fb0af8a799
Remove unnecesary ssh_socket variable
2014-04-18 21:50:54 +02:00
c875bdadf5
Change THRESHOLD into a datastore option
2014-04-18 21:18:48 +02:00
8a3329c891
Password made pseudo-random instead of a bunnch of A's
2014-04-18 21:10:34 +02:00
47ff820a83
Remove unnecesary 'RHOST' deregister
2014-04-18 21:06:46 +02:00
cc2d4f9ed7
Remove unnecesary @good_credentials
2014-04-18 21:03:22 +02:00
7d801e3acc
Land #3200 , goodbye LORCON modules :(
2014-04-18 12:32:22 -05:00
c4d4af031c
Land #3276 , @todb-r7's "make msftidy happy"'s fix
2014-04-18 09:54:52 -05:00
5083143971
Land #3238 , @Zinterax's timeout addition in openssl_heartbleed
2014-04-18 09:28:04 -05:00
2a729c84f6
Fix disclosure date
2014-04-18 09:27:41 -05:00
8a011ec9f6
Land #3197 , @0x3fcoma's module for CVE-2013-5795 and CVE-2013-5880
2014-04-18 08:58:54 -05:00
f3299e3ced
Do minor code cleanup
2014-04-18 08:58:11 -05:00
2366f77226
Clean timeout handling code
2014-04-18 08:16:28 -05:00
e38f4cbfa0
Apply response_timeout to get_once, code cleanup
...
Add response_timeout to get_once
Change timeout output in establish_connect()
Add disconnect ater timeout output
Made establish_connect timeout check more readable
2014-04-18 07:57:33 -04:00
fab091ca88
Fix Action => DUMP
...
Fix for when Action is set to DUMP. Modifed the check to use action.name.
Console output:
msf auxiliary(openssl_heartbleed) > set action DUMP
action => DUMP
msf auxiliary(openssl_heartbleed) > run
[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Heartbeat data stored in /root/.msf4/loot/20140418070745_default_192.168.1.3_openssl.heartble_135938.bin
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:08:12 -04:00
1cf1616341
Rebase. Add timeout option support
...
Rebase to account for the KEYS merge.
Modify bleed() to work with timeout option.
Modify establish_connect() to work with timeout option.
Modify loot_and_report() to work with timeout option.
---Test Console Output---
Client Hello Timeout:
msf auxiliary(openssl_heartbleed) > run
[*] 127.0.0.1:443 - Sending Client Hello...
[-] 127.0.0.1:443 - No Client Hello response after 10 seconds...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Patched Apache:
msf auxiliary(openssl_heartbleed) > run
[*] 127.0.0.1:443 - Sending Client Hello...
[*] 127.0.0.1:443 - Sending Heartbeat...
[-] 127.0.0.1:443 - No Heartbeat response...
[-] 127.0.0.1:443 - Looks like there isn't leaked information...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Vulnerable Server:
msf auxiliary(openssl_heartbleed) > run
[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:04:05 -04:00
021ac53911
remove me
2014-04-18 07:03:36 -04:00
01d843f78f
Handle certificate auth nuances
2014-04-17 20:24:19 -04:00
6daae961cb
Add parameterized requests for detection/enumeration
2014-04-17 19:40:27 -04:00
845108acf6
Looks like an autocorrect ran wild on TLS_CALLBACK
...
Whoops.
2014-04-17 17:47:47 -05:00
2aa2cb17f3
Reimplement a check.
2014-04-17 17:10:54 -05:00
d40ab039e4
Clean up whitespace. Protip: use commit hooks
2014-04-17 16:28:07 -05:00
c34d548e50
First, undo #3252 . Sorry about that.
...
undo #3252 completely. This means a reimplementation of @dchan's work,
but his intent was simply to implement a check_host() that doesn't
actually pull memory, so that should be pretty straight forward with the
new structure of the module.
2014-04-17 16:25:15 -05:00
e3daf6daf7
Singular 'TLS_CALLBACK' option
2014-04-17 15:51:37 -05:00
6c832e22d6
rename scan to loot_and_report
2014-04-17 15:47:57 -05:00
c12eae66b3
Error and return if public key wasn't retrieved.
2014-04-17 15:44:40 -05:00
578002e016
KEYS action gets it's own function
2014-04-17 15:39:05 -05:00
5b0b5d9476
Land #3252 , check() functionality for Heartbleed
2014-04-17 15:34:35 -05:00
a2d6c58374
Changing << to + per @jlee-r7
2014-04-17 15:34:13 -05:00
9f30976b83
Heartbleed RSA Keydump
...
Flattened, merge conflicts resolved, etc.
2014-04-17 14:30:47 -05:00
7ddd93cf5d
Add redirect support to #is_app_ssl_vpn?
2014-04-17 12:06:29 -04:00
0c5fb8c0c2
Fix bug in group enumeration regex
2014-04-17 10:31:05 -04:00
71a650fe6e
Land #3259 , XMPP Hostname autodetect by @TomSellers
2014-04-17 08:54:15 +02:00
1f452aab48
Code cleanup
...
Changes requested by wvu-R7
2014-04-17 12:46:25 -05:00
9e2285619e
Additional cleanup
...
Whitespace cleanup
2014-04-17 10:46:33 -05:00
f53e7f84b8
Adds Cisco SSL VPN Bruteforce Aux Mod
2014-04-16 22:47:58 -04:00
ee0d30a1f3
Whitespace fix
...
Removing extra line feeds
2014-04-16 17:27:39 -05:00
92eab6c54b
Attribution addition
...
Per comment from Firefart
2014-04-16 17:26:09 -05:00
1f3ec46b8a
Heartbleed - Add autodetection of XMPP hostname (round 2)
...
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.
This version addresses issues that FireFart (Thanks!) brought up about code quality and connection reliability.
2014-04-16 08:49:45 -05:00
7a4e12976c
First little bit at Bug 8498
...
[FixRM #8489 ] rhost/rport modification
2014-04-15 18:20:16 -05:00
d7513b0eb2
Handle nil properly when no results are found
2014-04-15 18:19:29 -05:00
9db01770ec
Add custom rhost/rport, remove editorializing desc
...
Verification:
````
resource (./a.rc)> run
[*] Connecting to FTP server ....
[*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server)
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla@example.com...
[*] FTP send: "USER anonymous\r\n"
[*] FTP recv: "331 Anonymous login ok, send your complete email address
as your password\r\n"
````
...etc.
2014-04-14 21:46:05 -05:00
40a359f312
Include a vhost for Shodan or else it complains
...
Works now. The rhost option was not keeping the custom vhost option.
````
msf auxiliary(shodan_search) > rexploit
[*] Reloading module...
[*] Total: 13443 on 269 pages. Showing: 1
[*] Country Statistics:
[*] United States (US): 2006
[*] Germany (DE): 1787
[*] Korea, Republic of (KR): 1061
[*] Italy (IT): 916
[*] Hungary (HU): 604
[*] Collecting data, please WaitUntilAuthEmptyt...
IP Results
==========
````
2014-04-14 21:23:27 -05:00
1436f68955
Fix shodan to not muck with datastore
2014-04-14 21:21:11 -05:00
9035d1523d
Update wol.rb to specify rhost/rport directly
...
- [ ] Fire up tcpdump on the listening interface
- [ ] Run the module and see the pcap:
listening on vmnet8, link-type EN10MB (Ethernet), capture size 65535
bytes
20:56:02.592331 IP 192.168.145.1.41547 > 255.255.255.255.9: UDP, length
102
2014-04-14 20:57:20 -05:00
0360d1177f
Heartbleed - Add autodetection of XMPP hostname
...
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.
2014-04-14 20:09:21 -05:00
07ed8d832a
Update db
2014-04-15 02:48:55 +02:00
1a73206034
Add detection for GnuTLS with with multiple records
2014-04-14 17:09:25 -07:00
fecdbd1781
F5 bigip cookie module
2014-04-15 01:11:17 +02:00
176204d62d
With implemented remarks
2014-04-14 21:11:04 +02:00
634a03a852
Update to openssl_heartbleed to deal with SMTP RFC
...
Added CR character in order to have the commands match SMTP RFC 5321 2.3.8 for line termination. Some SMTP services, such as the Symantec Mail Gateway, require strict compliance or the connection will be dropped with the response '550 esmtp: protocol deviation'
Reference:
http://www.symantec.com/business/support/index?page=content&id=TECH96829
http://tools.ietf.org/html/rfc5321#section-2.3.8
2014-04-14 13:27:33 -05:00
c537aebf0f
Land #3228 , JtR colon Seperation
2014-04-14 11:19:16 -05:00
dd7bceee56
fix threaded issues
2014-04-12 17:43:39 +02:00
d493c48cc6
add thottling,notes insert and output to dns_rev_lookup
2014-04-12 16:36:18 +02:00
039946e8d1
Use the first cipher suite sent by the client
...
If encrypted, use the TLS_RSA_WITH_AES_128_CBC_SHA; otherwise, use the
first cipher suite sent by the client. This complements the last commit
and makes this module work with SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
when NEGOTIATE_TLS is not enabled (see
https://gist.github.com/rcvalle/10335282 ).
2014-04-12 05:05:14 -03:00
b95fcb9610
Use the protocol version sent by the client
...
Use the protocol version sent by the client. This should be the latest
version supported by the client, which may also be the only acceptable.
This makes this module work with SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
when NEGOTIATE_TLS is not enabled (see
https://gist.github.com/rcvalle/10335282 ).
2014-04-12 04:21:35 -03:00
6fafc10184
Add HeartBleed check functionality
2014-04-12 00:07:00 -07:00
a63f020a68
Fixing coding style
2014-04-11 19:39:57 +02:00
4acacb005d
Fixed a bug...referring to wrong variable after filtering with regexp
2014-04-11 19:33:23 +02:00
83fe1cec65
Cleaned up Array.join call
2014-04-11 19:24:32 +02:00
55ec969bd9
Renamed FILTER -> DUMPFILTER, more intuitive and coherent
2014-04-11 19:07:57 +02:00
8268009b36
Renamed PATTERN_FILTER -> FILTER
2014-04-11 19:03:25 +02:00
c378fe95c1
Added missing space in comment
2014-04-11 19:01:01 +02:00
f8f710547c
Fixed call to String.match with regexp pattern
2014-04-11 18:59:59 +02:00
638cb41a3f
Remove Spaces at EOL, fixed if test on pattern variable
2014-04-11 18:58:05 +02:00
34fa4e29d9
Restored FTP option
2014-04-11 18:16:19 +02:00
eb0e35bf25
Fixed store on file option
2014-04-11 18:07:14 +02:00
c4029ea582
- Rubbish that was left dangling here around
2014-04-11 17:20:54 +02:00
1808fe470a
fixed conflicts, used OptRegexp for pattern
2014-04-11 17:16:06 +02:00
4315ad2987
Fixed conflict and used OptRegexp type for pattern
2014-04-11 17:15:39 +02:00
813e0eab89
Land #3233 , @wvu-r7's improvements fort heartbleed modules
2014-04-11 09:33:57 -05:00
e2ec53272e
Fix also negative numbers
2014-04-11 09:33:27 -05:00
fb5881d8e2
Land #2324 , @sensepost and @Firefart's sftp support for heartbleed
2014-04-11 08:47:22 -05:00
2134d676b4
Use verbose by default
2014-04-11 07:58:56 -05:00
56662bd89b
Correct corpwatch_lookup_name datastore usage
...
[SeeRM #8498 ]
2014-04-10 16:56:55 -05:00
06dedeec8f
Update corpwatch_lookup_id to run correctly
...
[SeeRM #8498 ]
2014-04-10 16:52:34 -05:00
6675464c20
Fix a few things in the Heartbleed modules
2014-04-10 16:06:40 -05:00
9adf629ee7
Added feature to dump to file leaked memory
2014-04-10 22:51:07 +02:00
f115a7f6e1
Fix intendation
2014-04-10 02:52:05 +02:00
f1443c039e
Updated hash value to SSLv3
...
Tested and working on server that has SSLv3 only enabled
2014-04-11 14:01:28 -07:00
6ab3478c7e
Update to include SSL Version 3 protocol
...
SSL Version 3 will also respond to this and a server configured to respond to SSL version 3 but not TLS will show false negative without this option (proven). May need to update cipher suites to include this option.
2014-04-11 12:41:17 -07:00
f54654a326
More refactor on jtr_linux
...
Reducing complexity in `run` makes modules easier to read
2014-04-09 19:26:34 -05:00
7f900c2628
Micro optimizations for jtr_linux
2014-04-09 19:26:23 -05:00
46038d58b7
Refactor jtr_linux copy pasta
...
Move it to a nifty method
2014-04-09 19:26:11 -05:00
4fc272c0e9
Fix merge error
2014-04-10 00:53:14 +02:00
f398924280
Land @Firefart's new fix for the jabber case
2014-04-09 17:52:53 -05:00
98816c3a01
Added @sensepost FTP implemenation
2014-04-10 00:48:09 +02:00
ccfcf2cedb
Added FTP STARTTLS support to heartbleed scanner.
2014-04-10 00:45:59 +02:00
c0e682b518
Land #3225 , @wvu-r7's and @hmoore-r7's improvements for openssl_heartbeat_client_memory
2014-04-09 17:39:04 -05:00
ccdc5bd281
Switch to get since @wvu-r7 also tested successfully with get
2014-04-09 17:30:00 -05:00
b905aece38
Fix job not backgrounding
2014-04-09 17:03:57 -05:00
ed247498b6
Make TLS negotiation optional
2014-04-09 17:03:38 -05:00
2de210f1c3
Land #3216 - Update @Meatballs1 and @FireFart in authors.rb
2014-04-09 16:38:10 -05:00
f56f34fb69
Land #3212 , @hmoore-r7's client-side Heartbleed
2014-04-09 15:42:36 -05:00
a86a8fed05
Changed heartbleed jabber implementation to match openssl s_client
...
see here for example implementation:
https://github.com/openssl/openssl/blob/master/apps/s_client.c#L1719
2014-04-09 22:20:32 +02:00
2f9a400efa
vprint_status the other message message
2014-04-09 15:11:02 -05:00
84ce72367b
Make the output less verbose
2014-04-09 14:57:51 -05:00
856ad7e83d
heartbleed - Better output on wrong jabber domain and add. nil? check
2014-04-09 21:53:17 +02:00
7a424784f8
Change default TLS Version to 1.0
...
Canonical testing shows this to be more widely supported, and yielding far more vulnerable hosts. Changing default to reflect that.
Experience of others in #metasploit seems similar.
2014-04-09 13:45:00 -05:00
fec089d88d
Land #3219 , openssl_heartbleed XMPP fix from @natronkeltner
2014-04-09 20:42:55 +02:00
e2b50d3709
fix openssl_heardbleed
...
-) XMPP Domain now configurable
-) Missing get_once to initiate the TLS connection
2014-04-09 20:39:33 +02:00
5696e52fac
Fix jabber to field
2014-04-09 13:48:45 -05:00
28a471e446
Land #3221 , @Firefart's fix for pop3 starttls
2014-04-09 13:31:45 -05:00
bea810b5d6
Add jabber fix from @natronkeltner
2014-04-09 13:11:45 -05:00
157fb5a905
Make title more searchable
2014-04-09 12:08:35 -05:00
58f4a1c085
Usee loop do instead or while true
2014-04-09 11:48:45 -05:00
76a9381b2a
Make the title of the Heartbleed module searchable
...
Right now, the title does not actually tie the Heartbeat check to the
Heartbleed attack, so people searching strictly on module title are not
going to get a hit for this module.
2014-04-09 11:03:01 -05:00
bc36b9ebd6
Delete server side PoCs as referecences because don\'t apply here
2014-04-09 10:58:59 -05:00
fd90203120
Change some variable names to make code reading easier
2014-04-09 10:56:50 -05:00
899a7c9ea4
heartbleed bugfix for pop3
2014-04-09 17:51:44 +02:00
062175128b
Update @Meatballs and @FireFart in authors.rb
2014-04-09 10:46:10 -05:00
3849d1517f
Restore author credit
2014-04-09 09:42:39 -05:00
e154d175e8
Add @hmoore-r7's heartbeat client side module
2014-04-09 09:38:11 -05:00
8d38087a10
Fix case / when indention
2014-04-09 09:12:55 -05:00
0e0fd20f88
Added RFC link
2014-04-09 15:19:29 +02:00
a0a5b9faa1
Fix heartbleed module
...
-) incorrect length read
-) Parse TLS errors
2014-04-09 15:08:24 +02:00
a93e22b5c0
Land #3209 , @Firefart's heartbleed's module fix
2014-04-09 06:38:06 -05:00
4e7c675f3c
Fix typo, extraquote in message
2014-04-09 10:22:15 +02:00
cdfe333572
updated heartbleed module
...
-) Heartbeat length was added twice
-) Use the current date for the TLS client_hello
2014-04-09 09:19:05 +02:00
dd69a9e5dd
Land #3206 , OpenSSL Heartbleed infoleak
2014-04-08 20:12:00 -05:00
5e314f2a7c
Fix outstanding issues
2014-04-08 20:11:28 -05:00
a4e1d866e1
Favor nil?
2014-04-08 18:21:49 -05:00
153e003e23
Do small fixes
2014-04-08 18:21:09 -05:00
39aecb140a
Use the datastore option
2014-04-08 16:55:08 -05:00
496dd944e6
Add support for datastore TLSVERSION
2014-04-08 16:51:50 -05:00
d51aa34437
Use Random generation Time as pointed by @Firefart
2014-04-08 16:46:15 -05:00
d964243cc4
Move heartbeat length to a variable
2014-04-08 16:33:05 -05:00
3d6c553efd
Fix endianess
2014-04-08 16:29:31 -05:00
373b05c5aa
Minimize extensions in the Hello
2014-04-08 16:21:38 -05:00
3254cce832
Align comment
2014-04-08 16:04:38 -05:00
c20b71e7b6
Switch to vprint unless success
2014-04-08 16:03:38 -05:00
7dbd690c99
Add new references
2014-04-08 16:01:06 -05:00
a55579dd4a
Fix references
2014-04-08 15:56:56 -05:00
4004cd8f9a
Allow hello data to grow dinamically
2014-04-08 15:52:39 -05:00
b8e2c9fe42
Clean and fix @Firefart's code
2014-04-08 15:32:13 -05:00
80bdbbed92
Solve conflict
2014-04-08 15:18:38 -05:00
8c7debb81d
Added some comments and modified JABBER
2014-04-08 22:13:02 +02:00
021da84459
Add authors and switch and's format
2014-04-08 15:10:27 -05:00
9c053a5b91
Added additional protocols
2014-04-08 21:56:05 +02:00
5f29026cb2
Complete @Firefart's module
2014-04-08 14:13:56 -05:00
17ddbccc34
Remove the broken lorcon module set
...
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.
I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.
Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.
````
msf auxiliary(wifun) > show options
Module options (auxiliary/dos/wifi/wifun):
Name Current Setting Required Description
---- --------------- -------- -----------
CHANNEL 11 yes The initial channel
DRIVER autodetect yes The name of the wireless driver
for lorcon
INTERFACE wlan0 yes The name of the wireless
interface
msf auxiliary(wifun) > run
[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
2014-04-07 16:37:10 -05:00
ac0cafcca6
Initial commit for openssl Heartbleed bug
2014-04-07 21:15:54 +02:00
44640b126c
Add Oracle Demantra 2013-5795 (Database Credentials Retrieval)
2014-04-07 11:42:47 -07:00
7b9b20a07e
Corrected Spaces Issues
...
Removed extra spaces on line 23&24
2014-04-07 14:30:52 -04:00
7572d6612e
Spelling and grammar on new release modules
2014-04-07 12:18:13 -05:00
0c883723ba
Land #3149 - Oracle Demantra Arbitrary File Retrieval with auth bypass
2014-04-07 11:11:55 -05:00
31dfae3a01
Follow the 100 columns per line guideline
2014-04-07 11:10:20 -05:00
de242ecc00
Correct date format
...
Hmm weird, msftidy didn't pick this up
2014-04-07 11:09:27 -05:00
5dbd124ef9
Update mybb_get_type_db.rb
2014-04-05 02:53:43 -07:00
c035715a71
Update mybb_get_type_db.rb
...
Changed the name of the variable _Version_server on _version_server according to the recommendation of jvazquez-r7
2014-04-05 02:50:53 -07:00
395f5beef8
Land #3178 , http header scan module
2014-04-04 11:36:35 -04:00
2b6ae68cbf
Minor modifications for http_header
2014-04-04 10:46:03 -04:00
e2cbcf3c5d
Land #3179 , @brandonprry AlienVault sqli aux module
2014-04-04 09:17:11 -05:00
ff6105e55d
Add check codes
2014-04-04 09:13:43 -05:00
44db611845
defaultoptions, not option
2014-04-04 05:55:35 -07:00
6f14cd225d
Do minor clean up
2014-04-03 23:22:44 -05:00
253a1c1f87
Land #3180 , EMC Cloud Tiering Appliance Unauthed XXE with root perms
2014-04-03 22:02:13 +02:00
a57da00932
fix refs line
2014-04-03 14:07:00 -07:00
51f83fccde
add some checks in vase the file wasn't retrievable
2014-04-03 14:04:05 -07:00
03559dedcd
Land #3187 - Changed OptString to OptRegexp
2014-04-03 14:52:59 -05:00
d995d84e91
Changed OptString to OptRegexp
2014-04-03 19:40:07 +02:00
b4aa08251f
changed option from string to regex
2014-04-03 19:34:40 +02:00
e2ded663a6
make more robust
2014-04-03 06:15:09 -07:00
53b8148438
make more random
2014-04-03 05:52:35 -07:00
77b64ee77d
make more random
2014-04-03 05:41:00 -07:00
4bf6481242
Added regex option to validate options
2014-04-02 23:51:33 +02:00
a4adfac312
Added feedback for http_header module
2014-04-02 23:01:23 +02:00
75dc4c459b
msftidy
2014-04-02 13:22:21 -07:00
bb82277a41
msftidy
2014-04-02 13:20:13 -07:00
abc0b31f26
exploithub wat
2014-04-02 13:18:48 -07:00
765657d55a
alienvault module
2014-04-02 13:09:46 -07:00
d3f353118a
edb update
2014-04-02 13:06:54 -07:00
32cd846fe4
emc cta xxe module
2014-04-02 13:05:53 -07:00
69192edd4b
Added new http_header module
2014-04-02 22:04:54 +02:00
149948485a
Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra fixed issues
2014-04-01 12:28:41 -07:00
3788f136d9
Update es_enum.rb
...
Updated based on comments.
2014-04-01 11:43:15 -04:00
b11df0eaf0
Update and rename myBB_GetTypeDB.rb to mybb_get_type_db.rb
2014-03-28 16:47:49 -07:00
c37dbd104a
Clean up perms and whitespace for owa_login
2014-04-02 01:45:15 -05:00
2972220f60
Land #3047 for real.
...
Merge branch 'land-3047-really' into upstream-master
2014-04-01 13:16:13 -05:00
dfec2eb53f
Cleanup an expression and avoid fail_with
2014-03-31 18:05:20 -04:00
07e04717c2
Allow using a single URI and/or a list of URIs
2014-03-31 18:05:20 -04:00
b21d5c1801
use TARGET_URI if given, otherwise TARGET_URIS_FILE
2014-03-31 18:05:20 -04:00
5e9e7e15c8
Return whether result is nil or not.
2014-03-31 18:05:20 -04:00
0ac112b5e7
Support checking a single URI for ntlm information.
2014-03-31 18:05:19 -04:00
6474c7be5c
Land #3166 and also #3167
...
[Closes #3167 ]
2014-03-31 16:21:07 -05:00
3b6d73420e
Fix syntax error in dns_amp
2014-03-31 16:18:49 -05:00
d9df2fbf08
Land #3158 , msftidy rank check for aux modules
2014-03-31 15:17:30 -05:00
159bc264a4
unretards the uri normalize loop
2014-03-31 15:58:21 -04:00
2290249a42
uses fail_with to bomb out on datastore probs
2014-03-31 15:52:05 -04:00
4f121e3e03
fixes if-logic for error condition
2014-03-31 15:38:05 -04:00
894bbcae97
More fix-up on the DNS amplication scanner
2014-03-31 14:37:10 -05:00
4d597174d0
Merge up from upstream/master
2014-03-31 14:33:28 -05:00
387da26f8d
Land #3159 , HP LaserJet printer SNMP enumeration
2014-03-31 12:48:23 -05:00
c6ceb8cdfd
Land #2929 , DNS recursion amplification scanner
2014-03-31 12:47:46 -05:00
aaa15d13d9
Land #2928 , extended SMTP open relay checks
2014-03-31 12:47:10 -05:00
ffdca3bf42
Fixup on some modules for release
...
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
2530fb9741
adds the return back in (forgot in prev commit)
2014-03-28 19:27:04 -04:00
dc4b8461e8
unbreaks & DRYs my previous change.
2014-03-28 19:15:38 -04:00
c559a6b39f
fix description
...
(cherry picked from commit 7c860b9553
2014-03-28 17:36:21 -05:00
ae53d75cdb
Module to HP LaserJet Printer SNMP Enumeration
...
(cherry picked from commit f18fef1864
2014-03-28 17:36:21 -05:00
2344a9368e
Fix warnings generated by #3158
...
Keeping ManualRanking for DoS modules.
2014-03-31 12:35:15 -05:00
3a4f983a6f
Add CVE 2006-5229 reference
2014-03-28 22:35:19 +01:00
9374777da1
Land #2996 , @mcantoni's jboss status aux module
2014-03-28 16:07:08 -05:00
7689751c10
Module module location
2014-03-28 16:05:37 -05:00
e3ec0e7624
Clean up jboss_status module
2014-03-28 16:04:43 -05:00
bca0d603ef
SSH user enumeration script
2014-03-28 16:23:52 +01:00
5458200434
Fix a couple minor annoyances in PJL
2014-03-28 02:19:30 -05:00
c1fdc4d945
Fix a couple things that were bugging me
2014-03-28 02:15:38 -05:00
107901b481
Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra msftidy fix
2014-03-26 22:37:21 -07:00
30da3575e8
Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra
2014-03-26 21:53:12 -07:00
5b8d8d8009
Get Pro and Framework back in sync.
2014-03-26 09:25:19 -05:00
cd448ba46c
Land #3132 , ntp_monlist improvements
2014-03-25 15:19:45 -05:00
1c4797337f
Clean up rapid7/metasploit-framework#3132
2014-03-25 14:04:43 -05:00
d83f665466
Delete commas
2014-03-25 13:34:02 -05:00
e27adf6366
Fix msftidy warnings
2014-03-25 10:39:40 -03:00
473f745c3c
Add katello_satellite_priv_esc.rb
...
This module exploits a missing authorization vulnerability in the
"update_roles" action of "users" controller of Katello and Red Hat
Satellite (Katello 1.5.0-14 and earlier) by changing the specified
account to an administrator account.
2014-03-24 23:44:44 -03:00
0b51e7459c
Update myBB_GetTypeDB.rb
...
I have added detection MyBB forum.
2014-03-24 12:19:51 -07:00
460a1f551c
Fix for R7-2014-05
2014-03-24 14:12:12 -05:00
cd9182c77f
Msftidy warning fix on Joomla module.
...
Pre-commit hooks people.
2014-03-24 12:03:12 -05:00
312f117262
updates file read to close file more quickly
2014-03-21 14:53:15 -04:00
4b2a2d4dea
Improve NTP monlist auxiliary module
2014-03-21 16:39:53 +01:00
fbcd661504
removed snmp_enum_hp_laserjet from this pull request
2014-03-21 15:58:53 +01:00
aa26405c23
Cleanup an expression and avoid fail_with
2014-03-20 17:33:09 -04:00
0c4b71c8bf
Land #3094 - Joomla weblinks-categories Unauth SQLI Arbitrary File Read
2014-03-20 12:08:18 -05:00
93ad818358
Fix header and e-mail format for author
2014-03-20 12:07:50 -05:00
74398c4b6e
Allow using a single URI and/or a list of URIs
2014-03-20 09:54:02 -04:00
a8d919feb0
use TARGET_URI if given, otherwise TARGET_URIS_FILE
2014-03-19 23:32:04 -05:00
9b2cfb6c84
change default targeturi to something more universal
2014-03-19 21:03:50 -05:00
b52a535609
add official url
2014-03-19 20:41:32 -05:00
ab42cb1bff
better error handling for the user
2014-03-19 18:46:57 -05:00
b79920ba8f
Land #3089 , InvalidWordCount fix for smb_login
...
[FixRM #8730 ]
2014-03-19 16:12:56 -05:00
fe0b76e24e
Land #2994 - OWA 2013 support
2014-03-19 13:16:37 -05:00
2ef2f9b47c
use vars_get
2014-03-19 07:51:34 -07:00
920b2da720
Merge branch 'master' into joomla_sqli
2014-03-19 07:43:32 -07:00
d361597104
Update es_enum.rb
2014-03-18 09:20:04 -04:00
ad4c354460
Update es_enum.rb
...
Corrected changes from dev module
2014-03-17 13:38:33 -04:00
975c2adbad
Fixed spaces issues
2014-03-17 13:34:45 -04:00
b032f2c270
Added Elastic Search Enum
2014-03-17 13:31:24 -04:00
8fdb5250d4
changes to smtp relay aux module
2014-03-17 15:09:29 +07:00
da0c37cee2
Land #2684 , Meatballs PSExec refactor
2014-03-14 13:01:20 -05:00
a01dd48640
a bit better error message if injection works but no file
2014-03-13 13:38:43 -07:00
b0688e0fca
clarify LOAD_FILE perms in description
2014-03-13 13:11:27 -07:00
2734b89062
update normalize_uri calls
2014-03-13 06:55:15 -07:00
5aad8f2dc3
Land #3088 , SNMP timestamp elements fix
2014-03-13 02:22:14 -05:00
7540dd83eb
randomize markers
2014-03-12 20:11:55 -05:00
3fedafb530
whoops, extra char
2014-03-12 19:54:58 -05:00
aa00a5d550
check method
2014-03-12 19:47:39 -05:00
9cb1c1a726
whoops, typoed the markers
2014-03-12 10:58:34 -07:00
6636d43dc5
initial module
2014-03-12 10:46:56 -07:00
206660ddde
Recreate the intent of cfebdae from @parzamendi-r7
...
The idea was to rescue on a NoReply instead of just fail, and was part
of a fix in #2656 .
[SeeRM #8730 ]
2014-03-11 14:30:01 -05:00
f7af9780dc
Rescue InvalidWordCount error
...
This is a cherry-pick of commit ea86da2 from PR #2656
2014-03-11 14:17:36 -05:00
kenkeiras
William Vu
jvazquez-r7
Tod Beardsley
Zinterax
Jonathan Claudius
Jeff Jarmoc
Christian Mehlmauer
Tom Sellers
sinn3r
Thanat0s
David Chan
David Maloney
Ramon de C Valle
David Chan
Sebastiano Di Paola
gigstorm
James Lee
singe
HD Moore
julianvilas
coma
silascutler
Karmanovskii
Spencer McIntyre
Brandon Perry
Joshua Smith
Matteo Cantoni
Brandon Turner
Brandon Perry
xistence
sho-luv