Commit Graph

14233 Commits (50d90defbc4a5af267c9cddc65f1543be03f31ad)

Author SHA1 Message Date
jvazquez-r7 436ac706e8 Rescue Rex::ConnectionError while finding the uri 2014-07-21 12:00:24 -05:00
jvazquez-r7 30de4cdf8d Fix get_login_hidden 2014-07-21 11:57:37 -05:00
jvazquez-r7 ff3a21b520 Refactor do_web_login 2014-07-21 11:35:19 -05:00
jvazquez-r7 22f41e4435 Use vars_post 2014-07-21 11:07:00 -05:00
jvazquez-r7 92fd3bc72b Deleting REQUEST_TYPE option because I don't think has sense here 2014-07-21 10:53:43 -05:00
jvazquez-r7 986b8e5d02 First style issues cleanup 2014-07-21 09:49:05 -05:00
Meatballs b0a596b4a1
Update newer modules 2014-07-20 21:59:10 +01:00
Meatballs 474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-20 21:01:54 +01:00
HD Moore 5ba96d6054 Fix peer(rhost)->peer() usage in mediawiki_svg_fileaccess 2014-07-19 15:56:41 -05:00
scriptjunkie 8fe508207c Merge Meatballs' gpp_again pull into new branch 2014-07-19 11:10:14 -05:00
Christian Mehlmauer a809c9e0b5
Changed to vprint and added comment 2014-07-18 22:15:56 +02:00
Christian Mehlmauer c6e129c622
Fix rubocop warnings 2014-07-18 21:58:33 +02:00
root 7a5f3b8991 Implementing Ruby Style Guide and replace send_request_raw send_request_cgi 2014-07-18 14:31:38 -05:00
Tod Beardsley 942112d18e
Land #3538, SAP fix from @jvazquez-r7
This looks good to me, the whole print statement is enclosed in a check
for results.
2014-07-18 10:27:47 -05:00
us3r777 088f208c7c Added auxiliary module jboss_bshdeployer
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
root 1f02891dc7 Change name of module and implementation of the recommended changes 2 2014-07-18 00:17:35 -05:00
root 0168a99eaa Change name of module and implementation of the recommended changes 2014-07-17 23:49:25 -05:00
root f2eabdba94 implementation of the recommended changes 2014-07-17 23:36:37 -05:00
jvazquez-r7 ad2e7c3713 print header only if there are results... 2014-07-17 18:02:24 -05:00
us3r777 58adc350b5 Refactor: Creation of a JBoss mixin
The jboss_bsheployer as is does not allow to deploy a custom WAR file.
It is convenient when ports are blocked to be able to deploy a webshell
instead of just launching a payload. This will require a auxiliary
module which will use the JBoss mixin methods.
2014-07-18 00:56:32 +02:00
sinn3r c59d72b0c6
Land #3530 - dbvis database administrator 2014-07-17 14:36:34 -05:00
sinn3r 6d35867f7f Update module description 2014-07-17 14:24:57 -05:00
sinn3r 8e7361d952 Fix indent again 2014-07-17 14:12:04 -05:00
sinn3r aed8af3abc Retabbed 2014-07-17 14:03:27 -05:00
Jay Smith 2be6eb16a2
Add in exploit check and version checks
Move the initial checking for the vboxguest device and os checks
into the MSF check routine.
2014-07-17 14:56:34 -04:00
sinn3r d6ab418d6f Fix spaces 2014-07-17 13:52:00 -05:00
Tod Beardsley b050b5d1df
Rubocop -a on MS08-067
This reduces the number of style guide violations from 230ish to 36.
Nearly all of it has to do with errant parameters, element alignment,
and comment blocks.

Obviously, since this was all automatically fixed, some pretty severe
testing should occur before landing this.

I kind of don't like the automatic styling of the arrays for the
references, but maybe I can get used to it. It's open for discussion.

@jhart-r7 please take a look at this as well -- anything jumping out at
you on this that we should be avoiding for Rubocop?
2014-07-17 12:29:20 -05:00
David Bloom b4e68a7c25 Update dbvis_query.rb 2014-07-17 19:21:35 +02:00
Jon Hart 06fd1ead9d Address more style issues 2014-07-17 09:37:27 -07:00
Vincent Herbulot bea660ad4d Added possibility to upload a custom WAR file
Added 2 options, one for uploading a custom WAR file. The other
to specify if you want or not to undeploy the war at the end of
the exploit.
The module as is does not allow to deploy a custom WAR file. It is
convenient when ports are blocked to be able to deploy a webshell
instead of just launching a payload.
2014-07-17 17:13:19 +02:00
jvazquez-r7 7e6e154a39 Fix null pointer dereference 2014-07-17 08:51:12 -05:00
David Bloom 0f92b73f1a Update dbvis_add_db_admin.rb 2014-07-17 10:14:28 +02:00
David Bloom 561ef427cc Update dbvis_query.rb 2014-07-17 10:13:58 +02:00
David Bloom 60c71b2681 Update dbvis_add_db_admin.rb 2014-07-17 10:11:13 +02:00
David Bloom 8f9a1e485c Delete dbvis_query.rb 2014-07-17 08:05:18 +02:00
David Bloom 1c8cac359c Added video link 2014-07-17 08:02:27 +02:00
David Bloom 7bee4db1d7 dbvis_query.rb add 2014-07-17 07:48:17 +02:00
Trevor Rosen bebf11c969
Resolves some Login::Status migration issues
MSP-10730
2014-07-16 21:52:08 -05:00
root ceff18de9d Add modifiable UserAgent and translations to English 2014-07-16 20:44:20 -05:00
David Bloom 4a25bb4247 Update dbvis_add_db_admin.rb 2014-07-17 02:01:50 +02:00
William Vu a07656fec6
Land #3536, msftidy INFO messages aren't blockers 2014-07-16 17:57:48 -05:00
Tod Beardsley 58558e8dfa
Allow INFO msftidy messages
INFO level messages should not block commits or be complained about on
merges. They should merely inform the user.
2014-07-16 15:29:23 -05:00
sinn3r 8733dcb2f8
Land #3531 - Windows 2008 Update for HP AutoPass License 2014-07-16 15:13:05 -05:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
William Vu b6ded9813a
Remove EOL whitespace 2014-07-16 14:56:34 -05:00
William Vu 25f74b79b8
Land #3484, bad pack/unpack specifier fix 2014-07-16 14:52:23 -05:00
Meatballs 7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-16 20:34:34 +01:00
Jay Smith 6d49f6ecdd
Update code to reflect hdmoore's code review. 2014-07-16 14:29:17 -04:00
Spencer McIntyre 82abe49754 Mark windows/misc/psh_web_delivery as deprecated 2014-07-16 14:02:05 -04:00
David Maloney 5534599cfc
fix for jtr warnings
remmove include for Jtr mixin in deprecated jtr_unshadow module

remove deprecated postgres_crack module
2014-07-16 12:52:29 -05:00
David Bloom 52bdc5364c Update dbvis_query.rb 2014-07-16 18:52:27 +02:00
David Bloom 200c122ecd Update dbvis_query.rb 2014-07-16 18:48:15 +02:00
David Bloom 31e38cee23 Update dbvis_add_db_admin.rb 2014-07-16 18:45:38 +02:00
David Bloom 5f38ad5e10 Update dbvis_add_db_admin.rb 2014-07-16 18:30:23 +02:00
David Bloom c3b87e2e6c Update rigth on dbviscmd check 2014-07-16 18:27:19 +02:00
David Maloney 52a29856b3
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-16 09:38:44 -05:00
David Bloom 90932116f8 Update dbvis_query.rb
Minor changes
2014-07-16 15:44:48 +02:00
David Bloom b4aca68406 Update dbvis_query.rb 2014-07-16 15:10:07 +02:00
David Bloom 17b2169b9d Create dbvis_query.rb
Dbvisulaizer offers a command line functionality to execute SQL pre-configured databases (With GUI).
The remote database can be accessed from the command line without the need to authenticate.
The module abuses this functionality to query the remote database and store the result.
2014-07-16 14:51:24 +02:00
David Bloom b602fc89a3 Update dbvis_add_db_admin.rb
Corrections
2014-07-16 13:42:58 +02:00
Jay Smith cef2c257dc
Add CVE-2014-2477 local privilege escalation 2014-07-16 05:49:19 -04:00
Jon Hart 9e5c24a97e Address some Ruby style issues 2014-07-15 16:55:54 -07:00
jvazquez-r7 6d05a24653 Add target information 2014-07-15 17:45:45 -05:00
sinn3r f8e47a5c61
Land #3524 - WPTouch fileupload exploit 2014-07-15 16:29:59 -05:00
Spencer McIntyre e58100fe85
Land #3419, multi script delivery module by @jakxx 2014-07-15 17:07:51 -04:00
Spencer McIntyre 1a8d73fca8 Minor whitespace and grammar changes 2014-07-15 17:00:28 -04:00
David Maloney 674447c891
final cleanup steps 2014-07-15 15:31:51 -05:00
David Maloney 7ac6640cfd
Merge branch 'staging/electro-release' into feature/MSP-10711/login-status
Conflicts:
	Gemfile
	Gemfile.lock
	modules/auxiliary/scanner/smb/smb_login.rb
2014-07-15 15:12:33 -05:00
jvazquez-r7 604a612393 Have into account differences between windows default installs 2014-07-15 15:03:07 -05:00
James Lee 51a9a763c0
Move error_name to InvalidPacket and check for nil
MSP-10713
2014-07-15 15:02:53 -05:00
David Maloney 34635ab968
module login status cleanup
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
David Bloom 875c024243 create dbvis_add_db_admin.rb
Dbvisulaizer offers a command line functionality to execute SQL pre-configured databases (With GUI).
The remote database can be accessed from the command line without the need to authenticate.
The module abuses this functionality to create an administrator in the database if DB user rights allow it.
2014-07-15 21:43:14 +02:00
sinn3r 57b1023592
Land #3522 - Multi Gather Dbvis Connections Settings 2014-07-15 11:34:02 -05:00
sinn3r 1d6f088eab Pass msftidy 2014-07-15 11:31:37 -05:00
David Bloom 526538ecd6 Added dbvis version find and print 2014-07-15 15:04:46 +02:00
David Bloom 97dcc56225 Update dbvis_enum.rb 2014-07-15 14:23:40 +02:00
David Bloom 400b0f4276 parse url to report host in old config 2014-07-15 14:21:09 +02:00
David Bloom f3d953f829 Old config file update
Added functions to parse old and new config files.
2014-07-15 14:00:29 +02:00
David Bloom ac3d453002 Update dbvis_enum.rb 2014-07-15 12:33:07 +02:00
David Bloom a53341f520 Added compatibility with dbvis <= 6
Checking for "config" folder existence if "config70" is not found.
2014-07-15 12:14:38 +02:00
Christian Mehlmauer c1f612b82a
Use vprint_ instead of print_ 2014-07-15 06:58:33 +02:00
James Lee de22aeba41
Land #3481, meterpreter bins 2014-07-14 15:57:52 -05:00
sinn3r cc1ba265cb Change module name for consistency 2014-07-14 15:49:19 -05:00
sinn3r 4d7bffd713 Change header 2014-07-14 15:45:17 -05:00
sinn3r 5a821cea9d Account for EOFError condition 2014-07-14 15:27:40 -05:00
sinn3r 89a877031f I mean "unless", not "if" 2014-07-14 15:24:53 -05:00
sinn3r bec32a01ab For for missing an end 2014-07-14 15:17:54 -05:00
sinn3r cecdcef2e2 + not preferred 2014-07-14 15:14:54 -05:00
sinn3r 0737deb2a3 Remove the last exception handler
We're already checking the file path with file?(), so we don't need
to use exception handling for this task anymore.
2014-07-14 15:02:23 -05:00
sinn3r 8fe3f1a077 File should be checked for existence before reading 2014-07-14 15:01:03 -05:00
sinn3r 20e5803592 Author's Twitter handle should be a comment
msfconsole treats whatever is in <> as the author's email, not
twitter handle
2014-07-14 14:57:36 -05:00
sinn3r 3b6947c1d7 Use Rex to check IPv4 instead of using resolv 2014-07-14 14:56:38 -05:00
sinn3r b5e556519b Change = to ==
This is an if condition, not an assignment
2014-07-14 14:53:27 -05:00
sinn3r 8f51fd0e45 Retabbed and reformatted 2014-07-14 14:39:34 -05:00
Christian Mehlmauer 144c6aecba
Added WPTouch fileupload exploit 2014-07-14 21:35:18 +02:00
root 3becfff41e Add Bruteforce Joomla 2014-07-14 14:07:23 -05:00
Tod Beardsley 6c595f28d7
Set up a proper peer method 2014-07-14 13:29:07 -05:00
dmaloney-r7 7184d2ed5e Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor
Refactor pop3_login
2014-07-14 13:27:11 -05:00
David Bloom 72d9587a50 DbVisualizer stores the user database configuration in dbvis.xml
This module retrieves the connections settings from this file
2014-07-14 20:08:48 +02:00
David Bloom 667b1363f3 Delete dbvis_enum.rb 2014-07-14 10:57:53 +02:00
David Bloom 0ef0f6aae1 Update dbvis_enum.rb 2014-07-14 10:54:43 +02:00
David Bloom bcbb0b4fde dbvis connections gathering
DbVisualizer stores the user database configuration in dbvis.xml.
This module retrieves the connections settings from this file.
2014-07-14 10:49:20 +02:00
Michael Messner 1b7008dafa typo in name 2014-07-13 13:24:54 +02:00
James Lee e68dcdbb06
Refactor pop3_login
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.

See http://wiki2.dovecot.org/Authentication/Penalty
2014-07-11 17:26:49 -05:00
William Vu 2fd7bcf8bf
Land #3514, report_note for scraper 2014-07-11 17:17:10 -05:00
nodeofgithub 5d833cbb16 http_header report_note remove to_s 2014-07-11 17:14:45 -05:00
nodeofgithub 7e9eb84531 http_header report_note remove brackets, move rport 2014-07-11 17:14:45 -05:00
nodeofgithub a8ec733a3a Interpolate all the things! 2014-07-11 17:14:09 -05:00
nodeofgithub 4abe856fc1 Rescue http_header notes from getting truncated
Seems that only one header line gets added to host notes, and the rest are thrown away. This adds the counter number to the type string, so that each header line entry is unique and correctly saved. I also added port in case you want headers from several ports on one host without the previous getting overwritten.

(scanning shodanhq.com)
----BEFORE----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: deleted header Expires
[*] 162.159.245.38:80: CF-RAY: 1485d013ca880773-EWR
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 14:50:20 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 7 headers
[*] Scanned 1 of 1 hosts (100% complete)

msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 14:50:19 UTC Note: host=162.159.245.38 type=HTTP header data="SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >

----AFTER----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: CF-RAY: 14869ad5c0970f57-FRA
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 17:08:45 GMT
[*] 162.159.245.38:80: EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 8 headers
[*] Scanned 1 of 1 hosts (100% complete)

msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.0 data="CF-RAY: 14869ad5c0970f57-FRA"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.1 data="CACHE-CONTROL: max-age=15"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.2 data="CONNECTION: keep-alive"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.3 data="CONTENT-TYPE: text/html; charset=UTF-8"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.4 data="DATE: Fri, 11 Jul 2014 17:08:45 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.5 data="EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.6 data="SERVER: cloudflare-nginx"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.7 data="SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >
2014-07-11 17:14:09 -05:00
nodeofgithub 6ef69b4014 scraper report_note, remove eol whitespace 2014-07-11 21:21:56 +02:00
nodeofgithub ad46c37988 scraper report_note, remove unnecessary to_s 2014-07-11 21:08:35 +02:00
nodeofgithub 7a7d149dc5 scraper report_note, change note type string 2014-07-11 21:01:20 +02:00
Tod Beardsley e5d7dae016
Land #3513, Author name fixups from @jvazquez-r7 2014-07-11 13:58:38 -05:00
Tod Beardsley b09fab13f0 Fix one flubbed author address 2014-07-11 13:50:37 -05:00
nodeofgithub 8b302cd472 Add report_note to scraper.rb
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:31:46 +02:00
nodeofgithub b834e7d3cb Update scraper.rb 2014-07-11 20:20:40 +02:00
nodeofgithub da67a63ad0 Add report_note to scraper.rb
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:07:48 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
William Vu 79603c9a73
Land #3505, a bunch o' Linux post module fixes 2014-07-11 12:39:31 -05:00
jvazquez-r7 eb9d2f130c Change title 2014-07-11 12:03:09 -05:00
jvazquez-r7 a356a0e818 Code cleanup 2014-07-11 12:00:31 -05:00
jvazquez-r7 6fd1ff6870 Merge master 2014-07-11 11:40:39 -05:00
jvazquez-r7 d637171ac0 Change module filename 2014-07-11 11:39:32 -05:00
jvazquez-r7 c55117d455 Some cleanup 2014-07-11 11:39:01 -05:00
jvazquez-r7 a7a700c70d
Land #3502, @m-1-k-3's DLink devices HNAP Buffer Overflow CVE-2014-3936 2014-07-11 11:25:03 -05:00
jvazquez-r7 b9cda5110c Add target info to message 2014-07-11 11:24:33 -05:00
jvazquez-r7 dea68c66f4 Update title and description 2014-07-11 10:38:53 -05:00
jvazquez-r7 f238c2a93f change module filename 2014-07-11 10:30:50 -05:00
jvazquez-r7 f7d60bebdc Do clean up 2014-07-11 10:28:31 -05:00
William Vu 43f41de124
Land #3508, CVE-2014-4671 Flash JSONP disclosure 2014-07-11 10:11:48 -05:00
jvazquez-r7 8f3197c192
Land #3496, @m-1-k-3's switch to CmdStager on dlink_upnp_exec_noauth 2014-07-11 09:50:57 -05:00
jvazquez-r7 4ea2daa96a Minor cleanup 2014-07-11 09:50:22 -05:00
jvazquez-r7 51cfa168b1 Fix deprecation information 2014-07-11 09:47:30 -05:00
jvazquez-r7 46f5282fd3
Land #3455, @m-1-k-3's exploit for DLink UPNP M-Search Command Injection 2014-07-11 09:39:05 -05:00
jvazquez-r7 611b8a1b6d Modify title and ranking 2014-07-11 09:35:21 -05:00
jvazquez-r7 a9b92ee581 Change module filename 2014-07-11 09:17:56 -05:00
jvazquez-r7 36c6e74221 Do minor fixes 2014-07-11 09:17:34 -05:00
joev b8225ae2dc
Remove unnecessary ||= and ivars. 2014-07-10 16:06:28 -05:00
joev e0389dfbc3
Update code as per @wvu's code review. 2014-07-10 15:03:40 -05:00
James Lee 62a2f1dc0a
Credential -> Model for realm key constants 2014-07-10 14:30:25 -05:00
Michael Messner 109201a5da little auto detect fix 2014-07-10 20:45:49 +02:00
Michael Messner 781149f13f little auto detect fix 2014-07-10 20:40:39 +02:00
joev dd439066ca
Patch rhost to display hostname of JSONP_URL. 2014-07-10 12:02:22 -05:00
Tod Beardsley bcec2df0a4
Fix Meterpreter PHP hop description 2014-07-10 11:35:48 -05:00
joev 841cb6a590
STEAL_URL -> STEAL_URLS. 2014-07-10 09:14:32 -05:00
joev fad30bc874
Add flash rosetta exploit module for stealing URLs. 2014-07-10 09:09:10 -05:00
scriptjunkie 2cd9577278 Fix table printing. 2014-07-09 21:46:34 -05:00
James Lee c5226352de
Un-login-able should be print_status, not good 2014-07-09 17:45:41 -05:00
Tod Beardsley 038d1e210a
Merge upstream/master to deconflict.
Conflicts:
	Gemfile.lock
2014-07-09 17:43:42 -05:00
Michael Messner f068006f05 auto target 2014-07-09 21:53:11 +02:00
Michael Messner 6a765ae3b0 small cleanup 2014-07-09 21:16:29 +02:00
Michael Messner 0674314c74 auto target included 2014-07-09 20:56:04 +02:00
Michael Messner b4812c1b7d auto target included 2014-07-09 20:53:24 +02:00
James Lee 7d9c0da691
Record correct creds with non-success status 2014-07-09 13:26:49 -05:00
James Lee afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
Conflicts:
	lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
jvazquez-r7 42823fe15e Test download_exec with linux meterpreter 2014-07-09 09:41:10 -05:00
jvazquez-r7 f4c6505351 Test mount_cifs_creds on linux meterpreter 2014-07-09 09:20:30 -05:00
jvazquez-r7 14b218dce5 Make hashdump compatible with meterpreter 2014-07-09 08:48:20 -05:00
jvazquez-r7 73fdc06d1d Fix enum_xchat to work with meterpreter 2014-07-09 08:37:17 -05:00
jvazquez-r7 b47650580a Fix bugs 2014-07-08 16:51:39 -05:00
jvazquez-r7 a364172978 Add meterpreter as session type 2014-07-08 16:25:50 -05:00
jvazquez-r7 c25c5f6806 Make linux gather post modules compatible with meterpreter 2014-07-08 16:23:57 -05:00
Michael Messner f89f47c4d0 dlink_dspw215_info_cgi_rop 2014-07-08 22:29:57 +02:00
Michael Messner 6fbd6bb4a0 stager 2014-07-08 22:17:02 +02:00
Michael Messner ac727dae89 dlink_dsp_w215_hnap_exploit 2014-07-08 22:13:13 +02:00
Michael Messner 579ce0a858 cleanup 2014-07-08 21:58:15 +02:00
Michael Messner 51001f9cb3 Merge branch 'master' of git://github.com/rapid7/metasploit-framework into dlink_upnp_msearch_command_injection 2014-07-08 21:39:53 +02:00
Michael Messner 84d6d56e15 cleanup, deprecated 2014-07-08 21:36:07 +02:00
Michael Messner 10bcef0c33 cleanup, deprecated 2014-07-08 21:34:28 +02:00
AnwarMohamed e908bb6819 formating 2014-07-08 11:02:41 +02:00
AnwarMohamed 34dcb609e2 android extension 2014-07-08 04:52:06 +02:00
David Maloney aeda74f394
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-07 16:41:23 -05:00
James Lee 2a9ac0a007
Axe SSHKey in favor of a unified SSH 2014-07-07 13:35:17 -05:00
Tod Beardsley 9fef2ca0f3
Description/whitespace changes (minor)
Four modules updated for the weekly release with minor cosmetic fixes.

- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
jvazquez-r7 cd6b83858b
Add new Yokogawa SCADA exploit 2014-07-07 11:20:49 -05:00
HD Moore 6f433db609
Minor typo fix 2014-07-06 23:44:17 -05:00
HD Moore 3ef35f19dc Prefer strip over chomp 2014-07-06 23:17:09 -05:00
HD Moore d76081bcef Prefer strip over chomp 2014-07-06 23:16:56 -05:00
HD Moore ab7848a895
Merge master for testing of #2809 2014-07-06 22:27:58 -05:00
Michael Messner e7ade9f84d migrate from wget to echo mechanism 2014-07-06 21:45:53 +02:00
Christian Mehlmauer d5843f8eaf
Updated Mailpoet exploit to work with another version 2014-07-06 10:53:40 +02:00
William Vu cf5d29c53b
Add EOF newline to satisfy msftidy 2014-07-05 13:51:12 -05:00
HD Moore 6d9bf83ded Small fixes for the recent WP MailPoet module
Correct casing in the title
Anchor the use of ::File
Force body.to_s since it can be nil in corner cases
2014-07-05 13:17:23 -05:00
jvazquez-r7 98a82bd145
Land #3486, @brandonprry's exploit for CVE-2014-4511 gitlist RCE 2014-07-04 16:41:04 -05:00
jvazquez-r7 59881323b9 Clean code 2014-07-04 16:40:16 -05:00
Brandon Perry a33a6dc79d add bash to requiredcmd 2014-07-03 16:52:52 -05:00
Brandon Perry 806f26424c && not and 2014-07-03 16:50:21 -05:00
Brandon Perry 6fb2fc85a0 address @jvasquez-r7 review points 2014-07-03 16:43:01 -05:00
jvazquez-r7 2efa3d6bc0
Land #3487, @FireFart's exploit for WordPress MailPoet file upload 2014-07-03 14:34:58 -05:00
sinn3r f1b7a9f421
Land #3488 - loot storage into the enum_services post module 2014-07-03 14:18:16 -05:00
sinn3r 79c433e7ea
Land #3480 - Oracle Event Processing FileUploadServlet Arbitrary File Upload 2014-07-03 14:09:12 -05:00
sinn3r c207d14d1f Update description 2014-07-03 14:08:31 -05:00
jvazquez-r7 97a6b298a8 Use print_warning 2014-07-03 13:38:20 -05:00
Christian Mehlmauer dcba357ec3
implement feedback 2014-07-03 20:27:08 +02:00
sinn3r 2c999d3099 Better describe the problem 2014-07-03 13:06:19 -05:00
sinn3r 9aa3c75234 Do something for the shut-everything-up event handling practice 2014-07-03 13:04:56 -05:00
sinn3r 8a513058f6 Fix comments 2014-07-03 12:59:10 -05:00
sinn3r ebeb9880a6 Favor "unless" over "if" for negative conditions
Please refer to https://github.com/bbatsov/ruby-style-guide
2014-07-03 12:55:13 -05:00
sinn3r 1d828a951f string interpolation is preferred over concatenation
Please refer to https://github.com/bbatsov/ruby-style-guide
2014-07-03 12:46:56 -05:00
sinn3r b781b87d74 Avoid unnecessary "if not" 2014-07-03 12:44:17 -05:00
Brandon Perry 86a31b1896 Update gitlist_exec.rb 2014-07-03 12:40:37 -05:00
Christian Mehlmauer aeb4fff796
Added FileDropper 2014-07-03 19:25:31 +02:00
jvazquez-r7 51695c4932
Land #2484, @zeroSteiner's refactoring for CmdStager 2014-07-03 11:33:46 -05:00
Jon Hart 1500f33e1b Default to only fuzzing versions 2-4 2014-07-03 07:32:44 -07:00
Christian Mehlmauer b15297eee0
Land #3490, @Meatballs1 tns listener verbose output 2014-07-03 16:20:38 +02:00
jvazquez-r7 5e0211016d Merge to solve conflicts 2014-07-03 09:16:04 -05:00
Christian Mehlmauer 071f236946
Changed check method 2014-07-02 22:31:02 +02:00
Christian Mehlmauer a58ff816c5
Changed check method 2014-07-02 22:29:00 +02:00
sinn3r 90df0f1bb5
Land #3489 - Add verbosity to Jenkins Enum 2014-07-02 14:40:25 -05:00
sinn3r ecba95644d
Land #3473 - skype post module to extract password hash 2014-07-02 14:34:10 -05:00
Michael Messner e5b441314c removed wrong edit ... 2014-07-02 21:33:49 +02:00
Michael Messner 8f55af5f9d UPnP check included 2014-07-02 21:28:39 +02:00
Michael Messner ac2e84bfd6 check included 2014-07-02 21:24:50 +02:00
Rob Fuller c6675a2900 Add verbosity to Jenkins Enum 2014-07-02 13:25:18 -04:00
Your Name 9981a60b27 Add loot storage into the enum_service post module 2014-07-02 17:56:16 +01:00
Your Name 83abf4b523 Add loot storage into the enum_service post module 2014-07-02 17:48:48 +01:00
Christian Mehlmauer 40175d3526
added check method 2014-07-02 11:07:58 +02:00
Christian Mehlmauer 54a28a103c
Updated description 2014-07-02 10:49:28 +02:00
Christian Mehlmauer 1ff549f9c1
Replaced Tab 2014-07-02 10:35:30 +02:00
Christian Mehlmauer 09131fec28
Added wysija file upload exploit 2014-07-02 10:24:27 +02:00
James Lee e9436743e8 Merge branch 'feature/MSP-9749/oracle_hashdump' into staging/electro-release 2014-07-01 17:55:56 -05:00
William Vu 68ba79aa16
Remove access_level, since we don't have access 2014-07-01 17:53:18 -05:00
William Vu 5fa0981026
Add login and move print_status 2014-07-01 17:48:42 -05:00
jakxx a735fd3c59 Update web_delivery.rb 2014-07-01 16:52:18 -04:00
Jon Hart 1830bdc7a5 Add rspec coverage for Rex::Proto::NTP 2014-07-01 12:29:47 -07:00
James Lee f0cb235393
Merge branch 'feature/MSP-9735/gpp' into staging/electro-release 2014-07-01 14:28:15 -05:00
William Vu 864f0f1bbc
Update description, loot -> creds 2014-07-01 11:46:21 -05:00
sinn3r 21f6e7bf6c Change description 2014-07-01 10:44:21 -05:00
sinn3r 449fde5e7c Description update 2014-07-01 10:26:52 -05:00
sinn3r c43006f820 Update cogent module description, fix msftidy warnings 2014-07-01 10:06:33 -05:00
Jon Hart bc274b358f Move NTP message code to Rex::Proto::NTP, simplify option handling 2014-06-30 23:57:47 -07:00
William Vu 3079c47d41
Refactor oracle_hashdump creds 2014-07-01 01:07:22 -05:00
Rob Fuller d341fc20a8 switch to use file? instead of stat 2014-07-01 00:58:17 -04:00
Brandon Perry db6524106e one more typo, last one I swear 2014-06-30 22:33:19 -05:00
Brandon Perry d7dfa67e94 typo 2014-06-30 20:15:25 -05:00
Brandon Perry acedf5e847 Update gitlist_exec.rb
Fix EDB ref and no twitter handles.
2014-06-30 20:12:08 -05:00
Brandon Perry ecc1b08994 Create gitlist_exec.rb
This adds a metasploit module for CVE-2014-4511
2014-06-30 20:10:24 -05:00
jvazquez-r7 bf9c64d3ee
Land #3483, @hmoore-r7's title change for ipmi_cipher_zero 2014-06-30 17:31:12 -05:00
Meatballs cf720a88e8
Be verbose about error codes 2014-06-30 19:10:03 +01:00
Meatballs f8ef6c50b4
Land #3470, Cerberus SFTP User Enumeration 2014-06-30 19:01:15 +01:00
Meatballs 94c5a0b603
More verbose around connection errors 2014-06-30 18:56:30 +01:00
Meatballs 183d601aae
Small tidyup 2014-06-30 18:17:49 +01:00
jvennix-r7 52515c167a Merge pull request #90 from rapid7/feature/MSP-9743/hashdump
Merge #90, @wvu's refactor of post/osx/gather/hashdump to use the new creds model.
2014-06-30 12:11:45 -05:00
attackdebris 004afa6e0c Clean commit of Cerberus FTP User Enumeration Module 2014-06-30 17:53:46 +01:00
William Vu 92963d4999
Fix broken NTLM hash format 2014-06-30 11:35:28 -05:00
HD Moore c9b6c05eab Fix improper use of host-endian or signed pack/unpack
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.

When in doubt, please use:

```
ri pack
```
2014-06-30 02:50:10 -05:00
HD Moore 72d8d8a40c RAKP defines auth, not cipher-0 bypass, see below.
Dan Farmer noted that the RAKP reference in the title was not correct
and that RAKP is a separate issue and protocol implementation than
the use of Cipher Zero to perform an authentication bypass.

Cosmetic only change
2014-06-30 00:52:40 -05:00
HD Moore 4bff68ff2b Use the specified UA, dont duplicate ports 2014-06-30 00:49:21 -05:00
HD Moore 6e8415143c Fix msftidy and tweak a few modules missing timeouts 2014-06-30 00:46:28 -05:00
Tod Beardsley 8b63d3d467 Revert the revert of #3446
This reverts commit 9b35b0e13a.

This should not land on master until the Metasploit Pro folks (@trosen-r7
and friends) get their Meterpreter path specifications working the
same way as Framework's does.
2014-06-29 17:22:21 -05:00
jvazquez-r7 1acd5e76cb Add check code for event processing 12 2014-06-29 15:47:57 -05:00
jvazquez-r7 a94396867c Add module for ZDI-14-106, Oracle Event Processing 2014-06-29 15:44:20 -05:00
Spencer McIntyre faa9c11450 Dont deregister an option that is in use 2014-06-28 18:22:17 -04:00
Spencer McIntyre 748589f56a Make cmdstager flavor explicit or from info
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
2014-06-28 17:40:49 -04:00
HD Moore e806222512 Fix bad copypast, sock.get usage, HTTP mistakes 2014-06-28 16:18:16 -05:00
HD Moore 90eccefcc8 Fix sock.get use and some minor bugs 2014-06-28 16:17:15 -05:00
HD Moore baa877ef17 Switch to get_once for consistency 2014-06-28 16:10:49 -05:00
HD Moore c8e44c341c Fix use of sock.get vs sock.get_once 2014-06-28 16:10:18 -05:00
HD Moore 7f06d10ba6 Dont blindly strip a possible nil return value 2014-06-28 16:08:06 -05:00
HD Moore 5e900a9f49 Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse 2014-06-28 16:06:46 -05:00
HD Moore 6e80481384 Fix bad use of sock.get() and check() implementations
Many of these modules uses sock.get() when they meant get_once()
and their HTTP-based checks were broken in some form. The response
to the sock.get() was not being checked against nil, which would
lead to stack traces when the service did not reply (a likely
case given how malformed the HTTP requests were).
2014-06-28 16:05:05 -05:00
HD Moore 3868348045 Fix incorrect use of sock.get that leads to indefinite hang 2014-06-28 15:48:58 -05:00
HD Moore 3ae91410f5 Fix incorrect use of sock.get(), remove rundant return values 2014-06-28 15:24:02 -05:00
HD Moore 6d0d8a911d Fix incorrect use of sock.get() that could lead to indefinite hang 2014-06-28 15:22:16 -05:00
HD Moore a9cd9c584a Respect RPORT even if additional ports are specified 2014-06-28 15:21:54 -05:00
Spencer McIntyre bd49d3b17b Explicitly use the echo stager and deregister options
Certain modules will only work with the echo cmd stager so
specify that one as a parameter to execute_cmdstager and
remove the datastore options to change it.
2014-06-28 16:21:08 -04:00
HD Moore 43420aa984 Fix incorrect use of sock.get that can lead to an indefinite timeout
console1:
```
msf> use auxiliary/scanner/http/open_proxy
msf auxiliary(open_proxy) > set RHOSTS 192.168.0.4
msf auxiliary(open_proxy) > set RPORT 8888
msf auxiliary(open_proxy) > run
< the connection never times out >
```

console2:
```
$ nc -vlp 8888
Listening on [0.0.0.0] (family 0, port 8888)
Connection from [192.168.0.4] port 8888 [tcp/*] accepted (family 2, sport 43245)
GET http://209.85.148.147/ HTTP/1.1
Host: 209.85.148.147
Connection: close
User-Agent: user_agent
Accept-Encoding: *
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7
Cache-Control: no
Accept-Language: de,en;q=0.7,en-us;q=0.3
```

After the patch, requests timeout after 10 seconds:
```
msf auxiliary(open_proxy) > run
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-06-28 15:18:11 -05:00
HD Moore 3e1ac3fee1 This module was broken due to a hardcoded IP address for google.com 2014-06-28 15:14:29 -05:00
William Vu 90fb07ba6d
Use downcase instead of upcase 2014-06-27 14:12:10 -05:00
David Maloney b680674b95
Merge branch 'master' into staging/electro-release 2014-06-27 11:55:57 -05:00
William Vu aaeca5ce5b
Remove user field from PBKDF2 hash 2014-06-27 11:26:45 -05:00
Spencer McIntyre 42ac3a32fe Multi-fy two new linux/http/dlink exploits 2014-06-27 08:40:27 -04:00
Spencer McIntyre 41d721a861 Update two modules to use the new unified cmdstager 2014-06-27 08:34:57 -04:00
Spencer McIntyre 952c935730 Use a semi-intelligent OptEnum for CMDSTAGER::FLAVOR 2014-06-27 08:34:57 -04:00
Spencer McIntyre 219153c887 Raise NotImplementedError and let :flavor be guessed 2014-06-27 08:34:56 -04:00
Spencer McIntyre 4d4c5e5d6e Update two modules to use the new cmd stager 2014-06-27 08:34:56 -04:00
jvazquez-r7 45248dcdec Add YARD documentation for methods 2014-06-27 08:34:56 -04:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00
jvazquez-r7 91e2e63f42 Add CmdStagerFlavor to metadata 2014-06-27 08:34:55 -04:00
jvazquez-r7 dd7b2fc541 Use constants 2014-06-27 08:34:55 -04:00
jvazquez-r7 9e413670e5 Include the CMDStager 2014-06-27 08:34:55 -04:00
jvazquez-r7 d47994e009 Update modules to use the new generic CMDstager mixin 2014-06-27 08:34:55 -04:00
jvazquez-r7 8bf36e5915 AutoDetection should work 2014-06-27 08:34:55 -04:00
jvazquez-r7 778f34bab6 Allow targets and modules to define compatible stagers 2014-06-27 08:34:55 -04:00
jvazquez-r7 7ced5927d8 Use One CMDStagermixin 2014-06-27 08:34:55 -04:00
Spencer McIntyre 2a442aac1f No long needs to extend bourne, and specify a flavor. 2014-06-27 08:34:55 -04:00
Spencer McIntyre 1a392e2292 Multi-fy the hyperic_hq_script_console exploit. 2014-06-27 08:34:55 -04:00
Spencer McIntyre 80bdf750e9 Multi-fy the new printf stager and add to sshexec. 2014-06-27 08:34:55 -04:00
Spencer McIntyre ae25c300e5 Initial attempt to unify the command stagers. 2014-06-27 08:34:55 -04:00
William Vu 6e1fa8ff5a
Refactor OS X hashdump creds 2014-06-26 15:10:35 -05:00
sinn3r a60dfdaacb
Land #3471 - HP AutoPass License Server File Upload 2014-06-26 14:34:32 -05:00
sinn3r ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape 2014-06-26 13:48:28 -05:00
sinn3r 0b6f7e4483
Land #3404 - MS14-009 .NET Deployment Service IE Sandbox Escape 2014-06-26 11:45:47 -05:00
sinn3r 6075c795e9
Land #3467 - failure message for nil payload 2014-06-26 11:12:37 -05:00
David Maloney 9cec330f05
Merge branch 'master' into staging/electro-release 2014-06-26 10:22:30 -05:00
jakxx 4da28f1708 updated platform 2014-06-25 22:01:19 -04:00
James Lee 48e93b7fc2
Merge branch 'feature/MSP-9715/linux_hashcracker' into staging/electro-release 2014-06-25 16:15:44 -05:00
jakxx 54ccc261d1 Updates
Updated spacing, ranking, php command, platform, and merged *nix and
windows cmds
2014-06-25 16:34:51 -04:00
David Maloney 34c57f51b1 Merge branch 'staging/electro-release' of github.com:rapid7/metasploit-framework-private into staging/electro-release 2014-06-25 15:02:35 -05:00
David Maloney ac61a8fe4f
deprecate jtr_unshadow 2014-06-25 15:01:35 -05:00