8c23e8c2e8
ruby 2.2 compatibility
...
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222
2014-12-18 17:21:26 -08:00
eb47ca593e
update desc to include domain admin information
2014-12-13 13:01:41 -06:00
2e94280cba
mv bmc to scanner/http
2014-12-13 12:58:16 -06:00
b1f7682713
Make msftidy happy
2014-12-12 12:59:00 -06:00
493034ad10
Land #3305 , @claudijd Cisco SSL VPN Privilege Escalation exploit
2014-12-12 12:57:00 -06:00
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
51762e1194
Explicitly include the HTTP Login scanner
...
This should be the last commit that fixes #3904 .
2014-12-11 11:08:08 -06:00
b533f74024
Add a bruteforce_speed option to all LoginScanners
2014-12-11 11:06:32 -06:00
e89a399f95
Merge remote-tracking branch 'upstream/master' into add_cisco_ssl_vpn_priv_esc
2014-12-09 20:55:01 -05:00
3a978e1147
Land #4280 , frontpage_login improvements
2014-12-02 14:56:57 -06:00
0ab2e99419
Delete version from title
2014-12-01 10:24:12 -06:00
f4e20284a4
Change mixin include order
2014-12-01 10:22:20 -06:00
d85aabfed9
Use vprint by default
2014-12-01 10:20:12 -06:00
e0cb0f7966
Fix description
2014-12-01 10:19:14 -06:00
fa07b466d6
Use single quote and minor cosmetic changes
2014-12-01 09:57:29 -06:00
d5888a7f6f
Fix module options
2014-12-01 09:55:36 -06:00
47acf3487d
Do minor cleanup
...
* Prepend peer
* Use print_good when file downloaded
2014-12-01 09:53:00 -06:00
e4b3ee2811
Changed the module name.
2014-12-01 01:00:14 -02:00
ecbce679a8
Remove timeout on line 59.
2014-12-01 00:51:12 -02:00
f3957ea428
FILEPATH changed from false to true.
2014-12-01 00:48:47 -02:00
97ee975235
Deleted checking on line 48.
2014-12-01 00:46:58 -02:00
84ce573227
Deleted line 61 which returns the server status code.
2014-12-01 00:39:05 -02:00
6f6274735f
Update frontpage_login.rb
...
Vhost is now used if specified.
Added X-Vermeer-Content-Type header, which seems to be required for the RPC service otherwise server responds with:
method=
status=
status=262147
osstatus=0
msg=No "CONTENT_TYPE" on CGI environment.
osmsg=
2014-11-28 17:21:47 +00:00
d75ffc36da
Changed the description of FILEPATH
2014-11-27 00:50:34 -02:00
f8dc366f42
Add CVE-2014-7816 Directory Traversal for WildFly 8 Application
2014-11-27 00:13:29 -02:00
d4e5cd25e1
Report credentials for new login level 15
2014-11-25 16:35:16 -06:00
dc253efa19
Use Rex::Text.rand_text*
2014-11-25 16:35:06 -06:00
f20afff1a8
Do return instead of abort
2014-11-25 16:34:57 -06:00
d876efaa0f
Delete ssh_socket attribute
2014-11-25 16:34:47 -06:00
5091bc76ad
Do minor cleanup
2014-11-25 16:34:22 -06:00
c92a26e967
Update from upstream master
2014-11-25 16:30:45 -06:00
cca30b536f
Land #4094 , fixes for OWA brute forcer
...
Fixes #4083
Thanks TONS to @jhart-r7 for doing most of the work on this!
2014-11-05 14:00:26 -06:00
ff8d481eec
Update description to remove comments about defaults. Default to 2013
2014-11-04 21:21:19 -08:00
2c028ca7a6
Move redirect check before body check -- a redirect won't have a body
2014-11-04 14:19:21 -08:00
7855ede2de
Move userpass emptiness checking into setup
2014-11-04 14:07:39 -08:00
5fb268bbdf
Updates to better OWA fix
2014-11-04 14:32:54 -06:00
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
ba5035c7ef
Prevent calling match when there is no WWW-auth header
2014-10-28 17:13:57 -07:00
a5d883563d
Abort if 2013 desired but redirect didn't happen
2014-10-28 15:59:22 -07:00
7ca4ba26b0
Show more helpful vprint messages when login fails
2014-10-28 15:48:04 -07:00
bce8f34a71
Set proper Cookie header from built cookie string
2014-10-28 15:41:36 -07:00
a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response
2014-10-28 15:40:15 -07:00
9c028c1435
Fixes #4083 , make the split nil-safe
...
In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.
This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.
2014-10-28 14:59:20 -05:00
e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner
2014-10-28 01:45:57 -05:00
d799625507
Switch to vprint_good for verbose good things
2014-10-28 01:53:54 -04:00
0fa461737e
Fix null arguments syntax
2014-10-28 01:49:54 -04:00
dmooray
sinn3r
Tod Beardsley
Jon Hart
Brandon Perry
jvazquez-r7
Christian Mehlmauer
Jonathan Claudius
William Vu
Roberto Soares Espreto
Tiago Sintra
Jonathan Claudius