Commit Graph

955 Commits (454dd59da8abbaf69563c5d8cd9ce9a4dc52760c)

Author SHA1 Message Date
jvazquez-r7 ecb74c543a Beautify description 2014-11-24 11:27:32 -06:00
jvazquez-r7 c52104e91d Beautify metadata 2014-11-24 11:24:41 -06:00
jvazquez-r7 fcb4bea3c1 Fix code comments 2014-11-24 11:23:27 -06:00
jvazquez-r7 10d0305cb2 Update from upstream master 2014-11-24 09:48:43 -06:00
jvazquez-r7 fb4b6543e2 Handle other rex exceptions 2014-11-18 15:57:41 -06:00
nullbind 8c34f35ca9 added mssql_enum_windows_domain_accounts.rb 2014-11-17 13:03:43 -06:00
Jon Hart 9e2513d4de Update solaris_kcms_readfile to gracefully handle RPC errors 2014-11-17 10:41:17 -08:00
Tod Beardsley e2dc862121
Fix newly introduced typo. 2014-11-13 14:53:57 -06:00
Tod Beardsley dd1920edd6
Minor typos and grammar fixes 2014-11-13 14:48:23 -06:00
jvazquez-r7 f081ede2aa Land #4155, @pedrib's module for CVE-2014-8499
* Password Manager Pro privesc + password disclosure
2014-11-12 23:56:26 -06:00
Pedro Ribeiro 9df31e950f Add OSVDB id 2014-11-12 21:32:33 +00:00
jvazquez-r7 70589668c2 Really land the #4130 module 2014-11-12 09:39:01 -06:00
jvazquez-r7 ece8013d7a Use #empty? 2014-11-12 09:35:06 -06:00
jvazquez-r7 f048463ed6 Do minor fixupts
* Delete peer method
* Make verifications more strict
2014-11-12 09:33:49 -06:00
jvazquez-r7 a5c87db65e Do minor cleanup
* Beautify description
* Use double quotes for interpolation
2014-11-12 09:29:53 -06:00
jvazquez-r7 e1164d3e14 Use snake_case on filename 2014-11-12 09:26:47 -06:00
jvazquez-r7 01fda27264 Fix title 2014-11-11 11:15:53 -06:00
jvazquez-r7 a588bfd31a Use single quotes 2014-11-11 09:56:46 -06:00
jvazquez-r7 77c8dc2b64 Dont return nil from 'run' 2014-11-11 09:39:08 -06:00
jvazquez-r7 fb309aae11 Use a Fixnum as FuzzInt default value 2014-11-11 09:36:53 -06:00
jvazquez-r7 f6762b41b6 Use random fake db name 2014-11-11 09:35:51 -06:00
jvazquez-r7 94c353222d Do small cosmetic changes 2014-11-11 09:31:57 -06:00
jvazquez-r7 e9e5869951 update from master 2014-11-11 09:24:33 -06:00
jvazquez-r7 091da05a86 update from master 2014-11-10 22:59:44 -06:00
jvazquez-r7 cac6494427 Use snake_case in filename 2014-11-10 16:58:46 -06:00
jvazquez-r7 2c33642de8 Do minor cleanup 2014-11-10 16:57:57 -06:00
jvazquez-r7 12ae8b3ec6 update from master 2014-11-10 16:19:26 -06:00
nullbind 493b81d874 cleanup 2014-11-10 15:22:21 -06:00
nullbind 31fa57fcb2 mssql_enum_sql_logins 2014-11-10 15:19:55 -06:00
Scott Sutherland d543b16cc1 Added mssql_enum_sql_logins.rb 2014-11-10 15:02:46 -06:00
Scott Sutherland ea226f7482 Update mssql_enum_sql_logins.rb 2014-11-10 15:02:14 -06:00
nullbind 74344e9295 added mssql_enum_sql_logins 2014-11-10 13:42:52 -06:00
jvazquez-r7 4b701700c1 Fix banner 2014-11-10 12:40:53 -06:00
jvazquez-r7 65dbb1a83f Do print_status 2014-11-10 11:26:53 -06:00
jvazquez-r7 7aed1e9581 Create loot_passwords method 2014-11-10 11:21:44 -06:00
jvazquez-r7 92df11baa7 Create report_super_admin_creds method 2014-11-10 11:16:25 -06:00
jvazquez-r7 8f17011909 do run clean up
* Reduce code complexity
* Don't report not valid administrator credentials
2014-11-10 11:12:04 -06:00
jvazquez-r7 635df2f233 Fail with NoAccess 2014-11-10 09:50:26 -06:00
jvazquez-r7 9c033492d2 Fix indentation 2014-11-10 09:48:22 -06:00
jvazquez-r7 2236518694 Check res.body before accessing #to_s 2014-11-10 09:47:05 -06:00
jvazquez-r7 8b8ab61e3d Favor && over and 2014-11-10 09:45:12 -06:00
jvazquez-r7 ee4924582a Use target_uri 2014-11-10 09:43:44 -06:00
jvazquez-r7 8ddd6a4655 Redefine RPORT having into account it is builtin 2014-11-10 09:42:30 -06:00
jvazquez-r7 eb36a36272 Change title 2014-11-10 09:40:22 -06:00
Pedro Ribeiro b3c27452cd Add full disclosure URL 2014-11-09 10:40:41 +00:00
Pedro Ribeiro f680b666c7 Add github adv URL 2014-11-08 11:29:36 +00:00
Pedro Ribeiro 143033f657 Rename manageengine_pmp_sadmin.rb to manageengine_pmp_privesc.rb 2014-11-08 11:28:04 +00:00
Pedro Ribeiro 2843437ca9 Create exploit for CVE-2014-8499 2014-11-08 11:24:50 +00:00
nullbind 56a02fdb4a added mssql_escalate_executeas_sqli.rb 2014-11-04 13:38:13 -06:00
nullbind 15119d2a0f comment fix-sorry 2014-11-04 09:07:08 -06:00
nullbind f108d7b20a fixed code comment 2014-11-04 08:51:27 -06:00
nullbind fbe3adcb4c added mssql_escalate_executeas module 2014-11-03 11:29:15 -06:00
jvazquez-r7 b990b14a65
Land #3771, @us3r777's deletion of jboss_bshdeployer STAGERNAME option 2014-10-27 18:09:35 -05:00
scriptjunkie 4dfbce425a use vprintf... 2014-10-26 09:20:32 -05:00
scriptjunkie c31fb0633d Merge branch 'wp-psexeccmd' of github.com:webstersprodigy/metasploit-framework into webstersprodigy-wp-psexeccmd 2014-10-26 09:05:25 -05:00
jvazquez-r7 00f137cdcf
Land #4040, @nullbind's MS SQL privilege escalation through SQLi 2014-10-20 16:23:50 -05:00
jvazquez-r7 acc590b59c Modify metadata 2014-10-20 16:22:10 -05:00
jvazquez-r7 1381c7fb37 Modify title 2014-10-20 16:17:47 -05:00
jvazquez-r7 323680c31a Clean code 2014-10-20 16:17:06 -05:00
HD Moore 935a23296d
Updates to NAT-PMP, lands #4041 2014-10-20 11:26:26 -05:00
nullbind 036d43ba37 fixed logic bug 2014-10-19 20:56:29 -05:00
nullbind 1e2f1eaee0 cleaning up 2014-10-18 12:00:11 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
nullbind bf92769ba2 added mssql_escalate_dbowner_sqli 2014-10-17 10:25:20 -05:00
Jon Hart 8fdae8fbfb Move protocol and lifetime to mixin, use correct map_target if CHOST 2014-10-16 13:24:17 -07:00
Jon Hart 07f2d4dafe
Further improvements to NAT-PMP. Faster, more useful, less not useful 2014-10-15 06:39:38 -07:00
Jon Hart ea6824c46f WIP of NAT-PMP rework 2014-10-14 14:20:24 -07:00
jvazquez-r7 3305b1e9c3
Land #3984, @nullbind's MSSQL privilege escalation module 2014-10-09 11:39:15 -05:00
jvazquez-r7 10b160bedd Do final cleanup 2014-10-09 11:38:45 -05:00
jvazquez-r7 bbe435f5c9 Don't rescue everything 2014-10-09 11:25:13 -05:00
jvazquez-r7 0cd7454a64 Use default value for doprint 2014-10-09 11:04:42 -05:00
jvazquez-r7 db6f6d4559 Reduce code complexity 2014-10-09 10:59:14 -05:00
jvazquez-r7 615b8e5f4a Make easy method comments 2014-10-09 10:48:00 -05:00
jvazquez-r7 dd03e5fd7d Make just one connection 2014-10-09 10:46:51 -05:00
nullbind 168f1e559c fixed status 2014-10-08 21:19:50 -05:00
nullbind 3ebcaa16a1 removed scanner 2014-10-08 21:18:56 -05:00
nullbind 031fb19153 requested updates 2014-10-06 23:52:30 -05:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
Tod Beardsley 4fbab43f27
Release fixes, all titles and descs 2014-10-01 14:26:09 -05:00
Christian Mehlmauer b266233e95 fix bug 2014-09-30 00:21:52 +02:00
Christian Mehlmauer c51c19ca88 bugfix 2014-09-27 14:56:34 +02:00
Christian Mehlmauer 9a424a81bc fixed bug 2014-09-27 13:46:55 +02:00
Christian Mehlmauer 1c30c35717 Added WordPress custom_contact_forms module 2014-09-27 13:42:49 +02:00
nullbind ebf4e5452e Added mssql_escalate_dbowner module 2014-09-26 10:29:35 -05:00
Thomas Ring 81406defed hopefully what you are looking for this time 2014-09-23 11:36:13 -05:00
sinn3r 2a714a7c4d Fix a typo
Downloading and deleting are two very different things. Thanks Dan.
2014-09-21 18:35:26 -05:00
us3r777 2ae23bbe99 Remove STAGERNAME option
This option wasn't really required, the stager can be removed as
soon as the WAR is deployed. This commit does the modifications needed
to remove the stager right after the WAR deployment.
2014-09-09 21:44:08 +02:00
Tod Beardsley 4abee39ab2
Fixup for release
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
jvazquez-r7 c86d01a667 Fix win.ini signature 2014-09-07 01:46:38 -05:00
sinn3r 44b9dc9b28 Update tmlisten_traversal 2014-09-06 01:18:11 -05:00
sinn3r cb490fc00e [SeeRM #8836] Change boot.ini to win.ini 2014-09-04 17:03:21 -05:00
jvazquez-r7 185ce36859
Land #3701, @wchen-ru's AppleTV modules 2014-09-03 12:30:50 -05:00
jvazquez-r7 10dee28fbd Add http socket to the module sockets and allow the framework to cleanup 2014-09-03 12:01:48 -05:00
sinn3r 5acbcc80e2 no threading 2014-09-03 11:37:30 -05:00
Thomas Ring fbae68870c cleanup one stray comment 2014-08-29 10:57:51 -05:00
Thomas Ring 4c93cbc62c changes based on feedback, added timeout error message 2014-08-29 10:57:20 -05:00
sinn3r f7091d854e Add a timeout 2014-08-28 22:26:38 -05:00
Thomas Ring 67efa76fc4 changes based on feedback 2014-08-27 09:08:18 -05:00
Jon Hart 5c57f9b4eb Don't overload RPORT/LPORT for mapping external -> internal ports 2014-08-26 10:49:53 -07:00
Jon Hart 162508f532 Update NAT-PMP modules to use new/updated mixins 2014-08-26 10:49:53 -07:00
Jon Hart 816404bb88 Move common NAT-PMP functionality into a central place 2014-08-26 10:49:53 -07:00
sinn3r 463815d240 Add AppleTV modules (imge, video and login) 2014-08-25 15:24:41 -05:00
Thomas Ring e23acf8d82 fix for oracle_login not checking connection status and stopping on timeout 2014-08-25 14:57:45 -05:00
Tod Beardsley 6d9833e32b
Minor pre-release updates with descriptions 2014-08-25 13:34:45 -05:00
Tod Beardsley 03a1f4455d
No need to escape single quotes in %q{} strigns 2014-08-25 13:03:33 -05:00
jvazquez-r7 0737d0dbd5 Refactor auxiliary module 2014-08-22 17:05:45 -05:00
jvazquez-r7 9ef09a7725 Pass msftidy 2014-08-22 13:24:59 -05:00
jvazquez-r7 38e6576990 Update 2014-08-22 13:22:57 -05:00
Tod Beardsley 08bb815bd8
Add Yokogawa unauth admin module 2014-08-09 13:30:10 -05:00
jvazquez-r7 ed97751ead
Land #2999, @j0hnf's modifiction to check_dir_file to handle file: 2014-08-04 11:55:18 -05:00
jvazquez-r7 cd45ed0e0a Handle exceptions when connecting the SMBHSARE 2014-08-04 11:54:30 -05:00
jvazquez-r7 85b5c5a691 Refactor check_path 2014-08-04 11:48:13 -05:00
jvazquez-r7 1e29bef51b Fix msftidy warnings 2014-08-04 11:46:27 -05:00
jvazquez-r7 04bf0b4ab6 Fix forgotten comma 2014-08-04 11:34:12 -05:00
us3r777 cd2e225359 Refactored auxilliary jboss_bshdeployer
Switch modules/auxiliary/admin/http/jboss_bshdeployer.rb to use the
changes.
2014-08-02 11:10:49 +02:00
us3r777 9e9244830a Added spec for lib/msf/http/jboss
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
us3r777 cd2ec0a863 Refactored jboss mixin and modules
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
2014-07-24 22:58:58 +02:00
us3r777 b526fc50f8 Refactored jboss mixin and modules
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
2014-07-22 23:08:42 +02:00
us3r777 ae2cd63391 Refactored Jboss mixin
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
us3r777 088f208c7c Added auxiliary module jboss_bshdeployer
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
William Vu b6ded9813a
Remove EOL whitespace 2014-07-16 14:56:34 -05:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
HD Moore 90eccefcc8 Fix sock.get use and some minor bugs 2014-06-28 16:17:15 -05:00
HD Moore 5e900a9f49 Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse 2014-06-28 16:06:46 -05:00
HD Moore 3868348045 Fix incorrect use of sock.get that leads to indefinite hang 2014-06-28 15:48:58 -05:00
Tod Beardsley 0219c4974a
Release fixups, word choice, refs, etc. 2014-06-23 11:17:00 -05:00
Spencer McIntyre 61f4c769eb
Land #3461, Chromecast factory reset module 2014-06-21 17:43:31 -04:00
William Vu 79bf80e6bf
Add generic error handling
Just in case a factory reset happens to fail.
2014-06-21 15:35:03 -05:00
William Vu 075eec39e1
Add Chromecast factory reset module 2014-06-18 10:04:17 -05:00
j0hnf 1a82a20c09 re-added incorrectly removed SMBSHARE option 2014-06-16 20:10:11 +01:00
William Vu cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key) 2014-06-12 13:41:44 -05:00
Tod Beardsley 1aa029dbed
Avoid double quotes in the initialize/elewhere
There is no need to have double quotes there for uninterpolated strings,
and every other module uses single quotes.
2014-06-12 13:20:59 -05:00
William Vu 6ca5cf6c26
Add Chromecast YouTube remote control 2014-06-11 00:08:08 -05:00
jvazquez-r7 8a9c005f13 Add URL 2014-05-20 17:43:07 -05:00
Tod Beardsley 0ef2e07012
Minor desc and status updates, cosmetic 2014-05-19 08:59:54 -05:00
jvazquez-r7 2012d41b3d Add origin of the user, and mark web users 2014-05-16 13:51:42 -05:00
jvazquez-r7 4143474da9 Add support for web databases 2014-05-16 11:47:01 -05:00
jvazquez-r7 883d2f14b5 delete debug print_status 2014-05-16 11:13:03 -05:00
jvazquez-r7 ea38a2c6e5 Handle ISO-8859-1 special chars 2014-05-16 11:11:58 -05:00
jvazquez-r7 c9465a8922 Rescue when the recovered info is in a format we can't understand 2014-05-16 08:57:59 -05:00
jvazquez-r7 7ec85c9d3a Delete blank lines 2014-05-16 01:03:04 -05:00
jvazquez-r7 9091ce443a Add suport to decode passwords 2014-05-16 00:59:27 -05:00
jvazquez-r7 5b3bb8fb3b Fix @FireFart's review 2014-05-14 09:00:52 -05:00
jvazquez-r7 a7075c7e08 Add module for ZDI-14-077 2014-05-13 14:17:59 -05:00
Christian Mehlmauer 3f3283ba06
Resolved some msftidy warnings (Set-Cookie) 2014-05-12 21:23:30 +02:00
nodeofgithub b80d366bb7 Add filter to output WPA-PSK password on Netgear DG834GT 2014-04-26 15:52:31 +02:00
Tod Beardsley 9035d1523d
Update wol.rb to specify rhost/rport directly
- [ ] Fire up tcpdump on the listening interface
 - [ ] Run the module and see the pcap:

listening on vmnet8, link-type EN10MB (Ethernet), capture size 65535
bytes
20:56:02.592331 IP 192.168.145.1.41547 > 255.255.255.255.9: UDP, length
102
2014-04-14 20:57:20 -05:00
jvazquez-r7 d83f665466 Delete commas 2014-03-25 13:34:02 -05:00
Ramon de C Valle e27adf6366 Fix msftidy warnings 2014-03-25 10:39:40 -03:00
Ramon de C Valle 473f745c3c Add katello_satellite_priv_esc.rb
This module exploits a missing authorization vulnerability in the
"update_roles" action of "users" controller of Katello and Red Hat
Satellite (Katello 1.5.0-14 and earlier) by changing the specified
account to an administrator account.
2014-03-24 23:44:44 -03:00
David Maloney da0c37cee2
Land #2684, Meatballs PSExec refactor 2014-03-14 13:01:20 -05:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
Tod Beardsley de6be50d64
Minor cleanup and finger-wagging about a for loop 2014-03-03 14:12:22 -06:00
jvazquez-r7 bfdefdb338
Land #3023, @m-1-k-3's module for Linksys WRT120N bof reset password 2014-02-26 09:36:14 -06:00
jvazquez-r7 6ba26bf743 Use normalize_uri 2014-02-26 09:35:42 -06:00
jvazquez-r7 582372ec3e Do minor cleanup 2014-02-26 09:32:11 -06:00
Michael Messner b79197b8ab feedback included, cleanup, login check 2014-02-26 13:44:36 +01:00
James Lee d2945b55c1
Fix typo
inside_workspace_boundary() -> inside_workspace_boundary?()
2014-02-24 14:46:08 -06:00
Michael Messner ec8e1e3d6f small fixes 2014-02-21 21:59:45 +01:00
Michael Messner 1384150b7a make msftidy happy 2014-02-21 21:56:46 +01:00
Michael Messner c77fc034da linksys wrt120 admin reset exploit 2014-02-21 21:53:56 +01:00
j0hnf c62fa83a70 msf recommended changes + tweaked exception handling 2014-02-19 22:20:24 +00:00
j0hnf 4b247e2b9f altered check_dir_file.rb so that it can check for the presence of a list of files/directories supplied using file:/ format rather than being limited to just the one file, handy for checking for indicators of compromise 2014-02-16 03:22:11 +00:00
sinn3r 89e1bcc0ca Deprecate modules with date 2013-something
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
sinn3r 7faa41dac0 Change Unknown to Safe because it's just a banner check 2014-01-23 15:36:19 -06:00
sinn3r 81a3b2934e Fix prints 2014-01-23 15:33:24 -06:00
sinn3r 5025736d87 Fix check for modicon_password_recovery 2014-01-19 17:20:20 -06:00
jvazquez-r7 0b1671f1b8 Undo debugging comment 2014-01-14 17:02:30 -06:00
jvazquez-r7 6372ae6121 Save some parsing 2014-01-14 17:00:00 -06:00
Matt Andreko 2d40f936e3 Added some additional creds that were useful 2014-01-13 23:15:51 -05:00
Matt Andreko 42fb8c48d1 Fixed the credential parsing and made output consistent
So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.

The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.
2014-01-13 22:57:25 -05:00
Tod Beardsley 207e9c413d
Add the test info for sercomm_dump_config 2014-01-13 14:27:03 -06:00
Tod Beardsley 671027a126
Pre-release title/desc fixes 2014-01-13 13:57:34 -06:00
jvazquez-r7 95a5d12345 Merge #2835, #2836, #2837, #2838, #2839, #2840, #2841, #2842 into one branch 2014-01-13 10:57:09 -06:00
jvazquez-r7 410302d6d1 Fix indentation 2014-01-09 15:14:52 -06:00
Matt Andreko b1073b3dbb Code Review Feedback
Removed the parameters from get() since it works without them
2014-01-09 15:54:23 -05:00
Matt Andreko 2a0f2acea4 Made fixes from the PR from jvazquez-r7
The get_once would *only* return "MMcS", and stop. I
modified it to be a get(3, 3). Additionally, the command
length was set to 0x01 when it needed to be 0x00.
2014-01-09 15:33:04 -05:00
jvazquez-r7 be6958c965 Clean sercomm_dump_config 2014-01-09 13:42:11 -06:00
Matt Andreko 01c5585d44 Moved auxiliary module to a more appropriate folder 2014-01-09 10:17:26 -05:00
Matt Andreko d9e737c3ab Code Review Feedback
Refactored the configuration settings so that creds could be reported to
the database more easily, while still being able to print general
configuration settings separately.
2014-01-09 10:14:34 -05:00
Matt Andreko 81adff2bff Code Review Feedback
Changed datastore['rhost'] to rhost
Made the array storing configuration values into a class const
Moved superfluous array look-over to not be executed unless in verbose
mode
2014-01-09 09:19:13 -05:00
Niel Nielsen 1479ef3903 Update typo3_winstaller_default_enc_keys.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:08:10 +01:00
Matt Andreko c5a3a0b5b7 Cleanup 2014-01-02 20:44:18 -05:00
Matt Andreko 6effdd42fa Added module to enumerate certain Sercomm devices through backdoor
See more: https://github.com/elvanderb/TCP-32764
2014-01-02 20:42:42 -05:00
jvazquez-r7 7f9f4ba4db Make gsubs compliant with the new indentation standard 2013-12-31 11:06:53 -06:00
jvazquez-r7 0eac17083a Clean cfme_manageiq_evm_pass_reset 2013-12-18 16:16:32 -06:00
Ramon de C Valle b9a9b90088 Update module to use added bcrypt gem 2013-12-18 16:15:35 -02:00
Ramon de C Valle e20569181b Remove EzCrypto-related code as per review 2013-12-18 16:15:22 -02:00
Ramon de C Valle ef081cec49 Add missing disclosure date as per review 2013-12-18 15:47:23 -02:00
Ramon de C Valle 37826688ce Add cfme_manageiq_evm_pass_reset.rb
This module exploits a SQL injection vulnerability in the "explorer"
action of "miq_policy" controller of the Red Hat CloudForms Management
Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier)
by changing the password of the target account to the specified
password.
2013-12-09 16:49:07 -02:00
sinn3r 230db6451b Remove @peer for modules that use HttpClient
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
Tod Beardsley 55847ce074
Fixup for release
Notably, adds a description for the module landed in #2709.
2013-12-02 16:19:05 -06:00
sinn3r 20e0a7dcfb
Land #2709 - ZyXEL GS1510-16 Password Extractor 2013-12-02 13:13:01 -06:00
Sven Vetsch / Disenchant 39fbb59ba9 re-added the reference I accidentally deleted 2013-12-02 19:06:19 +01:00
Sven Vetsch / Disenchant cb98d68e47 added @wchen-r7's code to store the password into the database 2013-12-02 18:35:59 +01:00
Sven Vetsch / Disenchant 8e73023baa and now in the correct data structure 2013-12-01 17:38:35 +01:00
Sven Vetsch / Disenchant ef77b7fbbf added reference as requested at https://github.com/rapid7/metasploit-framework/pull/2709 2013-12-01 17:36:15 +01:00
Sven Vetsch / Disenchant aa62800184 added ZyXEL GS1510-16 Password Extractor 2013-11-29 10:42:17 +01:00