269641a0ff
Update vmauthd_login to have into account advanced TCP options
2015-09-28 14:38:35 -05:00
2f46335c90
Update brocade_enbale_login to have into account advanced TCP options
2015-09-28 14:36:23 -05:00
adb76a9223
Update telnet_login to have into account advanced TCP options
2015-09-28 14:35:58 -05:00
0eed30ce05
Update pop3_login to have into account advanced TCP options
2015-09-28 14:29:50 -05:00
d02193aaeb
Update mysql_login to have into account advanced TCP options
2015-09-28 14:28:32 -05:00
0abb387c1a
Update mssql_login to have into account advanced TCP options
2015-09-28 14:22:19 -05:00
df3e4e8afd
Update ftp_login to have into account advanced TCP options
2015-09-28 14:18:05 -05:00
a99e44b43a
Update vnc_login to have into account advanced TCP options
2015-09-28 14:13:08 -05:00
4d8f0a6ec4
Update db2_auth to have into account advanced Tcp options
2015-09-28 14:10:55 -05:00
07b44fccb9
Update AFP login scanner to have into account advanced options
2015-09-28 14:03:55 -05:00
1e4e5c5bae
Update ACPP login scanner to have into account advanced options
2015-09-28 13:50:20 -05:00
989fe49750
Fix #6008 for synflood
2015-09-27 14:50:59 -07:00
7ad7db7442
Fix #6008 for rogue_send. Correctly.
2015-09-27 14:48:58 -07:00
7b026676f1
Fix #6008 for avahi_portzero
2015-09-27 14:47:05 -07:00
20ddb65ff8
Fix #6008 for bnat_scan
2015-09-27 14:18:51 -07:00
06a10e136a
Fix #6008 for rogue_send
2015-09-27 14:12:23 -07:00
d3a41323b8
Fix #6008 for ipidseq.rb
2015-09-27 14:05:05 -07:00
5b1ee8c8ca
Fix #6008 for syn.rb
2015-09-27 13:54:11 -07:00
3888b793bd
Fix #6008 for ack.rb
2015-09-27 13:53:47 -07:00
766829c939
Fix #6008 for xmas.rb
2015-09-27 13:46:00 -07:00
c85913fd12
Land #5983 , @jhart-r7's SOAP PortMapping UPnP auxiliary module
2015-09-26 15:47:04 -05:00
f6f3efea75
print the body as verbose
2015-09-25 13:51:18 -05:00
80c9cd4e6f
Restore required option
2015-09-25 13:41:27 -05:00
e4e9609bc2
Use single quotes
2015-09-25 13:35:38 -05:00
a5698ebce0
Fix metadata
2015-09-25 13:34:16 -05:00
44fa188e71
Land #5984 , android_mercury_parseuri module
2015-09-23 02:44:53 -05:00
2b7ffdc312
Use datastore advanced options used by smb_login
2015-09-21 17:48:05 -05:00
060acbc496
newline
2015-09-17 11:39:39 -05:00
08b5b8ebb2
Add ADDITIONAL_FILES option
2015-09-17 11:30:58 -05:00
0d94b8a48f
Make andorid_mercury_parseuri better
2015-09-17 09:59:31 -05:00
0113cbd353
Nokogiri::XML::Builder instead
2015-09-16 19:53:33 -07:00
adab9f9548
Do final cleanup
2015-09-16 20:59:32 -05:00
4d0d806e1d
Do minor cleanup
2015-09-16 19:30:40 -05:00
46168e816b
Merge for retab
2015-09-16 17:13:08 -05:00
688a5c9123
Land #5972 , @xistence's portmapper amplification scanner
2015-09-16 14:58:19 -05:00
8ae884c1fc
Do code cleanup
2015-09-16 14:46:27 -05:00
b4aab70d18
Fix another typo
2015-09-16 11:34:22 -05:00
bef658f699
typo
2015-09-16 11:32:09 -05:00
63bb0cd0ec
Add Android Mercury Browser Intent URI Scheme & Traversal
2015-09-16 00:48:57 -05:00
0657fdbaa7
Replaced RPORT
2015-09-13 09:19:05 +07:00
521636a016
Small changes
2015-09-13 08:31:19 +07:00
79e3a7f84b
Portmap amplification scanner
2015-09-12 16:25:06 +07:00
cddf72cd57
Show errors when no results are found
2015-09-10 14:05:40 -07:00
421fb4dcb8
Rework of the jenkins_command module
2015-09-04 16:56:44 -07:00
5646f2e0c4
successful status should include last_attempted_at
2015-09-04 13:45:44 -05:00
cf6d5fac2a
Use the latest cred API, no more report_auth_info
2015-09-04 13:43:15 -05:00
04d622b69b
Cleanup Jenkins-CI module titles and option descriptions
2015-09-04 10:25:51 -07:00
d55757350d
Use the latest credential API, no more report_auth_info
2015-09-04 03:04:14 -05:00
5d59e8190e
Added OS detection.
2015-09-03 13:12:07 -05:00
6e4ae1238b
Land #5791 , show the VHOST in module output
2015-09-03 11:36:19 -05:00
b8eee4a9e4
Show the IP address if it doesn't match the VHOST
2015-09-03 11:35:38 -05:00
1b021464fe
Land #5919 , remove deprecated VMware modules & update resource script.
2015-09-03 10:23:48 -05:00
4b8dc143ec
Fixed output
2015-09-02 23:50:03 -04:00
255c8b63b3
Modified output
2015-09-02 23:33:06 -04:00
40176b9e3f
Updated.
2015-09-02 19:36:18 -05:00
f78f6d0a0c
Updated.
2015-09-02 19:03:07 -05:00
9f9bbce034
Land #5840 , add LLMNR & mDNS modules
2015-09-02 18:30:29 -05:00
0120e5c443
Cosmetic tweaks, don't report duplicate responses
2015-09-02 18:30:03 -05:00
59aa3975be
Updated.
2015-09-02 18:27:44 -05:00
42a2a86f32
Back out all changes to ms11_030_dnsapi
2015-09-02 13:53:10 -07:00
6d1ab101ed
Back out all changes to llmnr_response
2015-09-02 13:52:38 -07:00
284edbe4b0
Update jenkins_command.rb
2015-09-02 16:47:23 -04:00
bde4f40c53
Update jenkins_command.rb
2015-09-02 16:39:49 -04:00
becc599aca
Created Jenkins RCE module
...
This module simply automates the same procedures documented by Royce Davis at https://www.pentestgeek.com/penetration-testing/hacking-jenkins-servers-with-no-password/ .
2015-09-02 16:12:05 -04:00
126fc9881e
Cleanup and tweaks
2015-09-02 12:48:53 -05:00
3d04d53e3a
first pass at better output and report_service
2015-09-02 10:31:46 -07:00
b89b6b653a
Update trace.rb
2015-09-03 01:26:45 +08:00
73bf812dfd
Update trace.rb
...
removed the cookie
2015-09-03 00:35:23 +08:00
5ecee6aaba
Update trace.rb
...
removed some spaces so that msftidy will be happy
2015-09-03 00:27:22 +08:00
34e0819a6e
Modified the HTTP Trace Detection to XST Checker
...
This was suggested by HD Moore in https://github.com/rapid7/metasploit-framework/pull/5612
2015-09-03 00:19:08 +08:00
8e993d7793
Remove deprecated vmware modules
2015-09-02 13:00:15 +05:00
0c4b020089
Land #5913 , Add WP NextGEN Gallery Directory Traversal Vuln
2015-09-02 00:01:35 -05:00
381297ba93
Fix the regex flags
2015-09-01 23:07:48 -05:00
626704079d
Changed output store_loot
2015-09-02 00:18:10 -03:00
96600a96ab
Changed html parse by @wchen-r7
2015-09-01 22:03:21 -03:00
3c72467b7d
Fixes bug where "cert.rb:47: warning: flags ignored" happens due to some issuer patterns.
2015-09-02 01:02:46 +02:00
9dd14eb747
Merge branch 'upstream-master' into land-5899-android
2015-09-01 17:11:58 -05:00
35661d0182
Add WP NextGEN Gallery Directory Traversal Vuln
2015-09-01 13:28:04 -03:00
9a2696aed4
Add Reference
2015-08-31 12:03:17 -07:00
c14cae1425
Make INTERNAL_PORT optional, allowing DELETE to work
2015-08-31 11:30:18 -07:00
44813370d5
Better name, description and author
2015-08-31 10:42:50 -07:00
8665134691
Add add/delete action. update logging. rename module again
2015-08-31 10:22:36 -07:00
436910b25f
Clean up map description
2015-08-28 15:49:29 -07:00
e6e05814d0
Use an OptAddress instead, revert back to client name
2015-08-28 15:43:04 -07:00
66616eeb95
Remove unused
2015-08-28 15:38:23 -07:00
35555f5f24
Make most everything configurable and provide useful output
2015-08-28 15:36:49 -07:00
13dd8222ec
Expose lease duration as an option
2015-08-28 15:22:19 -07:00
d57041136f
Use random port mapping description
2015-08-28 15:09:58 -07:00
840be71683
Add support for specifying protocol
...
UDP is fun too. Are there others?
2015-08-28 14:53:41 -07:00
45fde928fc
More minor style cleanup
2015-08-28 14:49:57 -07:00
ba95a7d2ac
Convert to using HttpClient
2015-08-28 14:47:13 -07:00
a0aaf93f27
Relocate module to more correct location
2015-08-28 14:20:33 -07:00
45c2422981
First pass at style cleanup
2015-08-28 14:19:28 -07:00
cba3650488
report_service for mdns/llmnr query
2015-08-28 14:04:52 -07:00
0c7d2af6bc
Land #5750 , Add WP All In One Migration Export Module
2015-08-28 14:12:14 -05:00
837b6a4f71
Update description
2015-08-28 14:11:51 -05:00
d2e758ac8b
Better failure handling
2015-08-28 14:08:29 -05:00
3d4cb06c67
Land #5807 , Added Module WP Mobile Pack Vuln
2015-08-28 13:43:00 -05:00
9e7f6d6500
Typos
2015-08-28 13:42:37 -05:00
29e92aaabe
Land #5806 , WordPress Subscribe Comments File Read Vuln
2015-08-28 11:52:59 -05:00
62e6b23b4c
Typo
2015-08-28 11:52:13 -05:00
e82bd10817
Add aux module to be able to open android meterpreter from a browser
2015-08-27 14:36:55 -05:00
8785083722
Ensure disconnect
2015-08-24 12:36:15 -05:00
1e6c53b430
Correct the storage of ssh banners in service.info
2015-08-22 01:21:15 -05:00
1558fabdb2
Land #5844 , @joevennix updates apple_safari_webarchive_uxss to use the webarchive mixin
2015-08-21 17:27:56 -05:00
182c1bc7fe
Disconnect socket when login fails
2015-08-17 18:20:04 -05:00
b17d8f8d49
Land #5768 , update modules to use metasploit-credential
2015-08-17 17:08:58 -05:00
a560496455
Do minor ruby style fixes
2015-08-14 14:50:03 -05:00
82193f11e7
Minor js fixes
2015-08-14 14:45:48 -05:00
e4cb6872f2
Add exploit for CVE-2015-4495, Firefox PDF.js
2015-08-14 12:07:15 -05:00
0615d908c4
Update description to explain quarantine effects.
2015-08-13 23:46:37 -05:00
84144bf6cf
Update webarchive_uxss to use the webarchive mixin.
...
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
2015-08-13 23:41:27 -05:00
61e23ad23e
Switch back to ::Net::DNS::Packet.new
2015-08-13 11:29:56 -07:00
9f2c62d4ce
Use query_name instead of datastore
2015-08-13 11:17:27 -07:00
50041fad2a
Pre-Bloggery cleanup
...
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.
Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823 , mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts
2015-08-13 08:53:25 -07:00
a611fff7bf
Use Rex::ThreadSafe.select on CVE-2015-1793
2015-08-08 07:43:39 -07:00
c8ba5bb90c
Land #5513 , @rcvalle's exploit for incomplete internal state distinction in JSSE
2015-08-08 07:41:53 -07:00
2707b3b402
Use Rex::ThreadSafe.select
2015-08-08 07:40:19 -07:00
a0eef3880a
Initialize version local variable
2015-08-08 07:35:37 -07:00
bb74b6fecb
Fix data reading
2015-08-08 07:18:01 -07:00
6fe7672732
Improve Rex sockets usage
2015-08-07 00:11:58 -07:00
e96717950c
refactored
2015-08-06 08:18:26 -04:00
67f661823a
Land #5614 , @cldrn's module to collect lansweeper credentials
2015-08-04 16:55:49 -05:00
ed3f993b75
Do some style fixes
2015-08-04 16:41:15 -05:00
0e3434ebad
Fix metadata
2015-08-04 16:28:50 -05:00
7bb4f9479f
Added new reference and removed empty line.
2015-08-04 03:58:57 -03:00
d9b6e9cc58
Changed res condition and some words.
2015-08-04 03:44:25 -03:00
19ceccd93a
Added JSON parse output.
2015-08-04 03:13:11 -03:00
f4679f5341
Added WP Mobile Pack Info Disclosure Vuln - Functional Module.
2015-08-04 02:21:26 -03:00
d221e9d961
Added more references.
2015-08-03 02:46:54 -03:00
e59e4828e4
Removed unnecessary DEPTH option.
2015-08-02 22:56:17 -03:00
514849bcdc
Added WP Subscribe Comments File Read Vuln - Functional.
2015-08-02 21:24:52 -03:00
cebcf72a99
Add discoverer credit, blog ref, longer desc
2015-08-01 10:31:41 -05:00
fcb7981199
Add BIND TKEY DoS
2015-08-01 06:01:35 -05:00
fdb2b008f9
Fix a small typo - OSVDB instead of OSVBD.
2015-07-31 02:23:19 -03:00
3c394d673d
altered module to default
...
to replace RHOST with VHOST if it is defined.
MSP-11167
2015-07-30 16:25:15 -05:00
54c5c6ea38
Another update
2015-07-29 14:31:35 -05:00
61b2ca6675
Land #5781 , Msf::Format::Webarchive rename
2015-07-29 13:38:42 -05:00
c46ce6c391
Land #5780 , password_prompt fix for Telnet scanner
2015-07-28 17:54:43 -05:00
0f4b2e4226
description update
2015-07-28 15:31:51 -04:00
27e5557b67
set port using rport instead of only 445
2015-07-28 15:29:23 -04:00
fafbc4db3f
GPP enumeration via an AUX module
2015-07-28 15:21:33 -04:00
2415072c17
Replaced 'and' with '&&'
2015-07-28 14:14:25 -05:00
ee5e5b1e71
Fixed NoMethodError for .match on nil
2015-07-28 09:03:54 -05:00
7681d73e01
Relocate Webarchive into the Exploit namespace, fixes #5717
2015-07-28 04:11:17 -07:00
e53419a911
use password_prompt? not @password_prompt
2015-07-27 19:21:59 -05:00
3fd18e4844
Update soap_addportmapping.rb
2015-07-26 21:57:49 +02:00
1210183930
Update soap_addportmapping.rb
2015-07-26 21:41:47 +02:00
8dbd51ae38
Update soap_addportmapping.rb
2015-07-26 20:59:43 +02:00
fba81fc539
Create soap_addportmapping.rb
2015-07-26 20:59:04 +02:00
18636e3b9b
Land #5739 , @wchen-r7 fixes #5738 updating L/URI HOST/PORT options
2015-07-24 15:45:31 -05:00
ec7bf606c6
Land #5735 , @rcvalle's for CVE-2015-1793 OpenSSL mitm
2015-07-24 14:38:27 -05:00
45b4334006
Use Rex::Socket::SslTcpServer
...
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
866a99ed07
This is better
2015-07-23 20:51:21 -05:00
f5387ab3f2
Fix #5766 , check res for send_request_raw
...
Fix #5766
2015-07-23 20:49:18 -05:00
8bead5fde2
Modate update on using metasploit-credential
...
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
e32b3c71f4
Fix ZDI ref on sandbox escape module
2015-07-23 17:11:19 -05:00
91fc213ddf
More metasploit-credential update
2015-07-23 15:50:50 -05:00
50074c4617
Fix typo .blank to .blank?
2015-07-22 09:05:16 -05:00
4561850055
Use metasploit-credential API instead of report_auth_info
2015-07-22 01:11:43 -05:00
d3f31fb56a
Fix msftidy results
2015-07-21 21:29:44 +01:00
55be2eff06
Replace return with fail_with
2015-07-21 21:25:42 +01:00
6a9c934c54
Resolve conflict
2015-07-20 18:44:17 -05:00
1e17ac4ec7
Use the cred API correctly
2015-07-20 18:40:48 -05:00
f94fe3cefd
More correct URL, not just a bare wiki link
...
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
2015-07-20 16:23:29 -05:00
4cacbcc4f7
Minor fixups on sysaid modules
...
Edited modules/auxiliary/admin/http/sysaid_file_download.rb first landed
in #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
Edited modules/auxiliary/admin/http/sysaid_sql_creds.rb first landed in
2015-07-20 16:19:21 -05:00
c63fdad1f1
Add URL reference
2015-07-20 18:15:17 +01:00
f1a909c292
Add WP All In One Migration export module
2015-07-20 18:13:32 +01:00
454dd59da8
Add vuln discoverers
2015-07-17 13:37:30 -05:00
29718ce4e1
Land #5474 , @pedrib's module for sysaid CVE-2015-2996 and CVE-2015-2998
...
* sysaid SQL database cred disclosure
2015-07-17 12:36:48 -05:00
a54b58fc24
Fix port parsing and cleanup
2015-07-17 12:34:46 -05:00
869ac87b64
Land #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
...
* SysAid arbitrary file download
2015-07-17 11:46:00 -05:00
9ac1688eb1
Do code cleanup
2015-07-17 11:45:28 -05:00
787c0e2c41
Land #5470 , @pedrib's module for SysAid CVE-2015-2993
...
* SysAid Help Desk Administrator Account Creation
2015-07-17 11:09:08 -05:00
ca38fc5518
Update description
2015-07-17 11:08:28 -05:00
449c751521
Add missing info
2015-07-16 09:36:18 -07:00
8d0e34dbc0
Resolve #5738 , make the LHOST option visible
...
Resolve #5738
2015-07-16 11:00:15 -05:00
5d6c15a43d
Add openssl_altchainsforgery_mitm_proxy.rb
...
This module exploits a logic error in OpenSSL by impersonating the
server and sending a specially-crafted chain of certificates, resulting
in certain checks on untrusted certificates to be bypassed on the
client, allowing it to use a valid leaf certificate as a CA certificate
to sign a fake certificate. The SSL/TLS session is then proxied to the
server allowing the session to continue normally and application data
transmitted between the peers to be saved. This module requires an
active man-in-the-middle attack.
2015-07-15 22:36:29 -07:00
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
4f8f640189
Rename autopwnv2 to just autopwn2
2015-07-14 17:38:51 -05:00
8384be6466
Fix rand_text_alpha and bump max exploit count to 21
2015-07-14 01:02:01 -05:00
07d05828d0
Land #5688 , remove msfcli
2015-07-13 15:27:38 -05:00
0a5119a4ac
Land #5702 , vprint_* optional parameter
2015-07-13 18:47:22 +00:00
53bcee011b
Land #5709 , s/Filed/Failed/ typo fixes
2015-07-13 18:37:46 +00:00
e4e9ac9d28
Remove cold_fusion_version, use coldfusion_version instead
...
Please use auxiliary/scanner/http/coldfusion_version instead.
2015-07-13 12:56:46 -05:00
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
6a5645d747
Changed "Filed" to "Failed" in multiple files
2015-07-13 11:21:20 -05:00
d1f23c54c7
Changed Filed to Failed on line 43 in java_rmi_registry.rb
2015-07-13 10:33:15 -05:00
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
d795b2f831
Module cleanup
2015-07-11 19:40:21 +01:00
728b338593
Give msftidy a cookie
2015-07-10 11:28:10 -05:00
cf4b18700d
Fix CVE reference
2015-07-10 11:14:59 -05:00
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
67666160e8
Add patched server detection
2015-07-08 13:47:59 -05:00
25e0f888dd
Initial commit of R7-2015-08 coverage
2015-07-08 13:42:11 -05:00
d3902771b6
Fixes call to the credentials API and adds version info
2015-07-07 13:48:16 -05:00
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
9a1500ee96
Change module name a little bit, makes it easier to find in GUI
2015-07-06 22:31:07 -05:00
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
a9edfa1b4b
Fix a small typo
2015-07-06 13:37:36 +02:00
d2063c92e1
Refactor datastore names to match standards
2015-07-05 18:21:45 -05:00
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
99c29052c7
Merge branch 'smb_enumuser_domain_storage' of github.com:jabra-/metasploit-framework into smb_enumuser_domain_storage
2015-07-02 08:24:04 -04:00
dfa71a2b44
update to store creds using the new method
2015-07-02 08:22:21 -04:00
afa442ad89
Fix a stack trace with ipmi_dumphashes when no database was configured.
2015-06-29 00:46:35 -05:00
355738909a
Fixes typo
2015-06-28 09:32:16 -05:00
5c18fc82f2
Stores credentials using create_credential_login
2015-06-28 09:24:31 -05:00
b332b25795
Stores credentials in DB, fixes loop variable and nil dereference bug
2015-06-27 19:06:15 -05:00
52b49503a0
Land #5498 , @hmoore-r7's patch for a number of Net::DNS/enum_dns issues
2015-06-26 18:25:03 -05:00
c04490e5eb
Remove comma before coordinating conjunction
...
An independent clause does not follow.
2015-06-26 12:50:37 -05:00
2968f52ca4
Removes debug sql output
2015-06-26 12:22:34 -05:00
a338920cb3
lansweeper_collector retrieves and decrypts credentials store in the database of Lansweeper
2015-06-26 12:21:35 -05:00
31eedbcfa0
Minor cleanups on recent modules
...
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577 , MS15-034 HTTP.SYS Information Disclosure
Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605 , CVE-2015-3105 flash exploit
Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559 , Adobe Flash Player ShaderJob Buffer Overflow
Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540 ,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
84c0e62fd3
Land #5493 , update OWA scanner creds persistence
2015-06-26 08:46:27 -05:00
7f4a96f3dc
Fixes coding style issues
2015-06-26 03:29:17 -05:00
3da3595181
MSF module to download and decrypt credentials stored in Lansweeper's database
2015-06-25 19:29:30 -05:00
63f584cbfd
Add last_attempted_at
2015-06-25 12:08:38 +05:00
827d241482
Land #5539 , Quake scanner fix
2015-06-24 15:00:39 -05:00
8b6fba4988
Tweak and fix some things in Safari file URL module.
2015-06-24 02:08:06 -05:00
18a9585f7a
Add safari module for CVE-2015-1155
2015-06-23 16:15:50 -05:00
c45e42465a
Land #5492 , update PCAnywhere login scanner
2015-06-23 14:48:25 -05:00
5751e196bb
Remove extraneous newline
2015-06-23 14:43:37 -05:00
59af7ef1fc
Remove the extra target_uri
2015-06-23 10:27:50 -05:00
a2a231c242
Land #5577 , MS15-034 HTTP.SYS Information Disclosure
2015-06-23 10:20:54 -05:00
11366971da
Oh never mind, user-agent makes it more difficult to use (more crashes)
2015-06-23 01:24:17 -05:00
6127b8a037
Pass user-agent
2015-06-23 01:23:01 -05:00
8ce5cc23cf
More consistent filename style
2015-06-23 01:08:34 -05:00
e9b548e8a2
Changes for ms15034_http_sys_memory_dump.rb
2015-06-23 01:07:33 -05:00
302db36daa
Add last_attempted_at to creds object
2015-06-23 09:46:01 +05:00
8086a6f8cc
remove unnecessary begin/rescue, change print_* to vprint_* in check()
2015-06-22 20:25:12 -04:00
90e17aee6b
clarified affected OSes and error messages
2015-06-22 15:47:26 -04:00
774aef7241
add module to dump memory via MS15-034
2015-06-22 10:31:31 -04:00
7bda1e494b
Use Rex::Socket::Tcp
2015-06-21 13:40:31 -07:00
7f55f6631c
Remove the timeout option
2015-06-20 20:14:47 -07:00
01e87282a9
Use Msf::ThreadManager#spawn
2015-06-20 18:48:10 -07:00
dabc7abae5
Change method names to lowercase
2015-06-20 18:23:34 -07:00
50a3a32bfd
Update sysaid_sql_creds.rb
2015-06-20 16:58:42 +01:00
78c2f8a3a3
Update sysaid_sql_creds.rb
2015-06-20 16:57:34 +01:00
11aca8b27a
Update sysaid_file_download.rb
2015-06-20 16:54:33 +01:00
cf8008ed38
Update sysaid_admin_acct.rb
2015-06-20 16:52:13 +01:00
4762e9f62c
Land #5540 , @wchen-r7's changes for multiple auxiliary modules to use the new cred API
2015-06-19 15:39:09 -05:00
fa6e45964e
Provide context to the note
2015-06-19 15:38:26 -05:00
83427583ea
report_note for group info
2015-06-19 15:09:50 -05:00
ef286fdfcf
Remove report_auth_info
2015-06-19 15:06:02 -05:00
b104155cf1
Do Metasploit::Model::Login::Status::UNTRIED
2015-06-19 15:05:42 -05:00
bd097e3264
Land #5497 , Refactor LoginScanner::SNMP to be fast and less buggy
2015-06-19 14:57:36 -05:00
34d5d92646
Land #5555 , @Th3R3p0's support for for RFB Version 4
2015-06-19 14:15:04 -05:00
d19c2e7206
Land #5544 , track updates to SSL Labs API
2015-06-19 11:39:38 -05:00
bf170a195d
the API sometimes returns negative percents - treat these as 0
2015-06-19 11:38:36 -05:00
5a277389f2
remove some trailing commas
2015-06-19 11:38:22 -05:00
2587595a92
Land #5556 , vprint_status fix
2015-06-19 11:24:54 -05:00
ebd376e0f3
Land #5485 , @wchen-r7 updates wordpress_login_enum to use the new cred API
2015-06-19 10:50:07 -05:00
dfae4bbbf0
Do reporting more accurate
2015-06-19 10:48:12 -05:00
7f56b4635c
Land #5546 , Use the new cred API for auxiliary/server/capture/telnet
2015-06-19 10:46:01 -05:00
d86c21e94a
Land #5567 , author fix
2015-06-19 10:41:41 -05:00
76cd9590a4
Fix author
2015-06-19 19:13:51 +10:00
9b5770c966
Change to Metasploit::Model::Login::Status::SUCCESSFUL
2015-06-18 23:40:51 -05:00
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
a6c7f93bbe
changed text to show support for RFB version 4.001
2015-06-17 13:09:03 -04:00
fcf6212d2f
Update telnet capture module to use the new creds API
2015-06-16 16:37:36 +05:00
c3d2797f10
Fixed Info fields
2015-06-16 04:22:22 -04:00
2778274e47
Added new SSL Labs API fields and fixed minor errors
2015-06-16 02:59:12 -04:00
b6379b4d24
Update drupal_views_user_enum
2015-06-16 00:02:02 -05:00
0b88e86a49
Using the new cred API for multiple auxiliary modules
2015-06-15 16:06:57 -05:00
fd0b42be4a
Properly store quake service info
2015-06-15 12:45:14 -07:00
079a9d449c
Use peer
2015-06-15 11:45:55 -07:00
feb7263137
Wire in recog support for ssh_version
2015-06-15 11:42:20 -07:00
80f1173fcf
Style and scanner usability cleanup for ssh_version
2015-06-15 10:12:07 -07:00
907f596de6
Land #5520 , Update titan_ftp_admin_pwd to use the new creds API
2015-06-15 03:26:19 -05:00
940d045029
Correctly report rport
2015-06-15 03:23:39 -05:00
308b1a3d7f
Don't deregister username & password
2015-06-15 03:21:09 -05:00
ebce415957
Land #5507 , Update nessus_xmlrpc_logic to use the new creds API
2015-06-15 02:59:01 -05:00
c20cf15104
Msut have last_attempted_at key
2015-06-15 02:58:31 -05:00
2b23c91f77
Create Android Browser DOS module (CVE-2012-6301)
...
This module exploits CVE-2012-6301, which exploits a vulnerability in
Android 4.0.3 and causes the stock browser to unexpectedly close.
Thanks @jww519!
2015-06-14 15:19:27 -04:00
c801e52f60
Update smb_enumusers_domain.rb
2015-06-13 17:02:43 -04:00
e628d71261
Land #5397 , @espreto's module for WordPress Simple Backup File Read Vulnerability
2015-06-12 15:32:06 -05:00
184c20cd46
Do minor cleanup
2015-06-12 15:31:42 -05:00
8dad739c76
Land #5508 , Get Ready to Move VMware modules to the VMware directory
2015-06-10 11:59:40 -05:00
0d979f61ae
Minor fixups on newish modules
2015-06-10 11:09:42 -05:00
7cb82f594b
Add ftp port for service
2015-06-10 14:24:05 +05:00
3ffe006e09
Update titan_ftp_admin_pwd to use the new creds API
2015-06-10 13:36:26 +05:00
3fe6ddd10a
Change credential status from untried to successful
2015-06-10 10:09:57 +05:00
78a6e1bc90
Change credential status from untried to successful
2015-06-10 10:07:33 +05:00
1b3f911f84
Change credential status from untried to successful
2015-06-10 09:54:10 +05:00
49e4820c57
Add depcrecated note to the existing modules
2015-06-09 10:42:53 +05:00
a48d79a2e7
Add jsse_skiptls_mitm_proxy.rb
...
This module exploits an incomplete internal state distinction in Java
Secure Socket Extension (JSSE) by impersonating the server and finishing
the handshake before the peers have authenticated themselves and
instantiated negotiated security parameters, resulting in a plaintext
SSL/TLS session with the client. This plaintext SSL/TLS session is then
proxied to the server using a second SSL/TLS session from the proxy to
the server (or an alternate fake server) allowing the session to
continue normally and plaintext application data transmitted between the
peers to be saved. This module requires an active man-in-the-middle
attack.
2015-06-08 19:41:17 -07:00
8381d4f994
update smb_enumusers_domain to store enumerated users in the DB
2015-06-08 19:42:03 -04:00
3279518bbd
Move VMware modules to the VMware directory
2015-06-08 14:58:22 +05:00
245c76374d
Update nessus_xmlrpc_logic to use the new creds API
2015-06-08 14:40:15 +05:00
c80017992a
A dirty patch for a number of Net::DNS/dns_enum issues
2015-06-06 13:48:52 -05:00
135958a225
Cleanup the udp_(sweep|probe) SNMP generators
2015-06-06 00:54:08 -05:00
6b05302059
Fixes #5459 , refactors LoginScanner::SNMP
2015-06-06 00:50:55 -05:00
3ec6d9b7aa
Update owa_login to use new cred API
2015-06-05 15:41:07 +05:00
b6936febbe
Update pcanywhere_login to use the new cred API
2015-06-05 12:16:00 +05:00
874e090aa1
Update wordpress_login_enum to use the new cred API
2015-06-04 18:16:14 -05:00
d3c3741478
Use run_host so that we can use THREADS
...
- The refactor left the module using run_batch even though the
features of the code that made this desirable were removed (i.e.,
it was no longer doing one batch per community string). By now
switching back to run_host, we can again take advantage of the
built-in metasploit multithreading capabilities.
- Also, added back in the display of the result.proof field. This
aids in identifying false positives (which have a blank response)
and is functionality worth keeping.
2015-06-03 18:08:38 -04:00
7f35c3b4f5
Update sysaid_sql_creds.rb
2015-06-03 22:00:08 +01:00
54bfe29527
Update and rename sysaid_file_ to sysaid_file_download.rb
2015-06-03 21:59:45 +01:00
42e84cd7d5
Update sysaid_admin_acct.rb
2015-06-03 21:59:04 +01:00
6683b86822
Create sysaid_sql_creds.rb
2015-06-03 21:46:48 +01:00
72b7982e7a
Create sysaid_file_
2015-06-03 21:46:13 +01:00
765077d741
Create sysaid_admin_acct.rb
2015-06-03 21:38:43 +01:00
b305fa62f4
Changed vprint_error when nothing was downloaded.
2015-06-03 14:46:59 -03:00
24ec3b2fb5
Changed vprint_error to fail_with method.
2015-06-03 13:46:59 -03:00
6669665d6d
Land #5402 , @nstarke's module to extract accouns information from a AVTECH744_DVR device
2015-05-29 16:14:50 -05:00
843572df6d
Change module filename
2015-05-29 16:14:16 -05:00
acb0af3826
Update description
2015-05-29 16:13:43 -05:00
39ae6263e9
Use Rex::Text.encode_base64
2015-05-29 16:12:21 -05:00
8338b21f6c
Make some code cleanup
2015-05-29 16:04:29 -05:00
b6b055a5f2
Land #5431 , deprecate cold_fusion_version, use coldfusion_version instead.
2015-05-28 15:40:34 -05:00
80c3022dc1
Deprecate cold_fusion_version. Please use coldfusion_version.
...
auxiliary/scanner/http/cold_fusion_version is deprecated. Please use
auxiliary/scanner/http/coldfusion_version instead.
2015-05-28 15:39:14 -05:00
52e30d4fc2
Land #5434 , OSVDB reference
2015-05-28 22:00:44 +02:00
068198c980
Land #5386 , automatically find file for ms15_034
2015-05-28 14:52:31 -05:00
f9f35db7f3
Update description
2015-05-28 14:52:03 -05:00
818dbf58f0
Adding an OSVDB number to the Netgear module
2015-05-28 14:37:39 -05:00
a74c3372c0
Uses vprint instead of print in #check_host
2015-05-28 15:46:51 +01:00
6d01d7f986
Uses peer instead of ip:port across all the module
2015-05-28 09:32:05 +01:00
447c4ee7df
Allows the targetèuri to be shared between the #check and #dos
2015-05-28 09:30:04 +01:00
2ae9e39719
Land #5376 , Report ipmi_dumphashes credentials with create_credential_login
2015-05-27 13:11:07 -05:00
95b5ff6bea
Minor fixups on recent modules.
...
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301 , @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces
Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in
Edited modules/auxiliary/scanner/http/title.rb first landed in #5333 ,
HTML Title Grabber
Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401 , multi-platform CVE-2015-0311 - Flash uncompress()
UAF
Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290 , Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
a3ff9859c8
Adding Credentials Capabilities
...
This commit adds the ability for credentials
to be retrieved via the 'creds' command. It
also contains a few miscellaneous stylistic
syntax changes.
2015-05-24 15:03:06 -05:00
9430d38a09
Adding AVTECH744_DVR Module
...
This module retrieves account information from
an AVTECH 744 DVR, including username, cleartext
password, account role, and the device PIN.
2015-05-21 16:33:06 -05:00
e1f10772b3
Use create_cracked_credential
2015-05-21 16:30:42 -05:00
305da46491
Land #5301 , @m-1-k-3's aux module to extract passwords from Netgear soap interfaces
2015-05-21 16:07:05 -05:00
b4a6cdbad0
Remove new line in vprint_line.
2015-05-21 12:33:09 -03:00
0135b3639f
Add WordPress Simple Backup File Read Vulnerability.
2015-05-21 12:23:24 -03:00
d9d8634948
Changes the message displayed when vulnerable
2015-05-21 08:46:16 +01:00
a4df3468de
unique: should be update:, include uri in data hash
2015-05-20 16:20:09 -05:00
c85b82e8a7
Merge branch 'master' into land-5358-notes
2015-05-20 16:02:59 -05:00
4f6fe2abce
Avoids swallowing exceptions
2015-05-20 21:36:03 +01:00
202a77fc12
Improves detection of the MS15-034
2015-05-20 18:08:00 +01:00
23c77adc68
Land #5377 , Update cred reporting method for http_ntlm
2015-05-20 11:57:42 -05:00
55c07b1bdd
Report credentials with create_credential_login
2015-05-19 00:14:55 -05:00
d564a85f6f
Fix jtr_format
2015-05-18 19:55:48 -05:00
f49362492a
Report hash's username correctly
2015-05-18 19:46:17 -05:00
c6fcb9c6c5
Report credentials with create_credential_login
2015-05-18 19:39:03 -05:00
69a7a89936
use the correct print_error message
...
vrpint_error feeds through the old authbrute mixin
which does not behave properly anymore. use
print_error instead
5266
2015-05-18 13:51:23 -05:00
09d735e855
remove proof from failure message
...
the snmp login scanner will only have
proof on success, not on failure. remove it from
the failure message for cleaner formatting
5266
2015-05-18 13:45:01 -05:00
79b9ef008a
Bugfix
2015-05-17 13:55:56 +01:00
dd5060e08c
Land #5340 , @wchen-r7's change to the symantec_web_gateway_login writing style
2015-05-15 13:18:35 -05:00
cf5fa6752e
Use parenthesis
2015-05-15 13:17:54 -05:00
d05cae5faf
Land #5329 , @wchen-r7's add configurable options to jenkins_login
2015-05-15 11:38:21 -05:00
24a989b8a3
Land #5249 , Add Module for Enum on InfluxDB database
2015-05-14 11:22:54 -05:00
005c36b2a6
If data is empty, don't save (or even continue)
2015-05-14 11:22:10 -05:00
ac0e4e747a
Change writing style of symantec_web_gateway_login
2015-05-13 00:23:37 -05:00
202c5e0121
Land #5333 , HTML Title Grabber
2015-05-12 11:19:06 -05:00
faec5844cb
Some fixes
2015-05-12 11:18:21 -05:00
a5267ab77e
Land #4940 , @dnkolegov's modules for F5 BIG-IP devices
2015-05-12 09:59:21 -05:00
f0048b9a6d
Apparently you don't quote the keys with the new syntax
2015-05-12 11:00:18 +01:00
7c81adbd89
MSFTidy is now quiet and happy
2015-05-12 10:47:49 +01:00
1f6bd3e2be
Updated to new ruby hash syntax and removed <> from title
2015-05-12 10:43:32 +01:00
518e28674e
Removed CGI dependency (@hmoore-r7, @wchen-r7)
2015-05-11 21:10:18 +01:00
78e310562b
Readability style change
2015-05-11 19:48:12 +01:00
8e3d803e74
Updated style as per @void-in's comments
2015-05-11 19:46:10 +01:00
62d67469da
Updated code style as per @hmoore-r7's instructions
2015-05-11 19:34:23 +01:00
b8f7c80fd2
Rubocop
2015-05-11 18:50:03 +01:00
8308c2a925
Added check for nonsensical options
2015-05-11 18:48:55 +01:00
99133deabb
Reran tests, sorted out strip problem
2015-05-11 18:29:44 +01:00
c25a5d3859
Fixed a bunch of rubocop errors
2015-05-11 18:14:37 +01:00
34cf90af59
Removed unnecessary include
2015-05-11 17:31:31 +01:00
c001f014ce
HTML Title Grabber
2015-05-11 17:29:22 +01:00
d8cc2c19d3
Fix #5315 , User configurable options for jenkins_login
...
Fix #5315 . This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
efb226a55c
Fixed some minor errors
2015-05-10 02:59:57 -04:00
a8adcda941
Redo port checks
2015-05-08 15:29:30 -05:00
156aac1dff
Use timeout options
2015-05-08 15:23:08 -05:00
bf9ca1f88f
Change module filename
2015-05-08 15:08:59 -05:00
f56115552f
Do code cleanup
2015-05-08 14:56:39 -05:00
b73241882b
Use datastore option
2015-05-08 14:48:19 -05:00
b5f5bacb8c
Use the connect/read timeout as used by the HTTPClient mixin
2015-05-08 14:46:08 -05:00
9fdbfd7031
Use vprint_error
2015-05-08 14:21:36 -05:00
017ae463ed
Fix description style
2015-05-08 14:18:29 -05:00
2e01eb519d
Do minor fixes
2015-05-08 14:04:44 -05:00
5588ad36b3
Print status message
2015-05-08 13:51:00 -05:00
7e62ba85a1
Do code cleanup
2015-05-08 13:33:28 -05:00
60c2c7a7cd
Delete unused variable
2015-05-08 13:19:39 -05:00
c0f21c3ae1
Fix metadata
2015-05-08 13:19:23 -05:00
a7988f9e93
Change credentials to service:service
2015-05-08 22:52:59 +05:00
508574970c
Land #5307 , Brocade login scanner resurrection
2015-05-07 22:43:39 -05:00
8d3737d13c
Fix some stylistic issues
2015-05-07 22:43:23 -05:00
c9cb9ad564
Fix extraneous comma
2015-05-07 15:32:48 -05:00
4df622c76b
Oops, one last for #5312 .
2015-05-06 14:48:17 -05:00
e8913e5620
Addressed most of @wvu's issues with #5312
2015-05-06 14:47:08 -05:00
f423306b6f
Various post-commit fixups
...
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192 , @joevennix's module for Safari CVE-2015-1126
Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in
Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016 ,
add SSL Labs scanner
Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101 , Add Directory Traversal for GoAhead Web Server
Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158 , OWA internal IP disclosure scanner
Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159 , WordPress Mobile Edition Plugin File Read Vuln
Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131 , WordPress Slideshow Upload
Edited modules/exploits/windows/local/run_as.rb first landed in #4649 ,
improve post/windows/manage/run_as and as an exploit
(These results courtesy of a delightful git alias, here:
```
cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"
```
So that's kind of fun.
2015-05-06 11:39:15 -05:00
93c785560b
remove brocade_telnet scanner, extend telnet
...
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
dc053aeb58
Spelling Fix
...
s/Brocde/Brocade/ as per bcook-r7
2015-05-05 21:16:24 -05:00
fc1c0028a8
moved array definition to avoid error
2015-05-05 21:16:23 -05:00
7949daf42b
brocade_enable_login msftidy success
2015-05-05 21:16:23 -05:00
6b5aaa5479
brocade enable command bruteforcer
2015-05-05 21:16:23 -05:00
7fb99cdaaf
Merged fixed conflicts
2015-05-02 05:37:36 -04:00
f95774c6b4
Fixed bugs
2015-05-02 05:09:03 -04:00
93ac8b48e3
Land #5178 , @jboss_vulnscan check for console default admin
...
* And minor fixes
2015-05-01 17:38:20 -05:00
697c6c20cb
Do minor cleanup
2015-05-01 17:37:45 -05:00
04fa626eab
Save credentials as UNTRIED
2015-05-15 14:58:55 -05:00
16c3bf91a1
Do code cleanup
2015-05-15 14:46:34 -05:00
c6806b4e5f
Land #5102 , @wchen-r7's ManageEngine Desktop Central Login Utility
2015-05-01 15:20:21 -05:00
b037560c90
Do minor style fixes
2015-05-01 15:01:13 -05:00
83288ff391
Fix typo
2015-04-30 17:58:26 -05:00
ee5dc1d6e4
Land #5277 , typo in telnet_encrypt_overflow
2015-04-30 10:44:55 -05:00
jvazquez-r7
Jon Hart
William Vu
wchen-r7
joevennix
xistence
HD Moore
Alton Johnson
JT
Waqas Ali
Roberto Soares
Alexander Salmin
Brent Cook
Tod Beardsley
joev
Josh Abraham
Greg Mikeska
kn0
Fabien
Christian Sanders
rastating
Ramon de C Valle
Mo Sadek
g0tmi1k
cldrn
Donny Maasland
Trevor Rosen
root
rwhitcroft
Pedro Ribeiro
aushack
Th3R3p0
Denis Kolegov
jww519
John Sherwood
Christian Mehlmauer
erwanlr
Nicholas Starke
David Maloney
Stuart Morgan
void-in
Mike
root
James Lee