Commit Graph

4741 Commits (4533c86a4f88b3c9da1d05b0057ffde1fb1ba3aa)

Author SHA1 Message Date
Brent Cook 47682e3f37
Land #9404, update module author 2018-01-24 17:12:34 -06:00
Wei Chen ab610f599b
Land #9442, Remove NoMethod Rescue for cerberus_sftp_enumusers
Land #9442
2018-01-24 17:12:25 -06:00
Wei Chen 10fafb62bb
Land #9436 - Fix cerberus_sftp_enumusers undefined method start for nil
Land #9436

Thanks Steve!
2018-01-24 17:12:16 -06:00
William Vu eb8429cbd3
Revert "umlaut"
This reverts commit ffd7073420.
2018-01-12 22:57:22 -06:00
Brendan Coles ffd7073420
umlaut 2018-01-13 15:48:45 +11:00
Wei Chen dd737c3bc8
Land #9317, remove multiple deprecated modules
Land #9317

The following modules are replaced by the following:

auxiliary/scanner/discovery/udp_probe
is replaced by:
auxiliary/scanner/discovery/udp_sweep

exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload
is replaced by:
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload

exploit/windows/misc/regsvr32_applocker_bypass_server
is replaced by:
exploits/multi/script/web_delivery
2018-01-10 15:47:20 -06:00
jgor 51e5fb450f Detect and return on bad VNC negotiations 2018-01-05 10:12:13 -06:00
Aaron Soto 7849155347
Land #9359, Improve DCE/RPC fault handling 2018-01-03 20:42:17 -06:00
Adam Cammack a98de2d9a3
Land #9358, Support password protected key files 2018-01-03 15:12:28 -06:00
bka-dev 086f657c56
Fix early termination of auxiliary/scanner/dcerpc/hidden
This commit fixes an issue, where auxiliary/scanner/dcerpc/hidden terminates directly, once an endpoint can't be reached or access is denied. Instead the next endpoint in list should be checked, instead of terminating directly.
2017-12-31 14:41:33 +01:00
RageLtMan f2a8d68a1f Permit encrypted SSH keys for login scanner
Net::SSH::KeyFactory permits loading keys using a passphrase.
The Framework SSH modules were implemented back when we had a fork
of net-ssh in our tree, and can now use functionality provided by
the upstream gem.
Update the ssh key login scanner to add a KEY_PASS datastore
OptString which is then passed to the KeyCollection class and used
in the updated :read_key method which now calls the KeyFactory to
read data and give us the appropriate String representation of the
key in the KeyCollection's cache.
A bit of cleanup performed as well, removing legacy code paths no
longer hit by the module. Shamelessly added self to authors, fair
amount of blood and sweat in the SSH subsystem over the years, hope
nobody objects.

Testing:
  None yet
2017-12-31 02:53:06 -05:00
Brent Cook 8de760f1f7
Land #9348, Only use basic auth in couchdb_enum when credentials are provided 2017-12-28 21:24:45 -06:00
Brent Cook c2bb144d0f
Land #9302, Implement ARD auth and add remote CVE-2017-13872 (iamroot) module 2017-12-28 14:11:26 -06:00
james fad4ccece9 Only use basic auth in couchdb_enum when credentials are provided 2017-12-27 20:16:01 -06:00
Jon Hart bbed7db13c
Merge branch 'upstream-master' into feature/mqtt-login 2017-12-27 13:08:44 -08:00
Tod Beardsley e6de25d63b
Land #9316 Cambium modules and mixins, tx @juushya
These cover several of the CVEs mentioned in

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/
2017-12-26 12:39:51 -06:00
Tod Beardsley 1bb2bb9d2c Oops, no admin in that path 2017-12-26 12:06:45 -06:00
Tod Beardsley 9af88681a2
Move deprecation out 60 days 2017-12-26 11:56:47 -06:00
juushya 038119d9df Use of get_cookies_parsed, changing dirs, marking deprecated in 2 mods, more 2017-12-23 00:14:27 +05:30
Tod Beardsley 5dfb5d581a
Switch get_cookies to get_cookies_parsed
Am I doing it right? See #9333
2017-12-21 09:00:56 -06:00
Jon Hart 962bc71d10
Merge branch 'feature/mqtt' into feature/mqtt-login 2017-12-20 18:58:36 -08:00
Jon Hart 298cb16b1a
Set default USER/PASS files 2017-12-20 18:44:43 -08:00
Jon Hart b9af835d06
Style 2017-12-20 18:05:00 -08:00
Jon Hart d0b3abc14b
Better handling of MQTT endpoints which don't require authentication
Arguably this is working around LoginScanner's inability to provide
blank usernames AND passwords
2017-12-20 18:02:52 -08:00
Jon Hart 495c649c7d
Better printing 2017-12-20 14:40:42 -08:00
Jon Hart ed5f177fcd
syntax 2017-12-20 14:20:08 -08:00
Jon Hart e66ec85677
Set default u/p 2017-12-20 14:18:33 -08:00
Jeffrey Martin 8cd7185a7f
Land #9313, Add DirectAdmin login_scanner module 2017-12-20 15:23:24 -06:00
Jeffrey Martin 7f8a5d3834
improved credential reporting 2017-12-20 15:09:11 -06:00
Jon Hart 14c779b945
Fix rubocop warning 2017-12-20 12:44:27 -08:00
Jon Hart c817df0bbc
Add module for bruteforcing authentication on MQTT endpoints 2017-12-20 12:30:21 -08:00
Jon Hart 7e91274796
Add module for connecting to/discovering MQTT endpoints 2017-12-20 12:29:50 -08:00
Brent Cook 9fb445fbf0
Land #9300, Add private data type to auxiliary scanner ftp_login and telnet_login 2017-12-20 00:30:43 -06:00
Tod Beardsley 216d00e39f
Use a random fname destination for /etc/passwd 2017-12-19 17:02:16 -06:00
Tod Beardsley e93282b71d
Drop calls to vprint_* 2017-12-19 16:53:02 -06:00
Tod Beardsley 2dc2ac134e
Don't default verbose 2017-12-19 16:48:41 -06:00
Jon Hart a2c5cc0ffb
Remove old deprecated modules 2017-12-19 07:56:16 -08:00
Nick Marcoccio acc6951bf3 fixed typo 2017-12-19 08:35:11 -05:00
Tod Beardsley 85350a9645
Add Rapid7 blog references 2017-12-18 17:11:47 -06:00
Tod Beardsley ae4edd65e1
Hard wrap descriptions 2017-12-18 17:03:13 -06:00
Tod Beardsley 27a324237b
Initial commit for Cambium issues from @juushya
Note, these will trigger a bunch of WARNING msftidy messages for setting
cookies directly. This is on purpose.
2017-12-18 16:32:55 -06:00
Jon Hart a33ed82a40
Land #9214, @realoriginal's update to the Cisco SMI scanner to also fetch Cisco IOS configs 2017-12-18 12:22:26 -08:00
Nick Marcoccio 6d565b6c33 added author information 2017-12-18 09:18:36 -05:00
Nick Marcoccio f447fa1a12 Added DirectAdmin Login Utillity 2017-12-17 22:43:37 -05:00
jgor 0b3a5567a4 Add module for CVE-2017-13872 iamroot remote exploit via ARD (VNC) 2017-12-14 13:59:35 -06:00
nromsdahl 384b250659
Add credential data type
Added credential data type so that successful passwords are stored in the database and accessible via the creds command.
2017-12-14 08:07:59 -06:00
nromsdahl be4939b56a
Add credential data type
Added credential data type so a successful ftp login stores the password in the database to be accessed later by the creds command.
2017-12-14 08:05:57 -06:00
William Vu 3cd287ddd6 Update the MS17-010 scanner to use dcerpc_getarch 2017-12-14 02:08:30 -06:00
Wei Chen deacebc46b
Land #9264, Add private type when storing SSH password
Land #9264
2017-12-13 18:24:31 -06:00
nromsdahl b24f70c7c6
Update ssh_login.rb
Added credential data type so password is stored in creds.
2017-11-30 11:02:06 -06:00
Brendan Coles 283b7c5145 Add WS-Discovery Information Discovery module 2017-11-29 12:21:22 +00:00
attackdebris ae43883e2b Fix mongodb_login typo 2017-11-22 08:03:12 -05:00
Austin 99555dde02
sleep! per feedback 2017-11-21 21:33:29 -05:00
Jon Hart 5484ee840e
Correct port when eating cisco config 2017-11-21 18:09:51 -08:00
Jon Hart bdc822c67d
Improve logging when requesting config 2017-11-21 18:09:02 -08:00
Jon Hart 5a358db260
Clean up shutdown messaging 2017-11-21 17:55:17 -08:00
Jon Hart 93c424c255
Remove unused 2017-11-21 17:54:31 -08:00
Jon Hart b0d8b0a191
Clean up incoming file handling 2017-11-21 17:54:02 -08:00
Austin cfd06ab24a
what was i thinking? 2017-11-20 16:08:48 -05:00
Austin b6e2e2aa45
adjust delay 2017-11-19 09:43:18 -05:00
Austin 1087b8ca16
cleanup 2017-11-18 20:09:29 -05:00
Austin 35567e3e23
Fix - copy system:running-config tftp://ip/file
Copies running config directly to TFTP server, thus removing the need to delete the file :D.
2017-11-18 13:02:12 -05:00
Austin f84f824a71
remove ? 2017-11-17 16:15:18 -05:00
Austin b457c60542
WORK IN PROGRESS - "GET"
Work in progress of GET, and PUT. PUT works fine for grabbing the configuration. GET will be used for service a config to execute commands , or the also WIP action "UPLOAD"
2017-11-17 15:36:27 -05:00
Austin 8b59c4615b
Update cisco_smart_install.rb 2017-11-17 07:09:41 -05:00
Austin feb24efd27
add DOWNLOAD action
Adds DOWNLOAD function, to download config and send to attacker TFTP server.
2017-11-16 12:58:54 -05:00
Austin 4a8d32af85
Update cisco_smart_install.rb 2017-11-16 12:53:27 -05:00
Patrick Webster 2f6da89674 Change author name to nick. 2017-11-09 03:00:24 +11:00
William Vu 972f9c08eb
Land #9135, peer print for jenkins_enum 2017-11-01 15:33:13 -05:00
William Vu 77181bcc9c Prefer peer over rhost/rport 2017-11-01 15:32:32 -05:00
William Vu 0e66ca1dc0
Fix #3444/#4774, get_json_document over JSON.parse
Forgot to update these when I wrote new modules.
2017-11-01 15:05:49 -05:00
lvarela-r7 c36184697c
Merge pull request #9150 from bcook-r7/runtimeerror
Fix several broken raise RuntimeError calls in error paths
2017-10-31 14:47:42 -05:00
Brent Cook f1e6e7eed5
Land #9107, add MinRID to complement MaxRID 2017-10-31 12:18:28 -05:00
Brent Cook aa0ac57238 use implicit RuntimeError 2017-10-31 04:53:14 -05:00
Brent Cook 9389052f61 fix more broken RuntimeError calls 2017-10-31 04:45:19 -05:00
sho-luv 587c9673c6
Added host and port to output
I added the host and port number to reporting when instances are found.
2017-10-27 09:34:49 -07:00
Jon Hart 9658776adf
Land #9079, adding @h00die's gopher scanner 2017-10-20 17:16:08 -07:00
Brent Cook d715f53604 add MinRID to complement MaxRID, allowing continuing or starting from a higher value
from @lvarela-r7
2017-10-20 15:32:25 -05:00
Jon Hart 664e774a33
style/rubocop cleanup 2017-10-20 09:44:07 -07:00
William Vu 7e338fdd8c
Land #9086, proxying fix for nessus_rest_login 2017-10-16 11:52:04 -05:00
Hanno Heinrichs 9597157e26 Make nessus_rest_login scanner proxy-aware again 2017-10-14 11:16:41 +02:00
Hanno Heinrichs f4ae2e6cdc Make pop3_login scanner proxy-aware again 2017-10-14 11:05:54 +02:00
h00die a63c947768 gopher proto 2017-10-12 21:32:01 -04:00
Adam Cammack deb2d76678
Land #9058, Add proxies back to smb_login 2017-10-12 17:31:45 -05:00
William Vu ab63caef7b
Land #9009, Apache Optionsbleed module 2017-10-10 12:13:40 -05:00
Hanno Heinrichs 15adb82b96 Make smb_login scanner proxy-aware again 2017-10-09 23:01:25 +02:00
h00die 7fc9be846a bcoles suggestions 2017-09-29 20:29:30 -04:00
h00die 6cc5324e5b oe is all umlaut 2017-09-28 19:52:02 -04:00
h00die 2295146dcd working optionsbleed module 2017-09-27 22:07:57 -04:00
h00die 997b831b52 implement regexes 2017-09-27 19:33:50 -04:00
h00die 0649d0d356 wip optionsbleed 2017-09-26 22:09:07 -04:00
bwatters-r7 579342c4f6
Land #8955, Fix error messages on telnet_encrypt_overflow.rb 2017-09-26 16:08:58 -05:00
bwatters-r7 66d6ac418a
Land #8978, Add smb1 scanner 2017-09-26 16:06:41 -05:00
Brent Cook 7924667e51 appease alignists 2017-09-25 09:10:10 -05:00
Brent Cook 62ee4ed708 update modules to use inherited SSLVersion option 2017-09-25 09:03:22 -05:00
h00die 273d49bffd
Land #8891 login scanner for Inedo BuildMaster 2017-09-24 13:30:17 -04:00
loftwing c953842c96 Added docs and additional dialects 2017-09-18 15:02:38 -05:00
loftwing d07fe2f1e7 Added reporting back, removed wfw dialect 2017-09-18 13:15:19 -05:00
loftwing 6f5eb5a18f update 2017-09-15 12:07:28 -05:00
james 4e81a68108 Simplify saving valid credentials by calling store_valid_credential 2017-09-15 00:18:33 -05:00
loftwing 646dda7958 Add initial smbv1 scanner code 2017-09-14 16:59:39 -05:00
Erik Lenoir 27a517e0f6 Fix #8060, cf #8061 2017-09-12 18:41:51 +02:00
james 861f4a6201 Changes to buildmaster_login from code review
Use peer property in messages instead of rhost rport combination for consistency.
Documentation updated accordingly.
2017-09-09 18:00:04 -05:00
james 47adfb9956 Fixes from code review to buildmaster_login
Per bcoles, the most important fixes are:
- Removing `self.class` from call to `register_options`
- Adding rescue to login_succeeded to handle bad json
2017-09-09 16:26:01 -05:00
Brent Cook c67e407c9c
Land #8880, added Cisco Smart Install (SMI) scanner 2017-09-07 08:06:03 -05:00
Tod Beardsley 8a045e65aa Spaces between commas 2017-08-31 14:29:23 -05:00
Jon Hart eec5d2ada9
Update description and add link to SIET 2017-08-30 11:52:11 -07:00
h00die bd7ea1f90d more updates, 465 more pages to go 2017-08-26 21:01:10 -04:00
james 7dfde651ea Add login scanner module for Inedo BuildMaster
This module attempts to log into BuildMaster. BuildMaster is an application release automation tool.

More information about BuildMaster:
http://inedo.com/
2017-08-26 17:56:53 -05:00
Jon Hart 7b18c17445
Appease rubocop 2017-08-22 14:53:21 -07:00
Jon Hart 2969da3d70
Merge branch 'upstream-master' into feature/cisco-smi-scanner 2017-08-22 14:39:44 -07:00
Brent Cook e3265c4b1b
Land #8697, fix oracle_hashdump and jtr_oracle_fast modules 2017-08-14 17:36:18 -04:00
Brent Cook 69c4ae99a7
Land #8811, fix peer printing with bruteforce modules 2017-08-14 17:31:48 -04:00
William Vu 1a4db844c0 Refactor build_brute_message for legacy printing 2017-08-14 11:17:34 -05:00
Brendan Coles fa4fae3436 Cleanup auxiliary/scanner/msf/msf_rpc_login 2017-08-14 06:34:04 +00:00
zerosum0x0 ecfe3d0235 added optional DoublePulsar check 2017-08-11 11:36:59 -06:00
Christian Mehlmauer 1b6b29c22b
fix error with rdp scanníng 2017-08-09 21:32:15 +02:00
William Vu 3396afb41a Add IP and port (peer) to print_brute messages 2017-08-08 15:46:40 -05:00
William Vu 39e59805f9 Fix annoying print_brute messages in ssh_login 2017-08-08 15:15:23 -05:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Brent Cook 80d18fae6a update example modules to have zero violations 2017-07-24 06:15:54 -07:00
Brent Cook 838b066abe Merge branch 'master' into land-8716 2017-07-24 05:51:44 -07:00
g0tmi1k e710701416 Made msftidy.rb happy
...untested with the set-cookie 'fix'
2017-07-21 19:55:26 -07:00
Evgeny Naumov 5d04775f5e use 2.4 OpenSSL::PKey::RSA api 2017-07-21 16:28:07 -04:00
g0tmi1k 524373bb48 OCD - Removed un-needed full stop 2017-07-21 07:41:51 -07:00
g0tmi1k 772bec23a1 Fix various typos 2017-07-21 07:40:08 -07:00
g0tmi1k 3f6925196b OCD - store_loot & print_good 2017-07-19 13:02:49 +01:00
g0tmi1k ef826b3f2c OCD - print_good & print_error 2017-07-19 12:48:52 +01:00
g0tmi1k df9b642746 More print_status -> print_good 2017-07-19 11:39:15 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 3d4feffc62 OCD - Spaces & headings 2017-07-19 11:04:15 +01:00
g0tmi1k a008f8e795 BruteForce - > Brute Force 2017-07-19 10:39:58 +01:00
Jon Hart 45f81f3c98
Squash some style issues 2017-07-18 12:45:02 -07:00
Jon Hart e93e524c3b
Merge branch 'upstream-master' into feature/rdp-scanner 2017-07-17 13:46:59 -07:00
Jon Hart 43e04c8894
Improve RDP probe packet 2017-07-17 13:14:47 -07:00
David Maloney ee1c87b868
Land #8172, example modules
lands several example modules
2017-07-14 15:17:20 -05:00
Jon Hart e3e5c33b9b
WIP commit of RDP scanner 2017-07-14 13:02:43 -07:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00
g0tmi1k 67310fa96c print_status -> print_good. [When it is successful, show it!] 2017-07-14 00:09:35 +01:00
g0tmi1k 424522147e OCD fixes - Start of *.rb files 2017-07-13 23:53:59 +01:00
bwatters-r7 de230478eb
Land #8566, Add ye olde NNTP Login Utility scanner module 2017-07-13 13:19:34 -05:00
Jon Hart e52e9c147d
First commit for Cisco Smart Install Scanner 2017-07-12 19:12:06 -07:00
Brent Cook 345407b0a4 Rex::Encoder::XDR conflicts with the XDR gem 2017-07-12 11:52:10 -05:00
David Maloney 6d7a066477
fixes oracle_hashdump and jtr_oracle_fast modules
fixes functionality in the oracle database hashdumper
and the oracle hash cracker modules
2017-07-10 16:57:57 -05:00
William Vu f45facdf6e Fix HTTP verb in jboss_vulnscan print_status 2017-07-06 14:55:33 -05:00
dmohanty-r7 aa387e96a7
Land #8577, Add SurgeNews User Credentials scanner 2017-07-03 10:14:03 -05:00
Brendan Coles dff96ce9a0 Re-order includes with Auxiliary::Scanner last 2017-07-01 08:30:17 +00:00
Brent Cook d20036e0fb revise spelling, add heartbleed and tidy checks 2017-06-28 18:50:20 -04:00
Brent Cook 461ab4501d add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:53:00 -04:00