495c649c7d
Better printing
2017-12-20 14:40:42 -08:00
ed5f177fcd
syntax
2017-12-20 14:20:08 -08:00
e66ec85677
Set default u/p
2017-12-20 14:18:33 -08:00
8cd7185a7f
Land #9313 , Add DirectAdmin login_scanner module
2017-12-20 15:23:24 -06:00
7f8a5d3834
improved credential reporting
2017-12-20 15:09:11 -06:00
14c779b945
Fix rubocop warning
2017-12-20 12:44:27 -08:00
c817df0bbc
Add module for bruteforcing authentication on MQTT endpoints
2017-12-20 12:30:21 -08:00
7e91274796
Add module for connecting to/discovering MQTT endpoints
2017-12-20 12:29:50 -08:00
a8b845fff9
Land #9283 , Add node.js ws websocket library DoS module
2017-12-20 14:20:42 -06:00
9fb445fbf0
Land #9300 , Add private data type to auxiliary scanner ftp_login and telnet_login
2017-12-20 00:30:43 -06:00
216d00e39f
Use a random fname destination for /etc/passwd
2017-12-19 17:02:16 -06:00
e93282b71d
Drop calls to vprint_*
2017-12-19 16:53:02 -06:00
2dc2ac134e
Don't default verbose
2017-12-19 16:48:41 -06:00
a2c5cc0ffb
Remove old deprecated modules
2017-12-19 07:56:16 -08:00
acc6951bf3
fixed typo
2017-12-19 08:35:11 -05:00
f0df1750de
Land #9180
...
Land @RootUp's Samsung browser SOP module
2017-12-18 17:28:03 -06:00
85350a9645
Add Rapid7 blog references
2017-12-18 17:11:47 -06:00
ae4edd65e1
Hard wrap descriptions
2017-12-18 17:03:13 -06:00
27a324237b
Initial commit for Cambium issues from @juushya
...
Note, these will trigger a bunch of WARNING msftidy messages for setting
cookies directly. This is on purpose.
2017-12-18 16:32:55 -06:00
a33ed82a40
Land #9214 , @realoriginal's update to the Cisco SMI scanner to also fetch Cisco IOS configs
2017-12-18 12:22:26 -08:00
6d565b6c33
added author information
2017-12-18 09:18:36 -05:00
f447fa1a12
Added DirectAdmin Login Utillity
2017-12-17 22:43:37 -05:00
917dd8e846
Update samsung_browser_sop_bypass.rb
2017-12-16 22:10:02 +05:30
8f91377acb
Update samsung_browser_sop_bypass.rb
2017-12-16 22:09:21 +05:30
3b3b0e6e96
And this is why I hate using single quotes
...
Also, restored the store_cred call.
This will fix up RootUp/metasploit-framework#3 for PR #9180
2017-12-14 14:28:25 -06:00
0b3a5567a4
Add module for CVE-2017-13872 iamroot remote exploit via ARD (VNC)
2017-12-14 13:59:35 -06:00
384b250659
Add credential data type
...
Added credential data type so that successful passwords are stored in the database and accessible via the creds command.
2017-12-14 08:07:59 -06:00
be4939b56a
Add credential data type
...
Added credential data type so a successful ftp login stores the password in the database to be accessed later by the creds command.
2017-12-14 08:05:57 -06:00
3cd287ddd6
Update the MS17-010 scanner to use dcerpc_getarch
2017-12-14 02:08:30 -06:00
d7ad443be1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into upstream-master
2017-12-13 19:33:05 -05:00
c0a534140d
Land #9284 a regex dos for ua_parser_js npm module
2017-12-13 19:31:49 -05:00
deacebc46b
Land #9264 , Add private type when storing SSH password
...
Land #9264
2017-12-13 18:24:31 -06:00
5226181d6d
Better conditionals from @bcoles
2017-12-13 16:48:05 -06:00
966060d470
Nits picked by @bcoles: commas, quotes, and <head>
2017-12-13 16:38:17 -06:00
dd5532c5de
Addressing Formatting Issues
...
There were several formatting and layout issues
that are fixed in this commit. Also changing
`RHOSTS` to `RHOST`.
2017-12-13 14:26:27 -06:00
622050ddfc
Oops, leftover comment
2017-12-12 14:48:00 -06:00
efa46efb48
Actually save creds, or fail through sanely
...
This incidentally also allows for a custom collector to be implemented
by the user -- for example, if they'd rather pick up a session ID or
inject a browser hook or something along those lines. It's a little
clunky, using the advanced option of CUSTOM_JS, but it seems to work
fine.
2017-12-12 14:06:18 -06:00
5f70199218
Update samsung_browser_sop_bypass.rb
2017-12-12 15:52:55 +05:30
2d23054a1f
Changes as per comments
...
A few things were changed as per the PR comments:
1) The module title was reworded
2) The module description was multi-lined
3) Negative logic was rewritten to use 'unless'
4) Strings which did not require interpolation were rewritten
5) Documentation markdown was added.
2017-12-11 14:11:40 -06:00
ba174f3f92
updates per @bigendiansmalls fork
2017-12-11 14:40:09 -05:00
3c916c303d
bcoles comments from #7334
2017-12-11 14:22:44 -05:00
c5f218c84c
Addressing comments
...
1. Updated documentation
2. Made the Sec-WebSocket-Key header a random value
2017-12-11 11:49:31 -05:00
cba5c7cb0f
Rename to actually call out the browser name
2017-12-08 13:53:13 -06:00
0a9dcafb77
Actually collect the creds, sort of
...
Instead of an alert() (which the attacker won't see), this collects the
offered credentials in a POST action, and displays them in the console.
This should further store the creds somewhere handy, but this is good
enough for now for testing from @RootUp
2017-12-08 13:51:02 -06:00
aee883a706
Fixed up description to be descriptive
2017-12-08 12:24:58 -06:00
306c5d20d9
Adding ua_parser_js ReDoS Module
...
"ua-parser-js" is an npm module for parsing browser
user-agent strings. Vulnerable version of this module
have a problematic regular expression that can be exploited
to cause the entire application processing thread to "pause"
as it tries to apply the regular expression to the input.
This is problematic for single-threaded application environments
such as nodejs. The end result is a denial of service
condition for vulnerable applications, where no further
requests can be processed.
2017-12-07 10:25:29 -06:00
c992837f0d
Adding ws DoS module
...
This module verifies if ws is vulnerable
to DoS by sending a request to the server
containing a specific header value.
ws is a npm module which handles websockets.
2017-12-07 10:45:57 -05:00
b24f70c7c6
Update ssh_login.rb
...
Added credential data type so password is stored in creds.
2017-11-30 11:02:06 -06:00
283b7c5145
Add WS-Discovery Information Discovery module
2017-11-29 12:21:22 +00:00
778e69f929
Land #9229 , Randomize slowloris HTTP headers
2017-11-22 14:42:24 -06:00
ae43883e2b
Fix mongodb_login typo
2017-11-22 08:03:12 -05:00
99555dde02
sleep! per feedback
2017-11-21 21:33:29 -05:00
5484ee840e
Correct port when eating cisco config
2017-11-21 18:09:51 -08:00
bdc822c67d
Improve logging when requesting config
2017-11-21 18:09:02 -08:00
5a358db260
Clean up shutdown messaging
2017-11-21 17:55:17 -08:00
93c424c255
Remove unused
2017-11-21 17:54:31 -08:00
b0d8b0a191
Clean up incoming file handling
2017-11-21 17:54:02 -08:00
785e5944d6
Enhanced slowloris HTTP headers and minor cleanup
2017-11-21 18:19:20 -05:00
b6c81e6da0
Reimplement slowloris as external module
2017-11-21 16:21:01 -05:00
db2bd22d86
Update slow_loris.rb
2017-11-21 15:49:45 -05:00
e07fe77a69
Close sockets to resolve file handle error
2017-11-21 15:49:45 -05:00
52f56527d8
Update slow_loris.rb
2017-11-21 15:49:45 -05:00
74becb69e8
Update slow_loris.rb
2017-11-21 15:49:45 -05:00
b7bc68c843
Update slow_loris.rb
2017-11-21 15:49:44 -05:00
53123d92e2
Update slow_loris.rb
2017-11-21 15:49:44 -05:00
21a6d0bd6e
Update slow_loris.rb
2017-11-21 15:49:44 -05:00
60878215e0
Update slow_loris.rb
2017-11-21 15:49:43 -05:00
9457359b11
Update slow_loris.rb
2017-11-21 15:49:43 -05:00
29017b8926
Update slow_loris.rb
2017-11-21 15:49:43 -05:00
f79b41edde
Slow Loris
2017-11-21 15:48:11 -05:00
cfd06ab24a
what was i thinking?
2017-11-20 16:08:48 -05:00
b6e2e2aa45
adjust delay
2017-11-19 09:43:18 -05:00
1087b8ca16
cleanup
2017-11-18 20:09:29 -05:00
35567e3e23
Fix - copy system:running-config tftp://ip/file
...
Copies running config directly to TFTP server, thus removing the need to delete the file :D.
2017-11-18 13:02:12 -05:00
f84f824a71
remove ?
2017-11-17 16:15:18 -05:00
b457c60542
WORK IN PROGRESS - "GET"
...
Work in progress of GET, and PUT. PUT works fine for grabbing the configuration. GET will be used for service a config to execute commands , or the also WIP action "UPLOAD"
2017-11-17 15:36:27 -05:00
8b59c4615b
Update cisco_smart_install.rb
2017-11-17 07:09:41 -05:00
feb24efd27
add DOWNLOAD action
...
Adds DOWNLOAD function, to download config and send to attacker TFTP server.
2017-11-16 12:58:54 -05:00
4a8d32af85
Update cisco_smart_install.rb
2017-11-16 12:53:27 -05:00
2f6da89674
Change author name to nick.
2017-11-09 03:00:24 +11:00
03cd8af29a
Update browser_sop_bypass.rb
2017-11-08 12:50:49 +05:30
0c247d5635
Update browser_sop_bypass.rb
2017-11-08 12:38:37 +05:30
fc87ee08d9
Land #9060 , IBM Lotus Notes DoS (CVE-2017-1130).
2017-11-07 11:20:12 -06:00
872894f743
Update browser_sop_bypass.rb
2017-11-07 21:29:16 +05:30
2fad61101e
Update browser_sop_bypass.rb
2017-11-07 21:13:06 +05:30
3dad025b8c
Create browser_sop_bypass.rb
2017-11-07 14:24:50 +05:30
88db98c381
Update ibm_lotus_notes2.rb
2017-11-06 20:45:50 +05:30
77c13286e0
Ensure closing script tag has necessary escape.
2017-11-05 13:41:29 -06:00
87934b8194
Convert tnftp_savefile from auxiliary to exploit
...
This has been a long time coming. Fixes #4109 .
2017-11-01 17:37:41 -05:00
972f9c08eb
Land #9135 , peer print for jenkins_enum
2017-11-01 15:33:13 -05:00
77181bcc9c
Prefer peer over rhost/rport
2017-11-01 15:32:32 -05:00
0e66ca1dc0
Fix #3444/#4774, get_json_document over JSON.parse
...
Forgot to update these when I wrote new modules.
2017-11-01 15:05:49 -05:00
c36184697c
Merge pull request #9150 from bcook-r7/runtimeerror
...
Fix several broken raise RuntimeError calls in error paths
2017-10-31 14:47:42 -05:00
f1e6e7eed5
Land #9107 , add MinRID to complement MaxRID
2017-10-31 12:18:28 -05:00
aa0ac57238
use implicit RuntimeError
2017-10-31 04:53:14 -05:00
9389052f61
fix more broken RuntimeError calls
2017-10-31 04:45:19 -05:00
9c16da9c98
Update ibm_lotus_notes2.rb
2017-10-28 18:53:15 +05:30
587c9673c6
Added host and port to output
...
I added the host and port number to reporting when instances are found.
2017-10-27 09:34:49 -07:00
80aba7264c
Update ibm_lotus_notes2.rb
2017-10-25 10:33:25 +05:30
9658776adf
Land #9079 , adding @h00die's gopher scanner
2017-10-20 17:16:08 -07:00
d715f53604
add MinRID to complement MaxRID, allowing continuing or starting from a higher value
...
from @lvarela-r7
2017-10-20 15:32:25 -05:00
664e774a33
style/rubocop cleanup
2017-10-20 09:44:07 -07:00
7e338fdd8c
Land #9086 , proxying fix for nessus_rest_login
2017-10-16 11:52:04 -05:00
9597157e26
Make nessus_rest_login scanner proxy-aware again
2017-10-14 11:16:41 +02:00
f4ae2e6cdc
Make pop3_login scanner proxy-aware again
2017-10-14 11:05:54 +02:00
a63c947768
gopher proto
2017-10-12 21:32:01 -04:00
deb2d76678
Land #9058 , Add proxies back to smb_login
2017-10-12 17:31:45 -05:00
ab63caef7b
Land #9009 , Apache Optionsbleed module
2017-10-10 12:13:40 -05:00
2b85eb17dd
Create ibm_lotus_notes2.rb
2017-10-10 12:22:06 +05:30
a3d47ea838
Land #8989 , IBM Lotus Notes DoS (CVE-2017-1129)
2017-10-09 19:37:59 -05:00
fd8b72ca66
Minor tweaks.
2017-10-09 17:02:24 -05:00
15adb82b96
Make smb_login scanner proxy-aware again
2017-10-09 23:01:25 +02:00
7fc9be846a
bcoles suggestions
2017-09-29 20:29:30 -04:00
6cc5324e5b
oe is all umlaut
2017-09-28 19:52:02 -04:00
2295146dcd
working optionsbleed module
2017-09-27 22:07:57 -04:00
997b831b52
implement regexes
2017-09-27 19:33:50 -04:00
0649d0d356
wip optionsbleed
2017-09-26 22:09:07 -04:00
579342c4f6
Land #8955 , Fix error messages on telnet_encrypt_overflow.rb
2017-09-26 16:08:58 -05:00
66d6ac418a
Land #8978 , Add smb1 scanner
2017-09-26 16:06:41 -05:00
7924667e51
appease alignists
2017-09-25 09:10:10 -05:00
62ee4ed708
update modules to use inherited SSLVersion option
2017-09-25 09:03:22 -05:00
273d49bffd
Land #8891 login scanner for Inedo BuildMaster
2017-09-24 13:30:17 -04:00
e4f79879ba
Update and rename modules/auxiliary/dos/ibm_lotus_notes.rb to modules/auxiliary/dos/http/ibm_lotus_notes.rb
2017-09-23 18:27:50 +05:30
669b6771e3
Update ibm_lotus_notes.rb
2017-09-22 17:16:42 +05:30
a71edb33be
Create ibm_lotus_notes.rb
2017-09-22 17:08:05 +05:30
5a62e779aa
Land #8954 , fix internal usage of bindata objects when generating NTP messages
2017-09-19 09:01:49 -05:00
c953842c96
Added docs and additional dialects
2017-09-18 15:02:38 -05:00
7d07f7054d
Merge remote-tracking branch 'origin/master' into add_smb1_scanner
2017-09-18 13:16:06 -05:00
d07fe2f1e7
Added reporting back, removed wfw dialect
2017-09-18 13:15:19 -05:00
6f5eb5a18f
update
2017-09-15 12:07:28 -05:00
4e81a68108
Simplify saving valid credentials by calling store_valid_credential
2017-09-15 00:18:33 -05:00
646dda7958
Add initial smbv1 scanner code
2017-09-14 16:59:39 -05:00
200a1b400a
Remove spaces to appease msftidy.
2017-09-14 09:28:38 -05:00
27a517e0f6
Fix #8060 , cf #8061
2017-09-12 18:41:51 +02:00
a7a17c677c
fix internal usage of bindata objects when generating NTP messages
2017-09-12 09:54:09 -04:00
e4465c9350
Fixed a bug where flowcontrol caused the first packet to get lost
2017-09-11 19:00:53 -07:00
b218cc3c7f
Merge branch 'master' into hw_auto_padding_fix
2017-09-11 18:30:34 -07:00
ad9329993d
Added better padding and flowcontrol support.
2017-09-11 18:20:57 -07:00
861f4a6201
Changes to buildmaster_login from code review
...
Use peer property in messages instead of rhost rport combination for consistency.
Documentation updated accordingly.
2017-09-09 18:00:04 -05:00
47adfb9956
Fixes from code review to buildmaster_login
...
Per bcoles, the most important fixes are:
- Removing `self.class` from call to `register_options`
- Adding rescue to login_succeeded to handle bad json
2017-09-09 16:26:01 -05:00
c67e407c9c
Land #8880 , added Cisco Smart Install (SMI) scanner
2017-09-07 08:06:03 -05:00
b0dc44fb86
Land #8909 , Avoid saving some invalid creds
2017-09-05 12:43:03 -05:00
86db2a5771
Land #8888 from @h00die, with two extra fixes
...
Fixes spelling and grammar in a bunch of modules. More to come!
2017-08-31 14:37:02 -05:00
8a045e65aa
Spaces between commas
2017-08-31 14:29:23 -05:00
2bbba9c500
Avoid some ActiveRecord validation errors.
...
Per discussion with @bcoles in [PR 8759](https://github.com/rapid7/metasploit-framework/pull/8759#issuecomment-325028479 ), setting a login data's last_attempted_at value while also setting the status to UNTRIED will cause a validation error when there's a running+connected MSF DB.
This PR removes the handful of existing cases we're doing this (thx, @bcoles!).
2017-08-30 15:31:36 -05:00
eec5d2ada9
Update description and add link to SIET
2017-08-30 11:52:11 -07:00
d5124fdc94
Land #8759 , Add TeamTalk Gather Credentials auxiliary module
2017-08-29 13:17:28 -05:00
c9e32fbb18
Remove last_attempted_at
2017-08-29 05:05:04 +00:00
a40429158f
40% done
2017-08-28 20:17:58 -04:00
bd7ea1f90d
more updates, 465 more pages to go
2017-08-26 21:01:10 -04:00
7dfde651ea
Add login scanner module for Inedo BuildMaster
...
This module attempts to log into BuildMaster. BuildMaster is an application release automation tool.
More information about BuildMaster:
http://inedo.com/
2017-08-26 17:56:53 -05:00
924c3de9f3
Land #7382 , BIND TSIG DoS
2017-08-26 10:42:35 -05:00
f9a2c3406f
Clean up module
2017-08-26 10:41:10 -05:00
3420633f29
@NickTyrer corrected my correction
2017-08-26 08:43:10 -04:00
32a4436ecd
first round of spelling/grammar fixes
2017-08-24 21:38:44 -04:00
7b18c17445
Appease rubocop
2017-08-22 14:53:21 -07:00
2969da3d70
Merge branch 'upstream-master' into feature/cisco-smi-scanner
2017-08-22 14:39:44 -07:00
cbd7790e95
Land #8751 , Add Asterisk Gather Credentials auxiliary module
2017-08-20 18:34:27 -05:00
aa797588e8
Land #8847 , Look for sp_execute_external_script in mssql_enum
2017-08-20 14:32:35 -05:00
dc358dd087
unknow to unknown
2017-08-18 11:33:48 -04:00
e642789674
Look for sp_execute_external_script in mssql_enum
...
sp_execute_external_script can be used to execute code in MSSQL.
MSSQL 2016+ can be configured to execute R code. MSSQL 2017 can
be configured to execute Python code.
Documentation:
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql
https://docs.microsoft.com/en-us/sql/advanced-analytics/tutorials/rtsql-using-r-code-in-transact-sql-quickstart
Interesting uses of sp_execute_external_script:
R - https://pastebin.com/zBDnzELT
Python - https://gist.github.com/james-otten/63389189ee73376268c5eb676946ada5
2017-08-16 21:40:03 -05:00
e3265c4b1b
Land #8697 , fix oracle_hashdump and jtr_oracle_fast modules
2017-08-14 17:36:18 -04:00
69c4ae99a7
Land #8811 , fix peer printing with bruteforce modules
2017-08-14 17:31:48 -04:00
1a4db844c0
Refactor build_brute_message for legacy printing
2017-08-14 11:17:34 -05:00
9fdf2ca1f4
Land #8830 , Cleanup auxiliary/scanner/msf/msf_rpc_login
2017-08-14 02:47:08 -04:00
fa4fae3436
Cleanup auxiliary/scanner/msf/msf_rpc_login
2017-08-14 06:34:04 +00:00
26193216d1
Land #8686 , add 'download' and simplified URI request methods to http client mixin
...
Updated PDF author metadata downloader to support the new methods.
2017-08-14 01:40:17 -04:00
5d05ca154a
added http client 'download' method and updates to pdf author module from @bcoles
2017-08-14 01:08:53 -04:00
ecfe3d0235
added optional DoublePulsar check
2017-08-11 11:36:59 -06:00
bb5fffebc4
Land #8796 , SMBLoris Denial of Service Module.
2017-08-09 16:24:55 -05:00
901a1fdd1b
Minor tweaks.
2017-08-09 15:44:32 -05:00
1b6b29c22b
fix error with rdp scanníng
2017-08-09 21:32:15 +02:00
3396afb41a
Add IP and port (peer) to print_brute messages
2017-08-08 15:46:40 -05:00
39e59805f9
Fix annoying print_brute messages in ssh_login
2017-08-08 15:15:23 -05:00
67e86da50b
make SMBLoris run continuously as requested
...
as per ZeroSum's request the module now runs
continuously, refreshing the connections on every pass
until manually killed
2017-08-08 10:16:16 -05:00
289f03241b
add module documentation
...
add module docs for the new smbloris DoS
2017-08-04 16:10:44 -05:00
15cc2a9dc0
removedthreading stuff, tried keepalives
...
still seem to be topping out at
about 1.3GB allocated
2017-08-04 15:28:01 -05:00
e73ffe648e
tried adding supervisor model to smbloris
...
tried to overcome issues with slowdown
around the 4500 connection mark by using the
supervisor pattern to terminate the threads on
the backend. this seems to get us further, but we still
hit a slowdown and the allocations die out before
we hit any serious usage
2017-08-03 14:19:35 -05:00
c9da2d56b9
first pass at SMBLoris DoS module
...
the first pass on the DoS module for SMBLoris
running into issues with it topping out around 600MB
2017-08-03 11:32:57 -05:00
8989d6dff2
Modified Accuvant bog posts to the new Optive urls
2017-08-02 13:25:17 +10:00
d66e8062e7
Add TeamTalk Gather Credentials auxiliary module
2017-07-24 14:24:38 +00:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
80d18fae6a
update example modules to have zero violations
2017-07-24 06:15:54 -07:00
838b066abe
Merge branch 'master' into land-8716
2017-07-24 05:51:44 -07:00
df22e098ed
Land #8695 , Fix #8675 , Add Cache-Control header, also meta tag for BAP2
2017-07-23 07:17:45 -07:00
8c8dbc6d38
Land #8692 , Fix #8685 , Check nil condition for #wordlist_file in jtr modules
2017-07-23 07:12:21 -07:00
109fd8b6d3
Add Asterisk Gather Credentials auxiliary module
2017-07-23 09:55:12 +00:00
e710701416
Made msftidy.rb happy
...
...untested with the set-cookie 'fix'
2017-07-21 19:55:26 -07:00
5d04775f5e
use 2.4 OpenSSL::PKey::RSA api
2017-07-21 16:28:07 -04:00
524373bb48
OCD - Removed un-needed full stop
2017-07-21 07:41:51 -07:00
772bec23a1
Fix various typos
2017-07-21 07:40:08 -07:00
3f6925196b
OCD - store_loot & print_good
2017-07-19 13:02:49 +01:00
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
df9b642746
More print_status -> print_good
2017-07-19 11:39:15 +01:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
3d4feffc62
OCD - Spaces & headings
2017-07-19 11:04:15 +01:00
a008f8e795
BruteForce - > Brute Force
2017-07-19 10:39:58 +01:00
45f81f3c98
Squash some style issues
2017-07-18 12:45:02 -07:00
e93e524c3b
Merge branch 'upstream-master' into feature/rdp-scanner
2017-07-17 13:46:59 -07:00
43e04c8894
Improve RDP probe packet
2017-07-17 13:14:47 -07:00
ee1c87b868
Land #8172 , example modules
...
lands several example modules
2017-07-14 15:17:20 -05:00
e3e5c33b9b
WIP commit of RDP scanner
2017-07-14 13:02:43 -07:00
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
9309115627
OCD - Banner clean up
2017-07-14 08:19:50 +01:00
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
67310fa96c
print_status -> print_good. [When it is successful, show it!]
2017-07-14 00:09:35 +01:00
424522147e
OCD fixes - Start of *.rb files
2017-07-13 23:53:59 +01:00
de230478eb
Land #8566 , Add ye olde NNTP Login Utility scanner module
2017-07-13 13:19:34 -05:00
e52e9c147d
First commit for Cisco Smart Install Scanner
2017-07-12 19:12:06 -07:00
59de7d3635
Land #8671 , Add a module for CVE-2017-7615
2017-07-12 14:58:02 -05:00
580219695a
Oof, missed the parens...
2017-07-12 13:52:59 -05:00
aa22651340
Few style/spelling tweaks, nothing to see here...
2017-07-12 13:41:20 -05:00
345407b0a4
Rex::Encoder::XDR conflicts with the XDR gem
2017-07-12 11:52:10 -05:00
5473b2132d
Implement :request_url for Msf HttpClient mixin
...
To round out implementation of a simple path for users to access
HttpClient like Open or Net::HTTP, create :request_url method which
takes a single URL parameter, uses :request_opts_from_url to build
the request configuration for Rex::Proto::Http::Client, executes
a GET request with it, and disconnects the client unless keepalive
is specified as the second parameter to :request_url.
Example usage of functionality is implemented in http_pdf_authors.
2017-07-11 16:07:13 -04:00
6d7a066477
fixes oracle_hashdump and jtr_oracle_fast modules
...
fixes functionality in the oracle database hashdumper
and the oracle hash cracker modules
2017-07-10 16:57:57 -05:00
50b1ec4044
Fix #8675 , Add Cache-Control header, also meta tag for BAP2
...
Hopefully that browsers will respect this.
Fix #8675
2017-07-10 16:05:09 -05:00
fe360e3e2a
Fix #8685 , Check nil condition for #wordlist_file in jtr modules
...
JTR modules should never assume there is always a database
connected while using #wordlist_file, considering a database is
an optional component for Framework.
Fix #8685
2017-07-10 11:18:20 -05:00
df697aa23c
Implement HttpClient options generation from URL
...
To address the complexity which comes with the flexibility offered
by Rex::Proto::Http::Client and its Msf mixin descendant, a simple
process needs to be implemented for issuing a request using only
the URL string in order to provide ease of access to users who may
not have the time to study how these clients work in detail.
Implement :request_opts_from_url in Msf's HttpClient mixin such as
to extract the options required for :send_request_* from a URL
string passed into the method. This approach reduces HTTP requests
in the mixin to `send_request_raw(request_opts_from_url(url))` when
`url` is just a string.
Implement this approach in the http_pdf_authors gather module to
further reduce infrastructure complexity around the simple need to
acquire PDF files via HTTP/S.
Testing:
Local to this module only, and in Pry of course. Seems to work...
2017-07-10 04:19:26 -04:00
997150a215
Use Msf::Exploit::Remote::HttpClient
...
Replace Net::HTTP usage with proper Rex::Proto::Http::Client via
the Msf module mixin. Generate the request opts from the same URI
parsed URL string, execute a one shot GET request, disconencting
after reciept of results. Depending on the response code, either
pass back an empty StringIO or if its 200, a StringIO(res.body).
2017-07-10 03:37:41 -04:00
263a42707e
Fix a typo
2017-07-09 16:34:51 +02:00
8510cda5ae
Implement @bcoles advices
2017-07-09 16:34:10 +02:00
f10cf75ae0
Fix some stuff
2017-07-09 10:45:15 +02:00
5fe805aaca
s/\t/ /g
2017-07-09 02:29:37 +02:00
968fa0c244
Add even more references
2017-07-09 02:27:54 +02:00
ae930ae7c1
Add a module for CVE-2017-7615
2017-07-09 02:14:21 +02:00
b3be89b508
Land #8663 , typo fix for zoomeye_search
2017-07-07 16:53:48 -05:00
8f464e17a1
Land #8658 , Add Gather PDF Authors auxiliary module
2017-07-07 16:20:29 -05:00
e5244f3113
Fixed typo
2017-07-07 15:26:37 -04:00
683ce10167
Add URL option
2017-07-07 18:42:00 +00:00
d864ce16b1
Add Gather PDF Authors auxiliary module
2017-07-06 23:29:17 +00:00
f45facdf6e
Fix HTTP verb in jboss_vulnscan print_status
2017-07-06 14:55:33 -05:00
aa387e96a7
Land #8577 , Add SurgeNews User Credentials scanner
2017-07-03 10:14:03 -05:00
38b1e56bbd
negated wording regarding legacy auth
...
According to the docs this variable means the opposite:
https://dev.mysql.com/doc/refman/5.5/en/mysql-command-options.html#option_mysql_secure-auth
OFF -> insecure
ON -> secure
2017-07-03 14:29:07 +02:00
dff96ce9a0
Re-order includes with Auxiliary::Scanner last
2017-07-01 08:30:17 +00:00
3d4d03c9b4
Land #8575 , Cerberus Helpdesk hash disclosure
2017-06-30 16:02:53 -05:00
40f0d36f6b
Land #8615 , add @artkond's DoS module for Cisco CVE-2017-3881
2017-06-30 11:17:09 -04:00
d20036e0fb
revise spelling, add heartbleed and tidy checks
2017-06-28 18:50:20 -04:00
461ab4501d
add 'Also known as', AKA 'AKA', to module references
2017-06-28 15:53:00 -04:00
0d9f57ad7c
add @artkond's DoS module for Cisco CVE-2017-3881
...
This makes a few improvements, adds module docs.
2017-06-27 01:53:23 -05:00
05c72214ae
Land #8205 , Add Satel SenNet Command Exec Module
2017-06-25 18:01:44 -05:00
07e7baebb8
sign my name
2017-06-25 14:59:01 -05:00
7bc0dcea42
add ipv6 support for CHOST
2017-06-25 14:57:15 -05:00
269597f994
add initial CHOST support
2017-06-24 18:57:43 -05:00
eee1eff034
improve resolve / add / delete logic
2017-06-24 18:36:01 -05:00
b36d56bed3
handle RXDomain on lookup failure
2017-06-24 18:10:50 -05:00
c8755a3a7a
add pre-flight checks, log a lot more info
2017-06-24 12:32:15 -05:00
cc9326d946
bcoles updates and table printing
2017-06-24 13:01:39 -04:00
8f3c470bb3
make usage more intuitive, remove weird defaults
2017-06-24 11:52:52 -05:00
e1e159fa2d
DNS spoofer - capture BRE block
2017-06-23 19:59:02 -04:00
1a253f92a1
Finalize DNS spoofing module
...
DNS spoofing module should be feature complete, with forwarding of
requests which do not have cached answers (can be disabled same as
the native server module), empty replies to reduce client wait on
outstanding DNS requests, and post-send output in verbose mode
to reduce garbage and execution time in the critical/racy path.
This module is best used in conditions where MITM is achieved by
way of MAC spoofing, route interception, or compromise of an inline
host on the datapath. The attacker should avoid forwarding
original requests to the intended destination, or if this is not
possible, prevent replies from traversing the MITM space in order
to avoid race conditions between the spoofer and victim.
Example iptables configuration on MITM host:
iptables -t nat -A POSTROUTING -o eth0 -p udp ! --dport 53 -j ...
Testing:
Internal testing in Virtualbox local network, atop 802.11, and
mostly in Neutron (with port security disabled on the VIFs) atop
OpenStack Liberty ML2+OVS.
2017-06-23 19:59:02 -04:00
Jon Hart
Jeffrey Martin
Brent Cook
Tod Beardsley
Nick Marcoccio
RootUp
jgor
nromsdahl
William Vu
h00die
Wei Chen
Nicholas Starke
Ryan Knell
Brendan Coles
Adam Cammack
attackdebris
Austin
Matthew Kienow
Daniel Teixeira
Patrick Webster
Pearce Barry
lvarela-r7
sho-luv
Brent Cook
Hanno Heinrichs
bwatters-r7
loftwing
james
Erik Lenoir
Craig Smith
james
zerosum0x0
Christian Mehlmauer
David Maloney
TC Johnson
g0tmi1k
Evgeny Naumov
RageLtMan
jvoisin
dmohanty-r7
MD5HashBrowns
Roman