Jon Hart
bb00c97f46
Add a CERT reference
2014-08-26 08:29:28 -07:00
Jon Hart
40fe2fd3a9
Remove DRDoS references, as this just proves amplification
2014-08-26 08:23:50 -07:00
Jon Hart
10f52d8765
Use MX of 1 to speed up responses from endpoints that respect it
2014-08-26 08:00:30 -07:00
Jon Hart
333c3a90ae
Space between SSDP headers and values, which is sometimes required
2014-08-26 07:57:59 -07:00
Jon Hart
337cd02dd7
Change Auxiliary::DRDoS' prove_drdos to prove_amplification
2014-08-26 07:48:44 -07:00
Jon Hart
04fbd07a16
vprint_error in the unlikely event we get an unexpected response
2014-08-26 07:30:14 -07:00
Jon Hart
79b05db409
Correct minor style issues
2014-08-26 07:26:30 -07:00
xistence
63b75a0093
SSDP Amplification module changes
2014-08-26 16:03:32 +07:00
xistence
a90d142140
Add UPnP SSDP Amplication Scanner
2014-08-26 12:53:14 +07:00
Tod Beardsley
6d9833e32b
Minor pre-release updates with descriptions
2014-08-25 13:34:45 -05:00
Tod Beardsley
03a1f4455d
No need to escape single quotes in %q{} strigns
2014-08-25 13:03:33 -05:00
Tod Beardsley
2f87c880df
Add link to blog post for NTP modules
2014-08-25 12:58:10 -05:00
William Vu
1ee83ff57e
Land #3696 , pile of NTP DRDoS 0days
...
Dr. DoS in da house?
2014-08-25 11:47:28 -05:00
William Vu
7a76efa7f7
Add reference and disclosure date
2014-08-25 11:46:47 -05:00
OJ
a39f7b94ec
Land #3684 - IP Board Login Scanner
2014-08-25 11:54:42 +10:00
Christopher Truncer
302e4025ba
Removed unnecessary function
2014-08-24 20:45:28 -04:00
Christopher Truncer
2b59063d6c
Updated based on feedback
2014-08-24 19:53:29 -04:00
jvazquez-r7
c20b4dc0ff
Land #3645 , @jlee-r7's fix for mremoge credentials gather module
2014-08-24 15:53:29 -05:00
Christopher Truncer
84f4fa5c76
Updated module based on feedback
2014-08-22 21:16:53 -04:00
jvazquez-r7
0737d0dbd5
Refactor auxiliary module
2014-08-22 17:05:45 -05:00
jvazquez-r7
0031913b34
Fix nil accesses
2014-08-22 16:19:11 -05:00
jvazquez-r7
9ef09a7725
Pass msftidy
2014-08-22 13:24:59 -05:00
jvazquez-r7
38e6576990
Update
2014-08-22 13:22:57 -05:00
jvazquez-r7
e93fbbd904
Land #3685 , @pedrib's exploit for CVE-2014-3996
2014-08-22 11:45:41 -05:00
jvazquez-r7
cf147254ad
Use snake_case in the filename
2014-08-22 11:44:35 -05:00
jvazquez-r7
823649dfa9
Clean exploit, just a little
2014-08-22 11:43:58 -05:00
jvazquez-r7
9815b1638d
Refactor pick_target
2014-08-22 11:31:06 -05:00
Joe Vennix
95fbb8f1b7
Land PR #3672 , dmaloney-r7's login scanner credential rework.
2014-08-22 11:15:32 -05:00
jvazquez-r7
ecace8beec
Refactor check method
2014-08-22 11:05:36 -05:00
Brandon Turner
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63
and
82760bf5b3
).
We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3
).
This merge commit merges the staging/electro-release branch
(62b81d6814
) into master
(48f0743d1b
). It ensures that any changes
committed to master since the original squashed merge are retained.
As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
jvazquez-r7
ced65734e9
Make some datastore options advanced
2014-08-22 10:26:04 -05:00
jvazquez-r7
b4e3e84f92
Use CamelCase for target keys
2014-08-22 10:23:36 -05:00
jvazquez-r7
b58550fe00
Indent description and fix title
2014-08-22 10:21:08 -05:00
Brandon Turner
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
.
Conflicts:
lib/metasploit/framework/command/base.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/require.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/smb/smb_login.rb
msfconsole
2014-08-22 10:17:44 -05:00
Christopher Truncer
3918acb1e1
Changed keyword used when returning
2014-08-21 12:34:54 -04:00
Christopher Truncer
a0b72bba93
Updated module based on feedback
2014-08-21 12:26:41 -04:00
Pedro Ribeiro
da752b0134
Add exploit for CVE-2014-3996
2014-08-21 15:30:28 +01:00
Christopher Truncer
383906c26c
Removed function no longer used
2014-08-20 22:51:01 -04:00
Christopher Truncer
c93bfb4673
Fixed targeturi value
2014-08-20 21:23:45 -04:00
Christopher Truncer
7f90b81711
IP Board Login Scanner Module
2014-08-20 21:18:19 -04:00
Jon Hart
9f9f28cc31
If a peer is 127.0.0.1, don't try to store it because we (currently...) can't
2014-08-20 15:48:54 -07:00
Jon Hart
9db3dc7ad8
Store peer data note in the same format as originally
2014-08-20 15:10:45 -07:00
Jon Hart
758c3fa518
Only discard monlist replies that are impossibly short
...
This fixes the case where if a monlist reply only includes one peer
2014-08-20 15:02:21 -07:00
Jon Hart
7ad9300d37
Update ntp_monlist to use UDPScanner, NTP and DRDoS mixins
2014-08-20 14:41:00 -07:00
Jon Hart
8fd4ee87ab
Allow singular NTP version and mode 7 implementation testing
2014-08-20 12:21:39 -07:00
sinn3r
e2e2dfc6a3
Undo FF
2014-08-19 17:47:44 -05:00
sinn3r
777efb5e48
Land #3669 - Deprecate ff 17 svg exploit
2014-08-19 17:42:31 -05:00
sinn3r
c73ec66c7a
Land #3659 - Add HybridAuth install.php PHP Code Execution
2014-08-19 17:19:01 -05:00
Tom Sellers
74920d26a4
Update to server/capture/imap.rb for new Credential system
2014-08-19 15:25:31 -05:00
Tom Sellers
3fdad4dc91
Update auxillary/scanner/ftp with Credential Gem
2014-08-19 13:13:05 -05:00