infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
25,428 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

4603 Commits (35c0ef0c686f2808720e3ab834e3f5c41af43139)

Author SHA1 Message Date
William Vu 23f7fe45ed
Add Chromecast wifi enumeration module 2014-06-11 21:00:47 -05:00
David Maloney c074ebda7b
refactor telnet_login 2014-06-11 17:46:42 -05:00
dmaloney-r7 85bee6ea12 Update ftp_login.rb 2014-06-11 17:29:23 -05:00
Brandon Perry cca91dd7c5 Update mongodb_js_inject_collection_enum.rb 
some @jvennix-r7 fixes
 2014-06-11 17:07:57 -05:00
David Maloney 83a2dc250d
make ftp guest attempts optional 2014-06-11 16:37:59 -05:00
James Lee c8e1fab6ec
Merge branch 'staging/electro-release' into feature/MSP-9708/ssh-bruteforce 
Conflicts:
	lib/metasploit/framework/credential.rb
 2014-06-11 16:28:01 -05:00
James Lee b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce 
Conflicts:
	lib/metasploit/framework/credential_collection.rb
	spec/lib/metasploit/framework/credential_collection_spec.rb
 2014-06-11 16:21:59 -05:00
David Maloney 1164cf5363
refactor ftp_login 
uses new cred goodness
 2014-06-11 16:21:55 -05:00
Trevor Rosen 87a9ee9a69 Merge pull request #59 from rapid7/feature/MSP-9697/tomcat_login 
Feature/msp 9697/tomcat login

MSP-9697 #land
 2014-06-11 15:35:09 -05:00
Trevor Rosen 6c0d668f0a Merge pull request #55 from rapid7/feature/MSP-9701/msssql_login 
Feature/msp 9701/msssql login

MSP-9701 #land
 2014-06-11 13:48:59 -05:00
Samuel Huckins 84aa0d42ed Merge pull request #57 from rapid7/bug/MSP-10004/rubyzip 
Trevor added a 0.4.1 tag right before this PR landed, making this unmergable. Pulled in staging/electro-release, specs passing.
 2014-06-11 13:48:03 -05:00
Samuel Huckins 1903542683
Merge branch 'staging/electro-release' into bug/MSP-10004/rubyzip 
Conflicts:
	Gemfile
	Gemfile.lock
 2014-06-11 13:42:26 -05:00
Trevor Rosen e8752f9c56 Point to correct creds version 2014-06-11 13:38:35 -05:00
Trevor Rosen 651871bd7a Resolve upstream conflict 2014-06-11 13:34:45 -05:00
David Maloney 9593422f9c
Merge branch 'master' into staging/electro-release 2014-06-11 10:23:56 -05:00
William Vu 6ca5cf6c26
Add Chromecast YouTube remote control 2014-06-11 00:08:08 -05:00
James Lee fb8c1f4c4b
Refactor ssh_login to use LoginScanner stuffs 
Also, Metasploit::Credential::Creation stuffs.
 2014-06-10 17:30:06 -05:00
David Maloney c06fd21fb1
refactor tomcat_mgr_login 
uses the new Metasploit::Credential magic now
 2014-06-10 15:59:00 -05:00
David Maloney 693c4aae66
make sure we capture realms 
need to account for the possability of
realms in mssql_login
 2014-06-10 14:41:45 -05:00
Luke Imhoff b05e7fb9ac
Fix require 
MSP-10004

Change 'zip/zip' to 'zip' to match >= 1.0.0 rubyzip API.
 2014-06-10 13:58:07 -05:00
David Maloney 74d376e387
refactor db2_auth module 
you know what it is
 2014-06-10 13:43:07 -05:00
Luke Imhoff 4d923a4809
Update to Rubyzip 1.X API 
MSP-10004

`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
 2014-06-10 13:41:42 -05:00
Tod Beardsley 44540e6d00
Land #3437, CSS Injection MITM scanner 2014-06-10 13:36:35 -05:00
jvazquez-r7 4aa1fee398 Land #3326, @FireFart's Heartbleed - server response parsing 2014-06-10 13:27:28 -05:00
David Maloney 0c89d6cdce
refactor mssql_login 
now uses all the Metasploit::Credential goodness
 2014-06-10 11:49:08 -05:00
David Maloney 15ceb1e826
put calls in right place it helps 2014-06-10 11:17:19 -05:00
David Maloney 63ec83ea90
missing public 
missing the public in the invalidate_login call
now fixed
 2014-06-10 11:12:17 -05:00
David Maloney 6362eac0b0
add invalidate_login call 2014-06-10 11:11:22 -05:00
David Maloney e9d9806408
invalidate_login 
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
 2014-06-10 11:07:15 -05:00
David Maloney dc590008a7
add invalidate_login call 
add the new invalidate login call to make sure
we update the status on failed logins appropriately
 2014-06-10 10:58:27 -05:00
Tod Beardsley 521284253f
Be more clear about the vuln and impact 2014-06-10 10:29:23 -05:00
jvazquez-r7 9b55f5143a Add module for CVE-2014-0224 2014-06-09 17:38:11 -05:00
James Lee e629fdb47d
Report the realm, too 
derp
 2014-06-09 17:06:56 -05:00
David Maloney 32f87b985c
refactor mysql_login 
refactor mysql_login to use the new
Metasploit::Credential apradigm
 2014-06-09 14:20:58 -05:00
David Maloney 61fd962331
refactor vnc_login 
refactor for new credential usage
 2014-06-09 13:55:24 -05:00
Tod Beardsley 4103f2295b
Missing comma 2014-06-09 13:44:46 -05:00
Tod Beardsley 0e14d77dba
Minor fixup on DTLS module 2014-06-09 13:42:30 -05:00
jvazquez-r7 0e611b5d64
Land #3429, @jhart-r7's auxiliary module for CVE-2014-0195 2014-06-09 13:34:38 -05:00
jvazquez-r7 ed5d83a41b Add vulnerability discoverer 2014-06-09 13:25:33 -05:00
jvazquez-r7 daf662b3c0 Do minor cleanup 2014-06-09 13:23:56 -05:00
David Maloney a4e96d8f59
Merge branch 'master' into staging/electro-release 2014-06-09 13:07:22 -05:00
David Maloney f8f5691eee
refactor postgres_login module 
postgres_login now uses all the new components
such as Metasploit::Credential and the LoginScanner
class
 2014-06-09 12:59:05 -05:00
jvazquez-r7 1f33566033
Land #3432, @Meatballs1 sap_soap_rfc_brute_login's clean up 2014-06-09 11:39:52 -05:00
jvazquez-r7 b39b41e29f
Land #3371, @Meatballs1 fix for sap_mgmt_con_getprocessparameter 2014-06-09 11:25:01 -05:00
Jon Hart 06e45e8253 Clean up TLS fragment building 2014-06-09 08:39:30 -07:00
David Maloney 482aa2ea08
Merge branch 'master' into staging/electro-release 2014-06-09 10:27:22 -05:00
Christian Mehlmauer 099003708c
Land #3422, SAP Bruterforcer datastore cleanup 2014-06-08 08:42:27 +02:00
Brandon Perry 4367e8ef0c Update mongodb_js_inject_collection_enum.rb 
Fix some logic bugs that caused incorrect results.
 2014-06-07 21:03:28 -05:00
Brandon Perry dc89621d5c Update mongodb_js_inject_collection_enum.rb 
No need to make extra requests. Off by one.
 2014-06-07 20:09:00 -05:00
Brandon Perry 2663af986b Update mongodb_js_inject_collection_enum.rb 
This adds a bit more error handling, and better decision making in regards to false responses.
 2014-06-07 19:58:12 -05:00
Jon Hart a7a1a2bf3b Move dtls_fragment_overflow.rb under ssl where it belongs 2014-06-07 12:56:34 -07:00
Brandon Perry 4071fb332b Create mongodb_js_inject_collection_enum.rb 
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7

https://gist.github.com/brandonprry/c2de8ac2be825007c4de
 2014-06-07 11:20:34 -05:00
Jon Hart 8637a1fff1 OpenSSL DTLS CVE-2014-0195 POC 2014-06-06 19:24:47 -07:00
Meatballs fe20e6e1c4
Merge remote-tracking branch 'upstream/master' into soap_brute_fix 
Conflicts:
	modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
 2014-06-07 02:44:16 +01:00
Meatballs 8624ddfc3e
Clean up SAP SOAP RFC Brute Login 
Honour the user supplied settings
Abort a host on connection error
Check a 200 response for some appropriate data
Let datastore validation handle things like options being present
Be more verbose if needed
Use the HTTPClient more appropriately
 2014-06-07 02:34:49 +01:00
Meatballs b997c2ac1f
Further tidies 2014-06-07 02:00:35 +01:00
dmaloney-r7 ff8e6d2c50 Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection 
Add a CredCollection class and refactor WinRM bruteforce module
 2014-06-06 11:53:28 -05:00
James Lee 2ee408e9db
Refactor winrm_login with Credentials 2014-06-05 14:26:29 -05:00
James Lee 8b6e188ba8
Add support for realm in CredentialCollection 
MSP-9988
 2014-06-04 17:03:52 -05:00
David Maloney 4960503a59
fix jtr_format 
use raw-md5 as that sort of works
 2014-06-04 14:10:28 -05:00
David Maloney 30c35907bf
refactor psotgres_hashdump 
refactor psotgres_hashdump to now save
hashes as Metasploit::Credential objects
 2014-06-04 12:21:49 -05:00
David Maloney d1f7f93e4b
refactor mysql_hashdump 
mysql_hashdump now uses Metasploit::Credential to
save hashes.
 2014-06-04 11:59:47 -05:00
David Maloney 201e6e9866
Merge branch 'feature/MSP-9750/MSSQL_hashdump' into feature/MSP-9751/mysql_hashdump 2014-06-04 11:58:58 -05:00
David Maloney 28bf29980e
Merge branch 'master' into staging/electro-release 2014-06-04 10:21:08 -05:00
David Maloney d3949b3d6c
refactor mssql_hashdump 
refactor mssql_hashdump to use Metasploit:Credential
 2014-06-03 15:02:59 -05:00
Meatballs 0e3549ebc4
mc brute tidy 2014-06-03 17:27:46 +01:00
Tod Beardsley b7dc89f569
I prefer "bruteforce" to "brute force" for search 
Just makes it easier to search for, since it's an industry term of art.
 2014-06-02 13:09:46 -05:00
David Maloney 34004908bb
Merge branch 'master' into staging/electro-release 
Conflicts:
	.ruby-version
 2014-06-02 11:10:33 -05:00
William Vu 8bd4e8d30a
Land #3406, indeces_enum -> indices_enum 2014-06-02 11:06:33 -05:00
RageLtMan 74400549a1 Resolve undefined method `get_cookies' 
Anemone::Page is not a Rex HTTP request/response, and uses the
:cookies method to return an array of cookies.
This resolves the method naming error, though it does break with
Rex naming convention since Anemone still uses a lot non-Rex
methods for working with pages/traffic.
 2014-05-30 14:39:51 -04:00
jvazquez-r7 4a1fea7abb
Land #2948, @juushya's PocketPAD login bruteforce module 2014-05-30 11:47:16 -05:00
jvazquez-r7 b0bdfa7680 Clean up code 2014-05-30 11:44:42 -05:00
jvazquez-r7 fb59221189
Land #2494, @juushya's etherpadduo login module 2014-05-30 11:35:28 -05:00
jvazquez-r7 d92a7adc68 change module filename 2014-05-30 11:31:49 -05:00
jvazquez-r7 40a103967e Minor code cleanup 2014-05-30 11:28:37 -05:00
jvazquez-r7 6f330ea190 Add deprecation information 2014-05-29 17:38:01 -05:00
jvazquez-r7 aea0379451 Fix typos 2014-05-29 12:37:51 -05:00
David Maloney 696d2b7e6b
Merge branch 'master' into staging/electro-release 2014-05-29 12:30:32 -05:00
dmaloney-r7 e669324366 Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner 
Add axis2 login scanner
 2014-05-29 11:22:22 -05:00
William Vu 53ab2aefaa
Land #3386, a few datastore msftidy error fixes 2014-05-29 10:44:37 -05:00
William Vu 8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings 2014-05-29 04:42:49 -05:00
William Vu 3f86aebabf
Land #3398, CAPWAP DoS description cleanup 2014-05-28 14:55:22 -05:00
William Vu 785b53820e
Land #3399, print_error instead of print_status 2014-05-28 14:53:00 -05:00
James Lee 05e24326a6
Style compliance 2014-05-28 14:31:34 -05:00
joev c89cd24621 Rewire some snmp modules to use print_error instead of print_status. 2014-05-28 13:31:00 -05:00
Tod Beardsley 4b5c62ba8d
Dress up CAPWAP DoS desc a little. 2014-05-28 12:19:17 -05:00
jvazquez-r7 55ef5dd484
Land #3115, @silascutler's module for elasticsearch indeces enumeration 2014-05-27 11:28:34 -05:00
jvazquez-r7 2271afc1a5 Change module filename 2014-05-27 11:25:39 -05:00
jvazquez-r7 3de8beb5fd Clean code 2014-05-27 11:22:40 -05:00
jvazquez-r7 69e8286838 Fix title 2014-05-27 10:29:32 -05:00
jvazquez-r7 1316365c2f Fix description 2014-05-27 10:22:39 -05:00
jvazquez-r7 abe1d6ffc7
Land #3190, @Karmanovskii's module to fingerprint MyBB database 2014-05-27 10:20:24 -05:00
jvazquez-r7 86221de10e Fix message 2014-05-27 10:18:27 -05:00
jvazquez-r7 b96c2dd0ca Change module filename 2014-05-27 10:15:39 -05:00
jvazquez-r7 1d8c46155b Do last code cleaning 2014-05-27 10:14:55 -05:00
William Vu 352e14c21a
Land #3391, all vars_get msftidy warning fixes 2014-05-26 23:41:46 -05:00
Karmanovskii eacf70af83 Update mybb_get_type_db.rb 
26.05.2014  23:26
I deleted mimicking IE11
 2014-05-26 23:26:28 +04:00
jvazquez-r7 217a14e4d7
Land #3366, @jholgui's module for CVE-2013-4074 2014-05-25 18:53:30 -05:00
jvazquez-r7 33ba134147 Clean msftidy warnings and metadata 2014-05-25 18:52:01 -05:00
jvazquez-r7 d3c17d8e3e Delete wireshark_capwap_dos 2014-05-25 18:39:53 -05:00