Brandon Turner
2f2692f4bf
Bump version to 4.9.2
2014-04-10 17:45:42 -05:00
Christian Mehlmauer
f115a7f6e1
Fix intendation
2014-04-10 02:52:05 +02:00
gigstorm
f1443c039e
Updated hash value to SSLv3
...
Tested and working on server that has SSLv3 only enabled
2014-04-11 14:01:28 -07:00
gigstorm
6ab3478c7e
Update to include SSL Version 3 protocol
...
SSL Version 3 will also respond to this and a server configured to respond to SSL version 3 but not TLS will show false negative without this option (proven). May need to update cipher suites to include this option.
2014-04-11 12:41:17 -07:00
James Lee
f54654a326
More refactor on jtr_linux
...
Reducing complexity in `run` makes modules easier to read
2014-04-09 19:26:34 -05:00
James Lee
7f900c2628
Micro optimizations for jtr_linux
2014-04-09 19:26:23 -05:00
James Lee
46038d58b7
Refactor jtr_linux copy pasta
...
Move it to a nifty method
2014-04-09 19:26:11 -05:00
James Lee
95399b0de7
Don't try to be too helpful
...
John cares not one whit how many colons are in a hash line, only that
there are enough for the format (at least 2 for regular /etc/passwd, at
least 3 for NTLM, etc). So there is no simple way to programmatically
determine whether a password had a colon or there was just an extra on
the end of the original hash line.
[MSP-9778]
See #2515
2014-04-09 19:24:26 -05:00
Christian Mehlmauer
4fc272c0e9
Fix merge error
2014-04-10 00:53:14 +02:00
jvazquez-r7
f398924280
Land @Firefart's new fix for the jabber case
2014-04-09 17:52:53 -05:00
Christian Mehlmauer
98816c3a01
Added @sensepost FTP implemenation
2014-04-10 00:48:09 +02:00
singe
ccfcf2cedb
Added FTP STARTTLS support to heartbleed scanner.
2014-04-10 00:45:59 +02:00
Joe Vennix
bd8918e4e1
Re-add the #random_string(len) method to pass specs.
2014-04-09 17:44:48 -05:00
jvazquez-r7
c0e682b518
Land #3225 , @wvu-r7's and @hmoore-r7's improvements for openssl_heartbeat_client_memory
2014-04-09 17:39:04 -05:00
jvazquez-r7
ccdc5bd281
Switch to get since @wvu-r7 also tested successfully with get
2014-04-09 17:30:00 -05:00
Joe Vennix
5170b7230b
Tweak Gemfile comment.
2014-04-09 17:24:45 -05:00
Joe Vennix
57aa1eec11
Kick rkelly out to a gem, add rkelly-remixed.
...
rkelly-remixed is a faster fork of rkelly that is more frequently updated
nowadays. With the new gem, jsobfu obfuscates os.js about twice as fast on
my dev environment.
2014-04-09 17:21:22 -05:00
William Vu
b905aece38
Fix job not backgrounding
2014-04-09 17:03:57 -05:00
HD Moore
ed247498b6
Make TLS negotiation optional
2014-04-09 17:03:38 -05:00
jvazquez-r7
b0b979ce62
Meterpreter sessions won't get root in this way
2014-04-09 16:59:12 -05:00
Joe Vennix
b9284c5635
Use actual vars so that jsobfu can randomize.
2014-04-09 16:56:10 -05:00
Joe Vennix
52432ef482
Use tiny var names by default.
2014-04-09 16:54:02 -05:00
jvazquez-r7
a2ce2bfa56
Fix disclosure date
2014-04-09 16:41:49 -05:00
jvazquez-r7
ff232167a6
Add module for eScan command injection
2014-04-09 16:39:06 -05:00
sinn3r
2de210f1c3
Land #3216 - Update @Meatballs1 and @FireFart in authors.rb
2014-04-09 16:38:10 -05:00
Joe Vennix
49139cc07f
Use implicit return for assignment.
2014-04-09 15:48:07 -05:00
Joe Vennix
14fed8c610
Fixes large-string expansion in JSObfu.
2014-04-09 15:45:48 -05:00
William Vu
f56f34fb69
Land #3212 , @hmoore-r7's client-side Heartbleed
2014-04-09 15:42:36 -05:00
Christian Mehlmauer
a86a8fed05
Changed heartbleed jabber implementation to match openssl s_client
...
see here for example implementation:
https://github.com/openssl/openssl/blob/master/apps/s_client.c#L1719
2014-04-09 22:20:32 +02:00
jvazquez-r7
38a2614fbe
Land @wvu-r7's new vprint message
2014-04-09 15:19:10 -05:00
William Vu
2f9a400efa
vprint_status the other message message
2014-04-09 15:11:02 -05:00
jvazquez-r7
479bef8770
Land @wvu-r7 verbosity changes
2014-04-09 15:10:33 -05:00
William Vu
84ce72367b
Make the output less verbose
2014-04-09 14:57:51 -05:00
Christian Mehlmauer
856ad7e83d
heartbleed - Better output on wrong jabber domain and add. nil? check
2014-04-09 21:53:17 +02:00
jvazquez-r7
85536077f7
Land #3222 , @jjarmoc's switch for TLS default version
2014-04-09 14:04:29 -05:00
Jeff Jarmoc
7a424784f8
Change default TLS Version to 1.0
...
Canonical testing shows this to be more widely supported, and yielding far more vulnerable hosts. Changing default to reflect that.
Experience of others in #metasploit seems similar.
2014-04-09 13:45:00 -05:00
Christian Mehlmauer
fec089d88d
Land #3219 , openssl_heartbleed XMPP fix from @natronkeltner
2014-04-09 20:42:55 +02:00
Christian Mehlmauer
e2b50d3709
fix openssl_heardbleed
...
-) XMPP Domain now configurable
-) Missing get_once to initiate the TLS connection
2014-04-09 20:39:33 +02:00
jvazquez-r7
5696e52fac
Fix jabber to field
2014-04-09 13:48:45 -05:00
jvazquez-r7
28a471e446
Land #3221 , @Firefart's fix for pop3 starttls
2014-04-09 13:31:45 -05:00
jvazquez-r7
bea810b5d6
Add jabber fix from @natronkeltner
2014-04-09 13:11:45 -05:00
jvazquez-r7
fdf4776142
Land #3217 , @todb-r7's title fix for Hearbleed module
2014-04-09 12:10:13 -05:00
jvazquez-r7
157fb5a905
Make title more searchable
2014-04-09 12:08:35 -05:00
jvazquez-r7
58f4a1c085
Usee loop do instead or while true
2014-04-09 11:48:45 -05:00
sinn3r
eb9d3520be
Land #3208 - Sophos Web Protection Appliance Interface Authenticated Exec
2014-04-09 11:30:59 -05:00
Tod Beardsley
76a9381b2a
Make the title of the Heartbleed module searchable
...
Right now, the title does not actually tie the Heartbeat check to the
Heartbleed attack, so people searching strictly on module title are not
going to get a hit for this module.
2014-04-09 11:03:01 -05:00
jvazquez-r7
bc36b9ebd6
Delete server side PoCs as referecences because don\'t apply here
2014-04-09 10:58:59 -05:00
jvazquez-r7
fd90203120
Change some variable names to make code reading easier
2014-04-09 10:56:50 -05:00
Christian Mehlmauer
899a7c9ea4
heartbleed bugfix for pop3
2014-04-09 17:51:44 +02:00
Tod Beardsley
062175128b
Update @Meatballs and @FireFart in authors.rb
2014-04-09 10:46:10 -05:00