jvazquez-r7
0737d0dbd5
Refactor auxiliary module
2014-08-22 17:05:45 -05:00
jvazquez-r7
9ef09a7725
Pass msftidy
2014-08-22 13:24:59 -05:00
jvazquez-r7
38e6576990
Update
2014-08-22 13:22:57 -05:00
Joe Vennix
95fbb8f1b7
Land PR #3672 , dmaloney-r7's login scanner credential rework.
2014-08-22 11:15:32 -05:00
Brandon Turner
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63
and
82760bf5b3
).
We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3
).
This merge commit merges the staging/electro-release branch
(62b81d6814
) into master
(48f0743d1b
). It ensures that any changes
committed to master since the original squashed merge are retained.
As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
.
Conflicts:
lib/metasploit/framework/command/base.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/require.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/smb/smb_login.rb
msfconsole
2014-08-22 10:17:44 -05:00
Christopher Truncer
3918acb1e1
Changed keyword used when returning
2014-08-21 12:34:54 -04:00
Christopher Truncer
a0b72bba93
Updated module based on feedback
2014-08-21 12:26:41 -04:00
Christopher Truncer
383906c26c
Removed function no longer used
2014-08-20 22:51:01 -04:00
Christopher Truncer
c93bfb4673
Fixed targeturi value
2014-08-20 21:23:45 -04:00
Christopher Truncer
7f90b81711
IP Board Login Scanner Module
2014-08-20 21:18:19 -04:00
Jon Hart
9f9f28cc31
If a peer is 127.0.0.1, don't try to store it because we (currently...) can't
2014-08-20 15:48:54 -07:00
Jon Hart
9db3dc7ad8
Store peer data note in the same format as originally
2014-08-20 15:10:45 -07:00
Jon Hart
758c3fa518
Only discard monlist replies that are impossibly short
...
This fixes the case where if a monlist reply only includes one peer
2014-08-20 15:02:21 -07:00
Jon Hart
7ad9300d37
Update ntp_monlist to use UDPScanner, NTP and DRDoS mixins
2014-08-20 14:41:00 -07:00
Jon Hart
8fd4ee87ab
Allow singular NTP version and mode 7 implementation testing
2014-08-20 12:21:39 -07:00
John Sawyer
1959f7a235
Updated shodan_search for new API
2014-08-20 00:48:13 -04:00
Tom Sellers
74920d26a4
Update to server/capture/imap.rb for new Credential system
2014-08-19 15:25:31 -05:00
Tom Sellers
3fdad4dc91
Update auxillary/scanner/ftp with Credential Gem
2014-08-19 13:13:05 -05:00
David Maloney
473b92a060
Merge branch 'master' into feature/MSP-10992/scanner-dry
...
Conflicts:
Gemfile.lock
lib/metasploit/framework/command/console.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/credential.rb
lib/metasploit/framework/credential_collection.rb
lib/metasploit/framework/login_scanner/afp.rb
lib/metasploit/framework/login_scanner/axis2.rb
lib/metasploit/framework/login_scanner/db2.rb
lib/metasploit/framework/login_scanner/ftp.rb
lib/metasploit/framework/login_scanner/http.rb
lib/metasploit/framework/login_scanner/mssql.rb
lib/metasploit/framework/login_scanner/mysql.rb
lib/metasploit/framework/login_scanner/pop3.rb
lib/metasploit/framework/login_scanner/postgres.rb
lib/metasploit/framework/login_scanner/result.rb
lib/metasploit/framework/login_scanner/smb.rb
lib/metasploit/framework/login_scanner/snmp.rb
lib/metasploit/framework/login_scanner/ssh.rb
lib/metasploit/framework/login_scanner/telnet.rb
lib/metasploit/framework/login_scanner/vnc.rb
lib/metasploit/framework/parsed_options/console.rb
lib/metasploit/framework/require.rb
lib/metasploit/framework/version.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/afp/afp_login.rb
modules/auxiliary/scanner/db2/db2_auth.rb
modules/auxiliary/scanner/ftp/ftp_login.rb
modules/auxiliary/scanner/http/axis_login.rb
modules/auxiliary/scanner/http/http_login.rb
modules/auxiliary/scanner/http/tomcat_mgr_login.rb
modules/auxiliary/scanner/mssql/mssql_login.rb
modules/auxiliary/scanner/mysql/mysql_login.rb
modules/auxiliary/scanner/pop3/pop3_login.rb
modules/auxiliary/scanner/postgres/postgres_login.rb
modules/auxiliary/scanner/snmp/snmp_login.rb
modules/auxiliary/scanner/ssh/ssh_login.rb
modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
modules/auxiliary/scanner/telnet/telnet_login.rb
modules/auxiliary/scanner/vnc/vnc_login.rb
modules/auxiliary/scanner/winrm/winrm_login.rb
spec/lib/metasploit/framework/credential_spec.rb
spec/lib/msf/core/framework_spec.rb
2014-08-19 10:30:16 -05:00
sinn3r
7330e3585f
Support Glassfish 4.0 and lots of other changes
2014-08-18 19:03:26 -05:00
James Lee
f169b8dff3
Fix hashes being stored as passwords
2014-08-18 15:52:13 -05:00
Tod Beardsley
cad281494f
Minor caps, grammar, desc fixes
2014-08-18 13:35:34 -05:00
joev
5bfbb7654e
Add android meterpreter to browser autopwn.
2014-08-18 11:09:16 -05:00
Samuel Huckins
149c3ecc63
Various merge resolutions from master <- staging
...
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
jvazquez-r7
93990f4578
Land #3631 , @wchen-r7's fixes to avoid datastore options assignment at runtime
2014-08-12 14:46:02 -05:00
jvazquez-r7
b46b6af50d
Land #3630 , @wchen-r7's fix for datastore assignments on smb_enumusers
2014-08-12 14:26:55 -05:00
jvazquez-r7
33da1a6871
Give a chance to the mixin
2014-08-12 13:49:39 -05:00
David Maloney
fcfce9efec
Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry
2014-08-12 11:22:51 -05:00
cx
c937e80521
Added Fixes#2 mentioned by Firefart
...
Details:
* MSF's HTTP::Wordpress class included and wordpress related
variables are used.
2014-08-12 15:16:43 +03:00
sinn3r
4aeb1eda9c
Don't use datastore options as default values
2014-08-11 18:55:32 -05:00
cx
c90434c926
Added Fixes mentioned by Firefart
...
Details:
* string interpolation removed
* Minor styling issues are fixed
* peer var used
* target_uri added instead of datastore
2014-08-11 14:37:39 +03:00
Tod Beardsley
08bb815bd8
Add Yokogawa unauth admin module
2014-08-09 13:30:10 -05:00
Jon Hart
a5e9abc227
Update R7-2014-12 NTP modules to use new DRDoS mixin
2014-08-08 23:15:54 -07:00
Jon Hart
00452b41c9
Gut admin functions from R7-2014-12 NTP modules
...
None of these are admin modules. All of that stuff should eventually go
in auxiliary/admin
2014-08-08 21:22:11 -07:00
Jon Hart
ed3ccdc9e0
Initial commit of modules for NTP vulns described in R7-2014-12
...
Not entirely functional or polished, but mostly working
2014-08-08 21:00:43 -07:00
Jon Hart
3307726c21
Land #3627 , @wchen-r7's cleanup of ctypes in smb_enumshares
2014-08-08 19:17:15 -07:00
Jon Hart
b3bb20f569
Land #3629 , @wchen-r7's HTTP traversal fixes
2014-08-08 18:08:32 -07:00
Jon Hart
c35dc4d3ac
Extract query params separately
...
Prevents stomping on data
2014-08-08 18:07:25 -07:00
sinn3r
969e5ddd39
Override the correct smb_direct
2014-08-07 18:48:46 -05:00
sinn3r
3b27102c4c
Override the correct smb_direct
2014-08-07 18:47:33 -05:00
sinn3r
436e2abfff
Fix datastore options
2014-08-07 17:59:40 -05:00
sinn3r
1963318e70
Fix datastore options
2014-08-07 17:58:25 -05:00
sinn3r
ab8f2c7d3f
Datastore option fix
2014-08-07 17:57:44 -05:00
sinn3r
6f8c7f092a
Fix direct datastore assignments to pass msftidy
2014-08-07 17:51:45 -05:00
sinn3r
c79fe731c5
Um, this is the right way to do it.
2014-08-07 13:32:48 -05:00
sinn3r
f7bda738cf
Fix file handle leak
2014-08-07 13:30:34 -05:00
sinn3r
711630d059
Fix datastore assignments
2014-08-07 13:28:51 -05:00
sinn3r
c7090f57a5
Fix "text" ctype in smb_enumshares
...
"text" is not a valid ctype, should be text/plain
2014-08-07 11:25:55 -05:00
Christian Mehlmauer
a7be5b5164
Added fingerprinting
2014-08-07 18:12:58 +02:00
Christian Mehlmauer
d6e60453d6
Added Wordpress XMLRPC DoS
2014-08-07 11:38:44 +02:00
Brandon Turner
91bb0b6e10
Metasploit Framework 4.9.3-2014072301
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
/lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
aJ0QgKJz8thZgafZc89I
=e1z9
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
AjGcfOzhhcsY+WAQ7OG+
=Pjob
-----END PGP SIGNATURE-----
Merge tag '2014072301' into staging/electro-release
Conflicts:
Gemfile.lock
modules/post/windows/gather/credentials/gpp.rb
This removes the active flag in the gpp.rb module. According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
sinn3r
9b6259e58b
Land #3569 - Updated smb_enumshares to support spidering
2014-08-05 20:23:09 -05:00
sinn3r
f520616730
This fixes a few things, see commit message for more info
...
This commit fixes the following:
1. Not handling eval_host()'s nil file return value, which can causes
a NoMethodError at runtime due to various conditions.
2. Renames datastore option VERBOSE to ShowFiles to pass msftidy
3. Avoids overwriting datastore options directly to pass msftidy
2014-08-05 19:20:11 -05:00
Alton Johnson
da845c7e89
Changed default VERBOSE option to false.
2014-08-04 18:06:35 -05:00
Jon Hart
b81c7e28f4
Land #3588 , @tobd-r7's Fix SpaceBeforeModifierKeyword Rubocop warning
2014-08-04 14:25:03 -07:00
jvazquez-r7
ed97751ead
Land #2999 , @j0hnf's modifiction to check_dir_file to handle file:
2014-08-04 11:55:18 -05:00
jvazquez-r7
cd45ed0e0a
Handle exceptions when connecting the SMBHSARE
2014-08-04 11:54:30 -05:00
jvazquez-r7
85b5c5a691
Refactor check_path
2014-08-04 11:48:13 -05:00
jvazquez-r7
1e29bef51b
Fix msftidy warnings
2014-08-04 11:46:27 -05:00
jvazquez-r7
04bf0b4ab6
Fix forgotten comma
2014-08-04 11:34:12 -05:00
HD Moore
3bc8d1fee9
See #RM8838. Handle null domain_sid properly
...
This switches to the local sid if the domain sid is null, even if
the ACTION is set to DOMAIN. This solves the issue identified in
```
[*] 192.168.0.4 PIPE(LSARPC) LOCAL(NAS - 5-21-2272853860-1115691317-1341221697) DOMAIN(WORKGROUP - )
[-] 192.168.0.4 No domain SID identified, falling back to the local SID...
[*] 192.168.0.4 USER=guest RID=501
[*] 192.168.0.4 GROUP=None RID=513
```
2014-08-02 14:25:17 -05:00
us3r777
cd2e225359
Refactored auxilliary jboss_bshdeployer
...
Switch modules/auxiliary/admin/http/jboss_bshdeployer.rb to use the
changes.
2014-08-02 11:10:49 +02:00
David Maloney
ab7111120b
and all the rest
...
finally!
2014-08-01 14:54:18 -05:00
David Maloney
4821851ae4
telnet and ssh next
2014-08-01 14:47:08 -05:00
David Maloney
12902b0a6d
the refactor continues!
2014-08-01 14:41:03 -05:00
David Maloney
b74813b9a1
mysql and pop3 now
2014-08-01 14:30:33 -05:00
David Maloney
2e7738c788
http and mssql now
2014-08-01 14:22:58 -05:00
David Maloney
33f73a8af7
refactor db2
2014-08-01 13:00:27 -05:00
David Maloney
439b893fea
refactor axislogin
2014-08-01 12:30:16 -05:00
David Maloney
0fffb179fa
refactor afp_login
2014-08-01 12:10:52 -05:00
David Maloney
c3691ba056
finish refactoring ftp_login
2014-08-01 12:06:13 -05:00
David Maloney
a380646667
start refactoring ftp loginscanner
2014-08-01 11:47:13 -05:00
jvazquez-r7
4ed085d0d2
Land #3581 , @FireFart's update for W3 Total Cache Hash extract module
2014-07-30 10:45:11 -05:00
jvazquez-r7
674c3ca260
Use [] for references
2014-07-30 10:44:42 -05:00
jvazquez-r7
1fe459eb42
Add info to know where the info comes from
2014-07-29 18:47:40 -05:00
Tod Beardsley
adf03e28ce
Fix SpaceBeforeModifierKeyword Rubocop warning
...
This also deals with some errant tabs where internal spaces should be,
as well as one syntax error which was preventing an old meterpreter
script from ever working correctly.
Some day, we need to get rid of those Meterpeter scripts. Srsly.
2014-07-29 17:10:54 -05:00
Christian Mehlmauer
3d2a62bc29
Updated W3 Total Cache Hash extract module
2014-07-29 19:49:48 +02:00
us3r777
9e9244830a
Added spec for lib/msf/http/jboss
...
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
Christopher Truncer
7129108c58
Fixed status in MSF db for Nessus
2014-07-28 13:49:24 -04:00
cx
7247f8879b
Empty line fix
...
Details:
* Empty line fix added to each_user_pass function
2014-07-28 12:50:41 +03:00
cx
5679a72aa8
Added Fixes mentioned by jhart-r7
...
Details:
* res && res.body fix
* empty return removed
* vprint added/changed
* is_? convention fixed
* Unknown error removed
* Minor styling issues are fixed
* VERBOSE Option Removed
2014-07-27 00:40:37 +03:00
Alton Johnson
555e6c9cff
Modified a few things based on suggestions.
2014-07-25 18:23:12 -05:00
Alton Johnson
58502f139a
Updated.
2014-07-25 15:46:50 -05:00
cx
cdabfb84f4
Add Wordpress XML-RPC Login Scanner
...
This module attempts to authenticate against a Wordpress-site (via
XMLRPC) using username and password combinations indicated by the
USER_FILE, PASS_FILE, and USERPASS_FILE options.
The module, checks for XMLRPC response using `demo.sayHello` function
and sweeps users with `wp.getUsers` function.
If `verbose` is set `true`, the raw XML response will be printed.
The module might be usefull when the target's administration page
is protected.
2014-07-25 16:24:09 +03:00
Alton Johnson
d0cd5cfc7a
Updated.
2014-07-24 21:53:23 -05:00
Alton Johnson
cdc56df09f
Updated smb_enumshares.rb
2014-07-24 21:18:02 -05:00
Alton Johnson
51c488a5ea
Added smb_enumshares.
2014-07-24 21:11:18 -05:00
ikkini
03f68e21e7
Merge branch 'rsync_modules' of https://github.com/ikkini/metasploit-framework into rsync_modules
2014-07-24 23:29:14 +02:00
ikkini
ccb26637e7
List all (listable) modules from a rsync daemon
2014-07-24 23:26:41 +02:00
us3r777
cd2ec0a863
Refactored jboss mixin and modules
...
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
2014-07-24 22:58:58 +02:00
Jon Hart
bd1970ced9
Fix basic HTTP directory traversal detection
2014-07-24 13:22:58 -07:00
ikkini
6692545eb6
Delete rsync_list.rb
2014-07-24 22:10:08 +02:00
ikkini
f12b97e8c0
List all (listable) modules from a rsync daemon
2014-07-24 22:04:00 +02:00
Samuel Huckins
6c1a3f4992
Merge pull request #3555 from jlee-r7/bug/MSP-10817/jtr-typo
...
Now able to complete without error.
MSP-10817 #land
2014-07-23 15:55:42 -05:00
James Lee
eee72a86ba
Fix the case when john cracks only half of LM
2014-07-23 15:25:32 -05:00
us3r777
b526fc50f8
Refactored jboss mixin and modules
...
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
2014-07-22 23:08:42 +02:00
David Maloney
e54f5e8ee7
working snmp_login module
2014-07-22 12:44:21 -05:00
David Maloney
c553fcac73
start refacotirng snmp_login
2014-07-22 11:46:22 -05:00
James Lee
917d2c718b
Use All4 instead of LanMan
...
... Which was the original behavior. A full incremental LanMan can take
many hours instead of the few seconds this module was intended to run.
2014-07-21 18:24:35 -05:00
us3r777
ae2cd63391
Refactored Jboss mixin
...
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
jvazquez-r7
fe0b6fa79e
Land #3532 , @luisco's joomla login bruteforcer
2014-07-21 12:56:15 -05:00
jvazquez-r7
aefaa3dd96
Make rubocop more happy
2014-07-21 12:55:45 -05:00
Tod Beardsley
ffafd4c01f
Add NTP fuzzer from @jhart-r7
...
Looks good to me!
2014-07-21 12:38:12 -05:00
jvazquez-r7
478e43170a
Report credentials to database
2014-07-21 12:26:13 -05:00
jvazquez-r7
63fca1bfdd
Make some datastore options required
2014-07-21 12:10:52 -05:00
jvazquez-r7
436ac706e8
Rescue Rex::ConnectionError while finding the uri
2014-07-21 12:00:24 -05:00
jvazquez-r7
30de4cdf8d
Fix get_login_hidden
2014-07-21 11:57:37 -05:00
jvazquez-r7
ff3a21b520
Refactor do_web_login
2014-07-21 11:35:19 -05:00
jvazquez-r7
22f41e4435
Use vars_post
2014-07-21 11:07:00 -05:00
jvazquez-r7
92fd3bc72b
Deleting REQUEST_TYPE option because I don't think has sense here
2014-07-21 10:53:43 -05:00
jvazquez-r7
986b8e5d02
First style issues cleanup
2014-07-21 09:49:05 -05:00
HD Moore
5ba96d6054
Fix peer(rhost)->peer() usage in mediawiki_svg_fileaccess
2014-07-19 15:56:41 -05:00
root
7a5f3b8991
Implementing Ruby Style Guide and replace send_request_raw send_request_cgi
2014-07-18 14:31:38 -05:00
us3r777
088f208c7c
Added auxiliary module jboss_bshdeployer
...
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
root
1f02891dc7
Change name of module and implementation of the recommended changes 2
2014-07-18 00:17:35 -05:00
root
0168a99eaa
Change name of module and implementation of the recommended changes
2014-07-17 23:49:25 -05:00
root
f2eabdba94
implementation of the recommended changes
2014-07-17 23:36:37 -05:00
jvazquez-r7
ad2e7c3713
print header only if there are results...
2014-07-17 18:02:24 -05:00
Jon Hart
06fd1ead9d
Address more style issues
2014-07-17 09:37:27 -07:00
jvazquez-r7
7e6e154a39
Fix null pointer dereference
2014-07-17 08:51:12 -05:00
Trevor Rosen
bebf11c969
Resolves some Login::Status migration issues
...
MSP-10730
2014-07-16 21:52:08 -05:00
root
ceff18de9d
Add modifiable UserAgent and translations to English
2014-07-16 20:44:20 -05:00
William Vu
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
William Vu
b6ded9813a
Remove EOL whitespace
2014-07-16 14:56:34 -05:00
David Maloney
5534599cfc
fix for jtr warnings
...
remmove include for Jtr mixin in deprecated jtr_unshadow module
remove deprecated postgres_crack module
2014-07-16 12:52:29 -05:00
David Maloney
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
Jon Hart
9e5c24a97e
Address some Ruby style issues
2014-07-15 16:55:54 -07:00
David Maloney
674447c891
final cleanup steps
2014-07-15 15:31:51 -05:00
David Maloney
7ac6640cfd
Merge branch 'staging/electro-release' into feature/MSP-10711/login-status
...
Conflicts:
Gemfile
Gemfile.lock
modules/auxiliary/scanner/smb/smb_login.rb
2014-07-15 15:12:33 -05:00
James Lee
51a9a763c0
Move error_name to InvalidPacket and check for nil
...
MSP-10713
2014-07-15 15:02:53 -05:00
David Maloney
34635ab968
module login status cleanup
...
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
root
3becfff41e
Add Bruteforce Joomla
2014-07-14 14:07:23 -05:00
dmaloney-r7
7184d2ed5e
Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor
...
Refactor pop3_login
2014-07-14 13:27:11 -05:00
James Lee
e68dcdbb06
Refactor pop3_login
...
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.
See http://wiki2.dovecot.org/Authentication/Penalty
2014-07-11 17:26:49 -05:00
William Vu
2fd7bcf8bf
Land #3514 , report_note for scraper
2014-07-11 17:17:10 -05:00
nodeofgithub
5d833cbb16
http_header report_note remove to_s
2014-07-11 17:14:45 -05:00
nodeofgithub
7e9eb84531
http_header report_note remove brackets, move rport
2014-07-11 17:14:45 -05:00
nodeofgithub
a8ec733a3a
Interpolate all the things!
2014-07-11 17:14:09 -05:00
nodeofgithub
4abe856fc1
Rescue http_header notes from getting truncated
...
Seems that only one header line gets added to host notes, and the rest are thrown away. This adds the counter number to the type string, so that each header line entry is unique and correctly saved. I also added port in case you want headers from several ports on one host without the previous getting overwritten.
(scanning shodanhq.com)
----BEFORE----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: deleted header Expires
[*] 162.159.245.38:80: CF-RAY: 1485d013ca880773-EWR
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 14:50:20 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 7 headers
[*] Scanned 1 of 1 hosts (100% complete)
msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 14:50:19 UTC Note: host=162.159.245.38 type=HTTP header data="SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >
----AFTER----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: CF-RAY: 14869ad5c0970f57-FRA
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 17:08:45 GMT
[*] 162.159.245.38:80: EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 8 headers
[*] Scanned 1 of 1 hosts (100% complete)
msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.0 data="CF-RAY: 14869ad5c0970f57-FRA"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.1 data="CACHE-CONTROL: max-age=15"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.2 data="CONNECTION: keep-alive"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.3 data="CONTENT-TYPE: text/html; charset=UTF-8"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.4 data="DATE: Fri, 11 Jul 2014 17:08:45 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.5 data="EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.6 data="SERVER: cloudflare-nginx"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.7 data="SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >
2014-07-11 17:14:09 -05:00
nodeofgithub
6ef69b4014
scraper report_note, remove eol whitespace
2014-07-11 21:21:56 +02:00
nodeofgithub
ad46c37988
scraper report_note, remove unnecessary to_s
2014-07-11 21:08:35 +02:00
nodeofgithub
7a7d149dc5
scraper report_note, change note type string
2014-07-11 21:01:20 +02:00
Tod Beardsley
b09fab13f0
Fix one flubbed author address
2014-07-11 13:50:37 -05:00
nodeofgithub
8b302cd472
Add report_note to scraper.rb
...
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:31:46 +02:00
nodeofgithub
b834e7d3cb
Update scraper.rb
2014-07-11 20:20:40 +02:00
nodeofgithub
da67a63ad0
Add report_note to scraper.rb
...
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:07:48 +02:00
jvazquez-r7
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
William Vu
43f41de124
Land #3508 , CVE-2014-4671 Flash JSONP disclosure
2014-07-11 10:11:48 -05:00
joev
b8225ae2dc
Remove unnecessary ||= and ivars.
2014-07-10 16:06:28 -05:00
joev
e0389dfbc3
Update code as per @wvu's code review.
2014-07-10 15:03:40 -05:00
James Lee
62a2f1dc0a
Credential -> Model for realm key constants
2014-07-10 14:30:25 -05:00
joev
dd439066ca
Patch rhost to display hostname of JSONP_URL.
2014-07-10 12:02:22 -05:00
joev
841cb6a590
STEAL_URL -> STEAL_URLS.
2014-07-10 09:14:32 -05:00
joev
fad30bc874
Add flash rosetta exploit module for stealing URLs.
2014-07-10 09:09:10 -05:00
James Lee
c5226352de
Un-login-able should be print_status, not good
2014-07-09 17:45:41 -05:00
James Lee
7d9c0da691
Record correct creds with non-success status
2014-07-09 13:26:49 -05:00
James Lee
afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
...
Conflicts:
lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
David Maloney
aeda74f394
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-07 16:41:23 -05:00
James Lee
2a9ac0a007
Axe SSHKey in favor of a unified SSH
2014-07-07 13:35:17 -05:00
Jon Hart
1500f33e1b
Default to only fuzzing versions 2-4
2014-07-03 07:32:44 -07:00
Christian Mehlmauer
b15297eee0
Land #3490 , @Meatballs1 tns listener verbose output
2014-07-03 16:20:38 +02:00
Rob Fuller
c6675a2900
Add verbosity to Jenkins Enum
2014-07-02 13:25:18 -04:00
William Vu
68ba79aa16
Remove access_level, since we don't have access
2014-07-01 17:53:18 -05:00
William Vu
5fa0981026
Add login and move print_status
2014-07-01 17:48:42 -05:00
Jon Hart
1830bdc7a5
Add rspec coverage for Rex::Proto::NTP
2014-07-01 12:29:47 -07:00
William Vu
864f0f1bbc
Update description, loot -> creds
2014-07-01 11:46:21 -05:00
Jon Hart
bc274b358f
Move NTP message code to Rex::Proto::NTP, simplify option handling
2014-06-30 23:57:47 -07:00
William Vu
3079c47d41
Refactor oracle_hashdump creds
2014-07-01 01:07:22 -05:00
jvazquez-r7
bf9c64d3ee
Land #3483 , @hmoore-r7's title change for ipmi_cipher_zero
2014-06-30 17:31:12 -05:00
Meatballs
cf720a88e8
Be verbose about error codes
2014-06-30 19:10:03 +01:00
Meatballs
f8ef6c50b4
Land #3470 , Cerberus SFTP User Enumeration
2014-06-30 19:01:15 +01:00
Meatballs
94c5a0b603
More verbose around connection errors
2014-06-30 18:56:30 +01:00
Meatballs
183d601aae
Small tidyup
2014-06-30 18:17:49 +01:00
attackdebris
004afa6e0c
Clean commit of Cerberus FTP User Enumeration Module
2014-06-30 17:53:46 +01:00
HD Moore
72d8d8a40c
RAKP defines auth, not cipher-0 bypass, see below.
...
Dan Farmer noted that the RAKP reference in the title was not correct
and that RAKP is a separate issue and protocol implementation than
the use of Cipher Zero to perform an authentication bypass.
Cosmetic only change
2014-06-30 00:52:40 -05:00
HD Moore
4bff68ff2b
Use the specified UA, dont duplicate ports
2014-06-30 00:49:21 -05:00
HD Moore
6e8415143c
Fix msftidy and tweak a few modules missing timeouts
2014-06-30 00:46:28 -05:00
HD Moore
90eccefcc8
Fix sock.get use and some minor bugs
2014-06-28 16:17:15 -05:00
HD Moore
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
HD Moore
3868348045
Fix incorrect use of sock.get that leads to indefinite hang
2014-06-28 15:48:58 -05:00
HD Moore
3ae91410f5
Fix incorrect use of sock.get(), remove rundant return values
2014-06-28 15:24:02 -05:00
HD Moore
6d0d8a911d
Fix incorrect use of sock.get() that could lead to indefinite hang
2014-06-28 15:22:16 -05:00
HD Moore
a9cd9c584a
Respect RPORT even if additional ports are specified
2014-06-28 15:21:54 -05:00
HD Moore
43420aa984
Fix incorrect use of sock.get that can lead to an indefinite timeout
...
console1:
```
msf> use auxiliary/scanner/http/open_proxy
msf auxiliary(open_proxy) > set RHOSTS 192.168.0.4
msf auxiliary(open_proxy) > set RPORT 8888
msf auxiliary(open_proxy) > run
< the connection never times out >
```
console2:
```
$ nc -vlp 8888
Listening on [0.0.0.0] (family 0, port 8888)
Connection from [192.168.0.4] port 8888 [tcp/*] accepted (family 2, sport 43245)
GET http://209.85.148.147/ HTTP/1.1
Host: 209.85.148.147
Connection: close
User-Agent: user_agent
Accept-Encoding: *
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7
Cache-Control: no
Accept-Language: de,en;q=0.7,en-us;q=0.3
```
After the patch, requests timeout after 10 seconds:
```
msf auxiliary(open_proxy) > run
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-06-28 15:18:11 -05:00
HD Moore
3e1ac3fee1
This module was broken due to a hardcoded IP address for google.com
2014-06-28 15:14:29 -05:00
David Maloney
9cec330f05
Merge branch 'master' into staging/electro-release
2014-06-26 10:22:30 -05:00
James Lee
48e93b7fc2
Merge branch 'feature/MSP-9715/linux_hashcracker' into staging/electro-release
2014-06-25 16:15:44 -05:00
David Maloney
34c57f51b1
Merge branch 'staging/electro-release' of github.com:rapid7/metasploit-framework-private into staging/electro-release
2014-06-25 15:02:35 -05:00
David Maloney
ac61a8fe4f
deprecate jtr_unshadow
2014-06-25 15:01:35 -05:00
James Lee
75be200b97
Merge branch 'feature/MSP-9714/jtr_aix' into staging/electro-release
2014-06-25 14:34:41 -05:00
James Lee
70fd3344fd
Merge branch 'feature/MSP-9713/jtr_crack_fast' into staging/electro-release
2014-06-25 14:15:50 -05:00
David Maloney
61d8597a00
missing require
2014-06-25 10:13:41 -05:00
David Maloney
5b0a356045
properly strip extra colons
2014-06-25 10:04:48 -05:00
James Lee
4e0bcc123d
More useful msg when domain is ignored
2014-06-25 10:01:07 -05:00
James Lee
f225ac92ab
Refactor smb_login
...
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
David Maloney
560fc93834
jtr_aix refactor
...
updated the aix cracker for jtr
2014-06-24 15:34:28 -05:00
James Lee
85611702f9
Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor
2014-06-23 23:58:47 -05:00
Jon Hart
b9925bb24c
Minor option cleanup
2014-06-23 18:38:47 -07:00
HD Moore
002234993f
SMB lib fixes, unattend.xml cred gathering
2014-06-23 20:08:42 -05:00