jvazquez-r7
d76e14fc9c
Add module for OSVDB 93004 - Exim Dovect exec
2013-06-07 17:59:04 -05:00
Karn Ganeshen
ffa18d413f
Updated rfcode_reader_enum.rb ...
...
Updated as per review comments.
Removed loot of network configuration.
Used JSON.parse to bring cleaner loot output
Changed some print_goods to vprint_status
Changed if not to unless
2013-06-08 03:21:43 +05:30
Karn Ganeshen
74bddcf339
Update sevone_enum.rb
...
New updates as per review comments
2013-06-08 02:28:09 +05:30
sinn3r
19a6f310cd
Land #1927 - Add common passwords from xato.net
2013-06-07 15:24:09 -05:00
Tod Beardsley
dc680e7106
Underscores because the rest are.
2013-06-07 15:16:39 -05:00
sinn3r
aefcc51704
Land #1924 - Java pwn2own 2013: java_jre17_driver_manager (CVE-2013-1488)
2013-06-07 15:12:09 -05:00
Tod Beardsley
0265dd8860
Add common passwords from xato.net
...
Mark Burnett publishes lists of top passwords occasionally. This PR adds
the top 500 and top 1024 passwords, as of 2011-06-20, linked from this
blog post:
http://xato.net/passwords/more-top-worst-passwords/
He also does a fair bit of frequency analysis there.
The 1024 list, should probably used instead of the original
unix_password.txt file. unix_password.txt was added on 2010 from an
unknown source (and since edited occasionally to add known good default
passwords). Pulling those changes into this list probably would be
helpful to guess better.
As far as I can tell, there are no special licensing terms for these
lists.
2013-06-07 15:10:14 -05:00
Karn Ganeshen
1ca8fd2cf1
Update sevone_enum.rb
...
Updated as per initial review comments.
2013-06-08 01:14:43 +05:30
Karn Ganeshen
eb0ae6ed27
Update rfcode_reader_enum.rb
...
Updated as per review comments
2013-06-08 01:00:18 +05:30
David Maloney
6aa7c74fdd
make anemone also rspect domain
2013-06-07 14:24:14 -05:00
jvazquez-r7
79bfdf3ca6
Add comment to explain the applet delivery methods
2013-06-07 14:20:21 -05:00
sinn3r
b8ba0f27ee
Land #1738 - Bug/spec 2.0 compat
2013-06-07 13:58:50 -05:00
Thomas Ring
2bb0bd504c
Makign changes recommended in redmine 7945 to fix SNMP enum module failing to catch some fail cases
2013-06-07 13:55:59 -05:00
jvazquez-r7
641fd3c6ce
Add also the msf module
2013-06-07 13:39:19 -05:00
jvazquez-r7
7090d4609b
Add module for CVE-2013-1488
2013-06-07 13:38:41 -05:00
James Lee
5955397882
Use a more descriptive subject
...
Also removes the unnecessary (and now broken in 2.0) checks for
respond_to? on accessors.
2013-06-07 13:27:40 -05:00
James Lee
0f2ea755c5
Add encoding comment to spec files for 2.0 compat
2013-06-07 13:27:39 -05:00
Karn Ganeshen
6b8e6b3f0c
Create rfcode_reader_enum.rb
...
Adding new aux - RFCode Reader Web interface Login Brute Force & Config Capture Utility
2013-06-07 23:53:09 +05:30
Karn Ganeshen
fcc600aa3e
Create sevone_enum.rb
...
Adding new aux - SevOne Network Performance Management System application version enumeration and brute force login Utility
2013-06-07 23:39:22 +05:30
David Maloney
78b2a0a2ac
add domain support to web spider
2013-06-07 12:41:20 -05:00
jvazquez-r7
a157e65802
Land #1916 , @wchen-r7's exploit for Synactics PDF
2013-06-07 12:11:45 -05:00
sinn3r
ea2895ac13
Change to AverageRanking
...
Just to play with the firing order for Browser Autopwn, this one
should fire as late as possible.
2013-06-07 12:08:51 -05:00
sinn3r
9c7b446532
Updates description about default browser setting
2013-06-07 11:58:31 -05:00
James Lee
0302437c2b
Land #1915 , smtp user enumeration enhancements
2013-06-07 11:42:41 -05:00
sinn3r
f3421f2c3a
Fix different landings
2013-06-07 10:26:04 -05:00
William Vu
4edceea27b
Land #1919 , update js_property_spray documentation
2013-06-07 08:31:57 -05:00
William Vu
2a6225cb3f
Land #1918 , change s.message to s.message.to_i
2013-06-07 08:19:49 -05:00
sinn3r
8e2de6d14f
Updates js_property_spray documentation
...
After many tests, it turns out address 0x0c0d2020 is the most
consistent location acorss various IE versions. For dev purposes,
it's rather important to have this documented somewhere.
Thanks to corelanc0d3r for the data.
2013-06-07 00:28:22 -05:00
sinn3r
da4b18c6a1
[FixRM:#8012] - Fix message data type to int
...
This patch makes sure s.message is actually an int, that way we can
properly stop or enable the service.
2013-06-06 23:49:14 -05:00
sinn3r
e559824dc8
Remove whitespace
2013-06-06 20:08:50 -05:00
sinn3r
d3e57ffc46
Add OSVDB-93754: Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow
...
This module exploits a vulnerability found in Synactis' PDF In-The-Box ActiveX
component, specifically PDF_IN_1.ocx. When a long string of data is given
to the ConnectToSynactis function, which is meant to be used for the ldCmdLine
argument of a WinExec call, a strcpy routine can end up overwriting a TRegistry
class pointer saved on the stack, and results in arbitrary code execution under the
context of the user.
2013-06-06 20:05:08 -05:00
Thomas Ring
8cf5b548c3
make recommended changes
2013-06-06 14:23:25 -05:00
Thomas Ring
067899341e
fix a number of issues with the existing module (slowness, false positives, false negatives, stack traces, enumering unix users on windows systems, etc)
2013-06-06 13:26:04 -05:00
jvazquez-r7
ec52795182
Clean for miniupnp_dos.rb
2013-06-06 11:19:26 -05:00
William Vu
b34c3fbbc1
Land #1914 , OSVDB and EDB references for Openfiler
2013-06-05 20:05:44 -05:00
Steve Tornio
4d26299de3
add osvdb ref 93881 and edb ref 21191
2013-06-05 18:57:33 -05:00
sinn3r
9466022194
Land #1847 - Add sorting functionality to notes command
2013-06-05 12:17:54 -05:00
sinn3r
026c658260
Comply with the case-sensitive rule
2013-06-05 12:16:38 -05:00
William Vu
1596fb478a
Land #1886 , awk bind shell
2013-06-05 09:05:37 -05:00
William Vu
8ffa4ac9ac
Land #1885 , awk reverse shell
2013-06-05 09:04:49 -05:00
Roberto Soares Espreto
f6977c41c3
Modifications done in each PR.
2013-06-05 07:55:05 -03:00
Roberto Soares Espreto
b20401ca8c
Modifications done in each PR.
2013-06-05 07:51:10 -03:00
sinn3r
6d3dcf0cef
Land #1912 - Fixed check for Admins SID in whoami /group output
2013-06-05 02:55:38 -05:00
sinn3r
a3b25fd7c9
Land #1909 - Novell Zenworks Mobile Device Managment exploit & auxiliary
2013-06-05 02:45:45 -05:00
sinn3r
307773b6a1
Extra space - die!
2013-06-05 02:44:56 -05:00
sinn3r
0c1d46c465
Add more references
2013-06-05 02:43:43 -05:00
sinn3r
46aa6d38f8
Add a check for it
2013-06-05 02:41:03 -05:00
sinn3r
a270d37306
Take apart the version detection code
2013-06-05 02:34:35 -05:00
sinn3r
25fe03b981
People like this format better: IP:PORT - Message
2013-06-05 02:26:18 -05:00
sinn3r
02e29fff66
Make msftidy happy
2013-06-05 02:25:08 -05:00