Commit Graph

1066 Commits (67d4097e1d6ba1345ef7593af81f0119e67514f2)

Author SHA1 Message Date
Jonathan Claudius 14e600a431 Clean up res nil checking 2013-12-03 00:51:19 -05:00
Jonathan Claudius b796095582 Use peer vs. rhost and rport for prints 2013-12-03 00:49:05 -05:00
Jonathan Claudius 0480e01830 Account for nil res value 2013-12-03 00:45:57 -05:00
Jonathan Claudius c91d190d39 Add Cisco ASA ASDM Login 2013-12-03 00:16:04 -05:00
Tod Beardsley 55847ce074
Fixup for release
Notably, adds a description for the module landed in #2709.
2013-12-02 16:19:05 -06:00
jvazquez-r7 8d6a534582
Change title 2013-12-02 08:54:37 -06:00
jvazquez-r7 24d09f2085
Land #2700, @juushya's Oracle ILO Brute Forcer login 2013-12-02 08:53:10 -06:00
Karn Ganeshen bc41120b75 Updated 2013-11-29 12:47:47 +05:30
Karn Ganeshen 1109a1d157 Updated 2013-11-28 11:30:02 +05:30
jvazquez-r7 cc60ca2e2a
Fix module title 2013-11-25 09:33:43 -06:00
jvazquez-r7 cc261d2c25
Land #2670, @juushya's aux brute forcer mod for OpenMind 2013-11-25 09:29:41 -06:00
Karn Ganeshen e157ff73d3 Oracle ILOM Login utility 2013-11-25 13:55:31 +05:30
Karn Ganeshen 266de2d27f Updated 2013-11-23 00:01:03 +03:00
Karn Ganeshen b5011891a0 corrected rport syntax 2013-11-21 08:57:45 +03:00
Karn Ganeshen 9539972340 Module for OpenMind Message-OS portal login 2013-11-21 06:33:05 +03:00
Tod Beardsley ded56f89c3
Fix caps in description 2013-11-18 16:15:50 -06:00
jvazquez-r7 f690667294
Land #2617, @FireFart's mixin and login bruteforcer for TYPO3 2013-11-18 13:37:16 -06:00
jvazquez-r7 0391ae2bc0 Delete general reference 2013-11-18 13:19:09 -06:00
jvazquez-r7 1c4dabaf34 Beautify typo3_bruteforce module 2013-11-18 13:17:15 -06:00
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
sinn3r 970e70a853
Land #2626 - Add wordpress scanner 2013-11-12 11:30:23 -06:00
sinn3r 6a28f1f2a7
Change 4-space tabs to 2-space tabs 2013-11-12 11:29:28 -06:00
Tod Beardsley 2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints

[SeeRM #8498]
2013-11-11 21:23:35 -06:00
FireFart 48faa38c44 bugfix for wordpress_scanner 2013-11-11 00:24:32 +01:00
FireFart b472c2b195 added a wordpress scanner 2013-11-10 23:08:59 +01:00
FireFart bdd33d4daf implement feedback from @jlee-r7 2013-11-07 23:07:58 +01:00
FireFart cc3ee5f97b typo3_bruteforce: update msf license 2013-11-07 22:53:28 +01:00
FireFart e897c8379f typo3_bruteforce: bugfix 2013-11-07 22:46:26 +01:00
FireFart 9d616dbfe9 added typo3 bruteforcer 2013-11-07 22:38:27 +01:00
HD Moore 09c31f7582 Small nitpicks to catch bad http responses 2013-11-06 15:06:04 -06:00
Tod Beardsley 91639dbb99
Trailing whitespace 2013-11-06 14:25:28 -06:00
Tod Beardsley 079816777a
I kin spel 2013-11-06 14:22:41 -06:00
HD Moore 6b43d94c72 Rename, change titles/descriptions, fix minor bugs 2013-11-06 13:45:40 -06:00
jvazquez-r7 b9caf091d4 Change supermicro_ipmi_traversal location 2013-11-06 12:47:50 -06:00
jvazquez-r7 c132a60973 Move Supermicro web interface name to a constant 2013-11-06 12:47:50 -06:00
jvazquez-r7 0609c5b290 Move private key to a constant 2013-11-06 12:47:50 -06:00
jvazquez-r7 275fd5e2ba Sort options by name 2013-11-06 12:47:50 -06:00
jvazquez-r7 9f87fb33a7 Move digest calculation to a variable 2013-11-06 12:47:50 -06:00
Tod Beardsley 46f0998903 Add URL refs 2013-11-06 12:47:50 -06:00
Tod Beardsley a973862c74 Add new modules 2013-11-06 12:47:50 -06:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
Tod Beardsley 9045eb06b0
Various title and description updates 2013-10-28 14:00:19 -05:00
jvazquez-r7 efcfc9eef7
Land #2273, @kaospunk's enum domain feature for owa_login 2013-10-28 09:47:54 -05:00
jvazquez-r7 71a1ccf771 Clean owa_login enum_domain feature 2013-10-28 09:46:41 -05:00
sinn3r 7d788fbf76
Land #2571 - HP Intelligent Management SOM FileDownloadServlet Arbitrary Download 2013-10-24 14:15:26 -05:00
jvazquez-r7 ea80c15c3b
Land #2383, @jamcut's aux module for jenkins enum 2013-10-24 11:31:36 -05:00
jvazquez-r7 8428671f32
Land #2455, @juushya's aux module for radware 2013-10-24 10:54:02 -05:00
jvazquez-r7 1673b66cbe Delete some white lines 2013-10-24 10:50:14 -05:00
jvazquez-r7 b589e9aa6e Use the peer method 2013-10-24 10:45:02 -05:00
jvazquez-r7 255cd18868 Use peer helper 2013-10-23 16:08:40 -05:00
jvazquez-r7 55e3f36589 Add module for ZDI-13-242 2013-10-23 11:24:29 -05:00
jvazquez-r7 a4dd53f650 Chane module filename 2013-10-22 11:16:14 -05:00
jvazquez-r7 cdd183f43a Add reporting 2013-10-22 11:15:16 -05:00
jvazquez-r7 0d73275c3f Delete not necessary check 2013-10-22 10:39:54 -05:00
jvazquez-r7 c50e7c73b6 Make parsing easier 2013-10-22 10:30:03 -05:00
jvazquez-r7 0cc7be0138 Use snake_case 2013-10-22 10:04:32 -05:00
jvazquez-r7 e4a340b7f1 Fix small issues 2013-10-22 10:02:32 -05:00
jvazquez-r7 a425e2be78 Fix typo 2013-10-22 09:28:43 -05:00
jvazquez-r7 111c12ef0d Do cosmetic changes 2013-10-22 09:28:15 -05:00
jvazquez-r7 f46cdb8970 Add the correct plate 2013-10-22 09:27:37 -05:00
jvazquez-r7 de0d09886c Retab changes for PR #2383 2013-10-22 09:26:44 -05:00
jvazquez-r7 0214501891 Merge for retab 2013-10-22 09:22:10 -05:00
jvazquez-r7 5613cfb249 Retab changes for PR #2455 2013-10-21 15:57:23 -05:00
jvazquez-r7 39d38e598d Merge for retab 2013-10-21 15:55:48 -05:00
William Vu 2aed8a3aea Update modules to use new ZDI reference 2013-10-21 15:13:46 -05:00
jamcut 58a43e87dd Added fixes suggested by jlee-r7
additional code clean up
2013-10-21 14:18:12 -04:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Karn Ganeshen 09c9cba3d5 Updated code 2013-10-21 19:29:05 +05:30
jvazquez-r7 183116c81f Make module work, and final cleanup 2013-10-20 18:39:41 -05:00
jvazquez-r7 aa6a24da1b Add module template 2013-10-19 00:27:57 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Karn Ganeshen cc42fbc59e Added ext .rb
... ext .rb why you no save.
2013-10-17 01:40:05 +05:30
Karn Ganeshen f3d4229ed4 Updated code
msftidy compliant now. Have run it thru retab.rb, hence the indent like this.
2013-10-17 01:36:26 +05:30
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
kaospunk 4b4804538f Fixes issues based on feedback
This commit addresses comments made by @jvazquez-r7.
2013-10-14 16:02:29 -04:00
sinn3r 2a1ade2541 Add disclosure date and some explanation about it 2013-10-13 19:29:51 -05:00
jvazquez-r7 e2c5e6c19f Fix email format 2013-10-13 18:28:35 -05:00
jvazquez-r7 008f787627 Add module for the dlink user-agent backdoor 2013-10-13 14:42:45 -05:00
Tod Beardsley 181606e7cc
Single byte description update. Adds a period. 2013-10-11 15:04:25 -05:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
jvazquez-r7 db11e88255
Land #2321, @juushya's aux module for Sentry CDU enumeration 2013-10-04 08:35:54 -05:00
Karn Ganeshen 37e1e6533c changed default options
Updated these default options to false:
      'DB_ALL_CREDS'    => false
      'BLANK_PASSWORDS' => false
2013-10-04 02:48:42 +05:30
Karn Ganeshen 8aac3922f3 add radware_appdirector_enum
This module scans for Radware AppDirector's web login portal, and performs login brute force to identify valid credentials.

- mstidy.tb & retab.rb run done
- stop_on_success is set to true. Important, otherwise the app starts dropping bf source.
- slowing down brute force speed seems to work though, but can take a long time if more creds to check &| more targets
- better to run bf with 2-3 creds against range, & then come back with more creds if needed
2013-10-03 20:15:52 +05:30
Tabassassin 773abf0567
Pow, tab assassinated. 2013-10-02 17:16:38 -05:00
Meatballs c460f943f7
Merge branch 'master' into data_dir
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
sinn3r 7118f7dc4c Land #2422 - rm methods peer & rport
Because they're already defined in the HttpClient mixin
2013-09-30 16:01:59 -05:00
Tod Beardsley 9ada96ac51
Fix sqlmap accidental codepoint
See http://www.ruby-doc.org/core-1.9.3/String.html#method-i-3C-3C

Apparently, String#<< uses Integer#chr, not Integer#to_s. News to me.

Fixed originally by @TsCl in PR #2435, but fixing seperately in order to
avoid screwing up his downstream tracking. Note, this isn't a merge, so
using Closes tag on the commit message.

[Closes #2435]
2013-09-30 11:23:17 -05:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
FireFart 09fa7b7692 remove rport methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:50:34 +02:00
FireFart 84ec2cbf11 remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:42:44 +02:00
jvazquez-r7 58d4096e0f Resolv conflicts on #2267 2013-09-25 13:06:14 -05:00
FireFart 34b829abef bugfix 2013-09-25 09:15:07 +02:00
FireFart aeb663a5d4 fix output 2013-09-24 10:48:38 +02:00
FireFart dc8f94bac1 Added wordpress version detection 2013-09-24 08:59:56 +02:00
jamcut dff26ac9ff Used default timeout
forgot an additional default timeout in my previous commit
2013-09-17 11:28:46 -04:00
jamcut 4aeb754112 Minor Changes
changed print calls to print_line
removed trailing \n's
used default timeout for send_request_cgi
2013-09-17 11:20:45 -04:00
jamcut ea367d218c dded Jenkins vulnerability scanner 2013-09-17 10:47:59 -04:00
Tod Beardsley b4b7cecaf4 Various minor desc fixes, also killed some tabs. 2013-09-16 15:50:00 -05:00
jvazquez-r7 299860b09d Land #2329, @kaospunk auxiliary module to enumerate ntlm info 2013-09-16 08:16:30 -05:00
jvazquez-r7 4040fe4b6b Fix style 2013-09-16 08:15:46 -05:00
sinn3r 149312a4c0 Correct wordpress_login_enum for #2301
tabassassin created a mess and I failed to resolve it properly.
Attempt #2. See #2301.
2013-09-12 14:56:46 -05:00
sinn3r 91b8ca8f22 Merge branch 'pr2301' into upstream-master
Conflicts:
	modules/auxiliary/scanner/http/wordpress_login_enum.rb
2013-09-12 14:52:34 -05:00
jvazquez-r7 94cc3f0e49 Retab changes 2013-09-06 09:51:14 -05:00
jvazquez-r7 73a66819ea Merge for retab 2013-09-06 09:50:37 -05:00
jvazquez-r7 7ce9d38eba Fix module 2013-09-06 09:49:52 -05:00
Tab Assassin f5a4c05dbc Retab changes for PR #2267 2013-09-05 14:11:03 -05:00
Tab Assassin 4703a10b64 Merge for retab 2013-09-05 14:10:58 -05:00
Tab Assassin 015ac6d92c Retab changes for PR #2273 2013-09-05 14:09:44 -05:00
Tab Assassin e25ec2d2f9 Merge for retab 2013-09-05 14:09:39 -05:00
Tab Assassin 0a1a202fb5 Retab changes for PR #2329 2013-09-05 13:04:23 -05:00
Tab Assassin 760943af2f Merge for retab 2013-09-05 13:02:51 -05:00
jvazquez-r7 c44be42cf5 Merge the check for Sentry in just one request 2013-09-05 10:41:20 -05:00
jvazquez-r7 d280d45964 Revert "Updated module - 1 req action"
This reverts commit f85b9aa780.
2013-09-05 10:35:13 -05:00
Karn Ganeshen f85b9aa780 Updated module - 1 req action
Modified the code to have it work with 1 request instead of 3. Thanks Meatballs1!
2013-09-05 20:04:02 +05:30
kaospunk 9f628b8b63 Add URI where information was discovered
This adds the URI where the information was enumerated from to the
scanner output.

One more place where target_uri was being used was also corrected.
2013-09-05 10:06:11 -04:00
kaospunk afaab5e0a6 Fixes issues raised by jvazquez-r7
This commit fixes the following issues raised by jvazquez-r7:
* The local target_uri variable has been renamed to test_uri
* Logic to prepend a "/" to the uri has been removed
* The timeout of 10 for send_request_cgi has been removed to use the
  default
2013-09-05 09:34:35 -04:00
kaospunk 533643fe2c Host Information Enumeration via NTLM Authentication
This aux module makes requests to resources on the target server in
an attempt to find resources which permit NTLM authentication. For
resources which permit NTLM authentication a blank NTLM type 1 message
is sent to enumerate a a type 2 message from the target server. The type
2 message is then parsed for information such as the Active Directory
domain and NetBIOS name.

The user can provide their own TARGETURIS file which contains URIs
to request to attempt to get a 401 with NTLM. This PR also includes
a list of URLs that can be used as the default.
2013-09-04 21:39:02 -04:00
Karn Ganeshen 3786376b42 Aux module for Sentry CDU enum 2013-09-03 14:44:03 +05:30
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
rbsec a574b548b2 Updated wordpress_login_enum auxilary module.
Update wordoress_login_enum to work when the wordpress site redirects
to /author/[authorname]/ rather than displaying the author's name in
the page contents.
2013-08-29 15:28:46 +01:00
jvazquez-r7 b9360b9de6 Land #2286, @wchen-r7's patch for undefined method errors 2013-08-26 20:46:05 -05:00
sinn3r 85ed9167f2 Print target endpoint
If a module consistently print the target endpoint in all its print
functions, then we'll follow that.
2013-08-26 17:51:43 -05:00
sinn3r 9f8051161f Properly implement normalize_uri 2013-08-26 17:18:00 -05:00
jvazquez-r7 c660279963 Land #2259, @wchen-r7's patch for [SeeRM #8319] 2013-08-26 16:36:45 -05:00
sinn3r 3769da2722 Better fixes 2013-08-26 14:02:45 -05:00
sinn3r 8c7f4b3e1f Avoid using inline rescue 2013-08-26 13:54:06 -05:00
Christian Mehlmauer 035258389f use feed first before trying to bruteforce 2013-08-25 10:16:43 +02:00
Christian Mehlmauer 5f7ccf1cbe naming..again 2013-08-24 18:58:00 +02:00
Christian Mehlmauer 7cd150b850 another module 2013-08-24 18:42:22 +02:00
Christian Mehlmauer c40252e0b3 bugfixing 2013-08-24 00:04:16 +02:00
kaospunk a863005d33 Removed blanks at EOL
Fixed blanks at EOL per msftidy messages
2013-08-22 14:20:42 -04:00
kaospunk 7e098e4d6b Domain enumeration put in own function
The code to enumerate the AD domain is now in its own function

Additionally, a new advanced option has been added which controls
whether or not the domain enumeration will occur so that if it is
not wanted the user can disabled it. By default this is set to
enumerate the AD domain.

If AD_DOMAIN is already specified then this will be used and no
auto enumeration will occur.
2013-08-22 14:16:00 -04:00
kaospunk 7e0b26e932 Minor fixes to syntax and error handling 2013-08-22 13:23:39 -04:00
kaospunk cdcfa88fa3 Enumerate AD Domain via NTLM Authentication
Add functionality to attempt an NTLM auth against common directories
to try to enumerate the AD domain. If a domain is found this will be
prepended to the authentication requests, otherwise it's business as
usual.
2013-08-22 12:26:14 -04:00
Christian Mehlmauer 556f17c47e Move modules 2013-08-22 17:33:35 +02:00
Christian Mehlmauer 8456d2c0ec remove target_uri 2013-08-22 00:48:42 +02:00
Christian Mehlmauer 959553583f -) revert last commit
-) split into seperate modules
2013-08-22 00:45:22 +02:00
Christian Mehlmauer 009d8796f6 wordpress is now a module, not a mixin 2013-08-22 00:05:58 +02:00
Christian Mehlmauer 2e9a579a08 implement @limhoff-r7 feedback 2013-08-21 21:05:52 +02:00
Christian Mehlmauer ffdd057f10 -) Documentation
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
Christian Mehlmauer 655e2dcf6c more methods 2013-08-21 13:13:41 +02:00
Christian Mehlmauer 11ef8d077c -) added wordpress mixin
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
sinn3r 2fa75e0133 Fix undefined method error
[FixRM #8325]
2013-08-21 01:16:49 -05:00
sinn3r be29e44788 Fix undefined method error
[FixRM #8328]
2013-08-21 01:15:07 -05:00
sinn3r ae8c40c8f7 Fix undefined method error
[FixRM #8329]
2013-08-21 01:10:46 -05:00
sinn3r 42a7766f1b Fix undefined method error
[FixRM #8330]
2013-08-21 01:09:24 -05:00
sinn3r 0f85fa21b4 Fix undefined method error
[FixRM #8331]
2013-08-21 01:08:19 -05:00
sinn3r 8eeb66f96d Fix undefined method error
[FixRM #8332]
2013-08-21 01:06:54 -05:00
sinn3r 785f633d1d Fix undefined method error
[FixRM #8334]
[FixRM #8333]
2013-08-21 01:01:53 -05:00