1087b8ca16
cleanup
2017-11-18 20:09:29 -05:00
35567e3e23
Fix - copy system:running-config tftp://ip/file
...
Copies running config directly to TFTP server, thus removing the need to delete the file :D.
2017-11-18 13:02:12 -05:00
f84f824a71
remove ?
2017-11-17 16:15:18 -05:00
b457c60542
WORK IN PROGRESS - "GET"
...
Work in progress of GET, and PUT. PUT works fine for grabbing the configuration. GET will be used for service a config to execute commands , or the also WIP action "UPLOAD"
2017-11-17 15:36:27 -05:00
8b59c4615b
Update cisco_smart_install.rb
2017-11-17 07:09:41 -05:00
feb24efd27
add DOWNLOAD action
...
Adds DOWNLOAD function, to download config and send to attacker TFTP server.
2017-11-16 12:58:54 -05:00
4a8d32af85
Update cisco_smart_install.rb
2017-11-16 12:53:27 -05:00
2f6da89674
Change author name to nick.
2017-11-09 03:00:24 +11:00
03cd8af29a
Update browser_sop_bypass.rb
2017-11-08 12:50:49 +05:30
0c247d5635
Update browser_sop_bypass.rb
2017-11-08 12:38:37 +05:30
fc87ee08d9
Land #9060 , IBM Lotus Notes DoS (CVE-2017-1130).
2017-11-07 11:20:12 -06:00
872894f743
Update browser_sop_bypass.rb
2017-11-07 21:29:16 +05:30
2fad61101e
Update browser_sop_bypass.rb
2017-11-07 21:13:06 +05:30
3dad025b8c
Create browser_sop_bypass.rb
2017-11-07 14:24:50 +05:30
88db98c381
Update ibm_lotus_notes2.rb
2017-11-06 20:45:50 +05:30
77c13286e0
Ensure closing script tag has necessary escape.
2017-11-05 13:41:29 -06:00
87934b8194
Convert tnftp_savefile from auxiliary to exploit
...
This has been a long time coming. Fixes #4109 .
2017-11-01 17:37:41 -05:00
972f9c08eb
Land #9135 , peer print for jenkins_enum
2017-11-01 15:33:13 -05:00
77181bcc9c
Prefer peer over rhost/rport
2017-11-01 15:32:32 -05:00
0e66ca1dc0
Fix #3444/#4774, get_json_document over JSON.parse
...
Forgot to update these when I wrote new modules.
2017-11-01 15:05:49 -05:00
c36184697c
Merge pull request #9150 from bcook-r7/runtimeerror
...
Fix several broken raise RuntimeError calls in error paths
2017-10-31 14:47:42 -05:00
f1e6e7eed5
Land #9107 , add MinRID to complement MaxRID
2017-10-31 12:18:28 -05:00
aa0ac57238
use implicit RuntimeError
2017-10-31 04:53:14 -05:00
9389052f61
fix more broken RuntimeError calls
2017-10-31 04:45:19 -05:00
9c16da9c98
Update ibm_lotus_notes2.rb
2017-10-28 18:53:15 +05:30
587c9673c6
Added host and port to output
...
I added the host and port number to reporting when instances are found.
2017-10-27 09:34:49 -07:00
80aba7264c
Update ibm_lotus_notes2.rb
2017-10-25 10:33:25 +05:30
9658776adf
Land #9079 , adding @h00die's gopher scanner
2017-10-20 17:16:08 -07:00
d715f53604
add MinRID to complement MaxRID, allowing continuing or starting from a higher value
...
from @lvarela-r7
2017-10-20 15:32:25 -05:00
664e774a33
style/rubocop cleanup
2017-10-20 09:44:07 -07:00
7e338fdd8c
Land #9086 , proxying fix for nessus_rest_login
2017-10-16 11:52:04 -05:00
9597157e26
Make nessus_rest_login scanner proxy-aware again
2017-10-14 11:16:41 +02:00
f4ae2e6cdc
Make pop3_login scanner proxy-aware again
2017-10-14 11:05:54 +02:00
a63c947768
gopher proto
2017-10-12 21:32:01 -04:00
deb2d76678
Land #9058 , Add proxies back to smb_login
2017-10-12 17:31:45 -05:00
ab63caef7b
Land #9009 , Apache Optionsbleed module
2017-10-10 12:13:40 -05:00
2b85eb17dd
Create ibm_lotus_notes2.rb
2017-10-10 12:22:06 +05:30
a3d47ea838
Land #8989 , IBM Lotus Notes DoS (CVE-2017-1129)
2017-10-09 19:37:59 -05:00
fd8b72ca66
Minor tweaks.
2017-10-09 17:02:24 -05:00
15adb82b96
Make smb_login scanner proxy-aware again
2017-10-09 23:01:25 +02:00
7fc9be846a
bcoles suggestions
2017-09-29 20:29:30 -04:00
6cc5324e5b
oe is all umlaut
2017-09-28 19:52:02 -04:00
2295146dcd
working optionsbleed module
2017-09-27 22:07:57 -04:00
997b831b52
implement regexes
2017-09-27 19:33:50 -04:00
0649d0d356
wip optionsbleed
2017-09-26 22:09:07 -04:00
579342c4f6
Land #8955 , Fix error messages on telnet_encrypt_overflow.rb
2017-09-26 16:08:58 -05:00
66d6ac418a
Land #8978 , Add smb1 scanner
2017-09-26 16:06:41 -05:00
7924667e51
appease alignists
2017-09-25 09:10:10 -05:00
62ee4ed708
update modules to use inherited SSLVersion option
2017-09-25 09:03:22 -05:00
273d49bffd
Land #8891 login scanner for Inedo BuildMaster
2017-09-24 13:30:17 -04:00
e4f79879ba
Update and rename modules/auxiliary/dos/ibm_lotus_notes.rb to modules/auxiliary/dos/http/ibm_lotus_notes.rb
2017-09-23 18:27:50 +05:30
669b6771e3
Update ibm_lotus_notes.rb
2017-09-22 17:16:42 +05:30
a71edb33be
Create ibm_lotus_notes.rb
2017-09-22 17:08:05 +05:30
5a62e779aa
Land #8954 , fix internal usage of bindata objects when generating NTP messages
2017-09-19 09:01:49 -05:00
c953842c96
Added docs and additional dialects
2017-09-18 15:02:38 -05:00
7d07f7054d
Merge remote-tracking branch 'origin/master' into add_smb1_scanner
2017-09-18 13:16:06 -05:00
d07fe2f1e7
Added reporting back, removed wfw dialect
2017-09-18 13:15:19 -05:00
6f5eb5a18f
update
2017-09-15 12:07:28 -05:00
4e81a68108
Simplify saving valid credentials by calling store_valid_credential
2017-09-15 00:18:33 -05:00
646dda7958
Add initial smbv1 scanner code
2017-09-14 16:59:39 -05:00
200a1b400a
Remove spaces to appease msftidy.
2017-09-14 09:28:38 -05:00
27a517e0f6
Fix #8060 , cf #8061
2017-09-12 18:41:51 +02:00
a7a17c677c
fix internal usage of bindata objects when generating NTP messages
2017-09-12 09:54:09 -04:00
e4465c9350
Fixed a bug where flowcontrol caused the first packet to get lost
2017-09-11 19:00:53 -07:00
b218cc3c7f
Merge branch 'master' into hw_auto_padding_fix
2017-09-11 18:30:34 -07:00
ad9329993d
Added better padding and flowcontrol support.
2017-09-11 18:20:57 -07:00
861f4a6201
Changes to buildmaster_login from code review
...
Use peer property in messages instead of rhost rport combination for consistency.
Documentation updated accordingly.
2017-09-09 18:00:04 -05:00
47adfb9956
Fixes from code review to buildmaster_login
...
Per bcoles, the most important fixes are:
- Removing `self.class` from call to `register_options`
- Adding rescue to login_succeeded to handle bad json
2017-09-09 16:26:01 -05:00
c67e407c9c
Land #8880 , added Cisco Smart Install (SMI) scanner
2017-09-07 08:06:03 -05:00
b0dc44fb86
Land #8909 , Avoid saving some invalid creds
2017-09-05 12:43:03 -05:00
86db2a5771
Land #8888 from @h00die, with two extra fixes
...
Fixes spelling and grammar in a bunch of modules. More to come!
2017-08-31 14:37:02 -05:00
8a045e65aa
Spaces between commas
2017-08-31 14:29:23 -05:00
2bbba9c500
Avoid some ActiveRecord validation errors.
...
Per discussion with @bcoles in [PR 8759](https://github.com/rapid7/metasploit-framework/pull/8759#issuecomment-325028479 ), setting a login data's last_attempted_at value while also setting the status to UNTRIED will cause a validation error when there's a running+connected MSF DB.
This PR removes the handful of existing cases we're doing this (thx, @bcoles!).
2017-08-30 15:31:36 -05:00
eec5d2ada9
Update description and add link to SIET
2017-08-30 11:52:11 -07:00
d5124fdc94
Land #8759 , Add TeamTalk Gather Credentials auxiliary module
2017-08-29 13:17:28 -05:00
c9e32fbb18
Remove last_attempted_at
2017-08-29 05:05:04 +00:00
a40429158f
40% done
2017-08-28 20:17:58 -04:00
bd7ea1f90d
more updates, 465 more pages to go
2017-08-26 21:01:10 -04:00
7dfde651ea
Add login scanner module for Inedo BuildMaster
...
This module attempts to log into BuildMaster. BuildMaster is an application release automation tool.
More information about BuildMaster:
http://inedo.com/
2017-08-26 17:56:53 -05:00
924c3de9f3
Land #7382 , BIND TSIG DoS
2017-08-26 10:42:35 -05:00
f9a2c3406f
Clean up module
2017-08-26 10:41:10 -05:00
3420633f29
@NickTyrer corrected my correction
2017-08-26 08:43:10 -04:00
32a4436ecd
first round of spelling/grammar fixes
2017-08-24 21:38:44 -04:00
7b18c17445
Appease rubocop
2017-08-22 14:53:21 -07:00
2969da3d70
Merge branch 'upstream-master' into feature/cisco-smi-scanner
2017-08-22 14:39:44 -07:00
cbd7790e95
Land #8751 , Add Asterisk Gather Credentials auxiliary module
2017-08-20 18:34:27 -05:00
aa797588e8
Land #8847 , Look for sp_execute_external_script in mssql_enum
2017-08-20 14:32:35 -05:00
dc358dd087
unknow to unknown
2017-08-18 11:33:48 -04:00
e642789674
Look for sp_execute_external_script in mssql_enum
...
sp_execute_external_script can be used to execute code in MSSQL.
MSSQL 2016+ can be configured to execute R code. MSSQL 2017 can
be configured to execute Python code.
Documentation:
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql
https://docs.microsoft.com/en-us/sql/advanced-analytics/tutorials/rtsql-using-r-code-in-transact-sql-quickstart
Interesting uses of sp_execute_external_script:
R - https://pastebin.com/zBDnzELT
Python - https://gist.github.com/james-otten/63389189ee73376268c5eb676946ada5
2017-08-16 21:40:03 -05:00
e3265c4b1b
Land #8697 , fix oracle_hashdump and jtr_oracle_fast modules
2017-08-14 17:36:18 -04:00
69c4ae99a7
Land #8811 , fix peer printing with bruteforce modules
2017-08-14 17:31:48 -04:00
1a4db844c0
Refactor build_brute_message for legacy printing
2017-08-14 11:17:34 -05:00
9fdf2ca1f4
Land #8830 , Cleanup auxiliary/scanner/msf/msf_rpc_login
2017-08-14 02:47:08 -04:00
fa4fae3436
Cleanup auxiliary/scanner/msf/msf_rpc_login
2017-08-14 06:34:04 +00:00
26193216d1
Land #8686 , add 'download' and simplified URI request methods to http client mixin
...
Updated PDF author metadata downloader to support the new methods.
2017-08-14 01:40:17 -04:00
5d05ca154a
added http client 'download' method and updates to pdf author module from @bcoles
2017-08-14 01:08:53 -04:00
ecfe3d0235
added optional DoublePulsar check
2017-08-11 11:36:59 -06:00
bb5fffebc4
Land #8796 , SMBLoris Denial of Service Module.
2017-08-09 16:24:55 -05:00
901a1fdd1b
Minor tweaks.
2017-08-09 15:44:32 -05:00
1b6b29c22b
fix error with rdp scanníng
2017-08-09 21:32:15 +02:00
3396afb41a
Add IP and port (peer) to print_brute messages
2017-08-08 15:46:40 -05:00
39e59805f9
Fix annoying print_brute messages in ssh_login
2017-08-08 15:15:23 -05:00
67e86da50b
make SMBLoris run continuously as requested
...
as per ZeroSum's request the module now runs
continuously, refreshing the connections on every pass
until manually killed
2017-08-08 10:16:16 -05:00
289f03241b
add module documentation
...
add module docs for the new smbloris DoS
2017-08-04 16:10:44 -05:00
15cc2a9dc0
removedthreading stuff, tried keepalives
...
still seem to be topping out at
about 1.3GB allocated
2017-08-04 15:28:01 -05:00
e73ffe648e
tried adding supervisor model to smbloris
...
tried to overcome issues with slowdown
around the 4500 connection mark by using the
supervisor pattern to terminate the threads on
the backend. this seems to get us further, but we still
hit a slowdown and the allocations die out before
we hit any serious usage
2017-08-03 14:19:35 -05:00
c9da2d56b9
first pass at SMBLoris DoS module
...
the first pass on the DoS module for SMBLoris
running into issues with it topping out around 600MB
2017-08-03 11:32:57 -05:00
8989d6dff2
Modified Accuvant bog posts to the new Optive urls
2017-08-02 13:25:17 +10:00
d66e8062e7
Add TeamTalk Gather Credentials auxiliary module
2017-07-24 14:24:38 +00:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
80d18fae6a
update example modules to have zero violations
2017-07-24 06:15:54 -07:00
838b066abe
Merge branch 'master' into land-8716
2017-07-24 05:51:44 -07:00
df22e098ed
Land #8695 , Fix #8675 , Add Cache-Control header, also meta tag for BAP2
2017-07-23 07:17:45 -07:00
8c8dbc6d38
Land #8692 , Fix #8685 , Check nil condition for #wordlist_file in jtr modules
2017-07-23 07:12:21 -07:00
109fd8b6d3
Add Asterisk Gather Credentials auxiliary module
2017-07-23 09:55:12 +00:00
e710701416
Made msftidy.rb happy
...
...untested with the set-cookie 'fix'
2017-07-21 19:55:26 -07:00
5d04775f5e
use 2.4 OpenSSL::PKey::RSA api
2017-07-21 16:28:07 -04:00
524373bb48
OCD - Removed un-needed full stop
2017-07-21 07:41:51 -07:00
772bec23a1
Fix various typos
2017-07-21 07:40:08 -07:00
3f6925196b
OCD - store_loot & print_good
2017-07-19 13:02:49 +01:00
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
df9b642746
More print_status -> print_good
2017-07-19 11:39:15 +01:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
3d4feffc62
OCD - Spaces & headings
2017-07-19 11:04:15 +01:00
a008f8e795
BruteForce - > Brute Force
2017-07-19 10:39:58 +01:00
45f81f3c98
Squash some style issues
2017-07-18 12:45:02 -07:00
e93e524c3b
Merge branch 'upstream-master' into feature/rdp-scanner
2017-07-17 13:46:59 -07:00
43e04c8894
Improve RDP probe packet
2017-07-17 13:14:47 -07:00
ee1c87b868
Land #8172 , example modules
...
lands several example modules
2017-07-14 15:17:20 -05:00
e3e5c33b9b
WIP commit of RDP scanner
2017-07-14 13:02:43 -07:00
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
9309115627
OCD - Banner clean up
2017-07-14 08:19:50 +01:00
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
67310fa96c
print_status -> print_good. [When it is successful, show it!]
2017-07-14 00:09:35 +01:00
424522147e
OCD fixes - Start of *.rb files
2017-07-13 23:53:59 +01:00
de230478eb
Land #8566 , Add ye olde NNTP Login Utility scanner module
2017-07-13 13:19:34 -05:00
e52e9c147d
First commit for Cisco Smart Install Scanner
2017-07-12 19:12:06 -07:00
59de7d3635
Land #8671 , Add a module for CVE-2017-7615
2017-07-12 14:58:02 -05:00
580219695a
Oof, missed the parens...
2017-07-12 13:52:59 -05:00
aa22651340
Few style/spelling tweaks, nothing to see here...
2017-07-12 13:41:20 -05:00
345407b0a4
Rex::Encoder::XDR conflicts with the XDR gem
2017-07-12 11:52:10 -05:00
5473b2132d
Implement :request_url for Msf HttpClient mixin
...
To round out implementation of a simple path for users to access
HttpClient like Open or Net::HTTP, create :request_url method which
takes a single URL parameter, uses :request_opts_from_url to build
the request configuration for Rex::Proto::Http::Client, executes
a GET request with it, and disconnects the client unless keepalive
is specified as the second parameter to :request_url.
Example usage of functionality is implemented in http_pdf_authors.
2017-07-11 16:07:13 -04:00
6d7a066477
fixes oracle_hashdump and jtr_oracle_fast modules
...
fixes functionality in the oracle database hashdumper
and the oracle hash cracker modules
2017-07-10 16:57:57 -05:00
50b1ec4044
Fix #8675 , Add Cache-Control header, also meta tag for BAP2
...
Hopefully that browsers will respect this.
Fix #8675
2017-07-10 16:05:09 -05:00
fe360e3e2a
Fix #8685 , Check nil condition for #wordlist_file in jtr modules
...
JTR modules should never assume there is always a database
connected while using #wordlist_file, considering a database is
an optional component for Framework.
Fix #8685
2017-07-10 11:18:20 -05:00
df697aa23c
Implement HttpClient options generation from URL
...
To address the complexity which comes with the flexibility offered
by Rex::Proto::Http::Client and its Msf mixin descendant, a simple
process needs to be implemented for issuing a request using only
the URL string in order to provide ease of access to users who may
not have the time to study how these clients work in detail.
Implement :request_opts_from_url in Msf's HttpClient mixin such as
to extract the options required for :send_request_* from a URL
string passed into the method. This approach reduces HTTP requests
in the mixin to `send_request_raw(request_opts_from_url(url))` when
`url` is just a string.
Implement this approach in the http_pdf_authors gather module to
further reduce infrastructure complexity around the simple need to
acquire PDF files via HTTP/S.
Testing:
Local to this module only, and in Pry of course. Seems to work...
2017-07-10 04:19:26 -04:00
997150a215
Use Msf::Exploit::Remote::HttpClient
...
Replace Net::HTTP usage with proper Rex::Proto::Http::Client via
the Msf module mixin. Generate the request opts from the same URI
parsed URL string, execute a one shot GET request, disconencting
after reciept of results. Depending on the response code, either
pass back an empty StringIO or if its 200, a StringIO(res.body).
2017-07-10 03:37:41 -04:00
263a42707e
Fix a typo
2017-07-09 16:34:51 +02:00
8510cda5ae
Implement @bcoles advices
2017-07-09 16:34:10 +02:00
f10cf75ae0
Fix some stuff
2017-07-09 10:45:15 +02:00
Austin
Patrick Webster
RootUp
Pearce Barry
William Vu
lvarela-r7
Brent Cook
sho-luv
Jon Hart
Brent Cook
Hanno Heinrichs
h00die
Adam Cammack
bwatters-r7
loftwing
james
Erik Lenoir
Craig Smith
james
Tod Beardsley
Brendan Coles
zerosum0x0
Christian Mehlmauer
David Maloney
TC Johnson
g0tmi1k
Evgeny Naumov
RageLtMan
wchen-r7
jvoisin