Commit Graph

77 Commits (4aeb7541124105949fff9bbed620966e2e7ae968)

Author SHA1 Message Date
kaospunk 533643fe2c Host Information Enumeration via NTLM Authentication
This aux module makes requests to resources on the target server in
an attempt to find resources which permit NTLM authentication. For
resources which permit NTLM authentication a blank NTLM type 1 message
is sent to enumerate a a type 2 message from the target server. The type
2 message is then parsed for information such as the Active Directory
domain and NetBIOS name.

The user can provide their own TARGETURIS file which contains URIs
to request to attempt to get a 401 with NTLM. This PR also includes
a list of URLs that can be used as the default.
2013-09-04 21:39:02 -04:00
HD Moore 1e21f0e2aa Updated output formats, top 1000 passwords 2013-06-29 22:01:25 -05:00
HD Moore f0db04c2a6 Updates to common password db 2013-06-28 10:47:14 -05:00
HD Moore 722d33e8fa Updated common password list 2013-06-23 13:15:31 -05:00
HD Moore d9737ec03a Updated common passwords 2013-06-23 01:52:18 -05:00
HD Moore c869112407 Cleanup, reporting, and automatic cracking 2013-06-23 01:35:31 -05:00
HD Moore 5656e0cb7a Initial commit of IPMI library, scanner, & cracker 2013-06-22 23:38:28 -05:00
Tod Beardsley dc680e7106 Underscores because the rest are. 2013-06-07 15:16:39 -05:00
Tod Beardsley 0265dd8860 Add common passwords from xato.net
Mark Burnett publishes lists of top passwords occasionally. This PR adds
the top 500 and top 1024 passwords, as of 2011-06-20, linked from this
blog post:

http://xato.net/passwords/more-top-worst-passwords/

He also does a fair bit of frequency analysis there.

The 1024 list, should probably used instead of the original
unix_password.txt file. unix_password.txt  was added on 2010 from an
unknown source (and since edited occasionally to add known good default
passwords). Pulling those changes into this list probably would be
helpful to guess better.

As far as I can tell, there are no special licensing terms for these
lists.
2013-06-07 15:10:14 -05:00
sinn3r 5504c58b11 Add dlink pass for #1648 2013-03-25 13:25:19 -05:00
m-1-k-3 36d1746c0d linksys traversal module - initial commit 2013-03-23 17:01:02 +01:00
Tod Beardsley dd9002fcab Merges ChrisJohnRiley's new password
Lands https://github.com/rapid7/metasploit-framework/pull/1521

Closes #1521

(Forgive the oververbose commit message, experimenting with various
syntax hilighters)
2013-02-25 08:39:27 -06:00
Chris John Riley 28fd92a013 Added new default password foe TMSADM
Based on: http://blog.ptsecurity.com/2013/02/sap-unknown-default-password-for-tmsadm.html
2013-02-25 09:00:57 +01:00
sinn3r bc03247386 Merge branch 'sap_url_update' of github.com:ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-sap_url_update 2013-02-19 15:08:26 -06:00
jvazquez-r7 9af43bc05c newline to sap_default.txt 2013-02-18 15:58:29 +01:00
Chris John Riley 6519444112 Addition defaults 2013-02-15 13:35:25 +01:00
Chris John Riley 5df03f790b Remove end of line spaces and rerun uniq 2013-02-15 13:31:35 +01:00
Chris John Riley fb7d0159c3 Further URLs 2013-02-15 13:26:44 +01:00
Chris John Riley 21366dd4df Updated SAP URL list to include further known URLs 2013-02-15 13:20:23 +01:00
f8lerror bf2b01f8ef Delete a file and strip space 2013-01-24 09:30:04 -05:00
f8lerror 6e94c04a52 Code Corrections and Enhancements 2013-01-23 20:26:23 -05:00
f8lerror 0b61d28e0e added Joomla scanner and url wordlist 2013-01-17 11:36:59 -05:00
Sam Gaudet 7d1716b79f Turnkey Linux default password 2013-01-08 22:47:53 -05:00
nmonkee f521e70bee wordlists to accompany sap_soap_rfc_brute_login.rb 2012-11-07 10:46:36 +00:00
Cristiano Maruti 75f5e24178 Dell iDrac login aux scanner 2012-09-27 01:33:11 -05:00
Patrick Webster be63aad0d1 Added Windows wordlist. 2012-08-29 10:51:09 +10:00
jcran 0a6e0b2415 raspberry pi username / password 2012-08-15 01:55:40 -05:00
jcran 8d3ad94f3a enhanced tftp.txt bruteforce list 2012-07-05 22:54:22 -04:00
HD Moore e8af6882eb Permissions 2012-06-06 20:05:29 -05:00
Tod Beardsley 64270ea7c2 Adding default user/pass for CCTV module
User/pass combos that come from manuals and independant research.
2012-05-15 08:14:28 -05:00
andurin 175d6650a9 Added new pass for tomcat
Have seen this in the wild as a example users.xml
2012-04-05 11:18:41 +02:00
sinn3r debbba9623 Add OSVDB-55938: D-Link DAP1353 Default Password for SSH admin 2012-02-26 01:20:16 -06:00
sinn3r 91f56b0fd5 Add default password for CVE-2009-3710 2012-02-26 01:18:08 -06:00
sinn3r bb5e4a1600 Modules don't need to register VERBOSE, because it's already there 2012-02-17 21:07:44 -06:00
HD Moore 3ed8643dbc Permission changes 2012-01-31 00:33:21 -06:00
sinn3r df57529b9c Add CMS400 wordlist (for feature #6301) 2012-01-30 10:40:23 -06:00
David Maloney ba86e8a04f Added PROPFIND support to http_login
This allows http_login to test against WebDAV.
Also added XAMPP default usernames and passwords to default wordlists
2012-01-05 12:10:53 -08:00
sinn3r c122ec34bc Add default SSH credential for Op5 system CenOS VM image 2012-01-03 15:13:35 -06:00
HD Moore 96766edfd0 Permission changes (to sync) 2011-11-10 19:48:32 -06:00
Wei Chen e03be02298 paths for module sap_icm_urlscan
git-svn-id: file:///home/svn/framework3/trunk@14025 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-22 08:41:14 +00:00
David Rude 3e30fb3d90 Add wordlist for tomcat module
git-svn-id: file:///home/svn/framework3/trunk@13655 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-29 03:14:04 +00:00
Tod Beardsley 5e715c22db Final touchup on Oracle login scanner -- adds a pile of defaults from the existing CSV wordlist.
git-svn-id: file:///home/svn/framework3/trunk@11967 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-15 21:16:18 +00:00
David Rude 37e9ad1ed4 Added SAP Management Console auxiliary scanner modules
git-svn-id: file:///home/svn/framework3/trunk@11858 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-02 10:18:31 +00:00
HD Moore cff22d7a56 Consistency change to make snmp act like other login modules
git-svn-id: file:///home/svn/framework3/trunk@11303 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-12 07:27:35 +00:00
Joshua Drake 99b2bdd8d7 remove silly users, the -f bug is for actual username not FROMUSER, *facepalm*
git-svn-id: file:///home/svn/framework3/trunk@11167 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 00:18:24 +00:00
Joshua Drake b56e7852e9 add rservices default FROMUSERS_FILE, go -froot!
git-svn-id: file:///home/svn/framework3/trunk@11141 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-25 06:02:24 +00:00
Joshua Drake 77bc5cf6cd Big VNC update:
* Created Rex::Proto::RFB
 * Updated vnc_none_auth scanner to use Rex::Proto::RFB::Client
 * Added vnc_login (refactored from carstein)
 * Created an initial vnc_passwords.txt file
 * Removed cipher/des.rb - incompatible license
 * Updated getvncpw script to use new Rex::Proto::RFB::Cipher.decrypt




git-svn-id: file:///home/svn/framework3/trunk@11033 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-14 03:37:45 +00:00
Joshua Drake cf7cc156a2 add xampp default user/pass
git-svn-id: file:///home/svn/framework3/trunk@10936 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-06 23:50:12 +00:00
Joshua Drake 4c9c175602 add default user/pass for ZDI-10-214
git-svn-id: file:///home/svn/framework3/trunk@10746 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 14:26:08 +00:00
HD Moore a447149907 Add the script to generate the VxWorks master password list. Add the script to scan a memory image looking for a known password hash. Add two sorted dictionaries of the first 20k collided values (covers most typeable passwords). One dictionary is a straight wordlist, the other is used by vxdigger.rb. The full master password list can be generated with vxmaster.rb
git-svn-id: file:///home/svn/framework3/trunk@10220 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-02 14:55:34 +00:00