Commit Graph

258 Commits (67d4097e1d6ba1345ef7593af81f0119e67514f2)

Author SHA1 Message Date
sinn3r 154b1e8888 Remove comments 2013-08-19 16:27:35 -05:00
sinn3r cf10a0ca91 Use print_line instead of print
These modules should be using print_line instead of print
2013-08-19 16:25:44 -05:00
sinn3r 2e74c50880 [SeeRM #8313] - Print where files are stored
As an user, I want to be able to see where my file is stored when the
module I'm using runs a store_loot().
2013-08-19 15:02:15 -05:00
sinn3r 86d6bce8c4 [FixRM #8312] - Fix file handle leaks
Fix file handle leaks for [SeeRM #8312]
2013-08-18 20:31:13 -05:00
Bruno Morisson eeed74d2b9 fixed typo on a message 2013-08-16 22:32:40 +01:00
Bruno Morisson 9b773dd6f9 Included @jvazquez-r7 feedback 2013-08-16 22:23:22 +01:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
Bruno Morisson 4f0cf426b7 hopefully actually fixed indents.
Included @jvazquez-r7 suggested changes
2013-07-24 16:43:20 +01:00
Bruno Morisson 1a2d5e472f msftidy - fixed indents 2013-07-22 19:03:52 +01:00
Bruno Morisson acb236006c metasploit module for CVE-2013-3319 / SAP Security Note 1816536
Note: only tested on SAP running on Windows, but should equally work on vulnerable linux/*nix versions.
2013-07-22 18:36:38 +01:00
jvazquez-r7 6e44cb56bf Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-03 12:44:47 -05:00
jvazquez-r7 6cb53583b7 Make msftidy happy 2013-07-03 12:42:37 -05:00
jvazquez-r7 61c85b10d3 Add final cleanup for #2012 2013-07-03 12:41:12 -05:00
Bruno Morisson 2da278f151 fixed indent 2013-06-25 23:08:58 +01:00
Bruno Morisson 7ab8485acc output as table, added info on ports, added comment with default ports. msftidy cleanup. 2013-06-23 23:59:31 +01:00
Bruno Morisson 3cfcdfca9e output as table, added info on ports, added comment with default ports 2013-06-23 23:52:48 +01:00
Bruno Morisson 9f5eceec10 minor cleanups 2013-06-23 17:55:38 +01:00
Bruno Morisson e969cbb0bb added INSTANCES option, and support for it on PORTS 2013-06-22 23:09:59 +01:00
jvazquez-r7 1b456ab511 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-17 08:46:16 -05:00
Bruno Morisson 852fc33c13 Added feedback, cleanup, and simplified modes 2013-06-15 17:16:10 +01:00
jvazquez-r7 6fbb782ada Clean sap_router_portscanner 2013-06-13 10:08:44 -05:00
Bruno Morisson d318c1cd22 included feedback 2013-06-01 00:31:06 +01:00
Bruno Morisson d03379f1c6 changed 2 vprint_error to print_error 2013-05-30 11:54:42 +01:00
Bruno Morisson 612eabd21a added sap_router_portscanner module 2013-05-29 23:36:53 +01:00
jvazquez-r7 0f3b13e21d up to date 2013-05-16 15:02:41 -05:00
jvazquez-r7 d9bdf3d52e Do final cleanup for sap_smb_relay 2013-05-16 14:25:10 -05:00
jvazquez-r7 9dd582c526 Land #1656, @nmonkee's module for SMB Relay attacks against SAP 2013-05-16 14:23:39 -05:00
jvazquez-r7 947735bd25 up to date 2013-05-16 11:26:50 -05:00
jvazquez-r7 c21035c0b9 Add final cleanup for sap_ctc_verb_tampering_user_mgmt 2013-05-16 10:42:09 -05:00
jvazquez-r7 7823df0478 Change module filename 2013-05-16 10:41:25 -05:00
jvazquez-r7 f3f0272395 Land #1652, @nmonkee's SAP CTC Verb Tampering for User Mgmt module 2013-05-16 10:40:17 -05:00
nmonkee 11286630d5 modifications to CLBA_ SOAP requests to fix XML kernel processor error 2013-05-16 11:24:29 +01:00
jvazquez-r7 8a18853dfa Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-15 21:35:59 -05:00
jvazquez-r7 c82bb73347 Avoid super verbose output 2013-05-15 17:45:37 -05:00
jvazquez-r7 c410a54d44 Merge SAP SMB Relay abuses in just one module 2013-05-14 20:53:08 -05:00
jvazquez-r7 357ef001cc Change module filename 2013-05-14 20:52:33 -05:00
jvazquez-r7 83f1418f28 up to date 2013-05-14 14:48:58 -05:00
jvazquez-r7 07b3355a17 Merge branch 'sap_ctc_verb_tampering_add_user_and_add_role' of https://github.com/nmonkee/metasploit-framework 2013-05-14 13:47:39 -05:00
jvazquez-r7 891e36c947 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-09 17:47:35 -05:00
jvazquez-r7 cf05602c6f Land #1661, @nmonkee's sap_soap_rfc_eps_get_directory_listing module 2013-05-09 16:46:13 -05:00
nmonkee 53c08cd60f fix incorrect printing typo 2013-05-09 21:37:04 +01:00
jvazquez-r7 ca41d859a9 up to date 2013-05-09 13:00:10 -05:00
jvazquez-r7 e711474654 Merge branch 'sap_soap_xmla_bw_smb_relay_' of https://github.com/nmonkee/metasploit-framework 2013-05-09 12:37:46 -05:00
Tod Beardsley 4c75354a6a Land #1786, request_cgi instead of request_raw
Also some other small changes to modules, such as sensible defaults for
options.
2013-05-08 14:58:04 -05:00
jvazquez-r7 fff8593795 Fix author name 2013-05-06 17:34:37 -05:00
jvazquez-r7 c84febb81a Fix extra character 2013-05-06 15:19:15 -05:00
jvazquez-r7 92b4d23c09 Add Mariano as Author because of the abuse disclosure 2013-05-06 15:15:15 -05:00
jvazquez-r7 db243e78c8 Land #1682, sap_router_info_request fix from @nmonkee 2013-05-06 15:13:57 -05:00
jvazquez-r7 85581a0b6f Clean up sap_soap_rfc_eps_get_directory_listing 2013-05-06 13:21:42 -05:00
jvazquez-r7 1fc0bfa165 Change module filename 2013-05-06 13:20:07 -05:00
jvazquez-r7 589be270bf Land #1658, @nmonkee's SAP module for PFL_CHECK_OS_FILE_EXISTENCE 2013-05-03 14:19:36 -05:00
Tod Beardsley 7579b574cb Rework parse_xml
We try to avoid using Nokogiri in modules due to the sometimes
uncomfortable dependencies it creates with particular compiled libxml
versions. Also, the previous parse_xml doesn't seem to be correctly
skipping item entries with blank names.

I will paste the test XML in the PR proper, but do check against a live
target to make sure I'm not screwing it up.
2013-05-02 14:43:30 -05:00
Tod Beardsley 902cd7ec85 Revert removal of the SAP module
This reverts commit 26da7a6ee7.
2013-05-02 14:42:35 -05:00
Tod Beardsley 26da7a6ee7 Removing this from master due to test problems
This module was moved over to the unstable branch in commit
7106afdf7d , working up a fix now. Stay
tuned.
2013-05-02 13:43:02 -05:00
jvazquez-r7 132c09af82 Add BID reference 2013-05-02 10:21:09 -05:00
jvazquez-r7 6e68f3cf34 Clean up sap_soap_rfc_pfl_check_os_file_existence 2013-05-02 10:19:15 -05:00
jvazquez-r7 244bf71d4a Change module filename 2013-05-02 10:15:50 -05:00
jvazquez-r7 d9cdb6a138 Fix more feedback provided by @nmonkee: CMD vs COMMAND 2013-05-02 09:08:48 -05:00
jvazquez-r7 c6c7998e3b Fix feedback provided by @nmonkee 2013-05-02 09:06:51 -05:00
jvazquez-r7 4db81923bf Update description 2013-05-02 08:45:01 -05:00
jvazquez-r7 e25057b64a Fix indent level 2013-05-01 22:01:36 -05:00
jvazquez-r7 c406271921 Cleanup sap_soap_rfc_rzl_read_dir 2013-05-01 21:51:06 -05:00
jvazquez-r7 98dd96c57d Change module filename 2013-05-01 21:50:24 -05:00
jvazquez-r7 6b6b53240b Fix SAP modules, mainly to make a better use of send_request_cgi 2013-05-01 14:06:53 -05:00
nmonkee 5b30115336 vprint_status changed to vprint_error as requested 2013-03-28 14:27:51 +00:00
nmonkee 0f147dcf47 vprint_status changed to vprint_error as requested 2013-03-28 14:24:57 +00:00
nmonkee eee702a329 vprint_status changed to vprint_error as requested 2013-03-28 14:23:21 +00:00
nmonkee e2212ca8c9 vprint_status changed to vprint_error as requested 2013-03-28 14:22:01 +00:00
nmonkee 9d87db6831 vprint_status changed to vprint_error as requested 2013-03-28 14:08:24 +00:00
nmonkee aae1d5933e removed socket print, left over from debugging 2013-03-28 10:49:23 +00:00
nmonkee 376ca7b107 fixed issue with access denied condition thanks to @pho_bos 2013-03-28 10:41:37 +00:00
nmonkee bcc26427c0 EPS_GET_DIRECTORY_LISTING (List Directory abd SMB Relay) 2013-03-25 20:26:56 +00:00
nmonkee d8086a27a6 vprint_status mod 2013-03-25 20:20:29 +00:00
nmonkee 121c75f646 vprint_status mod 2013-03-25 20:18:14 +00:00
nmonkee da6a99defb vprint_status mod 2013-03-25 20:16:11 +00:00
nmonkee 95e7d55313 remove sap_soap_rfc_eps_delete_file_smb_relay.rb 2013-03-25 20:09:59 +00:00
nmonkee f7ccfa634e This module exploits an authentication bypass vulnerability in SAP NetWeaver CTC service 2013-03-25 19:59:16 +00:00
nmonkee f92f59bfad EPS_DELETE_FILE (File deletion and SMB Relay) 2013-03-25 17:23:27 +00:00
nmonkee 01ee30e389 PFL_CHECK_OS_FILE_EXISTENCE (file existence and SMB relay) 2013-03-25 17:11:23 +00:00
nmonkee 5be98593a9 RZL_READ_DIR_LOCAL (directory listing and SMB relay) 2013-03-25 16:59:37 +00:00
nmonkee e840578ea2 SAP /sap/bw/xml/soap/xmla XMLA service (XML DOCTYPE) SMB relay 2013-03-25 16:57:12 +00:00
James Lee 2160718250 Fix file header comment
[See #1555]
2013-03-07 17:53:19 -06:00
jvazquez-r7 8f58c7b25e cleanup for sap_icf_public_info 2013-02-28 18:47:48 +01:00
jvazquez-r7 0dcfb51071 cleanup for sap_soap_rfc_system_info 2013-02-28 18:46:18 +01:00
Chris John Riley d49797267e Correct SAP Table Name 2013-02-19 11:20:49 +01:00
Chris John Riley 358b2f5783 Added module credit as this has turned into a rewrite ;) 2013-02-19 11:15:04 +01:00
Chris John Riley f3cf8ad1b9 Whitespace EOL 2013-02-19 11:13:33 +01:00
Chris John Riley a75bae927d Replaced report_note and table output with single function
Added proposed extract data function (HDM)
2013-02-19 11:12:12 +01:00
Chris John Riley d4011227e3 Made suitable changes to original module also (only report on non empty response) 2013-02-19 09:43:36 +01:00
Chris John Riley 4170a85d8a Added logic to only report when value is present 2013-02-19 09:42:13 +01:00
Chris John Riley 3a6cd6f395 Added module for requesting RFC_SYSTEM_INFO via ICF web interface 2013-02-12 14:42:59 +01:00
James Lee 9e912a23ff Merge branch 'rapid7' into FireFart-msftidy_aux_1 2013-01-03 16:54:25 -06:00
Tod Beardsley 1406f7cb0a Msftidy on sap_router_info_request 2013-01-03 10:55:11 -06:00
Christian Mehlmauer 95948b9d7c msftidy: remove $Revision$ 2013-01-03 00:58:09 +01:00
Christian Mehlmauer ca890369b1 msftidy: remove $Id$ 2013-01-03 00:54:48 +01:00
Tod Beardsley e5eb8c6301 Fix connected in sap_router_info_request
See #1028 comments
2012-12-28 16:34:59 -06:00
Tod Beardsley 3daea913b1 Merge branch 'sap_router_info_request' 2012-12-28 15:22:44 -06:00
Tod Beardsley 35604ac1aa Normalizing caps and expanding description a bit
Be nice to have a couple more lines on the description
2012-12-28 15:12:40 -06:00
Tod Beardsley 5d7197d8ba Moved shout outs, organized includes
include Msf::Exploit::Remote::Tcp must precede the include for the
Scanner mixin -- otherwise you end up with some undesired effects, like
having an RHOST and RHOSTS on the datastore.

Also, took out the block of shout outs and gave references and credits
to the people / url's mentioned.
2012-12-28 14:51:23 -06:00
sinn3r 2c4d517e75 Merge branch 'useragent_cleanup' of git://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-useragent_cleanup 2012-12-21 11:14:06 -06:00