jvazquez-r7
d280d45964
Revert "Updated module - 1 req action"
...
This reverts commit f85b9aa780
.
2013-09-05 10:35:13 -05:00
Karn Ganeshen
f85b9aa780
Updated module - 1 req action
...
Modified the code to have it work with 1 request instead of 3. Thanks Meatballs1!
2013-09-05 20:04:02 +05:30
kaospunk
9f628b8b63
Add URI where information was discovered
...
This adds the URI where the information was enumerated from to the
scanner output.
One more place where target_uri was being used was also corrected.
2013-09-05 10:06:11 -04:00
kaospunk
afaab5e0a6
Fixes issues raised by jvazquez-r7
...
This commit fixes the following issues raised by jvazquez-r7:
* The local target_uri variable has been renamed to test_uri
* Logic to prepend a "/" to the uri has been removed
* The timeout of 10 for send_request_cgi has been removed to use the
default
2013-09-05 09:34:35 -04:00
kaospunk
533643fe2c
Host Information Enumeration via NTLM Authentication
...
This aux module makes requests to resources on the target server in
an attempt to find resources which permit NTLM authentication. For
resources which permit NTLM authentication a blank NTLM type 1 message
is sent to enumerate a a type 2 message from the target server. The type
2 message is then parsed for information such as the Active Directory
domain and NetBIOS name.
The user can provide their own TARGETURIS file which contains URIs
to request to attempt to get a 401 with NTLM. This PR also includes
a list of URLs that can be used as the default.
2013-09-04 21:39:02 -04:00
Karn Ganeshen
3786376b42
Aux module for Sentry CDU enum
2013-09-03 14:44:03 +05:30
jvazquez-r7
560d384633
Do first modification to Auxiliary::Login and Auxiliary::AuthBrute
2013-08-31 23:38:04 -05:00
Tab Assassin
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
rbsec
a574b548b2
Updated wordpress_login_enum auxilary module.
...
Update wordoress_login_enum to work when the wordpress site redirects
to /author/[authorname]/ rather than displaying the author's name in
the page contents.
2013-08-29 15:28:46 +01:00
jvazquez-r7
b9360b9de6
Land #2286 , @wchen-r7's patch for undefined method errors
2013-08-26 20:46:05 -05:00
sinn3r
85ed9167f2
Print target endpoint
...
If a module consistently print the target endpoint in all its print
functions, then we'll follow that.
2013-08-26 17:51:43 -05:00
sinn3r
9f8051161f
Properly implement normalize_uri
2013-08-26 17:18:00 -05:00
jvazquez-r7
c660279963
Land #2259 , @wchen-r7's patch for [SeeRM #8319 ]
2013-08-26 16:36:45 -05:00
sinn3r
3769da2722
Better fixes
2013-08-26 14:02:45 -05:00
sinn3r
8c7f4b3e1f
Avoid using inline rescue
2013-08-26 13:54:06 -05:00
Christian Mehlmauer
035258389f
use feed first before trying to bruteforce
2013-08-25 10:16:43 +02:00
Christian Mehlmauer
5f7ccf1cbe
naming..again
2013-08-24 18:58:00 +02:00
Christian Mehlmauer
7cd150b850
another module
2013-08-24 18:42:22 +02:00
Christian Mehlmauer
c40252e0b3
bugfixing
2013-08-24 00:04:16 +02:00
kaospunk
a863005d33
Removed blanks at EOL
...
Fixed blanks at EOL per msftidy messages
2013-08-22 14:20:42 -04:00
kaospunk
7e098e4d6b
Domain enumeration put in own function
...
The code to enumerate the AD domain is now in its own function
Additionally, a new advanced option has been added which controls
whether or not the domain enumeration will occur so that if it is
not wanted the user can disabled it. By default this is set to
enumerate the AD domain.
If AD_DOMAIN is already specified then this will be used and no
auto enumeration will occur.
2013-08-22 14:16:00 -04:00
kaospunk
7e0b26e932
Minor fixes to syntax and error handling
2013-08-22 13:23:39 -04:00
kaospunk
cdcfa88fa3
Enumerate AD Domain via NTLM Authentication
...
Add functionality to attempt an NTLM auth against common directories
to try to enumerate the AD domain. If a domain is found this will be
prepended to the authentication requests, otherwise it's business as
usual.
2013-08-22 12:26:14 -04:00
Christian Mehlmauer
556f17c47e
Move modules
2013-08-22 17:33:35 +02:00
Christian Mehlmauer
8456d2c0ec
remove target_uri
2013-08-22 00:48:42 +02:00
Christian Mehlmauer
959553583f
-) revert last commit
...
-) split into seperate modules
2013-08-22 00:45:22 +02:00
Christian Mehlmauer
009d8796f6
wordpress is now a module, not a mixin
2013-08-22 00:05:58 +02:00
Christian Mehlmauer
2e9a579a08
implement @limhoff-r7 feedback
2013-08-21 21:05:52 +02:00
Christian Mehlmauer
ffdd057f10
-) Documentation
...
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
Christian Mehlmauer
655e2dcf6c
more methods
2013-08-21 13:13:41 +02:00
Christian Mehlmauer
11ef8d077c
-) added wordpress mixin
...
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
sinn3r
89753a6390
Fix undefined method error
...
[FixRM #8323 ]
2013-08-21 01:22:27 -05:00
sinn3r
92752de651
Fix undefined method error
...
[FixRM #8324 ]
2013-08-21 01:20:57 -05:00
sinn3r
77942f0d29
Fix undefined method error
...
[FixRM #8325 ]
2013-08-21 01:20:03 -05:00
sinn3r
2fa75e0133
Fix undefined method error
...
[FixRM #8325 ]
2013-08-21 01:16:49 -05:00
sinn3r
be29e44788
Fix undefined method error
...
[FixRM #8328 ]
2013-08-21 01:15:07 -05:00
sinn3r
ae8c40c8f7
Fix undefined method error
...
[FixRM #8329 ]
2013-08-21 01:10:46 -05:00
sinn3r
42a7766f1b
Fix undefined method error
...
[FixRM #8330 ]
2013-08-21 01:09:24 -05:00
sinn3r
0f85fa21b4
Fix undefined method error
...
[FixRM #8331 ]
2013-08-21 01:08:19 -05:00
sinn3r
8eeb66f96d
Fix undefined method error
...
[FixRM #8332 ]
2013-08-21 01:06:54 -05:00
sinn3r
785f633d1d
Fix undefined method error
...
[FixRM #8334 ]
[FixRM #8333 ]
2013-08-21 01:01:53 -05:00
sinn3r
0561928b92
Fix undefined method error
...
[FixRM #8336 ]
2013-08-21 00:54:08 -05:00
sinn3r
2597c71831
Fix undefined method error
...
[FixRM #8338 ]
[FixRM #8337 ]
2013-08-21 00:52:33 -05:00
sinn3r
092b43cbfa
Fix undefined method error
...
[FixRM #8339 ]
2013-08-21 00:50:37 -05:00
sinn3r
32a190f1bd
Fix undefined method error
...
[FixRM #8340 ]
2013-08-21 00:49:13 -05:00
sinn3r
217d89fa7c
Fix undefined method error
...
[FixRM #8341 ]
2013-08-21 00:47:31 -05:00
sinn3r
3a271e7cc7
Fix undefined method error
...
[FixRM #8342 ]
2013-08-21 00:45:48 -05:00
sinn3r
35b15b6809
Fix undefined method error
...
[FixRM #8322 ]
2013-08-21 00:37:22 -05:00
jvazquez-r7
fe089030d4
Land #2257 , @wchen-r7's patch for [SeeRM #8317 ]
2013-08-20 13:43:37 -05:00
jvazquez-r7
ceb0f56f42
Land #2258 , @wchen-r7's patch for [SeeRM #8318 ]
2013-08-20 13:26:34 -05:00
sinn3r
1702cf2af9
Use TARGETURI
2013-08-20 13:23:32 -05:00
jvazquez-r7
3ac59fede7
Land #2251 , @wchen-r7's patch to use OptRegexp
2013-08-20 12:55:30 -05:00
sinn3r
202b31d869
Better fix based on feedback
...
Tell daddy how you want it.
2013-08-20 12:52:04 -05:00
jvazquez-r7
546c523ed8
Land #2252 , @wchen-r7's patch for print_line vs print
2013-08-20 11:17:38 -05:00
jvazquez-r7
8adc4f05dd
Land #2250 , @wchen-r7's clean up for mssql_ping
2013-08-20 10:38:01 -05:00
jvazquez-r7
586ae8ded3
Land #2249 , @wchen-r7's patch for [SeeRM #8314 ]
2013-08-20 10:32:47 -05:00
jvazquez-r7
277fc69a19
Land #2246 , @wchen-r7's patch for [SeeRM #8313 ]
2013-08-20 10:15:15 -05:00
sinn3r
f68d581b7a
[FixRM #8319 ] - Properly disable BLANK_PASSWORDS for ektron_cms400net
...
In module ektron_cms400net.rb, datastore option "BLANK_PASSWORDS" is
set to false by default, because according to the original author, a
blank password will result in account lockouts. Since the user should
never set "BLANK_PASSWORDS" to true, this option should never be
presented as an option (when issuing the "show options").
While fixing #8319 , I also noticed another bug at line 108, where
res.code is used when res could be nil due to a timeout, so I ended
up fixing it, too.
2013-08-20 01:20:52 -05:00
sinn3r
246c2d82f9
[FixRM #8318 ] - Use normalize_uri properly
...
normalize_uri should be used when paths are being merged, not after.
2013-08-19 18:04:12 -05:00
sinn3r
3c27520e10
[FixRM #8317 ] - Fix possible double slash in file path
...
It is possible to have a double slash in the base path, shouldn't
happen.
2013-08-19 17:55:14 -05:00
sinn3r
268a3e769e
Missed this one
2013-08-19 17:45:05 -05:00
sinn3r
7fc37231e0
Fix email format
...
Correct email format
2013-08-19 16:34:14 -05:00
sinn3r
a8ca32ab34
Oh yeah, need to do this too
2013-08-19 16:28:58 -05:00
sinn3r
154b1e8888
Remove comments
2013-08-19 16:27:35 -05:00
sinn3r
cf10a0ca91
Use print_line instead of print
...
These modules should be using print_line instead of print
2013-08-19 16:25:44 -05:00
sinn3r
8eb9266bff
Use the correct var
2013-08-19 16:19:03 -05:00
sinn3r
58d5cf6faa
Module should use OptRegexp for regex pattern option
...
Instead of using OptString, OptRegexp should be used because this
datastore option is a regex pattern.
2013-08-19 16:16:34 -05:00
sinn3r
8c03e905de
Get rid of function that's never used
...
RPORT datastore option is deregistered, and is never used anywhere
in the module, so I don't why we need this rport() function here.
2013-08-19 16:09:10 -05:00
Brandon Turner
a815d9277e
Merge pull request #2245 from todb-r7/grammar-and-such
...
Trivial grammar and word choice fixes for modules
2013-08-19 13:45:18 -07:00
sinn3r
fb5ded1472
[FixRM #8314 ] - Use OptPath instead of OptString
...
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
sinn3r
2e74c50880
[SeeRM #8313 ] - Print where files are stored
...
As an user, I want to be able to see where my file is stored when the
module I'm using runs a store_loot().
2013-08-19 15:02:15 -05:00
Tod Beardsley
ca313806ae
Trivial grammar and word choice fixes for modules
2013-08-19 13:24:42 -05:00
sinn3r
86d6bce8c4
[FixRM #8312 ] - Fix file handle leaks
...
Fix file handle leaks for [SeeRM #8312 ]
2013-08-18 20:31:13 -05:00
sinn3r
780293d817
Minor changes
2013-08-16 23:24:40 -05:00
Bruno Morisson
eeed74d2b9
fixed typo on a message
2013-08-16 22:32:40 +01:00
Bruno Morisson
9b773dd6f9
Included @jvazquez-r7 feedback
2013-08-16 22:23:22 +01:00
sinn3r
a94c6aa72b
[FixRM 6264] Check required vulnerable component before testing
...
tomcat_enum requires the admin web app package for it to work, but
by default many Apache Tomcat don't actually have this. The module
should check that first before trying usernames.
[FixRM 6264], see:
http://dev.metasploit.com/redmine/issues/6264
I also made changes to do_login in order to verify successful/bad
attempts more specific.
2013-08-16 15:45:23 -05:00
sinn3r
bbe57dbf3a
Some cleanup, also remove TARGETURI because not registered by default
2013-08-16 12:06:24 -05:00
Karn Ganeshen
e4885b2017
updated module
...
removed the csrfkey parameter from login uri.
2013-08-16 13:04:02 +05:30
Karn Ganeshen
a65181d51b
new revision - cisco_ironport_enum
...
Added code to check successful conn first, so now if there is no connectivity on target port, script aborts run.
New check to ensure 'set-cookie' is set by the app as expected, before any further fingerprinting & b-f starts.
If the app is not Ironport, 'set-cookie' will not be set & remains null, and so script aborts run.
De-registered 'TARGETURI.'
Registered 'username' and 'password' with default value.
Changed some run messages.
And lastly, changed the csrf key piece cos I miss a cold beer right now.
2013-08-15 04:06:30 +05:30
Juushya
d526663a53
Add module to brute force the Cisco IronPort application
2013-08-14 09:16:49 -07:00
jvazquez-r7
5ef1e507b8
Make msftidy happy with http_login
2013-08-05 08:41:07 -05:00
sinn3r
8be3f511a4
Fix undefined variable 'path' for http_login
2013-08-03 21:35:22 -05:00
Tod Beardsley
7e539332db
Reverting disaster merge to 593363c5f
with diff
...
There was a disaster of a merge at 6f37cf22eb
that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).
What this commit does is simulate a hard reset, by doing thing:
git checkout -b reset-hard-ohmu
git reset --hard 593363c5f9
git checkout upstream-master
git checkout -b revert-via-diff
git diff --no-prefix upstream-master..reset-hard-ohmy > patch
patch -p0 < patch
Since there was one binary change, also did this:
git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf
Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7
a70b346978
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 16:43:39 -05:00
William Vu
95b0735695
Land #2150 , smb_enumshares SRVSVC null byte fix
2013-07-24 14:08:01 -05:00
Rich Lundeen
9d032760ac
changed description back
2013-07-24 11:51:06 -07:00
Rich Lundeen
e89e2af9dc
changed to chomp
2013-07-24 11:09:00 -07:00
jvazquez-r7
47c21dfe85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 11:42:11 -05:00
Bruno Morisson
4f0cf426b7
hopefully actually fixed indents.
...
Included @jvazquez-r7 suggested changes
2013-07-24 16:43:20 +01:00
Rich Lundeen
3854d08dd9
Fixed smb_enumshares to support dir list in SRVSVC
2013-07-23 21:36:26 -07:00
Tod Beardsley
147d432b1d
Move from DLink to D-Link
2013-07-23 14:11:16 -05:00
Bruno Morisson
1a2d5e472f
msftidy - fixed indents
2013-07-22 19:03:52 +01:00
Bruno Morisson
acb236006c
metasploit module for CVE-2013-3319 / SAP Security Note 1816536
...
Note: only tested on SAP running on Windows, but should equally work on vulnerable linux/*nix versions.
2013-07-22 18:36:38 +01:00
jvazquez-r7
e2f6218104
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-12 08:38:08 -05:00
sinn3r
279787d942
Make this error less verbose too
2013-07-11 17:36:11 -05:00
sinn3r
0906345af4
Ah, typo
2013-07-11 16:53:39 -05:00
sinn3r
eb1905025d
I bet having ip:rport will make more sense
2013-07-11 16:45:52 -05:00
sinn3r
0a9c1bcfff
Too verbose by default drives users nuts, go easy on that.
2013-07-11 13:41:22 -05:00
sinn3r
55dbfc9281
shares_info should only run if there's shares found
2013-07-11 13:36:26 -05:00
sinn3r
14b3e6440c
Check nil
2013-07-11 13:31:30 -05:00
sinn3r
ca0880428f
Make sure module is awre of USE_SRVSVC_ONLY if that kicks in
2013-07-11 11:08:09 -05:00
sinn3r
a6ce629c3c
Capture a 0xC00000BB condition, plus some other fixes
2013-07-11 10:52:58 -05:00
sinn3r
3e229fe236
[SeeRM:#1233] - Upgrade smb_enumshares to show directories & files
...
[SeeRM:#1233] - This is an upgrade based on ringt's code in PR #2017 .
As a pentester, it's useful to obtain additional information such as
device type, access rights, folders, and files, etc when doing a share
enumeration. I have also enhanced exception handling to avoid shutting
errors up, which is better for debugging purposes.
2013-07-11 00:06:25 -05:00
jvazquez-r7
b8ce98b896
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-10 14:04:46 -05:00
lsanchez-r7
5c93fb2849
arp_sweep is once again working
...
modified the capture mixin to use NetworkInteface instead of
pcaprub for interfaces and addresses
FIXRM #8023,#7943
2013-07-08 17:24:28 -05:00
jvazquez-r7
6e44cb56bf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-03 12:44:47 -05:00
jvazquez-r7
6cb53583b7
Make msftidy happy
2013-07-03 12:42:37 -05:00
jvazquez-r7
61c85b10d3
Add final cleanup for #2012
2013-07-03 12:41:12 -05:00
jvazquez-r7
4a076e0351
Land #2012 , @morisson improve for sap_router_portscanner
2013-07-03 12:39:59 -05:00
jvazquez-r7
4ac5261802
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-02 11:20:26 -05:00
jvazquez-r7
76a9abfd4e
Fix last print_ message format
2013-07-02 11:17:16 -05:00
jvazquez-r7
e9441f540e
Land #2048 , @todb-r7 fix for print_* messages on the ipmi work
2013-07-02 11:16:11 -05:00
jvazquez-r7
2ceb404f7d
Land #2047 , @hmoore-r7 ipmi related work
2013-07-02 11:13:25 -05:00
Tod Beardsley
2fbea86884
IPMI scanners should mention IPMI in their messages
2013-07-02 10:44:42 -05:00
Tod Beardsley
d668a20820
Use rport instead of datastore['RPORT']
2013-07-02 10:29:25 -05:00
Tod Beardsley
1d87530e67
Add some verbosity on IPMI version scanning
2013-07-02 10:25:40 -05:00
jvazquez-r7
72f19181d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-01 16:38:19 -05:00
Tod Beardsley
bc24f99f8d
Various description and title updates
2013-07-01 15:37:37 -05:00
HD Moore
62b62f4e9d
Fix bad hash detection
2013-06-30 15:57:47 -05:00
HD Moore
cca071ff55
Rework to reduce open fds, remove bugs, handle null user
2013-06-30 15:32:33 -05:00
HD Moore
6b3178a67b
Fix EOL spaces
2013-06-30 14:38:30 -05:00
HD Moore
ad4f15daed
Switch to UDPScanner mixin, trim this down, add reporting
2013-06-30 14:36:51 -05:00
HD Moore
8e4dd29a4c
Add cipher zero scanner
2013-06-30 02:35:37 -05:00
HD Moore
1e21f0e2aa
Updated output formats, top 1000 passwords
2013-06-29 22:01:25 -05:00
jvazquez-r7
90b30dc317
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-26 14:31:52 -05:00
sinn3r
7009748cf5
Fix module
2013-06-25 22:09:45 -05:00
Bruno Morisson
2da278f151
fixed indent
2013-06-25 23:08:58 +01:00
sinn3r
7ba54e2ece
IIS requires a hello first
2013-06-25 15:43:58 -05:00
zyx2k
c829a7ec86
SMTP Open Relay scanner
2013-06-25 16:22:51 +01:00
HD Moore
be20a76be1
Remove 'Hash' string from the written output
2013-06-24 15:45:09 -05:00
HD Moore
1801a5a270
Better HP iLO compatibility (retry on session ID error)
2013-06-24 14:23:53 -05:00
RageLtMan
593a99d76e
ipmi version scanner: fix probe method name
2013-06-24 01:38:17 -04:00
Bruno Morisson
7ab8485acc
output as table, added info on ports, added comment with default ports. msftidy cleanup.
2013-06-23 23:59:31 +01:00
Bruno Morisson
3cfcdfca9e
output as table, added info on ports, added comment with default ports
2013-06-23 23:52:48 +01:00
Bruno Morisson
9f5eceec10
minor cleanups
2013-06-23 17:55:38 +01:00
HD Moore
c869112407
Cleanup, reporting, and automatic cracking
2013-06-23 01:35:31 -05:00
HD Moore
5656e0cb7a
Initial commit of IPMI library, scanner, & cracker
2013-06-22 23:38:28 -05:00
Bruno Morisson
e969cbb0bb
added INSTANCES option, and support for it on PORTS
2013-06-22 23:09:59 +01:00
jvazquez-r7
2150d9efb0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-22 12:06:18 -05:00
sinn3r
64cfda8dad
Final
2013-06-20 13:28:12 -05:00
sinn3r
bfb78e001a
Add HP System Management Homepage Login Utility
2013-06-20 12:54:03 -05:00
jvazquez-r7
6319f041df
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-20 08:21:40 -05:00
Steve Tornio
55312529d2
add osvdb ref 94417
2013-06-19 23:13:45 -05:00
jvazquez-r7
a01f0c4671
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 09:34:51 -05:00
sinn3r
90cad4b7fb
Land #1980 - Canon Printer Wireless Configuration Disclosure
2013-06-18 19:09:38 -05:00
sinn3r
abc3951ca2
Final touchup
2013-06-18 19:08:42 -05:00
Matt Andreko
7f1a913bdc
Code Review Feedback from wchen
...
Fixed the disclosure date format
Removed the rport option
Added a call to report_note to store the data
2013-06-18 12:13:19 -04:00
jvazquez-r7
9e3053f24d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-18 10:00:44 -05:00
jvazquez-r7
aa134b0bcc
Land #1973 , @wchen-r7's fix to handle ftp auth correctly
2013-06-18 09:34:55 -05:00
jvazquez-r7
ae1a3e3ca1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 20:39:31 -05:00
Tod Beardsley
4ca9a88324
Tidying up grammar and titles
2013-06-17 16:49:14 -05:00
Matt Andreko
df8c80e3d1
Added CVE and disclosure date
2013-06-17 17:40:36 -04:00
sinn3r
163d3e771b
Handle connect_login return value properly
...
Some modules ignore connect_login's return value, which may result
an EOF if send_cmd() is used later on. All the modules fixed are
the ones require auth according to the module description, or
CVE/vendor/OSVDB info.
2013-06-17 15:48:34 -05:00
jvazquez-r7
1b456ab511
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 08:46:16 -05:00
jvazquez-r7
fed6427f16
Land #1884 , @morrisson's saprouter port scanner module
2013-06-17 08:38:10 -05:00
jvazquez-r7
2e201bb2a3
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-16 15:19:36 -05:00
jvazquez-r7
d20f72a9fd
Fix indentation
2013-06-16 15:18:19 -05:00
jvazquez-r7
3cd94f5025
Do final cleanup for infovista_enum
2013-06-16 11:50:40 -05:00
Matt Andreko
fd026c5b34
Added References and Disclosure Date
2013-06-15 18:31:20 -04:00
jvazquez-r7
11bf17b0d6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-15 11:55:22 -05:00
Bruno Morisson
852fc33c13
Added feedback, cleanup, and simplified modes
2013-06-15 17:16:10 +01:00
KarnGaneshen
ba59434261
added infovista module
2013-06-15 17:16:26 +05:30
jvazquez-r7
7a11077834
Land #1923 , @juushya's module for rfcode brute forcing
2013-06-14 13:36:14 -05:00
jvazquez-r7
ae027a9efb
Final cleanup for rfcode_reader_enum
2013-06-14 13:09:48 -05:00
jvazquez-r7
6fbb782ada
Clean sap_router_portscanner
2013-06-13 10:08:44 -05:00
KarnGaneshen
6188df1b3a
added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken.
2013-06-13 14:03:55 +05:30
jvazquez-r7
0b9cf213df
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-12 12:03:10 -05:00
KarnGaneshen
871f1b7c1f
updated prints with ip-port reference. msftidy check. module load check. go rf reader..
2013-06-12 00:53:58 +05:30
KarnGaneshen
736bf120d9
added sname in report data, corrected :host to rhost, :port to rport. msftidy check. module load check. upping it.
2013-06-12 00:25:50 +05:30
jvazquez-r7
0578572d98
Change sevone_enum because it's an Scanner
2013-06-11 08:51:15 -05:00
KarnGaneshen
5c078f5139
added report_note to store collected info. removed register rport for 80t. msftidy & module load checked. pushing it up.
2013-06-11 12:57:26 +05:30
jvazquez-r7
c641184e37
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-10 13:30:36 -05:00
jvazquez-r7
0c6dbe9885
Add final cleanup for sevone_enum
2013-06-10 13:16:22 -05:00
jvazquez-r7
6765a911a4
Land #1921 , @juushya brute force login module for SevOne
2013-06-10 13:15:14 -05:00
sinn3r
622dc27d95
Land #1925 - fix SNMP enum module failing to catch some fail cases
...
[FixRM:#7945]
2013-06-10 12:51:02 -05:00
KarnGaneshen
72a9c8612b
setting rfcode_reader_enum straight. more updates.
2013-06-10 22:57:00 +05:30
KarnGaneshen
5c988d99fe
more updates to sevone.rb. hopefully all is covered..
2013-06-10 21:59:18 +05:30
KarnGaneshen
04171c46ec
more updates to sevone.rb. hopefully all is covered.
2013-06-10 21:47:56 +05:30
Karn Ganeshen
ffa18d413f
Updated rfcode_reader_enum.rb ...
...
Updated as per review comments.
Removed loot of network configuration.
Used JSON.parse to bring cleaner loot output
Changed some print_goods to vprint_status
Changed if not to unless
2013-06-08 03:21:43 +05:30
Karn Ganeshen
74bddcf339
Update sevone_enum.rb
...
New updates as per review comments
2013-06-08 02:28:09 +05:30
Karn Ganeshen
1ca8fd2cf1
Update sevone_enum.rb
...
Updated as per initial review comments.
2013-06-08 01:14:43 +05:30
Karn Ganeshen
eb0ae6ed27
Update rfcode_reader_enum.rb
...
Updated as per review comments
2013-06-08 01:00:18 +05:30
Thomas Ring
2bb0bd504c
Makign changes recommended in redmine 7945 to fix SNMP enum module failing to catch some fail cases
2013-06-07 13:55:59 -05:00
Karn Ganeshen
6b8e6b3f0c
Create rfcode_reader_enum.rb
...
Adding new aux - RFCode Reader Web interface Login Brute Force & Config Capture Utility
2013-06-07 23:53:09 +05:30
Karn Ganeshen
fcc600aa3e
Create sevone_enum.rb
...
Adding new aux - SevOne Network Performance Management System application version enumeration and brute force login Utility
2013-06-07 23:39:22 +05:30
jvazquez-r7
9c27a294cb
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-07 13:01:37 -05:00
James Lee
0302437c2b
Land #1915 , smtp user enumeration enhancements
2013-06-07 11:42:41 -05:00
Thomas Ring
8cf5b548c3
make recommended changes
2013-06-06 14:23:25 -05:00
Thomas Ring
067899341e
fix a number of issues with the existing module (slowness, false positives, false negatives, stack traces, enumering unix users on windows systems, etc)
2013-06-06 13:26:04 -05:00
jvazquez-r7
e5a17ba227
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-05 09:41:23 -05:00
sinn3r
a3b25fd7c9
Land #1909 - Novell Zenworks Mobile Device Managment exploit & auxiliary
2013-06-05 02:45:45 -05:00
sinn3r
307773b6a1
Extra space - die!
2013-06-05 02:44:56 -05:00
sinn3r
0c1d46c465
Add more references
2013-06-05 02:43:43 -05:00
sinn3r
5d90c6cd71
Make msftidy happy
2013-06-05 02:11:23 -05:00
sinn3r
ca5155f01d
Final touchup novell_mdm_creds
2013-06-05 02:08:55 -05:00
sinn3r
a5a3f40394
Report auth info
2013-06-05 02:06:32 -05:00
steponequit
ed4766dc46
initial commit of novell mdm modules
2013-06-04 09:20:10 -07:00
jvazquez-r7
4079484968
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-03 15:27:36 -05:00
Tod Beardsley
4cf682691c
New module title and description fixes
2013-06-03 14:40:38 -05:00
CG
571b62d19d
svn scanner added print_good and rport
2013-06-02 18:05:11 -04:00
jvazquez-r7
3a360caba1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-31 19:03:21 -05:00
Bruno Morisson
d318c1cd22
included feedback
2013-06-01 00:31:06 +01:00
sinn3r
e99401ea82
Landing #1817 - couchdb login module
2013-05-31 16:04:10 -05:00
sinn3r
a88321c700
Final touchup
2013-05-31 16:03:30 -05:00
sinn3r
483b5e204f
Missing the header
2013-05-31 16:00:36 -05:00
sinn3r
e398025a7f
I don't think what fails really matters.
2013-05-31 15:59:40 -05:00
Bruno Morisson
d03379f1c6
changed 2 vprint_error to print_error
2013-05-30 11:54:42 +01:00
Roberto Soares Espreto
07203568bd
Performed changes to the correct operation of the module.
2013-05-29 20:50:28 -03:00
Bruno Morisson
612eabd21a
added sap_router_portscanner module
2013-05-29 23:36:53 +01:00
jvazquez-r7
9d91596e46
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-29 16:21:32 -05:00
Tod Beardsley
10d8bebe73
Start with a random username to test 401 codes
...
SeeRM #7991
While this fixes the specific case of tomcat_mgr_login, it doesn't
address the general case where modules are attempting to test code 401
responses in order to determine if bruteforcing should continue.
2013-05-29 12:36:28 -05:00
jvazquez-r7
aa688c4313
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-29 10:47:04 -05:00
Samuel Huckins
f0e3b0c124
Merge pull request #1836 from dmaloney-r7/bug/anyuser_anypass_http
...
Verified MSF specs passing, Pro on develop functional tests working (ran Bruteforce, saw normal and verbose output concerning that bruteforce was skipped for such a case and why, verified no cred saved with 'anyuser' user).
2013-05-29 07:44:18 -07:00
jvazquez-r7
6401d557fd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-28 19:57:16 -05:00
jvazquez-r7
96888455a7
Add new signature for CF9
2013-05-28 16:04:08 -05:00
sinn3r
a6a46f82bb
Updates the description a little bit
2013-05-28 14:31:56 -05:00
sinn3r
e4e5edc619
Looks like we don't need to check MD5, let's keep it that way then.
2013-05-28 14:31:15 -05:00
sinn3r
8ab90e657c
Adds a check for Cold Fusion 10
2013-05-28 14:21:29 -05:00
Matt Andreko
5695994432
Added module to enumerate Canon printer Wifi settings
2013-05-27 18:02:37 -04:00
jvazquez-r7
094a5f1b18
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-26 16:03:33 -05:00
Matt Andreko
ea7805d3c8
Fixed a bug in the HSTS module around null headers
2013-05-23 15:02:39 -04:00
jvazquez-r7
8e41ae3454
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-23 10:59:40 -05:00
John Sherwood
d028f52dbd
Fix broken ms12-020 vulnerability detection
...
The previous version of the script had an off-by-one error that prevented
proper detection of the vulnerability. Changes made in this revision
include:
- Correction of the off-by-one error
- Use of match instead of == to check for valid RDP connection
- Change of the channel requests to use IDs actually provided by
the responses from the server
2013-05-22 00:08:25 -04:00
dmaloney-r7
ee28a3a8d7
Update http_login.rb
...
add parens around conditional to make bikeshed prettier
2013-05-21 11:28:23 -05:00
jvazquez-r7
0f3b13e21d
up to date
2013-05-16 15:02:41 -05:00
jvazquez-r7
d9bdf3d52e
Do final cleanup for sap_smb_relay
2013-05-16 14:25:10 -05:00
jvazquez-r7
9dd582c526
Land #1656 , @nmonkee's module for SMB Relay attacks against SAP
2013-05-16 14:23:39 -05:00
jvazquez-r7
947735bd25
up to date
2013-05-16 11:26:50 -05:00
jvazquez-r7
c21035c0b9
Add final cleanup for sap_ctc_verb_tampering_user_mgmt
2013-05-16 10:42:09 -05:00
jvazquez-r7
7823df0478
Change module filename
2013-05-16 10:41:25 -05:00
jvazquez-r7
f3f0272395
Land #1652 , @nmonkee's SAP CTC Verb Tampering for User Mgmt module
2013-05-16 10:40:17 -05:00
David Maloney
4503a7af50
Don't save creds of anyuser:anypass
...
If http accepts any user and any pass, it's not a real auth
there is no reason to create cred objects for this.
These creds have been confusing our users
2013-05-16 10:25:32 -05:00
nmonkee
11286630d5
modifications to CLBA_ SOAP requests to fix XML kernel processor error
2013-05-16 11:24:29 +01:00
jvazquez-r7
8a18853dfa
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-15 21:35:59 -05:00
jvazquez-r7
c82bb73347
Avoid super verbose output
2013-05-15 17:45:37 -05:00
jvazquez-r7
c410a54d44
Merge SAP SMB Relay abuses in just one module
2013-05-14 20:53:08 -05:00
jvazquez-r7
357ef001cc
Change module filename
2013-05-14 20:52:33 -05:00
jvazquez-r7
83f1418f28
up to date
2013-05-14 14:48:58 -05:00
jvazquez-r7
07b3355a17
Merge branch 'sap_ctc_verb_tampering_add_user_and_add_role' of https://github.com/nmonkee/metasploit-framework
2013-05-14 13:47:39 -05:00
jvazquez-r7
b9caa23b30
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-14 12:26:23 -05:00
Roberto Soares Espreto
3d7c9a9a06
Changed the path from TARGETURI
2013-05-14 00:11:40 -03:00
sinn3r
5e997aaf80
Landing #1816 - lists essential information about CouchDB
2013-05-13 16:46:20 -05:00
sinn3r
cba045a604
Make additional changes to the module
2013-05-13 16:42:33 -05:00
Roberto Soares Espreto
a94d078bfd
Added the statement return to condition: if res.nil?
2013-05-11 00:59:05 -03:00
Roberto Soares Espreto
18ee9af59f
Added couchdb_enum.rb to list essential information about CouchDB
2013-05-10 23:18:48 -03:00
Roberto Soares Espreto
7a7f4a1727
Added couchdb_login.rb to try to brute-force credentials of CouchDB
2013-05-10 23:16:11 -03:00
jvazquez-r7
891e36c947
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-09 17:47:35 -05:00
jvazquez-r7
cf05602c6f
Land #1661 , @nmonkee's sap_soap_rfc_eps_get_directory_listing module
2013-05-09 16:46:13 -05:00
nmonkee
53c08cd60f
fix incorrect printing typo
2013-05-09 21:37:04 +01:00
jvazquez-r7
ca41d859a9
up to date
2013-05-09 13:00:10 -05:00
jvazquez-r7
e711474654
Merge branch 'sap_soap_xmla_bw_smb_relay_' of https://github.com/nmonkee/metasploit-framework
2013-05-09 12:37:46 -05:00
jvazquez-r7
866fa167ab
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-08 16:29:52 -05:00
Tod Beardsley
4c75354a6a
Land #1786 , request_cgi instead of request_raw
...
Also some other small changes to modules, such as sensible defaults for
options.
2013-05-08 14:58:04 -05:00
jvazquez-r7
a1d2680a17
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-06 23:24:21 -05:00
jvazquez-r7
fff8593795
Fix author name
2013-05-06 17:34:37 -05:00
jvazquez-r7
ad21a107ec
up to date
2013-05-06 15:48:59 -05:00
jvazquez-r7
fcb9dc1384
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-06 15:40:22 -05:00
jvazquez-r7
c84febb81a
Fix extra character
2013-05-06 15:19:15 -05:00
jvazquez-r7
92b4d23c09
Add Mariano as Author because of the abuse disclosure
2013-05-06 15:15:15 -05:00
jvazquez-r7
db243e78c8
Land #1682 , sap_router_info_request fix from @nmonkee
2013-05-06 15:13:57 -05:00
jvazquez-r7
85581a0b6f
Clean up sap_soap_rfc_eps_get_directory_listing
2013-05-06 13:21:42 -05:00
jvazquez-r7
1fc0bfa165
Change module filename
2013-05-06 13:20:07 -05:00
jvazquez-r7
2384f34ada
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-03 15:39:16 -05:00
jvazquez-r7
589be270bf
Land #1658 , @nmonkee's SAP module for PFL_CHECK_OS_FILE_EXISTENCE
2013-05-03 14:19:36 -05:00
jvazquez-r7
9e1037bce0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-02 16:15:28 -05:00
jvazquez-r7
b096449a97
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-02 15:12:19 -05:00
Tod Beardsley
7579b574cb
Rework parse_xml
...
We try to avoid using Nokogiri in modules due to the sometimes
uncomfortable dependencies it creates with particular compiled libxml
versions. Also, the previous parse_xml doesn't seem to be correctly
skipping item entries with blank names.
I will paste the test XML in the PR proper, but do check against a live
target to make sure I'm not screwing it up.
2013-05-02 14:43:30 -05:00
Tod Beardsley
902cd7ec85
Revert removal of the SAP module
...
This reverts commit 26da7a6ee7
.
2013-05-02 14:42:35 -05:00
Tod Beardsley
26da7a6ee7
Removing this from master due to test problems
...
This module was moved over to the unstable branch in commit
7106afdf7d
, working up a fix now. Stay
tuned.
2013-05-02 13:43:02 -05:00
jvazquez-r7
132c09af82
Add BID reference
2013-05-02 10:21:09 -05:00
jvazquez-r7
6e68f3cf34
Clean up sap_soap_rfc_pfl_check_os_file_existence
2013-05-02 10:19:15 -05:00
jvazquez-r7
244bf71d4a
Change module filename
2013-05-02 10:15:50 -05:00
jvazquez-r7
29d4e378aa
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-02 09:27:51 -05:00
jvazquez-r7
d9cdb6a138
Fix more feedback provided by @nmonkee: CMD vs COMMAND
2013-05-02 09:08:48 -05:00
jvazquez-r7
c6c7998e3b
Fix feedback provided by @nmonkee
2013-05-02 09:06:51 -05:00
jvazquez-r7
4db81923bf
Update description
2013-05-02 08:45:01 -05:00
jvazquez-r7
4054d91955
Land #1657 , @nmonkee's RZL_READ_DIR_LOCAL SAP dir listing module
2013-05-02 08:38:50 -05:00
jvazquez-r7
e25057b64a
Fix indent level
2013-05-01 22:01:36 -05:00
jvazquez-r7
c406271921
Cleanup sap_soap_rfc_rzl_read_dir
2013-05-01 21:51:06 -05:00
jvazquez-r7
98dd96c57d
Change module filename
2013-05-01 21:50:24 -05:00
jvazquez-r7
6b6b53240b
Fix SAP modules, mainly to make a better use of send_request_cgi
2013-05-01 14:06:53 -05:00
jvazquez-r7
38e41f20fe
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-24 13:24:13 -05:00
sinn3r
cae30bec23
Clean up all the whitespace found
2013-04-23 18:27:11 -05:00
jvazquez-r7
d1c5179b83
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-19 17:48:12 -05:00
jvazquez-r7
c7fcd6931a
Use vprint_error
2013-04-19 16:22:07 -05:00
Christian Mehlmauer
eaff87879e
added text
2013-04-19 22:03:05 +02:00
Christian Mehlmauer
a6be72b019
fixes for mediawiki aux module
2013-04-19 21:43:12 +02:00
jvazquez-r7
d4fa2ba96d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-19 14:14:36 -05:00
sinn3r
7fdf84ac45
Landing #1744 - Checks nil before using resp.headers['Server']
...
[Closes #1744 ]
2013-04-19 10:37:05 -05:00
jvazquez-r7
31586770a0
Added module for OSVDB 92490
2013-04-18 14:34:02 -05:00
RageLtMan
15c6df1482
Check for nil before calling on value
2013-04-18 00:32:37 -04:00
jvazquez-r7
cc35591723
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-15 17:43:15 -05:00
Tod Beardsley
a36c6d2434
Lands #1730 , adds a VERBOSE option checker
...
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
2013-04-15 15:32:56 -05:00
Tod Beardsley
29101bad41
Removing VERBOSE offenders
2013-04-15 15:29:56 -05:00
Meatballs
e4ff7a2f2c
Address egypt's feedback
2013-04-09 21:15:04 +01:00
jvazquez-r7
ba7603e66c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-09 17:34:23 +02:00
sinn3r
76d4538d2a
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-04-09 10:24:54 -05:00
sinn3r
1e258170dc
It's a filename, so not trying to match any single char
2013-04-09 10:20:52 -05:00
sinn3r
50cf039170
Merge branch 'cve-2013-1899-not-auth' of github.com:jhart-r7/metasploit-framework into jhart-r7-cve-2013-1899-not-auth
2013-04-09 10:19:15 -05:00