19a6f310cd
Land #1927 - Add common passwords from xato.net
2013-06-07 15:24:09 -05:00
dc680e7106
Underscores because the rest are.
2013-06-07 15:16:39 -05:00
aefcc51704
Land #1924 - Java pwn2own 2013: java_jre17_driver_manager (CVE-2013-1488)
2013-06-07 15:12:09 -05:00
0265dd8860
Add common passwords from xato.net
...
Mark Burnett publishes lists of top passwords occasionally. This PR adds
the top 500 and top 1024 passwords, as of 2011-06-20, linked from this
blog post:
http://xato.net/passwords/more-top-worst-passwords/
He also does a fair bit of frequency analysis there.
The 1024 list, should probably used instead of the original
unix_password.txt file. unix_password.txt was added on 2010 from an
unknown source (and since edited occasionally to add known good default
passwords). Pulling those changes into this list probably would be
helpful to guess better.
As far as I can tell, there are no special licensing terms for these
lists.
2013-06-07 15:10:14 -05:00
1ca8fd2cf1
Update sevone_enum.rb
...
Updated as per initial review comments.
2013-06-08 01:14:43 +05:30
eb0ae6ed27
Update rfcode_reader_enum.rb
...
Updated as per review comments
2013-06-08 01:00:18 +05:30
6aa7c74fdd
make anemone also rspect domain
2013-06-07 14:24:14 -05:00
79bfdf3ca6
Add comment to explain the applet delivery methods
2013-06-07 14:20:21 -05:00
b8ba0f27ee
Land #1738 - Bug/spec 2.0 compat
2013-06-07 13:58:50 -05:00
2bb0bd504c
Makign changes recommended in redmine 7945 to fix SNMP enum module failing to catch some fail cases
2013-06-07 13:55:59 -05:00
641fd3c6ce
Add also the msf module
2013-06-07 13:39:19 -05:00
7090d4609b
Add module for CVE-2013-1488
2013-06-07 13:38:41 -05:00
5955397882
Use a more descriptive subject
...
Also removes the unnecessary (and now broken in 2.0) checks for
respond_to? on accessors.
2013-06-07 13:27:40 -05:00
0f2ea755c5
Add encoding comment to spec files for 2.0 compat
2013-06-07 13:27:39 -05:00
6b8e6b3f0c
Create rfcode_reader_enum.rb
...
Adding new aux - RFCode Reader Web interface Login Brute Force & Config Capture Utility
2013-06-07 23:53:09 +05:30
fcc600aa3e
Create sevone_enum.rb
...
Adding new aux - SevOne Network Performance Management System application version enumeration and brute force login Utility
2013-06-07 23:39:22 +05:30
78b2a0a2ac
add domain support to web spider
2013-06-07 12:41:20 -05:00
a157e65802
Land #1916 , @wchen-r7's exploit for Synactics PDF
2013-06-07 12:11:45 -05:00
ea2895ac13
Change to AverageRanking
...
Just to play with the firing order for Browser Autopwn, this one
should fire as late as possible.
2013-06-07 12:08:51 -05:00
9c7b446532
Updates description about default browser setting
2013-06-07 11:58:31 -05:00
0302437c2b
Land #1915 , smtp user enumeration enhancements
2013-06-07 11:42:41 -05:00
f3421f2c3a
Fix different landings
2013-06-07 10:26:04 -05:00
4edceea27b
Land #1919 , update js_property_spray documentation
2013-06-07 08:31:57 -05:00
2a6225cb3f
Land #1918 , change s.message to s.message.to_i
2013-06-07 08:19:49 -05:00
8e2de6d14f
Updates js_property_spray documentation
...
After many tests, it turns out address 0x0c0d2020 is the most
consistent location acorss various IE versions. For dev purposes,
it's rather important to have this documented somewhere.
Thanks to corelanc0d3r for the data.
2013-06-07 00:28:22 -05:00
da4b18c6a1
[FixRM:#8012] - Fix message data type to int
...
This patch makes sure s.message is actually an int, that way we can
properly stop or enable the service.
2013-06-06 23:49:14 -05:00
e559824dc8
Remove whitespace
2013-06-06 20:08:50 -05:00
d3e57ffc46
Add OSVDB-93754: Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow
...
This module exploits a vulnerability found in Synactis' PDF In-The-Box ActiveX
component, specifically PDF_IN_1.ocx. When a long string of data is given
to the ConnectToSynactis function, which is meant to be used for the ldCmdLine
argument of a WinExec call, a strcpy routine can end up overwriting a TRegistry
class pointer saved on the stack, and results in arbitrary code execution under the
context of the user.
2013-06-06 20:05:08 -05:00
8cf5b548c3
make recommended changes
2013-06-06 14:23:25 -05:00
067899341e
fix a number of issues with the existing module (slowness, false positives, false negatives, stack traces, enumering unix users on windows systems, etc)
2013-06-06 13:26:04 -05:00
ec52795182
Clean for miniupnp_dos.rb
2013-06-06 11:19:26 -05:00
b34c3fbbc1
Land #1914 , OSVDB and EDB references for Openfiler
2013-06-05 20:05:44 -05:00
4d26299de3
add osvdb ref 93881 and edb ref 21191
2013-06-05 18:57:33 -05:00
9466022194
Land #1847 - Add sorting functionality to notes command
2013-06-05 12:17:54 -05:00
026c658260
Comply with the case-sensitive rule
2013-06-05 12:16:38 -05:00
1596fb478a
Land #1886 , awk bind shell
2013-06-05 09:05:37 -05:00
8ffa4ac9ac
Land #1885 , awk reverse shell
2013-06-05 09:04:49 -05:00
f6977c41c3
Modifications done in each PR.
2013-06-05 07:55:05 -03:00
b20401ca8c
Modifications done in each PR.
2013-06-05 07:51:10 -03:00
6d3dcf0cef
Land #1912 - Fixed check for Admins SID in whoami /group output
2013-06-05 02:55:38 -05:00
a3b25fd7c9
Land #1909 - Novell Zenworks Mobile Device Managment exploit & auxiliary
2013-06-05 02:45:45 -05:00
307773b6a1
Extra space - die!
2013-06-05 02:44:56 -05:00
0c1d46c465
Add more references
2013-06-05 02:43:43 -05:00
46aa6d38f8
Add a check for it
2013-06-05 02:41:03 -05:00
a270d37306
Take apart the version detection code
2013-06-05 02:34:35 -05:00
25fe03b981
People like this format better: IP:PORT - Message
2013-06-05 02:26:18 -05:00
02e29fff66
Make msftidy happy
2013-06-05 02:25:08 -05:00
35459f2657
Small name change, don't mind me
2013-06-05 02:18:11 -05:00
227fa4d779
Homie needs a default target
2013-06-05 02:16:59 -05:00
5d90c6cd71
Make msftidy happy
2013-06-05 02:11:23 -05:00
sinn3r
Tod Beardsley
Karn Ganeshen
David Maloney
jvazquez-r7
Thomas Ring
James Lee
William Vu
Steve Tornio
Roberto Soares Espreto