Commit Graph

3177 Commits (5f1a1f8ed3637c124bd932326ef55a0ccb275ebf)

Author SHA1 Message Date
William Vu a521d469ed
Land #4194, Quake protocol support 2014-11-15 17:44:19 -06:00
Jon Hart 57aef9a6f5
Land #4177, @hmoore-r7's fix for #4169 2014-11-13 18:29:57 -08:00
Jon Hart ebf6fe4e56
Minor style cleanup 2014-11-12 16:44:43 -08:00
Jon Hart 07a1653e57
Add gather module for Quake servers 2014-11-12 13:32:56 -08:00
Tod Beardsley 54158c8662
Land #4005, TNS poison checker 2014-11-12 13:29:59 -06:00
Tod Beardsley d242bc220b
Minor fixups and disclosure date for TNS module 2014-11-12 13:25:10 -06:00
Tod Beardsley 955a5142ca Edit e-mail address for antispam 2014-11-12 13:19:04 -06:00
Tod Beardsley 7e05f88399
Reapply PR #4113 (removed via #4175) 2014-11-11 15:06:43 -06:00
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Tod Beardsley 017a44c0ae
Revert errored merge of deea30d
Revert "Merge branch 'master' of https://github.com/farias-r7/metasploit-framework into upstream-master"

This reverts commit deea30ddb4, reversing
changes made to 14514d7b8b.
2014-11-11 14:38:47 -06:00
HD Moore 96ba6da697
Add the UDP scanner template, lands #4113.
There is some additional work to do regarding CHOST/CPORT, but this is not tied to the udp template changes.
2014-11-11 11:59:30 -06:00
Nikita c0285067c9 Add new module to test TNS poison
msf auxiliary(tnspoison_checker) > show options 

Module options (auxiliary/scanner/oracle/tnspoison_checker1):

   Name     Current Setting                          Required  Description
   ----     ---------------                          --------  -----------
   RHOSTS   172.16.2.100, 172.16.2.24, 172.16.2.101  yes       The target address range or CIDR identifier
   RPORT    1521                                     yes       The target port
   THREADS  1                                        yes       The number of concurrent threads

msf auxiliary(tnspoison_checker) > exploit 

[+] 172.16.2.100:1521 is vulnerable
[*] Scanned 1 of 3 hosts (033% complete)
[-] 172.16.2.24:1521 is not vulnerable 
[*] Scanned 2 of 3 hosts (066% complete)
[-] 172.16.2.101:1521 unable to connect to the server
[*] Scanned 3 of 3 hosts (100% complete)
[*] Auxiliary module execution completed
2014-11-11 17:29:27 +03:00
Tod Beardsley cca30b536f
Land #4094, fixes for OWA brute forcer
Fixes #4083

Thanks TONS to @jhart-r7 for doing most of the work on this!
2014-11-05 14:00:26 -06:00
Jon Hart ff8d481eec Update description to remove comments about defaults. Default to 2013 2014-11-04 21:21:19 -08:00
Jon Hart 2c028ca7a6 Move redirect check before body check -- a redirect won't have a body 2014-11-04 14:19:21 -08:00
Jon Hart 7855ede2de Move userpass emptiness checking into setup 2014-11-04 14:07:39 -08:00
Tod Beardsley 5fb268bbdf
Updates to better OWA fix 2014-11-04 14:32:54 -06:00
Jon Hart b0e388f4c3
Land #3516, @midnitesnake's snmp_enumusers fix for Solaris, OS X 2014-11-04 08:23:16 -08:00
Tod Beardsley 51b96cb85b
Cosmetic title/desc updates 2014-11-03 13:37:45 -06:00
Jon Hart 8f197d4918 Move to build_probe 2014-11-03 08:41:51 -08:00
Jon Hart 121ebdfef6 update_info 2014-10-31 13:17:50 -07:00
Jon Hart b99e71dcdd Example UDPScanner style cleanup, move most to UDPScanner 2014-10-31 12:14:04 -07:00
Jon Hart ff0b52cffb Example per-batch vprint, a useful default 2014-10-31 10:31:31 -07:00
Jon Hart 94d4388af9 Improvements to example UDPScanner 2014-10-31 09:53:10 -07:00
Jon Hart d9f0a10737 Add new example template for scanning UDP services 2014-10-31 08:06:31 -07:00
Jon Hart 15e1c253fa Numerous cleanups for snmp_enumusers
* Bring in line with Ruby standards
* More sane format for adding new OSs
* Better logging for use on larger networks
* Better error handling
2014-10-29 23:54:32 -07:00
Jon Hart ba5035c7ef
Prevent calling match when there is no WWW-auth header 2014-10-28 17:13:57 -07:00
Jon Hart a5d883563d
Abort if 2013 desired but redirect didn't happen 2014-10-28 15:59:22 -07:00
Jon Hart 7ca4ba26b0
Show more helpful vprint messages when login fails 2014-10-28 15:48:04 -07:00
Jon Hart bce8f34a71
Set proper Cookie header from built cookie string 2014-10-28 15:41:36 -07:00
Jon Hart a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response 2014-10-28 15:40:15 -07:00
Tod Beardsley 9c028c1435
Fixes #4083, make the split nil-safe
In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.

This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.
2014-10-28 14:59:20 -05:00
sinn3r e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner 2014-10-28 01:45:57 -05:00
Jon Hart b8c9ef96ca
Land #4003, @nstarke's Login Scanner for WD MyBook Live NAS 2014-10-27 09:57:43 -07:00
Jon Hart 83df08aaa7 Properly encode body and catch invalid configs 2014-10-22 22:43:06 -07:00
sinn3r 0ea03c00a5 Use print_brute instead of print_good for format consistency 2014-10-22 16:14:45 -05:00
Jon Hart ce8a9941ea Cleanup. Sanity check in setup. vprint 2014-10-22 10:36:24 -07:00
James Lee 46acf08e2d Merge remote-tracking branch 'upstream/master' into bug/msp-11497/loginscanner-tcp-evasions 2014-10-22 09:09:34 -05:00
nstarke ee3dd3a2ac More Fixes for WD MyBook Live Scanner
Fixes include removing deregistered options
from credentials collection object and adding proof
 when there is no response
2014-10-22 03:06:21 +00:00
James Lee 0fcd1ac4f6
Restore tcp evasions to smb_login 2014-10-21 18:59:11 -05:00
James Lee e1a7e902d6
Re-enable tcp evasions for more LoginScanners
Untested since I don't have targets for these.
2014-10-21 18:58:28 -05:00
sinn3r 6d11ec8477 These mods support Proxies, so make the option visible for the user 2014-10-21 15:39:24 -05:00
sinn3r db7c420d8d Merge the latest changes 2014-10-21 13:49:42 -05:00
James Lee f9f8c413a8
Derp, ssh modules don't include Tcp for #proxies 2014-10-21 13:28:13 -05:00
sinn3r 79d393c5aa Resolve merge conflicts
Conflicts:
	lib/msf/core/exploit/smb.rb
	lib/msf/core/exploit/tcp.rb
	modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
James Lee 4705aeb762
Restore tcp evasions to ftp, pop3, vnc 2014-10-21 11:06:55 -05:00
James Lee 7d150ce0dd
Add tcp evasions to mysql 2014-10-21 10:05:18 -05:00
James Lee e76ee294a1
Restore tcp evasions to telnet 2014-10-21 09:44:55 -05:00
nstarke 82b74d5f3c Fixes to MyBook Live Module
This commit contains three fixes as requested on PR
#4003.  Those include:

+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
nstarke 70b13819d9 Adding Login Scanner for MyBook Live
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00