1ccfb6cb43
IE UXSS
2015-02-05 03:03:28 -06:00
46210a4963
Fix punctuation
2015-01-26 12:05:54 -06:00
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
c6901caf39
Change module location
2015-01-24 10:14:46 -06:00
e46395f592
Land #4596 , @pdeardorff-r7's memcached extractor
2015-01-22 08:00:19 -08:00
1cdcd3ccfa
Use a more consistent format in Rex table and loot for memcache
2015-01-22 07:59:48 -08:00
0d4d06fb83
Print table for all scans, add preview size option
2015-01-20 11:12:47 -08:00
f1bf607386
Minor Ruby style cleanup
2015-01-20 08:47:47 -08:00
ef89a3d323
Add protocol reference
2015-01-20 08:34:08 -08:00
9c97824d5c
Move MAXKEYS to advanced
2015-01-20 08:28:49 -08:00
9d430eb1d5
Use the simpler 'version' command to get the version
2015-01-20 08:16:22 -08:00
6588f92206
Move rex connection errors to vprint since this is a Scanner
2015-01-20 08:11:09 -08:00
10100df054
report_service
2015-01-20 08:09:35 -08:00
b0bbce1190
Include peer in most prints
2015-01-20 08:00:02 -08:00
84ecde30d1
Land #4586 , mcafee_epo_xxe aux module
2015-01-18 00:50:10 -06:00
57ca285f8a
Fix msftidy warnings
2015-01-18 00:49:52 -06:00
db3185231a
add maxkeys option, dont store loot if localhost and improve streaming
2015-01-17 09:25:32 -08:00
f1bcbb7d78
Merge remote-tracking branch 'live/master' into feature/memcached-module
2015-01-16 09:57:17 -08:00
7ef721bdd6
Might as well format the url all at once.
2015-01-16 09:01:25 -06:00
1929f36050
Update mcafee_epo_xxe.rb
2015-01-15 16:50:14 -06:00
8c3d4c8d07
Spelling tweak.
2015-01-15 15:19:46 -06:00
35c9a13199
Handle the usage of // (same-scheme) URLs.
2015-01-15 15:09:50 -06:00
507050b316
rescue from down memcached server or timeout
2015-01-15 09:51:42 -08:00
0e893cd772
Merge remote-tracking branch 'live/master' into feature/memcached-module
2015-01-15 09:40:21 -08:00
4d2ad8865f
remove debug line
2015-01-15 09:37:51 -08:00
154eb7956c
fix storing of loot and support localhost session
2015-01-15 09:36:15 -08:00
4e4ca15422
Update mcafee_epo_xxe.rb
2015-01-15 11:02:11 -06:00
e53522b64b
Update mcafee_epo_xxe.rb
2015-01-15 10:28:52 -06:00
86d5358299
Update mcafee_epo_xxe.rb
2015-01-15 09:56:02 -06:00
53e1304afb
Update mcafee_epo_xxe.rb
2015-01-14 18:19:27 -06:00
1ed07bac32
Update mcafee_epo_xxe.rb
2015-01-14 11:01:14 -06:00
794bb65817
Create mcafee_epo_xxe.rb
2015-01-14 10:54:58 -06:00
99cf668441
add memcached extractor module
2015-01-12 16:40:06 -08:00
4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module
2015-01-05 10:31:28 -06:00
264d3f9faa
Minor grammar fixes on modules
2014-12-31 11:45:14 -06:00
d10222365b
Add Rafay's blog as a reference
2014-12-29 08:12:19 -06:00
1236684954
Use get_uri instead, note lack of Rex::Text method
...
See rapid7#4461
2014-12-28 15:06:34 -06:00
788e315fd4
Fix msftidy warnings
2014-12-28 14:53:29 -06:00
8d73794cc8
Add hint for exploit on old devices.
2014-12-23 12:29:08 -06:00
e45af903d9
Add patch discovery date.
2014-12-19 12:04:41 -06:00
25313b1712
Use the hash to pass the script.
2014-12-19 02:30:37 -06:00
84ea628284
Add Android cookie theft attack.
2014-12-16 19:12:01 -06:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
0887127264
Fixed several recommended changes by jvazquez-r7 and jlee-r7
2014-11-30 00:53:24 -05:00
9fe4994492
Chris McNab has been working with MITRE to add these CVEs
...
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
57aef9a6f5
Land #4177 , @hmoore-r7's fix for #4169
2014-11-13 18:29:57 -08:00
dd1920edd6
Minor typos and grammar fixes
2014-11-13 14:48:23 -06:00
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
5bf8901822
Fixed several recommended changes by jvazquez-r7, Also Correct a XML parsing issue
2014-11-09 02:43:36 -05:00
e7b448537f
Add OSVDB ids
2014-11-08 11:05:34 +00:00
9d6e0664a4
Guess service name and port
2014-11-07 20:56:01 -06:00
a44640c9fc
Use single quotes
2014-11-07 20:48:04 -06:00
7c1c08fc19
Use single quotes without interpolation
2014-11-07 20:46:47 -06:00
0373156cce
Use unless over if not
2014-11-07 20:42:08 -06:00
f5a920da99
Use || operator
2014-11-07 20:41:44 -06:00
64754a5609
Delete unnecessary begin..end block
2014-11-07 20:38:36 -06:00
0919f74a3d
Delete unused variable
2014-11-07 20:37:57 -06:00
22b875d0f3
Reduce code complexity
2014-11-07 20:37:40 -06:00
b1517e6ace
Delete unnecessary nil comparision
2014-11-07 20:34:13 -06:00
aa1fec7f02
Use fail_with
2014-11-07 20:33:33 -06:00
d630eac272
Reduce code complexity
2014-11-07 20:32:15 -06:00
cea30b5427
Use built-in format for RPORT
2014-11-07 20:30:32 -06:00
e99cc00a57
No more than 100 columns on description
2014-11-07 20:29:38 -06:00
c00a3ac9cd
Add full disclosure URL
2014-11-07 08:06:21 +00:00
8a0249cdbf
Address Juan's points
2014-11-06 21:02:28 +00:00
e71ba1ad4a
Push exploit for CVE-2014-6038/39
2014-11-05 20:12:03 +00:00
ebb8b70472
Land #4015 , another Android < 4.4 UXSS module
2014-11-04 15:52:29 -06:00
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
6f013cdcaf
Missed these
2014-10-31 18:48:48 -05:00
d6a830eb6e
Rescue the correct exception: Rex::HostUnreachable
2014-10-31 16:43:33 -05:00
1e9f9ce425
Handle invalid JSON errors and fix typo.
2014-10-31 11:01:49 -05:00
92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor
2014-10-30 13:52:07 -05:00
470a067384
Final changes
2014-10-30 13:51:44 -05:00
02b1c5c4bc
Final changes
2014-10-30 13:37:02 -05:00
127d1640da
Print password
2014-10-30 13:27:40 -05:00
a6980b9eb8
Updated to module based feedback from wchen-r7
2014-10-30 12:59:11 -04:00
6dc13f90cd
Update descriptions to mention Webview bugginess.
2014-10-30 10:55:56 -05:00
0ad9f95806
Remove stray alert() for debugging.
2014-10-30 10:52:06 -05:00
88040fbce0
Add another Android < 4.4 UXSS exploit.
2014-10-30 10:34:14 -05:00
9d56f0298a
Changed upper XXX to lower XXX.
2014-10-29 20:09:02 -05:00
6c13c14be1
Konica MFP ftp and SMB credential gathering module
2014-10-29 16:12:16 -04:00
b35a8935db
Updated get_once for get_once undefined method and EOFError
2014-10-29 13:47:07 -05:00
2bc8767751
Updated rescue to catch other errors from the socket API
2014-10-29 08:03:28 -05:00
604cad9fbb
Updated timeout to default to 45 seconds to wait for the print job to finish.
2014-10-28 15:45:28 -05:00
b17d6a661d
Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds.
2014-10-28 15:23:47 -05:00
0e42cf25d1
Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri
2014-10-28 15:13:16 -05:00
6b9742b444
Land #3966 - Add exploit for CVE-2014-4872 BMC / Numara Track-It!
2014-10-20 11:23:23 -05:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
6ea3a78b47
Clarify the description on HP perfd module
...
Introduced in #3992
2014-10-14 11:58:52 -05:00
76275a259a
Minor style cleanup of help and a failure message
2014-10-12 18:34:13 -07:00
c3a58cec9e
Make note of other commands to investigate
2014-10-11 13:07:52 -07:00
c80a5b5796
List commands in sorted order
2014-10-11 13:00:30 -07:00
4ffc8b153c
Support running more than one perfd command in a single pass
2014-10-11 11:38:00 -07:00
c72593fae4
Store just banner for service, loot the rest. Also, minor style.
2014-10-11 11:12:49 -07:00
9550c54cd2
Correct indentation and whitespace
2014-10-11 10:39:12 -07:00
7bd0f2c114
Changed Name, array in OptEnum and operator
2014-10-11 09:03:18 -03:00
cbde2e8cd1
Variable cmd now with interpolation
2014-10-10 18:21:16 -03:00
291bfed47e
Using Rex.sleep instead of select
2014-10-10 15:17:40 -03:00
bd315d7655
Changed print_good and OptEnum
2014-10-10 13:54:42 -03:00
08fdb4fab2
Add module to enumerate environment HP via perfd daemon
2014-10-10 13:09:36 -03:00
sinn3r
William Vu
Tod Beardsley
jvazquez-r7
Jon Hart
pdeardorff-r7
Brent Cook
Brandon Perry
Joe Vennix
Christian Mehlmauer
Deral Heiland
HD Moore
Pedro Ribeiro
Peter Arzamendi
URI Assassin
Roberto Soares Espreto