Commit Graph

12837 Commits (4c7219392239556e4e635c7ea1ad5194ee85440c)

Author SHA1 Message Date
James Lee 3ca440089e Add checks for .NET requisites
Also standardizes print_status format to look nicer with lots of cilents
2012-04-09 01:23:44 -06:00
James Lee a6b106e867 Remove autopwn support for enjoysapgui_comp_download
No automatic targeting, the payload doesn't execute immediately, and
requires the browser be running as Admin. Bascially just not a great
candidate for being run automatically.
2012-04-09 01:05:37 -06:00
James Lee 409ba3139b Add bap checks for blackice exploit 2012-04-09 00:50:04 -06:00
sinn3r 5fefb47b7f Some cosmetic changes 2012-04-09 01:43:20 -05:00
sinn3r 95dbb8a818 Merge branch 'snort-dce-rpc' of https://github.com/carmaa/metasploit-framework into carmaa-snort-dce-rpc 2012-04-09 00:17:44 -05:00
James Lee da1cb2b81d ActiveX controls require IE 2012-04-08 22:07:09 -06:00
sinn3r 9cec9639c7 Add an aux module to brute force Dolibarr's login interface 2012-04-08 18:16:38 -05:00
James Lee f520af036f Move next_exploit() onto window object so it's accessible everywhere
I swear I committed this before, not sure what happened.
2012-04-08 17:11:15 -06:00
James Lee b58a87b7a8 Skip ::1 as well as 127.0.0.1 for session_host
Thanks rsmudge for pointing this out.

[Fixes #6599]
2012-04-08 14:58:39 -06:00
Carsten Maartmann-Moe ce0de02a2a Modified for 8-space tabs 2012-04-08 16:09:28 -04:00
Carsten Maartmann-Moe 89c1894e07 Minor formatting changes, tabs etc. and comments for clarity 2012-04-08 15:45:23 -04:00
sinn3r 51bdfe14fd 2012, not 2011, oops 2012-04-08 13:21:37 -05:00
sinn3r 24478e9eb5 Add Dolibarr ERP & CRM Command Injection Exploit 2012-04-08 13:20:22 -05:00
James Lee 9ae9509cfe More fingerprints from browsershots 2012-04-08 11:12:32 -06:00
sinn3r c6162bbe08 I've changed my mind. Default to "/" anyway even if it's nil. 2012-04-07 19:47:28 -05:00
sinn3r cfb34739f9 Actually, let's default to "/" only if the TARGETURI option is empty. If it's nil, we prefer to throw the exception at the user. 2012-04-07 19:44:34 -05:00
sinn3r 9a229dfcff Make target_uri default to "/" in case the TARGETURI option is nil or empty 2012-04-07 19:43:19 -05:00
sinn3r 05eba0ab4c Cosmetic changes, mostly :-) 2012-04-07 14:47:23 -05:00
sinn3r 00ff2e3dc1 Merge branch 'CVE-2012-1195_thinkmanagement' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2012-1195_thinkmanagement 2012-04-07 14:41:19 -05:00
juan 938d5d0a75 added references for cve-2012-1196 2012-04-07 20:22:59 +02:00
juan ee7bce5995 deletion of the ASP script 2012-04-07 20:19:45 +02:00
Tod Beardsley dfe2bbc958 Use rport for modicon_password recovery, not 21. 2012-04-07 13:03:43 -05:00
juan 8761d39190 exploit module added for CVE-2012-1195 2012-04-07 19:04:17 +02:00
andurin 9201840d65 Fix broken nessus_safe
Kudohs to 'freaky clown' for the initial patch
IssueID #6597
2012-04-07 10:20:55 +02:00
Carsten Maartmann-Moe b2e0acd92a Tidied up the exploit 2012-04-06 20:41:54 -04:00
James Lee bac6bcd6f1 More fingerprints from browsershots 2012-04-06 18:41:14 -06:00
James Lee 31e3eb7d91 Merge branch 'rapid7' into bap-refactor 2012-04-06 18:12:49 -06:00
James Lee bb4e37b7aa Add a few fingerprints. Thanks browsershots.org! 2012-04-06 18:09:19 -06:00
andurin 4e955e5870 replace spaces with tabs 2012-04-06 10:45:10 -05:00
andurin 67e6c7b850 tomcat_mgr_deploy may report successful creds
Using following code for 'check' as 'exploit':
               report_auth_info(
                       :host   => rhost,
                       :port   => rport,
                       :sname  => (ssl ? "https" : "http"),
                       :user   => datastore['BasicAuthUser'],
                       :pass   => datastore['BasicAuthPass'],
                       :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
                       :active => true
               )

Resulting in:

Credentials
===========

host           port  user    pass    type      active?
----           ----  ----    ----    ----      -------
192.168.x.xxx  8080  tomcat  s3cret  password  true
2012-04-06 10:45:10 -05:00
Tod Beardsley 461352f24f Don't need to require net/ftp anymore
Nothing actually used it anyway.
2012-04-06 10:35:28 -05:00
andurin 274404716f Show vuln.info on db_vuln command
IssueID #5837
2012-04-06 14:47:36 +02:00
sinn3r 56b10d4d23 Merge branch 'CVE-2012-0270_csound_getnum_bof' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2012-0270_csound_getnum_bof 2012-04-06 02:28:26 -05:00
sinn3r 68c81e3ae0 Add OSVDB-80661 TRENDnet SecurView ActiveX BoF 2012-04-06 02:26:04 -05:00
Carsten Maartmann-Moe b184a6dc5c Exploit for Snort CVE-2006-5276 on Windows 2012-04-05 19:46:56 -04:00
Tod Beardsley 9c8e6ac9da Ruby 1.8 compat for the SCADA modules.
But really, you should be using Ruby 1.9 by now.
2012-04-05 17:05:03 -05:00
Tod Beardsley 14e3cd75dc Revert "tomcat_mgr_deploy may report successful creds"
This reverts commit 937f8f035a.
2012-04-05 16:17:06 -05:00
juan 5c6856539e .idea dir deleted 2012-04-05 22:46:43 +02:00
juan 955de5a68c comment fixed 2012-04-05 22:46:13 +02:00
juan c5f73d3d7a added module for CVE-2012-0270_csound_getnum_bof 2012-04-05 22:35:42 +02:00
HD Moore 0f7b08781f Fix regular expression match number 2012-04-05 12:55:54 -05:00
James Lee 585245501a Print an error when trying to open a dir as a file
Prevents unnecessary stack traces
2012-04-05 11:49:03 -06:00
James Lee 0c3f1aab77 Tell the user what actually went wrong when migrate.rb fails 2012-04-05 11:49:03 -06:00
sinn3r 03543560b3 Merge pull request #308 from aczid/wmap_autotest_rc_targeting
Also adding wmap targets by ip
2012-04-05 10:41:47 -07:00
Tod Beardsley 14d9953634 Adding DigitalBond SCADA modules 2012-04-05 12:35:48 -05:00
James Lee 2c992c976d Cut session info at 80 columns
Prevents a long "id" line from destroying the layout
2012-04-05 11:07:42 -06:00
Aram Verstegen b54d786374 Also adding wmap targets by ip in case no websites/vhosts were discovered prior to running the script 2012-04-05 18:20:46 +02:00
Tod Beardsley eb39b5f6aa Msftidy on netop 2012-04-05 10:33:57 -05:00
sinn3r 8628991b1d Merge pull request #305 from jlee-r7/bap-refactor
Bap refactor
2012-04-05 08:02:43 -07:00
sinn3r 57b8279c36 Merge pull request #306 from andurin/small_fixes
tomcat_mgr_deploy may report successful creds
2012-04-05 08:00:58 -07:00