765077d741
Create sysaid_admin_acct.rb
2015-06-03 21:38:43 +01:00
818dbf58f0
Adding an OSVDB number to the Netgear module
2015-05-28 14:37:39 -05:00
95b5ff6bea
Minor fixups on recent modules.
...
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301 , @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces
Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in
Edited modules/auxiliary/scanner/http/title.rb first landed in #5333 ,
HTML Title Grabber
Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401 , multi-platform CVE-2015-0311 - Flash uncompress()
UAF
Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290 , Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
04fa626eab
Save credentials as UNTRIED
2015-05-15 14:58:55 -05:00
16c3bf91a1
Do code cleanup
2015-05-15 14:46:34 -05:00
0a4554a204
reporting included, extract device details
2015-04-28 13:01:51 +02:00
ce697ee44c
netgear soap password extractor
2015-04-27 17:56:30 +02:00
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
b2b7da2dc5
Fix spelling of Microsoft in module name
2015-04-10 11:09:16 +01:00
831a59b10b
Fix whitespace
2015-04-08 16:09:28 -05:00
52f1b95222
Add disclosure link
2015-04-08 16:07:33 -05:00
7ed1655976
Adding module for R7-2015-01
...
Disclosure coming soon, will update this module with a pointer to the
correct reference.
2015-04-08 12:34:31 -05:00
e729185804
Land #5051 , @nullbind's new options for mssql_enum_domain_accounts_sqli
2015-04-03 14:44:20 -05:00
fe9fbfd157
Make calculations easier
2015-04-03 14:43:01 -05:00
4bd40fed7f
yard doc and comment corrections for auxiliary
2015-04-03 16:12:23 +05:00
91aeef0a8a
added startrid and endrid
2015-04-01 10:09:13 -05:00
d1318d1b48
Fixups for release
2015-03-31 11:02:12 -05:00
7a0fe05803
Add CVE-ID to module references
2015-03-24 22:30:43 +00:00
7bf00f8f47
Land #4789 , @rastating WPLMS wordpress module
2015-03-24 20:46:38 +01:00
8c3e39acf0
Land #4847 @rastating's module for WordPress WP EasyCart privilege escalation
2015-03-20 18:23:05 -05:00
349d7cb9ee
Do minor cleanup
2015-03-20 18:20:45 -05:00
00dbcc12ca
Removed imp_user var from escalate_privs func
2015-03-15 22:02:12 -07:00
5bebabb005
fixed hardcoded username
2015-03-15 19:45:02 -05:00
3b21de3906
Add WPVDB reference
2015-02-26 13:37:23 +00:00
e2dfdd60c0
Update version range
2015-02-25 19:11:15 +00:00
242d3b8680
Add WP EasyCart privilege escalation module
2015-02-24 21:11:22 +00:00
61bdd58fbe
Fix required flag on options
2015-02-22 16:20:47 +00:00
37a55cce74
Abstracted version comparison code
2015-02-22 16:20:46 +00:00
31cdd757f6
Add WordPress WPLMS privilege escalation module
2015-02-22 16:20:46 +00:00
71c5f622ca
Land #4775 , Kindle Fire TV Stick controller
2015-02-17 12:59:54 -06:00
45b16c92b7
Prefer sleep
...
It's all the same, anyway.
2015-02-17 12:43:14 -06:00
e08206d192
Land #4768 , jvazquez-r7 reorganizes the SMB mixins
2015-02-17 10:36:19 -06:00
b4e2a50a6a
Really fix the bug
...
App is so slow. :(
2015-02-17 06:10:32 -06:00
09239b37aa
Fix touchy YouTube app
...
It likes the previous video stopped before playing a new one.
2015-02-17 06:07:58 -06:00
76e3539434
Add Amazon Fire TV YouTube remote control
2015-02-17 05:44:04 -06:00
b3d301e960
Fix annoying double quotes
...
As much as I love them, the use here is inconsistent.
2015-02-17 05:12:28 -06:00
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
1e8f98c285
Updated description, credit, and URL
2015-02-10 11:25:13 -06:00
1b89242a75
Add module for R7-2015-02
2015-02-10 11:03:46 -06:00
036cb77dd0
Land #4709 , fixed up some datastore mangling
2015-02-05 21:22:38 -06:00
c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM
2015-02-05 12:36:47 -06:00
c22865fb71
Fix nexpose_xxe_file_read datastore
2015-02-05 02:53:00 -06:00
c0e1440572
Land #4685 , @FireFart's module for Wordpress Platform Theme RCE
2015-02-03 17:35:59 -06:00
d0cf316758
Land #4659 , @pedrib's ManageEngine directory listing module
2015-02-01 14:19:46 -06:00
128ca47aa7
Fix banner
2015-02-01 14:19:03 -06:00
361aaa7551
Fix banner
2015-02-01 14:16:09 -06:00
39a25fc549
Update manageengine_file_download.rb
2015-02-01 10:49:48 +00:00
e9b5aa94c3
Add OSVDB id and full disclosure URL
2015-02-01 10:49:11 +00:00
2c956c0a0f
add wordpress platform theme rce
2015-01-31 22:02:44 +01:00
11502bad39
Clean code
2015-01-30 15:26:25 -06:00
1916c92e3a
Clean metadata
2015-01-30 15:21:17 -06:00
c9ac56442d
No modify datastore option
2015-01-30 15:05:46 -06:00
bb640b90ef
Refactor login_it360
2015-01-30 15:02:23 -06:00
d4359c4f1c
Rework login_it360 code
2015-01-30 15:00:34 -06:00
c5db13fba9
Do minor style fixes
2015-01-30 14:13:11 -06:00
89f760c94e
Clean metadata
2015-01-30 14:08:55 -06:00
a806cb401a
Create manageengine_dir_listing.rb
2015-01-28 19:44:48 +00:00
62ac536b7d
Create manageengine_file_download.rb
2015-01-28 19:42:17 +00:00
bedbffa377
Land #3700 , @ringt fix for oracle_login
...
* Avoid retrying logins when connection cannot be stablished
2015-01-09 22:59:32 -06:00
38c36b49fb
Report when nothing is rescued
2015-01-09 22:58:19 -06:00
e7affb9048
Land #4493 , @pedrib's module for ManageEngine Central Desktop create admin
2015-01-04 23:46:31 -06:00
c5e72fb324
Change module filename
2015-01-04 23:14:12 -06:00
4798f2328d
Change module filename
2015-01-04 23:13:17 -06:00
6bb3171328
Do minor cleanup
2015-01-04 23:12:42 -06:00
711b97ecc5
Beautify metadata
2015-01-04 23:08:46 -06:00
32d4bf03c3
Add OSVDB id and full disclosure URL
2015-01-04 12:36:51 +00:00
264d3f9faa
Minor grammar fixes on modules
2014-12-31 11:45:14 -06:00
e81e68bdaf
Create me_dc9_admin.rb
2014-12-31 02:02:52 +00:00
6634fb3583
More consistent print_
2014-12-30 09:38:53 -08:00
f8d432dfc1
Support reading a list of local/remote files for smb admin modules ( #3994 )
2014-12-30 09:21:29 -08:00
6a61afcfad
Update smb upload/download/delete file modules to support RHOSTS
...
via Scanner
2014-12-29 18:02:40 -08:00
555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support)
2014-12-29 16:09:28 -06:00
f2130311fa
Add the MSF blog reference
2014-12-29 16:08:35 -06:00
85ab11cf52
Use print_warning consistently
2014-12-26 09:54:38 -06:00
f31a2e070e
Use print_warning to print the Kerberos error
2014-12-26 09:22:09 -06:00
d148848d31
Support Kerberos error codes
2014-12-24 18:05:48 -06:00
89d0a0de8d
Delete unnecessary connect
2014-12-23 19:35:59 -06:00
265e0a7744
Upper case domain
2014-12-23 19:16:50 -06:00
ed2d0cd07b
Use USER_SID instead of DOMAIN_SID and USER_RID
2014-12-23 19:11:05 -06:00
708cbd7b65
Allow to provide USER SID
2014-12-22 18:24:50 -06:00
56eadc0d55
Delete default values from options
2014-12-22 18:11:43 -06:00
787dab998d
Fix description
2014-12-22 17:51:44 -06:00
a7faf798bf
Use explicit encryption algorithms
2014-12-22 15:51:17 -06:00
f37cf555bb
Use random subkey
2014-12-22 15:39:08 -06:00
b0a178e0a3
Delete blank line
2014-12-22 14:40:32 -06:00
5a6c915123
Clean options
2014-12-22 14:37:37 -06:00
20ab14d7a3
Clean module code
2014-12-22 14:29:02 -06:00
dabc890b2f
Change module filename again
2014-12-22 12:35:15 -06:00
2b46bdd929
Add references and authors
2014-12-22 12:34:31 -06:00
4319dbaaef
Change module filename
2014-12-22 12:29:28 -06:00
60d4525632
Add specs for Msf::Kerberos::Client::Pac
2014-12-21 17:49:36 -06:00
9f1403a63e
Add initial specs for Msf::Kerberos::Client::TgsResponse
2014-12-20 20:29:00 -06:00
b0ac68fbc3
Create build_subkey method
2014-12-19 19:46:57 -06:00
4a106089b9
Move options to build_tgs_request_body
2014-12-19 19:12:17 -06:00
e6781fcbea
Build AuthorizationData from the module
2014-12-19 18:59:39 -06:00
9bd454d288
Build PAC extensions from the module
2014-12-19 18:47:41 -06:00
def1695e80
Use options by call
2014-12-19 18:23:11 -06:00
f332860c19
Clean creation of client and server principal names
2014-12-19 18:16:22 -06:00
bd85723a9d
Build pre auth array out of the mixin
2014-12-19 18:10:14 -06:00
d058bd5259
Refact extraction of kerberos cache credentials
2014-12-19 15:53:24 -06:00
fad08d7fca
Add specs for Rex Kerberos client
2014-12-19 12:14:33 -06:00
f325d2f60e
Add support for cache credentials in the mixin
2014-12-18 16:31:46 -06:00
c15bad44a6
Be clearer on backslash usage.
...
See #4282
2014-12-18 16:16:02 -06:00
9a58617387
Add dummy test module
2014-12-17 19:57:10 -06:00
c683e7bc67
Fix banner
2014-12-12 13:01:51 -06:00
047bc3d752
Make msftidi happy
2014-12-12 12:49:12 -06:00
a1876ce6fc
Land #4282 , @pedrib's module for CVE-2014-5445, NetFlow Analyzer arbitrary download
2014-12-12 12:47:50 -06:00
a0b181b698
Land #4335 , @us3r777 JBoss DeploymentFileRepository aux module
2014-12-12 10:40:03 -06:00
3059cafbcb
Do minor cleanup
2014-12-12 10:37:50 -06:00
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
86ae104580
Land #4325 , consistent mssql module names
2014-12-09 21:52:05 -05:00
87c83cbb1d
Another round of name corrections
2014-12-09 20:16:24 -06:00
bb8dfdb15f
Ensure consistency for mssql modules
2014-12-09 10:28:45 -06:00
4abfb84cfc
Upload WAR through Jboss DeploymentFileRepository
2014-12-08 19:02:51 +01:00
98e416f6ec
Correct OSVDB id
2014-12-07 17:54:31 +00:00
e474ecc9cf
Add OSVDB id
2014-12-07 17:41:35 +00:00
54705eee48
Fix option parsing
2014-12-06 21:50:54 -06:00
4b06334455
Minor title change for mssql_enum_domain_accounts_sqli
...
We don't really do "-" for naming
Kind of stands up on a list
2014-12-05 11:42:08 -06:00
e5bdf225a9
Update netflow_file_download.rb
2014-12-04 21:32:19 +00:00
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
ff30a272f3
Windows paths need 2 backslashes
2014-11-30 18:54:41 -06:00
223bc340e4
Prepend peer
2014-11-30 18:46:15 -06:00
5ad3cc6296
Make FILEPATH mandatory
2014-11-30 18:45:23 -06:00
b1b10cf4e5
Use Rex::ConnectionError
2014-11-30 18:44:25 -06:00
a549cbbef8
Beautify metadata
2014-11-30 18:44:03 -06:00
26d9ef4edd
Explain about Windows back slashes on option
2014-11-30 00:15:44 +00:00
2fb38ec7bb
Create exploit for CVE-2014-5445
2014-11-30 00:12:37 +00:00
5f4760c58e
Print final results in a table
2014-11-25 14:01:29 -06:00
d998d97aaa
Refactor build_user_sid
2014-11-25 13:58:47 -06:00
aad860a310
Make conditional easier
2014-11-25 13:54:08 -06:00
ba57bc55b0
Don't report service
2014-11-25 13:52:22 -06:00
059b0e91da
Don't report service
...
* The mssql could be in a third host, not rhost
2014-11-25 13:50:42 -06:00
b467bda2d6
Reuse local variable
2014-11-25 13:49:24 -06:00
31a84ef6ff
Make ternary operator more readable
2014-11-25 13:44:50 -06:00
be566e5ad3
Use a lower fuzz number by default
2014-11-25 13:42:47 -06:00
cd43f83cd7
Delete unnecessary comments
...
* No need to comment every step, just relevant
comments to undrestad code.
2014-11-25 13:40:57 -06:00
f93dbc6deb
Use the target domain name
2014-11-25 13:36:48 -06:00
7c87603b0e
Add progress information
2014-11-25 13:23:36 -06:00
8e5b37ea6e
Fix reporting
2014-11-25 13:20:31 -06:00
93539ae4c6
Use shorter variable name
2014-11-25 13:04:31 -06:00
271f982f34
Use peer
2014-11-25 13:03:48 -06:00
c549508abb
Use vprint
2014-11-25 13:03:18 -06:00
249fb79a21
Fix print_* calls
2014-11-25 13:02:53 -06:00
87cfd7c321
Dont use disconnect
2014-11-25 13:00:53 -06:00
fb8372f505
Fix metadata
2014-11-25 12:59:11 -06:00
71f35f5cd6
Update from upstream master
2014-11-25 12:46:44 -06:00
4bd579bc1c
added mssql_enum_domain_accounts_sqli
2014-11-25 09:57:20 -06:00
343a0d78bc
Delete admin check
2014-11-24 12:28:19 -06:00
7164c4e038
Use shorter filename
2014-11-24 12:10:08 -06:00
Pedro Ribeiro
Tod Beardsley
jvazquez-r7
m-1-k-3
Christian Mehlmauer
Jon Cave
William Vu
root
nullbind
rastating
Brent Cook
Jon Hart
sinn3r
Spencer McIntyre
us3r777