Commit Graph

3622 Commits (5c365337424575e3f3fdb93339da6179d28472d5)

Author SHA1 Message Date
sinn3r ae8c40c8f7 Fix undefined method error
[FixRM #8329]
2013-08-21 01:10:46 -05:00
sinn3r 42a7766f1b Fix undefined method error
[FixRM #8330]
2013-08-21 01:09:24 -05:00
sinn3r 0f85fa21b4 Fix undefined method error
[FixRM #8331]
2013-08-21 01:08:19 -05:00
sinn3r 8eeb66f96d Fix undefined method error
[FixRM #8332]
2013-08-21 01:06:54 -05:00
sinn3r 785f633d1d Fix undefined method error
[FixRM #8334]
[FixRM #8333]
2013-08-21 01:01:53 -05:00
sinn3r 0561928b92 Fix undefined method error
[FixRM #8336]
2013-08-21 00:54:08 -05:00
sinn3r 2597c71831 Fix undefined method error
[FixRM #8338]
[FixRM #8337]
2013-08-21 00:52:33 -05:00
sinn3r 092b43cbfa Fix undefined method error
[FixRM #8339]
2013-08-21 00:50:37 -05:00
sinn3r 32a190f1bd Fix undefined method error
[FixRM #8340]
2013-08-21 00:49:13 -05:00
sinn3r 217d89fa7c Fix undefined method error
[FixRM #8341]
2013-08-21 00:47:31 -05:00
sinn3r 3a271e7cc7 Fix undefined method error
[FixRM #8342]
2013-08-21 00:45:48 -05:00
sinn3r 8806e76e4d Fix undefined method error
[FixRM #8343]
2013-08-21 00:44:10 -05:00
sinn3r 37eaa62096 Fix undefined method error
[FixRM #8346]
2013-08-21 00:42:33 -05:00
sinn3r 9ca7a727e1 Fix undefined method error
[FixRM #8347]
2013-08-21 00:41:49 -05:00
sinn3r 5993cbe3a8 Fix undefined method error
[FixRM #8348]
2013-08-21 00:40:38 -05:00
sinn3r 9f98d4afe6 Fix undefined method error
[FixRM #8349]
2013-08-21 00:38:35 -05:00
sinn3r 35b15b6809 Fix undefined method error
[FixRM #8322]
2013-08-21 00:37:22 -05:00
sinn3r ea78e8309d Fix undefined method error
[FixRM #8350]
2013-08-21 00:35:36 -05:00
jvazquez-r7 fe089030d4 Land #2257, @wchen-r7's patch for [SeeRM #8317] 2013-08-20 13:43:37 -05:00
jvazquez-r7 ceb0f56f42 Land #2258, @wchen-r7's patch for [SeeRM #8318] 2013-08-20 13:26:34 -05:00
sinn3r 1702cf2af9 Use TARGETURI 2013-08-20 13:23:32 -05:00
jvazquez-r7 3ac59fede7 Land #2251, @wchen-r7's patch to use OptRegexp 2013-08-20 12:55:30 -05:00
sinn3r 202b31d869 Better fix based on feedback
Tell daddy how you want it.
2013-08-20 12:52:04 -05:00
jvazquez-r7 546c523ed8 Land #2252, @wchen-r7's patch for print_line vs print 2013-08-20 11:17:38 -05:00
jvazquez-r7 8adc4f05dd Land #2250, @wchen-r7's clean up for mssql_ping 2013-08-20 10:38:01 -05:00
jvazquez-r7 586ae8ded3 Land #2249, @wchen-r7's patch for [SeeRM #8314] 2013-08-20 10:32:47 -05:00
jvazquez-r7 277fc69a19 Land #2246, @wchen-r7's patch for [SeeRM #8313] 2013-08-20 10:15:15 -05:00
sinn3r f68d581b7a [FixRM #8319] - Properly disable BLANK_PASSWORDS for ektron_cms400net
In module ektron_cms400net.rb, datastore option "BLANK_PASSWORDS" is
set to false by default, because according to the original author, a
blank password will result in account lockouts. Since the user should
never set "BLANK_PASSWORDS" to true, this option should never be
presented as an option (when issuing the "show options").

While fixing #8319, I also noticed another bug at line 108, where
res.code is used when res could be nil due to a timeout, so I ended
up fixing it, too.
2013-08-20 01:20:52 -05:00
jvazquez-r7 4790d8de50 Land #2256, @wchen-r7's patch for [FixRM #8316] 2013-08-19 23:23:57 -05:00
sinn3r 246c2d82f9 [FixRM #8318] - Use normalize_uri properly
normalize_uri should be used when paths are being merged, not after.
2013-08-19 18:04:12 -05:00
sinn3r 3c27520e10 [FixRM #8317] - Fix possible double slash in file path
It is possible to have a double slash in the base path, shouldn't
happen.
2013-08-19 17:55:14 -05:00
sinn3r 268a3e769e Missed this one 2013-08-19 17:45:05 -05:00
sinn3r 5366453031 [FixRM #8316] - Escape characters correctly
dots need to be escaped
2013-08-19 16:51:19 -05:00
sinn3r 7fc37231e0 Fix email format
Correct email format
2013-08-19 16:34:14 -05:00
sinn3r a8ca32ab34 Oh yeah, need to do this too 2013-08-19 16:28:58 -05:00
sinn3r 154b1e8888 Remove comments 2013-08-19 16:27:35 -05:00
sinn3r cf10a0ca91 Use print_line instead of print
These modules should be using print_line instead of print
2013-08-19 16:25:44 -05:00
sinn3r 8eb9266bff Use the correct var 2013-08-19 16:19:03 -05:00
sinn3r 58d5cf6faa Module should use OptRegexp for regex pattern option
Instead of using OptString, OptRegexp should be used because this
datastore option is a regex pattern.
2013-08-19 16:16:34 -05:00
sinn3r 8c03e905de Get rid of function that's never used
RPORT datastore option is deregistered, and is never used anywhere
in the module, so I don't why we need this rport() function here.
2013-08-19 16:09:10 -05:00
Brandon Turner a815d9277e Merge pull request #2245 from todb-r7/grammar-and-such
Trivial grammar and word choice fixes for modules
2013-08-19 13:45:18 -07:00
sinn3r 17b5e57280 Typo 2013-08-19 15:32:19 -05:00
sinn3r fb5ded1472 [FixRM #8314] - Use OptPath instead of OptString
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
sinn3r 2e74c50880 [SeeRM #8313] - Print where files are stored
As an user, I want to be able to see where my file is stored when the
module I'm using runs a store_loot().
2013-08-19 15:02:15 -05:00
sinn3r d0b56e1650 Use the correct variable 2013-08-19 14:38:40 -05:00
sinn3r d89932bfd8 Use the correct variable 2013-08-19 14:33:01 -05:00
Tod Beardsley ca313806ae Trivial grammar and word choice fixes for modules 2013-08-19 13:24:42 -05:00
sinn3r 4cef4e88a6 If exception hits, make sure it's closed. 2013-08-19 13:21:53 -05:00
sinn3r 11ef366818 Properly close hashlist 2013-08-19 13:14:13 -05:00
sinn3r 89d4f0180d Make sure we close hashlist 2013-08-19 12:54:27 -05:00
sinn3r abaec32ad6 What Luke said.
"You cannot, in general, place a variable declaration in a begin
scope and use it in the ensure scope unless you use nil?. It is
better to swap line 35 and line 34."
2013-08-18 23:54:04 -05:00
sinn3r 86d6bce8c4 [FixRM #8312] - Fix file handle leaks
Fix file handle leaks for [SeeRM #8312]
2013-08-18 20:31:13 -05:00
jvazquez-r7 c5d426fc70 Land #2235, @wchen-r7's patch for [SeeRM #6264] 2013-08-17 10:05:41 -05:00
sinn3r 780293d817 Minor changes 2013-08-16 23:24:40 -05:00
sinn3r a94c6aa72b [FixRM 6264] Check required vulnerable component before testing
tomcat_enum requires the admin web app package for it to work, but
by default many Apache Tomcat don't actually have this. The module
should check that first before trying usernames.

[FixRM 6264], see:
http://dev.metasploit.com/redmine/issues/6264

I also made changes to do_login in order to verify successful/bad
attempts more specific.
2013-08-16 15:45:23 -05:00
jvazquez-r7 e50ef209b2 Land #2233, @bperry-r7's module for nexpose 2013-08-16 14:21:22 -05:00
jvazquez-r7 f42797fc5c Fix indentation 2013-08-16 14:19:37 -05:00
Tod Beardsley f7339f4f77 Cleanup various style issues
* Unset default username and password
  * Register SSL as a DefaultOption instead of redefining it
  * Use the HttpClient mixin `ssl` instead of datastore.
  * Unless is better than if !
  * Try to store loot even if you can't cleanup the site ID.
2013-08-16 14:03:59 -05:00
jvazquez-r7 dfa1310304 Commas in the author array 2013-08-16 13:54:46 -05:00
Tod Beardsley 24b8fb0d7b Whitespace retab, add rport 3780 as default 2013-08-16 13:31:05 -05:00
sinn3r a86b247077 Land #2224 - Add brute force module for Cisco IronPort 2013-08-16 12:07:14 -05:00
sinn3r bbe57dbf3a Some cleanup, also remove TARGETURI because not registered by default 2013-08-16 12:06:24 -05:00
Tod Beardsley e436d31d23 Use SSL by defailt 2013-08-16 11:32:10 -05:00
Tod Beardsley 60a229c71a Use rhost and rport, not local host and port 2013-08-16 11:12:39 -05:00
Tod Beardsley 646d55b638 Description should be present tense 2013-08-16 11:06:34 -05:00
Tod Beardsley f0237f07d6 Correct author and references 2013-08-16 11:04:51 -05:00
Brandon Perry 46d6fb3b42 Add module for xxe 2013-08-16 10:51:05 -05:00
Karn Ganeshen e4885b2017 updated module
removed the csrfkey parameter from login uri.
2013-08-16 13:04:02 +05:30
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
Karn Ganeshen a65181d51b new revision - cisco_ironport_enum
Added code to check successful conn first, so now if there is no connectivity on target port, script aborts run.
New check to ensure 'set-cookie' is set by the app as expected, before any further fingerprinting & b-f starts.
If the app is not Ironport, 'set-cookie' will not be set & remains null, and so script aborts run.
De-registered 'TARGETURI.'
Registered 'username' and 'password' with default value.
Changed some run messages.
And lastly, changed the csrf key piece cos I miss a cold beer right now.
2013-08-15 04:06:30 +05:30
Juushya d526663a53 Add module to brute force the Cisco IronPort application 2013-08-14 09:16:49 -07:00
jvazquez-r7 5ef1e507b8 Make msftidy happy with http_login 2013-08-05 08:41:07 -05:00
sinn3r 8be3f511a4 Fix undefined variable 'path' for http_login 2013-08-03 21:35:22 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7 a70b346978 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 16:43:39 -05:00
William Vu 95b0735695 Land #2150, smb_enumshares SRVSVC null byte fix 2013-07-24 14:08:01 -05:00
Rich Lundeen 9d032760ac changed description back 2013-07-24 11:51:06 -07:00
Rich Lundeen e89e2af9dc changed to chomp 2013-07-24 11:09:00 -07:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Rich Lundeen 3854d08dd9 Fixed smb_enumshares to support dir list in SRVSVC 2013-07-23 21:36:26 -07:00
Tod Beardsley 147d432b1d Move from DLink to D-Link 2013-07-23 14:11:16 -05:00
jvazquez-r7 4367a9ae49 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 15:09:35 -05:00
jvazquez-r7 70900cfe5e Final cleanup for foreman_openstack_satellite_priv_esc 2013-07-22 14:59:23 -05:00
jvazquez-r7 6346f80ff0 Land #2143, @rcvalle's module for CVE-2013-2113 2013-07-22 14:58:07 -05:00
jvazquez-r7 99a345f8d1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 13:54:26 -05:00
Ramon de C Valle b6c9fd4723 Add foreman_openstack_satellite_priv_esc.rb
This module exploits a mass assignment vulnerability in the 'create'
action of 'users' controller of Foreman and Red Hat OpenStack/Satellite
(Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator
account.
2013-07-22 15:24:25 -03:00
Tod Beardsley 164153f1e6 Minor updates to titles and descriptions 2013-07-22 13:04:54 -05:00
jvazquez-r7 52079c960f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 12:52:42 -05:00
Tod Beardsley 3ac2ae6098 Disambiguate the module title from existing psexec 2013-07-17 17:11:56 -05:00
jvazquez-r7 e2f6218104 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-12 08:38:08 -05:00
sinn3r 279787d942 Make this error less verbose too 2013-07-11 17:36:11 -05:00
sinn3r 0906345af4 Ah, typo 2013-07-11 16:53:39 -05:00
sinn3r eb1905025d I bet having ip:rport will make more sense 2013-07-11 16:45:52 -05:00
sinn3r 0a9c1bcfff Too verbose by default drives users nuts, go easy on that. 2013-07-11 13:41:22 -05:00
sinn3r 55dbfc9281 shares_info should only run if there's shares found 2013-07-11 13:36:26 -05:00
sinn3r 14b3e6440c Check nil 2013-07-11 13:31:30 -05:00
sinn3r ca0880428f Make sure module is awre of USE_SRVSVC_ONLY if that kicks in 2013-07-11 11:08:09 -05:00
sinn3r a6ce629c3c Capture a 0xC00000BB condition, plus some other fixes 2013-07-11 10:52:58 -05:00
sinn3r 3e229fe236 [SeeRM:#1233] - Upgrade smb_enumshares to show directories & files
[SeeRM:#1233] - This is an upgrade based on ringt's code in PR #2017.
As a pentester, it's useful to obtain additional information such as
device type, access rights, folders, and files, etc when doing a share
enumeration.  I have also enhanced exception handling to avoid shutting
errors up, which is better for debugging purposes.
2013-07-11 00:06:25 -05:00
jvazquez-r7 b8ce98b896 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-10 14:04:46 -05:00
Tod Beardsley 8ade33552c Land #2085, use the new network_interface gem. 2013-07-10 13:15:01 -05:00
sinn3r 4a3dc2e365 Print all the creds! All your base belong to me.
After a short discussion with Tod, we think it's best to print the
creds by default.  If some dude runs Metasploit in a public place,
dumps passwords, and gets shoulder surfed, well, sucks for them :-p
2013-07-09 19:56:44 -05:00
jvazquez-r7 c343a59e1b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-09 17:48:27 -05:00
sinn3r d3433a017b Print hash too 2013-07-09 16:39:24 -05:00
jvazquez-r7 234624793c Add module for CVE-2013-1814 2013-07-09 14:03:35 -05:00
lsanchez-r7 5c93fb2849 arp_sweep is once again working
modified the capture mixin to use NetworkInteface instead of
pcaprub for interfaces and addresses

FIXRM #8023,#7943
2013-07-08 17:24:28 -05:00
jvazquez-r7 6e44cb56bf Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-03 12:44:47 -05:00
jvazquez-r7 6cb53583b7 Make msftidy happy 2013-07-03 12:42:37 -05:00
jvazquez-r7 61c85b10d3 Add final cleanup for #2012 2013-07-03 12:41:12 -05:00
jvazquez-r7 4a076e0351 Land #2012, @morisson improve for sap_router_portscanner 2013-07-03 12:39:59 -05:00
sinn3r 7ef5695867 [FixRM:#8129] - Remove invalid metasploit.com references
These "metasploit.com" references aren't related to the vulns,
shouldn't be in them.
2013-07-03 11:52:10 -05:00
jvazquez-r7 4ac5261802 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-02 11:20:26 -05:00
jvazquez-r7 76a9abfd4e Fix last print_ message format 2013-07-02 11:17:16 -05:00
jvazquez-r7 e9441f540e Land #2048, @todb-r7 fix for print_* messages on the ipmi work 2013-07-02 11:16:11 -05:00
jvazquez-r7 2ceb404f7d Land #2047, @hmoore-r7 ipmi related work 2013-07-02 11:13:25 -05:00
Tod Beardsley 2fbea86884 IPMI scanners should mention IPMI in their messages 2013-07-02 10:44:42 -05:00
Tod Beardsley d668a20820 Use rport instead of datastore['RPORT'] 2013-07-02 10:29:25 -05:00
Tod Beardsley 1d87530e67 Add some verbosity on IPMI version scanning 2013-07-02 10:25:40 -05:00
jvazquez-r7 72f19181d1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-01 16:38:19 -05:00
Tod Beardsley bc24f99f8d Various description and title updates 2013-07-01 15:37:37 -05:00
HD Moore 62b62f4e9d Fix bad hash detection 2013-06-30 15:57:47 -05:00
HD Moore cca071ff55 Rework to reduce open fds, remove bugs, handle null user 2013-06-30 15:32:33 -05:00
HD Moore 6b3178a67b Fix EOL spaces 2013-06-30 14:38:30 -05:00
HD Moore ad4f15daed Switch to UDPScanner mixin, trim this down, add reporting 2013-06-30 14:36:51 -05:00
HD Moore 8e4dd29a4c Add cipher zero scanner 2013-06-30 02:35:37 -05:00
HD Moore 1e21f0e2aa Updated output formats, top 1000 passwords 2013-06-29 22:01:25 -05:00
jvazquez-r7 90b30dc317 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-26 14:31:52 -05:00
sinn3r 88a42aeffe Land #2021 - Add SMTP open relay detection 2013-06-25 22:14:30 -05:00
sinn3r 7009748cf5 Fix module 2013-06-25 22:09:45 -05:00
jvazquez-r7 7ab4d4dcc4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 17:34:29 -05:00
Bruno Morisson 2da278f151 fixed indent 2013-06-25 23:08:58 +01:00
sinn3r 7ba54e2ece IIS requires a hello first 2013-06-25 15:43:58 -05:00
jvazquez-r7 5c265c99d2 Clean jboss_seam_exec @cmaruti's collab 2013-06-25 14:09:30 -05:00
jvazquez-r7 45a3e004c6 Land #1993, @cmaruti changes for jboss_seam_exec 2013-06-25 14:07:10 -05:00
zyx2k c829a7ec86 SMTP Open Relay scanner 2013-06-25 16:22:51 +01:00
HD Moore be20a76be1 Remove 'Hash' string from the written output 2013-06-24 15:45:09 -05:00
HD Moore 1801a5a270 Better HP iLO compatibility (retry on session ID error) 2013-06-24 14:23:53 -05:00
RageLtMan 593a99d76e ipmi version scanner: fix probe method name 2013-06-24 01:38:17 -04:00
Bruno Morisson 7ab8485acc output as table, added info on ports, added comment with default ports. msftidy cleanup. 2013-06-23 23:59:31 +01:00
Bruno Morisson 3cfcdfca9e output as table, added info on ports, added comment with default ports 2013-06-23 23:52:48 +01:00
Bruno Morisson 9f5eceec10 minor cleanups 2013-06-23 17:55:38 +01:00
HD Moore c869112407 Cleanup, reporting, and automatic cracking 2013-06-23 01:35:31 -05:00
HD Moore 5656e0cb7a Initial commit of IPMI library, scanner, & cracker 2013-06-22 23:38:28 -05:00
Bruno Morisson e969cbb0bb added INSTANCES option, and support for it on PORTS 2013-06-22 23:09:59 +01:00
jvazquez-r7 2150d9efb0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-22 12:06:18 -05:00
sinn3r 64cfda8dad Final 2013-06-20 13:28:12 -05:00
sinn3r bfb78e001a Add HP System Management Homepage Login Utility 2013-06-20 12:54:03 -05:00
Cristiano Maruti f78b4d8874 modified according to jvazquez-r7 feedback 2013-06-20 16:29:42 +02:00
Cristiano Maruti 4846a680db modified according to jvazquez-r7 feedback 2013-06-20 16:19:43 +02:00
Cristiano Maruti 8e64bf3d16 modified according to jvazquez-r7 feedback 2013-06-20 16:15:28 +02:00