Commit Graph

447 Commits (4cdbabdde77c6058bc565e6d2d4f5066e8947440)

Author SHA1 Message Date
jvazquez-r7 a611fff7bf
Use Rex::ThreadSafe.select on CVE-2015-1793 2015-08-08 07:43:39 -07:00
jvazquez-r7 c8ba5bb90c
Land #5513, @rcvalle's exploit for incomplete internal state distinction in JSSE 2015-08-08 07:41:53 -07:00
jvazquez-r7 2707b3b402
Use Rex::ThreadSafe.select 2015-08-08 07:40:19 -07:00
jvazquez-r7 a0eef3880a
Initialize version local variable 2015-08-08 07:35:37 -07:00
jvazquez-r7 bb74b6fecb
Fix data reading 2015-08-08 07:18:01 -07:00
jvazquez-r7 6fe7672732
Improve Rex sockets usage 2015-08-07 00:11:58 -07:00
jvazquez-r7 18636e3b9b
Land #5739, @wchen-r7 fixes #5738 updating L/URI HOST/PORT options 2015-07-24 15:45:31 -05:00
jvazquez-r7 ec7bf606c6
Land #5735, @rcvalle's for CVE-2015-1793 OpenSSL mitm 2015-07-24 14:38:27 -05:00
jvazquez-r7 45b4334006
Use Rex::Socket::SslTcpServer
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
Tod Beardsley f94fe3cefd
More correct URL, not just a bare wiki link
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
2015-07-20 16:23:29 -05:00
jvazquez-r7 454dd59da8
Add vuln discoverers 2015-07-17 13:37:30 -05:00
Ramon de C Valle 449c751521 Add missing info 2015-07-16 09:36:18 -07:00
wchen-r7 8d0e34dbc0 Resolve #5738, make the LHOST option visible
Resolve #5738
2015-07-16 11:00:15 -05:00
Ramon de C Valle 5d6c15a43d Add openssl_altchainsforgery_mitm_proxy.rb
This module exploits a logic error in OpenSSL by impersonating the
server and sending a specially-crafted chain of certificates, resulting
in certain checks on untrusted certificates to be bypassed on the
client, allowing it to use a valid leaf certificate as a CA certificate
to sign a fake certificate. The SSL/TLS session is then proxied to the
server allowing the session to continue normally and application data
transmitted between the peers to be saved. This module requires an
active man-in-the-middle attack.
2015-07-15 22:36:29 -07:00
wchen-r7 4f8f640189 Rename autopwnv2 to just autopwn2 2015-07-14 17:38:51 -05:00
wchen-r7 8384be6466 Fix rand_text_alpha and bump max exploit count to 21 2015-07-14 01:02:01 -05:00
wchen-r7 9a1500ee96 Change module name a little bit, makes it easier to find in GUI 2015-07-06 22:31:07 -05:00
wchen-r7 4a70e23f9a Add ExploitReloadTimeout datastore option
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
HD Moore d2063c92e1 Refactor datastore names to match standards 2015-07-05 18:21:45 -05:00
HD Moore 43d47ad83e Port BAPv2 to Auxiliary 2015-07-02 15:29:24 -05:00
Ramon de C Valle 7bda1e494b Use Rex::Socket::Tcp 2015-06-21 13:40:31 -07:00
Ramon de C Valle 7f55f6631c Remove the timeout option 2015-06-20 20:14:47 -07:00
Ramon de C Valle 01e87282a9 Use Msf::ThreadManager#spawn 2015-06-20 18:48:10 -07:00
Ramon de C Valle dabc7abae5 Change method names to lowercase 2015-06-20 18:23:34 -07:00
root fcf6212d2f Update telnet capture module to use the new creds API 2015-06-16 16:37:36 +05:00
Ramon de C Valle a48d79a2e7 Add jsse_skiptls_mitm_proxy.rb
This module exploits an incomplete internal state distinction in Java
Secure Socket Extension (JSSE) by impersonating the server and finishing
the handshake before the peers have authenticated themselves and
instantiated negotiated security parameters, resulting in a plaintext
SSL/TLS session with the client. This plaintext SSL/TLS session is then
proxied to the server using a second SSL/TLS session from the proxy to
the server (or an alternate fake server) allowing the session to
continue normally and plaintext application data transmitted between the
peers to be saved. This module requires an active man-in-the-middle
attack.
2015-06-08 19:41:17 -07:00
jvazquez-r7 55c07b1bdd
Report credentials with create_credential_login 2015-05-19 00:14:55 -05:00
jvazquez-r7 3db0e12b67
Modify autopwn comment 2015-04-21 14:19:15 -05:00
jvazquez-r7 ab94f15a60
Take care of modules using the 'DEBUG' option 2015-04-21 12:13:40 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
Christian Mehlmauer 2b9fd93729
remove deprecated modules 2015-04-16 22:49:22 +02:00
root 4bd40fed7f yard doc and comment corrections for auxiliary 2015-04-03 16:12:23 +05:00
jvazquez-r7 0158e94a18 Fix mixin usage 2015-02-13 17:18:51 -06:00
jvazquez-r7 0372b08d83 Fix mixin usage on modules 2015-02-13 17:17:59 -06:00
jvazquez-r7 3ae3d56caa
Land #4745, fixes #4711, BrowserAutoPwn failing due to getpeername 2015-02-12 16:51:09 -06:00
sinn3r 05d2703a98 Explain why obfuscation is disabled 2015-02-12 14:00:01 -06:00
sinn3r 50c72125a4 ::Errno::EINVAL, disable obfuscation, revoke ms14-064 2015-02-12 11:54:01 -06:00
Tod Beardsley 02fe57e2a1
Bump out to April, 60ish days 2015-02-11 12:56:37 -06:00
William Vu 58b6b7519a Deprecate server/pxexploit
modules/auxiliary/server/pxeexploit.rb
2015-02-11 12:38:38 -06:00
William Vu 9e717084af Fix server/pxexploit datastore 2015-02-11 12:19:39 -06:00
James Lee 488847cecc
Split smb_cmd_session_setup into with/without esn
Extended Security Negotiation
2015-01-16 07:05:10 -06:00
James Lee 6b6a7e81c9
Style fixes 2015-01-16 06:39:21 -06:00
James Lee 273ba54a21
Fix server/capture/smb to use create_credential 2015-01-15 22:39:11 -06:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Jon Hart 52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT 2014-12-04 13:26:16 -08:00
Jon Hart 6bd56ac225
Update any modules that deregistered NETMASK 2014-12-04 13:22:06 -08:00
Jon Hart 684975a315 Use correct target address for fake As 2014-11-19 08:28:56 -08:00
Jon Hart 3777e78a85 Sanitize creation of target host. Return minimal for SRV 2014-11-19 08:28:56 -08:00
Jon Hart 52e004d8ab Use less conflicting name for SRV record port 2014-11-19 08:28:56 -08:00
Jon Hart ee90e4353b Add more consistent logging for fakedns types that support fake vs bypass 2014-11-19 08:28:55 -08:00