7793ed4fea
Add some common UXSS scripts.
2014-09-09 02:31:27 -05:00
b8000517cf
Land #3746 , reinstate DB_ALL_CREDS
2014-09-08 17:24:12 -05:00
2ac15f2088
some fixes based on Christruncer's feedback
...
fixed some stuff i borked, back to you chris
2014-09-08 15:27:01 -05:00
cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor
2014-09-08 14:48:37 -05:00
4abee39ab2
Fixup for release
...
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds
2014-09-08 12:52:25 -05:00
ae5a8f449c
Land #3691 , gdbserver hax
2014-09-08 11:48:39 -05:00
9a6ee5090a
Add Arris DG950A SNMP data extraction module
...
This module will extract critical data such as WPA and WEP keys from
the Arris DG950a model cable modem via the SNMP protocal.
2014-09-08 11:04:31 -04:00
0ccb39c057
Land #3726 - Fix typos in wordpress login
2014-09-08 09:40:57 -05:00
1b5e40ff78
New Creds model added
2014-09-08 11:42:05 +03:00
27889ea411
Add a safety fallback on js load.
2014-09-08 00:46:47 -05:00
8407d45c9c
Rework the timers.
2014-09-08 00:40:00 -05:00
5c9c8edfcf
Fix refs.
2014-09-07 23:33:45 -05:00
5efaf7d4cf
rename module, handle asyncness.
2014-09-07 23:25:08 -05:00
10bb77af9f
Land #3716 , @wchen-r7's Glassfish LoginScanner update
2014-09-07 21:54:34 -05:00
1bf89fb6bd
Add Android <= 4.3 AOSP UXSS module.
2014-09-07 20:44:03 -05:00
c86d01a667
Fix win.ini signature
2014-09-07 01:46:38 -05:00
44b9dc9b28
Update tmlisten_traversal
2014-09-06 01:18:11 -05:00
df278dd2dc
Conver to exploit
2014-09-05 14:47:33 -05:00
d4a8b7e00d
Move to exploits
2014-09-05 10:38:28 -05:00
892f72e4ce
Move module path
2014-09-05 10:30:27 -05:00
d041ee6629
Delete exploit modules from this branch
2014-09-05 10:29:24 -05:00
abffdd8705
Update alienvault_newpolicyform_sqli.rb
...
cleaned up according to msftidy.rb suggestions
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
2014-09-04 21:46:37 -04:00
664cc131e3
Update alienvault_newpolicyform_sqli.rb
...
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
2014-09-04 21:34:24 -04:00
08ce278cca
Got these wrong
2014-09-04 17:05:51 -05:00
cb490fc00e
[SeeRM #8836 ] Change boot.ini to win.ini
2014-09-04 17:03:21 -05:00
d83131f1d9
Land #3750 , @wvu favoring unless
2014-09-04 16:17:07 -05:00
ff210a7c0a
delete parenthesis
2014-09-04 16:16:29 -05:00
85b48fd437
Land #3736 - Revert initial ff xpi prompt bypass for Firefox 22-27
2014-09-04 16:08:15 -05:00
f063dcf0f4
Land #3741 , @pedrib's module for CVE-2014-5005 Desktop Central file upload
2014-09-04 15:44:21 -05:00
f466b112df
Minor cleaning on check
2014-09-04 15:43:59 -05:00
74b8e8eb40
Change module filename
2014-09-04 15:39:34 -05:00
c32b977a27
Land #3747 , @wvu changes to printer_ready_message
2014-09-04 15:26:52 -05:00
2d8c7a7a4d
Refactor if statement to early return
...
This eliminates the protracted if statement and aligns the code body.
2014-09-04 15:05:30 -05:00
614c7c178d
Land #3749 , jtr_oracle_fast missing require fix
2014-09-04 15:03:37 -05:00
c1bca5c138
Land #3742 , @pedrib's changes to desktopcentral_file_upload check method
2014-09-04 14:47:36 -05:00
7563c0bd0e
Use Gem::Version
2014-09-04 14:40:13 -05:00
34455b5dc6
Fix missing require for jtr_oracle_fast
2014-09-04 14:38:07 -05:00
50ac8366fd
Refactor CHANGE/RESET to actions
...
Missed in c1fdc4d945
2014-09-04 14:36:04 -05:00
2615a7a3be
Favor \&\& and || operands
2014-09-04 14:35:37 -05:00
0dcf481d76
This one is good to go
2014-09-04 14:13:33 -05:00
84f9ec0aad
Refactor implicit options hash
...
Missed in c1fdc4d945
2014-09-04 13:30:06 -05:00
00ec47fb83
call new prepend cred methods
...
add method calls o all the lgoinscanner modules
so that they call the prepend_db_* methods as approrpiate
these methods automatically check to see if DB_ALL_CREDS was
selected
2014-09-04 12:32:35 -05:00
c5755824a6
pass in vhost and useragent
...
have http loginscanner modules pass in VHOST
and Useragent to the LoginScanner classes
2014-09-04 11:02:19 -05:00
dd4fd7bb39
The reporting part
2014-09-03 16:32:23 -05:00
e1694ec3e5
LoginScanner update for hp_sys_mgmt_login
...
Work in progress
2014-09-03 16:23:57 -05:00
0e18d69aab
Add extended mode to prevent service from dying.
2014-09-03 16:07:27 -05:00
4293500a5e
Implement running exe in multi.
2014-09-03 15:56:21 -05:00
f0e3fa18a3
Restore the original filename
2014-09-03 21:32:05 +01:00
268d42cf07
Add PrependFork to payload options.
2014-09-03 14:56:22 -05:00
185ce36859
Land #3701 , @wchen-ru's AppleTV modules
2014-09-03 12:30:50 -05:00
10dee28fbd
Add http socket to the module sockets and allow the framework to cleanup
2014-09-03 12:01:48 -05:00
5acbcc80e2
no threading
2014-09-03 11:37:30 -05:00
ded085f5cc
Add CVE ID
2014-09-03 07:22:10 +01:00
ee3e5c9159
Add check method
2014-09-02 21:35:47 -05:00
c672fad9ef
Add OSVDB ID, remove comma from Author field
2014-09-02 23:17:10 +01:00
d69049008c
Refactor and rename desktopcentra_file_upload
...
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
2014-09-02 23:12:33 +01:00
05856016c9
Add exploit for CVE-2014-5005
2014-09-02 23:09:10 +01:00
f7617183d9
Revert "Add initial firefox xpi prompt bypass."
...
This reverts commit ebcf972c08
2014-09-02 12:27:41 -05:00
aaeb5a2f5f
jhart-r7 suggestions added
2014-09-02 12:05:54 +03:00
3281781f6a
Addressed r7 comments, fixed bug in results loop
2014-09-01 13:43:31 -04:00
d480a5e744
Credit h0ng10 properly
2014-09-01 07:58:26 +01:00
59847eb15b
Remove newline at the top
2014-09-01 07:56:53 +01:00
6a370a5f69
Add exploit for eventlog analyzer file upload
2014-09-01 07:56:01 +01:00
20a02a9d29
Cleanup
2014-08-31 14:01:13 -05:00
6f7bc94db4
Creation of rdcmanager_creds.rb
2014-08-31 13:38:08 -05:00
c05edd4b63
Delete debug print_status
2014-08-31 01:34:47 -05:00
8b1791da22
Modify modules to keep old behavior
2014-08-31 01:18:53 -05:00
559ec4adfe
Add module for ZDI-14-299
2014-08-31 01:11:46 -05:00
8ba5488198
Update wordpress_login_enum.rb
...
Fixed some typos.
2014-08-30 13:37:48 -10:00
e1b6ee283f
Allow Msf::Payload::JSP to guess system shell path if it isnt provided
2014-08-30 16:27:02 -05:00
438f0e6365
typos
2014-08-30 09:22:58 -05:00
f72cce9ff2
Update railo_cfml_rfi.rb
2014-08-29 17:33:15 -05:00
a142e78a66
refactor wordpress_xml_rpc_login
...
refactor the login module to use the loginscanner class
2014-08-29 13:09:09 -05:00
0e14b271a1
Merge branch 'master' into wordpress-xmlrpc-login-scanner
2014-08-29 12:50:34 -05:00
1cdf1c2c6e
Land #3709 , @nnam's wing ftp admin console cmd exec
2014-08-29 13:46:01 -04:00
8095b4893c
Rename and apply rubocop style to wing_ftp_admin_exec
2014-08-29 13:42:11 -04:00
bd9417490e
Merge branch 'master' into linux-post-enum-psk
2014-08-29 15:50:28 +03:00
eaf73f9f84
Linux Gather 802-11-Wireless Security Credentials
2014-08-29 11:08:08 +03:00
f7091d854e
Add a timeout
2014-08-28 22:26:38 -05:00
40f581458a
Land #3570 , @ikkini scanner for rsync
2014-08-28 18:48:32 -05:00
9fb9ab813c
Add URL reference
2014-08-28 18:47:56 -05:00
bc542a011d
Change module filename
2014-08-28 18:42:30 -05:00
213fe23970
Clean rsync_modules_list
2014-08-28 18:40:55 -05:00
02bbd53b82
Fix failure messages for check().
2014-08-28 12:09:35 -07:00
6c90a50e47
Handle res.nil case in check(). Revert check for res.nil in
...
execute_command() because it was failing prior to the reverse_shell
connecting.
2014-08-28 10:57:52 -07:00
0788ce9745
Removed unused require and import. Handle the res.nil case in
...
execute_command() and authenticate().
2014-08-28 10:30:30 -07:00
f097ef96e0
Use &&
2014-08-28 12:13:03 -05:00
d0d9949d91
Do SSL options correctly
2014-08-28 12:04:14 -05:00
58091b9e2b
Land #3708 , @pedrib fix for manage_engine_dc_pmp_sqli
2014-08-28 10:47:03 -05:00
d8c15766bd
Land #3567 @OJ's fixes to the MQAC local exploit solving conflicts
2014-08-28 10:19:47 -05:00
9d3d25a3b3
Solve conflicts
2014-08-28 10:19:12 -05:00
784ece574e
Found additional typos.
2014-08-28 09:03:19 -05:00
cb634cfef3
Fixed annoying typo that shows up in validation screenshots
2014-08-28 08:50:30 -05:00
f4965ec5cf
Create railo_cfml_rfi.rb
2014-08-28 08:42:07 -05:00
4a479d17a9
Randomize padding on aux module, fix spacing on exploits
2014-08-27 20:41:33 -04:00
6d45f75b47
Land #3690 , credential_collect refactor
...
@TomSellers strikes again!
2014-08-27 18:31:59 -05:00
9b0c5dfb0c
Minor fix
2014-08-27 18:31:13 -05:00
0ba2f1e457
Leave a note about the old empty password issue
2014-08-27 17:06:11 -05:00
d5b70cca24
"Auth bypass" does not really describe what the feature actually does
2014-08-27 16:56:07 -05:00
a32ffc4c26
Add the final portion for Glassfish login module
2014-08-27 15:09:11 -05:00
633eaab466
Land #3714 - Firefox 22-27 WebIDL Privileged Javascript Injection
2014-08-27 01:45:18 -05:00
5d8cbe0544
Early version of Glassfish using LoginScanner
2014-08-27 01:23:02 -05:00
26cfed6c6a
Rename exploit module.
2014-08-26 23:05:41 -05:00
96276aa6fa
Get the disclosure date right.
2014-08-26 20:36:58 -05:00
52f33128cd
Add Firefox WebIDL Javascript exploit.
...
Also removes an incorrect reference from another FF exploit.
2014-08-26 20:35:17 -05:00
d5e39ae284
Adjustments for new LoginScanner code
2014-08-26 18:13:00 -05:00
ba1f7c3bf6
Land #3687 , reworks the nat-pmp portscanner
2014-08-26 14:34:46 -05:00
ed9bb3e52c
Fix a small typo
2014-08-26 14:34:10 -05:00
775ebce56b
Correct natpmp_portscan's print_* usage to include peer
2014-08-26 12:27:12 -07:00
3b8bbdf10c
Merge master back in before landing #3545
2014-08-26 14:07:58 -05:00
4e19d9ade1
Land #3545 , fix up sip scanners, msftidy, db services cmd
2014-08-26 14:07:21 -05:00
5826d7b164
vprint_status when no external address obtained, print_ is too noisy
2014-08-26 12:05:40 -07:00
e75e213b52
Clarify SIP mixin method name, store header values as string, etc
2014-08-26 11:40:49 -07:00
246f021437
Update natpmp_external_address to use Msf::Auxiliary::UDPScanner
2014-08-26 10:49:53 -07:00
5c57f9b4eb
Don't overload RPORT/LPORT for mapping external -> internal ports
2014-08-26 10:49:53 -07:00
162508f532
Update NAT-PMP modules to use new/updated mixins
2014-08-26 10:49:53 -07:00
816404bb88
Move common NAT-PMP functionality into a central place
2014-08-26 10:49:53 -07:00
ca11eae3a9
Show a useful failure message when the external address probe fails
2014-08-26 10:49:52 -07:00
9f6a40dfd6
Fix bad pack in mswin_tiff_overflow
...
Reported by @egyjuzer in #3706 .
2014-08-26 11:14:44 -05:00
bb00c97f46
Add a CERT reference
2014-08-26 08:29:28 -07:00
40fe2fd3a9
Remove DRDoS references, as this just proves amplification
2014-08-26 08:23:50 -07:00
10f52d8765
Use MX of 1 to speed up responses from endpoints that respect it
2014-08-26 08:00:30 -07:00
333c3a90ae
Space between SSDP headers and values, which is sometimes required
2014-08-26 07:57:59 -07:00
337cd02dd7
Change Auxiliary::DRDoS' prove_drdos to prove_amplification
2014-08-26 07:48:44 -07:00
04fbd07a16
vprint_error in the unlikely event we get an unexpected response
2014-08-26 07:30:14 -07:00
40b66fae33
Add Wing FTP Server post-auth remote command execution module
2014-08-26 07:28:41 -07:00
79b05db409
Correct minor style issues
2014-08-26 07:26:30 -07:00
a8d03aeb59
Fix bug with PMP db paths
2014-08-26 12:54:31 +01:00
473341610c
Update name to mention DC; correct servlet name
2014-08-26 12:39:48 +01:00
63b75a0093
SSDP Amplification module changes
2014-08-26 16:03:32 +07:00
a90d142140
Add UPnP SSDP Amplication Scanner
2014-08-26 12:53:14 +07:00
463815d240
Add AppleTV modules (imge, video and login)
2014-08-25 15:24:41 -05:00
6a522cc105
Remove unused BATCHSIZE from SIP options_tcp, duplicate from options
2014-08-25 13:12:29 -07:00
bfa89bb3a5
Enforce binary encoding on non-modules, no encoding on modules
2014-08-25 13:12:29 -07:00
6185721a61
Address @hmoore-r7's feedback regarding binary encoding
2014-08-25 13:11:22 -07:00
9955cb5b27
Enforce proper protocol case where necessary
2014-08-25 13:11:22 -07:00
637f86f37d
Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner
2014-08-25 13:11:21 -07:00
c2e70446ed
Move SIP module stuff to Msf::Exploit::Remote::SIP
2014-08-25 13:11:21 -07:00
02e41c27e7
Split SIP response parsing out on its own, add unit tests.
...
Passes rspec but fails in framework. WIP.
2014-08-25 13:11:20 -07:00
d4ea3e9f29
Pass protocol down to parse_reply for report_* purposes
2014-08-25 13:09:39 -07:00
a2e2e37a69
Fix SIP options scanning
2014-08-25 13:09:39 -07:00
2a4d73ee35
Add status message that displays delay between requests
2014-08-25 12:55:27 -07:00
5c61c09c6b
auxiliary/scanner/http/soap_xml cleanup
...
This:
* Corrects Ruby style (most) everywhere
* Uses Rex's sleep, converts to milliseconds -- seconds are too granular
* Moves begin/rescue inside nested verb+noun loop
* Prints errors even if not in verbose mode
* Corrects URI construction when PATH ends with /
2014-08-25 12:55:27 -07:00
6d3255a3b5
Update bad config error.
2014-08-25 14:43:23 -05:00
152ddb2f32
refactor the ipboard-login module
...
now that we have the loginScanner class, we simplify the module
by using the scanner and credcollection classes to handle all
the real work for us
2014-08-25 14:32:47 -05:00
b652ebb44f
Add other gdb-supported platforms that run on allowed arches.
2014-08-25 14:15:20 -05:00
c4a173e943
Remove automatic target, couldn't figure out generic payloads.
2014-08-25 14:14:47 -05:00
6d9833e32b
Minor pre-release updates with descriptions
2014-08-25 13:34:45 -05:00
03a1f4455d
No need to escape single quotes in %q{} strigns
2014-08-25 13:03:33 -05:00
Joe Vennix
James Lee
David Maloney
Tod Beardsley
William Vu
Deral Heiland
sinn3r
cx
jvazquez-r7
Chris Hebert
HD Moore
Pedro Ribeiro
Brandon Perry
John Sawyer
Tom Sellers
DrDinosaur
Spencer McIntyre
nnam
Matt Andreko
inkrypto
Jon Hart
xistence