sinn3r
2a202e9035
Add OSVDB-86563 ManageEngine SecurityManager dir traversal
2012-10-29 12:23:48 -05:00
sinn3r
2c4273e478
Correct some modules with res nil
2012-10-29 04:41:30 -05:00
sinn3r
34731c3e0a
Add OSVDB-86720 - Clansphere dir traversarl
2012-10-29 03:44:22 -05:00
HD Moore
3a42eb3f73
New modules and library for the ADDP protocol
2012-10-28 23:04:18 -05:00
sinn3r
7a1c3e7cf6
Merge branch 'dmaloney-r7-WinRM_piecemeal'
2012-10-27 18:55:24 -05:00
zombieCraig
164321a5ed
Add Domain notes to smb_version
2012-10-26 11:56:14 -04:00
David Maloney
b15c38f819
Fix output to display ip:port
2012-10-25 19:57:29 -05:00
David Maloney
fb7af536d5
wtf, bad metadata
...
Removed extraneous references section
2012-10-25 10:16:12 -05:00
David Maloney
bfbae5fbb7
Merge branch 'upstream-master' into WinRM_piecemeal
...
Conflicts:
lib/msf/core/exploit/winrm.rb
2012-10-24 14:12:28 -05:00
David Maloney
a15c35091d
Add the WinRM login module
2012-10-24 11:25:39 -05:00
sinn3r
77c8548855
Merge branch 'dmaloney-r7-WinRM_piecemeal'
2012-10-23 16:33:16 -05:00
Michael Schierl
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
sinn3r
33ce74fe8c
Merge branch 'msftidy-1' of git://github.com/schierlm/metasploit-framework into schierlm-msftidy-1
2012-10-23 02:10:56 -05:00
David Maloney
2335c582c3
Null response handling
2012-10-23 00:25:31 -05:00
David Maloney
e08cedec2e
Requested revisions/cleanup
...
minor fixes to spacing, some typos, and abse64 switched to Rex
2012-10-22 17:01:00 -05:00
Rob Fuller
7437d9844b
standardizing author info
2012-10-22 17:01:58 -04:00
Michael Schierl
e9f7873afc
Version cleanup
...
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
Rob Fuller
49948faa9b
remove non-functional enum_delicious module
2012-10-22 14:46:52 -04:00
David Maloney
7866b61a7e
Typo fix
2012-10-20 00:31:35 -05:00
David Maloney
56cbe6a67e
Some minor fixups
2012-10-19 15:25:03 -05:00
David Maloney
3a8dd261ae
WinRM mixin and basic discovery module
2012-10-19 15:08:58 -05:00
jvazquez-r7
4ad6fcc30e
osvdb added
2012-10-19 17:04:47 +02:00
Ewerson Guimaraes (Crash)
4d80e37741
NTP Clock Variables Disclosure
2012-10-18 20:03:28 -03:00
sinn3r
0675a6171b
Cosmetic changes
2012-10-17 17:30:16 -05:00
jvazquez-r7
3bd84e255f
minor cleanup
2012-10-17 22:06:47 +02:00
jvazquez-r7
848f0cd899
Merge branch 'module-lantronix_telnet_password' of https://github.com/jgor/metasploit-framework into jgor-module-lantronix_telnet_password
2012-10-17 22:06:25 +02:00
jgor
9af727388f
deleted superfluous code and comments
2012-10-17 14:27:00 -05:00
jvazquez-r7
16e2a2e050
fix title for the apache activemq source disclosure mod
2012-10-17 17:23:56 +02:00
sinn3r
e583847a31
I missed this sucker.
2012-10-15 22:02:26 -05:00
sinn3r
8e668e2808
Check STATUS_ACCESS_DENIED properly
...
When Samba throws STATUS_ACCESS_DENIED, the exception that's
throwin is actually Rex::Proto::SMB::Exception::ErrorCode, not
as LoginError. It was handled correctly in try_user_pass(), but
not in other functions that also use smb_login().
2012-10-15 16:52:34 -05:00
jvazquez-r7
29299b29a5
Added modules for CVE-2012-4933
2012-10-15 16:03:19 +02:00
sinn3r
e00dbfcc0d
You mean.. FILEPATH.
2012-10-14 18:18:11 -05:00
sinn3r
2f04fdd71a
Merge branch 'apache_activemq_traversal' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apache_activemq_traversal
2012-10-14 18:16:41 -05:00
jvazquez-r7
d971abaeb9
deleted extra comma
2012-10-14 22:39:07 +02:00
jvazquez-r7
14bd0373d3
deleted extra space
2012-10-14 22:38:14 +02:00
jvazquez-r7
ac6a4c9283
Added module for CVE-2010-1587
2012-10-14 22:36:02 +02:00
jvazquez-r7
2b644dbc45
added module for Apache ActiveMQ directory traversal
2012-10-14 22:30:38 +02:00
jgor
79da6c7186
added Lantronix telnet password recovery module
2012-10-14 12:46:52 -05:00
HD Moore
286b86949b
Prefix with host:port for readability
2012-10-08 15:23:26 -05:00
jvazquez-r7
6aefa40ec1
fix my english
2012-09-28 00:32:02 +02:00
jvazquez-r7
12177b0ed2
Added module for 2011-1900
2012-09-28 00:29:12 +02:00
sinn3r
f6baf824b6
The USER_FILE path is wrong.
2012-09-27 01:33:11 -05:00
sinn3r
75d40d4d82
Make msftidy happy
2012-09-27 01:33:11 -05:00
Cristiano Maruti
99ec988485
Updated with wordlist path registered options
2012-09-27 01:33:11 -05:00
Cristiano Maruti
75f5e24178
Dell iDrac login aux scanner
2012-09-27 01:33:11 -05:00
James Lee
77a0cf18da
Fix errors when pivoting
...
Printing stack traces is rude.
Also removes Capture which isn't necessary for this module
2012-09-23 22:59:44 -05:00
David Maloney
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
Ramon de C Valle
11f82de098
Update author information
2012-09-19 14:00:51 -03:00
jvazquez-r7
270fa1b87b
updated descriptions for hp sitescope modules tested over linux
2012-09-05 23:25:08 +02:00
sinn3r
bed3c7bbac
Merge branch 'hp_sitescope_loadfilecontent_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_loadfilecontent_fileaccess
2012-09-05 13:59:49 -05:00
sinn3r
598fdb5c50
Merge branch 'hp_sitescope_getsitescopeconfiguration' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_getsitescopeconfiguration
2012-09-05 13:58:39 -05:00
jvazquez-r7
20655232d7
cleanup, tested and added osvdb reference
2012-09-05 20:03:46 +02:00
jvazquez-r7
c6f5b1f072
cleanup, test, osvdb reference
2012-09-05 19:56:04 +02:00
jvazquez-r7
ea2eb046c3
cleanup, final test, osvdb reference
2012-09-05 19:45:50 +02:00
jvazquez-r7
166f68b194
added module for ZDI-12-177
2012-09-05 12:54:30 +02:00
jvazquez-r7
534ab55e5c
Added module for ZDI-12-173
2012-09-05 12:53:03 +02:00
jvazquez-r7
8a50ca2f47
Added module for ZDI-12-176
2012-09-05 12:51:25 +02:00
sinn3r
9d97dc8327
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
sinn3r
53a9a8afce
Awww, typo! Nice catch, @Agarri_FR! :-)
2012-08-31 14:23:51 -05:00
sinn3r
638d9d1095
Fix nil res bug, change action name, etc
2012-08-25 02:41:50 -05:00
Ewerson Guimaraes (Crash)
cad590488d
Update modules/auxiliary/scanner/http/http_traversal.rb
2012-08-24 15:47:07 -03:00
Tod Beardsley
586d937161
Msftidy fix and adding OSVDB
2012-08-15 13:43:50 -05:00
sinn3r
e5666d70e2
Merge branch 'glassfish-uri' of https://github.com/bonsaiviking/metasploit-framework into bonsaiviking-glassfish-uri
2012-08-13 11:53:03 -05:00
HD Moore
f72f334124
Fix an odd issue with search due to use of the builtin Proxies option
2012-08-12 23:22:38 -05:00
RageLtMan
33c74c97e2
Add Opt::Proxies and opthash[:proxies] to ssh mods
2012-08-12 16:23:22 -04:00
RageLtMan
c9690033c7
This commit allows ssh_login to use socks proxies. Net::SSH::Transport::Session could take a :proxy option,
...
but it expects a factory object not a string, when setting :proxy => datastore['Proxies'] user got:
"Auxiliary failed: NoMethodError private method `open' called for \"socks4:localhost:1080\":String."
VALID_OPTIONS in ssh.rb now takes :proxies option which is passed to the Rex socket in
Net::SSH::Transport::Session.new.
Testing: block all outgoing to SSH server, try to connect with a proxy. Try with :proxy option,
then merge this pull request and try again.
2012-08-12 16:01:52 -04:00
Daniel Miller
db4f31de76
Fix use of URI option for glassfish_login
...
auxiliary/scanner/http/glassfish_login offers URI option to set the path
where Glassfish is installed, but it doesn't work. Replaced it with
TARGETURI and call target_uri.path to get a base path.
2012-08-10 15:44:53 -05:00
jvazquez-r7
d04fdc9382
Added aux module for CVE-2009-1730
2012-08-08 16:26:41 +02:00
sinn3r
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
jvazquez-r7
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
sinn3r
99d3ee6fc4
Merge branch 'webpagetest_traversal' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest_traversal
2012-08-06 03:15:16 -05:00
sinn3r
f1e7ef06cc
Add webpagetest dir traversal module
...
How did I forget this while writing the exploit?
2012-08-06 03:11:07 -05:00
Tod Beardsley
d5b165abbb
Msftidy.rb cleanup on recent modules.
...
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
sinn3r
87aae548e6
Final cleanup
2012-07-24 13:11:04 -05:00
Bruno Morisson
dbc779e02d
implemented fixes requested by sinn3r
...
Implemented the fixes, and re-tested the modules
2012-07-24 11:02:49 +01:00
Bruno Morisson
397d708340
Added bulk file retrieval to sap_mgmt_con_getlogfiles, and new module to get SAP process list from remote host
...
* Added option to retrieve all available files from remote SAP host to
sap_mgmt_con_getlogfiles, based on the listing request provided in
sap_mgmt_con_listlogfiles module, if the variable GETALL is set to true.
Kept previous functionality of retrieving just one chosen file.
* Added new module sap_mgmt_con_getprocesslist to remotely list SAP
processes using SAP SOAP interface. Based on the other sap_mgmt_con_*
modules by Chris John Riley.
2012-07-23 16:26:33 +01:00
HD Moore
9bff1c913b
Merge pull request #592 from alexmaloteaux/ipv6arpfix
...
ipv6 and arp_scanner fix
2012-07-18 20:40:27 -07:00
HD Moore
c887e0aaff
Re-add AFP changes due to mangled merge
2012-07-17 00:42:49 -05:00
HD Moore
f62e0b1cca
AFP fixes and JTR typo fix
2012-07-16 21:45:45 -05:00
HD Moore
bc2edeace2
Cleanup AFP module output
2012-07-16 21:02:40 -05:00
jvazquez-r7
2da984d700
Added module for OSVDB 83275
2012-07-12 13:12:31 +02:00
Alexandre Maloteaux
81ba60169f
ipv6 and arp_scanner fix
2012-07-10 18:28:24 +01:00
sinn3r
b817070545
Merge branch 'mac_oui' of https://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-mac_oui
2012-07-09 20:14:25 -05:00
Alexandre Maloteaux
e509c72574
better handle company name
2012-07-10 00:24:30 +01:00
Alexandre Maloteaux
e949b8c2c8
mac_oui
2012-07-09 23:46:57 +01:00
jvazquez-r7
b33220bf90
Added module for CVE-2012-2215
2012-07-09 17:32:55 +02:00
sinn3r
d626de66f7
Print out where the scheme info is stored.
...
This module needs to print out where the scheme is stored so the
user knows where it is, see complaint:
https://community.rapid7.com/message/4448
2012-07-08 18:24:18 -05:00
sinn3r
ecb4e20c92
Instead of deleting the "/", here's a different approach
2012-07-06 01:23:41 -05:00
sinn3r
7876d7fd60
Delete the extra "/"
2012-07-06 01:20:31 -05:00
sinn3r
686f176a99
Correct path
2012-07-06 01:12:47 -05:00
sinn3r
0c18662d46
Make msftidy happy and change the traversal option
2012-07-06 01:10:39 -05:00
sinn3r
3b7e1cd73a
Add Dillion's module for Wangkongbao
2012-07-06 00:54:55 -05:00
sinn3r
68c582873b
Add the MSF license text
2012-06-27 17:11:00 -05:00
jvazquez-r7
d3bc78c53b
applied changes proposed by sinn3r
2012-06-27 23:55:51 +02:00
jvazquez-r7
2c5cc697c9
Added auxiliary module for CVE-2012-2926
2012-06-27 10:21:18 +02:00
HD Moore
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
HD Moore
c28d47dc70
Take into account an integer-normalized datastore
2012-06-24 23:00:02 -05:00
HD Moore
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
sinn3r
05eaac9085
Fix possible param duplicates
2012-06-24 19:05:42 -05:00
James Lee
3e974415d9
Give some verbose feedback if connection failed
2012-06-23 00:58:27 -06:00