Commit Graph

8239 Commits (4533c86a4f88b3c9da1d05b0057ffde1fb1ba3aa)

Author SHA1 Message Date
Jon Hart 7e91274796
Add module for connecting to/discovering MQTT endpoints 2017-12-20 12:29:50 -08:00
Brent Cook a8b845fff9
Land #9283, Add node.js ws websocket library DoS module 2017-12-20 14:20:42 -06:00
Brent Cook 9fb445fbf0
Land #9300, Add private data type to auxiliary scanner ftp_login and telnet_login 2017-12-20 00:30:43 -06:00
Tod Beardsley 216d00e39f
Use a random fname destination for /etc/passwd 2017-12-19 17:02:16 -06:00
Tod Beardsley e93282b71d
Drop calls to vprint_* 2017-12-19 16:53:02 -06:00
Tod Beardsley 2dc2ac134e
Don't default verbose 2017-12-19 16:48:41 -06:00
Jon Hart a2c5cc0ffb
Remove old deprecated modules 2017-12-19 07:56:16 -08:00
Nick Marcoccio acc6951bf3 fixed typo 2017-12-19 08:35:11 -05:00
Tod Beardsley f0df1750de
Land #9180
Land @RootUp's Samsung browser SOP module
2017-12-18 17:28:03 -06:00
Tod Beardsley 85350a9645
Add Rapid7 blog references 2017-12-18 17:11:47 -06:00
Tod Beardsley ae4edd65e1
Hard wrap descriptions 2017-12-18 17:03:13 -06:00
Tod Beardsley 27a324237b
Initial commit for Cambium issues from @juushya
Note, these will trigger a bunch of WARNING msftidy messages for setting
cookies directly. This is on purpose.
2017-12-18 16:32:55 -06:00
Jon Hart a33ed82a40
Land #9214, @realoriginal's update to the Cisco SMI scanner to also fetch Cisco IOS configs 2017-12-18 12:22:26 -08:00
Nick Marcoccio 6d565b6c33 added author information 2017-12-18 09:18:36 -05:00
Nick Marcoccio f447fa1a12 Added DirectAdmin Login Utillity 2017-12-17 22:43:37 -05:00
RootUp 917dd8e846
Update samsung_browser_sop_bypass.rb 2017-12-16 22:10:02 +05:30
RootUp 8f91377acb
Update samsung_browser_sop_bypass.rb 2017-12-16 22:09:21 +05:30
Tod Beardsley 3b3b0e6e96
And this is why I hate using single quotes
Also, restored the store_cred call.

This will fix up RootUp/metasploit-framework#3 for PR #9180
2017-12-14 14:28:25 -06:00
jgor 0b3a5567a4 Add module for CVE-2017-13872 iamroot remote exploit via ARD (VNC) 2017-12-14 13:59:35 -06:00
nromsdahl 384b250659
Add credential data type
Added credential data type so that successful passwords are stored in the database and accessible via the creds command.
2017-12-14 08:07:59 -06:00
nromsdahl be4939b56a
Add credential data type
Added credential data type so a successful ftp login stores the password in the database to be accessed later by the creds command.
2017-12-14 08:05:57 -06:00
William Vu 3cd287ddd6 Update the MS17-010 scanner to use dcerpc_getarch 2017-12-14 02:08:30 -06:00
h00die d7ad443be1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into upstream-master 2017-12-13 19:33:05 -05:00
h00die c0a534140d
Land #9284 a regex dos for ua_parser_js npm module 2017-12-13 19:31:49 -05:00
Wei Chen deacebc46b
Land #9264, Add private type when storing SSH password
Land #9264
2017-12-13 18:24:31 -06:00
Tod Beardsley 5226181d6d
Better conditionals from @bcoles 2017-12-13 16:48:05 -06:00
Tod Beardsley 966060d470
Nits picked by @bcoles: commas, quotes, and <head> 2017-12-13 16:38:17 -06:00
Nicholas Starke dd5532c5de Addressing Formatting Issues
There were several formatting and layout issues
that are fixed in this commit.  Also changing
`RHOSTS` to `RHOST`.
2017-12-13 14:26:27 -06:00
Tod Beardsley 622050ddfc
Oops, leftover comment 2017-12-12 14:48:00 -06:00
Tod Beardsley efa46efb48
Actually save creds, or fail through sanely
This incidentally also allows for a custom collector to be implemented
by the user -- for example, if they'd rather pick up a session ID or
inject a browser hook or something along those lines. It's a little
clunky, using the advanced option of CUSTOM_JS, but it seems to work
fine.
2017-12-12 14:06:18 -06:00
RootUp 5f70199218
Update samsung_browser_sop_bypass.rb 2017-12-12 15:52:55 +05:30
Nicholas Starke 2d23054a1f Changes as per comments
A few things were changed as per the PR comments:
1) The module title was reworded
2) The module description was multi-lined
3) Negative logic was rewritten to use 'unless'
4) Strings which did not require interpolation were rewritten
5) Documentation markdown was added.
2017-12-11 14:11:40 -06:00
Ryan Knell c5f218c84c Addressing comments
1. Updated documentation
2. Made the Sec-WebSocket-Key header a random value
2017-12-11 11:49:31 -05:00
Tod Beardsley cba5c7cb0f
Rename to actually call out the browser name 2017-12-08 13:53:13 -06:00
Tod Beardsley 0a9dcafb77
Actually collect the creds, sort of
Instead of an alert() (which the attacker won't see), this collects the
offered credentials in a POST action, and displays them in the console.

This should further store the creds somewhere handy, but this is good
enough for now for testing from @RootUp
2017-12-08 13:51:02 -06:00
Tod Beardsley aee883a706
Fixed up description to be descriptive 2017-12-08 12:24:58 -06:00
Nicholas Starke 306c5d20d9 Adding ua_parser_js ReDoS Module
"ua-parser-js" is an npm module for parsing browser
user-agent strings.  Vulnerable version of this module
have a problematic regular expression that can be exploited
to cause the entire application processing thread to "pause"
as it tries to apply the regular expression to the input.
This is problematic for single-threaded application environments
such as nodejs.  The end result is a denial of service
condition for vulnerable applications, where no further
requests can be processed.
2017-12-07 10:25:29 -06:00
Ryan Knell c992837f0d Adding ws DoS module
This module verifies if ws is vulnerable
to DoS by sending a request to the server
containing a specific header value.
ws is a npm module which handles websockets.
2017-12-07 10:45:57 -05:00
nromsdahl b24f70c7c6
Update ssh_login.rb
Added credential data type so password is stored in creds.
2017-11-30 11:02:06 -06:00
Brendan Coles 283b7c5145 Add WS-Discovery Information Discovery module 2017-11-29 12:21:22 +00:00
Adam Cammack 778e69f929
Land #9229, Randomize slowloris HTTP headers 2017-11-22 14:42:24 -06:00
attackdebris ae43883e2b Fix mongodb_login typo 2017-11-22 08:03:12 -05:00
Austin 99555dde02
sleep! per feedback 2017-11-21 21:33:29 -05:00
Jon Hart 5484ee840e
Correct port when eating cisco config 2017-11-21 18:09:51 -08:00
Jon Hart bdc822c67d
Improve logging when requesting config 2017-11-21 18:09:02 -08:00
Jon Hart 5a358db260
Clean up shutdown messaging 2017-11-21 17:55:17 -08:00
Jon Hart 93c424c255
Remove unused 2017-11-21 17:54:31 -08:00
Jon Hart b0d8b0a191
Clean up incoming file handling 2017-11-21 17:54:02 -08:00
Matthew Kienow 785e5944d6
Enhanced slowloris HTTP headers and minor cleanup 2017-11-21 18:19:20 -05:00
Matthew Kienow b6c81e6da0
Reimplement slowloris as external module 2017-11-21 16:21:01 -05:00
Daniel Teixeira db2bd22d86
Update slow_loris.rb 2017-11-21 15:49:45 -05:00
Matthew Kienow e07fe77a69
Close sockets to resolve file handle error 2017-11-21 15:49:45 -05:00
Daniel Teixeira 52f56527d8
Update slow_loris.rb 2017-11-21 15:49:45 -05:00
Daniel Teixeira 74becb69e8
Update slow_loris.rb 2017-11-21 15:49:45 -05:00
Daniel Teixeira b7bc68c843
Update slow_loris.rb 2017-11-21 15:49:44 -05:00
Daniel Teixeira 53123d92e2
Update slow_loris.rb 2017-11-21 15:49:44 -05:00
Daniel Teixeira 21a6d0bd6e
Update slow_loris.rb 2017-11-21 15:49:44 -05:00
Daniel Teixeira 60878215e0
Update slow_loris.rb 2017-11-21 15:49:43 -05:00
Daniel Teixeira 9457359b11
Update slow_loris.rb 2017-11-21 15:49:43 -05:00
Daniel Teixeira 29017b8926
Update slow_loris.rb 2017-11-21 15:49:43 -05:00
Daniel Teixeira f79b41edde
Slow Loris 2017-11-21 15:48:11 -05:00
Austin cfd06ab24a
what was i thinking? 2017-11-20 16:08:48 -05:00
Austin b6e2e2aa45
adjust delay 2017-11-19 09:43:18 -05:00
Austin 1087b8ca16
cleanup 2017-11-18 20:09:29 -05:00
Austin 35567e3e23
Fix - copy system:running-config tftp://ip/file
Copies running config directly to TFTP server, thus removing the need to delete the file :D.
2017-11-18 13:02:12 -05:00
Austin f84f824a71
remove ? 2017-11-17 16:15:18 -05:00
Austin b457c60542
WORK IN PROGRESS - "GET"
Work in progress of GET, and PUT. PUT works fine for grabbing the configuration. GET will be used for service a config to execute commands , or the also WIP action "UPLOAD"
2017-11-17 15:36:27 -05:00
Austin 8b59c4615b
Update cisco_smart_install.rb 2017-11-17 07:09:41 -05:00
Austin feb24efd27
add DOWNLOAD action
Adds DOWNLOAD function, to download config and send to attacker TFTP server.
2017-11-16 12:58:54 -05:00
Austin 4a8d32af85
Update cisco_smart_install.rb 2017-11-16 12:53:27 -05:00
Patrick Webster 2f6da89674 Change author name to nick. 2017-11-09 03:00:24 +11:00
RootUp 03cd8af29a
Update browser_sop_bypass.rb 2017-11-08 12:50:49 +05:30
RootUp 0c247d5635
Update browser_sop_bypass.rb 2017-11-08 12:38:37 +05:30
Pearce Barry fc87ee08d9
Land #9060, IBM Lotus Notes DoS (CVE-2017-1130). 2017-11-07 11:20:12 -06:00
RootUp 872894f743
Update browser_sop_bypass.rb 2017-11-07 21:29:16 +05:30
RootUp 2fad61101e
Update browser_sop_bypass.rb 2017-11-07 21:13:06 +05:30
RootUp 3dad025b8c
Create browser_sop_bypass.rb 2017-11-07 14:24:50 +05:30
RootUp 88db98c381
Update ibm_lotus_notes2.rb 2017-11-06 20:45:50 +05:30
Pearce Barry 77c13286e0
Ensure closing script tag has necessary escape. 2017-11-05 13:41:29 -06:00
William Vu 87934b8194 Convert tnftp_savefile from auxiliary to exploit
This has been a long time coming. Fixes #4109.
2017-11-01 17:37:41 -05:00
William Vu 972f9c08eb
Land #9135, peer print for jenkins_enum 2017-11-01 15:33:13 -05:00
William Vu 77181bcc9c Prefer peer over rhost/rport 2017-11-01 15:32:32 -05:00
William Vu 0e66ca1dc0
Fix #3444/#4774, get_json_document over JSON.parse
Forgot to update these when I wrote new modules.
2017-11-01 15:05:49 -05:00
lvarela-r7 c36184697c
Merge pull request #9150 from bcook-r7/runtimeerror
Fix several broken raise RuntimeError calls in error paths
2017-10-31 14:47:42 -05:00
Brent Cook f1e6e7eed5
Land #9107, add MinRID to complement MaxRID 2017-10-31 12:18:28 -05:00
Brent Cook aa0ac57238 use implicit RuntimeError 2017-10-31 04:53:14 -05:00
Brent Cook 9389052f61 fix more broken RuntimeError calls 2017-10-31 04:45:19 -05:00
RootUp 9c16da9c98
Update ibm_lotus_notes2.rb 2017-10-28 18:53:15 +05:30
sho-luv 587c9673c6
Added host and port to output
I added the host and port number to reporting when instances are found.
2017-10-27 09:34:49 -07:00
RootUp 80aba7264c Update ibm_lotus_notes2.rb 2017-10-25 10:33:25 +05:30
Jon Hart 9658776adf
Land #9079, adding @h00die's gopher scanner 2017-10-20 17:16:08 -07:00
Brent Cook d715f53604 add MinRID to complement MaxRID, allowing continuing or starting from a higher value
from @lvarela-r7
2017-10-20 15:32:25 -05:00
Jon Hart 664e774a33
style/rubocop cleanup 2017-10-20 09:44:07 -07:00
William Vu 7e338fdd8c
Land #9086, proxying fix for nessus_rest_login 2017-10-16 11:52:04 -05:00
Hanno Heinrichs 9597157e26 Make nessus_rest_login scanner proxy-aware again 2017-10-14 11:16:41 +02:00
Hanno Heinrichs f4ae2e6cdc Make pop3_login scanner proxy-aware again 2017-10-14 11:05:54 +02:00
h00die a63c947768 gopher proto 2017-10-12 21:32:01 -04:00
Adam Cammack deb2d76678
Land #9058, Add proxies back to smb_login 2017-10-12 17:31:45 -05:00
William Vu ab63caef7b
Land #9009, Apache Optionsbleed module 2017-10-10 12:13:40 -05:00
RootUp 2b85eb17dd Create ibm_lotus_notes2.rb 2017-10-10 12:22:06 +05:30
Pearce Barry a3d47ea838
Land #8989, IBM Lotus Notes DoS (CVE-2017-1129) 2017-10-09 19:37:59 -05:00
Pearce Barry fd8b72ca66
Minor tweaks. 2017-10-09 17:02:24 -05:00
Hanno Heinrichs 15adb82b96 Make smb_login scanner proxy-aware again 2017-10-09 23:01:25 +02:00
h00die 7fc9be846a bcoles suggestions 2017-09-29 20:29:30 -04:00
h00die 6cc5324e5b oe is all umlaut 2017-09-28 19:52:02 -04:00
h00die 2295146dcd working optionsbleed module 2017-09-27 22:07:57 -04:00
h00die 997b831b52 implement regexes 2017-09-27 19:33:50 -04:00
h00die 0649d0d356 wip optionsbleed 2017-09-26 22:09:07 -04:00
bwatters-r7 579342c4f6
Land #8955, Fix error messages on telnet_encrypt_overflow.rb 2017-09-26 16:08:58 -05:00
bwatters-r7 66d6ac418a
Land #8978, Add smb1 scanner 2017-09-26 16:06:41 -05:00
Brent Cook 7924667e51 appease alignists 2017-09-25 09:10:10 -05:00
Brent Cook 62ee4ed708 update modules to use inherited SSLVersion option 2017-09-25 09:03:22 -05:00
h00die 273d49bffd
Land #8891 login scanner for Inedo BuildMaster 2017-09-24 13:30:17 -04:00
RootUp e4f79879ba Update and rename modules/auxiliary/dos/ibm_lotus_notes.rb to modules/auxiliary/dos/http/ibm_lotus_notes.rb 2017-09-23 18:27:50 +05:30
RootUp 669b6771e3 Update ibm_lotus_notes.rb 2017-09-22 17:16:42 +05:30
RootUp a71edb33be Create ibm_lotus_notes.rb 2017-09-22 17:08:05 +05:30
bwatters-r7 5a62e779aa
Land #8954, fix internal usage of bindata objects when generating NTP messages 2017-09-19 09:01:49 -05:00
loftwing c953842c96 Added docs and additional dialects 2017-09-18 15:02:38 -05:00
loftwing 7d07f7054d Merge remote-tracking branch 'origin/master' into add_smb1_scanner 2017-09-18 13:16:06 -05:00
loftwing d07fe2f1e7 Added reporting back, removed wfw dialect 2017-09-18 13:15:19 -05:00
loftwing 6f5eb5a18f update 2017-09-15 12:07:28 -05:00
james 4e81a68108 Simplify saving valid credentials by calling store_valid_credential 2017-09-15 00:18:33 -05:00
loftwing 646dda7958 Add initial smbv1 scanner code 2017-09-14 16:59:39 -05:00
Pearce Barry 200a1b400a
Remove spaces to appease msftidy. 2017-09-14 09:28:38 -05:00
Erik Lenoir 27a517e0f6 Fix #8060, cf #8061 2017-09-12 18:41:51 +02:00
Brent Cook a7a17c677c fix internal usage of bindata objects when generating NTP messages 2017-09-12 09:54:09 -04:00
Craig Smith e4465c9350 Fixed a bug where flowcontrol caused the first packet to get lost 2017-09-11 19:00:53 -07:00
Craig Smith b218cc3c7f Merge branch 'master' into hw_auto_padding_fix 2017-09-11 18:30:34 -07:00
Craig Smith ad9329993d Added better padding and flowcontrol support. 2017-09-11 18:20:57 -07:00
james 861f4a6201 Changes to buildmaster_login from code review
Use peer property in messages instead of rhost rport combination for consistency.
Documentation updated accordingly.
2017-09-09 18:00:04 -05:00
james 47adfb9956 Fixes from code review to buildmaster_login
Per bcoles, the most important fixes are:
- Removing `self.class` from call to `register_options`
- Adding rescue to login_succeeded to handle bad json
2017-09-09 16:26:01 -05:00
Brent Cook c67e407c9c
Land #8880, added Cisco Smart Install (SMI) scanner 2017-09-07 08:06:03 -05:00
Adam Cammack b0dc44fb86
Land #8909, Avoid saving some invalid creds 2017-09-05 12:43:03 -05:00
Tod Beardsley 86db2a5771
Land #8888 from @h00die, with two extra fixes
Fixes spelling and grammar in a bunch of modules. More to come!
2017-08-31 14:37:02 -05:00
Tod Beardsley 8a045e65aa Spaces between commas 2017-08-31 14:29:23 -05:00
Pearce Barry 2bbba9c500
Avoid some ActiveRecord validation errors.
Per discussion with @bcoles in [PR 8759](https://github.com/rapid7/metasploit-framework/pull/8759#issuecomment-325028479), setting a login data's last_attempted_at value while also setting the status to UNTRIED will cause a validation error when there's a running+connected MSF DB.

This PR removes the handful of existing cases we're doing this (thx, @bcoles!).
2017-08-30 15:31:36 -05:00
Jon Hart eec5d2ada9
Update description and add link to SIET 2017-08-30 11:52:11 -07:00
Pearce Barry d5124fdc94
Land #8759, Add TeamTalk Gather Credentials auxiliary module 2017-08-29 13:17:28 -05:00
Brendan Coles c9e32fbb18 Remove last_attempted_at 2017-08-29 05:05:04 +00:00
h00die a40429158f 40% done 2017-08-28 20:17:58 -04:00
h00die bd7ea1f90d more updates, 465 more pages to go 2017-08-26 21:01:10 -04:00
james 7dfde651ea Add login scanner module for Inedo BuildMaster
This module attempts to log into BuildMaster. BuildMaster is an application release automation tool.

More information about BuildMaster:
http://inedo.com/
2017-08-26 17:56:53 -05:00
William Vu 924c3de9f3
Land #7382, BIND TSIG DoS 2017-08-26 10:42:35 -05:00
William Vu f9a2c3406f Clean up module 2017-08-26 10:41:10 -05:00
h00die 3420633f29 @NickTyrer corrected my correction 2017-08-26 08:43:10 -04:00
h00die 32a4436ecd first round of spelling/grammar fixes 2017-08-24 21:38:44 -04:00
Jon Hart 7b18c17445
Appease rubocop 2017-08-22 14:53:21 -07:00
Jon Hart 2969da3d70
Merge branch 'upstream-master' into feature/cisco-smi-scanner 2017-08-22 14:39:44 -07:00
Brent Cook cbd7790e95
Land #8751, Add Asterisk Gather Credentials auxiliary module 2017-08-20 18:34:27 -05:00
Brent Cook aa797588e8
Land #8847, Look for sp_execute_external_script in mssql_enum 2017-08-20 14:32:35 -05:00
h00die dc358dd087 unknow to unknown 2017-08-18 11:33:48 -04:00
james e642789674 Look for sp_execute_external_script in mssql_enum
sp_execute_external_script can be used to execute code in MSSQL.
MSSQL 2016+ can be configured to execute R code. MSSQL 2017 can
be configured to execute Python code.

Documentation:
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql
https://docs.microsoft.com/en-us/sql/advanced-analytics/tutorials/rtsql-using-r-code-in-transact-sql-quickstart

Interesting uses of sp_execute_external_script:
R - https://pastebin.com/zBDnzELT
Python - https://gist.github.com/james-otten/63389189ee73376268c5eb676946ada5
2017-08-16 21:40:03 -05:00
Brent Cook e3265c4b1b
Land #8697, fix oracle_hashdump and jtr_oracle_fast modules 2017-08-14 17:36:18 -04:00
Brent Cook 69c4ae99a7
Land #8811, fix peer printing with bruteforce modules 2017-08-14 17:31:48 -04:00
William Vu 1a4db844c0 Refactor build_brute_message for legacy printing 2017-08-14 11:17:34 -05:00
Brent Cook 9fdf2ca1f4
Land #8830, Cleanup auxiliary/scanner/msf/msf_rpc_login 2017-08-14 02:47:08 -04:00
Brendan Coles fa4fae3436 Cleanup auxiliary/scanner/msf/msf_rpc_login 2017-08-14 06:34:04 +00:00
Brent Cook 26193216d1
Land #8686, add 'download' and simplified URI request methods to http client mixin
Updated PDF author metadata downloader to support the new methods.
2017-08-14 01:40:17 -04:00
Brent Cook 5d05ca154a added http client 'download' method and updates to pdf author module from @bcoles 2017-08-14 01:08:53 -04:00
zerosum0x0 ecfe3d0235 added optional DoublePulsar check 2017-08-11 11:36:59 -06:00
Pearce Barry bb5fffebc4
Land #8796, SMBLoris Denial of Service Module. 2017-08-09 16:24:55 -05:00
Pearce Barry 901a1fdd1b
Minor tweaks. 2017-08-09 15:44:32 -05:00
Christian Mehlmauer 1b6b29c22b
fix error with rdp scanníng 2017-08-09 21:32:15 +02:00
William Vu 3396afb41a Add IP and port (peer) to print_brute messages 2017-08-08 15:46:40 -05:00
William Vu 39e59805f9 Fix annoying print_brute messages in ssh_login 2017-08-08 15:15:23 -05:00
David Maloney 67e86da50b
make SMBLoris run continuously as requested
as per ZeroSum's request the module now runs
continuously, refreshing the connections on every pass
until manually killed
2017-08-08 10:16:16 -05:00
David Maloney 289f03241b
add module documentation
add module docs for the new smbloris DoS
2017-08-04 16:10:44 -05:00
David Maloney 15cc2a9dc0
removedthreading stuff, tried keepalives
still seem to be topping out at
about 1.3GB allocated
2017-08-04 15:28:01 -05:00
David Maloney e73ffe648e
tried adding supervisor model to smbloris
tried to overcome issues with slowdown
around the 4500 connection mark by using the
supervisor pattern to terminate the threads on
the backend. this seems to get us further, but we still
hit a slowdown and the allocations die out before
we hit any serious usage
2017-08-03 14:19:35 -05:00
David Maloney c9da2d56b9
first pass at SMBLoris DoS module
the first pass on the DoS module for SMBLoris
running into issues with it topping out around 600MB
2017-08-03 11:32:57 -05:00
TC Johnson 8989d6dff2
Modified Accuvant bog posts to the new Optive urls 2017-08-02 13:25:17 +10:00
Brendan Coles d66e8062e7 Add TeamTalk Gather Credentials auxiliary module 2017-07-24 14:24:38 +00:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Brent Cook 80d18fae6a update example modules to have zero violations 2017-07-24 06:15:54 -07:00
Brent Cook 838b066abe Merge branch 'master' into land-8716 2017-07-24 05:51:44 -07:00
Brent Cook df22e098ed
Land #8695, Fix #8675, Add Cache-Control header, also meta tag for BAP2 2017-07-23 07:17:45 -07:00
Brent Cook 8c8dbc6d38
Land #8692, Fix #8685, Check nil condition for #wordlist_file in jtr modules 2017-07-23 07:12:21 -07:00
Brendan Coles 109fd8b6d3 Add Asterisk Gather Credentials auxiliary module 2017-07-23 09:55:12 +00:00
g0tmi1k e710701416 Made msftidy.rb happy
...untested with the set-cookie 'fix'
2017-07-21 19:55:26 -07:00
Evgeny Naumov 5d04775f5e use 2.4 OpenSSL::PKey::RSA api 2017-07-21 16:28:07 -04:00
g0tmi1k 524373bb48 OCD - Removed un-needed full stop 2017-07-21 07:41:51 -07:00
g0tmi1k 772bec23a1 Fix various typos 2017-07-21 07:40:08 -07:00
g0tmi1k 3f6925196b OCD - store_loot & print_good 2017-07-19 13:02:49 +01:00
g0tmi1k ef826b3f2c OCD - print_good & print_error 2017-07-19 12:48:52 +01:00
g0tmi1k df9b642746 More print_status -> print_good 2017-07-19 11:39:15 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 3d4feffc62 OCD - Spaces & headings 2017-07-19 11:04:15 +01:00
g0tmi1k a008f8e795 BruteForce - > Brute Force 2017-07-19 10:39:58 +01:00
Jon Hart 45f81f3c98
Squash some style issues 2017-07-18 12:45:02 -07:00
Jon Hart e93e524c3b
Merge branch 'upstream-master' into feature/rdp-scanner 2017-07-17 13:46:59 -07:00
Jon Hart 43e04c8894
Improve RDP probe packet 2017-07-17 13:14:47 -07:00
David Maloney ee1c87b868
Land #8172, example modules
lands several example modules
2017-07-14 15:17:20 -05:00
Jon Hart e3e5c33b9b
WIP commit of RDP scanner 2017-07-14 13:02:43 -07:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
g0tmi1k 9309115627 OCD - Banner clean up 2017-07-14 08:19:50 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00
g0tmi1k 67310fa96c print_status -> print_good. [When it is successful, show it!] 2017-07-14 00:09:35 +01:00
g0tmi1k 424522147e OCD fixes - Start of *.rb files 2017-07-13 23:53:59 +01:00
bwatters-r7 de230478eb
Land #8566, Add ye olde NNTP Login Utility scanner module 2017-07-13 13:19:34 -05:00
Jon Hart e52e9c147d
First commit for Cisco Smart Install Scanner 2017-07-12 19:12:06 -07:00
Pearce Barry 59de7d3635
Land #8671, Add a module for CVE-2017-7615 2017-07-12 14:58:02 -05:00
Pearce Barry 580219695a
Oof, missed the parens... 2017-07-12 13:52:59 -05:00
Pearce Barry aa22651340
Few style/spelling tweaks, nothing to see here... 2017-07-12 13:41:20 -05:00
Brent Cook 345407b0a4 Rex::Encoder::XDR conflicts with the XDR gem 2017-07-12 11:52:10 -05:00
RageLtMan 5473b2132d Implement :request_url for Msf HttpClient mixin
To round out implementation of a simple path for users to access
HttpClient like Open or Net::HTTP, create :request_url method which
takes a single URL parameter, uses :request_opts_from_url to build
the request configuration for Rex::Proto::Http::Client, executes
a GET request with it, and disconnects the client unless keepalive
is specified as the second parameter to :request_url.

Example usage of functionality is implemented in http_pdf_authors.
2017-07-11 16:07:13 -04:00
David Maloney 6d7a066477
fixes oracle_hashdump and jtr_oracle_fast modules
fixes functionality in the oracle database hashdumper
and the oracle hash cracker modules
2017-07-10 16:57:57 -05:00
wchen-r7 50b1ec4044 Fix #8675, Add Cache-Control header, also meta tag for BAP2
Hopefully that browsers will respect this.

Fix #8675
2017-07-10 16:05:09 -05:00
wchen-r7 fe360e3e2a Fix #8685, Check nil condition for #wordlist_file in jtr modules
JTR modules should never assume there is always a database
connected while using #wordlist_file, considering a database is
an optional component for Framework.

Fix #8685
2017-07-10 11:18:20 -05:00
RageLtMan df697aa23c Implement HttpClient options generation from URL
To address the complexity which comes with the flexibility offered
by Rex::Proto::Http::Client and its Msf mixin descendant, a simple
process needs to be implemented for issuing a request using only
the URL string in order to provide ease of access to users who may
not have the time to study how these clients work in detail.

Implement :request_opts_from_url in Msf's HttpClient mixin such as
to extract the options required for :send_request_* from a URL
string passed into the method. This approach reduces HTTP requests
in the mixin to `send_request_raw(request_opts_from_url(url))` when
`url` is just a string.

Implement this approach in the http_pdf_authors gather module to
further reduce infrastructure complexity around the simple need to
acquire PDF files via HTTP/S.

Testing:
  Local to this module only, and in Pry of course. Seems to work...
2017-07-10 04:19:26 -04:00
RageLtMan 997150a215 Use Msf::Exploit::Remote::HttpClient
Replace Net::HTTP usage with proper Rex::Proto::Http::Client via
the Msf module mixin. Generate the request opts from the same URI
parsed URL string, execute a one shot GET request, disconencting
after reciept of results. Depending on the response code, either
pass back an empty StringIO or if its 200, a StringIO(res.body).
2017-07-10 03:37:41 -04:00
jvoisin 263a42707e Fix a typo 2017-07-09 16:34:51 +02:00
jvoisin 8510cda5ae Implement @bcoles advices 2017-07-09 16:34:10 +02:00
jvoisin f10cf75ae0 Fix some stuff 2017-07-09 10:45:15 +02:00
jvoisin 5fe805aaca s/\t/ /g 2017-07-09 02:29:37 +02:00
jvoisin 968fa0c244 Add even more references 2017-07-09 02:27:54 +02:00
jvoisin ae930ae7c1 Add a module for CVE-2017-7615 2017-07-09 02:14:21 +02:00
William Vu b3be89b508
Land #8663, typo fix for zoomeye_search 2017-07-07 16:53:48 -05:00
dmohanty-r7 8f464e17a1
Land #8658, Add Gather PDF Authors auxiliary module 2017-07-07 16:20:29 -05:00
MD5HashBrowns e5244f3113 Fixed typo 2017-07-07 15:26:37 -04:00
Brendan Coles 683ce10167 Add URL option 2017-07-07 18:42:00 +00:00
Brendan Coles d864ce16b1 Add Gather PDF Authors auxiliary module 2017-07-06 23:29:17 +00:00
William Vu f45facdf6e Fix HTTP verb in jboss_vulnscan print_status 2017-07-06 14:55:33 -05:00
dmohanty-r7 aa387e96a7
Land #8577, Add SurgeNews User Credentials scanner 2017-07-03 10:14:03 -05:00
Roman 38b1e56bbd negated wording regarding legacy auth
According to the docs this variable means the opposite:
https://dev.mysql.com/doc/refman/5.5/en/mysql-command-options.html#option_mysql_secure-auth
OFF     ->      insecure
ON      ->      secure
2017-07-03 14:29:07 +02:00
Brendan Coles dff96ce9a0 Re-order includes with Auxiliary::Scanner last 2017-07-01 08:30:17 +00:00
Pearce Barry 3d4d03c9b4
Land #8575, Cerberus Helpdesk hash disclosure 2017-06-30 16:02:53 -05:00
Brent Cook 40f0d36f6b
Land #8615, add @artkond's DoS module for Cisco CVE-2017-3881 2017-06-30 11:17:09 -04:00
Brent Cook d20036e0fb revise spelling, add heartbleed and tidy checks 2017-06-28 18:50:20 -04:00
Brent Cook 461ab4501d add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:53:00 -04:00
Brent Cook 0d9f57ad7c add @artkond's DoS module for Cisco CVE-2017-3881
This makes a few improvements, adds module docs.
2017-06-27 01:53:23 -05:00
Brent Cook 05c72214ae
Land #8205, Add Satel SenNet Command Exec Module 2017-06-25 18:01:44 -05:00
Brent Cook 07e7baebb8 sign my name 2017-06-25 14:59:01 -05:00
Brent Cook 7bc0dcea42 add ipv6 support for CHOST 2017-06-25 14:57:15 -05:00
Brent Cook 269597f994 add initial CHOST support 2017-06-24 18:57:43 -05:00
Brent Cook eee1eff034 improve resolve / add / delete logic 2017-06-24 18:36:01 -05:00
Brent Cook b36d56bed3 handle RXDomain on lookup failure 2017-06-24 18:10:50 -05:00
Brent Cook c8755a3a7a add pre-flight checks, log a lot more info 2017-06-24 12:32:15 -05:00
h00die cc9326d946 bcoles updates and table printing 2017-06-24 13:01:39 -04:00
Brent Cook 8f3c470bb3 make usage more intuitive, remove weird defaults 2017-06-24 11:52:52 -05:00
Brent Cook 24c43b1822 reregister rhost 2017-06-22 18:33:19 -05:00
Brent Cook ca813e7a5c fix message formatting 2017-06-22 18:21:33 -05:00
Brent Cook 823260cc04 fix error message 2017-06-22 18:11:07 -05:00
Brent Cook 3cf722a45d use correct preqrequisites 2017-06-22 18:08:20 -05:00
Brent Cook 5e48a11e60 handle specific exceptions, update docs 2017-06-22 18:01:52 -05:00
Brent Cook 6a261b172f move from scanner to admin 2017-06-22 17:47:04 -05:00
Brent Cook 125d14f81e simplify module, add AAAA support 2017-06-22 17:44:55 -05:00
KINGSABRI b618e5ca6f Add more exception handling, fix tidy rules 2017-06-22 15:55:04 -05:00
KINGSABRI ce124e6090 Add CNAME record 2017-06-22 15:55:04 -05:00
KINGSABRI 5528084e27 add Dnsruby 2017-06-22 15:55:04 -05:00
KINGSABRI 2410a3232f Adding DNS Server Dynamic Update Record Injection module 2017-06-22 15:41:25 -05:00