Spencer McIntyre
9cd6353246
Update mqac_write to use the mixin and restore pointers
2014-08-04 12:15:39 -07:00
Spencer McIntyre
a523898909
Apply rubocop suggestions for ms_ndproxy
2014-08-04 11:49:01 -07:00
Spencer McIntyre
86e2377218
Switch ms_ndproxy to use the new WindowsKernel mixin
2014-08-04 11:49:01 -07:00
Spencer McIntyre
58d29167e8
Refactor MS11-080 to use the mixin and for style
2014-08-04 11:49:01 -07:00
Tod Beardsley
4de59ad7d1
Add reasonable description for gnome-commander
2014-08-04 12:35:34 -05:00
jvazquez-r7
ed97751ead
Land #2999 , @j0hnf's modifiction to check_dir_file to handle file:
2014-08-04 11:55:18 -05:00
jvazquez-r7
cd45ed0e0a
Handle exceptions when connecting the SMBHSARE
2014-08-04 11:54:30 -05:00
jvazquez-r7
85b5c5a691
Refactor check_path
2014-08-04 11:48:13 -05:00
jvazquez-r7
1e29bef51b
Fix msftidy warnings
2014-08-04 11:46:27 -05:00
jvazquez-r7
04bf0b4ab6
Fix forgotten comma
2014-08-04 11:34:12 -05:00
jvazquez-r7
68d8afc18d
Land #3604 , @hmoore-r7's [FixRM #8838 ] smb_lookupsid nil class dereference
2014-08-04 10:38:42 -05:00
Joshua Smith
6c2b8f54cf
rubocop cleanup, long lines, etc
2014-08-03 23:19:08 -05:00
OJ
2b021e647d
Minor tidies to conform to standards
2014-08-03 23:19:08 -05:00
OJ
31c51eeb63
Move error messages to `check`
2014-08-03 23:19:08 -05:00
OJ
cbf15660bf
Add some small fixes to the MQAC local exploit
...
* Check for `INVALID_HANDLE_VALUE` when attempting to open the
device, as this is what is returned when the device doesn't exist.
* Make sure that we only run the exploit against tartgets that we
support directly to make sure we don't BSOD machines (such as what
happens with SP1/SP2).
* Add a call to `check` in the exploit code.
2014-08-03 23:19:08 -05:00
HD Moore
3bc8d1fee9
See #RM8838. Handle null domain_sid properly
...
This switches to the local sid if the domain sid is null, even if
the ACTION is set to DOMAIN. This solves the issue identified in
```
[*] 192.168.0.4 PIPE(LSARPC) LOCAL(NAS - 5-21-2272853860-1115691317-1341221697) DOMAIN(WORKGROUP - )
[-] 192.168.0.4 No domain SID identified, falling back to the local SID...
[*] 192.168.0.4 USER=guest RID=501
[*] 192.168.0.4 GROUP=None RID=513
```
2014-08-02 14:25:17 -05:00
us3r777
cd2e225359
Refactored auxilliary jboss_bshdeployer
...
Switch modules/auxiliary/admin/http/jboss_bshdeployer.rb to use the
changes.
2014-08-02 11:10:49 +02:00
Tod Beardsley
c31fc61617
Land #3270 , @jlee-r7 deprecation ipv6 payloads
...
These are not needed, since you can just config the regular handler now
and pick either.
This resolves the conflict (rm'ed the old modules)
Conflicts:
modules/payloads/stagers/windows/reverse_ipv6_http.rb
modules/payloads/stagers/windows/reverse_ipv6_https.rb
2014-08-01 16:27:59 -05:00
David Maloney
ab7111120b
and all the rest
...
finally!
2014-08-01 14:54:18 -05:00
David Maloney
4821851ae4
telnet and ssh next
2014-08-01 14:47:08 -05:00
David Maloney
12902b0a6d
the refactor continues!
2014-08-01 14:41:03 -05:00
David Maloney
b74813b9a1
mysql and pop3 now
2014-08-01 14:30:33 -05:00
jvazquez-r7
73ca8c0f6d
Work on jboss refactoring
2014-08-01 14:28:26 -05:00
David Maloney
2e7738c788
http and mssql now
2014-08-01 14:22:58 -05:00
David Maloney
33f73a8af7
refactor db2
2014-08-01 13:00:27 -05:00
David Maloney
439b893fea
refactor axislogin
2014-08-01 12:30:16 -05:00
David Maloney
0fffb179fa
refactor afp_login
2014-08-01 12:10:52 -05:00
David Maloney
c3691ba056
finish refactoring ftp_login
2014-08-01 12:06:13 -05:00
David Maloney
a380646667
start refactoring ftp loginscanner
2014-08-01 11:47:13 -05:00
Meatballs
15c1ab64cd
Quick rubocop
2014-07-31 23:11:00 +01:00
Meatballs
d336c56b99
Merge remote-tracking branch 'upstream/master' into land_2551
2014-07-31 23:06:37 +01:00
Meatballs
bff8a734ae
Fix and be Architecture Agnostic
2014-07-31 22:58:43 +01:00
James Lee
62240537db
Refactor sso to use Credential::Creation
2014-07-31 16:06:23 -05:00
Spencer McIntyre
5a25120660
Apply rubocop changes to multi/script/web_delivery
2014-07-31 16:16:23 -04:00
Spencer McIntyre
8af4c496c9
Add a missing include and require statement for psh
2014-07-31 16:08:25 -04:00
Meatballs
53b66f3b4a
Land #2075 , Powershell Improvements
2014-07-31 00:49:39 +01:00
jvazquez-r7
4ed085d0d2
Land #3581 , @FireFart's update for W3 Total Cache Hash extract module
2014-07-30 10:45:11 -05:00
jvazquez-r7
674c3ca260
Use [] for references
2014-07-30 10:44:42 -05:00
jvazquez-r7
a79eec84ac
Land #3584 , @FireFart's update for wp_asset_manager_upload_exec
2014-07-30 10:28:51 -05:00
jvazquez-r7
9de8297848
Use [] for References
2014-07-30 10:28:00 -05:00
jvazquez-r7
313fd6ffab
Land #3582 , @FireFart's rubocop cleanup for wp_property_upload_exec
2014-07-30 10:24:58 -05:00
jvazquez-r7
58fbb0b421
Use [] for References
2014-07-30 10:24:14 -05:00
HD Moore
318418a90b
Lands #3589 , adds rhost:rport to vmware fingerprint
2014-07-29 18:50:53 -05:00
jvazquez-r7
1fe459eb42
Add info to know where the info comes from
2014-07-29 18:47:40 -05:00
Tod Beardsley
adf03e28ce
Fix SpaceBeforeModifierKeyword Rubocop warning
...
This also deals with some errant tabs where internal spaces should be,
as well as one syntax error which was preventing an old meterpreter
script from ever working correctly.
Some day, we need to get rid of those Meterpeter scripts. Srsly.
2014-07-29 17:10:54 -05:00
Christian Mehlmauer
75057b5df3
Fixed variable
2014-07-29 21:02:15 +02:00
Christian Mehlmauer
cc3285fa57
Updated checkcode
2014-07-29 20:53:54 +02:00
Christian Mehlmauer
61ab88b2c5
Updated wp_asset_manager_upload_exec module
2014-07-29 20:53:18 +02:00
Christian Mehlmauer
e438c140ab
Updated wp_property_upload_exec module
2014-07-29 20:34:34 +02:00
Christian Mehlmauer
3d2a62bc29
Updated W3 Total Cache Hash extract module
2014-07-29 19:49:48 +02:00
AnwarMohamed
c2be3d6875
fixing autoload bug
2014-07-29 17:51:56 +02:00
jvazquez-r7
820ea7e50b
Land #3577 , @FireFart's update for wordpress foxypress module
2014-07-29 09:10:07 -05:00
AnwarMohamed
6bbb2124a7
bug fixing
2014-07-29 15:49:14 +02:00
Joshua Smith
e00d892f99
rubocop cleanup, long lines, etc
2014-07-28 22:04:45 -05:00
us3r777
9e9244830a
Added spec for lib/msf/http/jboss
...
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
William Vu
0208420a67
Land #3565 , GNOME Commander post module
2014-07-28 17:28:36 -05:00
William Vu
f4bd44d9c6
Fix outstanding issues
2014-07-28 17:28:15 -05:00
David Bloom
a904ed8507
Update gnome_commander_creds.rb
2014-07-28 22:49:13 +02:00
David Bloom
b121bf6d6c
Update gnome_commander_creds.rb
2014-07-28 22:46:50 +02:00
Christian Mehlmauer
621e85a32d
Correct version
2014-07-28 22:45:04 +02:00
Christian Mehlmauer
d334797116
Updated foxpress module
2014-07-28 22:23:22 +02:00
Christopher Truncer
7129108c58
Fixed status in MSF db for Nessus
2014-07-28 13:49:24 -04:00
jvazquez-r7
79fe342688
Land #3558 , @FireFart's improvements to wordpress mixin
2014-07-28 09:52:20 -05:00
AnwarMohamed
283046b25d
fixing auto load on new session
2014-07-28 10:49:50 +02:00
Alton Johnson
555e6c9cff
Modified a few things based on suggestions.
2014-07-25 18:23:12 -05:00
Alton Johnson
58502f139a
Updated.
2014-07-25 15:46:50 -05:00
Alton Johnson
d0cd5cfc7a
Updated.
2014-07-24 21:53:23 -05:00
Alton Johnson
cdc56df09f
Updated smb_enumshares.rb
2014-07-24 21:18:02 -05:00
Alton Johnson
51c488a5ea
Added smb_enumshares.
2014-07-24 21:11:18 -05:00
OJ
210342df5b
Minor tidies to conform to standards
2014-07-25 09:32:54 +10:00
OJ
9fe2dd59aa
Move error messages to `check`
2014-07-25 07:57:09 +10:00
David Bloom
e35ee1f037
Update gnome_commander_creds.rb
2014-07-24 23:36:32 +02:00
David Bloom
f4440680b6
Update gnome_commander_creds.rb
2014-07-24 23:30:26 +02:00
ikkini
03f68e21e7
Merge branch 'rsync_modules' of https://github.com/ikkini/metasploit-framework into rsync_modules
2014-07-24 23:29:14 +02:00
ikkini
ccb26637e7
List all (listable) modules from a rsync daemon
2014-07-24 23:26:41 +02:00
David Bloom
9dc37c3cc7
Update gnome_commander_creds.rb
2014-07-24 23:18:26 +02:00
David Bloom
48982b3b89
Update gnome_commander_creds.rb
2014-07-24 23:16:45 +02:00
David Bloom
2e5c2a514b
Update gnome_commander_creds.rb
2014-07-24 23:16:10 +02:00
David Bloom
9aa1b86d8f
Update gnome_commander_creds.rb
2014-07-24 23:10:00 +02:00
David Bloom
718c401472
Update gnome_commander_creds.rb
2014-07-24 23:01:30 +02:00
us3r777
cd2ec0a863
Refactored jboss mixin and modules
...
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
2014-07-24 22:58:58 +02:00
Tod Beardsley
8b2ff062c3
Land #3568 , @jhart-r7 regex fix for dir traversal
2014-07-24 15:43:43 -05:00
Jon Hart
bd1970ced9
Fix basic HTTP directory traversal detection
2014-07-24 13:22:58 -07:00
ikkini
6692545eb6
Delete rsync_list.rb
2014-07-24 22:10:08 +02:00
ikkini
f12b97e8c0
List all (listable) modules from a rsync daemon
2014-07-24 22:04:00 +02:00
David Bloom
8a6fa178d6
Update gnome_commander_creds.rb
2014-07-24 08:10:28 +02:00
OJ
3ec30bdf78
Add some small fixes to the MQAC local exploit
...
* Check for `INVALID_HANDLE_VALUE` when attempting to open the
device, as this is what is returned when the device doesn't exist.
* Make sure that we only run the exploit against tartgets that we
support directly to make sure we don't BSOD machines (such as what
happens with SP1/SP2).
* Add a call to `check` in the exploit code.
2014-07-24 14:48:29 +10:00
Samuel Huckins
6c1a3f4992
Merge pull request #3555 from jlee-r7/bug/MSP-10817/jtr-typo
...
Now able to complete without error.
MSP-10817 #land
2014-07-23 15:55:42 -05:00
James Lee
eee72a86ba
Fix the case when john cracks only half of LM
2014-07-23 15:25:32 -05:00
David Bloom
41e5e24b19
Update gnome_commander_creds.rb
2014-07-23 20:26:43 +02:00
David Bloom
30c00f4fd6
gnome-commander credentials add
2014-07-23 20:20:29 +02:00
us3r777
b526fc50f8
Refactored jboss mixin and modules
...
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
2014-07-22 23:08:42 +02:00
Jay Smith
0db3a0ec97
Update code to reflect @jlee-r7's code review
2014-07-22 15:14:24 -04:00
Jay Smith
125b2df8f5
Update code to reflect @hdmoore code suggestions
2014-07-22 14:53:24 -04:00
Spencer McIntyre
7f79e58e7f
Lots and cleanups based on PR feed back
2014-07-22 14:45:00 -04:00
Christian Mehlmauer
a6479a77d6
Implented feedback from @jhart-r7
2014-07-22 19:49:58 +02:00
David Maloney
e54f5e8ee7
working snmp_login module
2014-07-22 12:44:21 -05:00
Spencer McIntyre
5d9c6bea9d
Fix a typo and use the execute_shellcode function
2014-07-22 13:06:57 -04:00
David Maloney
c553fcac73
start refacotirng snmp_login
2014-07-22 11:46:22 -05:00
Spencer McIntyre
12904edf83
Remove unnecessary target info and add url reference
2014-07-22 11:20:07 -04:00
Christian Mehlmauer
baff003ecc
extracted check version to module
...
also added some wordpress specs and applied
rubocop
2014-07-22 17:02:35 +02:00
Spencer McIntyre
ca0dcf23b0
Add a simple check method for cve-2014-4971
2014-07-22 10:54:10 -04:00
Spencer McIntyre
6a545c2642
Clean up the mqac escalation module
2014-07-22 10:39:34 -04:00
Spencer McIntyre
da4eb0e08f
First commit of MQAC arbitrary write priv escalation
2014-07-22 10:04:12 -04:00
James Lee
917d2c718b
Use All4 instead of LanMan
...
... Which was the original behavior. A full incremental LanMan can take
many hours instead of the few seconds this module was intended to run.
2014-07-21 18:24:35 -05:00
us3r777
ae2cd63391
Refactored Jboss mixin
...
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
sinn3r
6048f21875
Land #3552 - Correct DbVisualizer title name
2014-07-21 13:07:33 -05:00
sinn3r
73e665b863
Land #3542 - Multi Manage DbVisualizer Query
2014-07-21 13:02:19 -05:00
sinn3r
fbbaaf2e2a
Fix spaces and module description
2014-07-21 13:01:18 -05:00
jvazquez-r7
fe0b6fa79e
Land #3532 , @luisco's joomla login bruteforcer
2014-07-21 12:56:15 -05:00
jvazquez-r7
aefaa3dd96
Make rubocop more happy
2014-07-21 12:55:45 -05:00
Tod Beardsley
ffafd4c01f
Add NTP fuzzer from @jhart-r7
...
Looks good to me!
2014-07-21 12:38:12 -05:00
Tod Beardsley
a41768fd7d
Correct DbVisualizer title name
...
I think "DbVis Software" is the name of the company and the product
itself is called DbVisualizer.
Also fixed the description on the WPTouch module.
2014-07-21 12:35:01 -05:00
sinn3r
aa27af96f4
Land #3547 - rubocop changes
2014-07-21 12:26:51 -05:00
jvazquez-r7
478e43170a
Report credentials to database
2014-07-21 12:26:13 -05:00
jvazquez-r7
63fca1bfdd
Make some datastore options required
2014-07-21 12:10:52 -05:00
jvazquez-r7
436ac706e8
Rescue Rex::ConnectionError while finding the uri
2014-07-21 12:00:24 -05:00
jvazquez-r7
30de4cdf8d
Fix get_login_hidden
2014-07-21 11:57:37 -05:00
jvazquez-r7
ff3a21b520
Refactor do_web_login
2014-07-21 11:35:19 -05:00
jvazquez-r7
22f41e4435
Use vars_post
2014-07-21 11:07:00 -05:00
jvazquez-r7
92fd3bc72b
Deleting REQUEST_TYPE option because I don't think has sense here
2014-07-21 10:53:43 -05:00
jvazquez-r7
986b8e5d02
First style issues cleanup
2014-07-21 09:49:05 -05:00
Meatballs
b0a596b4a1
Update newer modules
2014-07-20 21:59:10 +01:00
Meatballs
474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-20 21:01:54 +01:00
HD Moore
5ba96d6054
Fix peer(rhost)->peer() usage in mediawiki_svg_fileaccess
2014-07-19 15:56:41 -05:00
scriptjunkie
8fe508207c
Merge Meatballs' gpp_again pull into new branch
2014-07-19 11:10:14 -05:00
Christian Mehlmauer
a809c9e0b5
Changed to vprint and added comment
2014-07-18 22:15:56 +02:00
Christian Mehlmauer
c6e129c622
Fix rubocop warnings
2014-07-18 21:58:33 +02:00
root
7a5f3b8991
Implementing Ruby Style Guide and replace send_request_raw send_request_cgi
2014-07-18 14:31:38 -05:00
Tod Beardsley
942112d18e
Land #3538 , SAP fix from @jvazquez-r7
...
This looks good to me, the whole print statement is enclosed in a check
for results.
2014-07-18 10:27:47 -05:00
us3r777
088f208c7c
Added auxiliary module jboss_bshdeployer
...
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
root
1f02891dc7
Change name of module and implementation of the recommended changes 2
2014-07-18 00:17:35 -05:00
root
0168a99eaa
Change name of module and implementation of the recommended changes
2014-07-17 23:49:25 -05:00
root
f2eabdba94
implementation of the recommended changes
2014-07-17 23:36:37 -05:00
jvazquez-r7
ad2e7c3713
print header only if there are results...
2014-07-17 18:02:24 -05:00
us3r777
58adc350b5
Refactor: Creation of a JBoss mixin
...
The jboss_bsheployer as is does not allow to deploy a custom WAR file.
It is convenient when ports are blocked to be able to deploy a webshell
instead of just launching a payload. This will require a auxiliary
module which will use the JBoss mixin methods.
2014-07-18 00:56:32 +02:00
sinn3r
c59d72b0c6
Land #3530 - dbvis database administrator
2014-07-17 14:36:34 -05:00
sinn3r
6d35867f7f
Update module description
2014-07-17 14:24:57 -05:00
sinn3r
8e7361d952
Fix indent again
2014-07-17 14:12:04 -05:00
sinn3r
aed8af3abc
Retabbed
2014-07-17 14:03:27 -05:00
Jay Smith
2be6eb16a2
Add in exploit check and version checks
...
Move the initial checking for the vboxguest device and os checks
into the MSF check routine.
2014-07-17 14:56:34 -04:00
sinn3r
d6ab418d6f
Fix spaces
2014-07-17 13:52:00 -05:00
Tod Beardsley
b050b5d1df
Rubocop -a on MS08-067
...
This reduces the number of style guide violations from 230ish to 36.
Nearly all of it has to do with errant parameters, element alignment,
and comment blocks.
Obviously, since this was all automatically fixed, some pretty severe
testing should occur before landing this.
I kind of don't like the automatic styling of the arrays for the
references, but maybe I can get used to it. It's open for discussion.
@jhart-r7 please take a look at this as well -- anything jumping out at
you on this that we should be avoiding for Rubocop?
2014-07-17 12:29:20 -05:00
David Bloom
b4e68a7c25
Update dbvis_query.rb
2014-07-17 19:21:35 +02:00
Jon Hart
06fd1ead9d
Address more style issues
2014-07-17 09:37:27 -07:00
Vincent Herbulot
bea660ad4d
Added possibility to upload a custom WAR file
...
Added 2 options, one for uploading a custom WAR file. The other
to specify if you want or not to undeploy the war at the end of
the exploit.
The module as is does not allow to deploy a custom WAR file. It is
convenient when ports are blocked to be able to deploy a webshell
instead of just launching a payload.
2014-07-17 17:13:19 +02:00
jvazquez-r7
7e6e154a39
Fix null pointer dereference
2014-07-17 08:51:12 -05:00
David Bloom
0f92b73f1a
Update dbvis_add_db_admin.rb
2014-07-17 10:14:28 +02:00
David Bloom
561ef427cc
Update dbvis_query.rb
2014-07-17 10:13:58 +02:00
David Bloom
60c71b2681
Update dbvis_add_db_admin.rb
2014-07-17 10:11:13 +02:00
David Bloom
8f9a1e485c
Delete dbvis_query.rb
2014-07-17 08:05:18 +02:00
David Bloom
1c8cac359c
Added video link
2014-07-17 08:02:27 +02:00
David Bloom
7bee4db1d7
dbvis_query.rb add
2014-07-17 07:48:17 +02:00
Trevor Rosen
bebf11c969
Resolves some Login::Status migration issues
...
MSP-10730
2014-07-16 21:52:08 -05:00
root
ceff18de9d
Add modifiable UserAgent and translations to English
2014-07-16 20:44:20 -05:00
David Bloom
4a25bb4247
Update dbvis_add_db_admin.rb
2014-07-17 02:01:50 +02:00
William Vu
a07656fec6
Land #3536 , msftidy INFO messages aren't blockers
2014-07-16 17:57:48 -05:00
Tod Beardsley
58558e8dfa
Allow INFO msftidy messages
...
INFO level messages should not block commits or be complained about on
merges. They should merely inform the user.
2014-07-16 15:29:23 -05:00
sinn3r
8733dcb2f8
Land #3531 - Windows 2008 Update for HP AutoPass License
2014-07-16 15:13:05 -05:00
William Vu
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
William Vu
b6ded9813a
Remove EOL whitespace
2014-07-16 14:56:34 -05:00
William Vu
25f74b79b8
Land #3484 , bad pack/unpack specifier fix
2014-07-16 14:52:23 -05:00
Meatballs
7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-16 20:34:34 +01:00
Jay Smith
6d49f6ecdd
Update code to reflect hdmoore's code review.
2014-07-16 14:29:17 -04:00
Spencer McIntyre
82abe49754
Mark windows/misc/psh_web_delivery as deprecated
2014-07-16 14:02:05 -04:00
David Maloney
5534599cfc
fix for jtr warnings
...
remmove include for Jtr mixin in deprecated jtr_unshadow module
remove deprecated postgres_crack module
2014-07-16 12:52:29 -05:00
David Bloom
52bdc5364c
Update dbvis_query.rb
2014-07-16 18:52:27 +02:00
David Bloom
200c122ecd
Update dbvis_query.rb
2014-07-16 18:48:15 +02:00
David Bloom
31e38cee23
Update dbvis_add_db_admin.rb
2014-07-16 18:45:38 +02:00
David Bloom
5f38ad5e10
Update dbvis_add_db_admin.rb
2014-07-16 18:30:23 +02:00
David Bloom
c3b87e2e6c
Update rigth on dbviscmd check
2014-07-16 18:27:19 +02:00
David Maloney
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
David Bloom
90932116f8
Update dbvis_query.rb
...
Minor changes
2014-07-16 15:44:48 +02:00
David Bloom
b4aca68406
Update dbvis_query.rb
2014-07-16 15:10:07 +02:00
David Bloom
17b2169b9d
Create dbvis_query.rb
...
Dbvisulaizer offers a command line functionality to execute SQL pre-configured databases (With GUI).
The remote database can be accessed from the command line without the need to authenticate.
The module abuses this functionality to query the remote database and store the result.
2014-07-16 14:51:24 +02:00
David Bloom
b602fc89a3
Update dbvis_add_db_admin.rb
...
Corrections
2014-07-16 13:42:58 +02:00
Jay Smith
cef2c257dc
Add CVE-2014-2477 local privilege escalation
2014-07-16 05:49:19 -04:00
Jon Hart
9e5c24a97e
Address some Ruby style issues
2014-07-15 16:55:54 -07:00
jvazquez-r7
6d05a24653
Add target information
2014-07-15 17:45:45 -05:00
sinn3r
f8e47a5c61
Land #3524 - WPTouch fileupload exploit
2014-07-15 16:29:59 -05:00
Spencer McIntyre
e58100fe85
Land #3419 , multi script delivery module by @jakxx
2014-07-15 17:07:51 -04:00
Spencer McIntyre
1a8d73fca8
Minor whitespace and grammar changes
2014-07-15 17:00:28 -04:00
David Maloney
674447c891
final cleanup steps
2014-07-15 15:31:51 -05:00
David Maloney
7ac6640cfd
Merge branch 'staging/electro-release' into feature/MSP-10711/login-status
...
Conflicts:
Gemfile
Gemfile.lock
modules/auxiliary/scanner/smb/smb_login.rb
2014-07-15 15:12:33 -05:00
jvazquez-r7
604a612393
Have into account differences between windows default installs
2014-07-15 15:03:07 -05:00
James Lee
51a9a763c0
Move error_name to InvalidPacket and check for nil
...
MSP-10713
2014-07-15 15:02:53 -05:00
David Maloney
34635ab968
module login status cleanup
...
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
David Bloom
875c024243
create dbvis_add_db_admin.rb
...
Dbvisulaizer offers a command line functionality to execute SQL pre-configured databases (With GUI).
The remote database can be accessed from the command line without the need to authenticate.
The module abuses this functionality to create an administrator in the database if DB user rights allow it.
2014-07-15 21:43:14 +02:00
sinn3r
57b1023592
Land #3522 - Multi Gather Dbvis Connections Settings
2014-07-15 11:34:02 -05:00
sinn3r
1d6f088eab
Pass msftidy
2014-07-15 11:31:37 -05:00
David Bloom
526538ecd6
Added dbvis version find and print
2014-07-15 15:04:46 +02:00
David Bloom
97dcc56225
Update dbvis_enum.rb
2014-07-15 14:23:40 +02:00
David Bloom
400b0f4276
parse url to report host in old config
2014-07-15 14:21:09 +02:00
David Bloom
f3d953f829
Old config file update
...
Added functions to parse old and new config files.
2014-07-15 14:00:29 +02:00
David Bloom
ac3d453002
Update dbvis_enum.rb
2014-07-15 12:33:07 +02:00
David Bloom
a53341f520
Added compatibility with dbvis <= 6
...
Checking for "config" folder existence if "config70" is not found.
2014-07-15 12:14:38 +02:00
Christian Mehlmauer
c1f612b82a
Use vprint_ instead of print_
2014-07-15 06:58:33 +02:00
James Lee
de22aeba41
Land #3481 , meterpreter bins
2014-07-14 15:57:52 -05:00
sinn3r
cc1ba265cb
Change module name for consistency
2014-07-14 15:49:19 -05:00
sinn3r
4d7bffd713
Change header
2014-07-14 15:45:17 -05:00
sinn3r
5a821cea9d
Account for EOFError condition
2014-07-14 15:27:40 -05:00
sinn3r
89a877031f
I mean "unless", not "if"
2014-07-14 15:24:53 -05:00
sinn3r
bec32a01ab
For for missing an end
2014-07-14 15:17:54 -05:00
sinn3r
cecdcef2e2
+ not preferred
2014-07-14 15:14:54 -05:00
sinn3r
0737deb2a3
Remove the last exception handler
...
We're already checking the file path with file?(), so we don't need
to use exception handling for this task anymore.
2014-07-14 15:02:23 -05:00
sinn3r
8fe3f1a077
File should be checked for existence before reading
2014-07-14 15:01:03 -05:00
sinn3r
20e5803592
Author's Twitter handle should be a comment
...
msfconsole treats whatever is in <> as the author's email, not
twitter handle
2014-07-14 14:57:36 -05:00
sinn3r
3b6947c1d7
Use Rex to check IPv4 instead of using resolv
2014-07-14 14:56:38 -05:00
sinn3r
b5e556519b
Change = to ==
...
This is an if condition, not an assignment
2014-07-14 14:53:27 -05:00
sinn3r
8f51fd0e45
Retabbed and reformatted
2014-07-14 14:39:34 -05:00
Christian Mehlmauer
144c6aecba
Added WPTouch fileupload exploit
2014-07-14 21:35:18 +02:00
root
3becfff41e
Add Bruteforce Joomla
2014-07-14 14:07:23 -05:00
Tod Beardsley
6c595f28d7
Set up a proper peer method
2014-07-14 13:29:07 -05:00
dmaloney-r7
7184d2ed5e
Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor
...
Refactor pop3_login
2014-07-14 13:27:11 -05:00
David Bloom
72d9587a50
DbVisualizer stores the user database configuration in dbvis.xml
...
This module retrieves the connections settings from this file
2014-07-14 20:08:48 +02:00
David Bloom
667b1363f3
Delete dbvis_enum.rb
2014-07-14 10:57:53 +02:00
David Bloom
0ef0f6aae1
Update dbvis_enum.rb
2014-07-14 10:54:43 +02:00
David Bloom
bcbb0b4fde
dbvis connections gathering
...
DbVisualizer stores the user database configuration in dbvis.xml.
This module retrieves the connections settings from this file.
2014-07-14 10:49:20 +02:00
Michael Messner
1b7008dafa
typo in name
2014-07-13 13:24:54 +02:00
James Lee
e68dcdbb06
Refactor pop3_login
...
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.
See http://wiki2.dovecot.org/Authentication/Penalty
2014-07-11 17:26:49 -05:00
William Vu
2fd7bcf8bf
Land #3514 , report_note for scraper
2014-07-11 17:17:10 -05:00
nodeofgithub
5d833cbb16
http_header report_note remove to_s
2014-07-11 17:14:45 -05:00
nodeofgithub
7e9eb84531
http_header report_note remove brackets, move rport
2014-07-11 17:14:45 -05:00
nodeofgithub
a8ec733a3a
Interpolate all the things!
2014-07-11 17:14:09 -05:00
nodeofgithub
4abe856fc1
Rescue http_header notes from getting truncated
...
Seems that only one header line gets added to host notes, and the rest are thrown away. This adds the counter number to the type string, so that each header line entry is unique and correctly saved. I also added port in case you want headers from several ports on one host without the previous getting overwritten.
(scanning shodanhq.com)
----BEFORE----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: deleted header Expires
[*] 162.159.245.38:80: CF-RAY: 1485d013ca880773-EWR
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 14:50:20 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 7 headers
[*] Scanned 1 of 1 hosts (100% complete)
msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 14:50:19 UTC Note: host=162.159.245.38 type=HTTP header data="SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >
----AFTER----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: CF-RAY: 14869ad5c0970f57-FRA
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 17:08:45 GMT
[*] 162.159.245.38:80: EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 8 headers
[*] Scanned 1 of 1 hosts (100% complete)
msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.0 data="CF-RAY: 14869ad5c0970f57-FRA"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.1 data="CACHE-CONTROL: max-age=15"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.2 data="CONNECTION: keep-alive"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.3 data="CONTENT-TYPE: text/html; charset=UTF-8"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.4 data="DATE: Fri, 11 Jul 2014 17:08:45 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.5 data="EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.6 data="SERVER: cloudflare-nginx"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.7 data="SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >
2014-07-11 17:14:09 -05:00
nodeofgithub
6ef69b4014
scraper report_note, remove eol whitespace
2014-07-11 21:21:56 +02:00
nodeofgithub
ad46c37988
scraper report_note, remove unnecessary to_s
2014-07-11 21:08:35 +02:00
nodeofgithub
7a7d149dc5
scraper report_note, change note type string
2014-07-11 21:01:20 +02:00
Tod Beardsley
e5d7dae016
Land #3513 , Author name fixups from @jvazquez-r7
2014-07-11 13:58:38 -05:00
Tod Beardsley
b09fab13f0
Fix one flubbed author address
2014-07-11 13:50:37 -05:00
nodeofgithub
8b302cd472
Add report_note to scraper.rb
...
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:31:46 +02:00
nodeofgithub
b834e7d3cb
Update scraper.rb
2014-07-11 20:20:40 +02:00
nodeofgithub
da67a63ad0
Add report_note to scraper.rb
...
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:07:48 +02:00
jvazquez-r7
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
William Vu
79603c9a73
Land #3505 , a bunch o' Linux post module fixes
2014-07-11 12:39:31 -05:00
jvazquez-r7
eb9d2f130c
Change title
2014-07-11 12:03:09 -05:00
jvazquez-r7
a356a0e818
Code cleanup
2014-07-11 12:00:31 -05:00
jvazquez-r7
6fd1ff6870
Merge master
2014-07-11 11:40:39 -05:00
jvazquez-r7
d637171ac0
Change module filename
2014-07-11 11:39:32 -05:00
jvazquez-r7
c55117d455
Some cleanup
2014-07-11 11:39:01 -05:00
jvazquez-r7
a7a700c70d
Land #3502 , @m-1-k-3's DLink devices HNAP Buffer Overflow CVE-2014-3936
2014-07-11 11:25:03 -05:00
jvazquez-r7
b9cda5110c
Add target info to message
2014-07-11 11:24:33 -05:00
jvazquez-r7
dea68c66f4
Update title and description
2014-07-11 10:38:53 -05:00
jvazquez-r7
f238c2a93f
change module filename
2014-07-11 10:30:50 -05:00
jvazquez-r7
f7d60bebdc
Do clean up
2014-07-11 10:28:31 -05:00
William Vu
43f41de124
Land #3508 , CVE-2014-4671 Flash JSONP disclosure
2014-07-11 10:11:48 -05:00
jvazquez-r7
8f3197c192
Land #3496 , @m-1-k-3's switch to CmdStager on dlink_upnp_exec_noauth
2014-07-11 09:50:57 -05:00
jvazquez-r7
4ea2daa96a
Minor cleanup
2014-07-11 09:50:22 -05:00
jvazquez-r7
51cfa168b1
Fix deprecation information
2014-07-11 09:47:30 -05:00
jvazquez-r7
46f5282fd3
Land #3455 , @m-1-k-3's exploit for DLink UPNP M-Search Command Injection
2014-07-11 09:39:05 -05:00
jvazquez-r7
611b8a1b6d
Modify title and ranking
2014-07-11 09:35:21 -05:00
jvazquez-r7
a9b92ee581
Change module filename
2014-07-11 09:17:56 -05:00
jvazquez-r7
36c6e74221
Do minor fixes
2014-07-11 09:17:34 -05:00
joev
b8225ae2dc
Remove unnecessary ||= and ivars.
2014-07-10 16:06:28 -05:00
joev
e0389dfbc3
Update code as per @wvu's code review.
2014-07-10 15:03:40 -05:00
James Lee
62a2f1dc0a
Credential -> Model for realm key constants
2014-07-10 14:30:25 -05:00
Michael Messner
109201a5da
little auto detect fix
2014-07-10 20:45:49 +02:00
Michael Messner
781149f13f
little auto detect fix
2014-07-10 20:40:39 +02:00
joev
dd439066ca
Patch rhost to display hostname of JSONP_URL.
2014-07-10 12:02:22 -05:00
Tod Beardsley
bcec2df0a4
Fix Meterpreter PHP hop description
2014-07-10 11:35:48 -05:00
joev
841cb6a590
STEAL_URL -> STEAL_URLS.
2014-07-10 09:14:32 -05:00
joev
fad30bc874
Add flash rosetta exploit module for stealing URLs.
2014-07-10 09:09:10 -05:00
scriptjunkie
2cd9577278
Fix table printing.
2014-07-09 21:46:34 -05:00
James Lee
c5226352de
Un-login-able should be print_status, not good
2014-07-09 17:45:41 -05:00
Tod Beardsley
038d1e210a
Merge upstream/master to deconflict.
...
Conflicts:
Gemfile.lock
2014-07-09 17:43:42 -05:00
Michael Messner
f068006f05
auto target
2014-07-09 21:53:11 +02:00
Michael Messner
6a765ae3b0
small cleanup
2014-07-09 21:16:29 +02:00
Michael Messner
0674314c74
auto target included
2014-07-09 20:56:04 +02:00
Michael Messner
b4812c1b7d
auto target included
2014-07-09 20:53:24 +02:00
James Lee
7d9c0da691
Record correct creds with non-success status
2014-07-09 13:26:49 -05:00
James Lee
afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
...
Conflicts:
lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
jvazquez-r7
42823fe15e
Test download_exec with linux meterpreter
2014-07-09 09:41:10 -05:00
jvazquez-r7
f4c6505351
Test mount_cifs_creds on linux meterpreter
2014-07-09 09:20:30 -05:00
jvazquez-r7
14b218dce5
Make hashdump compatible with meterpreter
2014-07-09 08:48:20 -05:00
jvazquez-r7
73fdc06d1d
Fix enum_xchat to work with meterpreter
2014-07-09 08:37:17 -05:00
jvazquez-r7
b47650580a
Fix bugs
2014-07-08 16:51:39 -05:00
jvazquez-r7
a364172978
Add meterpreter as session type
2014-07-08 16:25:50 -05:00
jvazquez-r7
c25c5f6806
Make linux gather post modules compatible with meterpreter
2014-07-08 16:23:57 -05:00
Michael Messner
f89f47c4d0
dlink_dspw215_info_cgi_rop
2014-07-08 22:29:57 +02:00
Michael Messner
6fbd6bb4a0
stager
2014-07-08 22:17:02 +02:00
Michael Messner
ac727dae89
dlink_dsp_w215_hnap_exploit
2014-07-08 22:13:13 +02:00
Michael Messner
579ce0a858
cleanup
2014-07-08 21:58:15 +02:00
Michael Messner
51001f9cb3
Merge branch 'master' of git://github.com/rapid7/metasploit-framework into dlink_upnp_msearch_command_injection
2014-07-08 21:39:53 +02:00
Michael Messner
84d6d56e15
cleanup, deprecated
2014-07-08 21:36:07 +02:00
Michael Messner
10bcef0c33
cleanup, deprecated
2014-07-08 21:34:28 +02:00
AnwarMohamed
e908bb6819
formating
2014-07-08 11:02:41 +02:00
AnwarMohamed
34dcb609e2
android extension
2014-07-08 04:52:06 +02:00
David Maloney
aeda74f394
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-07 16:41:23 -05:00
James Lee
2a9ac0a007
Axe SSHKey in favor of a unified SSH
2014-07-07 13:35:17 -05:00
Tod Beardsley
9fef2ca0f3
Description/whitespace changes (minor)
...
Four modules updated for the weekly release with minor cosmetic fixes.
- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
jvazquez-r7
cd6b83858b
Add new Yokogawa SCADA exploit
2014-07-07 11:20:49 -05:00
HD Moore
6f433db609
Minor typo fix
2014-07-06 23:44:17 -05:00
HD Moore
3ef35f19dc
Prefer strip over chomp
2014-07-06 23:17:09 -05:00
HD Moore
d76081bcef
Prefer strip over chomp
2014-07-06 23:16:56 -05:00
HD Moore
ab7848a895
Merge master for testing of #2809
2014-07-06 22:27:58 -05:00
Michael Messner
e7ade9f84d
migrate from wget to echo mechanism
2014-07-06 21:45:53 +02:00
Christian Mehlmauer
d5843f8eaf
Updated Mailpoet exploit to work with another version
2014-07-06 10:53:40 +02:00
William Vu
cf5d29c53b
Add EOF newline to satisfy msftidy
2014-07-05 13:51:12 -05:00
HD Moore
6d9bf83ded
Small fixes for the recent WP MailPoet module
...
Correct casing in the title
Anchor the use of ::File
Force body.to_s since it can be nil in corner cases
2014-07-05 13:17:23 -05:00
jvazquez-r7
98a82bd145
Land #3486 , @brandonprry's exploit for CVE-2014-4511 gitlist RCE
2014-07-04 16:41:04 -05:00