sinn3r
e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner
2014-10-28 01:45:57 -05:00
Jon Hart
b8c9ef96ca
Land #4003 , @nstarke's Login Scanner for WD MyBook Live NAS
2014-10-27 09:57:43 -07:00
Jon Hart
83df08aaa7
Properly encode body and catch invalid configs
2014-10-22 22:43:06 -07:00
Jon Hart
ce8a9941ea
Cleanup. Sanity check in setup. vprint
2014-10-22 10:36:24 -07:00
nstarke
ee3dd3a2ac
More Fixes for WD MyBook Live Scanner
...
Fixes include removing deregistered options
from credentials collection object and adding proof
when there is no response
2014-10-22 03:06:21 +00:00
sinn3r
79d393c5aa
Resolve merge conflicts
...
Conflicts:
lib/msf/core/exploit/smb.rb
lib/msf/core/exploit/tcp.rb
modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
nstarke
82b74d5f3c
Fixes to MyBook Live Module
...
This commit contains three fixes as requested on PR
#4003 . Those include:
+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
nstarke
70b13819d9
Adding Login Scanner for MyBook Live
...
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
jvazquez-r7
d6f4c02c2a
Land #3979 , @wchen-r7 fixes #3976 , http_login not using TARGETURI, neither uri normalization
2014-10-20 18:10:57 -05:00
jvazquez-r7
74ac16081f
Land #3981 , @wchen-r7 Fixes #3974 , axis_login.rb does not normalize URI
2014-10-20 17:51:13 -05:00
Jon Hart
2985b39267
Land #3980 , @wchen-r7 fixed #3975
2014-10-19 17:11:06 -07:00
William Vu
10f3969079
Land #4043 , s/http/http:/ splat
...
What is a splat?
2014-10-17 13:41:07 -05:00
William Vu
367ea5d3db
Add disclosure date
2014-10-17 12:35:28 -05:00
Tod Beardsley
ccdaf2b576
Fix the banner
...
Turns out these will be broken in outstanding PRs for a while. At least
they won't be merge conflicts.
2014-10-17 12:23:23 -05:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley
ad501b25e4
Filename move to be less redundant
2014-10-17 11:25:14 -05:00
James Lee
40b360555f
Make the error message a little more useful
2014-10-16 12:47:13 -05:00
Tod Beardsley
8cf10be779
Don't assume SSLv3 is set (kill FP+s)
2014-10-16 10:43:58 -05:00
Tod Beardsley
0b67efd51e
Add a POODLE scanner and general SSL version scan
2014-10-16 10:27:37 -05:00
James Lee
41a57b7ba5
Re-enable proxies for HTTP-based login scanners
2014-10-15 17:00:44 -05:00
Tod Beardsley
592f1e9893
Land #3999 , errors on login suppressed by default
...
This also solved the merge conflict on:
modules/auxiliary/scanner/http/jenkins_login.rb
Fixes #3995 .
2014-10-14 16:35:09 -05:00
Tod Beardsley
56534e7ad3
Changed a login failed to vprint instead of print
...
People often like to supress failed attempts. Note that this change may
or may not have any effect, given the status of #3995 .
This module was introduced in PR #3947 .
2014-10-14 12:01:09 -05:00
sinn3r
9500038695
Fix #3995 - Make negative messages less verbose
...
As an user testing against a large network, I only want to see
good news, not bad news.
2014-10-11 11:11:09 -05:00
sinn3r
260aa8dc22
Fix #3984 - Fix broken check for drupal_views_user_enum
2014-10-10 10:23:20 -05:00
nstarke
472985a8a8
Adding Buffalo Linkstation NAS Login Scanner
...
I have added a login scanner for the Buffalo Linkstation
NAS. I have been testing against version 1.68 of the
firmware. Also included are some specs for this module.
2014-10-10 03:16:48 +00:00
sinn3r
7d8eadada6
Fix #3974 - Validate and normalize URI for axis_login
2014-10-09 14:33:39 -05:00
sinn3r
c9c34beafa
Fix #3975 - Register TARGETURI, not URI
...
The module should register TARGETURI and call #target_uri for
URI validation.
2014-10-09 14:10:29 -05:00
sinn3r
d366cdcd6e
Fix #3976 - validate and normalize user-supplied URI for http_login.rb
...
URI should be validated and normalized before being used in an HTTP
request.
2014-10-09 12:14:33 -05:00
Spencer McIntyre
a535d236f6
Land #3947 , login scanner for jenkins by @nstarke
2014-10-09 12:59:02 -04:00
Spencer McIntyre
6ea530988e
Apply rubocop changes and remove multiline print
2014-10-09 12:57:39 -04:00
sinn3r
df0d4f9fb2
Fix #3973 - Unneeded datastore option URI
...
When Glassfish is installed, the web root is always /, so there is
no point to make this arbitrary.
2014-10-09 00:06:15 -05:00
nstarke
328be3cf34
Fine Tuning Jenkins Login Module
...
At the request of the maintainers, I have deregistered the
RHOST option and made the failure proof a verbose only
print.
2014-10-08 17:53:21 -05:00
nstarke
e1b0ba5d3d
Removing 'require pry'
...
I accidentally left a reference to pry in my code.
Removing
2014-10-06 21:40:39 -05:00
nstarke
b8c2643d56
Converting Module to LoginScanner w/ Specs
...
The previous commits for this Jenkins CI module relied on an
obsolete pattern. Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
sinn3r
d3354d01f0
Fix #3808 - NoMethodError undefined method `map'
...
NoMethodError undefined method `map' due to an incorrect use of
load_password_vars
2014-10-06 15:42:51 -05:00
nstarke
69400cf280
Fixing Author Declaration
...
I had accidentally listed myself three times as the author.
Fixing that issue so that I am only declaring myself once.
2014-10-05 23:17:28 -05:00
nstarke
c0a3691817
Adding Jenkins-CI Login Scanner
...
Per Github issue #3871 (RM8774), I have added a
login scanner module for Jenkins-CI installations.
2014-10-05 22:08:34 -05:00
James Lee
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
William Vu
51bc5f52c1
Add CVE-2014-6278 support
...
Going with an OptEnum to simplify the code for now...
2014-10-01 16:40:55 -05:00
William Vu
5ea968f3ee
Update description to prefer the exploit module
2014-09-30 11:34:28 -05:00
William Vu
162e42080a
Update title to reflect scanner status
2014-09-30 11:04:17 -05:00
William Vu
12d7073086
Use idiomatic Ruby for the marker
2014-09-29 22:32:07 -05:00
William Vu
71d6b37088
Fix bad header error from pure Bash CGI script
2014-09-29 22:25:42 -05:00
William Vu
df44dfb01a
Add OSVDB and EDB references to Shellshock modules
2014-09-29 21:39:07 -05:00
HD Moore
64dbc396dd
Add header specification to check module, lands #3902
2014-09-27 12:58:29 -05:00
William Vu
044eeb87a0
Add variable HTTP header
...
Also switch from OptEnum to OptString for flexibility.
2014-09-27 12:39:24 -05:00
sinn3r
c75a0185ec
Land #3897 - Fix check for apache_mod_cgi_bash_env & apache_mod_cgi_bash_env_exec
2014-09-26 17:06:23 -05:00
jvazquez-r7
80d9af9b49
Fix spacing in description
2014-09-26 17:03:28 -05:00
jvazquez-r7
9e540637ba
Add module for CVE-2014-5377 ManageEngine DeviceExpert User Credentials
2014-09-26 17:02:27 -05:00
jvazquez-r7
3259509a9c
Use return
2014-09-26 16:04:15 -05:00