sinn3r
127d1640da
Print password
2014-10-30 13:27:40 -05:00
Joe Vennix
6dc13f90cd
Update descriptions to mention Webview bugginess.
2014-10-30 10:55:56 -05:00
Joe Vennix
0ad9f95806
Remove stray alert() for debugging.
2014-10-30 10:52:06 -05:00
Joe Vennix
88040fbce0
Add another Android < 4.4 UXSS exploit.
2014-10-30 10:34:14 -05:00
Jon Hart
15e1c253fa
Numerous cleanups for snmp_enumusers
...
* Bring in line with Ruby standards
* More sane format for adding new OSs
* Better logging for use on larger networks
* Better error handling
2014-10-29 23:54:32 -07:00
jvazquez-r7
ac939325ce
Add module first version
2014-10-29 21:11:57 -05:00
Peter Arzamendi
9d56f0298a
Changed upper XXX to lower XXX.
2014-10-29 20:09:02 -05:00
Peter Arzamendi
b35a8935db
Updated get_once for get_once undefined method and EOFError
2014-10-29 13:47:07 -05:00
Deral Heiland
64a59e805c
Fix a simple typo
2014-10-29 12:40:24 -04:00
Deral Heiland
1bf1be0e46
Updated to module based feedback from wchen-r7
2014-10-29 11:42:07 -04:00
Juan Escobar
2e53027bb6
Fix value of X7C2P cookie and typo
2014-10-29 08:32:36 -05:00
Peter Arzamendi
2bc8767751
Updated rescue to catch other errors from the socket API
2014-10-29 08:03:28 -05:00
Juan Escobar
9f21ac8ba2
Fix issues reported by wchen-r7
2014-10-28 21:31:33 -05:00
Jon Hart
ba5035c7ef
Prevent calling match when there is no WWW-auth header
2014-10-28 17:13:57 -07:00
Jon Hart
a5d883563d
Abort if 2013 desired but redirect didn't happen
2014-10-28 15:59:22 -07:00
Jon Hart
7ca4ba26b0
Show more helpful vprint messages when login fails
2014-10-28 15:48:04 -07:00
Jon Hart
bce8f34a71
Set proper Cookie header from built cookie string
2014-10-28 15:41:36 -07:00
Jon Hart
a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response
2014-10-28 15:40:15 -07:00
Peter Arzamendi
604cad9fbb
Updated timeout to default to 45 seconds to wait for the print job to finish.
2014-10-28 15:45:28 -05:00
Peter Arzamendi
b17d6a661d
Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds.
2014-10-28 15:23:47 -05:00
Peter Arzamendi
0e42cf25d1
Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri
2014-10-28 15:13:16 -05:00
Tod Beardsley
9c028c1435
Fixes #4083 , make the split nil-safe
...
In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.
This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.
2014-10-28 14:59:20 -05:00
William Vu
71a6ec8b12
Land #4093 , cups_bash_env_exec CVE-2014-6278
2014-10-28 12:47:51 -05:00
Brendan Coles
57baf0f393
Add support for CVE-2014-6278
2014-10-28 17:10:19 +00:00
William Vu
3de5c43cf4
Land #4050 , CUPS Shellshock
...
Bashbleeded!!!!!!!!!!!
2014-10-28 11:59:31 -05:00
Peter Arzamendi
1012cd8d6b
Updated based on wchen-r7 feedback.
2014-10-28 11:38:50 -05:00
Brendan Coles
78b199fe72
Remove CVE-2014-6278
2014-10-28 16:18:24 +00:00
Joe Vennix
c6bbc5bccf
Merge branch 'landing-4055' into upstream-master
2014-10-28 11:18:20 -05:00
Deral Heiland
9021e4dae6
Xerox Workcentre firmware injection exploit
2014-10-28 11:15:43 -04:00
jvazquez-r7
5e0993d756
Add OJ as author
2014-10-28 09:58:34 -05:00
Tod Beardsley
dade6b97ba
Land #4088 , wget exploit
...
Fixes #4077 as well.
2014-10-28 09:03:07 -05:00
Brendan Coles
a060fec760
Detect version in check()
2014-10-28 12:28:18 +00:00
sinn3r
e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner
2014-10-28 01:45:57 -05:00
HD Moore
64c206fa62
Add module for CVE-2014-4877 (Wget)
2014-10-27 23:37:41 -05:00
Peter Arzamendi
0b225d94b1
Xerox Admin password extractor.
2014-10-27 19:26:40 -05:00
Juan Escobar
2ba2388889
Fix issues reported by jvasquez
2014-10-27 19:15:39 -05:00
jvazquez-r7
b990b14a65
Land #3771 , @us3r777's deletion of jboss_bshdeployer STAGERNAME option
2014-10-27 18:09:35 -05:00
parzamendi-r7
f7f6cff327
Update xerox_workcentre_5XXX_ldap.rb
2014-10-27 17:23:47 -05:00
Peter Arzamendi
f119abbf8c
Xerox workcentre 5735 LDAP credential extractor
2014-10-27 15:52:12 -05:00
jvazquez-r7
373ce8d340
Use perl encoding
2014-10-27 15:30:02 -05:00
Luke Imhoff
216360d664
Add missing require
...
MSP-11145
2014-10-27 15:19:59 -05:00
jvazquez-r7
9da83b6782
Update master changes
2014-10-27 14:35:30 -05:00
Spencer McIntyre
04a99f09bb
Land #4064 , Win32k.sys NULL Pointer Dereference
2014-10-27 14:01:07 -04:00
William Vu
090d9b95d1
Land #4078 , pureftpd_bash_env_exec desc. update
2014-10-27 12:12:09 -05:00
William Vu
950fc46e4b
Normalize description
2014-10-27 12:09:39 -05:00
Jon Hart
b8c9ef96ca
Land #4003 , @nstarke's Login Scanner for WD MyBook Live NAS
2014-10-27 09:57:43 -07:00
Spencer McIntyre
830f631da4
Make the check routine less strict
2014-10-27 12:51:20 -04:00
sinn3r
aa5dc0a354
100 columns per line
2014-10-27 10:24:11 -05:00
sinn3r
7e56948191
Update description about pureftpd_bash_env_exec
...
Make exploitable requirements more obvious
2014-10-27 10:23:06 -05:00
Spencer McIntyre
46b1abac4a
More robust check routine for cve-2014-4113
2014-10-27 11:19:12 -04:00
jvazquez-r7
4406972b46
Do version checking minor cleanup
2014-10-27 09:32:42 -05:00
Juan Escobar
848f24a68c
update module description
2014-10-27 02:07:16 -05:00
root
d66dc88924
Add PHP Code Execution for X7 Chat 2.0.5
2014-10-27 01:01:31 -05:00
jvazquez-r7
c319ea91b3
Delete verbose print
2014-10-26 17:31:19 -05:00
jvazquez-r7
34697a2240
Delete 'callback3' also from 32 bits version
2014-10-26 17:28:35 -05:00
Spencer McIntyre
7416c00416
Initial addition of x64 target for cve-2014-4113
2014-10-26 16:54:42 -04:00
Brendan Coles
554935e60b
Add check() and support CVE-2014-6278
2014-10-26 18:11:36 +00:00
scriptjunkie
4dfbce425a
use vprintf...
2014-10-26 09:20:32 -05:00
scriptjunkie
c31fb0633d
Merge branch 'wp-psexeccmd' of github.com:webstersprodigy/metasploit-framework into webstersprodigy-wp-psexeccmd
2014-10-26 09:05:25 -05:00
jvazquez-r7
a75186d770
Add module for CVE-2014-4113
2014-10-23 18:51:30 -05:00
sinn3r
7cb4320a76
Land #3561 - unix cmd generic_sh encoder
2014-10-23 15:48:00 -05:00
sinn3r
13fd6a3374
Land #4046 - Centreon SQL and Command Injection
2014-10-23 13:17:00 -05:00
sinn3r
ce841e57e2
Rephrase about centreon.session
2014-10-23 13:15:55 -05:00
sinn3r
889045d1b6
Change failure message
2014-10-23 12:55:27 -05:00
Jon Hart
83df08aaa7
Properly encode body and catch invalid configs
2014-10-22 22:43:06 -07:00
Jon Hart
c765100efd
Land #4004 , @martinvigo's LastPass master password extraction module
2014-10-22 16:34:54 -07:00
Jon Hart
29b61984c5
Update to use correctly joined path
2014-10-22 16:34:17 -07:00
sinn3r
42cd288bc0
Land #4057 - Bring back TCP::max_send_size and TCP::send_delay options
...
Fix #3967
2014-10-22 16:23:15 -05:00
sinn3r
0ea03c00a5
Use print_brute instead of print_good for format consistency
2014-10-22 16:14:45 -05:00
Tim Wright
b8c3fadb9e
python 3 is supported now too :)
2014-10-22 20:10:48 +01:00
Tim Wright
8c3c73a72d
inline the error message
2014-10-22 20:08:14 +01:00
Tim Wright
2ab73688dc
use framework.threads to launch cleanup thread
2014-10-22 19:40:29 +01:00
Tim Wright
22fc6496ac
Merge branch 'pr/3401' into landing-3401
2014-10-22 19:23:01 +01:00
Jon Hart
ce8a9941ea
Cleanup. Sanity check in setup. vprint
2014-10-22 10:36:24 -07:00
James Lee
46acf08e2d
Merge remote-tracking branch 'upstream/master' into bug/msp-11497/loginscanner-tcp-evasions
2014-10-22 09:09:34 -05:00
nstarke
ee3dd3a2ac
More Fixes for WD MyBook Live Scanner
...
Fixes include removing deregistered options
from credentials collection object and adding proof
when there is no response
2014-10-22 03:06:21 +00:00
James Lee
0fcd1ac4f6
Restore tcp evasions to smb_login
2014-10-21 18:59:11 -05:00
James Lee
e1a7e902d6
Re-enable tcp evasions for more LoginScanners
...
Untested since I don't have targets for these.
2014-10-21 18:58:28 -05:00
sinn3r
6d11ec8477
These mods support Proxies, so make the option visible for the user
2014-10-21 15:39:24 -05:00
sinn3r
db7c420d8d
Merge the latest changes
2014-10-21 13:49:42 -05:00
James Lee
f9f8c413a8
Derp, ssh modules don't include Tcp for #proxies
2014-10-21 13:28:13 -05:00
sinn3r
79d393c5aa
Resolve merge conflicts
...
Conflicts:
lib/msf/core/exploit/smb.rb
lib/msf/core/exploit/tcp.rb
modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
James Lee
4705aeb762
Restore tcp evasions to ftp, pop3, vnc
2014-10-21 11:06:55 -05:00
James Lee
7d150ce0dd
Add tcp evasions to mysql
2014-10-21 10:05:18 -05:00
James Lee
e76ee294a1
Restore tcp evasions to telnet
2014-10-21 09:44:55 -05:00
nstarke
82b74d5f3c
Fixes to MyBook Live Module
...
This commit contains three fixes as requested on PR
#4003 . Those include:
+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
nstarke
70b13819d9
Adding Login Scanner for MyBook Live
...
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
jvazquez-r7
d6f4c02c2a
Land #3979 , @wchen-r7 fixes #3976 , http_login not using TARGETURI, neither uri normalization
2014-10-20 18:10:57 -05:00
Spencer McIntyre
f886ab6f97
Land #4020 , Jenkins-CI CSRF token support
2014-10-20 19:03:24 -04:00
jvazquez-r7
74ac16081f
Land #3981 , @wchen-r7 Fixes #3974 , axis_login.rb does not normalize URI
2014-10-20 17:51:13 -05:00
jvazquez-r7
00f137cdcf
Land #4040 , @nullbind's MS SQL privilege escalation through SQLi
2014-10-20 16:23:50 -05:00
jvazquez-r7
acc590b59c
Modify metadata
2014-10-20 16:22:10 -05:00
jvazquez-r7
1381c7fb37
Modify title
2014-10-20 16:17:47 -05:00
jvazquez-r7
323680c31a
Clean code
2014-10-20 16:17:06 -05:00
jvazquez-r7
c77a0984bd
Land #3989 , @us3r777's exploit for CVE-2014-7228, Joomla Update unserialize
...
the commit.
empty message aborts
2014-10-20 13:39:08 -05:00
jvazquez-r7
4e6f61766d
Change module filename
2014-10-20 13:31:22 -05:00
jvazquez-r7
e202bc10f0
Fix title
2014-10-20 13:30:44 -05:00
jvazquez-r7
f07c5de711
Do code cleanup
2014-10-20 13:27:48 -05:00
sinn3r
dbaf9c5857
Land #4001 - HP Data Protector EXEC_INTEGUTIL Remote Code Execution
2014-10-20 11:44:21 -05:00
HD Moore
935a23296d
Updates to NAT-PMP, lands #4041
2014-10-20 11:26:26 -05:00
sinn3r
6b9742b444
Land #3966 - Add exploit for CVE-2014-4872 BMC / Numara Track-It!
2014-10-20 11:23:23 -05:00
Tod Beardsley
6812b8fa82
Typo and grammar
2014-10-20 11:02:09 -05:00
jvazquez-r7
052a9fec86
Delete return
2014-10-20 10:52:33 -05:00
jvazquez-r7
199f6eba76
Fix check method
2014-10-20 10:46:40 -05:00
James Lee
3051b6c5ba
Clean up exceptions
...
Of particular note is mysql, who was rescuing Rex::ConnectionTimeout
*after* Rex::ConnectionError, which never would have fired anyway.
2014-10-20 10:27:02 -05:00
us3r777
16101612a4
Some changes to use primer
...
Follow wiki How-to-write-a-module-using-HttpServer-and-HttpClient
2014-10-20 17:26:16 +02:00
James Lee
b7d69bec83
Restore proxies to ssh scanners
2014-10-20 10:19:06 -05:00
us3r777
1e143fa300
Removed unused variables
2014-10-20 16:58:41 +02:00
jvazquez-r7
57fe829f96
Switch generic_sh's rank to ManualRanking
2014-10-20 09:34:19 -05:00
jvazquez-r7
c991c5e377
Readd generic_sh encoder
2014-10-20 09:33:34 -05:00
nullbind
036d43ba37
fixed logic bug
2014-10-19 20:56:29 -05:00
Jon Hart
2985b39267
Land #3980 , @wchen-r7 fixed #3975
2014-10-19 17:11:06 -07:00
Jon Hart
88c1647c80
Loot the passwords, obviously
2014-10-19 13:11:10 -07:00
Jon Hart
0971d7c3ac
Remove ... from prints, only map a browser if we found something
2014-10-19 13:05:11 -07:00
Jon Hart
967800eed0
Track account name for more useful table and prints
2014-10-19 12:59:51 -07:00
Jon Hart
5a05246682
Consistent case in *print_*
2014-10-19 12:30:50 -07:00
Spencer McIntyre
005baa7f7e
Retry the script page request to get the token
...
After logging in to Jenkins the script console page
needs to be requested again to get the CSRF token.
2014-10-19 14:04:16 -04:00
Brendan Coles
0ede70e7f6
Add exploit module for CUPS shellshock
2014-10-19 17:58:49 +00:00
ikkini
c2174c7910
return if no version response received
2014-10-19 00:29:36 +02:00
nullbind
1e2f1eaee0
cleaning up
2014-10-18 12:00:11 -05:00
sinn3r
d1523c59a9
Land #3965 - BMC Track-It! Arbitrary File Upload
2014-10-17 19:47:42 -05:00
Jon Hart
a30663e412
Fix multiuser LastPass extraction, print/vprint cleanup
2014-10-17 17:40:19 -07:00
James Lee
329a600b84
Add tcp evasion options to mssql_login
2014-10-17 17:40:21 -05:00
sinn3r
8b5a33c23f
Land #4044 - MS14-060 "Sandworm"
2014-10-17 16:46:32 -05:00
William Vu
d5b698bf2d
Land #3944 , pkexec exploit
2014-10-17 16:30:55 -05:00
jvazquez-r7
70f8e8d306
Update description
2014-10-17 16:17:00 -05:00
jvazquez-r7
e52241bfe3
Update target info
2014-10-17 16:14:54 -05:00
jvazquez-r7
7652b580cd
Beautify description
2014-10-17 15:31:37 -05:00
jvazquez-r7
d831a20629
Add references and fix typos
2014-10-17 15:29:28 -05:00
Jon Hart
d2a00b208e
Minor style cleanup to appease Rubocop
2014-10-17 12:50:18 -07:00
sinn3r
ef1556eb62
Another update
2014-10-17 13:56:37 -05:00
jvazquez-r7
8fa648744c
Add @wchen-r7's unc regex
2014-10-17 13:46:13 -05:00
William Vu
10f3969079
Land #4043 , s/http/http:/ splat
...
What is a splat?
2014-10-17 13:41:07 -05:00
Jon Hart
d97fe548b9
Store the browser name in LastPass loot
2014-10-17 11:33:31 -07:00
Jon Hart
43238c7324
Simplify LastPass extraction. Track what browser that puked creds
2014-10-17 11:19:36 -07:00
William Vu
dbfe398e35
Land #4037 , Drupageddon exploit
2014-10-17 12:39:59 -05:00
William Vu
a514e3ea16
Fix bad indent (should be spaces)
...
msftidy is happy now.
2014-10-17 12:39:25 -05:00
William Vu
f2328e679f
Land #4034 , POODLE scanner
2014-10-17 12:36:48 -05:00
William Vu
367ea5d3db
Add disclosure date
2014-10-17 12:35:28 -05:00
Tod Beardsley
ccdaf2b576
Fix the banner
...
Turns out these will be broken in outstanding PRs for a while. At least
they won't be merge conflicts.
2014-10-17 12:23:23 -05:00
Jon Hart
9177b931fd
Refactoring of LastPass module to use correct Firefox path on *nix
2014-10-17 10:20:55 -07:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley
ad501b25e4
Filename move to be less redundant
2014-10-17 11:25:14 -05:00
jvazquez-r7
e5903562ee
Delete bad/incomplete validation method
2014-10-17 10:36:01 -05:00
nullbind
bf92769ba2
added mssql_escalate_dbowner_sqli
2014-10-17 10:25:20 -05:00
sinn3r
a79427a659
I shoulda checked before git commit
2014-10-17 00:54:45 -05:00
sinn3r
4c0048f26a
Update description
2014-10-17 00:46:17 -05:00
sinn3r
3a63fa12b8
'ppsx_module_smaller' to branch cve_2014_4114
2014-10-17 00:10:57 -05:00
William Vu
e242bf914f
Land #4031 , fixes for pureftpd_bash_env_exec
2014-10-16 19:55:09 -05:00
jvazquez-r7
1d16bd5c77
Fix vulnerability discoverer
2014-10-16 18:01:45 -05:00
jvazquez-r7
807f1e3560
Fix target name
2014-10-16 17:58:45 -05:00
jvazquez-r7
c1f9ccda64
Fix ruby
2014-10-16 17:55:00 -05:00
jvazquez-r7
e40642799e
Add sandworm module
2014-10-16 16:37:37 -05:00
Jon Hart
8fdae8fbfb
Move protocol and lifetime to mixin, use correct map_target if CHOST
2014-10-16 13:24:17 -07:00
Brandon Perry
353d2f79cc
tweak pw generation
2014-10-16 12:06:19 -07:00
Brandon Perry
5f8c0cb4f3
Merge branch 'drupal' of https://github.com/FireFart/metasploit-framework into drupageddon
2014-10-16 11:53:54 -07:00
Christian Mehlmauer
c8dd08f605
password hashing
2014-10-17 15:52:47 +02:00
Brandon Perry
23b7b8e400
fix for version 7.0-7.31
2014-10-16 11:53:48 -07:00
James Lee
40b360555f
Make the error message a little more useful
2014-10-16 12:47:13 -05:00
Brandon Perry
9bab77ece6
add urls
2014-10-16 10:36:37 -07:00
Brandon Perry
b031ce4df3
Create drupal_drupageddon.rb
2014-10-16 16:42:47 -05:00
Brandon Perry
5c4ac48db7
update the drupal module a bit with error checking
2014-10-16 10:32:39 -07:00
Tod Beardsley
8cf10be779
Don't assume SSLv3 is set (kill FP+s)
2014-10-16 10:43:58 -05:00
Tod Beardsley
0b67efd51e
Add a POODLE scanner and general SSL version scan
2014-10-16 10:27:37 -05:00
Spencer McIntyre
09069f75c2
Fix #4019 , fix NameError peer and disconnect in check
2014-10-16 08:32:20 -04:00
Martin Vigo
36d6220f8f
Make use of Rex::Ui::Text::Table
2014-10-15 23:13:53 -07:00
Martin Vigo
bb421859d3
Refactor code and add support for all Windows
2014-10-15 22:15:54 -07:00
Martin Vigo
c7e0ced02b
Remove useless conditions
2014-10-15 21:29:47 -07:00
Martin Vigo
2bdc703930
Remove useless condition
2014-10-15 21:16:06 -07:00
Martin Vigo
5fa39782b8
Fix unused variable
2014-10-15 21:10:50 -07:00
Martin Vigo
8fc0f0955e
Add support for Firefox
2014-10-15 20:44:20 -07:00
Martin Vigo
47794510c3
Add support for Firefox in XP
2014-10-15 20:44:19 -07:00
Martin Vigo
484d98d0a8
Meet rubocop and msftify rules
2014-10-15 20:17:36 -07:00
Martin Vigo
85e6febe09
Add module to extract/decrypt LastPass credentials
2014-10-15 20:17:36 -07:00
James Lee
41a57b7ba5
Re-enable proxies for HTTP-based login scanners
2014-10-15 17:00:44 -05:00
Jon Hart
07f2d4dafe
Further improvements to NAT-PMP. Faster, more useful, less not useful
2014-10-15 06:39:38 -07:00
Fernando Munoz
4c2ae1a753
Fix jenkins when CSRF is enabled
2014-10-14 19:33:23 -05:00
Tod Beardsley
592f1e9893
Land #3999 , errors on login suppressed by default
...
This also solved the merge conflict on:
modules/auxiliary/scanner/http/jenkins_login.rb
Fixes #3995 .
2014-10-14 16:35:09 -05:00
Jon Hart
ea6824c46f
WIP of NAT-PMP rework
2014-10-14 14:20:24 -07:00
William Vu
bdbad5a81d
Fix misaligned bracket
2014-10-14 13:43:59 -05:00
Tod Beardsley
9f6008e275
A couple OSVDB updates for recent modules
2014-10-14 13:39:36 -05:00
Tod Beardsley
4f8801eeba
Land #3651 , local Bluetooth exploit a @KoreLogic
...
This started life as #3653 . I'll take this out of unstable as well,
since it got there on commit b10cbe4f
2014-10-14 13:13:34 -05:00
Tod Beardsley
56534e7ad3
Changed a login failed to vprint instead of print
...
People often like to supress failed attempts. Note that this change may
or may not have any effect, given the status of #3995 .
This module was introduced in PR #3947 .
2014-10-14 12:01:09 -05:00
Tod Beardsley
b1223165d4
Trivial grammar fixes
2014-10-14 12:00:50 -05:00
Tod Beardsley
6ea3a78b47
Clarify the description on HP perfd module
...
Introduced in #3992
2014-10-14 11:58:52 -05:00
jvazquez-r7
39a09ad750
Use ARCH_CMD on Windows target
2014-10-14 10:24:32 -05:00
jvazquez-r7
a0fc0cf87f
Update ranking
2014-10-13 17:44:00 -05:00
Nikita
621b9523b1
Update tnspoison_checker.rb
2014-10-13 22:05:08 +04:00
Nikita
1996886ae9
Update tnspoison_checker.rb
2014-10-13 12:53:39 +04:00
Nikita
22aabc7805
Add new module to test TNS poison
...
This module simply checks the server for vulnerabilities like TNS Poison
2014-10-13 12:21:07 +04:00
Jon Hart
d51d2bf5a0
Land #3990 , @wchen-r7's fix for #3984 , a busted check in drupal_views_user_enum
2014-10-12 19:38:55 -07:00
Jon Hart
76275a259a
Minor style cleanup of help and a failure message
2014-10-12 18:34:13 -07:00
jvazquez-r7
ca05c4c2f4
Fix @wchen-r7's feedback
...
* use vprint_* on check
* rescue get_once
2014-10-12 17:44:33 -05:00
us3r777
444b01c4b0
Typo + shorten php serialized object
2014-10-12 21:29:04 +02:00
jvazquez-r7
46bf8f28e0
Fix regex
2014-10-11 21:37:05 -05:00
jvazquez-r7
6092e84067
Add module for ZDI-14-344
2014-10-11 21:33:23 -05:00
Jon Hart
c3a58cec9e
Make note of other commands to investigate
2014-10-11 13:07:52 -07:00
Jon Hart
c80a5b5796
List commands in sorted order
2014-10-11 13:00:30 -07:00
Jon Hart
4ffc8b153c
Support running more than one perfd command in a single pass
2014-10-11 11:38:00 -07:00
Jon Hart
c72593fae4
Store just banner for service, loot the rest. Also, minor style.
2014-10-11 11:12:49 -07:00