Commit Graph

2397 Commits (37fa4a73a1a924cff7b77c1cfc59f8d7b6140c63)

Author SHA1 Message Date
jvazquez-r7 d280d45964 Revert "Updated module - 1 req action"
This reverts commit f85b9aa780.
2013-09-05 10:35:13 -05:00
Karn Ganeshen f85b9aa780 Updated module - 1 req action
Modified the code to have it work with 1 request instead of 3. Thanks Meatballs1!
2013-09-05 20:04:02 +05:30
kaospunk 9f628b8b63 Add URI where information was discovered
This adds the URI where the information was enumerated from to the
scanner output.

One more place where target_uri was being used was also corrected.
2013-09-05 10:06:11 -04:00
kaospunk afaab5e0a6 Fixes issues raised by jvazquez-r7
This commit fixes the following issues raised by jvazquez-r7:
* The local target_uri variable has been renamed to test_uri
* Logic to prepend a "/" to the uri has been removed
* The timeout of 10 for send_request_cgi has been removed to use the
  default
2013-09-05 09:34:35 -04:00
kaospunk 533643fe2c Host Information Enumeration via NTLM Authentication
This aux module makes requests to resources on the target server in
an attempt to find resources which permit NTLM authentication. For
resources which permit NTLM authentication a blank NTLM type 1 message
is sent to enumerate a a type 2 message from the target server. The type
2 message is then parsed for information such as the Active Directory
domain and NetBIOS name.

The user can provide their own TARGETURIS file which contains URIs
to request to attempt to get a 401 with NTLM. This PR also includes
a list of URLs that can be used as the default.
2013-09-04 21:39:02 -04:00
Karn Ganeshen 3786376b42 Aux module for Sentry CDU enum 2013-09-03 14:44:03 +05:30
jvazquez-r7 560d384633 Do first modification to Auxiliary::Login and Auxiliary::AuthBrute 2013-08-31 23:38:04 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
rbsec a574b548b2 Updated wordpress_login_enum auxilary module.
Update wordoress_login_enum to work when the wordpress site redirects
to /author/[authorname]/ rather than displaying the author's name in
the page contents.
2013-08-29 15:28:46 +01:00
jvazquez-r7 b9360b9de6 Land #2286, @wchen-r7's patch for undefined method errors 2013-08-26 20:46:05 -05:00
sinn3r 85ed9167f2 Print target endpoint
If a module consistently print the target endpoint in all its print
functions, then we'll follow that.
2013-08-26 17:51:43 -05:00
sinn3r 9f8051161f Properly implement normalize_uri 2013-08-26 17:18:00 -05:00
jvazquez-r7 c660279963 Land #2259, @wchen-r7's patch for [SeeRM #8319] 2013-08-26 16:36:45 -05:00
sinn3r 3769da2722 Better fixes 2013-08-26 14:02:45 -05:00
sinn3r 8c7f4b3e1f Avoid using inline rescue 2013-08-26 13:54:06 -05:00
Christian Mehlmauer 035258389f use feed first before trying to bruteforce 2013-08-25 10:16:43 +02:00
Christian Mehlmauer 5f7ccf1cbe naming..again 2013-08-24 18:58:00 +02:00
Christian Mehlmauer 7cd150b850 another module 2013-08-24 18:42:22 +02:00
Christian Mehlmauer c40252e0b3 bugfixing 2013-08-24 00:04:16 +02:00
kaospunk a863005d33 Removed blanks at EOL
Fixed blanks at EOL per msftidy messages
2013-08-22 14:20:42 -04:00
kaospunk 7e098e4d6b Domain enumeration put in own function
The code to enumerate the AD domain is now in its own function

Additionally, a new advanced option has been added which controls
whether or not the domain enumeration will occur so that if it is
not wanted the user can disabled it. By default this is set to
enumerate the AD domain.

If AD_DOMAIN is already specified then this will be used and no
auto enumeration will occur.
2013-08-22 14:16:00 -04:00
kaospunk 7e0b26e932 Minor fixes to syntax and error handling 2013-08-22 13:23:39 -04:00
kaospunk cdcfa88fa3 Enumerate AD Domain via NTLM Authentication
Add functionality to attempt an NTLM auth against common directories
to try to enumerate the AD domain. If a domain is found this will be
prepended to the authentication requests, otherwise it's business as
usual.
2013-08-22 12:26:14 -04:00
Christian Mehlmauer 556f17c47e Move modules 2013-08-22 17:33:35 +02:00
Christian Mehlmauer 8456d2c0ec remove target_uri 2013-08-22 00:48:42 +02:00
Christian Mehlmauer 959553583f -) revert last commit
-) split into seperate modules
2013-08-22 00:45:22 +02:00
Christian Mehlmauer 009d8796f6 wordpress is now a module, not a mixin 2013-08-22 00:05:58 +02:00
Christian Mehlmauer 2e9a579a08 implement @limhoff-r7 feedback 2013-08-21 21:05:52 +02:00
Christian Mehlmauer ffdd057f10 -) Documentation
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
Christian Mehlmauer 655e2dcf6c more methods 2013-08-21 13:13:41 +02:00
Christian Mehlmauer 11ef8d077c -) added wordpress mixin
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
sinn3r 89753a6390 Fix undefined method error
[FixRM #8323]
2013-08-21 01:22:27 -05:00
sinn3r 92752de651 Fix undefined method error
[FixRM #8324]
2013-08-21 01:20:57 -05:00
sinn3r 77942f0d29 Fix undefined method error
[FixRM #8325]
2013-08-21 01:20:03 -05:00
sinn3r 2fa75e0133 Fix undefined method error
[FixRM #8325]
2013-08-21 01:16:49 -05:00
sinn3r be29e44788 Fix undefined method error
[FixRM #8328]
2013-08-21 01:15:07 -05:00
sinn3r ae8c40c8f7 Fix undefined method error
[FixRM #8329]
2013-08-21 01:10:46 -05:00
sinn3r 42a7766f1b Fix undefined method error
[FixRM #8330]
2013-08-21 01:09:24 -05:00
sinn3r 0f85fa21b4 Fix undefined method error
[FixRM #8331]
2013-08-21 01:08:19 -05:00
sinn3r 8eeb66f96d Fix undefined method error
[FixRM #8332]
2013-08-21 01:06:54 -05:00
sinn3r 785f633d1d Fix undefined method error
[FixRM #8334]
[FixRM #8333]
2013-08-21 01:01:53 -05:00
sinn3r 0561928b92 Fix undefined method error
[FixRM #8336]
2013-08-21 00:54:08 -05:00
sinn3r 2597c71831 Fix undefined method error
[FixRM #8338]
[FixRM #8337]
2013-08-21 00:52:33 -05:00
sinn3r 092b43cbfa Fix undefined method error
[FixRM #8339]
2013-08-21 00:50:37 -05:00
sinn3r 32a190f1bd Fix undefined method error
[FixRM #8340]
2013-08-21 00:49:13 -05:00
sinn3r 217d89fa7c Fix undefined method error
[FixRM #8341]
2013-08-21 00:47:31 -05:00
sinn3r 3a271e7cc7 Fix undefined method error
[FixRM #8342]
2013-08-21 00:45:48 -05:00
sinn3r 35b15b6809 Fix undefined method error
[FixRM #8322]
2013-08-21 00:37:22 -05:00
jvazquez-r7 fe089030d4 Land #2257, @wchen-r7's patch for [SeeRM #8317] 2013-08-20 13:43:37 -05:00
jvazquez-r7 ceb0f56f42 Land #2258, @wchen-r7's patch for [SeeRM #8318] 2013-08-20 13:26:34 -05:00
sinn3r 1702cf2af9 Use TARGETURI 2013-08-20 13:23:32 -05:00
jvazquez-r7 3ac59fede7 Land #2251, @wchen-r7's patch to use OptRegexp 2013-08-20 12:55:30 -05:00
sinn3r 202b31d869 Better fix based on feedback
Tell daddy how you want it.
2013-08-20 12:52:04 -05:00
jvazquez-r7 546c523ed8 Land #2252, @wchen-r7's patch for print_line vs print 2013-08-20 11:17:38 -05:00
jvazquez-r7 8adc4f05dd Land #2250, @wchen-r7's clean up for mssql_ping 2013-08-20 10:38:01 -05:00
jvazquez-r7 586ae8ded3 Land #2249, @wchen-r7's patch for [SeeRM #8314] 2013-08-20 10:32:47 -05:00
jvazquez-r7 277fc69a19 Land #2246, @wchen-r7's patch for [SeeRM #8313] 2013-08-20 10:15:15 -05:00
sinn3r f68d581b7a [FixRM #8319] - Properly disable BLANK_PASSWORDS for ektron_cms400net
In module ektron_cms400net.rb, datastore option "BLANK_PASSWORDS" is
set to false by default, because according to the original author, a
blank password will result in account lockouts. Since the user should
never set "BLANK_PASSWORDS" to true, this option should never be
presented as an option (when issuing the "show options").

While fixing #8319, I also noticed another bug at line 108, where
res.code is used when res could be nil due to a timeout, so I ended
up fixing it, too.
2013-08-20 01:20:52 -05:00
sinn3r 246c2d82f9 [FixRM #8318] - Use normalize_uri properly
normalize_uri should be used when paths are being merged, not after.
2013-08-19 18:04:12 -05:00
sinn3r 3c27520e10 [FixRM #8317] - Fix possible double slash in file path
It is possible to have a double slash in the base path, shouldn't
happen.
2013-08-19 17:55:14 -05:00
sinn3r 268a3e769e Missed this one 2013-08-19 17:45:05 -05:00
sinn3r 7fc37231e0 Fix email format
Correct email format
2013-08-19 16:34:14 -05:00
sinn3r a8ca32ab34 Oh yeah, need to do this too 2013-08-19 16:28:58 -05:00
sinn3r 154b1e8888 Remove comments 2013-08-19 16:27:35 -05:00
sinn3r cf10a0ca91 Use print_line instead of print
These modules should be using print_line instead of print
2013-08-19 16:25:44 -05:00
sinn3r 8eb9266bff Use the correct var 2013-08-19 16:19:03 -05:00
sinn3r 58d5cf6faa Module should use OptRegexp for regex pattern option
Instead of using OptString, OptRegexp should be used because this
datastore option is a regex pattern.
2013-08-19 16:16:34 -05:00
sinn3r 8c03e905de Get rid of function that's never used
RPORT datastore option is deregistered, and is never used anywhere
in the module, so I don't why we need this rport() function here.
2013-08-19 16:09:10 -05:00
Brandon Turner a815d9277e Merge pull request #2245 from todb-r7/grammar-and-such
Trivial grammar and word choice fixes for modules
2013-08-19 13:45:18 -07:00
sinn3r fb5ded1472 [FixRM #8314] - Use OptPath instead of OptString
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
sinn3r 2e74c50880 [SeeRM #8313] - Print where files are stored
As an user, I want to be able to see where my file is stored when the
module I'm using runs a store_loot().
2013-08-19 15:02:15 -05:00
Tod Beardsley ca313806ae Trivial grammar and word choice fixes for modules 2013-08-19 13:24:42 -05:00
sinn3r 86d6bce8c4 [FixRM #8312] - Fix file handle leaks
Fix file handle leaks for [SeeRM #8312]
2013-08-18 20:31:13 -05:00
sinn3r 780293d817 Minor changes 2013-08-16 23:24:40 -05:00
Bruno Morisson eeed74d2b9 fixed typo on a message 2013-08-16 22:32:40 +01:00
Bruno Morisson 9b773dd6f9 Included @jvazquez-r7 feedback 2013-08-16 22:23:22 +01:00
sinn3r a94c6aa72b [FixRM 6264] Check required vulnerable component before testing
tomcat_enum requires the admin web app package for it to work, but
by default many Apache Tomcat don't actually have this. The module
should check that first before trying usernames.

[FixRM 6264], see:
http://dev.metasploit.com/redmine/issues/6264

I also made changes to do_login in order to verify successful/bad
attempts more specific.
2013-08-16 15:45:23 -05:00
sinn3r bbe57dbf3a Some cleanup, also remove TARGETURI because not registered by default 2013-08-16 12:06:24 -05:00
Karn Ganeshen e4885b2017 updated module
removed the csrfkey parameter from login uri.
2013-08-16 13:04:02 +05:30
Karn Ganeshen a65181d51b new revision - cisco_ironport_enum
Added code to check successful conn first, so now if there is no connectivity on target port, script aborts run.
New check to ensure 'set-cookie' is set by the app as expected, before any further fingerprinting & b-f starts.
If the app is not Ironport, 'set-cookie' will not be set & remains null, and so script aborts run.
De-registered 'TARGETURI.'
Registered 'username' and 'password' with default value.
Changed some run messages.
And lastly, changed the csrf key piece cos I miss a cold beer right now.
2013-08-15 04:06:30 +05:30
Juushya d526663a53 Add module to brute force the Cisco IronPort application 2013-08-14 09:16:49 -07:00
jvazquez-r7 5ef1e507b8 Make msftidy happy with http_login 2013-08-05 08:41:07 -05:00
sinn3r 8be3f511a4 Fix undefined variable 'path' for http_login 2013-08-03 21:35:22 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7 a70b346978 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 16:43:39 -05:00
William Vu 95b0735695 Land #2150, smb_enumshares SRVSVC null byte fix 2013-07-24 14:08:01 -05:00
Rich Lundeen 9d032760ac changed description back 2013-07-24 11:51:06 -07:00
Rich Lundeen e89e2af9dc changed to chomp 2013-07-24 11:09:00 -07:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Bruno Morisson 4f0cf426b7 hopefully actually fixed indents.
Included @jvazquez-r7 suggested changes
2013-07-24 16:43:20 +01:00
Rich Lundeen 3854d08dd9 Fixed smb_enumshares to support dir list in SRVSVC 2013-07-23 21:36:26 -07:00
Tod Beardsley 147d432b1d Move from DLink to D-Link 2013-07-23 14:11:16 -05:00
Bruno Morisson 1a2d5e472f msftidy - fixed indents 2013-07-22 19:03:52 +01:00
Bruno Morisson acb236006c metasploit module for CVE-2013-3319 / SAP Security Note 1816536
Note: only tested on SAP running on Windows, but should equally work on vulnerable linux/*nix versions.
2013-07-22 18:36:38 +01:00
jvazquez-r7 e2f6218104 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-12 08:38:08 -05:00
sinn3r 279787d942 Make this error less verbose too 2013-07-11 17:36:11 -05:00
sinn3r 0906345af4 Ah, typo 2013-07-11 16:53:39 -05:00
sinn3r eb1905025d I bet having ip:rport will make more sense 2013-07-11 16:45:52 -05:00
sinn3r 0a9c1bcfff Too verbose by default drives users nuts, go easy on that. 2013-07-11 13:41:22 -05:00
sinn3r 55dbfc9281 shares_info should only run if there's shares found 2013-07-11 13:36:26 -05:00
sinn3r 14b3e6440c Check nil 2013-07-11 13:31:30 -05:00
sinn3r ca0880428f Make sure module is awre of USE_SRVSVC_ONLY if that kicks in 2013-07-11 11:08:09 -05:00
sinn3r a6ce629c3c Capture a 0xC00000BB condition, plus some other fixes 2013-07-11 10:52:58 -05:00
sinn3r 3e229fe236 [SeeRM:#1233] - Upgrade smb_enumshares to show directories & files
[SeeRM:#1233] - This is an upgrade based on ringt's code in PR #2017.
As a pentester, it's useful to obtain additional information such as
device type, access rights, folders, and files, etc when doing a share
enumeration.  I have also enhanced exception handling to avoid shutting
errors up, which is better for debugging purposes.
2013-07-11 00:06:25 -05:00
jvazquez-r7 b8ce98b896 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-10 14:04:46 -05:00
lsanchez-r7 5c93fb2849 arp_sweep is once again working
modified the capture mixin to use NetworkInteface instead of
pcaprub for interfaces and addresses

FIXRM #8023,#7943
2013-07-08 17:24:28 -05:00
jvazquez-r7 6e44cb56bf Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-03 12:44:47 -05:00
jvazquez-r7 6cb53583b7 Make msftidy happy 2013-07-03 12:42:37 -05:00
jvazquez-r7 61c85b10d3 Add final cleanup for #2012 2013-07-03 12:41:12 -05:00
jvazquez-r7 4a076e0351 Land #2012, @morisson improve for sap_router_portscanner 2013-07-03 12:39:59 -05:00
jvazquez-r7 4ac5261802 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-02 11:20:26 -05:00
jvazquez-r7 76a9abfd4e Fix last print_ message format 2013-07-02 11:17:16 -05:00
jvazquez-r7 e9441f540e Land #2048, @todb-r7 fix for print_* messages on the ipmi work 2013-07-02 11:16:11 -05:00
jvazquez-r7 2ceb404f7d Land #2047, @hmoore-r7 ipmi related work 2013-07-02 11:13:25 -05:00
Tod Beardsley 2fbea86884 IPMI scanners should mention IPMI in their messages 2013-07-02 10:44:42 -05:00
Tod Beardsley d668a20820 Use rport instead of datastore['RPORT'] 2013-07-02 10:29:25 -05:00
Tod Beardsley 1d87530e67 Add some verbosity on IPMI version scanning 2013-07-02 10:25:40 -05:00
jvazquez-r7 72f19181d1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-01 16:38:19 -05:00
Tod Beardsley bc24f99f8d Various description and title updates 2013-07-01 15:37:37 -05:00
HD Moore 62b62f4e9d Fix bad hash detection 2013-06-30 15:57:47 -05:00
HD Moore cca071ff55 Rework to reduce open fds, remove bugs, handle null user 2013-06-30 15:32:33 -05:00
HD Moore 6b3178a67b Fix EOL spaces 2013-06-30 14:38:30 -05:00
HD Moore ad4f15daed Switch to UDPScanner mixin, trim this down, add reporting 2013-06-30 14:36:51 -05:00
HD Moore 8e4dd29a4c Add cipher zero scanner 2013-06-30 02:35:37 -05:00
HD Moore 1e21f0e2aa Updated output formats, top 1000 passwords 2013-06-29 22:01:25 -05:00
jvazquez-r7 90b30dc317 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-26 14:31:52 -05:00
sinn3r 7009748cf5 Fix module 2013-06-25 22:09:45 -05:00
Bruno Morisson 2da278f151 fixed indent 2013-06-25 23:08:58 +01:00
sinn3r 7ba54e2ece IIS requires a hello first 2013-06-25 15:43:58 -05:00
zyx2k c829a7ec86 SMTP Open Relay scanner 2013-06-25 16:22:51 +01:00
HD Moore be20a76be1 Remove 'Hash' string from the written output 2013-06-24 15:45:09 -05:00
HD Moore 1801a5a270 Better HP iLO compatibility (retry on session ID error) 2013-06-24 14:23:53 -05:00
RageLtMan 593a99d76e ipmi version scanner: fix probe method name 2013-06-24 01:38:17 -04:00
Bruno Morisson 7ab8485acc output as table, added info on ports, added comment with default ports. msftidy cleanup. 2013-06-23 23:59:31 +01:00
Bruno Morisson 3cfcdfca9e output as table, added info on ports, added comment with default ports 2013-06-23 23:52:48 +01:00
Bruno Morisson 9f5eceec10 minor cleanups 2013-06-23 17:55:38 +01:00
HD Moore c869112407 Cleanup, reporting, and automatic cracking 2013-06-23 01:35:31 -05:00
HD Moore 5656e0cb7a Initial commit of IPMI library, scanner, & cracker 2013-06-22 23:38:28 -05:00
Bruno Morisson e969cbb0bb added INSTANCES option, and support for it on PORTS 2013-06-22 23:09:59 +01:00
jvazquez-r7 2150d9efb0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-22 12:06:18 -05:00
sinn3r 64cfda8dad Final 2013-06-20 13:28:12 -05:00
sinn3r bfb78e001a Add HP System Management Homepage Login Utility 2013-06-20 12:54:03 -05:00
jvazquez-r7 6319f041df Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-20 08:21:40 -05:00
Steve Tornio 55312529d2 add osvdb ref 94417 2013-06-19 23:13:45 -05:00
jvazquez-r7 a01f0c4671 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 09:34:51 -05:00
sinn3r 90cad4b7fb Land #1980 - Canon Printer Wireless Configuration Disclosure 2013-06-18 19:09:38 -05:00
sinn3r abc3951ca2 Final touchup 2013-06-18 19:08:42 -05:00
Matt Andreko 7f1a913bdc Code Review Feedback from wchen
Fixed the disclosure date format
Removed the rport option
Added a call to report_note to store the data
2013-06-18 12:13:19 -04:00
jvazquez-r7 9e3053f24d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-18 10:00:44 -05:00
jvazquez-r7 aa134b0bcc Land #1973, @wchen-r7's fix to handle ftp auth correctly 2013-06-18 09:34:55 -05:00
jvazquez-r7 ae1a3e3ca1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-17 20:39:31 -05:00
Tod Beardsley 4ca9a88324 Tidying up grammar and titles 2013-06-17 16:49:14 -05:00
Matt Andreko df8c80e3d1 Added CVE and disclosure date 2013-06-17 17:40:36 -04:00
sinn3r 163d3e771b Handle connect_login return value properly
Some modules ignore connect_login's return value, which may result
an EOF if send_cmd() is used later on.  All the modules fixed are
the ones require auth according to the module description, or
CVE/vendor/OSVDB info.
2013-06-17 15:48:34 -05:00
jvazquez-r7 1b456ab511 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-17 08:46:16 -05:00
jvazquez-r7 fed6427f16 Land #1884, @morrisson's saprouter port scanner module 2013-06-17 08:38:10 -05:00
jvazquez-r7 2e201bb2a3 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-16 15:19:36 -05:00
jvazquez-r7 d20f72a9fd Fix indentation 2013-06-16 15:18:19 -05:00
jvazquez-r7 3cd94f5025 Do final cleanup for infovista_enum 2013-06-16 11:50:40 -05:00
Matt Andreko fd026c5b34 Added References and Disclosure Date 2013-06-15 18:31:20 -04:00
jvazquez-r7 11bf17b0d6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-15 11:55:22 -05:00
Bruno Morisson 852fc33c13 Added feedback, cleanup, and simplified modes 2013-06-15 17:16:10 +01:00
KarnGaneshen ba59434261 added infovista module 2013-06-15 17:16:26 +05:30
jvazquez-r7 7a11077834 Land #1923, @juushya's module for rfcode brute forcing 2013-06-14 13:36:14 -05:00
jvazquez-r7 ae027a9efb Final cleanup for rfcode_reader_enum 2013-06-14 13:09:48 -05:00
jvazquez-r7 6fbb782ada Clean sap_router_portscanner 2013-06-13 10:08:44 -05:00
KarnGaneshen 6188df1b3a added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken. 2013-06-13 14:03:55 +05:30
jvazquez-r7 0b9cf213df Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-12 12:03:10 -05:00
KarnGaneshen 871f1b7c1f updated prints with ip-port reference. msftidy check. module load check. go rf reader.. 2013-06-12 00:53:58 +05:30
KarnGaneshen 736bf120d9 added sname in report data, corrected :host to rhost, :port to rport. msftidy check. module load check. upping it. 2013-06-12 00:25:50 +05:30
jvazquez-r7 0578572d98 Change sevone_enum because it's an Scanner 2013-06-11 08:51:15 -05:00
KarnGaneshen 5c078f5139 added report_note to store collected info. removed register rport for 80t. msftidy & module load checked. pushing it up. 2013-06-11 12:57:26 +05:30
jvazquez-r7 c641184e37 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-10 13:30:36 -05:00
jvazquez-r7 0c6dbe9885 Add final cleanup for sevone_enum 2013-06-10 13:16:22 -05:00
jvazquez-r7 6765a911a4 Land #1921, @juushya brute force login module for SevOne 2013-06-10 13:15:14 -05:00
sinn3r 622dc27d95 Land #1925 - fix SNMP enum module failing to catch some fail cases
[FixRM:#7945]
2013-06-10 12:51:02 -05:00
KarnGaneshen 72a9c8612b setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30
KarnGaneshen 5c988d99fe more updates to sevone.rb. hopefully all is covered.. 2013-06-10 21:59:18 +05:30
KarnGaneshen 04171c46ec more updates to sevone.rb. hopefully all is covered. 2013-06-10 21:47:56 +05:30
Karn Ganeshen ffa18d413f Updated rfcode_reader_enum.rb ...
Updated as per review comments. 
Removed loot of network configuration.
Used JSON.parse to bring cleaner loot output
Changed some print_goods to vprint_status
Changed if not to unless
2013-06-08 03:21:43 +05:30
Karn Ganeshen 74bddcf339 Update sevone_enum.rb
New updates as per review comments
2013-06-08 02:28:09 +05:30
Karn Ganeshen 1ca8fd2cf1 Update sevone_enum.rb
Updated as per initial review comments.
2013-06-08 01:14:43 +05:30
Karn Ganeshen eb0ae6ed27 Update rfcode_reader_enum.rb
Updated as per review comments
2013-06-08 01:00:18 +05:30
Thomas Ring 2bb0bd504c Makign changes recommended in redmine 7945 to fix SNMP enum module failing to catch some fail cases 2013-06-07 13:55:59 -05:00
Karn Ganeshen 6b8e6b3f0c Create rfcode_reader_enum.rb
Adding new aux - RFCode Reader Web interface Login Brute Force & Config Capture Utility
2013-06-07 23:53:09 +05:30
Karn Ganeshen fcc600aa3e Create sevone_enum.rb
Adding new aux - SevOne Network Performance Management System application version enumeration and brute force login Utility
2013-06-07 23:39:22 +05:30
jvazquez-r7 9c27a294cb Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-07 13:01:37 -05:00
James Lee 0302437c2b Land #1915, smtp user enumeration enhancements 2013-06-07 11:42:41 -05:00
Thomas Ring 8cf5b548c3 make recommended changes 2013-06-06 14:23:25 -05:00
Thomas Ring 067899341e fix a number of issues with the existing module (slowness, false positives, false negatives, stack traces, enumering unix users on windows systems, etc) 2013-06-06 13:26:04 -05:00
jvazquez-r7 e5a17ba227 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-05 09:41:23 -05:00
sinn3r a3b25fd7c9 Land #1909 - Novell Zenworks Mobile Device Managment exploit & auxiliary 2013-06-05 02:45:45 -05:00
sinn3r 307773b6a1 Extra space - die! 2013-06-05 02:44:56 -05:00
sinn3r 0c1d46c465 Add more references 2013-06-05 02:43:43 -05:00
sinn3r 5d90c6cd71 Make msftidy happy 2013-06-05 02:11:23 -05:00
sinn3r ca5155f01d Final touchup novell_mdm_creds 2013-06-05 02:08:55 -05:00
sinn3r a5a3f40394 Report auth info 2013-06-05 02:06:32 -05:00
steponequit ed4766dc46 initial commit of novell mdm modules 2013-06-04 09:20:10 -07:00
jvazquez-r7 4079484968 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-03 15:27:36 -05:00
Tod Beardsley 4cf682691c New module title and description fixes 2013-06-03 14:40:38 -05:00
CG 571b62d19d svn scanner added print_good and rport 2013-06-02 18:05:11 -04:00
jvazquez-r7 3a360caba1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-31 19:03:21 -05:00
Bruno Morisson d318c1cd22 included feedback 2013-06-01 00:31:06 +01:00
sinn3r e99401ea82 Landing #1817 - couchdb login module 2013-05-31 16:04:10 -05:00
sinn3r a88321c700 Final touchup 2013-05-31 16:03:30 -05:00
sinn3r 483b5e204f Missing the header 2013-05-31 16:00:36 -05:00
sinn3r e398025a7f I don't think what fails really matters. 2013-05-31 15:59:40 -05:00
Bruno Morisson d03379f1c6 changed 2 vprint_error to print_error 2013-05-30 11:54:42 +01:00
Roberto Soares Espreto 07203568bd Performed changes to the correct operation of the module. 2013-05-29 20:50:28 -03:00
Bruno Morisson 612eabd21a added sap_router_portscanner module 2013-05-29 23:36:53 +01:00
jvazquez-r7 9d91596e46 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-29 16:21:32 -05:00
Tod Beardsley 10d8bebe73 Start with a random username to test 401 codes
SeeRM #7991

While this fixes the specific case of tomcat_mgr_login, it doesn't
address the general case where modules are attempting to test code 401
responses in order to determine if bruteforcing should continue.
2013-05-29 12:36:28 -05:00
jvazquez-r7 aa688c4313 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-29 10:47:04 -05:00
Samuel Huckins f0e3b0c124 Merge pull request #1836 from dmaloney-r7/bug/anyuser_anypass_http
Verified MSF specs passing, Pro on develop functional tests working (ran Bruteforce, saw normal and verbose output concerning that bruteforce was skipped for such a case and why, verified no cred saved with 'anyuser' user).
2013-05-29 07:44:18 -07:00
jvazquez-r7 6401d557fd Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-28 19:57:16 -05:00
jvazquez-r7 96888455a7 Add new signature for CF9 2013-05-28 16:04:08 -05:00
sinn3r a6a46f82bb Updates the description a little bit 2013-05-28 14:31:56 -05:00
sinn3r e4e5edc619 Looks like we don't need to check MD5, let's keep it that way then. 2013-05-28 14:31:15 -05:00
sinn3r 8ab90e657c Adds a check for Cold Fusion 10 2013-05-28 14:21:29 -05:00
Matt Andreko 5695994432 Added module to enumerate Canon printer Wifi settings 2013-05-27 18:02:37 -04:00
jvazquez-r7 094a5f1b18 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-26 16:03:33 -05:00
Matt Andreko ea7805d3c8 Fixed a bug in the HSTS module around null headers 2013-05-23 15:02:39 -04:00
jvazquez-r7 8e41ae3454 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-23 10:59:40 -05:00
John Sherwood d028f52dbd Fix broken ms12-020 vulnerability detection
The previous version of the script had an off-by-one error that prevented
proper detection of the vulnerability.  Changes made in this revision
include:

 - Correction of the off-by-one error
 - Use of match instead of == to check for valid RDP connection
 - Change of the channel requests to use IDs actually provided by
   the responses from the server
2013-05-22 00:08:25 -04:00
dmaloney-r7 ee28a3a8d7 Update http_login.rb
add parens around conditional to make bikeshed prettier
2013-05-21 11:28:23 -05:00
jvazquez-r7 0f3b13e21d up to date 2013-05-16 15:02:41 -05:00
jvazquez-r7 d9bdf3d52e Do final cleanup for sap_smb_relay 2013-05-16 14:25:10 -05:00
jvazquez-r7 9dd582c526 Land #1656, @nmonkee's module for SMB Relay attacks against SAP 2013-05-16 14:23:39 -05:00
jvazquez-r7 947735bd25 up to date 2013-05-16 11:26:50 -05:00
jvazquez-r7 c21035c0b9 Add final cleanup for sap_ctc_verb_tampering_user_mgmt 2013-05-16 10:42:09 -05:00
jvazquez-r7 7823df0478 Change module filename 2013-05-16 10:41:25 -05:00
jvazquez-r7 f3f0272395 Land #1652, @nmonkee's SAP CTC Verb Tampering for User Mgmt module 2013-05-16 10:40:17 -05:00
David Maloney 4503a7af50 Don't save creds of anyuser:anypass
If http accepts any user and any pass, it's not a real auth
there is no reason to create cred objects for this.
These creds have been confusing our users
2013-05-16 10:25:32 -05:00
nmonkee 11286630d5 modifications to CLBA_ SOAP requests to fix XML kernel processor error 2013-05-16 11:24:29 +01:00
jvazquez-r7 8a18853dfa Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-15 21:35:59 -05:00
jvazquez-r7 c82bb73347 Avoid super verbose output 2013-05-15 17:45:37 -05:00
jvazquez-r7 c410a54d44 Merge SAP SMB Relay abuses in just one module 2013-05-14 20:53:08 -05:00
jvazquez-r7 357ef001cc Change module filename 2013-05-14 20:52:33 -05:00
jvazquez-r7 83f1418f28 up to date 2013-05-14 14:48:58 -05:00
jvazquez-r7 07b3355a17 Merge branch 'sap_ctc_verb_tampering_add_user_and_add_role' of https://github.com/nmonkee/metasploit-framework 2013-05-14 13:47:39 -05:00
jvazquez-r7 b9caa23b30 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-14 12:26:23 -05:00
Roberto Soares Espreto 3d7c9a9a06 Changed the path from TARGETURI 2013-05-14 00:11:40 -03:00
sinn3r 5e997aaf80 Landing #1816 - lists essential information about CouchDB 2013-05-13 16:46:20 -05:00
sinn3r cba045a604 Make additional changes to the module 2013-05-13 16:42:33 -05:00
Roberto Soares Espreto a94d078bfd Added the statement return to condition: if res.nil? 2013-05-11 00:59:05 -03:00
Roberto Soares Espreto 18ee9af59f Added couchdb_enum.rb to list essential information about CouchDB 2013-05-10 23:18:48 -03:00
Roberto Soares Espreto 7a7f4a1727 Added couchdb_login.rb to try to brute-force credentials of CouchDB 2013-05-10 23:16:11 -03:00
jvazquez-r7 891e36c947 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-09 17:47:35 -05:00
jvazquez-r7 cf05602c6f Land #1661, @nmonkee's sap_soap_rfc_eps_get_directory_listing module 2013-05-09 16:46:13 -05:00
nmonkee 53c08cd60f fix incorrect printing typo 2013-05-09 21:37:04 +01:00
jvazquez-r7 ca41d859a9 up to date 2013-05-09 13:00:10 -05:00
jvazquez-r7 e711474654 Merge branch 'sap_soap_xmla_bw_smb_relay_' of https://github.com/nmonkee/metasploit-framework 2013-05-09 12:37:46 -05:00
jvazquez-r7 866fa167ab Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-08 16:29:52 -05:00
Tod Beardsley 4c75354a6a Land #1786, request_cgi instead of request_raw
Also some other small changes to modules, such as sensible defaults for
options.
2013-05-08 14:58:04 -05:00
jvazquez-r7 a1d2680a17 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-06 23:24:21 -05:00
jvazquez-r7 fff8593795 Fix author name 2013-05-06 17:34:37 -05:00
jvazquez-r7 ad21a107ec up to date 2013-05-06 15:48:59 -05:00
jvazquez-r7 fcb9dc1384 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-06 15:40:22 -05:00
jvazquez-r7 c84febb81a Fix extra character 2013-05-06 15:19:15 -05:00
jvazquez-r7 92b4d23c09 Add Mariano as Author because of the abuse disclosure 2013-05-06 15:15:15 -05:00
jvazquez-r7 db243e78c8 Land #1682, sap_router_info_request fix from @nmonkee 2013-05-06 15:13:57 -05:00
jvazquez-r7 85581a0b6f Clean up sap_soap_rfc_eps_get_directory_listing 2013-05-06 13:21:42 -05:00
jvazquez-r7 1fc0bfa165 Change module filename 2013-05-06 13:20:07 -05:00
jvazquez-r7 2384f34ada Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-03 15:39:16 -05:00
jvazquez-r7 589be270bf Land #1658, @nmonkee's SAP module for PFL_CHECK_OS_FILE_EXISTENCE 2013-05-03 14:19:36 -05:00
jvazquez-r7 9e1037bce0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-02 16:15:28 -05:00
jvazquez-r7 b096449a97 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-02 15:12:19 -05:00
Tod Beardsley 7579b574cb Rework parse_xml
We try to avoid using Nokogiri in modules due to the sometimes
uncomfortable dependencies it creates with particular compiled libxml
versions. Also, the previous parse_xml doesn't seem to be correctly
skipping item entries with blank names.

I will paste the test XML in the PR proper, but do check against a live
target to make sure I'm not screwing it up.
2013-05-02 14:43:30 -05:00
Tod Beardsley 902cd7ec85 Revert removal of the SAP module
This reverts commit 26da7a6ee7.
2013-05-02 14:42:35 -05:00
Tod Beardsley 26da7a6ee7 Removing this from master due to test problems
This module was moved over to the unstable branch in commit
7106afdf7d , working up a fix now. Stay
tuned.
2013-05-02 13:43:02 -05:00
jvazquez-r7 132c09af82 Add BID reference 2013-05-02 10:21:09 -05:00
jvazquez-r7 6e68f3cf34 Clean up sap_soap_rfc_pfl_check_os_file_existence 2013-05-02 10:19:15 -05:00
jvazquez-r7 244bf71d4a Change module filename 2013-05-02 10:15:50 -05:00
jvazquez-r7 29d4e378aa Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-02 09:27:51 -05:00
jvazquez-r7 d9cdb6a138 Fix more feedback provided by @nmonkee: CMD vs COMMAND 2013-05-02 09:08:48 -05:00
jvazquez-r7 c6c7998e3b Fix feedback provided by @nmonkee 2013-05-02 09:06:51 -05:00
jvazquez-r7 4db81923bf Update description 2013-05-02 08:45:01 -05:00
jvazquez-r7 4054d91955 Land #1657, @nmonkee's RZL_READ_DIR_LOCAL SAP dir listing module 2013-05-02 08:38:50 -05:00
jvazquez-r7 e25057b64a Fix indent level 2013-05-01 22:01:36 -05:00
jvazquez-r7 c406271921 Cleanup sap_soap_rfc_rzl_read_dir 2013-05-01 21:51:06 -05:00
jvazquez-r7 98dd96c57d Change module filename 2013-05-01 21:50:24 -05:00
jvazquez-r7 6b6b53240b Fix SAP modules, mainly to make a better use of send_request_cgi 2013-05-01 14:06:53 -05:00
jvazquez-r7 38e41f20fe Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-24 13:24:13 -05:00
sinn3r cae30bec23 Clean up all the whitespace found 2013-04-23 18:27:11 -05:00
jvazquez-r7 d1c5179b83 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-19 17:48:12 -05:00
jvazquez-r7 c7fcd6931a Use vprint_error 2013-04-19 16:22:07 -05:00
Christian Mehlmauer eaff87879e added text 2013-04-19 22:03:05 +02:00
Christian Mehlmauer a6be72b019 fixes for mediawiki aux module 2013-04-19 21:43:12 +02:00
jvazquez-r7 d4fa2ba96d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-19 14:14:36 -05:00
sinn3r 7fdf84ac45 Landing #1744 - Checks nil before using resp.headers['Server']
[Closes #1744]
2013-04-19 10:37:05 -05:00
jvazquez-r7 31586770a0 Added module for OSVDB 92490 2013-04-18 14:34:02 -05:00
RageLtMan 15c6df1482 Check for nil before calling on value 2013-04-18 00:32:37 -04:00
jvazquez-r7 cc35591723 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-15 17:43:15 -05:00
Tod Beardsley a36c6d2434 Lands #1730, adds a VERBOSE option checker
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
2013-04-15 15:32:56 -05:00
Tod Beardsley 29101bad41 Removing VERBOSE offenders 2013-04-15 15:29:56 -05:00
Meatballs e4ff7a2f2c Address egypt's feedback 2013-04-09 21:15:04 +01:00
jvazquez-r7 ba7603e66c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-09 17:34:23 +02:00
sinn3r 76d4538d2a Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-04-09 10:24:54 -05:00
sinn3r 1e258170dc It's a filename, so not trying to match any single char 2013-04-09 10:20:52 -05:00
sinn3r 50cf039170 Merge branch 'cve-2013-1899-not-auth' of github.com:jhart-r7/metasploit-framework into jhart-r7-cve-2013-1899-not-auth 2013-04-09 10:19:15 -05:00