sinn3r
ae8c40c8f7
Fix undefined method error
...
[FixRM #8329 ]
2013-08-21 01:10:46 -05:00
sinn3r
42a7766f1b
Fix undefined method error
...
[FixRM #8330 ]
2013-08-21 01:09:24 -05:00
sinn3r
0f85fa21b4
Fix undefined method error
...
[FixRM #8331 ]
2013-08-21 01:08:19 -05:00
sinn3r
8eeb66f96d
Fix undefined method error
...
[FixRM #8332 ]
2013-08-21 01:06:54 -05:00
sinn3r
785f633d1d
Fix undefined method error
...
[FixRM #8334 ]
[FixRM #8333 ]
2013-08-21 01:01:53 -05:00
sinn3r
0561928b92
Fix undefined method error
...
[FixRM #8336 ]
2013-08-21 00:54:08 -05:00
sinn3r
2597c71831
Fix undefined method error
...
[FixRM #8338 ]
[FixRM #8337 ]
2013-08-21 00:52:33 -05:00
sinn3r
092b43cbfa
Fix undefined method error
...
[FixRM #8339 ]
2013-08-21 00:50:37 -05:00
sinn3r
32a190f1bd
Fix undefined method error
...
[FixRM #8340 ]
2013-08-21 00:49:13 -05:00
sinn3r
217d89fa7c
Fix undefined method error
...
[FixRM #8341 ]
2013-08-21 00:47:31 -05:00
sinn3r
3a271e7cc7
Fix undefined method error
...
[FixRM #8342 ]
2013-08-21 00:45:48 -05:00
sinn3r
8806e76e4d
Fix undefined method error
...
[FixRM #8343 ]
2013-08-21 00:44:10 -05:00
sinn3r
37eaa62096
Fix undefined method error
...
[FixRM #8346 ]
2013-08-21 00:42:33 -05:00
sinn3r
9ca7a727e1
Fix undefined method error
...
[FixRM #8347 ]
2013-08-21 00:41:49 -05:00
sinn3r
5993cbe3a8
Fix undefined method error
...
[FixRM #8348 ]
2013-08-21 00:40:38 -05:00
sinn3r
9f98d4afe6
Fix undefined method error
...
[FixRM #8349 ]
2013-08-21 00:38:35 -05:00
sinn3r
35b15b6809
Fix undefined method error
...
[FixRM #8322 ]
2013-08-21 00:37:22 -05:00
sinn3r
ea78e8309d
Fix undefined method error
...
[FixRM #8350 ]
2013-08-21 00:35:36 -05:00
jvazquez-r7
fe089030d4
Land #2257 , @wchen-r7's patch for [SeeRM #8317 ]
2013-08-20 13:43:37 -05:00
jvazquez-r7
ceb0f56f42
Land #2258 , @wchen-r7's patch for [SeeRM #8318 ]
2013-08-20 13:26:34 -05:00
sinn3r
1702cf2af9
Use TARGETURI
2013-08-20 13:23:32 -05:00
jvazquez-r7
3ac59fede7
Land #2251 , @wchen-r7's patch to use OptRegexp
2013-08-20 12:55:30 -05:00
sinn3r
202b31d869
Better fix based on feedback
...
Tell daddy how you want it.
2013-08-20 12:52:04 -05:00
jvazquez-r7
546c523ed8
Land #2252 , @wchen-r7's patch for print_line vs print
2013-08-20 11:17:38 -05:00
jvazquez-r7
8adc4f05dd
Land #2250 , @wchen-r7's clean up for mssql_ping
2013-08-20 10:38:01 -05:00
jvazquez-r7
586ae8ded3
Land #2249 , @wchen-r7's patch for [SeeRM #8314 ]
2013-08-20 10:32:47 -05:00
jvazquez-r7
277fc69a19
Land #2246 , @wchen-r7's patch for [SeeRM #8313 ]
2013-08-20 10:15:15 -05:00
sinn3r
f68d581b7a
[FixRM #8319 ] - Properly disable BLANK_PASSWORDS for ektron_cms400net
...
In module ektron_cms400net.rb, datastore option "BLANK_PASSWORDS" is
set to false by default, because according to the original author, a
blank password will result in account lockouts. Since the user should
never set "BLANK_PASSWORDS" to true, this option should never be
presented as an option (when issuing the "show options").
While fixing #8319 , I also noticed another bug at line 108, where
res.code is used when res could be nil due to a timeout, so I ended
up fixing it, too.
2013-08-20 01:20:52 -05:00
jvazquez-r7
4790d8de50
Land #2256 , @wchen-r7's patch for [FixRM #8316 ]
2013-08-19 23:23:57 -05:00
sinn3r
246c2d82f9
[FixRM #8318 ] - Use normalize_uri properly
...
normalize_uri should be used when paths are being merged, not after.
2013-08-19 18:04:12 -05:00
sinn3r
3c27520e10
[FixRM #8317 ] - Fix possible double slash in file path
...
It is possible to have a double slash in the base path, shouldn't
happen.
2013-08-19 17:55:14 -05:00
sinn3r
268a3e769e
Missed this one
2013-08-19 17:45:05 -05:00
sinn3r
5366453031
[FixRM #8316 ] - Escape characters correctly
...
dots need to be escaped
2013-08-19 16:51:19 -05:00
sinn3r
7fc37231e0
Fix email format
...
Correct email format
2013-08-19 16:34:14 -05:00
sinn3r
a8ca32ab34
Oh yeah, need to do this too
2013-08-19 16:28:58 -05:00
sinn3r
154b1e8888
Remove comments
2013-08-19 16:27:35 -05:00
sinn3r
cf10a0ca91
Use print_line instead of print
...
These modules should be using print_line instead of print
2013-08-19 16:25:44 -05:00
sinn3r
8eb9266bff
Use the correct var
2013-08-19 16:19:03 -05:00
sinn3r
58d5cf6faa
Module should use OptRegexp for regex pattern option
...
Instead of using OptString, OptRegexp should be used because this
datastore option is a regex pattern.
2013-08-19 16:16:34 -05:00
sinn3r
8c03e905de
Get rid of function that's never used
...
RPORT datastore option is deregistered, and is never used anywhere
in the module, so I don't why we need this rport() function here.
2013-08-19 16:09:10 -05:00
Brandon Turner
a815d9277e
Merge pull request #2245 from todb-r7/grammar-and-such
...
Trivial grammar and word choice fixes for modules
2013-08-19 13:45:18 -07:00
sinn3r
17b5e57280
Typo
2013-08-19 15:32:19 -05:00
sinn3r
fb5ded1472
[FixRM #8314 ] - Use OptPath instead of OptString
...
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
sinn3r
2e74c50880
[SeeRM #8313 ] - Print where files are stored
...
As an user, I want to be able to see where my file is stored when the
module I'm using runs a store_loot().
2013-08-19 15:02:15 -05:00
sinn3r
d0b56e1650
Use the correct variable
2013-08-19 14:38:40 -05:00
sinn3r
d89932bfd8
Use the correct variable
2013-08-19 14:33:01 -05:00
Tod Beardsley
ca313806ae
Trivial grammar and word choice fixes for modules
2013-08-19 13:24:42 -05:00
sinn3r
4cef4e88a6
If exception hits, make sure it's closed.
2013-08-19 13:21:53 -05:00
sinn3r
11ef366818
Properly close hashlist
2013-08-19 13:14:13 -05:00
sinn3r
89d4f0180d
Make sure we close hashlist
2013-08-19 12:54:27 -05:00
sinn3r
abaec32ad6
What Luke said.
...
"You cannot, in general, place a variable declaration in a begin
scope and use it in the ensure scope unless you use nil?. It is
better to swap line 35 and line 34."
2013-08-18 23:54:04 -05:00
sinn3r
86d6bce8c4
[FixRM #8312 ] - Fix file handle leaks
...
Fix file handle leaks for [SeeRM #8312 ]
2013-08-18 20:31:13 -05:00
jvazquez-r7
c5d426fc70
Land #2235 , @wchen-r7's patch for [SeeRM #6264 ]
2013-08-17 10:05:41 -05:00
sinn3r
780293d817
Minor changes
2013-08-16 23:24:40 -05:00
sinn3r
a94c6aa72b
[FixRM 6264] Check required vulnerable component before testing
...
tomcat_enum requires the admin web app package for it to work, but
by default many Apache Tomcat don't actually have this. The module
should check that first before trying usernames.
[FixRM 6264], see:
http://dev.metasploit.com/redmine/issues/6264
I also made changes to do_login in order to verify successful/bad
attempts more specific.
2013-08-16 15:45:23 -05:00
jvazquez-r7
e50ef209b2
Land #2233 , @bperry-r7's module for nexpose
2013-08-16 14:21:22 -05:00
jvazquez-r7
f42797fc5c
Fix indentation
2013-08-16 14:19:37 -05:00
Tod Beardsley
f7339f4f77
Cleanup various style issues
...
* Unset default username and password
* Register SSL as a DefaultOption instead of redefining it
* Use the HttpClient mixin `ssl` instead of datastore.
* Unless is better than if !
* Try to store loot even if you can't cleanup the site ID.
2013-08-16 14:03:59 -05:00
jvazquez-r7
dfa1310304
Commas in the author array
2013-08-16 13:54:46 -05:00
Tod Beardsley
24b8fb0d7b
Whitespace retab, add rport 3780 as default
2013-08-16 13:31:05 -05:00
sinn3r
a86b247077
Land #2224 - Add brute force module for Cisco IronPort
2013-08-16 12:07:14 -05:00
sinn3r
bbe57dbf3a
Some cleanup, also remove TARGETURI because not registered by default
2013-08-16 12:06:24 -05:00
Tod Beardsley
e436d31d23
Use SSL by defailt
2013-08-16 11:32:10 -05:00
Tod Beardsley
60a229c71a
Use rhost and rport, not local host and port
2013-08-16 11:12:39 -05:00
Tod Beardsley
646d55b638
Description should be present tense
2013-08-16 11:06:34 -05:00
Tod Beardsley
f0237f07d6
Correct author and references
2013-08-16 11:04:51 -05:00
Brandon Perry
46d6fb3b42
Add module for xxe
2013-08-16 10:51:05 -05:00
Karn Ganeshen
e4885b2017
updated module
...
removed the csrfkey parameter from login uri.
2013-08-16 13:04:02 +05:30
HD Moore
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
Karn Ganeshen
a65181d51b
new revision - cisco_ironport_enum
...
Added code to check successful conn first, so now if there is no connectivity on target port, script aborts run.
New check to ensure 'set-cookie' is set by the app as expected, before any further fingerprinting & b-f starts.
If the app is not Ironport, 'set-cookie' will not be set & remains null, and so script aborts run.
De-registered 'TARGETURI.'
Registered 'username' and 'password' with default value.
Changed some run messages.
And lastly, changed the csrf key piece cos I miss a cold beer right now.
2013-08-15 04:06:30 +05:30
Juushya
d526663a53
Add module to brute force the Cisco IronPort application
2013-08-14 09:16:49 -07:00
jvazquez-r7
5ef1e507b8
Make msftidy happy with http_login
2013-08-05 08:41:07 -05:00
sinn3r
8be3f511a4
Fix undefined variable 'path' for http_login
2013-08-03 21:35:22 -05:00
Tod Beardsley
7e539332db
Reverting disaster merge to 593363c5f
with diff
...
There was a disaster of a merge at 6f37cf22eb
that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).
What this commit does is simulate a hard reset, by doing thing:
git checkout -b reset-hard-ohmu
git reset --hard 593363c5f9
git checkout upstream-master
git checkout -b revert-via-diff
git diff --no-prefix upstream-master..reset-hard-ohmy > patch
patch -p0 < patch
Since there was one binary change, also did this:
git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf
Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7
a70b346978
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 16:43:39 -05:00
William Vu
95b0735695
Land #2150 , smb_enumshares SRVSVC null byte fix
2013-07-24 14:08:01 -05:00
Rich Lundeen
9d032760ac
changed description back
2013-07-24 11:51:06 -07:00
Rich Lundeen
e89e2af9dc
changed to chomp
2013-07-24 11:09:00 -07:00
jvazquez-r7
47c21dfe85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 11:42:11 -05:00
Rich Lundeen
3854d08dd9
Fixed smb_enumshares to support dir list in SRVSVC
2013-07-23 21:36:26 -07:00
Tod Beardsley
147d432b1d
Move from DLink to D-Link
2013-07-23 14:11:16 -05:00
jvazquez-r7
4367a9ae49
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 15:09:35 -05:00
jvazquez-r7
70900cfe5e
Final cleanup for foreman_openstack_satellite_priv_esc
2013-07-22 14:59:23 -05:00
jvazquez-r7
6346f80ff0
Land #2143 , @rcvalle's module for CVE-2013-2113
2013-07-22 14:58:07 -05:00
jvazquez-r7
99a345f8d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 13:54:26 -05:00
Ramon de C Valle
b6c9fd4723
Add foreman_openstack_satellite_priv_esc.rb
...
This module exploits a mass assignment vulnerability in the 'create'
action of 'users' controller of Foreman and Red Hat OpenStack/Satellite
(Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator
account.
2013-07-22 15:24:25 -03:00
Tod Beardsley
164153f1e6
Minor updates to titles and descriptions
2013-07-22 13:04:54 -05:00
jvazquez-r7
52079c960f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 12:52:42 -05:00
Tod Beardsley
3ac2ae6098
Disambiguate the module title from existing psexec
2013-07-17 17:11:56 -05:00
jvazquez-r7
e2f6218104
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-12 08:38:08 -05:00
sinn3r
279787d942
Make this error less verbose too
2013-07-11 17:36:11 -05:00
sinn3r
0906345af4
Ah, typo
2013-07-11 16:53:39 -05:00
sinn3r
eb1905025d
I bet having ip:rport will make more sense
2013-07-11 16:45:52 -05:00
sinn3r
0a9c1bcfff
Too verbose by default drives users nuts, go easy on that.
2013-07-11 13:41:22 -05:00
sinn3r
55dbfc9281
shares_info should only run if there's shares found
2013-07-11 13:36:26 -05:00
sinn3r
14b3e6440c
Check nil
2013-07-11 13:31:30 -05:00
sinn3r
ca0880428f
Make sure module is awre of USE_SRVSVC_ONLY if that kicks in
2013-07-11 11:08:09 -05:00
sinn3r
a6ce629c3c
Capture a 0xC00000BB condition, plus some other fixes
2013-07-11 10:52:58 -05:00
sinn3r
3e229fe236
[SeeRM:#1233] - Upgrade smb_enumshares to show directories & files
...
[SeeRM:#1233] - This is an upgrade based on ringt's code in PR #2017 .
As a pentester, it's useful to obtain additional information such as
device type, access rights, folders, and files, etc when doing a share
enumeration. I have also enhanced exception handling to avoid shutting
errors up, which is better for debugging purposes.
2013-07-11 00:06:25 -05:00
jvazquez-r7
b8ce98b896
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-10 14:04:46 -05:00
Tod Beardsley
8ade33552c
Land #2085 , use the new network_interface gem.
2013-07-10 13:15:01 -05:00
sinn3r
4a3dc2e365
Print all the creds! All your base belong to me.
...
After a short discussion with Tod, we think it's best to print the
creds by default. If some dude runs Metasploit in a public place,
dumps passwords, and gets shoulder surfed, well, sucks for them :-p
2013-07-09 19:56:44 -05:00
jvazquez-r7
c343a59e1b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-09 17:48:27 -05:00
sinn3r
d3433a017b
Print hash too
2013-07-09 16:39:24 -05:00
jvazquez-r7
234624793c
Add module for CVE-2013-1814
2013-07-09 14:03:35 -05:00
lsanchez-r7
5c93fb2849
arp_sweep is once again working
...
modified the capture mixin to use NetworkInteface instead of
pcaprub for interfaces and addresses
FIXRM #8023,#7943
2013-07-08 17:24:28 -05:00
jvazquez-r7
6e44cb56bf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-03 12:44:47 -05:00
jvazquez-r7
6cb53583b7
Make msftidy happy
2013-07-03 12:42:37 -05:00
jvazquez-r7
61c85b10d3
Add final cleanup for #2012
2013-07-03 12:41:12 -05:00
jvazquez-r7
4a076e0351
Land #2012 , @morisson improve for sap_router_portscanner
2013-07-03 12:39:59 -05:00
sinn3r
7ef5695867
[FixRM:#8129] - Remove invalid metasploit.com references
...
These "metasploit.com" references aren't related to the vulns,
shouldn't be in them.
2013-07-03 11:52:10 -05:00
jvazquez-r7
4ac5261802
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-02 11:20:26 -05:00
jvazquez-r7
76a9abfd4e
Fix last print_ message format
2013-07-02 11:17:16 -05:00
jvazquez-r7
e9441f540e
Land #2048 , @todb-r7 fix for print_* messages on the ipmi work
2013-07-02 11:16:11 -05:00
jvazquez-r7
2ceb404f7d
Land #2047 , @hmoore-r7 ipmi related work
2013-07-02 11:13:25 -05:00
Tod Beardsley
2fbea86884
IPMI scanners should mention IPMI in their messages
2013-07-02 10:44:42 -05:00
Tod Beardsley
d668a20820
Use rport instead of datastore['RPORT']
2013-07-02 10:29:25 -05:00
Tod Beardsley
1d87530e67
Add some verbosity on IPMI version scanning
2013-07-02 10:25:40 -05:00
jvazquez-r7
72f19181d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-01 16:38:19 -05:00
Tod Beardsley
bc24f99f8d
Various description and title updates
2013-07-01 15:37:37 -05:00
HD Moore
62b62f4e9d
Fix bad hash detection
2013-06-30 15:57:47 -05:00
HD Moore
cca071ff55
Rework to reduce open fds, remove bugs, handle null user
2013-06-30 15:32:33 -05:00
HD Moore
6b3178a67b
Fix EOL spaces
2013-06-30 14:38:30 -05:00
HD Moore
ad4f15daed
Switch to UDPScanner mixin, trim this down, add reporting
2013-06-30 14:36:51 -05:00
HD Moore
8e4dd29a4c
Add cipher zero scanner
2013-06-30 02:35:37 -05:00
HD Moore
1e21f0e2aa
Updated output formats, top 1000 passwords
2013-06-29 22:01:25 -05:00
jvazquez-r7
90b30dc317
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-26 14:31:52 -05:00
sinn3r
88a42aeffe
Land #2021 - Add SMTP open relay detection
2013-06-25 22:14:30 -05:00
sinn3r
7009748cf5
Fix module
2013-06-25 22:09:45 -05:00
jvazquez-r7
7ab4d4dcc4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 17:34:29 -05:00
Bruno Morisson
2da278f151
fixed indent
2013-06-25 23:08:58 +01:00
sinn3r
7ba54e2ece
IIS requires a hello first
2013-06-25 15:43:58 -05:00
jvazquez-r7
5c265c99d2
Clean jboss_seam_exec @cmaruti's collab
2013-06-25 14:09:30 -05:00
jvazquez-r7
45a3e004c6
Land #1993 , @cmaruti changes for jboss_seam_exec
2013-06-25 14:07:10 -05:00
zyx2k
c829a7ec86
SMTP Open Relay scanner
2013-06-25 16:22:51 +01:00
HD Moore
be20a76be1
Remove 'Hash' string from the written output
2013-06-24 15:45:09 -05:00
HD Moore
1801a5a270
Better HP iLO compatibility (retry on session ID error)
2013-06-24 14:23:53 -05:00
RageLtMan
593a99d76e
ipmi version scanner: fix probe method name
2013-06-24 01:38:17 -04:00
Bruno Morisson
7ab8485acc
output as table, added info on ports, added comment with default ports. msftidy cleanup.
2013-06-23 23:59:31 +01:00
Bruno Morisson
3cfcdfca9e
output as table, added info on ports, added comment with default ports
2013-06-23 23:52:48 +01:00
Bruno Morisson
9f5eceec10
minor cleanups
2013-06-23 17:55:38 +01:00
HD Moore
c869112407
Cleanup, reporting, and automatic cracking
2013-06-23 01:35:31 -05:00
HD Moore
5656e0cb7a
Initial commit of IPMI library, scanner, & cracker
2013-06-22 23:38:28 -05:00
Bruno Morisson
e969cbb0bb
added INSTANCES option, and support for it on PORTS
2013-06-22 23:09:59 +01:00
jvazquez-r7
2150d9efb0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-22 12:06:18 -05:00
sinn3r
64cfda8dad
Final
2013-06-20 13:28:12 -05:00
sinn3r
bfb78e001a
Add HP System Management Homepage Login Utility
2013-06-20 12:54:03 -05:00
Cristiano Maruti
f78b4d8874
modified according to jvazquez-r7 feedback
2013-06-20 16:29:42 +02:00
Cristiano Maruti
4846a680db
modified according to jvazquez-r7 feedback
2013-06-20 16:19:43 +02:00
Cristiano Maruti
8e64bf3d16
modified according to jvazquez-r7 feedback
2013-06-20 16:15:28 +02:00