1778a08e98
Keeping changes away from the "ip" variable
2013-12-19 00:19:58 +00:00
7ebcd5a8c9
Option to perform host resolution on remote saprouter
2013-12-18 23:53:58 +00:00
ee87f357b0
Raise Msf::OptionValidateError when the PORTS option is invalid
...
Instead of print_error for invalid ports, modules should be raising
Msf::OptionValidateError to warn the user about the invalid input.
2013-12-18 15:04:53 -06:00
4028dcede7
Add an input check for datastore option PORTS
...
If Rex::Socket.portspec_crack returns an empty array, we assume
there are no valid ports to test, so we raise an OptionValidateError
to warn the user about it.
2013-12-18 14:55:51 -06:00
80eea97ccd
ChrisJohnRiley fix for sap_service_discovery
2013-12-17 13:31:56 -06:00
24bc10905e
Added Spaces and removed Interrupt
2013-12-16 22:12:35 +00:00
bf561fef95
Corrected Extraneous Whitespace\Newlines
2013-12-16 16:38:49 +00:00
79022c2e29
Probably should have checked it worked...
2013-12-16 11:33:08 +00:00
59003a9842
Updated Poison Ivy Scanner
2013-12-15 22:02:14 +00:00
226cd241bf
Added Poison Ivy Command and Control Scanner\n Auxiliary module to scan for Poison Ivy C&C on ports 80,8080,443 and 3460
2013-12-15 14:34:50 +00:00
999006e037
fixed some things, as suggested by jvazquez-r7
2013-12-14 19:41:31 +01:00
c59b8fd7bc
Land #2741 , @russell TCP support for nfsmount
2013-12-09 09:46:34 -06:00
291a52712e
Allow the NFS protocol to be specified in the mount scanner
2013-12-09 21:26:29 +11:00
230db6451b
Remove @peer for modules that use HttpClient
...
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
99dc9f9e7e
Fix msftidy warning
2013-12-03 00:09:51 -06:00
e37f7d3643
Use send_request_cgi instead of send_request_raw
2013-12-03 00:57:26 -05:00
14e600a431
Clean up res nil checking
2013-12-03 00:51:19 -05:00
b796095582
Use peer vs. rhost and rport for prints
2013-12-03 00:49:05 -05:00
0480e01830
Account for nil res value
2013-12-03 00:45:57 -05:00
c91d190d39
Add Cisco ASA ASDM Login
2013-12-03 00:16:04 -05:00
55847ce074
Fixup for release
...
Notably, adds a description for the module landed in #2709 .
2013-12-02 16:19:05 -06:00
8d6a534582
Change title
2013-12-02 08:54:37 -06:00
24d09f2085
Land #2700 , @juushya's Oracle ILO Brute Forcer login
2013-12-02 08:53:10 -06:00
bc41120b75
Updated
2013-11-29 12:47:47 +05:30
1109a1d157
Updated
2013-11-28 11:30:02 +05:30
3111aee866
fix match and boolean expression
2013-11-26 21:42:09 +01:00
cc60ca2e2a
Fix module title
2013-11-25 09:33:43 -06:00
cc261d2c25
Land #2670 , @juushya's aux brute forcer mod for OpenMind
2013-11-25 09:29:41 -06:00
e157ff73d3
Oracle ILOM Login utility
2013-11-25 13:55:31 +05:30
dd9bb459bf
PSEXEC Refactor
...
Move peer into mixin
PSEXEC should use the psexec mixin
2013-11-24 16:24:05 +00:00
f3b907537c
Module to identifies open Chargen service
2013-11-23 17:17:24 +01:00
266de2d27f
Updated
2013-11-23 00:01:03 +03:00
b5011891a0
corrected rport syntax
2013-11-21 08:57:45 +03:00
9539972340
Module for OpenMind Message-OS portal login
2013-11-21 06:33:05 +03:00
9f45121b23
Remove EOL spaces
2013-11-20 15:08:13 -06:00
ded56f89c3
Fix caps in description
2013-11-18 16:15:50 -06:00
f690667294
Land #2617 , @FireFart's mixin and login bruteforcer for TYPO3
2013-11-18 13:37:16 -06:00
0391ae2bc0
Delete general reference
2013-11-18 13:19:09 -06:00
1c4dabaf34
Beautify typo3_bruteforce module
2013-11-18 13:17:15 -06:00
b5fc0493a5
Land #2642 - Fix titles
2013-11-18 12:14:36 -06:00
7d22312cd8
Fix redis communication
2013-11-15 19:36:18 -06:00
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
970e70a853
Land #2626 - Add wordpress scanner
2013-11-12 11:30:23 -06:00
6a28f1f2a7
Change 4-space tabs to 2-space tabs
2013-11-12 11:29:28 -06:00
2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
...
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints
[SeeRM #8498 ]
2013-11-11 21:23:35 -06:00
48faa38c44
bugfix for wordpress_scanner
2013-11-11 00:24:32 +01:00
b472c2b195
added a wordpress scanner
2013-11-10 23:08:59 +01:00
bdd33d4daf
implement feedback from @jlee-r7
2013-11-07 23:07:58 +01:00
cc3ee5f97b
typo3_bruteforce: update msf license
2013-11-07 22:53:28 +01:00
e897c8379f
typo3_bruteforce: bugfix
2013-11-07 22:46:26 +01:00
9d616dbfe9
added typo3 bruteforcer
2013-11-07 22:38:27 +01:00
09c31f7582
Small nitpicks to catch bad http responses
2013-11-06 15:06:04 -06:00
91639dbb99
Trailing whitespace
2013-11-06 14:25:28 -06:00
079816777a
I kin spel
2013-11-06 14:22:41 -06:00
6b43d94c72
Rename, change titles/descriptions, fix minor bugs
2013-11-06 13:45:40 -06:00
b9caf091d4
Change supermicro_ipmi_traversal location
2013-11-06 12:47:50 -06:00
c132a60973
Move Supermicro web interface name to a constant
2013-11-06 12:47:50 -06:00
0609c5b290
Move private key to a constant
2013-11-06 12:47:50 -06:00
275fd5e2ba
Sort options by name
2013-11-06 12:47:50 -06:00
9f87fb33a7
Move digest calculation to a variable
2013-11-06 12:47:50 -06:00
46f0998903
Add URL refs
2013-11-06 12:47:50 -06:00
a973862c74
Add new modules
2013-11-06 12:47:50 -06:00
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
9045eb06b0
Various title and description updates
2013-10-28 14:00:19 -05:00
1fee3ce952
Land #2584 , reporting for energizer_duo_detect
2013-10-28 10:48:20 -05:00
efcfc9eef7
Land #2273 , @kaospunk's enum domain feature for owa_login
2013-10-28 09:47:54 -05:00
71a1ccf771
Clean owa_login enum_domain feature
2013-10-28 09:46:41 -05:00
e0aec13ce1
[FixRM #4397 ] Add reporting for energizer_duo_detect
2013-10-25 16:51:44 -05:00
7d788fbf76
Land #2571 - HP Intelligent Management SOM FileDownloadServlet Arbitrary Download
2013-10-24 14:15:26 -05:00
ea80c15c3b
Land #2383 , @jamcut's aux module for jenkins enum
2013-10-24 11:31:36 -05:00
8428671f32
Land #2455 , @juushya's aux module for radware
2013-10-24 10:54:02 -05:00
1673b66cbe
Delete some white lines
2013-10-24 10:50:14 -05:00
b589e9aa6e
Use the peer method
2013-10-24 10:45:02 -05:00
255cd18868
Use peer helper
2013-10-23 16:08:40 -05:00
55e3f36589
Add module for ZDI-13-242
2013-10-23 11:24:29 -05:00
a4dd53f650
Chane module filename
2013-10-22 11:16:14 -05:00
cdd183f43a
Add reporting
2013-10-22 11:15:16 -05:00
0d73275c3f
Delete not necessary check
2013-10-22 10:39:54 -05:00
c50e7c73b6
Make parsing easier
2013-10-22 10:30:03 -05:00
0cc7be0138
Use snake_case
2013-10-22 10:04:32 -05:00
e4a340b7f1
Fix small issues
2013-10-22 10:02:32 -05:00
a425e2be78
Fix typo
2013-10-22 09:28:43 -05:00
111c12ef0d
Do cosmetic changes
2013-10-22 09:28:15 -05:00
f46cdb8970
Add the correct plate
2013-10-22 09:27:37 -05:00
de0d09886c
Retab changes for PR #2383
2013-10-22 09:26:44 -05:00
0214501891
Merge for retab
2013-10-22 09:22:10 -05:00
5613cfb249
Retab changes for PR #2455
2013-10-21 15:57:23 -05:00
39d38e598d
Merge for retab
2013-10-21 15:55:48 -05:00
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
58a43e87dd
Added fixes suggested by jlee-r7
...
additional code clean up
2013-10-21 14:18:12 -04:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
09c9cba3d5
Updated code
2013-10-21 19:29:05 +05:30
183116c81f
Make module work, and final cleanup
2013-10-20 18:39:41 -05:00
aa6a24da1b
Add module template
2013-10-19 00:27:57 -05:00
ba2c52c5de
Fixed up some more weird splat formatting.
2013-10-16 16:25:48 -05:00
cc42fbc59e
Added ext .rb
...
... ext .rb why you no save.
2013-10-17 01:40:05 +05:30
f3d4229ed4
Updated code
...
msftidy compliant now. Have run it thru retab.rb, hence the indent like this.
2013-10-17 01:36:26 +05:30
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
d0b1479d5b
Use the real timeout option for DCERPC
2013-10-14 17:41:51 -05:00
e8d0292118
Use read_response class method
...
Looks like this was never implemented in other modules, but it collects
data from the socket in the usual get_once sort of way.
2013-10-14 17:24:22 -05:00
14be85ea5d
Land #2511 , fix up NoMethodError and hanging connx
2013-10-14 16:30:19 -05:00
a3af5d681b
Ensure TCP connection is closed
2013-10-14 21:53:22 +01:00
63e40f9fba
Release time fixes to modules
...
* Period at the end of a description.
* Methods shouldn't be meth_name! unless the method is destructive.
* "Setup" is a noun, "set up" is a verb.
* Use the clunky post module naming convention.
2013-10-14 15:17:39 -05:00
4b4804538f
Fixes issues based on feedback
...
This commit addresses comments made by @jvazquez-r7.
2013-10-14 16:02:29 -04:00
2a1ade2541
Add disclosure date and some explanation about it
2013-10-13 19:29:51 -05:00
e2c5e6c19f
Fix email format
2013-10-13 18:28:35 -05:00
008f787627
Add module for the dlink user-agent backdoor
2013-10-13 14:42:45 -05:00
988ac68074
Dont define the NDR syntax
2013-10-12 19:56:52 +01:00
765b55182e
Randomize client variables
...
Also tidyup indents and use predefined UUID syntax.
2013-10-12 19:52:15 +01:00
cad717a186
Use NDR 32bit syntax.
...
Compatible with both x86 and x64 systems.
Tidy up the module...
2013-10-12 18:52:45 +01:00
876d4e0aa8
Land #1420 , WDS scanner
2013-10-11 16:53:25 -05:00
a1cf9619d9
Be clear this is 64-bit only in the desc.
2013-10-11 16:52:50 -05:00
181606e7cc
Single byte description update. Adds a period.
2013-10-11 15:04:25 -05:00
63349e4664
Add OSVDB and BID references
2013-10-11 09:14:59 -05:00
b26085457f
Trying to prevent @jvazquez-r7 from crying when reading my code:
...
- Documented fields in the several tables;
- Fixed the "remote" field location on the fs_table (changed due to REXML parsing);
- Fixed Total Memory field on os_table (bug?);
2013-10-11 11:29:27 +01:00
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
09f0db7fdf
Switch to rexml parsing, add some comments and cleanup
2013-10-10 13:19:10 -05:00
9516bc5cf7
Retab changes for PR #2142
2013-10-10 11:02:51 -05:00
cdc7b75a78
Merge for retab
2013-10-10 11:02:16 -05:00
c264480651
Code cleanup, tried to implement suggestions from @jvazquez-r7. Hopefully is much more readable.
2013-10-10 11:58:33 +01:00
813013fef5
Make defaults sane for the lockoutable smb_login
...
See #2376
2013-10-04 15:53:16 -05:00
db11e88255
Land #2321 , @juushya's aux module for Sentry CDU enumeration
2013-10-04 08:35:54 -05:00
37e1e6533c
changed default options
...
Updated these default options to false:
'DB_ALL_CREDS' => false
'BLANK_PASSWORDS' => false
2013-10-04 02:48:42 +05:30
8aac3922f3
add radware_appdirector_enum
...
This module scans for Radware AppDirector's web login portal, and performs login brute force to identify valid credentials.
- mstidy.tb & retab.rb run done
- stop_on_success is set to true. Important, otherwise the app starts dropping bf source.
- slowing down brute force speed seems to work though, but can take a long time if more creds to check &| more targets
- better to run bf with 2-3 creds against range, & then come back with more creds if needed
2013-10-03 20:15:52 +05:30
773abf0567
Pow, tab assassinated.
2013-10-02 17:16:38 -05:00
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
7118f7dc4c
Land #2422 - rm methods peer & rport
...
Because they're already defined in the HttpClient mixin
2013-09-30 16:01:59 -05:00
9ada96ac51
Fix sqlmap accidental codepoint
...
See http://www.ruby-doc.org/core-1.9.3/String.html#method-i-3C-3C
Apparently, String#<< uses Integer#chr, not Integer#to_s. News to me.
Fixed originally by @TsCl in PR #2435 , but fixing seperately in order to
avoid screwing up his downstream tracking. Note, this isn't a merge, so
using Closes tag on the commit message.
[Closes #2435 ]
2013-09-30 11:23:17 -05:00
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
8696b5d2dc
Fix bug on missing hosts for SunRPC Portmap
...
Also cleans up and normalizes the print messages to follow the
conventions of "host:port - proto - message"
[FixRM #8409 ], reported by Chris F.
2013-09-26 09:42:38 -05:00
09fa7b7692
remove rport methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:50:34 +02:00
84ec2cbf11
remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:42:44 +02:00
58d4096e0f
Resolv conflicts on #2267
2013-09-25 13:06:14 -05:00
34b829abef
bugfix
2013-09-25 09:15:07 +02:00
aeb663a5d4
fix output
2013-09-24 10:48:38 +02:00
dc8f94bac1
Added wordpress version detection
2013-09-24 08:59:56 +02:00
dff26ac9ff
Used default timeout
...
forgot an additional default timeout in my previous commit
2013-09-17 11:28:46 -04:00
4aeb754112
Minor Changes
...
changed print calls to print_line
removed trailing \n's
used default timeout for send_request_cgi
2013-09-17 11:20:45 -04:00
ea367d218c
dded Jenkins vulnerability scanner
2013-09-17 10:47:59 -04:00
b4b7cecaf4
Various minor desc fixes, also killed some tabs.
2013-09-16 15:50:00 -05:00
299860b09d
Land #2329 , @kaospunk auxiliary module to enumerate ntlm info
2013-09-16 08:16:30 -05:00
4040fe4b6b
Fix style
2013-09-16 08:15:46 -05:00
149312a4c0
Correct wordpress_login_enum for #2301
...
tabassassin created a mess and I failed to resolve it properly.
Attempt #2 . See #2301 .
2013-09-12 14:56:46 -05:00
91b8ca8f22
Merge branch 'pr2301' into upstream-master
...
Conflicts:
modules/auxiliary/scanner/http/wordpress_login_enum.rb
2013-09-12 14:52:34 -05:00
f73c18ccd9
Store the Array, not human-readable version
...
[SeeRM #8389 ]
2013-09-09 16:44:47 -05:00
94cc3f0e49
Retab changes
2013-09-06 09:51:14 -05:00
73a66819ea
Merge for retab
2013-09-06 09:50:37 -05:00
7ce9d38eba
Fix module
2013-09-06 09:49:52 -05:00
8bc83f4922
Retab changes for PR #1420
2013-09-05 16:21:26 -05:00
d6a7ce5328
Merge for retab
2013-09-05 16:21:13 -05:00
f5a4c05dbc
Retab changes for PR #2267
2013-09-05 14:11:03 -05:00
4703a10b64
Merge for retab
2013-09-05 14:10:58 -05:00
015ac6d92c
Retab changes for PR #2273
2013-09-05 14:09:44 -05:00
e25ec2d2f9
Merge for retab
2013-09-05 14:09:39 -05:00
abb52a086c
Retab changes for PR #2316
2013-09-05 13:33:59 -05:00
8665de0261
Merge for retab
2013-09-05 13:33:49 -05:00
0a1a202fb5
Retab changes for PR #2329
2013-09-05 13:04:23 -05:00
760943af2f
Merge for retab
2013-09-05 13:02:51 -05:00
c44be42cf5
Merge the check for Sentry in just one request
2013-09-05 10:41:20 -05:00
d280d45964
Revert "Updated module - 1 req action"
...
This reverts commit f85b9aa780
2013-09-05 10:35:13 -05:00
f85b9aa780
Updated module - 1 req action
...
Modified the code to have it work with 1 request instead of 3. Thanks Meatballs1!
2013-09-05 20:04:02 +05:30
9f628b8b63
Add URI where information was discovered
...
This adds the URI where the information was enumerated from to the
scanner output.
One more place where target_uri was being used was also corrected.
2013-09-05 10:06:11 -04:00
afaab5e0a6
Fixes issues raised by jvazquez-r7
...
This commit fixes the following issues raised by jvazquez-r7:
* The local target_uri variable has been renamed to test_uri
* Logic to prepend a "/" to the uri has been removed
* The timeout of 10 for send_request_cgi has been removed to use the
default
2013-09-05 09:34:35 -04:00
533643fe2c
Host Information Enumeration via NTLM Authentication
...
This aux module makes requests to resources on the target server in
an attempt to find resources which permit NTLM authentication. For
resources which permit NTLM authentication a blank NTLM type 1 message
is sent to enumerate a a type 2 message from the target server. The type
2 message is then parsed for information such as the Active Directory
domain and NetBIOS name.
The user can provide their own TARGETURIS file which contains URIs
to request to attempt to get a 401 with NTLM. This PR also includes
a list of URLs that can be used as the default.
2013-09-04 21:39:02 -04:00
3786376b42
Aux module for Sentry CDU enum
2013-09-03 14:44:03 +05:30
560d384633
Do first modification to Auxiliary::Login and Auxiliary::AuthBrute
2013-08-31 23:38:04 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
a574b548b2
Updated wordpress_login_enum auxilary module.
...
Update wordoress_login_enum to work when the wordpress site redirects
to /author/[authorname]/ rather than displaying the author's name in
the page contents.
2013-08-29 15:28:46 +01:00
b9360b9de6
Land #2286 , @wchen-r7's patch for undefined method errors
2013-08-26 20:46:05 -05:00
85ed9167f2
Print target endpoint
...
If a module consistently print the target endpoint in all its print
functions, then we'll follow that.
2013-08-26 17:51:43 -05:00
9f8051161f
Properly implement normalize_uri
2013-08-26 17:18:00 -05:00
c660279963
Land #2259 , @wchen-r7's patch for [SeeRM #8319 ]
2013-08-26 16:36:45 -05:00
3769da2722
Better fixes
2013-08-26 14:02:45 -05:00
8c7f4b3e1f
Avoid using inline rescue
2013-08-26 13:54:06 -05:00
035258389f
use feed first before trying to bruteforce
2013-08-25 10:16:43 +02:00
5f7ccf1cbe
naming..again
2013-08-24 18:58:00 +02:00
7cd150b850
another module
2013-08-24 18:42:22 +02:00
c40252e0b3
bugfixing
2013-08-24 00:04:16 +02:00
a863005d33
Removed blanks at EOL
...
Fixed blanks at EOL per msftidy messages
2013-08-22 14:20:42 -04:00
7e098e4d6b
Domain enumeration put in own function
...
The code to enumerate the AD domain is now in its own function
Additionally, a new advanced option has been added which controls
whether or not the domain enumeration will occur so that if it is
not wanted the user can disabled it. By default this is set to
enumerate the AD domain.
If AD_DOMAIN is already specified then this will be used and no
auto enumeration will occur.
2013-08-22 14:16:00 -04:00
7e0b26e932
Minor fixes to syntax and error handling
2013-08-22 13:23:39 -04:00
cdcfa88fa3
Enumerate AD Domain via NTLM Authentication
...
Add functionality to attempt an NTLM auth against common directories
to try to enumerate the AD domain. If a domain is found this will be
prepended to the authentication requests, otherwise it's business as
usual.
2013-08-22 12:26:14 -04:00
556f17c47e
Move modules
2013-08-22 17:33:35 +02:00
8456d2c0ec
remove target_uri
2013-08-22 00:48:42 +02:00
959553583f
-) revert last commit
...
-) split into seperate modules
2013-08-22 00:45:22 +02:00
009d8796f6
wordpress is now a module, not a mixin
2013-08-22 00:05:58 +02:00
2e9a579a08
implement @limhoff-r7 feedback
2013-08-21 21:05:52 +02:00
ffdd057f10
-) Documentation
...
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
655e2dcf6c
more methods
2013-08-21 13:13:41 +02:00
11ef8d077c
-) added wordpress mixin
...
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
89753a6390
Fix undefined method error
...
[FixRM #8323 ]
2013-08-21 01:22:27 -05:00
92752de651
Fix undefined method error
...
[FixRM #8324 ]
2013-08-21 01:20:57 -05:00
77942f0d29
Fix undefined method error
...
[FixRM #8325 ]
2013-08-21 01:20:03 -05:00
2fa75e0133
Fix undefined method error
...
[FixRM #8325 ]
2013-08-21 01:16:49 -05:00
be29e44788
Fix undefined method error
...
[FixRM #8328 ]
2013-08-21 01:15:07 -05:00
ae8c40c8f7
Fix undefined method error
...
[FixRM #8329 ]
2013-08-21 01:10:46 -05:00
42a7766f1b
Fix undefined method error
...
[FixRM #8330 ]
2013-08-21 01:09:24 -05:00
0f85fa21b4
Fix undefined method error
...
[FixRM #8331 ]
2013-08-21 01:08:19 -05:00
Bruno Morisson
sinn3r
jvazquez-r7
SeawolfRN
Matteo Cantoni
Russell Sim
Jonathan Claudius
Tod Beardsley
Karn Ganeshen
Meatballs
William Vu
FireFart
HD Moore
jvazquez-r7
jamcut
kaospunk
James Lee
Tabassassin
rbsec