Commit Graph

5004 Commits (37753e656ea87fbb52399ebbb26d3911fa71c988)

Author SHA1 Message Date
jvazquez-r7 0737d0dbd5 Refactor auxiliary module 2014-08-22 17:05:45 -05:00
jvazquez-r7 9ef09a7725 Pass msftidy 2014-08-22 13:24:59 -05:00
jvazquez-r7 38e6576990 Update 2014-08-22 13:22:57 -05:00
Joe Vennix 95fbb8f1b7
Land PR #3672, dmaloney-r7's login scanner credential rework. 2014-08-22 11:15:32 -05:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging"
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
2014-08-22 10:17:44 -05:00
Christopher Truncer 3918acb1e1 Changed keyword used when returning 2014-08-21 12:34:54 -04:00
Christopher Truncer a0b72bba93 Updated module based on feedback 2014-08-21 12:26:41 -04:00
Christopher Truncer 383906c26c Removed function no longer used 2014-08-20 22:51:01 -04:00
Christopher Truncer c93bfb4673 Fixed targeturi value 2014-08-20 21:23:45 -04:00
Christopher Truncer 7f90b81711 IP Board Login Scanner Module 2014-08-20 21:18:19 -04:00
Jon Hart 9f9f28cc31
If a peer is 127.0.0.1, don't try to store it because we (currently...) can't 2014-08-20 15:48:54 -07:00
Jon Hart 9db3dc7ad8
Store peer data note in the same format as originally 2014-08-20 15:10:45 -07:00
Jon Hart 758c3fa518
Only discard monlist replies that are impossibly short
This fixes the case where if a monlist reply only includes one peer
2014-08-20 15:02:21 -07:00
Jon Hart 7ad9300d37
Update ntp_monlist to use UDPScanner, NTP and DRDoS mixins 2014-08-20 14:41:00 -07:00
Jon Hart 8fd4ee87ab
Allow singular NTP version and mode 7 implementation testing 2014-08-20 12:21:39 -07:00
John Sawyer 1959f7a235 Updated shodan_search for new API 2014-08-20 00:48:13 -04:00
Tom Sellers 74920d26a4 Update to server/capture/imap.rb for new Credential system 2014-08-19 15:25:31 -05:00
Tom Sellers 3fdad4dc91
Update auxillary/scanner/ftp with Credential Gem 2014-08-19 13:13:05 -05:00
David Maloney 473b92a060
Merge branch 'master' into feature/MSP-10992/scanner-dry
Conflicts:
	Gemfile.lock
	lib/metasploit/framework/command/console.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/credential.rb
	lib/metasploit/framework/credential_collection.rb
	lib/metasploit/framework/login_scanner/afp.rb
	lib/metasploit/framework/login_scanner/axis2.rb
	lib/metasploit/framework/login_scanner/db2.rb
	lib/metasploit/framework/login_scanner/ftp.rb
	lib/metasploit/framework/login_scanner/http.rb
	lib/metasploit/framework/login_scanner/mssql.rb
	lib/metasploit/framework/login_scanner/mysql.rb
	lib/metasploit/framework/login_scanner/pop3.rb
	lib/metasploit/framework/login_scanner/postgres.rb
	lib/metasploit/framework/login_scanner/result.rb
	lib/metasploit/framework/login_scanner/smb.rb
	lib/metasploit/framework/login_scanner/snmp.rb
	lib/metasploit/framework/login_scanner/ssh.rb
	lib/metasploit/framework/login_scanner/telnet.rb
	lib/metasploit/framework/login_scanner/vnc.rb
	lib/metasploit/framework/parsed_options/console.rb
	lib/metasploit/framework/require.rb
	lib/metasploit/framework/version.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/afp/afp_login.rb
	modules/auxiliary/scanner/db2/db2_auth.rb
	modules/auxiliary/scanner/ftp/ftp_login.rb
	modules/auxiliary/scanner/http/axis_login.rb
	modules/auxiliary/scanner/http/http_login.rb
	modules/auxiliary/scanner/http/tomcat_mgr_login.rb
	modules/auxiliary/scanner/mssql/mssql_login.rb
	modules/auxiliary/scanner/mysql/mysql_login.rb
	modules/auxiliary/scanner/pop3/pop3_login.rb
	modules/auxiliary/scanner/postgres/postgres_login.rb
	modules/auxiliary/scanner/snmp/snmp_login.rb
	modules/auxiliary/scanner/ssh/ssh_login.rb
	modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
	modules/auxiliary/scanner/telnet/telnet_login.rb
	modules/auxiliary/scanner/vnc/vnc_login.rb
	modules/auxiliary/scanner/winrm/winrm_login.rb
	spec/lib/metasploit/framework/credential_spec.rb
	spec/lib/msf/core/framework_spec.rb
2014-08-19 10:30:16 -05:00
sinn3r 7330e3585f Support Glassfish 4.0 and lots of other changes 2014-08-18 19:03:26 -05:00
James Lee f169b8dff3
Fix hashes being stored as passwords 2014-08-18 15:52:13 -05:00
Tod Beardsley cad281494f
Minor caps, grammar, desc fixes 2014-08-18 13:35:34 -05:00
joev 5bfbb7654e
Add android meterpreter to browser autopwn. 2014-08-18 11:09:16 -05:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
jvazquez-r7 93990f4578
Land #3631, @wchen-r7's fixes to avoid datastore options assignment at runtime 2014-08-12 14:46:02 -05:00
jvazquez-r7 b46b6af50d
Land #3630, @wchen-r7's fix for datastore assignments on smb_enumusers 2014-08-12 14:26:55 -05:00
jvazquez-r7 33da1a6871 Give a chance to the mixin 2014-08-12 13:49:39 -05:00
David Maloney fcfce9efec
Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry 2014-08-12 11:22:51 -05:00
cx c937e80521 Added Fixes#2 mentioned by Firefart
Details:
* MSF's HTTP::Wordpress class included and wordpress related
variables are used.
2014-08-12 15:16:43 +03:00
sinn3r 4aeb1eda9c Don't use datastore options as default values 2014-08-11 18:55:32 -05:00
cx c90434c926 Added Fixes mentioned by Firefart
Details:
* string interpolation removed
* Minor styling issues are fixed
  * peer var used
* target_uri added instead of datastore
2014-08-11 14:37:39 +03:00
Tod Beardsley 08bb815bd8
Add Yokogawa unauth admin module 2014-08-09 13:30:10 -05:00
Jon Hart a5e9abc227
Update R7-2014-12 NTP modules to use new DRDoS mixin 2014-08-08 23:15:54 -07:00
Jon Hart 00452b41c9
Gut admin functions from R7-2014-12 NTP modules
None of these are admin modules.  All of that stuff should eventually go
in auxiliary/admin
2014-08-08 21:22:11 -07:00
Jon Hart ed3ccdc9e0
Initial commit of modules for NTP vulns described in R7-2014-12
Not entirely functional or polished, but mostly working
2014-08-08 21:00:43 -07:00
Jon Hart 3307726c21
Land #3627, @wchen-r7's cleanup of ctypes in smb_enumshares 2014-08-08 19:17:15 -07:00
Jon Hart b3bb20f569
Land #3629, @wchen-r7's HTTP traversal fixes 2014-08-08 18:08:32 -07:00
Jon Hart c35dc4d3ac Extract query params separately
Prevents stomping on data
2014-08-08 18:07:25 -07:00
sinn3r 969e5ddd39 Override the correct smb_direct 2014-08-07 18:48:46 -05:00
sinn3r 3b27102c4c Override the correct smb_direct 2014-08-07 18:47:33 -05:00
sinn3r 436e2abfff Fix datastore options 2014-08-07 17:59:40 -05:00
sinn3r 1963318e70 Fix datastore options 2014-08-07 17:58:25 -05:00
sinn3r ab8f2c7d3f Datastore option fix 2014-08-07 17:57:44 -05:00
sinn3r 6f8c7f092a Fix direct datastore assignments to pass msftidy 2014-08-07 17:51:45 -05:00
sinn3r c79fe731c5 Um, this is the right way to do it. 2014-08-07 13:32:48 -05:00
sinn3r f7bda738cf Fix file handle leak 2014-08-07 13:30:34 -05:00
sinn3r 711630d059 Fix datastore assignments 2014-08-07 13:28:51 -05:00
sinn3r c7090f57a5 Fix "text" ctype in smb_enumshares
"text" is not a valid ctype, should be text/plain
2014-08-07 11:25:55 -05:00
Christian Mehlmauer a7be5b5164
Added fingerprinting 2014-08-07 18:12:58 +02:00
Christian Mehlmauer d6e60453d6
Added Wordpress XMLRPC DoS 2014-08-07 11:38:44 +02:00
Brandon Turner 91bb0b6e10 Metasploit Framework 4.9.3-2014072301
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
 iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
 mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
 6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
 gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
 783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
 /lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
 BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
 zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
 yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
 W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
 aJ0QgKJz8thZgafZc89I
 =e1z9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
 gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
 qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
 ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
 CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
 olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
 pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
 F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
 tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
 z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
 8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
 AjGcfOzhhcsY+WAQ7OG+
 =Pjob
 -----END PGP SIGNATURE-----

Merge tag '2014072301' into staging/electro-release

Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
sinn3r 9b6259e58b
Land #3569 - Updated smb_enumshares to support spidering 2014-08-05 20:23:09 -05:00
sinn3r f520616730 This fixes a few things, see commit message for more info
This commit fixes the following:

1. Not handling eval_host()'s nil file return value, which can causes
   a NoMethodError at runtime due to various conditions.
2. Renames datastore option VERBOSE to ShowFiles to pass msftidy
3. Avoids overwriting datastore options directly to pass msftidy
2014-08-05 19:20:11 -05:00
Alton Johnson da845c7e89 Changed default VERBOSE option to false. 2014-08-04 18:06:35 -05:00
Jon Hart b81c7e28f4
Land #3588, @tobd-r7's Fix SpaceBeforeModifierKeyword Rubocop warning 2014-08-04 14:25:03 -07:00
jvazquez-r7 ed97751ead
Land #2999, @j0hnf's modifiction to check_dir_file to handle file: 2014-08-04 11:55:18 -05:00
jvazquez-r7 cd45ed0e0a Handle exceptions when connecting the SMBHSARE 2014-08-04 11:54:30 -05:00
jvazquez-r7 85b5c5a691 Refactor check_path 2014-08-04 11:48:13 -05:00
jvazquez-r7 1e29bef51b Fix msftidy warnings 2014-08-04 11:46:27 -05:00
jvazquez-r7 04bf0b4ab6 Fix forgotten comma 2014-08-04 11:34:12 -05:00
HD Moore 3bc8d1fee9 See #RM8838. Handle null domain_sid properly
This switches to the local sid if the domain sid is null, even if
the ACTION is set to DOMAIN. This solves the issue identified in

```
[*] 192.168.0.4 PIPE(LSARPC) LOCAL(NAS - 5-21-2272853860-1115691317-1341221697) DOMAIN(WORKGROUP - )
[-] 192.168.0.4 No domain SID identified, falling back to the local SID...
[*] 192.168.0.4 USER=guest RID=501
[*] 192.168.0.4 GROUP=None RID=513
```
2014-08-02 14:25:17 -05:00
us3r777 cd2e225359 Refactored auxilliary jboss_bshdeployer
Switch modules/auxiliary/admin/http/jboss_bshdeployer.rb to use the
changes.
2014-08-02 11:10:49 +02:00
David Maloney ab7111120b
and all the rest
finally!
2014-08-01 14:54:18 -05:00
David Maloney 4821851ae4
telnet and ssh next 2014-08-01 14:47:08 -05:00
David Maloney 12902b0a6d
the refactor continues! 2014-08-01 14:41:03 -05:00
David Maloney b74813b9a1
mysql and pop3 now 2014-08-01 14:30:33 -05:00
David Maloney 2e7738c788
http and mssql now 2014-08-01 14:22:58 -05:00
David Maloney 33f73a8af7
refactor db2 2014-08-01 13:00:27 -05:00
David Maloney 439b893fea
refactor axislogin 2014-08-01 12:30:16 -05:00
David Maloney 0fffb179fa
refactor afp_login 2014-08-01 12:10:52 -05:00
David Maloney c3691ba056
finish refactoring ftp_login 2014-08-01 12:06:13 -05:00
David Maloney a380646667
start refactoring ftp loginscanner 2014-08-01 11:47:13 -05:00
jvazquez-r7 4ed085d0d2
Land #3581, @FireFart's update for W3 Total Cache Hash extract module 2014-07-30 10:45:11 -05:00
jvazquez-r7 674c3ca260 Use [] for references 2014-07-30 10:44:42 -05:00
jvazquez-r7 1fe459eb42 Add info to know where the info comes from 2014-07-29 18:47:40 -05:00
Tod Beardsley adf03e28ce
Fix SpaceBeforeModifierKeyword Rubocop warning
This also deals with some errant tabs where internal spaces should be,
as well as one syntax error which was preventing an old meterpreter
script from ever working correctly.

Some day, we need to get rid of those Meterpeter scripts. Srsly.
2014-07-29 17:10:54 -05:00
Christian Mehlmauer 3d2a62bc29
Updated W3 Total Cache Hash extract module 2014-07-29 19:49:48 +02:00
us3r777 9e9244830a Added spec for lib/msf/http/jboss
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
Christopher Truncer 7129108c58 Fixed status in MSF db for Nessus 2014-07-28 13:49:24 -04:00
cx 7247f8879b Empty line fix
Details:
* Empty line fix added to each_user_pass function
2014-07-28 12:50:41 +03:00
cx 5679a72aa8 Added Fixes mentioned by jhart-r7
Details:
* res && res.body fix
  * empty return removed
* vprint added/changed
* is_? convention fixed
* Unknown error removed
* Minor styling issues are fixed
* VERBOSE Option Removed
2014-07-27 00:40:37 +03:00
Alton Johnson 555e6c9cff Modified a few things based on suggestions. 2014-07-25 18:23:12 -05:00
Alton Johnson 58502f139a Updated. 2014-07-25 15:46:50 -05:00
cx cdabfb84f4 Add Wordpress XML-RPC Login Scanner
This module attempts to authenticate against a Wordpress-site (via
  XMLRPC) using username and password combinations indicated by the
  USER_FILE, PASS_FILE, and USERPASS_FILE options.

  The module, checks for XMLRPC response using `demo.sayHello` function
  and sweeps users with `wp.getUsers` function.

  If `verbose` is set `true`, the raw XML response will be printed.

  The module might be usefull when the target's administration page
  is protected.
2014-07-25 16:24:09 +03:00
Alton Johnson d0cd5cfc7a Updated. 2014-07-24 21:53:23 -05:00
Alton Johnson cdc56df09f Updated smb_enumshares.rb 2014-07-24 21:18:02 -05:00
Alton Johnson 51c488a5ea Added smb_enumshares. 2014-07-24 21:11:18 -05:00
ikkini 03f68e21e7 Merge branch 'rsync_modules' of https://github.com/ikkini/metasploit-framework into rsync_modules 2014-07-24 23:29:14 +02:00
ikkini ccb26637e7 List all (listable) modules from a rsync daemon 2014-07-24 23:26:41 +02:00
us3r777 cd2ec0a863 Refactored jboss mixin and modules
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
2014-07-24 22:58:58 +02:00
Jon Hart bd1970ced9 Fix basic HTTP directory traversal detection 2014-07-24 13:22:58 -07:00
ikkini 6692545eb6 Delete rsync_list.rb 2014-07-24 22:10:08 +02:00
ikkini f12b97e8c0 List all (listable) modules from a rsync daemon 2014-07-24 22:04:00 +02:00
Samuel Huckins 6c1a3f4992 Merge pull request #3555 from jlee-r7/bug/MSP-10817/jtr-typo
Now able to complete without error.

MSP-10817 #land
2014-07-23 15:55:42 -05:00
James Lee eee72a86ba
Fix the case when john cracks only half of LM 2014-07-23 15:25:32 -05:00
us3r777 b526fc50f8 Refactored jboss mixin and modules
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
2014-07-22 23:08:42 +02:00
David Maloney e54f5e8ee7
working snmp_login module 2014-07-22 12:44:21 -05:00
David Maloney c553fcac73
start refacotirng snmp_login 2014-07-22 11:46:22 -05:00
James Lee 917d2c718b
Use All4 instead of LanMan
... Which was the original behavior. A full incremental LanMan can take
many hours instead of the few seconds this module was intended to run.
2014-07-21 18:24:35 -05:00
us3r777 ae2cd63391 Refactored Jboss mixin
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
jvazquez-r7 fe0b6fa79e
Land #3532, @luisco's joomla login bruteforcer 2014-07-21 12:56:15 -05:00
jvazquez-r7 aefaa3dd96 Make rubocop more happy 2014-07-21 12:55:45 -05:00
Tod Beardsley ffafd4c01f
Add NTP fuzzer from @jhart-r7
Looks good to me!
2014-07-21 12:38:12 -05:00
jvazquez-r7 478e43170a Report credentials to database 2014-07-21 12:26:13 -05:00
jvazquez-r7 63fca1bfdd Make some datastore options required 2014-07-21 12:10:52 -05:00
jvazquez-r7 436ac706e8 Rescue Rex::ConnectionError while finding the uri 2014-07-21 12:00:24 -05:00
jvazquez-r7 30de4cdf8d Fix get_login_hidden 2014-07-21 11:57:37 -05:00
jvazquez-r7 ff3a21b520 Refactor do_web_login 2014-07-21 11:35:19 -05:00
jvazquez-r7 22f41e4435 Use vars_post 2014-07-21 11:07:00 -05:00
jvazquez-r7 92fd3bc72b Deleting REQUEST_TYPE option because I don't think has sense here 2014-07-21 10:53:43 -05:00
jvazquez-r7 986b8e5d02 First style issues cleanup 2014-07-21 09:49:05 -05:00
HD Moore 5ba96d6054 Fix peer(rhost)->peer() usage in mediawiki_svg_fileaccess 2014-07-19 15:56:41 -05:00
root 7a5f3b8991 Implementing Ruby Style Guide and replace send_request_raw send_request_cgi 2014-07-18 14:31:38 -05:00
us3r777 088f208c7c Added auxiliary module jboss_bshdeployer
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
root 1f02891dc7 Change name of module and implementation of the recommended changes 2 2014-07-18 00:17:35 -05:00
root 0168a99eaa Change name of module and implementation of the recommended changes 2014-07-17 23:49:25 -05:00
root f2eabdba94 implementation of the recommended changes 2014-07-17 23:36:37 -05:00
jvazquez-r7 ad2e7c3713 print header only if there are results... 2014-07-17 18:02:24 -05:00
Jon Hart 06fd1ead9d Address more style issues 2014-07-17 09:37:27 -07:00
jvazquez-r7 7e6e154a39 Fix null pointer dereference 2014-07-17 08:51:12 -05:00
Trevor Rosen bebf11c969
Resolves some Login::Status migration issues
MSP-10730
2014-07-16 21:52:08 -05:00
root ceff18de9d Add modifiable UserAgent and translations to English 2014-07-16 20:44:20 -05:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
William Vu b6ded9813a
Remove EOL whitespace 2014-07-16 14:56:34 -05:00
David Maloney 5534599cfc
fix for jtr warnings
remmove include for Jtr mixin in deprecated jtr_unshadow module

remove deprecated postgres_crack module
2014-07-16 12:52:29 -05:00
David Maloney 52a29856b3
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-16 09:38:44 -05:00
Jon Hart 9e5c24a97e Address some Ruby style issues 2014-07-15 16:55:54 -07:00
David Maloney 674447c891
final cleanup steps 2014-07-15 15:31:51 -05:00
David Maloney 7ac6640cfd
Merge branch 'staging/electro-release' into feature/MSP-10711/login-status
Conflicts:
	Gemfile
	Gemfile.lock
	modules/auxiliary/scanner/smb/smb_login.rb
2014-07-15 15:12:33 -05:00
James Lee 51a9a763c0
Move error_name to InvalidPacket and check for nil
MSP-10713
2014-07-15 15:02:53 -05:00
David Maloney 34635ab968
module login status cleanup
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
root 3becfff41e Add Bruteforce Joomla 2014-07-14 14:07:23 -05:00
dmaloney-r7 7184d2ed5e Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor
Refactor pop3_login
2014-07-14 13:27:11 -05:00
James Lee e68dcdbb06
Refactor pop3_login
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.

See http://wiki2.dovecot.org/Authentication/Penalty
2014-07-11 17:26:49 -05:00
William Vu 2fd7bcf8bf
Land #3514, report_note for scraper 2014-07-11 17:17:10 -05:00
nodeofgithub 5d833cbb16 http_header report_note remove to_s 2014-07-11 17:14:45 -05:00
nodeofgithub 7e9eb84531 http_header report_note remove brackets, move rport 2014-07-11 17:14:45 -05:00
nodeofgithub a8ec733a3a Interpolate all the things! 2014-07-11 17:14:09 -05:00
nodeofgithub 4abe856fc1 Rescue http_header notes from getting truncated
Seems that only one header line gets added to host notes, and the rest are thrown away. This adds the counter number to the type string, so that each header line entry is unique and correctly saved. I also added port in case you want headers from several ports on one host without the previous getting overwritten.

(scanning shodanhq.com)
----BEFORE----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: deleted header Expires
[*] 162.159.245.38:80: CF-RAY: 1485d013ca880773-EWR
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 14:50:20 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 7 headers
[*] Scanned 1 of 1 hosts (100% complete)

msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 14:50:19 UTC Note: host=162.159.245.38 type=HTTP header data="SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >

----AFTER----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: CF-RAY: 14869ad5c0970f57-FRA
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 17:08:45 GMT
[*] 162.159.245.38:80: EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 8 headers
[*] Scanned 1 of 1 hosts (100% complete)

msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.0 data="CF-RAY: 14869ad5c0970f57-FRA"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.1 data="CACHE-CONTROL: max-age=15"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.2 data="CONNECTION: keep-alive"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.3 data="CONTENT-TYPE: text/html; charset=UTF-8"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.4 data="DATE: Fri, 11 Jul 2014 17:08:45 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.5 data="EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.6 data="SERVER: cloudflare-nginx"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.7 data="SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >
2014-07-11 17:14:09 -05:00
nodeofgithub 6ef69b4014 scraper report_note, remove eol whitespace 2014-07-11 21:21:56 +02:00
nodeofgithub ad46c37988 scraper report_note, remove unnecessary to_s 2014-07-11 21:08:35 +02:00
nodeofgithub 7a7d149dc5 scraper report_note, change note type string 2014-07-11 21:01:20 +02:00
Tod Beardsley b09fab13f0 Fix one flubbed author address 2014-07-11 13:50:37 -05:00
nodeofgithub 8b302cd472 Add report_note to scraper.rb
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:31:46 +02:00
nodeofgithub b834e7d3cb Update scraper.rb 2014-07-11 20:20:40 +02:00
nodeofgithub da67a63ad0 Add report_note to scraper.rb
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:07:48 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
William Vu 43f41de124
Land #3508, CVE-2014-4671 Flash JSONP disclosure 2014-07-11 10:11:48 -05:00
joev b8225ae2dc
Remove unnecessary ||= and ivars. 2014-07-10 16:06:28 -05:00
joev e0389dfbc3
Update code as per @wvu's code review. 2014-07-10 15:03:40 -05:00
James Lee 62a2f1dc0a
Credential -> Model for realm key constants 2014-07-10 14:30:25 -05:00
joev dd439066ca
Patch rhost to display hostname of JSONP_URL. 2014-07-10 12:02:22 -05:00
joev 841cb6a590
STEAL_URL -> STEAL_URLS. 2014-07-10 09:14:32 -05:00
joev fad30bc874
Add flash rosetta exploit module for stealing URLs. 2014-07-10 09:09:10 -05:00
James Lee c5226352de
Un-login-able should be print_status, not good 2014-07-09 17:45:41 -05:00
James Lee 7d9c0da691
Record correct creds with non-success status 2014-07-09 13:26:49 -05:00
James Lee afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
Conflicts:
	lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
David Maloney aeda74f394
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-07 16:41:23 -05:00
James Lee 2a9ac0a007
Axe SSHKey in favor of a unified SSH 2014-07-07 13:35:17 -05:00
Jon Hart 1500f33e1b Default to only fuzzing versions 2-4 2014-07-03 07:32:44 -07:00
Christian Mehlmauer b15297eee0
Land #3490, @Meatballs1 tns listener verbose output 2014-07-03 16:20:38 +02:00
Rob Fuller c6675a2900 Add verbosity to Jenkins Enum 2014-07-02 13:25:18 -04:00
William Vu 68ba79aa16
Remove access_level, since we don't have access 2014-07-01 17:53:18 -05:00
William Vu 5fa0981026
Add login and move print_status 2014-07-01 17:48:42 -05:00
Jon Hart 1830bdc7a5 Add rspec coverage for Rex::Proto::NTP 2014-07-01 12:29:47 -07:00
William Vu 864f0f1bbc
Update description, loot -> creds 2014-07-01 11:46:21 -05:00
Jon Hart bc274b358f Move NTP message code to Rex::Proto::NTP, simplify option handling 2014-06-30 23:57:47 -07:00
William Vu 3079c47d41
Refactor oracle_hashdump creds 2014-07-01 01:07:22 -05:00
jvazquez-r7 bf9c64d3ee
Land #3483, @hmoore-r7's title change for ipmi_cipher_zero 2014-06-30 17:31:12 -05:00
Meatballs cf720a88e8
Be verbose about error codes 2014-06-30 19:10:03 +01:00
Meatballs f8ef6c50b4
Land #3470, Cerberus SFTP User Enumeration 2014-06-30 19:01:15 +01:00
Meatballs 94c5a0b603
More verbose around connection errors 2014-06-30 18:56:30 +01:00
Meatballs 183d601aae
Small tidyup 2014-06-30 18:17:49 +01:00
attackdebris 004afa6e0c Clean commit of Cerberus FTP User Enumeration Module 2014-06-30 17:53:46 +01:00
HD Moore 72d8d8a40c RAKP defines auth, not cipher-0 bypass, see below.
Dan Farmer noted that the RAKP reference in the title was not correct
and that RAKP is a separate issue and protocol implementation than
the use of Cipher Zero to perform an authentication bypass.

Cosmetic only change
2014-06-30 00:52:40 -05:00
HD Moore 4bff68ff2b Use the specified UA, dont duplicate ports 2014-06-30 00:49:21 -05:00
HD Moore 6e8415143c Fix msftidy and tweak a few modules missing timeouts 2014-06-30 00:46:28 -05:00
HD Moore 90eccefcc8 Fix sock.get use and some minor bugs 2014-06-28 16:17:15 -05:00
HD Moore 5e900a9f49 Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse 2014-06-28 16:06:46 -05:00
HD Moore 3868348045 Fix incorrect use of sock.get that leads to indefinite hang 2014-06-28 15:48:58 -05:00
HD Moore 3ae91410f5 Fix incorrect use of sock.get(), remove rundant return values 2014-06-28 15:24:02 -05:00
HD Moore 6d0d8a911d Fix incorrect use of sock.get() that could lead to indefinite hang 2014-06-28 15:22:16 -05:00
HD Moore a9cd9c584a Respect RPORT even if additional ports are specified 2014-06-28 15:21:54 -05:00
HD Moore 43420aa984 Fix incorrect use of sock.get that can lead to an indefinite timeout
console1:
```
msf> use auxiliary/scanner/http/open_proxy
msf auxiliary(open_proxy) > set RHOSTS 192.168.0.4
msf auxiliary(open_proxy) > set RPORT 8888
msf auxiliary(open_proxy) > run
< the connection never times out >
```

console2:
```
$ nc -vlp 8888
Listening on [0.0.0.0] (family 0, port 8888)
Connection from [192.168.0.4] port 8888 [tcp/*] accepted (family 2, sport 43245)
GET http://209.85.148.147/ HTTP/1.1
Host: 209.85.148.147
Connection: close
User-Agent: user_agent
Accept-Encoding: *
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7
Cache-Control: no
Accept-Language: de,en;q=0.7,en-us;q=0.3
```

After the patch, requests timeout after 10 seconds:
```
msf auxiliary(open_proxy) > run
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-06-28 15:18:11 -05:00
HD Moore 3e1ac3fee1 This module was broken due to a hardcoded IP address for google.com 2014-06-28 15:14:29 -05:00
David Maloney 9cec330f05
Merge branch 'master' into staging/electro-release 2014-06-26 10:22:30 -05:00
James Lee 48e93b7fc2
Merge branch 'feature/MSP-9715/linux_hashcracker' into staging/electro-release 2014-06-25 16:15:44 -05:00
David Maloney 34c57f51b1 Merge branch 'staging/electro-release' of github.com:rapid7/metasploit-framework-private into staging/electro-release 2014-06-25 15:02:35 -05:00
David Maloney ac61a8fe4f
deprecate jtr_unshadow 2014-06-25 15:01:35 -05:00
James Lee 75be200b97
Merge branch 'feature/MSP-9714/jtr_aix' into staging/electro-release 2014-06-25 14:34:41 -05:00
James Lee 70fd3344fd
Merge branch 'feature/MSP-9713/jtr_crack_fast' into staging/electro-release 2014-06-25 14:15:50 -05:00
David Maloney 61d8597a00
missing require 2014-06-25 10:13:41 -05:00
David Maloney 5b0a356045
properly strip extra colons 2014-06-25 10:04:48 -05:00
James Lee 4e0bcc123d
More useful msg when domain is ignored 2014-06-25 10:01:07 -05:00
James Lee f225ac92ab
Refactor smb_login
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
David Maloney 560fc93834
jtr_aix refactor
updated the aix cracker for jtr
2014-06-24 15:34:28 -05:00
James Lee 85611702f9 Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor 2014-06-23 23:58:47 -05:00
Jon Hart b9925bb24c Minor option cleanup 2014-06-23 18:38:47 -07:00
HD Moore 002234993f
SMB lib fixes, unattend.xml cred gathering 2014-06-23 20:08:42 -05:00