Commit Graph

4574 Commits (52f56527d80b1435c85d832f559d967417c6d007)

Author SHA1 Message Date
William Webb 9672759be8
Land #7462, Add support for Unicode domains 2016-10-26 16:47:09 -05:00
Jon Hart 342bfd628a Dont' set default PORTS or PROBE options. Require user configuration. 2016-10-25 15:58:46 -05:00
Jon Hart 2a18ea0e33 Initial commit of generic module for detecting UDP amplification vulnerabilities 2016-10-25 15:58:46 -05:00
Jon Hart 7f65b28483
Deprecate udp_probe in favor of udp_sweep 2016-10-23 13:06:58 -07:00
Brendan b5a41c3011 Convert ANSI data to UTF-8 char by char because MS might
put an invalid character in the WORKGROUP name during SMB
handshake
2016-10-19 17:42:26 -05:00
William Vu 2668a4a1cd
Fix #6993, tnspoison_checker cleanup 2016-10-19 00:53:33 -05:00
William Webb 8e2ff8df80
Land #7433, Add IP Addresses to HTTP PUT/DELETE scanner output 2016-10-14 13:27:17 -05:00
Brent Cook 9fbe1ddd9d
Land #7384, CVE-2016-6415 - Cisco IKE Information Disclosure 2016-10-14 08:41:34 -05:00
nixawk b74539be44 check if isakmp payload is same to IKE Leak data 2016-10-13 04:20:23 -05:00
nixawk 7536d1d94a print leak data 2016-10-12 02:42:50 -05:00
nixawk 70d4833654 Fix report_vuln 2016-10-12 02:16:00 -05:00
Alton J 98d7b19ab9 Passed IP parameter to additional functions. 2016-10-11 15:09:50 -05:00
Alton J acff0fa9cf Added IP addresses to output. 2016-10-11 14:43:42 -05:00
Alton J f0ff4a0721 Added IP addresses to output. 2016-10-11 14:42:06 -05:00
Sonny Gonzalez 3fd806b87f Merge remote-tracking branch 'upstream/pr/6993' into land-6993 2016-10-11 09:33:26 -05:00
Brent Cook e074669406
Land #7296, Added a SCADA module for detecting Profinet devices, e.g. Siemens controllers 2016-10-08 21:34:40 -05:00
Stephen Haywood 2d361fabc6 No need to interpolate when using .to_s 2016-10-03 11:38:36 -04:00
Stephen Haywood 95f9b778bd Use standard status messages instead of verbose. 2016-10-03 11:01:51 -04:00
Stephen Haywood d088005d95 TABLE_NAME option not needed. 2016-10-03 10:58:13 -04:00
Stephen Haywood 5f12c8e026 Incorrect warning message
The filename is not always test so the warning message and the note in the description are incorrect.
2016-10-03 10:57:25 -04:00
Stephen Haywood 25996a16bb Fixed file read block. 2016-10-03 10:47:03 -04:00
Stephen Haywood 708eb0eb4f Fixed syntax error. 2016-10-03 10:17:29 -04:00
Stephen Haywood fac03570d1 Use File.open block. 2016-10-03 10:09:45 -04:00
Stephen Haywood bc57537205 Add warning statement. 2016-10-03 10:07:40 -04:00
Stephen Haywood a627c3cd5e Removed unnecessary return statements. 2016-10-03 10:02:26 -04:00
Stephen Haywood 6fa8f40b31 Use unless instead of if (not ...) 2016-10-03 10:00:56 -04:00
Interference Security 3e01dbfded Fixed Space-Tab mixed indent warning 2016-10-01 15:13:26 +05:30
Interference Security 4227cb76a8 Fixed stack trace bug & verified logic
- Fixed stack trace bug when value of "packet" is nill.
- Verified logic of Oracle TNS Listener poisoning which requires an ACCEPT response to be marked as vulnerable.
2016-10-01 15:01:02 +05:30
Stephen Haywood 63c0b6f569 Login failure message. 2016-09-30 17:09:41 -04:00
Stephen Haywood 7996c4b048 Warning about leaving files on disk. 2016-09-30 14:53:15 -04:00
Stephen Haywood 3e4a23cdf6 Removed unnecessary require statement. 2016-09-30 14:51:43 -04:00
nixawk ac76c3591a reference urls 2016-09-29 22:43:00 -05:00
nixawk 5929d72266 CVE-2016-6415 - cisco_ike_benigncertain.rb 2016-09-29 22:25:57 -05:00
averagesecurityguy f7e588cdeb Initial commit of module. 2016-09-28 14:55:32 -04:00
Brendan b9de73e803
Land #7334, Add aux module to exploit WINDOWS based (java) Colorado
FTP server directory traversal
2016-09-26 14:15:23 -05:00
Tijl Deneut 2fab62b14d Update profinet_siemens.rb
Removed unnecessary rescue, gave "timeout" variable a better name.
2016-09-23 18:05:45 +02:00
Brent Cook a9a1146155 fix more ssh option hashes 2016-09-20 01:30:35 -05:00
David Maloney e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules 2016-09-19 15:27:37 -05:00
David Maloney 06ff7303a6
make pubkey verifier work with old module
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together

7321
2016-09-19 15:20:35 -05:00
h00die 9c922d111f colorado ftp 2016-09-18 20:03:16 -04:00
William Vu 4ba1ed2e00
Fix formatting in fortinet_backdoor
Also add :config and :use_agent options.
2016-09-16 12:32:30 -05:00
David Maloney 26491eed1a
pass the public key in as a file instead of data
when using key_data it seems to assume it is a private
key now. the initial key parsing error can be bypassed
by doing this

7321
2016-09-16 11:48:51 -05:00
David Maloney dfcd5742c1
some more minor fixes
some more minor fixes around broken
ssh modules

7321
2016-09-15 14:25:17 -05:00
David Maloney e10c133eef
fix the exagrid exploit module
split the exagrid exploit module up and
refactor to be able to easily tell if the
key or the password was used

7321
2016-09-15 11:44:19 -05:00
Brent Cook 7352029497 first round of SSL damage fixes 2016-09-13 17:42:31 -05:00
wchen-r7 245237d650
Land #7288, Add LoginScannerfor Octopus Deploy server 2016-09-13 17:26:56 -05:00
Tijl Deneut 8df8f7dda0 Initial commit of profinet_siemens.rb 2016-09-11 09:15:41 +02:00
Brent Cook a81f351cb3
Land #7274, Remove deprecated modules 2016-09-09 12:01:59 -05:00
Brent Cook 1d4b0de560
Land #6616, Added an Outlook EWS NTLM login module. 2016-09-09 11:43:52 -05:00
Brendan a30711ddcd
Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
aushack 7632c74aba Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2016-09-07 14:15:57 +10:00
aushack 6e21684ff7 Fix typo. 2016-09-07 14:08:46 +10:00
james-otten dcf0d74428 Adding module to scan for Octopus Deploy server
This module tries to log into one or more Octopus Deploy servers.

More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
William Vu fed2ed444f Remove deprecated modules
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
2016-09-03 12:43:01 -05:00
Jon Hart b0e45341e5
Update redis file_upload to optionally FLUSHALL before writing
This increases the chances that the uploaded file will be usable as-is
rather than being surround by the data in redis itself.
2016-08-31 14:27:18 -07:00
Brendan b21ea2ba3f Added code to assign CPORT value to the parent scanner object 2016-08-29 13:17:10 -05:00
Pearce Barry 226ded8d7e
Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
William Vu cd858a149f Add DETECT_ANY_AUTH to make bogus login optional 2016-08-23 23:05:47 -05:00
David Maloney 20947cd6cd
remove old dependency on net-ssh moneykpatch
the ssh_login_pubkey scanner relied on functionality that
was monkeypatched into our vendored copy. this was an uneeded solution
in the first palce, and we now use a more sane method of accomplishing
the same thing
2016-08-22 10:54:09 -05:00
wchen-r7 5f8ef6682a Fix #7202, Make print_brute print ip:rport if available
Fix #7202
2016-08-16 15:34:30 -05:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
2016-08-10 13:30:09 -05:00
Jon Hart 554a0c5ad7
Deprecate nbname_probe, which duplicate nbname as of 77cd6dbc8b 2016-08-02 17:36:22 -07:00
wchen-r7 cce1ae6026 Fix #6989, scanner modules printing RHOST in progress messages
Fix #6989
2016-07-25 23:15:59 -05:00
James Lee ff63e6e05a
Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
David Maloney b6b52952f4
set ssh to non-interactive
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password

MS-1688
2016-07-14 11:12:03 -05:00
David Maloney 01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Brent Cook 128f802928 use the regex source when generating or displaying a regex 2016-07-11 22:05:50 -05:00
James Lee cfb56211e7
Revert "Revert "Land #7009, egypt's rubyntlm cleanup""
This reverts commit 1164c025a2.
2016-07-07 15:00:41 -05:00
James Lee 1164c025a2 Revert "Land #7009, egypt's rubyntlm cleanup"
This reverts commit d90f0779f8, reversing
changes made to e3e360cc83.
2016-07-05 15:22:44 -05:00
David Maloney 5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-05 10:48:38 -05:00
Pearce Barry 159446ce92 Ensure http_login scanner module saves passwds.
Fixes #6983.  When the auxiliary/scanner/http/http_login module discovers a successful basic auth user+password combination, make sure we properly store the password by specifically telling the credentials gem that the private data we're storing is a :password.
2016-06-30 16:58:39 -05:00
David Maloney 3d93c55174
move sshfactory into a mixin method
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention

MS-1688
2016-06-28 15:23:12 -05:00
David Maloney ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-06-28 15:00:35 -05:00
David Maloney 97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm 2016-06-28 14:14:56 -05:00
David Maloney 6c3871bd0c
update ssh modules to use new SSHFactory
updated all of our SSh based module to use the
new SSHFactory class to plug Rex::Sockets into
Net::SSH

MS-1688
2016-06-24 13:55:28 -05:00
David Maloney 5bc513d6cd
get ssh sessions working properly
ssh sessions now working correctly

MD-1688
2016-06-24 12:14:48 -05:00
David Maloney 3e94abe555
put net:ssh::commandstream back
this was apparently our own creation for doing
ssh sessions

MD-1688
2016-06-22 15:02:36 -05:00
James Lee 07f7e5e148
Convert non-loginscanner MSSQL to rubyntlm 2016-06-22 10:15:22 -05:00
Interference Security 0fa1fc50f8 Fixed false positive bug
Checking for "(ERROR_STACK=(ERROR=" is not enough to mark a target as vulnerable. TNS response packet bytes for "Accept" and "Refuse" are required to be sure.
Reference: https://thesprawl.org/research/oracle-tns-protocol/
2016-06-19 17:33:05 +05:30
Brendan Watters c02a05f913 Removed code that was already commented out 2016-06-17 15:47:15 -05:00
Brendan Watters 1225a93179 Moved ClamAV scanner to scanning module
s
2016-06-17 15:40:33 -05:00
Brent Cook b0bf901b22
Land #6950, avoid printing rhost:rport twice when using Msf::Exploit::Remote::SMB::Client 2016-06-09 16:35:09 -05:00
Brent Cook 199ae04b57 fix more duplicate port/ip things 2016-06-09 16:26:41 -05:00
wchen-r7 7143095b4b
Land #6947, add auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum 2016-06-09 14:21:55 -05:00
wchen-r7 207d92a125 Use scan to do regex capture 2016-06-09 11:07:00 -05:00
wchen-r7 1b4a6a7981 Use the UDP mixin to it can cleanup properly 2016-06-09 11:04:50 -05:00
wchen-r7 f0bb125556 Should be print_error 2016-06-08 14:22:36 -05:00
William Vu 600704c053 Merge remote-tracking branch 'upstream/pr/6939' 2016-06-08 14:22:33 -05:00
wchen-r7 52bcade72c Fix #6948, Modules using the SMB client are printing peer twice
Fix #6948
2016-06-08 12:16:50 -05:00
Adam Compton 158176aa05 replaced "if !" on line 41 with "unless"
replaced "$1" on line 51 with "Regexp.last_match(1)
restructed the print statement on line 56 to more closely match suggestion
removed "self." from line 71
changed line 78 to loop for 2 seconds insetead of 1 second
2016-06-08 09:28:08 -04:00
wchen-r7 f13d91f685 Fix a prob of printing an empty rhost from the scanner mixin 2016-06-07 19:19:39 -05:00
wchen-r7 e8304e684c
Bring #6793 up to date with upstream-master 2016-06-07 19:04:32 -05:00
wchen-r7 6ae4d1576e Apply fixes to symantec_brightmail_ldapcreds.rb 2016-06-07 19:01:58 -05:00
Adam Compton 75a34c4aca added a new aux module to quickly scan for Jenkins servers on the local broadcast network by sending out a udp packet to port 33848 on the broadcast address. Any Jenkins server should respond with XML data containing the Jenkins server version. 2016-06-07 16:57:06 -04:00
dmohanty-r7 9450906ca4
Correctly set Dummy param 2016-06-07 14:42:51 -05:00
dmohanty-r7 f47128ccdd
Cleanup canon_irav_pwd_extract module 2016-06-07 14:31:37 -05:00
Brent Cook f034952852
Land #6918, Added additional SAP TCP/IP ports into the sap_port_info function. 2016-06-03 08:01:04 -05:00
dmohanty-r7 a15c79347b
Add canon printer credential harvest module
Praedasploit
2016-06-02 16:07:28 -05:00
sho-luv 98cfcc65ae Added IP address to returned information.
This scanner module doesn't tell you the location of the found information. So when using the -R option to fill the RHOSTS all you get is a bunch of successful findings, however you won't know to which systems they belong.
2016-05-31 19:47:00 -07:00
wchen-r7 504a94bf76 Technically, this is form auth, not http auth 2016-05-27 18:39:25 -05:00
wchen-r7 14adcce8bf Missed the HTTPUSERNAME fix 2016-05-27 18:37:04 -05:00
wchen-r7 61f9cc360b Correct casing - should be HttpUsername and HttpPassword 2016-05-27 18:31:54 -05:00
wchen-r7 7f643a7b8d Fix syntax error 2016-05-27 18:05:24 -05:00
wchen-r7 4dcddb2399 Fix #4885, Support basic and form auth at the same time
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.

Fix #4885
2016-05-27 16:25:42 -05:00
Bruno Morisson 01a691a46c Update sap_router_portscanner.rb
Added additional SAP TCP/IP ports for sap_port_info function.

ref: https://wiki.scn.sap.com/wiki/display/TCPIP/Services
2016-05-27 14:43:16 +01:00
William Vu 3dfdf1d936
Land #6528, tilde expansion and more for OptPath 2016-05-24 16:01:59 -05:00
Jon Hart 48c25dd863
Remove need for expand_path in this module; normalize handles it now 2016-05-24 13:30:12 -07:00
Jon Hart 3df4c38e82
Use correct key file var 2016-05-24 13:28:08 -07:00
Brent Cook b613dfefb4
Land #6896, fix spelling in caidao_bruteforce_login 2016-05-19 21:54:06 -05:00
h00die 706d51389e spelling fix 2016-05-19 19:30:18 -04:00
William Vu 9c61490676 Fix some inconsistencies
Failed to catch these while editing. :(
2016-05-17 02:50:12 -05:00
Jon Hart 92d07f74ff
Remove unnecessary double expand_path 2016-05-16 17:34:12 -07:00
Jon Hart 8bccfef571
Fix merge conflict 2016-05-16 17:29:45 -07:00
Christian Mehlmauer 9357a30725
remove duplicate key 2016-05-04 22:15:33 +02:00
Brian Patterson be363411de
Land #6317, Add delay(with jitter) option to auxiliary scanner and portscan modules 2016-05-02 13:09:40 -05:00
wchen-r7 4a95e675ae Rm empty references 2016-04-24 11:46:08 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
Fakhir Karim Reda zirsalem f0d403124c Update symantec_brightmail_ldapcreds.rb 2016-04-20 18:58:12 +02:00
Karim Reda Fakhir cda104920e delete telisca abuse 2016-04-20 17:09:13 +01:00
Karim Reda Fakhir c322a4b314 added modules/auxiliary/scanner/http/symantec_brightmail_ldapcreds.rb 2016-04-20 17:01:18 +01:00
Karim Reda Fakhir 5adf5be983 add symantec bright mail ldap creds 2016-04-20 16:05:24 +01:00
Karim Reda Fakhir dfb2b95e46 Merge remote-tracking branch 'upstream/master'
Merge
2016-04-20 12:21:16 +01:00
Brent Cook 99b4d0a2d5 remove more regex-style bool checks 2016-04-09 13:49:16 -05:00
Brent Cook af7eef231c Fix a few issues with the SSL scanner
First, we need to handle public keys with strength not measured on the same bit
scale as RSA keys. This fixes handshakes for ECDSA and others.

Second, depending on the host we are talking to, we may not have a peer cert.
Handle this properly by checking first on the socket before using it.
2016-04-04 22:08:01 -05:00
William Vu 41b802a8a2 Clean up module 2016-04-01 13:54:27 -05:00
wchen-r7 75ebd08153
Land #6731, Add CVE-2015-7755 juniper backdoor 2016-03-31 17:30:38 -05:00
wchen-r7 618f379488 Update auxiliary/scanner/redis/redis_server and mixin 2016-03-31 17:14:49 -05:00
wchen-r7 4d76b0e6a5 Rm auxiliary/scanner/misc/redis_server
Please use auxiliary/scanner/redis/redis_server or
auxiliary/scanner/redis/redis_login instead
2016-03-31 17:13:08 -05:00
wchen-r7 2e7d07ff53 Fix PASSWORD datastore option 2016-03-31 17:12:00 -05:00
wchen-r7 545cb11736
Bring #6409 up to date with upstream-master 2016-03-31 17:00:56 -05:00
wchen-r7 5fdea91e93 Change naming 2016-03-31 17:00:29 -05:00
wchen-r7 f33e994050 Delete anything related to configuring/saving username 2016-03-31 16:56:54 -05:00
wchen-r7 101775a5ba
Bring #6545 up to date with upstream-master 2016-03-30 16:07:24 -05:00
h00die 7fc2c860e9 remove comment 2016-03-29 21:26:36 -04:00
h00die d35b5e9c2a First add of CVE-2015-7755 2016-03-29 21:20:12 -04:00
wchen-r7 57984706b8 Resolve merge conflict with Gemfile 2016-03-24 18:13:31 -05:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
James Lee 9e7a330ac8
OptInt -> OptPort 2016-03-16 15:47:29 -05:00
James Lee af642379e6
Fix some OptInts 2016-03-16 14:13:18 -05:00
Spencer McIntyre 4e3a188f75
Land #6401, EasyCafe server file retrieval module 2016-03-16 13:24:54 -04:00
Spencer McIntyre 9ac4ec4bfc Update the class name to MetasploitModule 2016-03-16 13:22:06 -04:00
Spencer McIntyre 53f1338ad0 Update module to remove references to print peer 2016-03-16 13:10:39 -04:00
Adam Cammack 05f585157d
Land #6646, add SSL SNI and unify SSLVersion opts 2016-03-15 16:35:22 -05:00
rwhitcroft c12cc10416 change class Metasploit to MetasploitModule 2016-03-14 17:57:29 -04:00
rwhitcroft dd53625f4a change Metasploit3 to Metasploit to satisfy travis 2016-03-14 16:52:02 -04:00
rwhitcroft a26c90fd41 fix RPORT option 2016-03-14 16:27:44 -04:00
wchen-r7 38153d227c Move apache_karaf_command_execution to the SSH directory
apache_karaf_command_execution does not gather data, therefore
it is not suitable to be in the gather directory.
2016-03-14 00:32:59 -05:00
William Vu 6323f7f872 Fix a couple overlooked issues 2016-03-13 23:35:05 -05:00
Brent Cook df0ff30468
Land #6642, make ipv6_neighbor_router_advertisement discovery smarter 2016-03-13 16:53:11 -05:00
Brent Cook 635e31961a generate valid prefixes 2016-03-13 16:44:57 -05:00
Fakhri Zulkifli 45c7e4b6ae Update ipv6_neighbor_router_advertisement.rb 2016-03-09 11:21:24 +08:00
Fakhri Zulkifli e417909111 Update ipv6_neighbor_router_advertisement.rb 2016-03-09 11:21:07 +08:00
rwhitcroft f155477edf improve description and change behavior to keep trying on connection errors 2016-03-08 12:33:17 -05:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
wchen-r7 c2f99b559c Add documentation for auxiliary/scanner/http/tomcat_enum
Also fix a typo in normalizer
2016-03-07 15:39:15 -06:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names"
This reverts commit 666ae14259.
2016-03-07 13:19:55 -06:00
Brent Cook 44990e9721 Revert "change Metasploit4 class names"
This reverts commit 3da9535e22.
2016-03-07 13:19:48 -06:00
Brent Cook aa5b201427 Revert "revert ssl_login_pubkey for now"
This reverts commit 7d773b65b6.
2016-03-07 13:19:33 -06:00
Christian Mehlmauer 7d773b65b6
revert ssl_login_pubkey for now 2016-03-07 14:44:23 +01:00
Christian Mehlmauer 3da9535e22
change Metasploit4 class names 2016-03-07 09:57:22 +01:00
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook eea8fa86dc unify the SSLVersion fields between modules and mixins
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
Brent Cook 66c697d2e4
Land #6602, update author info for dahua_dvr_auth_bypass 2016-03-06 15:13:01 -06:00
Brent Cook 4711191def remove non-specific URL 2016-03-06 15:12:25 -06:00
Brent Cook c7c0e12bb3 remove various module hacks for the datastore defaults not preserving types 2016-03-05 23:11:39 -06:00
Fakhri Zulkifli b1e9f44ca2 IPv6 Neighbor Advertisement Enhancement
http://seclists.org/nmap-dev/2011/q2/79

1. Shorten router advertisement payload lifetime.
2. Randomize address prefix.
3. Prevent from getting into default router list.
2016-03-06 03:23:37 +08:00
rwhitcroft ded5b58733 one more style fix 2016-03-01 10:20:39 -05:00
rwhitcroft 4b10331cf0 style fixups 2016-03-01 10:18:25 -05:00
William Vu c5a9d59455
Land #6612, one final missing change 2016-02-29 15:08:42 -06:00
William Vu cb0493e5bb Recreate Msf::Exploit::Remote::Fortinet
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
William Vu a6a37b3089
Land #6612, missing commits included 2016-02-29 14:06:21 -06:00
William Vu 300fdc87bb Move Fortinet backdoor to module and library 2016-02-29 12:06:33 -06:00
wchen-r7 2950996cb8
Land #6612, Add aux module for Fortinet backdoor 2016-02-29 12:02:49 -06:00
William Vu 53d703355f Move Fortinet backdoor to module and library 2016-02-29 11:57:42 -06:00
rwhitcroft f735a904ff create owa_ews_login module, modify HttpClient to accept preferred_auth option 2016-02-28 22:01:05 -05:00
wchen-r7 051506694f
Land #6574, add Linknat Vos Manager Traversal aux module 2016-02-25 22:02:56 -06:00
wchen-r7 2e268a25da
Land #6596, Apache Karaf Login Utility 2016-02-25 14:39:51 -06:00
wchen-r7 aa7c3f01a8 Update name and description 2016-02-25 14:39:19 -06:00
wchen-r7 7e25c7b87b Handle OpenSSL::Cipher::CipherError
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
2016-02-25 14:35:37 -06:00
William Vu 7d20e26a35 Move to aux/scanner/ssh 2016-02-25 11:22:50 -06:00
William Vu f52f44cde0 Remove session_setup, since we're not in a shell
A real shell. A real human bean.
2016-02-25 11:21:45 -06:00
Tyler Bennett ff3a554b4d added an unless to wrap around the print and report_creds func for nas module to only execute if ftpuser and ftppass is non-blank 2016-02-24 13:53:30 -05:00
Tyler Bennett 16d7b2e6ff cleaned up unless code for nas module and setup ftpuser and ftppass to only if non blank 2016-02-23 17:37:47 -05:00
dmohanty-r7 6aa6280eff
Try USERNAME before DEFAULTCRED 2016-02-23 13:44:44 -06:00
Tyler Bennett 4eabe43273 fixed issues with capturing regex 2016-02-23 12:27:07 -05:00
Tyler Bennett c191e5b8e1 corrected authors file and cleaned up debug statements 2016-02-23 11:41:12 -05:00
Jon Hart c79eab2c7f
Land #6241, @talos-arch3y's aux module for Dahua DVR CVE-2013-6117 2016-02-23 08:20:54 -08:00
dmohanty-r7 07ac13326e
Allow user to try other login credentials 2016-02-22 17:47:32 -06:00
dmohanty-r7 c0180b23fa
Update description 2016-02-19 13:39:13 -06:00
dmohanty-r7 33aaeb4ac9
Update authors 2016-02-19 11:53:17 -06:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
nixawk 7ca0255ea1 Module should not be marked executable 2016-02-15 12:57:43 +08:00
nixawk f35230b908 add Linknat Vos Manager Traversal 2016-02-15 12:39:40 +08:00
Spencer McIntyre c9c4f49aca Add get_file method and parse the server response 2016-02-13 17:20:37 -05:00
William Vu 5f0add2a8b
Land #6541, typo fix for cisco_ssl_vpn 2016-02-09 17:13:24 -06:00
William Vu 240cbb91be s/resp/res/ 2016-02-09 17:12:09 -06:00
alexandrinetorrents c0a8b01c2b Addition of multiple read/write to auxiliary/scanner/scada/modbusclient.rb 2016-02-08 13:13:51 +01:00
wchen-r7 cd7046f233 Change method name "method" to "http_method" for http_traversal.rb
We accidentally override "#method", which is bad.
2016-02-07 23:15:46 -06:00
Brendan Coles 40633ea7cd Check filepath length 2016-02-08 01:11:18 +00:00
Brendan Coles df825913b8 Use default timeout 2016-02-07 07:11:47 +00:00
Brendan Coles e0e67f5507 Remove unnecessary check for FILEPATH 2016-02-07 02:05:15 +00:00
wchen-r7 2171c344e5 Fix #6539, correct a typo in report_cred
Fix #6539
2016-02-06 13:23:21 -06:00
Jon Hart cd86db2734
Update ssh_identify_pubkeys to support symbolic path names 2016-02-03 14:21:54 -08:00
Jon Hart 53d4e31844
Allow OptPath to valid symbolic paths that need expansion 2016-02-03 14:12:03 -08:00
Jon Hart 49beca4e40
Fix ssh_identify_pubkeys to accept keyfiles with authorized commands
Previously, something like this would fail:

command="/some/script.sh" ssh-rsa adsfadfa root@whatever

This format is valid authorized_keys and should work here too.  It does
now.
2016-02-03 13:50:17 -08:00
Jon Hart dbcef2c755
Deregister unused options 2016-02-03 13:20:30 -08:00
James Lee 47c0a3b4a7
Get some stragglers that had a different format 2016-02-01 16:21:10 -06:00
James Lee 8094eb631b
Do the same for aux modules 2016-02-01 16:06:34 -06:00
wchen-r7 f5ee6ce2f3 Better service reporting for snmp_login
Report the snmp string and update the module title & description
to better clarify what the module really does.
2016-02-01 12:24:19 -06:00
Brent Cook cd56470759
Land #6493, move SSL to the default options, other fixes 2016-01-29 11:09:51 -06:00
Brent Cook 115c63e4ba karaf default credential scanner PoC 2016-01-27 03:27:48 -05:00
wchen-r7 6187354392
Land #6226, Add Wordpress XML-RPC system.multicall Credential BF 2016-01-23 00:12:46 -06:00
wchen-r7 064af0d670 Remove unwanted comment 2016-01-23 00:11:58 -06:00
KINGSABRI ad3eed525b Handing newer version of WP, fallback CHUNKSIE to 1 2016-01-23 08:06:27 +03:00
wchen-r7 53e9bd7f51 This line does nothing 2016-01-22 18:55:45 -06:00
wchen-r7 0f9cf812b7 Bring wordpress_xmlrpc_login back, make wordpress_multicall as new 2016-01-22 18:54:20 -06:00
wchen-r7 91db2597c7 normalize URIs 2016-01-22 11:27:26 -06:00
wchen-r7 b02c762b93 Grab zeroSteiner's module/jenkins-cmd branch 2016-01-22 10:17:32 -06:00
Christian Mehlmauer 484d57614a
remove re-registered ssl options 2016-01-22 09:54:52 +01:00
wchen-r7 216986f7af Do API documentation, rspec, and other small changes 2016-01-21 17:22:14 -06:00
KINGSABRI a8feb8cad5 make passwords faster for reading huge wordlest files 2016-01-21 03:32:50 +03:00
KINGSABRI 4cb19c75a6 Enhance the module and add version check 2016-01-21 03:19:31 +03:00
wchen-r7 fcaef76215 Do a version check
This attack is not suitable for newer versions due to the
mitigation in place.
2016-01-20 17:14:44 -06:00
nixawk ad107a2d1c Show - No Auth Required - Just Once 2016-01-19 08:29:33 +08:00
nixawk 0b78406d29 clear Metasploit::Framework::LoginScanner::REDIS.new 2016-01-16 13:12:04 +08:00
nixawk b2983e1ee7 replace #{rhost}: #{rport} with #{peer} 2016-01-16 13:05:35 +08:00
nixawk 2abaca3f6b include Msf::Auxiliary::Redis / Remove default RPORT option 2016-01-16 12:58:02 +08:00
Karim Reda Fakhir d5dd5d55a6 modified: modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb
modified:   modules/auxiliary/voip/telisca_ips_lock_abuse.rb
2016-01-14 11:06:26 +00:00
Fakhir Karim Reda aae86d8bc0 new file: modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb 2016-01-14 00:12:55 +00:00
Fakhir Karim Reda 01b8302db1 delte modules/auxiliary/scanner/voice/telisca_ips_lock_abuse.rb 2016-01-13 23:19:35 +00:00
Karim Reda Fakhir 8b03b719e8 Adding auxialiary modules :
+ symantec_brightmail_ldapcreds.rb
+ telisca_ips_lock_abuse.rb
2016-01-13 15:19:07 +00:00
Jonathan Harms 5266860cec Squashed more commits back into 1 2016-01-07 17:53:49 -06:00
Tyler Bennett c245e64239 added peer to each print statement and rex table 2016-01-06 13:22:30 -05:00
wchen-r7 6e65d1d871
Land #6411, chinese caidao asp/aspx/php backdoor bruteforce 2016-01-06 12:03:17 -06:00
nixawk a54a7aeb02 redis only need password for authentication 2016-01-06 17:05:49 +08:00
wchen-r7 bdda8650a2 Do not support username, because the backdoor doesn't use one 2016-01-06 02:02:11 -06:00
Jon Hart d626d7f0c9
Land #6416, @all3g's rewrite/improvements to redis_server 2016-01-05 19:02:26 -08:00
Jon Hart 90ea88e5ba
Make command used configurable 2016-01-05 16:23:10 -08:00
Jon Hart 3ccdd12ecb
Put peer first in all prints 2016-01-05 16:09:50 -08:00
Jon Hart 1d997234cb
Remove unnecessary degistering of RHOST 2016-01-05 16:08:18 -08:00
Tyler Bennett aa2922e6c3 added in verbose mode for ddns and fixed report_email_creds issue 2016-01-05 14:54:48 -05:00
nixawk 8a76bbafff Add peer to vprint_error 2016-01-06 01:51:23 +08:00
Jon Hart eef154420b This is a scanner, so vprint things that occur frequently 2016-01-05 09:06:36 -08:00
Jon Hart 63324bd77d Rescue correct exceptions 2016-01-05 09:05:32 -08:00
Jon Hart 1b48556456 Use cleaner hash syntax 2016-01-05 09:05:32 -08:00
nixawk 9714923824 ensure disconnect / remove self.class from register_options 2016-01-06 00:54:54 +08:00
William Vu 6cb9ad0d72
Land #6435, unaligned def/end fix 2016-01-05 09:59:25 -06:00
nixawk c3158497c0 rebuild / add check_setup / send_request 2016-01-05 15:10:26 +08:00
nixawk cbbbd9a7e7 end is not aligned with def 2016-01-05 14:07:43 +08:00
nixawk 20cd156047 replace auxiliary/scanner/misc/redis_server with auxiliary/scanner/redis/redis_server 2016-01-05 13:14:40 +08:00
William Vu 3990c021c2
Land #6318, updates for ssh_identify_pubkeys 2016-01-04 13:27:38 -06:00
William Vu 6f01df3f79 Clean up module 2016-01-04 13:26:03 -06:00
William Vu 58c047200d
Land #6305, creds update for owa_login 2016-01-04 10:52:39 -06:00
nixawk a6914df3e3 rename LOGIN_URL to TARGETURI 2015-12-31 22:21:34 +08:00
nixawk 370351ca88 chinese caidao asp/aspx/php backdoor bruteforce 2015-12-31 15:17:01 +08:00
nixawk a929dc0e35 add redis_login 2015-12-30 18:54:25 +08:00
Brendan Coles 47261c27d4 Add EasyCafe Server Remote File Access module 2015-12-27 12:00:50 +00:00
Brent Cook e23b5c5435
Land #6179, add NTP initial crypto nak spoofing module 2015-12-24 15:46:18 -06:00
Jon Hart 283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart 27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL 2015-12-24 09:05:02 -08:00
Jon Hart cb752a4bcf
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb 2015-12-24 07:46:23 -08:00
Jon Hart c55f61d2d7
Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/smtp.rb 2015-12-24 07:44:36 -08:00
wchen-r7 cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
wchen-r7 7d8ecf2341 Add Joomla mixin 2015-12-18 21:14:04 -06:00
Brent Cook 0c0219d7b7
Land #6357, cleanup redis rdbcompression options 2015-12-17 10:45:11 -06:00
Jon Hart f3ac8a2cc0
Land #6360, @pyllyukko's reference cleanup for ipmi_dumphashes 2015-12-16 22:03:40 -08:00
Jon Hart 865e2a7c18
Only test/reset rdbcompression if told to and redis is configured that way 2015-12-16 11:20:13 -08:00
Jon Hart f616ee14a8
Dont abort if compression can't be disabled 2015-12-16 11:11:00 -08:00
Jon Hart 12764660b2
Remove compression bits from description; remove unnecessary module options; require DISABLE_RDBCOMPRESSION 2015-12-16 11:07:27 -08:00
pyllyukko d110c6cc73
Added few references to ipmi_dumphashes 2015-12-16 13:36:37 +02:00
nixawk 342ce05ff7 add a DISABLE_RDBCOMPRESSION option for redis file_upload 2015-12-16 04:28:52 +00:00
Tyler Bennett 5bb8dbcafc added peer to users table 2015-12-15 16:45:45 -05:00
Tyler Bennett 797bd9e04d added peer to each table and added each users groups to the users table 2015-12-15 16:31:25 -05:00
Jon Hart b78f7b4d55
Land #6319, @all3g's module for abusing redis to achieve file uploads 2015-12-14 18:00:44 -08:00
Tyler Bennett bda6c940cf fixed issues with printing of tables and cleaned up output a bit removed unecessary prints 2015-12-14 16:23:18 -05:00
Jon Hart e448bc3e27
If saving fails, print_error and mention permissions 2015-12-14 10:47:05 -08:00
Jon Hart 19acd366d6 Rename redis file upload module; remove the 'auth' part 2015-12-14 10:40:28 -08:00
Vex Woo dee23e4bda Merge pull request #3 from jhart-r7/pr/fixup-6319
Cleanup redis unauth_file_upload, move redis stuff to mixin
2015-12-12 03:32:05 +00:00
Jon Hart 9ef46140c0
Improve output when success 2015-12-11 10:10:44 -08:00
Jon Hart 32a64c3d8e
Make auth easier, work automatically and on older redis versions
Also, improve check
2015-12-11 10:04:47 -08:00
Jon Hart ac47c87af4
Move Password option to redis mixin 2015-12-11 08:53:11 -08:00
Jon Hart 38d0b0a0f2
Wire in @all3g's redis auth code 2015-12-11 08:42:59 -08:00
Tyler Bennett c000e590d4 verified table values are correctly typed as Strs, but it still fails to print the tables 2015-12-10 15:51:59 -05:00
Jon Hart 555e52e416
Document the redis upload process more 2015-12-10 09:35:46 -08:00
Jon Hart 48a27170c2
Document process better, delete correct key 2015-12-10 09:13:13 -08:00
Jon Hart d2f54af23f
Reset the dir and dbfilename back to their original settings 2015-12-10 08:56:24 -08:00
Jon Hart 21ab4e96e5
First pass at redis mixin 2015-12-10 08:29:59 -08:00
nixawk 0d8fc78257 make code more clear 2015-12-10 15:13:50 +00:00
nixawk 42013c18ba add a password option - AUTH_KEY 2015-12-10 08:24:47 +00:00
nixawk 28bc5b4d4f move it from exploit to auxiliary 2015-12-10 08:23:38 +00:00
Jon Hart 4cc7853ad8
Don't run_host unless check returns vulnerable; report_service 2015-12-09 18:33:40 -08:00
Jon Hart 624e5aeffa
First pass at converting redis module to aux; style cleanup 2015-12-09 17:59:48 -08:00
Tyler Bennett c2ef7be217 cleaned up regex isseus and added the appropriate rex tables. Having issues with printing them due to type errors, but Im working on it 2015-12-09 17:49:38 -05:00
Tyler Bennett e574c844de added rex table for channels func, has an issues with TypeError no implicit conversion of String into Integer upon building the table 2015-12-08 18:19:30 -05:00
Tyler Bennett 48cd350711 updated authors list with contributors 2015-12-08 16:29:00 -05:00
Tyler Bennett 92d56cd050 cleaned up uncessary Rex Tables working on the rest of them for users, groups and channels 2015-12-08 16:24:47 -05:00
Tyler Bennett 75e31c252e added rex table for nas settings, still working on users and hashes rex table 2015-12-07 14:48:28 -05:00
Tyler Bennett 3d892bd1d6 added rex table for grab_email func instead of printing out values 2015-12-07 10:37:36 -05:00
Tyler Bennett 069a50e1b8 Revert "fixed ddns_creds import issue, by using rhost and commenting why it needs to be used"
Reverting to hopefully force a fix for issue #3968
2015-12-07 09:41:46 -05:00
Stuart Morgan ca023b6499 Simplified do_report() to comply with msftidy 2015-12-05 23:27:28 +00:00
Stuart Morgan 4f1f755c1d msftidy 2015-12-05 22:49:40 +00:00
Stuart Morgan 4469e9b5ef Finalised module 2015-12-05 22:45:08 +00:00
Stuart Morgan bd1bf4aa72 Initial test, fixed noteswq 2015-12-05 21:19:34 +00:00
Stuart Morgan 09c58e4097 Massive rework of the storage/notes/reporting 2015-12-05 21:18:29 +00:00
Stuart Morgan 1101edbcd3 argh, forgot the comma! 2015-12-05 16:24:10 +00:00
Stuart Morgan 28202745ab Removed EOL spaces (msftidy) 2015-12-05 15:33:04 +00:00
Stuart Morgan 12561e5cf9 Add delay/jitter to xmas scan 2015-12-05 15:32:47 +00:00
Stuart Morgan e190dcb61a Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_delay_jitter_to_scan 2015-12-05 15:25:11 +00:00
Stuart Morgan 5965867fdc Added 'milliseconds' unit description to JITTER parameter for clarity 2015-12-05 15:23:31 +00:00
Stuart Morgan a46031a85c Added delay/jitter to syn scan 2015-12-05 15:23:00 +00:00
Stuart Morgan 40d3ebbc94 Added delay/jitter to ftpbounce scan 2015-12-05 15:22:52 +00:00
Stuart Morgan 33563129c1 Added delay/jitter to ACK 2015-12-05 15:22:41 +00:00
Stuart Morgan efa2f5aa1c Added delay/jitter feature to ACK scan 2015-12-05 15:14:22 +00:00
Stuart Morgan 0e96a71232 Update 2015-12-05 15:12:40 +00:00
Stuart Morgan cc770ab120 Removed unneeded comments 2015-12-05 14:59:33 +00:00
Stuart Morgan 734cb128e0 Changed jitter to be absolute, not relative, and put threads option back in 2015-12-05 14:57:47 +00:00
Stuart Morgan ba13b88aad Apparently rand(2) will give you 0 and 1....rand(1) exclusively gives 0. Must read the man pages more.... 2015-12-05 14:25:30 +00:00
Stuart Morgan d5e433df87 Removed THREADS option because it isn't used, and added DELAY and JITTER options 2015-12-05 14:23:33 +00:00
Tyler Bennett 385e5a9fe1 fixed more rubocop issues with the rex table for ddns 2015-12-04 15:28:01 -05:00
Tyler Bennett 4e0ab9b68f fixed ddns_creds import issue, by using rhost and commenting why it needs to be used 2015-12-04 15:10:02 -05:00
Tyler Bennett 6ce54f15ee added rex table for ddns func 2015-12-04 14:46:26 -05:00
Tyler Bennett 16e4d6a727 fixedd more rubocop errors, still needs work 2015-12-04 14:08:18 -05:00
Jon Hart 72f7efd042
Lots of style cleanup 2015-12-03 15:39:27 -08:00
Jon Hart 4b30a56f15
Add a few missing connects 2015-12-03 15:22:27 -08:00
Jon Hart 7346c528cd
Fix indentation 2015-12-03 15:21:06 -08:00
Jon Hart 6c31946995
Slightly simplify regex 2015-12-03 15:19:35 -08:00
Jon Hart 98096ab71c
Remove useless assignment 2015-12-03 15:16:54 -08:00
Jon Hart 504f6874f2
Convert to actions 2015-12-03 15:15:48 -08:00
Jon Hart 93cd3446db
Minor cleanup of some print_ lines 2015-12-03 15:01:27 -08:00
Jon Hart 753eddbbd6
Correct true/false for optional options, default values 2015-12-03 14:53:27 -08:00
Tyler Bennett 9d71ff6b9d cleaned up a few misc prints and added in logic if mailport is empty 2015-12-03 15:51:49 -05:00
Tyler Bennett 3d617efa88 added code to parse mailport from config 2015-12-03 15:36:08 -05:00
Tyler Bennett 0d89dde4a6 changed sock.get to sock.get_once and fixed booleans hopefully. Still cleaning things up but its getting closer 2015-12-03 12:51:48 -05:00
r3naissance db5c69226e
Add Usernames to Creds Database with owa_login.rb 2015-12-03 09:31:36 -07:00
Jon Hart fdbd3cfc11
Fix minor style problems, call check() from run_host 2015-12-02 15:46:35 -08:00
Tyler Bennett a8887e6b77 firts iteration of moving each payload to its own function and setting optional vars, cleaning up rubocop warnings as well 2015-12-02 16:33:09 -05:00
Tyler Bennett ca496a376f set username as a requirement and added note about randomly assinged password for user if not set 2015-12-02 14:16:36 -05:00
James Lee 98a0ddebda
Land #6298, Advantech shellshock module 2015-12-01 11:37:09 -06:00
HD Moore 16d0d53150 Update Shellshock modules, add Advantech coverage 2015-12-01 10:40:46 -06:00
Tyler Bennett 36f48dc945 cleaned up required opts, only left needed vars to run the rest are optional based on user preference 2015-12-01 11:02:14 -05:00
Tyler Bennett 5e9a0ab3ff removed version var in initialize method 2015-12-01 10:57:16 -05:00
Tyler Bennett cb60b41d5d added in fixes and missing typos, randomized the password for the user 2015-12-01 10:43:58 -05:00
Kyle Gray bd8177bf6c
Merge remote-tracking branch 'origin/pr/6284'
Land #6284, fix for false negatives found in #6281

@wvu found some false negatives while testing a server for #6281
2015-11-30 16:09:42 -06:00
Christian Mehlmauer 920d8c6ad7
Land #6278, wrong default option for RHOST 2015-11-26 06:49:25 +01:00
Jon Hart 8fd2522a59
Land #6257, @all3g's aux module for locating git repos over HTTP 2015-11-25 12:25:45 -08:00
Jon Hart a56571479f
Remove WmapScanServer mixin; not needed 2015-11-25 11:38:32 -08:00
William Vu 2da9bb8578 Follow redirects in apache_userdir_enum
Found false negatives while testing a server for #6281.
2015-11-25 13:27:06 -06:00