Commit Graph

3427 Commits (3927024f79a1d637abeaf5514ad67a1068ae50ec)

Author SHA1 Message Date
jvazquez-r7 ca765e2cc5 Refactor client mixin 2015-01-08 15:46:24 -06:00
jvazquez-r7 3debcef00b Fix call from aux module 2015-01-08 14:24:27 -06:00
jvazquez-r7 c205ef28d4 Refactor build_gc_call 2015-01-08 14:01:04 -06:00
jvazquez-r7 73e3cd19c3 Convert java_rmi_server aux mod to use new mixin 2015-01-08 00:29:50 -06:00
jvazquez-r7 d59805568e Do first module refactoring try 2015-01-07 19:06:09 -06:00
dmooray 8c23e8c2e8 ruby 2.2 compatibility
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
sinn3r 44dfa746eb Resolve #4513 - Change #inspect to #to_s
Resolve #4513
2015-01-05 11:50:51 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart 8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222 2014-12-18 17:21:26 -08:00
sinn3r 6b0a98b69c
Resolve #4408 - bad uncaught nil get_once 2014-12-17 14:02:42 -06:00
William Vu f6af86a06d
Land #4402, ms12_020_check NilClass fix 2014-12-16 15:34:25 -06:00
William Vu 2604746fb7
Land #4361, Kippo detector 2014-12-15 14:54:48 -06:00
William Vu 8394cc13a8
Perform final cleanup of detect_kippo 2014-12-15 14:38:38 -06:00
sinn3r c611249723 Take full advantage of the check command 2014-12-15 12:50:59 -06:00
sinn3r 9edb2b4fab Fix #4378 - Do exception handling
Fix #4378
2014-12-15 12:37:36 -06:00
Brandon Perry eb47ca593e update desc to include domain admin information 2014-12-13 13:01:41 -06:00
Brandon Perry 2e94280cba mv bmc to scanner/http 2014-12-13 12:58:16 -06:00
Andrew Morris 8dd5da9d64 added blog post reference 2014-12-12 18:53:26 -08:00
HD Moore f676b72767
Add Kademlia scanner, lands #4210 2014-12-12 16:40:58 -06:00
HD Moore 338cce02c9 Downcase the service name for consistency 2014-12-12 16:40:42 -06:00
Andrew Morris f5374d1552 Added report_service method for database support, added port number in the print_status output, removed arbitrary comments, fixed some spacing. Ready for another review from msf devs 2014-12-12 11:57:35 -08:00
jvazquez-r7 b1f7682713 Make msftidy happy 2014-12-12 12:59:00 -06:00
jvazquez-r7 493034ad10 Land #3305, @claudijd Cisco SSL VPN Privilege Escalation exploit 2014-12-12 12:57:00 -06:00
Christian Mehlmauer 0f27c63720
fix msftidy warnings 2014-12-12 13:16:21 +01:00
Jon Hart 65b316cd8c
Land #4372 2014-12-11 18:48:16 -08:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Christian Mehlmauer de88908493
code style 2014-12-11 23:30:20 +01:00
dmaloney-r7 47c38ed04e Merge pull request #4364 from todb-r7/bug/bruteforce-speed-3904
Modules should respect bruteforce_speed again
2014-12-11 13:19:42 -06:00
Tod Beardsley 51762e1194
Explicitly include the HTTP Login scanner
This should be the last commit that fixes #3904.
2014-12-11 11:08:08 -06:00
Tod Beardsley b533f74024
Add a bruteforce_speed option to all LoginScanners 2014-12-11 11:06:32 -06:00
Andrew Morris 7afa87f168 screwed up formatting. updated indention at the end. ok seriously, going to bed now 2014-12-11 01:05:56 -08:00
Andrew Morris 291166e1ff forgot to run through msftidy.rb. made a few minor corrections 2014-12-11 00:47:39 -08:00
Andrew Morris a1624c15ae Addressed some recommendations made by wvu-r7. Need to remove some comments, add reporting, etc. 2014-12-11 00:40:20 -08:00
Andrew Morris 22c9db5818 added detect_kippo.rb 2014-12-10 19:37:35 -08:00
Jonathan Claudius e89a399f95 Merge remote-tracking branch 'upstream/master' into add_cisco_ssl_vpn_priv_esc 2014-12-09 20:55:01 -05:00
Tod Beardsley 09617f990b Implement BRUTEFORCE_SPEED respect (telnet)
This implements just for telnet, but assuming this strategy is kosher,
it's not too painful to add for the rest of the LoginScanner using the
old defaults used by `AuthBrute`.

See #3904, @dmaloney-r7 or @jlee-r7
2014-12-09 15:40:43 -06:00
Christian Mehlmauer 916503390d
use get_data 2014-12-08 22:49:02 +01:00
Christian Mehlmauer fb9724e89d
fix heartbleed cert parsing, fix #4309 2014-12-08 21:58:38 +01:00
Jon Hart 85e0d72711
Land #4229, @tatehansen's module for CVE-2014-7992 2014-12-04 17:20:49 -08:00
Jon Hart f0cfcd4faf
Update dlsw_leak_capture name and print_
This makes it more obvious exactly what is being scanned for
2014-12-04 17:20:01 -08:00
Jon Hart 52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT 2014-12-04 13:26:16 -08:00
Jon Hart 6bd56ac225
Update any modules that deregistered NETMASK 2014-12-04 13:22:06 -08:00
tate 3aecd3a10e added DLSw v1 and v2 check, added check for \x00 in leak segment 2014-12-03 23:27:11 -07:00
William Vu 3a978e1147
Land #4280, frontpage_login improvements 2014-12-02 14:56:57 -06:00
jvazquez-r7 0ab2e99419
Delete version from title 2014-12-01 10:24:12 -06:00
jvazquez-r7 f4e20284a4 Change mixin include order 2014-12-01 10:22:20 -06:00
jvazquez-r7 d85aabfed9 Use vprint by default 2014-12-01 10:20:12 -06:00
jvazquez-r7 e0cb0f7966 Fix description 2014-12-01 10:19:14 -06:00
jvazquez-r7 fa07b466d6 Use single quote and minor cosmetic changes 2014-12-01 09:57:29 -06:00
jvazquez-r7 d5888a7f6f Fix module options 2014-12-01 09:55:36 -06:00
jvazquez-r7 47acf3487d Do minor cleanup
* Prepend peer
* Use print_good when file downloaded
2014-12-01 09:53:00 -06:00
Roberto Soares Espreto e4b3ee2811 Changed the module name. 2014-12-01 01:00:14 -02:00
Roberto Soares Espreto ecbce679a8 Remove timeout on line 59. 2014-12-01 00:51:12 -02:00
Roberto Soares Espreto f3957ea428 FILEPATH changed from false to true. 2014-12-01 00:48:47 -02:00
Roberto Soares Espreto 97ee975235 Deleted checking on line 48. 2014-12-01 00:46:58 -02:00
Roberto Soares Espreto 84ce573227 Deleted line 61 which returns the server status code. 2014-12-01 00:39:05 -02:00
Tiago Sintra 6f6274735f Update frontpage_login.rb
Vhost is now used if specified.
Added X-Vermeer-Content-Type header, which seems to be required for the RPC service otherwise server responds with:
method=
status=

    status=262147
    osstatus=0
    msg=No "CONTENT_TYPE" on CGI environment.
    osmsg=
2014-11-28 17:21:47 +00:00
Roberto Soares Espreto d75ffc36da Changed the description of FILEPATH 2014-11-27 00:50:34 -02:00
Roberto Soares Espreto f8dc366f42 Add CVE-2014-7816 Directory Traversal for WildFly 8 Application 2014-11-27 00:13:29 -02:00
Jon Hart 79b2b5e231 RPORT is required by UDPScanner; deregister instead 2014-11-26 07:39:14 -08:00
jvazquez-r7 d4e5cd25e1 Report credentials for new login level 15 2014-11-25 16:35:16 -06:00
jvazquez-r7 dc253efa19 Use Rex::Text.rand_text* 2014-11-25 16:35:06 -06:00
jvazquez-r7 f20afff1a8 Do return instead of abort 2014-11-25 16:34:57 -06:00
jvazquez-r7 d876efaa0f Delete ssh_socket attribute 2014-11-25 16:34:47 -06:00
jvazquez-r7 5091bc76ad Do minor cleanup 2014-11-25 16:34:22 -06:00
jvazquez-r7 c92a26e967 Update from upstream master 2014-11-25 16:30:45 -06:00
Jon Hart 0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
All of the work is done in rex.  The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
Tod Beardsley 77b1f2d2f0
Fixup for release
Fixes the grammar on the SMTP enumeration module and the Cisco CDP
module, and adds a more informative description and reference for the
CDP module introduced on PR #4061.
2014-11-24 10:50:43 -06:00
Jon Hart e9750e2df8
Minor style/usability cleanups 2014-11-24 06:57:31 -08:00
sinn3r 57419bb0fc Fix #4253 - Print access level for snmp_login
Fix #4253 - module should print the access level
2014-11-22 23:09:15 -06:00
tate 9828598cb7 removing timeout method and option 2014-11-22 00:28:56 -07:00
tate 57b04f96a7 working with DLSw protocol check 2014-11-21 23:54:00 -07:00
tate b9a274f869 improving DLSw detection 2014-11-21 18:58:02 -07:00
jvazquez-r7 3ac1f7d4fb
Land #4242, @Meatballs1 fix for sap_service_discovery report_note
* I cannot reproduce @Meatballs1 issue
* But I noticed report_note should :update with :unique_data
* Fixed the :update
2014-11-21 10:16:08 -06:00
jvazquez-r7 e30ee9fee2 Update with :unique_data 2014-11-21 10:14:39 -06:00
HD Moore 99a23ada5c Module cleanup, error handling, and reporting 2014-11-20 16:18:20 -06:00
Jon Hart e255db9429
Partial commit 2014-11-20 13:49:36 -08:00
Jon Hart 94e5ba13a4 YARD and spec cleanup 2014-11-20 13:28:01 -08:00
Jon Hart df36ac910d Mostly complete Kademlia PING / BOOTSTRAP scanner 2014-11-20 13:28:01 -08:00
Jon Hart ab49d01a1b Add beginnings of Kademlia gather module and protocol support 2014-11-20 13:28:00 -08:00
HD Moore 2f6c4a9ba4 Slight tweak to description/author email formatting 2014-11-20 14:53:52 -06:00
Meatballs ee15179441
Fix service discovery errors 2014-11-20 18:22:33 +00:00
Rich Whitcroft 8306d739e3 add scanner module to extract domain from NTLM challenge 2014-11-20 11:02:21 -05:00
tate a4a1048f95 modified to get data collection off sock working 2014-11-19 11:17:58 -07:00
Jon Hart 7d6e7a6bfa
Minor Ruby style and module usability cleanup 2014-11-18 16:33:05 -08:00
tate 6b8b49ff98 improving metasploit module based on feedback 2014-11-18 15:03:18 -07:00
jvazquez-r7 542eb6e301 Handle exception in brute force exploits 2014-11-18 12:17:10 -08:00
Jon Hart 82f89e620b Clean up nfs mount scanner to *print_* better 2014-11-18 12:17:10 -08:00
Jon Hart b2f9307e0a vprint # of RPC programs, since the table comes right after 2014-11-18 12:17:10 -08:00
Jon Hart a9f9a8b116 Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner 2014-11-18 12:17:10 -08:00
Jon Hart c7794a7ed9 Clean up Ruby style in sunrpc_portmapper 2014-11-18 12:17:09 -08:00
Jon Hart 059d84e4ca More consistent *print_* and Rex::Ui::Text::Table for sunrpc_portmapper 2014-11-18 12:17:09 -08:00
tate 703e0486fb Add DLSw leak capture module for CVE-2014-7992 2014-11-17 20:35:54 -07:00
HD Moore 9fe4994492 Chris McNab has been working with MITRE to add these CVEs
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
William Vu a521d469ed
Land #4194, Quake protocol support 2014-11-15 17:44:19 -06:00
Jon Hart 57aef9a6f5
Land #4177, @hmoore-r7's fix for #4169 2014-11-13 18:29:57 -08:00
Jon Hart ebf6fe4e56
Minor style cleanup 2014-11-12 16:44:43 -08:00
Jon Hart 07a1653e57
Add gather module for Quake servers 2014-11-12 13:32:56 -08:00
Tod Beardsley 54158c8662
Land #4005, TNS poison checker 2014-11-12 13:29:59 -06:00
Tod Beardsley d242bc220b
Minor fixups and disclosure date for TNS module 2014-11-12 13:25:10 -06:00
Tod Beardsley 955a5142ca Edit e-mail address for antispam 2014-11-12 13:19:04 -06:00
Tod Beardsley 7e05f88399
Reapply PR #4113 (removed via #4175) 2014-11-11 15:06:43 -06:00
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Tod Beardsley 017a44c0ae
Revert errored merge of deea30d
Revert "Merge branch 'master' of https://github.com/farias-r7/metasploit-framework into upstream-master"

This reverts commit deea30ddb4, reversing
changes made to 14514d7b8b.
2014-11-11 14:38:47 -06:00
HD Moore 96ba6da697
Add the UDP scanner template, lands #4113.
There is some additional work to do regarding CHOST/CPORT, but this is not tied to the udp template changes.
2014-11-11 11:59:30 -06:00
Nikita c0285067c9 Add new module to test TNS poison
msf auxiliary(tnspoison_checker) > show options 

Module options (auxiliary/scanner/oracle/tnspoison_checker1):

   Name     Current Setting                          Required  Description
   ----     ---------------                          --------  -----------
   RHOSTS   172.16.2.100, 172.16.2.24, 172.16.2.101  yes       The target address range or CIDR identifier
   RPORT    1521                                     yes       The target port
   THREADS  1                                        yes       The number of concurrent threads

msf auxiliary(tnspoison_checker) > exploit 

[+] 172.16.2.100:1521 is vulnerable
[*] Scanned 1 of 3 hosts (033% complete)
[-] 172.16.2.24:1521 is not vulnerable 
[*] Scanned 2 of 3 hosts (066% complete)
[-] 172.16.2.101:1521 unable to connect to the server
[*] Scanned 3 of 3 hosts (100% complete)
[*] Auxiliary module execution completed
2014-11-11 17:29:27 +03:00
Tod Beardsley cca30b536f
Land #4094, fixes for OWA brute forcer
Fixes #4083

Thanks TONS to @jhart-r7 for doing most of the work on this!
2014-11-05 14:00:26 -06:00
Jon Hart ff8d481eec Update description to remove comments about defaults. Default to 2013 2014-11-04 21:21:19 -08:00
Jon Hart 2c028ca7a6 Move redirect check before body check -- a redirect won't have a body 2014-11-04 14:19:21 -08:00
Jon Hart 7855ede2de Move userpass emptiness checking into setup 2014-11-04 14:07:39 -08:00
Tod Beardsley 5fb268bbdf
Updates to better OWA fix 2014-11-04 14:32:54 -06:00
Jon Hart b0e388f4c3
Land #3516, @midnitesnake's snmp_enumusers fix for Solaris, OS X 2014-11-04 08:23:16 -08:00
Tod Beardsley 51b96cb85b
Cosmetic title/desc updates 2014-11-03 13:37:45 -06:00
Jon Hart 8f197d4918 Move to build_probe 2014-11-03 08:41:51 -08:00
Jon Hart 121ebdfef6 update_info 2014-10-31 13:17:50 -07:00
Jon Hart b99e71dcdd Example UDPScanner style cleanup, move most to UDPScanner 2014-10-31 12:14:04 -07:00
Jon Hart ff0b52cffb Example per-batch vprint, a useful default 2014-10-31 10:31:31 -07:00
Jon Hart 94d4388af9 Improvements to example UDPScanner 2014-10-31 09:53:10 -07:00
Jon Hart d9f0a10737 Add new example template for scanning UDP services 2014-10-31 08:06:31 -07:00
Jon Hart 15e1c253fa Numerous cleanups for snmp_enumusers
* Bring in line with Ruby standards
* More sane format for adding new OSs
* Better logging for use on larger networks
* Better error handling
2014-10-29 23:54:32 -07:00
Jon Hart ba5035c7ef
Prevent calling match when there is no WWW-auth header 2014-10-28 17:13:57 -07:00
Jon Hart a5d883563d
Abort if 2013 desired but redirect didn't happen 2014-10-28 15:59:22 -07:00
Jon Hart 7ca4ba26b0
Show more helpful vprint messages when login fails 2014-10-28 15:48:04 -07:00
Jon Hart bce8f34a71
Set proper Cookie header from built cookie string 2014-10-28 15:41:36 -07:00
Jon Hart a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response 2014-10-28 15:40:15 -07:00
Tod Beardsley 9c028c1435
Fixes #4083, make the split nil-safe
In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.

This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.
2014-10-28 14:59:20 -05:00
sinn3r e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner 2014-10-28 01:45:57 -05:00
Jonathan Claudius d799625507 Switch to vprint_good for verbose good things 2014-10-28 01:53:54 -04:00
Jonathan Claudius 0fa461737e Fix null arguments syntax 2014-10-28 01:49:54 -04:00
Jonathan Claudius 7a727f9bff Make msftidy happy 2014-10-28 01:48:13 -04:00
Jonathan Claudius 595b4d2bbd Clean up aux check review comments 2014-10-28 01:44:52 -04:00
Jon Hart b8c9ef96ca
Land #4003, @nstarke's Login Scanner for WD MyBook Live NAS 2014-10-27 09:57:43 -07:00
Jon Hart 83df08aaa7 Properly encode body and catch invalid configs 2014-10-22 22:43:06 -07:00
sinn3r 0ea03c00a5 Use print_brute instead of print_good for format consistency 2014-10-22 16:14:45 -05:00
Jon Hart ce8a9941ea Cleanup. Sanity check in setup. vprint 2014-10-22 10:36:24 -07:00
James Lee 46acf08e2d Merge remote-tracking branch 'upstream/master' into bug/msp-11497/loginscanner-tcp-evasions 2014-10-22 09:09:34 -05:00
nstarke ee3dd3a2ac More Fixes for WD MyBook Live Scanner
Fixes include removing deregistered options
from credentials collection object and adding proof
 when there is no response
2014-10-22 03:06:21 +00:00
James Lee 0fcd1ac4f6
Restore tcp evasions to smb_login 2014-10-21 18:59:11 -05:00
James Lee e1a7e902d6
Re-enable tcp evasions for more LoginScanners
Untested since I don't have targets for these.
2014-10-21 18:58:28 -05:00
sinn3r 6d11ec8477 These mods support Proxies, so make the option visible for the user 2014-10-21 15:39:24 -05:00
sinn3r db7c420d8d Merge the latest changes 2014-10-21 13:49:42 -05:00
James Lee f9f8c413a8
Derp, ssh modules don't include Tcp for #proxies 2014-10-21 13:28:13 -05:00
sinn3r 79d393c5aa Resolve merge conflicts
Conflicts:
	lib/msf/core/exploit/smb.rb
	lib/msf/core/exploit/tcp.rb
	modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
James Lee 4705aeb762
Restore tcp evasions to ftp, pop3, vnc 2014-10-21 11:06:55 -05:00
James Lee 7d150ce0dd
Add tcp evasions to mysql 2014-10-21 10:05:18 -05:00
James Lee e76ee294a1
Restore tcp evasions to telnet 2014-10-21 09:44:55 -05:00
nstarke 82b74d5f3c Fixes to MyBook Live Module
This commit contains three fixes as requested on PR
#4003.  Those include:

+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
nstarke 70b13819d9 Adding Login Scanner for MyBook Live
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
jvazquez-r7 d6f4c02c2a
Land #3979, @wchen-r7 fixes #3976, http_login not using TARGETURI, neither uri normalization 2014-10-20 18:10:57 -05:00
jvazquez-r7 74ac16081f
Land #3981, @wchen-r7 Fixes #3974, axis_login.rb does not normalize URI 2014-10-20 17:51:13 -05:00
HD Moore 935a23296d
Updates to NAT-PMP, lands #4041 2014-10-20 11:26:26 -05:00
James Lee 3051b6c5ba
Clean up exceptions
Of particular note is mysql, who was rescuing Rex::ConnectionTimeout
*after* Rex::ConnectionError, which never would have fired anyway.
2014-10-20 10:27:02 -05:00
James Lee b7d69bec83
Restore proxies to ssh scanners 2014-10-20 10:19:06 -05:00
Jon Hart 2985b39267
Land #3980, @wchen-r7 fixed #3975 2014-10-19 17:11:06 -07:00
ikkini c2174c7910 return if no version response received 2014-10-19 00:29:36 +02:00
James Lee 329a600b84
Add tcp evasion options to mssql_login 2014-10-17 17:40:21 -05:00
William Vu 10f3969079
Land #4043, s/http/http:/ splat
What is a splat?
2014-10-17 13:41:07 -05:00
William Vu 367ea5d3db
Add disclosure date 2014-10-17 12:35:28 -05:00
Tod Beardsley ccdaf2b576
Fix the banner
Turns out these will be broken in outstanding PRs for a while. At least
they won't be merge conflicts.
2014-10-17 12:23:23 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley ad501b25e4
Filename move to be less redundant 2014-10-17 11:25:14 -05:00
Jon Hart 8fdae8fbfb Move protocol and lifetime to mixin, use correct map_target if CHOST 2014-10-16 13:24:17 -07:00
James Lee 40b360555f
Make the error message a little more useful 2014-10-16 12:47:13 -05:00
Tod Beardsley 8cf10be779
Don't assume SSLv3 is set (kill FP+s) 2014-10-16 10:43:58 -05:00
Tod Beardsley 0b67efd51e
Add a POODLE scanner and general SSL version scan 2014-10-16 10:27:37 -05:00
James Lee 41a57b7ba5
Re-enable proxies for HTTP-based login scanners 2014-10-15 17:00:44 -05:00
Jon Hart 07f2d4dafe
Further improvements to NAT-PMP. Faster, more useful, less not useful 2014-10-15 06:39:38 -07:00
Tod Beardsley 592f1e9893
Land #3999, errors on login suppressed by default
This also solved the merge conflict on:

	modules/auxiliary/scanner/http/jenkins_login.rb

Fixes #3995.
2014-10-14 16:35:09 -05:00
Jon Hart ea6824c46f WIP of NAT-PMP rework 2014-10-14 14:20:24 -07:00
William Vu bdbad5a81d
Fix misaligned bracket 2014-10-14 13:43:59 -05:00
Tod Beardsley 9f6008e275
A couple OSVDB updates for recent modules 2014-10-14 13:39:36 -05:00
Tod Beardsley 56534e7ad3
Changed a login failed to vprint instead of print
People often like to supress failed attempts. Note that this change may
or may not have any effect, given the status of #3995.

This module was introduced in PR #3947.
2014-10-14 12:01:09 -05:00
Nikita 621b9523b1 Update tnspoison_checker.rb 2014-10-13 22:05:08 +04:00
Nikita 1996886ae9 Update tnspoison_checker.rb 2014-10-13 12:53:39 +04:00
Nikita 22aabc7805 Add new module to test TNS poison
This module simply checks the server for vulnerabilities like TNS Poison
2014-10-13 12:21:07 +04:00
sinn3r 9500038695 Fix #3995 - Make negative messages less verbose
As an user testing against a large network, I only want to see
good news, not bad news.
2014-10-11 11:11:09 -05:00
sinn3r 260aa8dc22 Fix #3984 - Fix broken check for drupal_views_user_enum 2014-10-10 10:23:20 -05:00
nstarke 472985a8a8 Adding Buffalo Linkstation NAS Login Scanner
I have added a login scanner for the Buffalo Linkstation
NAS.  I have been testing against version 1.68 of the
firmware.  Also included are some specs for this module.
2014-10-10 03:16:48 +00:00
Tod Beardsley aefd15c185
Land #3376, ARRIS SNMP enumerator from @inokii 2014-10-09 15:28:06 -05:00
sinn3r 7d8eadada6 Fix #3974 - Validate and normalize URI for axis_login 2014-10-09 14:33:39 -05:00
sinn3r c9c34beafa Fix #3975 - Register TARGETURI, not URI
The module should register TARGETURI and call #target_uri for
URI validation.
2014-10-09 14:10:29 -05:00
sinn3r d366cdcd6e Fix #3976 - validate and normalize user-supplied URI for http_login.rb
URI should be validated and normalized before being used in an HTTP
request.
2014-10-09 12:14:33 -05:00
Spencer McIntyre a535d236f6
Land #3947, login scanner for jenkins by @nstarke 2014-10-09 12:59:02 -04:00
Spencer McIntyre 6ea530988e Apply rubocop changes and remove multiline print 2014-10-09 12:57:39 -04:00
sinn3r df0d4f9fb2 Fix #3973 - Unneeded datastore option URI
When Glassfish is installed, the web root is always /, so there is
no point to make this arbitrary.
2014-10-09 00:06:15 -05:00
nstarke 328be3cf34 Fine Tuning Jenkins Login Module
At the request of the maintainers, I have deregistered the
RHOST option and made the failure proof a verbose only
print.
2014-10-08 17:53:21 -05:00
William Vu 399a61d52e
Land #3946, ntp_readvar updates 2014-10-06 21:57:57 -05:00
nstarke e1b0ba5d3d Removing 'require pry'
I accidentally left a reference to pry in my code.
Removing
2014-10-06 21:40:39 -05:00
nstarke b8c2643d56 Converting Module to LoginScanner w/ Specs
The previous commits for this Jenkins CI module relied on an
obsolete pattern.  Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
sinn3r d3354d01f0 Fix #3808 - NoMethodError undefined method `map'
NoMethodError undefined method `map' due to an incorrect use of
load_password_vars
2014-10-06 15:42:51 -05:00
Jon Hart 8c8ccc1d54
Update Authors 2014-10-06 11:30:39 -07:00
nstarke 69400cf280 Fixing Author Declaration
I had accidentally listed myself three times as the author.
Fixing that issue so that I am only declaring myself once.
2014-10-05 23:17:28 -05:00
nstarke c0a3691817 Adding Jenkins-CI Login Scanner
Per Github issue #3871 (RM8774), I have added a
login scanner module for Jenkins-CI installations.
2014-10-05 22:08:34 -05:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
Jon Hart a341756e83
Support spoofing source IPs for NTP readvar, include status messages 2014-10-03 14:05:57 -07:00
Jon Hart fa4414155a
Only include the exact readvar payload, not any padding 2014-10-03 13:58:13 -07:00
Jon Hart 65c1a8230a
Address most Rubocop complaints 2014-10-03 13:47:29 -07:00
Jon Hart 0715c671c6
Update NTP readvar module to detect DRDoS, UDPScanner to be faster 2014-10-03 13:28:30 -07:00
HD Moore 77bb2df215 Adds support for both CVEs, lands #3931 2014-10-01 17:06:59 -05:00
William Vu 51bc5f52c1
Add CVE-2014-6278 support
Going with an OptEnum to simplify the code for now...
2014-10-01 16:40:55 -05:00