673e21cfaf
Rework meterpreter SSL & pass datastore to handle_connection()
...
This allows HandlerSSLCert to be used to pass a SSL certificate into the Meterpreter handler. The datastore has to be passed into handle_connection() for this to work, as SSL needs to be initialized on Session.new. This still doesn't pass the datastore into Meterpreter directly, but allows the Session::Meterpreter code to extract and pass down the :ssl_cert option if it was specified. This also fixes SSL certificate caching by expiring the cached cert from the class variables if the configuration has changed. A final change is to create a new SSL SessionID for each connection versus reusing the SSL context, which is incorrect and may lead to problems in the future (if not already).
2014-11-22 15:35:00 -06:00
b34ddbdfff
Land #4247 - Auto-generated SSL certs now match "snakeoil" defaults
2014-11-22 13:36:06 -06:00
ba9c763f7e
Auto-generated SSL certs now match "snakeoil" defaults
...
This change emulates the auto-generated snakeoil certificate from Ubuntu 14.04. The main changes including moving to 2048-bit RSA, SHA256, a single name CN for subject/issuer, and the removal of most certificate extensions.
2014-11-21 18:25:04 -06:00
3ac1f7d4fb
Land #4242 , @Meatballs1 fix for sap_service_discovery report_note
...
* I cannot reproduce @Meatballs1 issue
* But I noticed report_note should :update with :unique_data
* Fixed the :update
2014-11-21 10:16:08 -06:00
e30ee9fee2
Update with :unique_data
2014-11-21 10:14:39 -06:00
90ae9a3ff8
Land #4173 , @wchen-r7's fix for SMB find_first
...
* Fixes #4119 , SMB find_first("\\*") does not return accurate results
* It missed initialization of sid
2014-11-21 09:51:57 -06:00
f2add929d7
Land #4239 - Support SSL intermediate certs
2014-11-21 02:09:40 -06:00
85de75cd5d
Adds a smtp ntlm domain scanner, lands #4241
2014-11-20 22:18:26 -06:00
3ddf848abf
Merge pull request #1 from hmoore-r7/smtp_ntlm_domain
...
Module cleanup, error handling, and reporting
2014-11-20 20:43:25 -05:00
99a23ada5c
Module cleanup, error handling, and reporting
2014-11-20 16:18:20 -06:00
2f6c4a9ba4
Slight tweak to description/author email formatting
2014-11-20 14:53:52 -06:00
2f92a83092
Change to example.com as the default domain
2014-11-20 14:53:36 -06:00
ee15179441
Fix service discovery errors
2014-11-20 18:22:33 +00:00
f2b80f4ef1
Merge remote-tracking branch 'upstream/master'
2014-11-20 18:18:00 +00:00
8306d739e3
add scanner module to extract domain from NTLM challenge
2014-11-20 11:02:21 -05:00
d530046164
Bugfix. Chrome is a liar (chain certs properly)
2014-11-19 16:08:03 -06:00
0d091f1c03
Support SSL intermediate certs, closes #4238
...
Note that this does not apply to reverse_tcp meterpreter clients yet, as
they do not allow certificates to be supplied. I abstracted out the SSL
certificate generation and parsing methods so that we can address this
next.
2014-11-19 15:56:49 -06:00
abc0640b7b
Fix placeholder, lands #4237
2014-11-19 14:26:10 -06:00
9e9954e831
fix placeholder to show the firmware version I used
2014-11-19 21:23:39 +01:00
6daa8b48a3
Land #4235 , Hikvision exploit
2014-11-19 14:18:54 -06:00
a718e6f83e
add exploit for r7-2014-18 / CVE-2014-4880
2014-11-19 21:07:02 +01:00
6a58774dd6
Land #4234 , crediting @jduck
2014-11-19 12:43:04 -06:00
a91a5f3c4b
Land #4067 , @fozavci's IN:SRV support for fakedns
2014-11-19 08:38:00 -08:00
684975a315
Use correct target address for fake As
2014-11-19 08:28:56 -08:00
3777e78a85
Sanitize creation of target host. Return minimal for SRV
2014-11-19 08:28:56 -08:00
52e004d8ab
Use less conflicting name for SRV record port
2014-11-19 08:28:56 -08:00
ee90e4353b
Add more consistent logging for fakedns types that support fake vs bypass
2014-11-19 08:28:55 -08:00
0910275fac
Don't artificially insert additional records when BYPASS
2014-11-19 08:28:55 -08:00
a38cb3ee53
@jhart-r7 commits are accepted and conflicts fixed.
2014-11-19 08:28:55 -08:00
ab7f6866f5
FAKE and BYPASS actions are implemented for SRV queries
2014-11-19 08:28:55 -08:00
f403d27fbd
Author update for the fakedns module
2014-11-19 08:28:55 -08:00
47f7d8c4be
IN:SRV expansion for Fake DNS server
2014-11-19 08:28:55 -08:00
a9cb6e0d2f
Add jduck as an author on samsung_knox_smdm_url
2014-11-19 10:18:08 -06:00
31b366dedb
Land #4061 , @fozavci's CDP testing module
2014-11-19 08:17:41 -08:00
895bdd9c6f
Remove unused options
2014-11-19 08:09:52 -08:00
134046975e
Remove report mixin which was not used
2014-11-19 08:09:52 -08:00
4c112e71c1
Remove errant whitespace, unnecessary to_s
2014-11-19 08:09:52 -08:00
f54fc3da87
More CDP cleanup. Loop, cleaner packet construction, style
2014-11-19 08:09:52 -08:00
0dac2de3fd
Use PacketFu::EthHeader.mac2str for MAC formatting
2014-11-19 08:09:52 -08:00
2d484a3e1a
Remove sniffing capabilities from cdp -- use wireshark/tcpdump instead
2014-11-19 08:09:52 -08:00
39d691086e
First round of basic Ruby style cleanup in cdp
2014-11-19 08:09:52 -08:00
7e93d890ab
Viproy is removed from names
...
Author section is fixed
2014-11-19 08:09:52 -08:00
d78d57eaf4
Viproy VoIP Pen-Test Kit - Cisco CDP Testing Module
2014-11-19 08:09:52 -08:00
e66c9be66d
Land #4232 , rm CHANGELOG.md from orbit
2014-11-19 08:17:40 -06:00
1f2313d87e
Land #4054 , @jhart-r7's SunRPC lib and module cleanup
2014-11-18 17:01:01 -06:00
fb4b6543e2
Handle other rex exceptions
2014-11-18 15:57:41 -06:00
a0f92ce26e
Update module with review
2014-11-18 15:43:53 -06:00
5e54532dda
Drop the CHANGELOG.md
...
Just use `git shortlog` instead if you're really interested in the
changes from your arbitrary point in history.
2014-11-18 14:55:12 -06:00
dff6af0747
Restore timeout
2014-11-18 12:17:10 -08:00
542eb6e301
Handle exception in brute force exploits
2014-11-18 12:17:10 -08:00
HD Moore
sinn3r
jvazquez-r7
rwhitcroft
Meatballs
Mark Schloesser
Tod Beardsley
Jon Hart
Fatih Ozavci
Joe Vennix
William Vu