Commit Graph

3427 Commits (3927024f79a1d637abeaf5514ad67a1068ae50ec)

Author SHA1 Message Date
jvazquez-r7 67c0ee654b Use Gem::Version 2014-09-12 10:35:12 -05:00
jvazquez-r7 0d054d8354 Update with master changes 2014-09-12 09:52:32 -05:00
Luke Imhoff 706655f755
Land #3779, Glassfish LoginScanner exception
MSP-11343
2014-09-11 15:57:47 -05:00
Tod Beardsley d2f2b142b4
Land #3760, Arris WEP/WPA leak from @dheiland-r7 2014-09-11 15:39:19 -05:00
James Lee 8aa06b8605
Better api for check_setup 2014-09-10 23:43:54 -05:00
James Lee c1658e5d51 Add a check_setup method 2014-09-10 20:09:46 -05:00
James Lee 84e4db9035 Don't raise in the middle
MSP-11343

This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
2014-09-10 20:09:33 -05:00
Deral Heiland 872ba6a53b Update arris_dg950 module with required changes
Collapsed several levels of the if/else statement and changed out 2 with
case. Changed print_good to print_line. Removed rescue ::Interrupt and
altered variable names to make them more readable
2014-09-10 19:07:53 -04:00
James Lee 257f0fc93e
Quick fix for ssh_login_pubkey
Fixes #3772, closes #3774
2014-09-10 09:57:17 -05:00
James Lee b8000517cf
Land #3746, reinstate DB_ALL_CREDS 2014-09-08 17:24:12 -05:00
David Maloney 2ac15f2088
some fixes based on Christruncer's feedback
fixed some stuff i borked, back to you chris
2014-09-08 15:27:01 -05:00
David Maloney cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor 2014-09-08 14:48:37 -05:00
Tod Beardsley 4abee39ab2
Fixup for release
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
David Maloney 09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds 2014-09-08 12:52:25 -05:00
Deral Heiland 9a6ee5090a Add Arris DG950A SNMP data extraction module
This module will extract critical data such as WPA and WEP keys from
the Arris DG950a model cable modem via the SNMP protocal.
2014-09-08 11:04:31 -04:00
sinn3r 0ccb39c057
Land #3726 - Fix typos in wordpress login 2014-09-08 09:40:57 -05:00
jvazquez-r7 10bb77af9f
Land #3716, @wchen-r7's Glassfish LoginScanner update 2014-09-07 21:54:34 -05:00
sinn3r 08ce278cca Got these wrong 2014-09-04 17:05:51 -05:00
sinn3r cb490fc00e [SeeRM #8836] Change boot.ini to win.ini 2014-09-04 17:03:21 -05:00
William Vu 50ac8366fd
Refactor CHANGE/RESET to actions
Missed in c1fdc4d945.
2014-09-04 14:36:04 -05:00
sinn3r 0dcf481d76 This one is good to go 2014-09-04 14:13:33 -05:00
William Vu 84f9ec0aad
Refactor implicit options hash
Missed in c1fdc4d945.
2014-09-04 13:30:06 -05:00
David Maloney 00ec47fb83
call new prepend cred methods
add method calls o all the lgoinscanner modules
so that they call the prepend_db_* methods as approrpiate
these methods automatically check to see if DB_ALL_CREDS was
selected
2014-09-04 12:32:35 -05:00
David Maloney c5755824a6
pass in vhost and useragent
have http loginscanner modules pass in VHOST
and Useragent to the LoginScanner classes
2014-09-04 11:02:19 -05:00
sinn3r dd4fd7bb39 The reporting part 2014-09-03 16:32:23 -05:00
sinn3r e1694ec3e5 LoginScanner update for hp_sys_mgmt_login
Work in progress
2014-09-03 16:23:57 -05:00
jvazquez-r7 185ce36859
Land #3701, @wchen-ru's AppleTV modules 2014-09-03 12:30:50 -05:00
Matthew Kienow 7dd73084bb
Added WiFi ifindex discovery and enhanced error handling 2014-09-01 00:49:10 -04:00
Matthew Kienow cf0f00a376 Variable name changes per ruby style guide 2014-08-31 23:57:20 -04:00
Matthew Kienow 0735de0fd4 Changes to error output per PR comments 2014-08-31 23:57:20 -04:00
Matthew Kienow 0a01da1ca9 Changed default value for SNMP Version option 2014-08-31 23:57:20 -04:00
Matthew Kienow e6126fde72 Modified to pull username and password first 2014-08-31 23:57:19 -04:00
Matthew Kienow 5153886077 Added disclosure URL and cleaned up output fields 2014-08-31 23:57:19 -04:00
inokii 4ef369112f Cleanup per msftidy report of Spaces at EOL 2014-08-31 23:57:19 -04:00
inokii e37d56766f Corrected extraction of WEP keys, current key, RADIUS server and port 2014-08-31 23:57:19 -04:00
inokii f1cd601401 Modified logic to attempt to process WiFi key data even if primary Wifi interface is not up 2014-08-31 23:57:19 -04:00
inokii e5111f7634 Simplified get_radius_info method and cleaned up comments 2014-08-31 23:57:19 -04:00
inokii c556a6e331 Fixed syntax issue 2014-08-31 23:57:19 -04:00
inokii 81047e911a Corrected OIDs to all numeric 2014-08-31 23:57:19 -04:00
inokii b253e444cb Initial commit of SBG6580 scanner after cleanup 2014-08-31 23:57:18 -04:00
DrDinosaur 8ba5488198 Update wordpress_login_enum.rb
Fixed some typos.
2014-08-30 13:37:48 -10:00
David Maloney a142e78a66
refactor wordpress_xml_rpc_login
refactor the login module to use the loginscanner class
2014-08-29 13:09:09 -05:00
David Maloney 0e14b271a1
Merge branch 'master' into wordpress-xmlrpc-login-scanner 2014-08-29 12:50:34 -05:00
jvazquez-r7 40f581458a
Land #3570, @ikkini scanner for rsync 2014-08-28 18:48:32 -05:00
jvazquez-r7 9fb9ab813c Add URL reference 2014-08-28 18:47:56 -05:00
jvazquez-r7 bc542a011d Change module filename 2014-08-28 18:42:30 -05:00
jvazquez-r7 213fe23970 Clean rsync_modules_list 2014-08-28 18:40:55 -05:00
sinn3r f097ef96e0 Use && 2014-08-28 12:13:03 -05:00
sinn3r d0d9949d91 Do SSL options correctly 2014-08-28 12:04:14 -05:00
Matt Andreko 784ece574e Found additional typos. 2014-08-28 09:03:19 -05:00
Matt Andreko cb634cfef3 Fixed annoying typo that shows up in validation screenshots 2014-08-28 08:50:30 -05:00
sinn3r 0ba2f1e457 Leave a note about the old empty password issue 2014-08-27 17:06:11 -05:00
sinn3r d5b70cca24 "Auth bypass" does not really describe what the feature actually does 2014-08-27 16:56:07 -05:00
sinn3r a32ffc4c26 Add the final portion for Glassfish login module 2014-08-27 15:09:11 -05:00
sinn3r 5d8cbe0544 Early version of Glassfish using LoginScanner 2014-08-27 01:23:02 -05:00
HD Moore fde2687c9e Store edition,version,build in the fingerprint.match 2014-08-26 18:44:08 -05:00
Tom Sellers d5e39ae284 Adjustments for new LoginScanner code 2014-08-26 18:13:00 -05:00
HD Moore ba1f7c3bf6 Land #3687, reworks the nat-pmp portscanner 2014-08-26 14:34:46 -05:00
HD Moore ed9bb3e52c Fix a small typo 2014-08-26 14:34:10 -05:00
Jon Hart 775ebce56b
Correct natpmp_portscan's print_* usage to include peer 2014-08-26 12:27:12 -07:00
HD Moore 4e19d9ade1 Land #3545, fix up sip scanners, msftidy, db services cmd 2014-08-26 14:07:21 -05:00
Jon Hart 5826d7b164
vprint_status when no external address obtained, print_ is too noisy 2014-08-26 12:05:40 -07:00
Jon Hart e75e213b52
Clarify SIP mixin method name, store header values as string, etc 2014-08-26 11:40:49 -07:00
Jon Hart 162508f532 Update NAT-PMP modules to use new/updated mixins 2014-08-26 10:49:53 -07:00
Jon Hart 816404bb88 Move common NAT-PMP functionality into a central place 2014-08-26 10:49:53 -07:00
Jon Hart bb00c97f46
Add a CERT reference 2014-08-26 08:29:28 -07:00
Jon Hart 40fe2fd3a9
Remove DRDoS references, as this just proves amplification 2014-08-26 08:23:50 -07:00
Jon Hart 10f52d8765
Use MX of 1 to speed up responses from endpoints that respect it 2014-08-26 08:00:30 -07:00
Jon Hart 333c3a90ae
Space between SSDP headers and values, which is sometimes required 2014-08-26 07:57:59 -07:00
Jon Hart 337cd02dd7
Change Auxiliary::DRDoS' prove_drdos to prove_amplification 2014-08-26 07:48:44 -07:00
Jon Hart 04fbd07a16
vprint_error in the unlikely event we get an unexpected response 2014-08-26 07:30:14 -07:00
Jon Hart 79b05db409
Correct minor style issues 2014-08-26 07:26:30 -07:00
xistence 63b75a0093 SSDP Amplification module changes 2014-08-26 16:03:32 +07:00
xistence a90d142140 Add UPnP SSDP Amplication Scanner 2014-08-26 12:53:14 +07:00
HD Moore 73e4ec709f Fix smb_port and require 'recog' when no DB/MDM 2014-08-25 15:42:18 -05:00
sinn3r 463815d240 Add AppleTV modules (imge, video and login) 2014-08-25 15:24:41 -05:00
Jon Hart 6a522cc105 Remove unused BATCHSIZE from SIP options_tcp, duplicate from options 2014-08-25 13:12:29 -07:00
Jon Hart bfa89bb3a5 Enforce binary encoding on non-modules, no encoding on modules 2014-08-25 13:12:29 -07:00
Jon Hart 6185721a61 Address @hmoore-r7's feedback regarding binary encoding 2014-08-25 13:11:22 -07:00
Jon Hart 9955cb5b27 Enforce proper protocol case where necessary 2014-08-25 13:11:22 -07:00
Jon Hart 637f86f37d Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner 2014-08-25 13:11:21 -07:00
Jon Hart c2e70446ed Move SIP module stuff to Msf::Exploit::Remote::SIP 2014-08-25 13:11:21 -07:00
Jon Hart 02e41c27e7 Split SIP response parsing out on its own, add unit tests.
Passes rspec but fails in framework. WIP.
2014-08-25 13:11:20 -07:00
Jon Hart d4ea3e9f29 Pass protocol down to parse_reply for report_* purposes 2014-08-25 13:09:39 -07:00
Jon Hart a2e2e37a69 Fix SIP options scanning 2014-08-25 13:09:39 -07:00
Jon Hart 2a4d73ee35 Add status message that displays delay between requests 2014-08-25 12:55:27 -07:00
Jon Hart 5c61c09c6b auxiliary/scanner/http/soap_xml cleanup
This:

* Corrects Ruby style (most) everywhere
* Uses Rex's sleep, converts to milliseconds -- seconds are too granular
* Moves begin/rescue inside nested verb+noun loop
* Prints errors even if not in verbose mode
* Corrects URI construction when PATH ends with /
2014-08-25 12:55:27 -07:00
David Maloney 152ddb2f32
refactor the ipboard-login module
now that we have the loginScanner class, we simplify the module
by using the scanner and credcollection classes to handle all
the real work for us
2014-08-25 14:32:47 -05:00
Tod Beardsley 6d9833e32b
Minor pre-release updates with descriptions 2014-08-25 13:34:45 -05:00
Tod Beardsley 2f87c880df
Add link to blog post for NTP modules 2014-08-25 12:58:10 -05:00
Tod Beardsley c3213a73e5
Use peer when writing scanner modules
This fixes the module seen in PR rapid7#3684 to use the peer method at
the beginning of print_* messages, rather than the vhost method at the
end. Doing this tends to make reading the output much easier since it's
more consistent.

Incidentally, this module has an msftidy complaint:

````
--- Checking new and changed module syntax with tools/msftidy.rb ---
modules/auxiliary/scanner/http/ipboard_login.rb - [INFO] Please use
vars_get in send_request_cgi: send_request_cgi({ 'uri' =>
normalize_uri(target_uri.path,
"index.php?app=core&module=global&section=login&do=process"
````

This should be fixed as well, or explained why it's not being honored.
2014-08-25 12:48:32 -05:00
William Vu 1ee83ff57e
Land #3696, pile of NTP DRDoS 0days
Dr. DoS in da house?
2014-08-25 11:47:28 -05:00
William Vu 7a76efa7f7
Add reference and disclosure date 2014-08-25 11:46:47 -05:00
OJ a39f7b94ec
Land #3684 - IP Board Login Scanner 2014-08-25 11:54:42 +10:00
Christopher Truncer 302e4025ba Removed unnecessary function 2014-08-24 20:45:28 -04:00
Christopher Truncer 2b59063d6c Updated based on feedback 2014-08-24 19:53:29 -04:00
Christopher Truncer 84f4fa5c76 Updated module based on feedback 2014-08-22 21:16:53 -04:00
Joe Vennix 95fbb8f1b7
Land PR #3672, dmaloney-r7's login scanner credential rework. 2014-08-22 11:15:32 -05:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging"
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
2014-08-22 10:17:44 -05:00
Christopher Truncer 3918acb1e1 Changed keyword used when returning 2014-08-21 12:34:54 -04:00
Christopher Truncer a0b72bba93 Updated module based on feedback 2014-08-21 12:26:41 -04:00
Christopher Truncer 383906c26c Removed function no longer used 2014-08-20 22:51:01 -04:00
Christopher Truncer c93bfb4673 Fixed targeturi value 2014-08-20 21:23:45 -04:00
Christopher Truncer 7f90b81711 IP Board Login Scanner Module 2014-08-20 21:18:19 -04:00
Jon Hart 9f9f28cc31
If a peer is 127.0.0.1, don't try to store it because we (currently...) can't 2014-08-20 15:48:54 -07:00
Jon Hart 9db3dc7ad8
Store peer data note in the same format as originally 2014-08-20 15:10:45 -07:00
Jon Hart 758c3fa518
Only discard monlist replies that are impossibly short
This fixes the case where if a monlist reply only includes one peer
2014-08-20 15:02:21 -07:00
Jon Hart 7ad9300d37
Update ntp_monlist to use UDPScanner, NTP and DRDoS mixins 2014-08-20 14:41:00 -07:00
Jon Hart 8fd4ee87ab
Allow singular NTP version and mode 7 implementation testing 2014-08-20 12:21:39 -07:00
Tom Sellers 3fdad4dc91
Update auxillary/scanner/ftp with Credential Gem 2014-08-19 13:13:05 -05:00
David Maloney 473b92a060
Merge branch 'master' into feature/MSP-10992/scanner-dry
Conflicts:
	Gemfile.lock
	lib/metasploit/framework/command/console.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/credential.rb
	lib/metasploit/framework/credential_collection.rb
	lib/metasploit/framework/login_scanner/afp.rb
	lib/metasploit/framework/login_scanner/axis2.rb
	lib/metasploit/framework/login_scanner/db2.rb
	lib/metasploit/framework/login_scanner/ftp.rb
	lib/metasploit/framework/login_scanner/http.rb
	lib/metasploit/framework/login_scanner/mssql.rb
	lib/metasploit/framework/login_scanner/mysql.rb
	lib/metasploit/framework/login_scanner/pop3.rb
	lib/metasploit/framework/login_scanner/postgres.rb
	lib/metasploit/framework/login_scanner/result.rb
	lib/metasploit/framework/login_scanner/smb.rb
	lib/metasploit/framework/login_scanner/snmp.rb
	lib/metasploit/framework/login_scanner/ssh.rb
	lib/metasploit/framework/login_scanner/telnet.rb
	lib/metasploit/framework/login_scanner/vnc.rb
	lib/metasploit/framework/parsed_options/console.rb
	lib/metasploit/framework/require.rb
	lib/metasploit/framework/version.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/afp/afp_login.rb
	modules/auxiliary/scanner/db2/db2_auth.rb
	modules/auxiliary/scanner/ftp/ftp_login.rb
	modules/auxiliary/scanner/http/axis_login.rb
	modules/auxiliary/scanner/http/http_login.rb
	modules/auxiliary/scanner/http/tomcat_mgr_login.rb
	modules/auxiliary/scanner/mssql/mssql_login.rb
	modules/auxiliary/scanner/mysql/mysql_login.rb
	modules/auxiliary/scanner/pop3/pop3_login.rb
	modules/auxiliary/scanner/postgres/postgres_login.rb
	modules/auxiliary/scanner/snmp/snmp_login.rb
	modules/auxiliary/scanner/ssh/ssh_login.rb
	modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
	modules/auxiliary/scanner/telnet/telnet_login.rb
	modules/auxiliary/scanner/vnc/vnc_login.rb
	modules/auxiliary/scanner/winrm/winrm_login.rb
	spec/lib/metasploit/framework/credential_spec.rb
	spec/lib/msf/core/framework_spec.rb
2014-08-19 10:30:16 -05:00
sinn3r 7330e3585f Support Glassfish 4.0 and lots of other changes 2014-08-18 19:03:26 -05:00
James Lee f169b8dff3
Fix hashes being stored as passwords 2014-08-18 15:52:13 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
jvazquez-r7 93990f4578
Land #3631, @wchen-r7's fixes to avoid datastore options assignment at runtime 2014-08-12 14:46:02 -05:00
jvazquez-r7 b46b6af50d
Land #3630, @wchen-r7's fix for datastore assignments on smb_enumusers 2014-08-12 14:26:55 -05:00
jvazquez-r7 33da1a6871 Give a chance to the mixin 2014-08-12 13:49:39 -05:00
David Maloney fcfce9efec
Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry 2014-08-12 11:22:51 -05:00
cx c937e80521 Added Fixes#2 mentioned by Firefart
Details:
* MSF's HTTP::Wordpress class included and wordpress related
variables are used.
2014-08-12 15:16:43 +03:00
sinn3r 4aeb1eda9c Don't use datastore options as default values 2014-08-11 18:55:32 -05:00
cx c90434c926 Added Fixes mentioned by Firefart
Details:
* string interpolation removed
* Minor styling issues are fixed
  * peer var used
* target_uri added instead of datastore
2014-08-11 14:37:39 +03:00
Jon Hart a5e9abc227
Update R7-2014-12 NTP modules to use new DRDoS mixin 2014-08-08 23:15:54 -07:00
Jon Hart 00452b41c9
Gut admin functions from R7-2014-12 NTP modules
None of these are admin modules.  All of that stuff should eventually go
in auxiliary/admin
2014-08-08 21:22:11 -07:00
Jon Hart ed3ccdc9e0
Initial commit of modules for NTP vulns described in R7-2014-12
Not entirely functional or polished, but mostly working
2014-08-08 21:00:43 -07:00
Jon Hart 3307726c21
Land #3627, @wchen-r7's cleanup of ctypes in smb_enumshares 2014-08-08 19:17:15 -07:00
Jon Hart c35dc4d3ac Extract query params separately
Prevents stomping on data
2014-08-08 18:07:25 -07:00
sinn3r 969e5ddd39 Override the correct smb_direct 2014-08-07 18:48:46 -05:00
sinn3r 3b27102c4c Override the correct smb_direct 2014-08-07 18:47:33 -05:00
sinn3r 436e2abfff Fix datastore options 2014-08-07 17:59:40 -05:00
sinn3r 1963318e70 Fix datastore options 2014-08-07 17:58:25 -05:00
sinn3r ab8f2c7d3f Datastore option fix 2014-08-07 17:57:44 -05:00
sinn3r 6f8c7f092a Fix direct datastore assignments to pass msftidy 2014-08-07 17:51:45 -05:00
sinn3r c79fe731c5 Um, this is the right way to do it. 2014-08-07 13:32:48 -05:00
sinn3r f7bda738cf Fix file handle leak 2014-08-07 13:30:34 -05:00
sinn3r 711630d059 Fix datastore assignments 2014-08-07 13:28:51 -05:00
sinn3r c7090f57a5 Fix "text" ctype in smb_enumshares
"text" is not a valid ctype, should be text/plain
2014-08-07 11:25:55 -05:00
Brandon Turner 91bb0b6e10 Metasploit Framework 4.9.3-2014072301
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
 iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
 mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
 6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
 gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
 783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
 /lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
 BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
 zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
 yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
 W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
 aJ0QgKJz8thZgafZc89I
 =e1z9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
 gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
 qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
 ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
 CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
 olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
 pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
 F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
 tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
 z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
 8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
 AjGcfOzhhcsY+WAQ7OG+
 =Pjob
 -----END PGP SIGNATURE-----

Merge tag '2014072301' into staging/electro-release

Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
sinn3r 9b6259e58b
Land #3569 - Updated smb_enumshares to support spidering 2014-08-05 20:23:09 -05:00
sinn3r f520616730 This fixes a few things, see commit message for more info
This commit fixes the following:

1. Not handling eval_host()'s nil file return value, which can causes
   a NoMethodError at runtime due to various conditions.
2. Renames datastore option VERBOSE to ShowFiles to pass msftidy
3. Avoids overwriting datastore options directly to pass msftidy
2014-08-05 19:20:11 -05:00
Alton Johnson da845c7e89 Changed default VERBOSE option to false. 2014-08-04 18:06:35 -05:00
Jon Hart b81c7e28f4
Land #3588, @tobd-r7's Fix SpaceBeforeModifierKeyword Rubocop warning 2014-08-04 14:25:03 -07:00
HD Moore 3bc8d1fee9 See #RM8838. Handle null domain_sid properly
This switches to the local sid if the domain sid is null, even if
the ACTION is set to DOMAIN. This solves the issue identified in

```
[*] 192.168.0.4 PIPE(LSARPC) LOCAL(NAS - 5-21-2272853860-1115691317-1341221697) DOMAIN(WORKGROUP - )
[-] 192.168.0.4 No domain SID identified, falling back to the local SID...
[*] 192.168.0.4 USER=guest RID=501
[*] 192.168.0.4 GROUP=None RID=513
```
2014-08-02 14:25:17 -05:00
David Maloney ab7111120b
and all the rest
finally!
2014-08-01 14:54:18 -05:00
David Maloney 4821851ae4
telnet and ssh next 2014-08-01 14:47:08 -05:00
David Maloney 12902b0a6d
the refactor continues! 2014-08-01 14:41:03 -05:00
David Maloney b74813b9a1
mysql and pop3 now 2014-08-01 14:30:33 -05:00
David Maloney 2e7738c788
http and mssql now 2014-08-01 14:22:58 -05:00
David Maloney 33f73a8af7
refactor db2 2014-08-01 13:00:27 -05:00
David Maloney 439b893fea
refactor axislogin 2014-08-01 12:30:16 -05:00
David Maloney 0fffb179fa
refactor afp_login 2014-08-01 12:10:52 -05:00
David Maloney c3691ba056
finish refactoring ftp_login 2014-08-01 12:06:13 -05:00
David Maloney a380646667
start refactoring ftp loginscanner 2014-08-01 11:47:13 -05:00
jvazquez-r7 1fe459eb42 Add info to know where the info comes from 2014-07-29 18:47:40 -05:00
Tod Beardsley adf03e28ce
Fix SpaceBeforeModifierKeyword Rubocop warning
This also deals with some errant tabs where internal spaces should be,
as well as one syntax error which was preventing an old meterpreter
script from ever working correctly.

Some day, we need to get rid of those Meterpeter scripts. Srsly.
2014-07-29 17:10:54 -05:00
Christopher Truncer 7129108c58 Fixed status in MSF db for Nessus 2014-07-28 13:49:24 -04:00
cx 7247f8879b Empty line fix
Details:
* Empty line fix added to each_user_pass function
2014-07-28 12:50:41 +03:00
cx 5679a72aa8 Added Fixes mentioned by jhart-r7
Details:
* res && res.body fix
  * empty return removed
* vprint added/changed
* is_? convention fixed
* Unknown error removed
* Minor styling issues are fixed
* VERBOSE Option Removed
2014-07-27 00:40:37 +03:00
Alton Johnson 555e6c9cff Modified a few things based on suggestions. 2014-07-25 18:23:12 -05:00
Alton Johnson 58502f139a Updated. 2014-07-25 15:46:50 -05:00
cx cdabfb84f4 Add Wordpress XML-RPC Login Scanner
This module attempts to authenticate against a Wordpress-site (via
  XMLRPC) using username and password combinations indicated by the
  USER_FILE, PASS_FILE, and USERPASS_FILE options.

  The module, checks for XMLRPC response using `demo.sayHello` function
  and sweeps users with `wp.getUsers` function.

  If `verbose` is set `true`, the raw XML response will be printed.

  The module might be usefull when the target's administration page
  is protected.
2014-07-25 16:24:09 +03:00
Alton Johnson d0cd5cfc7a Updated. 2014-07-24 21:53:23 -05:00
Alton Johnson cdc56df09f Updated smb_enumshares.rb 2014-07-24 21:18:02 -05:00
Alton Johnson 51c488a5ea Added smb_enumshares. 2014-07-24 21:11:18 -05:00
ikkini 03f68e21e7 Merge branch 'rsync_modules' of https://github.com/ikkini/metasploit-framework into rsync_modules 2014-07-24 23:29:14 +02:00
ikkini ccb26637e7 List all (listable) modules from a rsync daemon 2014-07-24 23:26:41 +02:00
Jon Hart bd1970ced9 Fix basic HTTP directory traversal detection 2014-07-24 13:22:58 -07:00
ikkini 6692545eb6 Delete rsync_list.rb 2014-07-24 22:10:08 +02:00
ikkini f12b97e8c0 List all (listable) modules from a rsync daemon 2014-07-24 22:04:00 +02:00
David Maloney e54f5e8ee7
working snmp_login module 2014-07-22 12:44:21 -05:00
David Maloney c553fcac73
start refacotirng snmp_login 2014-07-22 11:46:22 -05:00
jvazquez-r7 fe0b6fa79e
Land #3532, @luisco's joomla login bruteforcer 2014-07-21 12:56:15 -05:00
jvazquez-r7 aefaa3dd96 Make rubocop more happy 2014-07-21 12:55:45 -05:00
jvazquez-r7 478e43170a Report credentials to database 2014-07-21 12:26:13 -05:00
jvazquez-r7 63fca1bfdd Make some datastore options required 2014-07-21 12:10:52 -05:00
jvazquez-r7 436ac706e8 Rescue Rex::ConnectionError while finding the uri 2014-07-21 12:00:24 -05:00
jvazquez-r7 30de4cdf8d Fix get_login_hidden 2014-07-21 11:57:37 -05:00
jvazquez-r7 ff3a21b520 Refactor do_web_login 2014-07-21 11:35:19 -05:00
jvazquez-r7 22f41e4435 Use vars_post 2014-07-21 11:07:00 -05:00
jvazquez-r7 92fd3bc72b Deleting REQUEST_TYPE option because I don't think has sense here 2014-07-21 10:53:43 -05:00
jvazquez-r7 986b8e5d02 First style issues cleanup 2014-07-21 09:49:05 -05:00
HD Moore 5ba96d6054 Fix peer(rhost)->peer() usage in mediawiki_svg_fileaccess 2014-07-19 15:56:41 -05:00
root 7a5f3b8991 Implementing Ruby Style Guide and replace send_request_raw send_request_cgi 2014-07-18 14:31:38 -05:00
root 1f02891dc7 Change name of module and implementation of the recommended changes 2 2014-07-18 00:17:35 -05:00
root 0168a99eaa Change name of module and implementation of the recommended changes 2014-07-17 23:49:25 -05:00
root f2eabdba94 implementation of the recommended changes 2014-07-17 23:36:37 -05:00
jvazquez-r7 ad2e7c3713 print header only if there are results... 2014-07-17 18:02:24 -05:00
midnitesnake 36f6bcca15 Applied Jon Hart's recommendations 2014-07-17 20:29:26 +01:00
jvazquez-r7 7e6e154a39 Fix null pointer dereference 2014-07-17 08:51:12 -05:00
Trevor Rosen bebf11c969
Resolves some Login::Status migration issues
MSP-10730
2014-07-16 21:52:08 -05:00
root ceff18de9d Add modifiable UserAgent and translations to English 2014-07-16 20:44:20 -05:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
David Maloney 52a29856b3
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-16 09:38:44 -05:00
David Maloney 674447c891
final cleanup steps 2014-07-15 15:31:51 -05:00
David Maloney 7ac6640cfd
Merge branch 'staging/electro-release' into feature/MSP-10711/login-status
Conflicts:
	Gemfile
	Gemfile.lock
	modules/auxiliary/scanner/smb/smb_login.rb
2014-07-15 15:12:33 -05:00
James Lee 51a9a763c0
Move error_name to InvalidPacket and check for nil
MSP-10713
2014-07-15 15:02:53 -05:00
David Maloney 34635ab968
module login status cleanup
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
root 3becfff41e Add Bruteforce Joomla 2014-07-14 14:07:23 -05:00
dmaloney-r7 7184d2ed5e Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor
Refactor pop3_login
2014-07-14 13:27:11 -05:00
midnitesnake 8814863a00 applied todbs snmp fixs for OSX https://dev.metasploit.com/redmine/issues/7480
added psProcessUsername MIB to snmp_enumusers - to enumerate users on Solaris Systems
2014-07-13 10:27:45 +01:00
James Lee e68dcdbb06
Refactor pop3_login
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.

See http://wiki2.dovecot.org/Authentication/Penalty
2014-07-11 17:26:49 -05:00
William Vu 2fd7bcf8bf
Land #3514, report_note for scraper 2014-07-11 17:17:10 -05:00
nodeofgithub 5d833cbb16 http_header report_note remove to_s 2014-07-11 17:14:45 -05:00
nodeofgithub 7e9eb84531 http_header report_note remove brackets, move rport 2014-07-11 17:14:45 -05:00
nodeofgithub a8ec733a3a Interpolate all the things! 2014-07-11 17:14:09 -05:00
nodeofgithub 4abe856fc1 Rescue http_header notes from getting truncated
Seems that only one header line gets added to host notes, and the rest are thrown away. This adds the counter number to the type string, so that each header line entry is unique and correctly saved. I also added port in case you want headers from several ports on one host without the previous getting overwritten.

(scanning shodanhq.com)
----BEFORE----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: deleted header Expires
[*] 162.159.245.38:80: CF-RAY: 1485d013ca880773-EWR
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 14:50:20 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 7 headers
[*] Scanned 1 of 1 hosts (100% complete)

msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 14:50:19 UTC Note: host=162.159.245.38 type=HTTP header data="SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >

----AFTER----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: CF-RAY: 14869ad5c0970f57-FRA
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 17:08:45 GMT
[*] 162.159.245.38:80: EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 8 headers
[*] Scanned 1 of 1 hosts (100% complete)

msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.0 data="CF-RAY: 14869ad5c0970f57-FRA"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.1 data="CACHE-CONTROL: max-age=15"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.2 data="CONNECTION: keep-alive"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.3 data="CONTENT-TYPE: text/html; charset=UTF-8"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.4 data="DATE: Fri, 11 Jul 2014 17:08:45 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.5 data="EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.6 data="SERVER: cloudflare-nginx"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.7 data="SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >
2014-07-11 17:14:09 -05:00
nodeofgithub 6ef69b4014 scraper report_note, remove eol whitespace 2014-07-11 21:21:56 +02:00
nodeofgithub ad46c37988 scraper report_note, remove unnecessary to_s 2014-07-11 21:08:35 +02:00
nodeofgithub 7a7d149dc5 scraper report_note, change note type string 2014-07-11 21:01:20 +02:00
Tod Beardsley b09fab13f0 Fix one flubbed author address 2014-07-11 13:50:37 -05:00
nodeofgithub 8b302cd472 Add report_note to scraper.rb
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:31:46 +02:00
nodeofgithub b834e7d3cb Update scraper.rb 2014-07-11 20:20:40 +02:00
nodeofgithub da67a63ad0 Add report_note to scraper.rb
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:07:48 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
James Lee 62a2f1dc0a
Credential -> Model for realm key constants 2014-07-10 14:30:25 -05:00
James Lee c5226352de
Un-login-able should be print_status, not good 2014-07-09 17:45:41 -05:00
James Lee 7d9c0da691
Record correct creds with non-success status 2014-07-09 13:26:49 -05:00
James Lee afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
Conflicts:
	lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
Jonathan Claudius 3a100e006e Make retries configurable 2014-07-07 21:05:14 -04:00
Jonathan Claudius 056fc149d5 Move Cisco ASA SSL VPN Esc to Aux 2014-07-07 21:00:43 -04:00
David Maloney aeda74f394
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-07 16:41:23 -05:00
James Lee 2a9ac0a007
Axe SSHKey in favor of a unified SSH 2014-07-07 13:35:17 -05:00
HD Moore 43d65cc93a Merge branch 'master' into feature/recog
Resolves conflicts:
	Gemfile
	data/js/detect/os.js
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
Christian Mehlmauer b15297eee0
Land #3490, @Meatballs1 tns listener verbose output 2014-07-03 16:20:38 +02:00
Rob Fuller c6675a2900 Add verbosity to Jenkins Enum 2014-07-02 13:25:18 -04:00
William Vu 68ba79aa16
Remove access_level, since we don't have access 2014-07-01 17:53:18 -05:00
William Vu 5fa0981026
Add login and move print_status 2014-07-01 17:48:42 -05:00
William Vu 864f0f1bbc
Update description, loot -> creds 2014-07-01 11:46:21 -05:00
William Vu 3079c47d41
Refactor oracle_hashdump creds 2014-07-01 01:07:22 -05:00
jvazquez-r7 bf9c64d3ee
Land #3483, @hmoore-r7's title change for ipmi_cipher_zero 2014-06-30 17:31:12 -05:00
Meatballs cf720a88e8
Be verbose about error codes 2014-06-30 19:10:03 +01:00
Meatballs f8ef6c50b4
Land #3470, Cerberus SFTP User Enumeration 2014-06-30 19:01:15 +01:00
Meatballs 94c5a0b603
More verbose around connection errors 2014-06-30 18:56:30 +01:00
Meatballs 183d601aae
Small tidyup 2014-06-30 18:17:49 +01:00
attackdebris 004afa6e0c Clean commit of Cerberus FTP User Enumeration Module 2014-06-30 17:53:46 +01:00
HD Moore 72d8d8a40c RAKP defines auth, not cipher-0 bypass, see below.
Dan Farmer noted that the RAKP reference in the title was not correct
and that RAKP is a separate issue and protocol implementation than
the use of Cipher Zero to perform an authentication bypass.

Cosmetic only change
2014-06-30 00:52:40 -05:00
HD Moore 4bff68ff2b Use the specified UA, dont duplicate ports 2014-06-30 00:49:21 -05:00
HD Moore 6e8415143c Fix msftidy and tweak a few modules missing timeouts 2014-06-30 00:46:28 -05:00
HD Moore 5e900a9f49 Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse 2014-06-28 16:06:46 -05:00
HD Moore 3868348045 Fix incorrect use of sock.get that leads to indefinite hang 2014-06-28 15:48:58 -05:00
HD Moore 3ae91410f5 Fix incorrect use of sock.get(), remove rundant return values 2014-06-28 15:24:02 -05:00
HD Moore 6d0d8a911d Fix incorrect use of sock.get() that could lead to indefinite hang 2014-06-28 15:22:16 -05:00
HD Moore a9cd9c584a Respect RPORT even if additional ports are specified 2014-06-28 15:21:54 -05:00
HD Moore 43420aa984 Fix incorrect use of sock.get that can lead to an indefinite timeout
console1:
```
msf> use auxiliary/scanner/http/open_proxy
msf auxiliary(open_proxy) > set RHOSTS 192.168.0.4
msf auxiliary(open_proxy) > set RPORT 8888
msf auxiliary(open_proxy) > run
< the connection never times out >
```

console2:
```
$ nc -vlp 8888
Listening on [0.0.0.0] (family 0, port 8888)
Connection from [192.168.0.4] port 8888 [tcp/*] accepted (family 2, sport 43245)
GET http://209.85.148.147/ HTTP/1.1
Host: 209.85.148.147
Connection: close
User-Agent: user_agent
Accept-Encoding: *
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7
Cache-Control: no
Accept-Language: de,en;q=0.7,en-us;q=0.3
```

After the patch, requests timeout after 10 seconds:
```
msf auxiliary(open_proxy) > run
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-06-28 15:18:11 -05:00
HD Moore 3e1ac3fee1 This module was broken due to a hardcoded IP address for google.com 2014-06-28 15:14:29 -05:00
David Maloney 9cec330f05
Merge branch 'master' into staging/electro-release 2014-06-26 10:22:30 -05:00
James Lee 70fd3344fd
Merge branch 'feature/MSP-9713/jtr_crack_fast' into staging/electro-release 2014-06-25 14:15:50 -05:00
James Lee 4e0bcc123d
More useful msg when domain is ignored 2014-06-25 10:01:07 -05:00
James Lee f225ac92ab
Refactor smb_login
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
James Lee 85611702f9 Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor 2014-06-23 23:58:47 -05:00
David Maloney 57cc390681
fix how we save mssql hashes
since the 0x prefix is neccisary, just save the hash that way in the first place
2014-06-23 12:38:36 -05:00
David Maloney c61f59d8a9
make sure to report the realm 2014-06-23 12:08:49 -05:00
David Maloney dadd959c6a
refactor postgres hash cracking
refactored postgres_hashdump to report the creds
it logged in with. added a new jtr module for
dealing with postgres hashes instead of the
crappy old md5 one we had before
2014-06-23 12:02:39 -05:00
jvazquez-r7 469fae7058
Land #3465, @hmoore-r7's module for SMC IPMI Port 49152 file exposure vulnerability 2014-06-20 17:22:28 -05:00
jvazquez-r7 252d917bbb Fix msftidy and favor && over and 2014-06-20 17:21:10 -05:00
David Maloney d80f4d9e67
refactor jtr_mysql_fast and mysql_hashdump
have mysql_hashdump report the cred it logged in with
refactor jtr_mysql to use the new jtr cracker
2014-06-20 15:21:35 -05:00
James Lee 669779defb
SMB cred creation refactor 2014-06-20 15:17:40 -05:00
James Lee 35c0ef0c68
Merge branch 'feature/MSP-9716/mssql_crack' into staging/electro-release 2014-06-20 12:39:07 -05:00
David Maloney 93da4dc561
account for mssql12 format
mssql2012 and later uses a new format. some versions
of john support this and some do not yet
2014-06-19 16:11:14 -05:00
David Maloney 4453dcdc8e
some minor fixes 2014-06-19 15:45:24 -05:00
HD Moore fa5fc724eb Fix the disclosure date 2014-06-19 15:36:17 -05:00
HD Moore f7fd17106a Add the final cari.net URL 2014-06-19 15:33:06 -05:00
James Lee 9421beedb3
Refactor http_login 2014-06-19 14:12:21 -05:00
David Maloney 53352924d2
Merge branch 'staging/electro-release' into feature/MSP-9716/mssql_crack
Conflicts:
	Gemfile
2014-06-19 12:45:53 -05:00
David Maloney bb120fd1e2
report access level on mssql_hashdump
if we know we have admin access on mssql hashdumop
we should report that on the Login object.
2014-06-19 12:20:42 -05:00
David Maloney d3c77b345c
report cracked credentials
also makes mssql_hashdump report the credentials it logged in with
2014-06-19 12:16:49 -05:00
dmaloney-r7 190923e9a7 Merge pull request #79 from rapid7/feature/MSP-9699/axis2-refactor
Refactor axis_login
2014-06-18 11:43:23 -05:00
David Maloney 4c3cc793ba
fix missing .present? 2014-06-18 10:52:27 -05:00
David Maloney 58b016202b
Merge branch 'staging/electro-release' into feature/MSP-9709/ssh-pubkey 2014-06-18 10:50:29 -05:00
David Maloney 2b0bb608b1
Merge branch 'master' into staging/electro-release 2014-06-18 10:49:58 -05:00
James Lee 5f176a56cb
Fix typo 2014-06-17 17:16:46 -05:00
James Lee d114dd1da2
Fix bugs. :fail != :failed 2014-06-17 17:12:50 -05:00
James Lee d6de0da5a7
Refactor axis_login 2014-06-17 17:07:53 -05:00
Christian Mehlmauer 8e1949f3c8
Added newline at EOF 2014-06-17 21:03:18 +02:00
James Lee 6237d56398
Refactor ssh_login_pubkey
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
   where the ssh_socket accessor was not being set because of a
   shadowing local var
 * Fix a bug in the db command dispatcher where an extra column was
   added to the table, causing an unhandled exception when running the
   creds command
 * Add a big, ugly, untested class for imitating
   Metasploit::Framework::CredentialCollection for ssh keys. This class
   continues the current behavoir of silently ignoring files that are a)
   encrypted or b) not private keys.
 * Remove unnecessary proof gathering in the module (it's already
   handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
scriptjunkie 5fe8814af6
Land #3330 adding admin check to smb_login 2014-06-15 14:42:26 -05:00
Samuel Huckins fa8c9bc4f3 Merge pull request #75 from rapid7/feature/MSP-9692/afp_login
MSP-9692 #land
2014-06-13 10:51:26 -05:00
Samuel Huckins f452652f54 Merge pull request #61 from rapid7/feature/MSP-9708/ssh-bruteforce
Functional steps updated and passing, along with specs. Proof being maintained seemed off, but it's not persisted, just used for setting platform.

MSP-9708 #land
2014-06-12 18:37:44 -05:00
Samuel Huckins d215b8e5b2 Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
45 merged, steps passing.

MSP-9712 #land
2014-06-12 16:04:17 -05:00
Samuel Huckins 52d63f51bb Merge pull request #50 from rapid7/feature/MSP-9705/postgres_login
Verily verified.

MSP-9705 #land
2014-06-12 15:49:39 -05:00
David Maloney 539f30e720
refactor afp_login 2014-06-12 14:16:05 -05:00
David Maloney 96e492f572
Merge branch 'master' into staging/electro-release 2014-06-12 14:02:27 -05:00
Samuel Huckins fe33444858 Merge pull request #58 from rapid7/feature/MSP-9693/db2_auth
Errors resolved, cred created

MSP-9693 #land
2014-06-12 12:49:54 -05:00
jvazquez-r7 e85f829ee4 modules living inside scanner should include the Scanner mixin 2014-06-12 12:20:44 -05:00
HD Moore fa4e835804 Fix up scanner mixin usage, actual test/bug fix 2014-06-12 11:52:34 -05:00
Samuel Huckins 430b3d181e Merge pull request #67 from rapid7/feature/MSP-9695/ftp_login
Access level string clarified, specs passing, valid looking cores with proper info

MSP-9695 #land
2014-06-12 11:33:18 -05:00
Samuel Huckins 71a4f1ab33
Clarified RW access level
MSP-9695
2014-06-12 11:32:20 -05:00
jvazquez-r7 67d4097e1d
Land #3271, @claudijd's Cisco ASA SSL VPN Bruteforce Aux Module 2014-06-12 11:27:23 -05:00
HD Moore 487bf219f0 Rename to match the title 2014-06-12 11:23:34 -05:00
jvazquez-r7 7650067b41 Fix metadata 2014-06-12 11:22:52 -05:00
jvazquez-r7 e76c85c5d1 Fix usage of print_* 2014-06-12 11:13:45 -05:00
David Maloney e4ff07dfa8
Merge branch 'staging/electro-release' into feature/MSP-9693/db2_auth 2014-06-12 10:52:06 -05:00
David Maloney 88f8b585a3
Merge branch 'staging/electro-release' into feature/MSP-9705/postgres_login
Conflicts:
	Gemfile
	Gemfile.lock
2014-06-12 10:47:02 -05:00
Samuel Huckins a5d88fd2ab
Space in arg list, because I don't hate feedom. 2014-06-12 10:29:14 -05:00
David Maloney c074ebda7b
refactor telnet_login 2014-06-11 17:46:42 -05:00
dmaloney-r7 85bee6ea12 Update ftp_login.rb 2014-06-11 17:29:23 -05:00
David Maloney 83a2dc250d
make ftp guest attempts optional 2014-06-11 16:37:59 -05:00
James Lee c8e1fab6ec
Merge branch 'staging/electro-release' into feature/MSP-9708/ssh-bruteforce
Conflicts:
	lib/metasploit/framework/credential.rb
2014-06-11 16:28:01 -05:00
James Lee b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
Conflicts:
	lib/metasploit/framework/credential_collection.rb
	spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
David Maloney 1164cf5363
refactor ftp_login
uses new cred goodness
2014-06-11 16:21:55 -05:00
Trevor Rosen 87a9ee9a69 Merge pull request #59 from rapid7/feature/MSP-9697/tomcat_login
Feature/msp 9697/tomcat login

MSP-9697 #land
2014-06-11 15:35:09 -05:00
HD Moore 81019ed850 Supermicro work 2014-06-11 15:03:54 -05:00
Trevor Rosen 6c0d668f0a Merge pull request #55 from rapid7/feature/MSP-9701/msssql_login
Feature/msp 9701/msssql login

MSP-9701 #land
2014-06-11 13:48:59 -05:00
Trevor Rosen e8752f9c56 Point to correct creds version 2014-06-11 13:38:35 -05:00
Trevor Rosen 651871bd7a Resolve upstream conflict 2014-06-11 13:34:45 -05:00
David Maloney 9593422f9c
Merge branch 'master' into staging/electro-release 2014-06-11 10:23:56 -05:00
James Lee fb8c1f4c4b
Refactor ssh_login to use LoginScanner stuffs
Also, Metasploit::Credential::Creation stuffs.
2014-06-10 17:30:06 -05:00
David Maloney c06fd21fb1
refactor tomcat_mgr_login
uses the new Metasploit::Credential magic now
2014-06-10 15:59:00 -05:00
David Maloney 693c4aae66
make sure we capture realms
need to account for the possability of
realms in mssql_login
2014-06-10 14:41:45 -05:00
David Maloney 74d376e387
refactor db2_auth module
you know what it is
2014-06-10 13:43:07 -05:00
Tod Beardsley 44540e6d00
Land #3437, CSS Injection MITM scanner 2014-06-10 13:36:35 -05:00
jvazquez-r7 4aa1fee398 Land #3326, @FireFart's Heartbleed - server response parsing 2014-06-10 13:27:28 -05:00
David Maloney 0c89d6cdce
refactor mssql_login
now uses all the Metasploit::Credential goodness
2014-06-10 11:49:08 -05:00
David Maloney 15ceb1e826
put calls in right place it helps 2014-06-10 11:17:19 -05:00
David Maloney 63ec83ea90
missing public
missing the public in the invalidate_login call
now fixed
2014-06-10 11:12:17 -05:00
David Maloney 6362eac0b0
add invalidate_login call 2014-06-10 11:11:22 -05:00
David Maloney e9d9806408
invalidate_login
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
David Maloney dc590008a7
add invalidate_login call
add the new invalidate login call to make sure
we update the status on failed logins appropriately
2014-06-10 10:58:27 -05:00
Tod Beardsley 521284253f
Be more clear about the vuln and impact 2014-06-10 10:29:23 -05:00
jvazquez-r7 9b55f5143a Add module for CVE-2014-0224 2014-06-09 17:38:11 -05:00
James Lee e629fdb47d
Report the realm, too
derp
2014-06-09 17:06:56 -05:00
David Maloney 32f87b985c
refactor mysql_login
refactor mysql_login to use the new
Metasploit::Credential apradigm
2014-06-09 14:20:58 -05:00
David Maloney 61fd962331
refactor vnc_login
refactor for new credential usage
2014-06-09 13:55:24 -05:00
David Maloney a4e96d8f59
Merge branch 'master' into staging/electro-release 2014-06-09 13:07:22 -05:00
David Maloney f8f5691eee
refactor postgres_login module
postgres_login now uses all the new components
such as Metasploit::Credential and the LoginScanner
class
2014-06-09 12:59:05 -05:00
jvazquez-r7 1f33566033
Land #3432, @Meatballs1 sap_soap_rfc_brute_login's clean up 2014-06-09 11:39:52 -05:00
jvazquez-r7 b39b41e29f
Land #3371, @Meatballs1 fix for sap_mgmt_con_getprocessparameter 2014-06-09 11:25:01 -05:00
David Maloney 482aa2ea08
Merge branch 'master' into staging/electro-release 2014-06-09 10:27:22 -05:00
Christian Mehlmauer 099003708c
Land #3422, SAP Bruterforcer datastore cleanup 2014-06-08 08:42:27 +02:00
Meatballs fe20e6e1c4
Merge remote-tracking branch 'upstream/master' into soap_brute_fix
Conflicts:
	modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
2014-06-07 02:44:16 +01:00
Meatballs 8624ddfc3e
Clean up SAP SOAP RFC Brute Login
Honour the user supplied settings
Abort a host on connection error
Check a 200 response for some appropriate data
Let datastore validation handle things like options being present
Be more verbose if needed
Use the HTTPClient more appropriately
2014-06-07 02:34:49 +01:00
Meatballs b997c2ac1f
Further tidies 2014-06-07 02:00:35 +01:00
dmaloney-r7 ff8e6d2c50 Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
James Lee 2ee408e9db
Refactor winrm_login with Credentials 2014-06-05 14:26:29 -05:00
James Lee 8b6e188ba8
Add support for realm in CredentialCollection
MSP-9988
2014-06-04 17:03:52 -05:00
David Maloney 4960503a59
fix jtr_format
use raw-md5 as that sort of works
2014-06-04 14:10:28 -05:00
David Maloney 30c35907bf
refactor psotgres_hashdump
refactor psotgres_hashdump to now save
hashes as Metasploit::Credential objects
2014-06-04 12:21:49 -05:00
David Maloney d1f7f93e4b
refactor mysql_hashdump
mysql_hashdump now uses Metasploit::Credential to
save hashes.
2014-06-04 11:59:47 -05:00
David Maloney 201e6e9866
Merge branch 'feature/MSP-9750/MSSQL_hashdump' into feature/MSP-9751/mysql_hashdump 2014-06-04 11:58:58 -05:00
David Maloney 28bf29980e
Merge branch 'master' into staging/electro-release 2014-06-04 10:21:08 -05:00
David Maloney d3949b3d6c
refactor mssql_hashdump
refactor mssql_hashdump to use Metasploit:Credential
2014-06-03 15:02:59 -05:00
Meatballs 0e3549ebc4
mc brute tidy 2014-06-03 17:27:46 +01:00
Tod Beardsley b7dc89f569
I prefer "bruteforce" to "brute force" for search
Just makes it easier to search for, since it's an industry term of art.
2014-06-02 13:09:46 -05:00
David Maloney 34004908bb
Merge branch 'master' into staging/electro-release
Conflicts:
	.ruby-version
2014-06-02 11:10:33 -05:00
William Vu 8bd4e8d30a
Land #3406, indeces_enum -> indices_enum 2014-06-02 11:06:33 -05:00
RageLtMan 74400549a1 Resolve undefined method `get_cookies'
Anemone::Page is not a Rex HTTP request/response, and uses the
:cookies method to return an array of cookies.
This resolves the method naming error, though it does break with
Rex naming convention since Anemone still uses a lot non-Rex
methods for working with pages/traffic.
2014-05-30 14:39:51 -04:00
jvazquez-r7 4a1fea7abb
Land #2948, @juushya's PocketPAD login bruteforce module 2014-05-30 11:47:16 -05:00
jvazquez-r7 b0bdfa7680 Clean up code 2014-05-30 11:44:42 -05:00
jvazquez-r7 fb59221189
Land #2494, @juushya's etherpadduo login module 2014-05-30 11:35:28 -05:00
jvazquez-r7 d92a7adc68 change module filename 2014-05-30 11:31:49 -05:00
jvazquez-r7 40a103967e Minor code cleanup 2014-05-30 11:28:37 -05:00
jvazquez-r7 6f330ea190 Add deprecation information 2014-05-29 17:38:01 -05:00
jvazquez-r7 aea0379451 Fix typos 2014-05-29 12:37:51 -05:00
David Maloney 696d2b7e6b
Merge branch 'master' into staging/electro-release 2014-05-29 12:30:32 -05:00
dmaloney-r7 e669324366 Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner
Add axis2 login scanner
2014-05-29 11:22:22 -05:00
William Vu 53ab2aefaa
Land #3386, a few datastore msftidy error fixes 2014-05-29 10:44:37 -05:00
William Vu 8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings 2014-05-29 04:42:49 -05:00
William Vu 785b53820e
Land #3399, print_error instead of print_status 2014-05-28 14:53:00 -05:00
James Lee 05e24326a6
Style compliance 2014-05-28 14:31:34 -05:00
joev c89cd24621 Rewire some snmp modules to use print_error instead of print_status. 2014-05-28 13:31:00 -05:00
jvazquez-r7 55ef5dd484
Land #3115, @silascutler's module for elasticsearch indeces enumeration 2014-05-27 11:28:34 -05:00
jvazquez-r7 2271afc1a5 Change module filename 2014-05-27 11:25:39 -05:00
jvazquez-r7 3de8beb5fd Clean code 2014-05-27 11:22:40 -05:00
Christian Mehlmauer da0a9f66ea
Resolved all msftidy vars_get warnings 2014-05-25 19:29:39 +02:00
Tod Beardsley 1aee0f3305
Warn if it's not UPPERCASE method (@wchen-r7)
See the discussion on f7bfab5a26, PR #3386
2014-05-23 17:10:27 -05:00
Tod Beardsley 9f78bec457
Use normalize_uri (@wchen-r7)
Instead of editing the datastore['PATH'], use normalize_uri.

Since the purpose of this module is quite fuzz-like, I didn't want to
apply the normalize_uri to the whole uri -- the original code merely
applied to datastore['PATH'] (which seems like it should be
datastore['URI'] really) and then added on a bunch of other stuff to
test for traversals.
2014-05-23 15:43:50 -05:00
Tod Beardsley f7bfab5a26
HTTP traversal shouldnt upcase METHOD (@wchen-r7)
If the user wants to use downcased or mixed case HTTP methods, heck,
more power to them. If it doesn't work, it doesn't work. No other HTTP
module makes this call.
2014-05-23 15:32:04 -05:00
Tod Beardsley 7f59cf5035
Ora XID HTTP needn't edit DBUSER (@cellabosm)
Looks like copypasta artifacts. DBUSER and DBPASS aren't ever set as
options in the module, and the module doesn't include MC's
Exploit::ORACLE mixin. It's also from four years ago and doesn't
report_auth or anything useful like that, but that's out of scope for
this branch.
2014-05-23 15:20:46 -05:00
Tod Beardsley f189033e8a
OWA bruteforce shouldnt edit datastore (@wchen-r7)
This module was written in an era where the defaults for bruteforcing
included a lot of lock-inducing behavior, thus, it was quite serious
about setting datastore options directly. Also, there was apparently a
bug in USER_AS_PASS that this module attempted to avoid by setting the
datastore directly, rather than fixing the bug directly. As far as I
know, this bug has been long since resolved.
2014-05-23 15:08:19 -05:00
HD Moore ddc8a4f103 Merge branch 'master' of github.com:rapid7/metasploit-framework into feature/recog 2014-05-19 11:42:30 -05:00
William Vu a30d6b1f2d
Quick cleanup for sap_icm_urlscan 2014-05-19 09:21:26 -05:00
William Vu dc0e649a10
Clean up case statement 2014-05-19 09:21:07 -05:00
William Vu bc64e47698
Land #3370, cleanup for sap_icm_urlscan 2014-05-19 09:16:18 -05:00
Tod Beardsley 0ef2e07012
Minor desc and status updates, cosmetic 2014-05-19 08:59:54 -05:00
Meatballs 6b1e4c3a9d
Show loot and error code 2014-05-19 11:17:58 +01:00
Meatballs 848227e18a
401 should be a valid url 2014-05-19 10:59:38 +01:00
Meatballs 5d96f54410
Be verbose about 307 2014-05-19 10:52:06 +01:00
Meatballs 88b7dc3def
re-add content length 2014-05-19 10:46:47 +01:00
Meatballs e59f104195
Use unless 2014-05-19 10:41:01 +01:00
HD Moore a844b5c30a Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
William Vu a97d9ed54f
Land #3148, check_urlprefixes for sap_icm_urlscan 2014-05-17 16:10:52 -05:00
sappirate dd1a47f31f Modified sap_icm_urlscan to check for authentication of custom URLs
Fixed ruby coding style
2014-05-17 22:47:49 +02:00
Tod Beardsley 3c1363b990
Add new SNMP enumeration modules 2014-05-16 08:32:46 -05:00
Christian Mehlmauer df4b832019
Resolved some more Set-Cookie warnings 2014-05-13 22:56:12 +02:00
Christian Mehlmauer 3f3283ba06
Resolved some msftidy warnings (Set-Cookie) 2014-05-12 21:23:30 +02:00
William Vu 92a9519fd9
Remove EOL spaces 2014-05-09 18:34:12 -05:00
jvazquez-r7 8c55858eae
Land #3309, @arnaudsoullie's changes for modblusclient 2014-05-08 10:45:19 -05:00
jvazquez-r7 25f13eac37 Clean a little response parsing 2014-05-08 10:44:53 -05:00
Arnaud SOULLIE 1f3466a3a3 Added Modbus error handling.
It now checks for error and displays the appropriate error message.
The only error simulated was "ILLEGAL ADDRESS", don't know how
to test for others.
2014-05-05 23:21:54 +02:00
Tom Sellers a47b883083 Remove redundant simple.connect
Remove redundant simple.connect. Thanks @jlee-r7
2014-05-02 12:46:50 -05:00
Tom Sellers b2eeaef475 Add admin check to smb_login
The attached updates changes smb_login to detect if the newly discovered user is an administrator.  It is based on code from Brandon McCann "zeknox" submitted in PR #1373, the associated changes, and the newer PR #2656.
The changes should correct a few issues with PR #1373 and #2656 and address Redmine bug #8773.

Specifically it:

 - Fixes the admin detection code by using simple.disconnect(<share>) instead of disconnect()
 - Adds support for detecting if the remote host will allow connects using any domain name when one of the new status codes is returned
 - Dealt with the issue in PR #2656 where the username was prefixed with a '\'


Verification

Be connected to a database
Run this against a machine with a known user and admin user
See that the admin user is reported correctly
See that the non-admin user is reported correctly
Check the output of creds
Select a target that requires a domain in order to authenticate
In the stored credentials, with CHECK_ADMIN enabled, see that the domain name is, in fact, preserved in the reporting

To validate that the remote domain ignores domain value use the following command from a windows system:

net use \\<hostip>\admin$ /user:<random_value>\<username>   <password>
2014-05-02 06:16:21 -05:00
Christian Mehlmauer f7d8a5e3a3 rework the openssl_heartbleed module 2014-05-01 21:43:58 +02:00
jvazquez-r7 d3045814a2 Add print_status messages 2014-05-01 11:05:55 -05:00
jvazquez-r7 cc2e680724 Refactor 2014-05-01 11:04:29 -05:00
jvazquez-r7 28e9057113 Refactor make_payload 2014-05-01 10:23:33 -05:00
jvazquez-r7 bd124c85cb Use metadata format for actions 2014-05-01 09:52:55 -05:00
William Vu 7777202045
Deconflict #3310 and correct the description 2014-04-30 12:02:57 -05:00
Tod Beardsley a5983b5f57
Light touchup on FP checker 2014-04-29 16:14:41 +01:00
Tod Beardsley 88efeea378
Add a false positive check 2014-04-29 16:07:42 +01:00
Arnaud SOULLIE e386855e0e Add ACTIONS descriptions 2014-04-29 16:55:05 +02:00
Tod Beardsley 4d76128937
Merge upstream and deconflict #3310 whitespace 2014-04-29 15:32:32 +01:00
Arnaud SOULLIE 04f2632972 Implement jvazquez-r7 comments 2014-04-29 16:09:47 +02:00
Tod Beardsley a6edd94c7f
Just fix refs and desc for release 2014-04-28 19:47:15 +01:00
Tod Beardsley a7e110be9e
Add a peer method, elaborate desc and prints 2014-04-28 19:41:44 +01:00
sinn3r 829b9ff4ff
Land #3308 - Fix smb_login using error_reason 2014-04-28 12:33:24 -05:00
Arnaud SOULLIE a0add34a7d Removed warning message and changed default unit number to 1 2014-04-28 15:47:10 +02:00
Pedro Laguna ab913a533e Update oracle_demantra_file_retrieval.rb
Fixed typo
2014-04-28 14:36:48 +01:00
Arnaud SOULLIE a2ccbf9833 Add read/write capabilities to modbusclient 2014-04-28 15:29:55 +02:00
Zinterax fb39e422aa Fix smb_login calling nonexistent method
When a Rex::Proto::SMB::Exceptions::InvalidWordCount exception is thrown by this module, it attempts to call the nonexistent method error_reason and throws a NoMethodError:

Auxiliary failed: NoMethodError undefined method `error_reason' for #<Rex::Proto::SMB::Exceptions::InvalidWordCount:0x007f48fcda0e48>

This changes uses the built in method get_error to return an error code.

[-] x.x.x.x:445 SMB - [1/1] - \\Domain - FAILED LOGIN (xxxxxxxx) xxxx : xxxxx [STATUS_WAIT_0]
2014-04-28 09:28:29 -04:00
Christian Mehlmauer ef815ca992
Land #3288, Postgres support for Heartbleed scanner 2014-04-24 18:03:13 +02:00
William Vu 15bd92dd50
Fix OpenSSH timing attack module 2014-04-23 10:10:37 -05:00
William Vu 0a108acea3
Fix missing comma
Commas will be the death of me.
2014-04-23 10:10:12 -05:00
William Vu 6d7fde4302
Land #3157, OpenSSH user enumeration timing attack 2014-04-23 10:01:10 -05:00
William Vu 1a2899d57b
Fix up whitespace 'n' stuff 2014-04-23 10:00:34 -05:00
Jonathan Claudius d70aa4cdbb Fix MSFTidy complaints 2014-04-22 22:07:25 -04:00
Jonathan Claudius b3cabaaa28 Clean up some formatting concerns 2014-04-22 21:58:14 -04:00
Jonathan Claudius f71ad111da Change return values from nil to false 2014-04-22 21:48:16 -04:00
Jonathan Claudius 3d793fc6f1 Add default VPN group fall back 2014-04-22 21:45:04 -04:00
Jonathan Claudius 4d9ece2f9a Add hyphens and digits to group regex 2014-04-22 21:34:08 -04:00
kenkeiras 96f042110f return is not needed when it's the last lifunction line 2014-04-22 22:33:47 +02:00
kenkeiras c9d8da991a Use Rex.sleep instead of select 2014-04-22 22:33:19 +02:00
kenkeiras d2a558dc85 Removed unused code 2014-04-22 22:33:02 +02:00
Wiesław Kielas 8f6567967d Heartbleed PostgreSQL TLS support improvements 2014-04-22 17:36:06 +02:00
Wiesław Kielas fbe392a896 Add PostgreSQL TLS support to the Heartbleed scanner 2014-04-21 23:27:40 +02:00
Tod Beardsley e514ff3607
Description and print_status fixes for release
@cdoughty-r7, I choose you! Or @wvu-r7.
2014-04-21 14:00:03 -05:00
William Vu 1faf069130
Land #3284, deprecated module cleanup 2014-04-20 23:10:55 -05:00
James Lee ee413ac385
Remove previously deprecated modules 2014-04-20 22:15:44 -05:00
kenkeiras b8e0187647 Use OptPath for file path options 2014-04-18 21:56:17 +02:00
kenkeiras fb0af8a799 Remove unnecesary ssh_socket variable 2014-04-18 21:50:54 +02:00
kenkeiras c875bdadf5 Change THRESHOLD into a datastore option 2014-04-18 21:18:48 +02:00
kenkeiras 8a3329c891 Password made pseudo-random instead of a bunnch of A's 2014-04-18 21:10:34 +02:00
kenkeiras 47ff820a83 Remove unnecesary 'RHOST' deregister 2014-04-18 21:06:46 +02:00
kenkeiras cc2d4f9ed7 Remove unnecesary @good_credentials 2014-04-18 21:03:22 +02:00
jvazquez-r7 c4d4af031c
Land #3276, @todb-r7's "make msftidy happy"'s fix 2014-04-18 09:54:52 -05:00
jvazquez-r7 5083143971
Land #3238, @Zinterax's timeout addition in openssl_heartbleed 2014-04-18 09:28:04 -05:00
Tod Beardsley 2a729c84f6
Fix disclosure date 2014-04-18 09:27:41 -05:00
jvazquez-r7 8a011ec9f6
Land #3197, @0x3fcoma's module for CVE-2013-5795 and CVE-2013-5880 2014-04-18 08:58:54 -05:00
jvazquez-r7 f3299e3ced Do minor code cleanup 2014-04-18 08:58:11 -05:00
jvazquez-r7 2366f77226 Clean timeout handling code 2014-04-18 08:16:28 -05:00
Zinterax e38f4cbfa0 Apply response_timeout to get_once, code cleanup
Add response_timeout to get_once

Change timeout output in establish_connect()

Add disconnect ater timeout output

Made establish_connect timeout check more readable
2014-04-18 07:57:33 -04:00
Zinterax fab091ca88 Fix Action => DUMP
Fix for when Action is set to DUMP. Modifed the check to use action.name.

Console output:

msf auxiliary(openssl_heartbleed) > set action DUMP
action => DUMP
msf auxiliary(openssl_heartbleed) > run

[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Heartbeat data stored in /root/.msf4/loot/20140418070745_default_192.168.1.3_openssl.heartble_135938.bin
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:08:12 -04:00
Zinterax 1cf1616341 Rebase. Add timeout option support
Rebase to account for the KEYS merge.

Modify bleed() to work with timeout option.

Modify establish_connect() to work with timeout option.

Modify loot_and_report() to work with timeout option.

---Test Console Output---

Client Hello Timeout:

msf auxiliary(openssl_heartbleed) > run

[*] 127.0.0.1:443 - Sending Client Hello...
[-] 127.0.0.1:443 - No Client Hello response after 10 seconds...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Patched Apache:

msf auxiliary(openssl_heartbleed) > run

[*] 127.0.0.1:443 - Sending Client Hello...
[*] 127.0.0.1:443 - Sending Heartbeat...
[-] 127.0.0.1:443 - No Heartbeat response...
[-] 127.0.0.1:443 - Looks like there isn't leaked information...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Vulnerable Server:

msf auxiliary(openssl_heartbleed) > run

[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:04:05 -04:00
Zinterax 021ac53911 remove me 2014-04-18 07:03:36 -04:00
Jonathan Claudius 01d843f78f Handle certificate auth nuances 2014-04-17 20:24:19 -04:00
Jonathan Claudius 6daae961cb Add parameterized requests for detection/enumeration 2014-04-17 19:40:27 -04:00
Tod Beardsley 845108acf6
Looks like an autocorrect ran wild on TLS_CALLBACK
Whoops.
2014-04-17 17:47:47 -05:00
Tod Beardsley 2aa2cb17f3
Reimplement a check. 2014-04-17 17:10:54 -05:00
Tod Beardsley d40ab039e4
Clean up whitespace. Protip: use commit hooks 2014-04-17 16:28:07 -05:00
Tod Beardsley c34d548e50
First, undo #3252. Sorry about that.
undo #3252 completely. This means a reimplementation of @dchan's work,
but his intent was simply to implement a check_host() that doesn't
actually pull memory, so that should be pretty straight forward with the
new structure of the module.
2014-04-17 16:25:15 -05:00