgabe b4280f2876 Very minor code formatting 2014-01-14 13:35:00 +01:00
Matt Andreko 2d40f936e3 Added some additional creds that were useful 2014-01-13 23:15:51 -05:00
Matt Andreko 42fb8c48d1 Fixed the credential parsing and made output consistent
So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.

The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.
2014-01-13 22:57:25 -05:00
sinn3r ad832adfc1
Land #2846 - Update mipsle shell_bind_tcp shellcode 2014-01-13 17:37:08 -06:00
Matt Andreko b7b1ddf1e8 Sercomm Exploit module fixes
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
Tod Beardsley 804b26bac6
Land #2872, switch for ARCH_MIPSBE 2014-01-13 15:10:27 -06:00
jvazquez-r7 24c57b34a7 Have into account endianess 2014-01-13 15:04:23 -06:00
William Vu 7c52f9b496 Update description to use %q{} 2014-01-13 14:42:25 -06:00
William Vu 61b30e8b60
Land #2869, pre-release title/desc fixes 2014-01-13 14:29:27 -06:00
Tod Beardsley 207e9c413d
Add the test info for sercomm_dump_config 2014-01-13 14:27:03 -06:00
Tod Beardsley e6e6d7aae4
Land #2868, fix Firefox mixin requires 2014-01-13 14:23:51 -06:00
jvazquez-r7 fe6d10ac5d
Land #2852, @mandreko's scanner for OSVDB 101653 2014-01-13 14:07:07 -06:00
Tod Beardsley 671027a126
Pre-release title/desc fixes 2014-01-13 13:57:34 -06:00
jvazquez-r7 8c3a71a2e7 Clean sercomm_backdoor scanner according to feedback 2014-01-13 13:53:47 -06:00
Joe Vennix f11322b29f Oh right, msftidy. 2014-01-13 13:44:34 -06:00
Joe Vennix 3db143c452 Remove explicit requires for FF payload.
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
sinn3r 771bd039a0
Land #2863 - Update realplayer_ver_attribute_bof.rb
Refs & ROP
2014-01-13 11:29:52 -06:00
sinn3r bc9c865c25
Land #2865 - js payload to firefox_svg_plugin & add BA support for FF JS exploits 2014-01-13 11:17:36 -06:00
jvazquez-r7 95a5d12345 Merge #2835, #2836, #2837, #2838, #2839, #2840, #2841, #2842 into one branch 2014-01-13 10:57:09 -06:00
sgabe e7cc3a2345 Removed unnecessary target 2014-01-13 13:17:16 +01:00
sgabe 26d17c03b1 Replaced ROP chain 2014-01-13 02:54:49 +01:00