infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
42,753 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

7777 Commits (6e86ac6e1b223755360f9a3a89b6bda4d1eec555)

Author SHA1 Message Date
Brent Cook 3c9b1be649
Land #7883, Fix cisco_firepower_download to pass the username properly 2017-01-27 16:31:06 -06:00
Brent Cook 4480ea7877
Land #7827, Cisco Firepower Management Console LoginScanner 2017-01-27 16:26:40 -06:00
Brent Cook 171cc7d54e slight wording tweak 2017-01-27 16:26:23 -06:00
wchen-r7 e6de951e3e Fix cisco_firepower_download to pass the username properly 2017-01-27 16:25:34 -06:00
Brent Cook a4dd1fc846
Land #7805, Add CVE-2016-6435 - Cisco Firepower Management Console Dir Traversal 2017-01-27 16:09:14 -06:00
h00die f846535d78
Land #7876 which adds an Advantech Webaccess credential gatherer 2017-01-26 19:37:36 -05:00
wchen-r7 fd6a58a348 URI decode users 2017-01-26 18:30:17 -06:00
wchen-r7 e47f38b3c9 Look at the right link to extract users 2017-01-26 18:20:06 -06:00
wchen-r7 ba50f2f88b Fix nil for empty pass 2017-01-26 17:51:20 -06:00
wchen-r7 55b9c15d68 Pass should not be forced 2017-01-26 17:48:41 -06:00
wchen-r7 4ee0a380d1 Update module description 2017-01-26 16:35:15 -06:00
Joe Testa 5d255f11e1 Added MDNS query spoofing service. 2017-01-26 16:18:11 -06:00
wchen-r7 72b654c9b1 Update description 2017-01-26 14:58:02 -06:00
wchen-r7 94bc44b485 Add Advantech WebAccess Post Auth Credential Collector 2017-01-26 14:53:59 -06:00
wchen-r7 781bc8420a Add Advantech WebAccess LoginScanner module 2017-01-26 13:54:50 -06:00
Louis Sato 1c6d7ee33e
additional changes for Nexpose XXE Arbitrary File Read 2017-01-25 10:29:58 -06:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
Jin Qian b4d3e9da8d This closes #7849 on the confusing message. 
Use result.proof which has the right message. Thanks to Wei for pointing it
 2017-01-19 15:39:10 -06:00
wchen-r7 b5f41b2915 Update advantech_webaccess_dbvisitor_sqli name 2017-01-18 11:09:52 -06:00
wchen-r7 82ab4fc630 Update cisco_firepower_download module & documentation 2017-01-17 13:58:10 -06:00
juushya 7791c58d5c rubocop check & msftidy run clean. Minor updates. 2017-01-17 01:10:39 +05:30
juushya 657c7444bf rubocop check & msftidy clean. Few updates. 2017-01-17 00:17:57 +05:30
h00die c31d398549 more description 2017-01-16 09:46:56 -05:00
wchen-r7 a687073416 Add Cisco Firepower Management Console LoginScanner 2017-01-13 16:59:20 -06:00
wchen-r7 18347a8de7
Land #7774, Fix pivoting of UDP sockets in scanners 2017-01-10 13:57:28 -06:00
wchen-r7 8194603725 Add CVE-2016-6435 - Cisco Firepower Management Console Dir Traversal 2017-01-09 14:39:37 -06:00
juushya 93168648b4 Minor update in description 2017-01-08 13:28:07 +05:30
Craig Smith 5f07bca775 Hardware Bridge API. Initial bridge API that supports the HW rest protocol specified here: 
http://opengarages.org/hwbridge  Supports an automotive extension with UDS calls for mdoule
development.
 2017-01-06 19:51:41 -08:00
juushya 4133a6fa97 Minor cleanup, msftidy check 2017-01-07 03:57:46 +05:30
dmohanty-r7 5cba9b0034
Land #7747, Add LoginScanner module for BAVision IP cameras 2017-01-06 16:25:44 -06:00
juushya ba8394ecc1 Minor updates 2017-01-06 15:34:17 +05:30
juushya 39423a70a7 Add Meteocontrol Weblog Extract Admin password module 2017-01-06 15:20:41 +05:30
Pedro Ribeiro 6004caa475 fix whitespace 2017-01-05 01:58:16 +00:00
juushya c5acda0a22 Fixed the file permissions 2017-01-05 04:40:41 +05:30
Pedro Ribeiro d95a3ff2ac made changes suggested 2017-01-04 23:02:10 +00:00
juushya c15b77c31b Add Cambium ePMP 1000 Login Scanner module 2017-01-05 04:19:32 +05:30
Pedro Ribeiro 9d3e90e8e5 cleanup 2017-01-02 17:32:38 +00:00
Brent Cook 04a026e786 remove lies from module, this is a bound socket 2017-01-02 09:47:18 -06:00
Pedro Ribeiro 4c29d23c8a further cleaning 2016-12-31 17:02:34 +00:00
Pedro Ribeiro 956602cbfe add final wnr2000 sploits 2016-12-31 16:49:05 +00:00
j91321 6c9e43f2ad Add fingerprinting of devices, change documentation 2016-12-30 23:52:29 +01:00
Brent Cook fdca963b61 check if the socket exists before closing 2016-12-30 14:59:31 -06:00
Pedro Ribeiro 870e8046b5 add sploits 2016-12-27 21:12:35 +00:00
William Vu a7debd09fd
Fix broken YouTube link in firetv_youtube 
Guess it's back to Epic Sax Guy. :-)
 2016-12-25 20:22:07 -06:00
William Vu 6bb0f3207d Add reboot action to chromecast_reset 2016-12-25 15:20:46 -06:00
wchen-r7 144f886e8b Add LoginScanner module for BAVision IP cameras 2016-12-23 16:22:17 -06:00
William Vu 0589948a73 Remove other rhost (oops) and fail_with 2016-12-23 16:10:21 -06:00
Jon Hart b4235835c8
rhost -> ip 2016-12-23 13:20:24 -08:00
Jon Hart 60e602c371
Update chromecast wifi gather module to use Scanner for scanning in bulk 2016-12-23 11:34:19 -08:00
Jin Qian da9ea0b85c Change the PCRE. 2016-12-16 15:41:10 -06:00
dmohanty-r7 f74fd9e5dd
Land #7672, support LOCKED_OUT and DISABLED login status 2016-12-16 15:11:05 -06:00
jinq102030 378d8aea36 Merge pull request #7697 from h00die/fix_colorado 
Fix ftp traversal error conditions
 2016-12-16 13:51:15 -06:00
h00die b5beb2eb93 throw errors 2016-12-12 21:48:08 -05:00
h00die 2dca7c871b applying #7582 to all ftp aux traversals 2016-12-10 16:05:09 -05:00
William Vu f0dca7abbf
Land #7692, print_error for error_sql_injection 2016-12-09 17:09:52 -06:00
William Vu 2b0bce6459
Land #7690, drupal_views_user_enum user count fix 2016-12-09 16:55:01 -06:00
William Vu 4e235be484 Ensure a trailing slash for base_uri 
Technically, the GET parameters should be in vars_get, but we don't want
to refactor the entire module right now.
 2016-12-09 16:53:58 -06:00
Jin Qian 8780c325a7 Fixed issues #7691, silent exit. 
Add a print statement to alert user what is missing, user could be confused that "show missing" is empty yet something is missing.
 2016-12-09 16:20:44 -06:00
dmohanty-r7 77dd952370
Land #7592, check nil return value when using redis_command 2016-12-09 16:07:12 -06:00
Jin Qian 17c12a78f5 Fixed issue #7689, count of found users not accurate 
In module drupal_views_user_enum, the count of found users is not accurate.
Fixed it by doing flatten before doing counting.
 2016-12-09 15:19:43 -06:00
wchen-r7 7e0b224eb2 Make ABORT_ON_LOCKOUT non default 2016-12-08 15:07:53 -06:00
wchen-r7 0110b97fa2 Fix #7671, support LOCKED_OUT and DISABLED login status 
This allows login scanner modules to skip a user if it is
locked out, or disabled.

Fix #7671
 2016-12-07 16:49:16 -06:00
Rich Whitcroft d3a8409a49 prevent further lockouts in smb_login 2016-12-06 21:53:08 -05:00
h00die 3d09e283cf module ready 2016-12-02 22:03:23 -05:00
Jin Qian 4a35f8449a Fixed issue #7650 by matching Server header using regex as Wei suggested 
The suggestion by Wei is simpler than the one I checked in which checks for presence of Server header before calling include method.
 2016-12-02 20:26:38 -06:00
Jin Qian 35fdf1473b Fixed issue #7650 where etherpad_duo_login module may crash 
Add check for presence of Server header.
 2016-12-02 18:07:18 -06:00
Jin Qian 11906eb540 Fix issue #7645 where dolibarr_login module crashed 
Add "res" (http response) when trying to retrieve the cookie
 2016-12-01 15:38:26 -06:00
wchen-r7 9325ef8d8f
Land #7573, Add WP Symposium Plugin SQLI aux mod to steal credentials 2016-12-01 14:56:30 -06:00
wchen-r7 6b5dba72d4 Update description 2016-12-01 14:55:16 -06:00
wchen-r7 64bc029106 Fix Ruby style 2016-12-01 14:53:55 -06:00
wchen-r7 90ec367a99 Add method to save creds to database 2016-12-01 14:52:51 -06:00
William Vu 54684d31bd
Land #7641, check_conn? fix for cisco_ssl_vpn 2016-11-30 21:14:19 -06:00
William Vu 032312d40b Properly check res 2016-11-30 21:03:29 -06:00
Jin Qian ec83a861c8 Fix issue #7640 where cisco SSL VPN not move despite server responded 
Add the "return true" statement that was missing.
 2016-11-30 16:25:13 -06:00
wchen-r7 56505d2cc1 Resolve merge conflict 2016-11-30 14:33:23 -06:00
wchen-r7 c70c3701c5 Fix #7628, concrete5_member_list HTML parser 
Fix #7628
 2016-11-30 14:20:36 -06:00
wchen-r7 530e9a9bc6
Land #7633, fix dell_idrac to stop trying on a user after a valid login 2016-11-30 11:46:31 -06:00
Jin Qian afed1f465e Fix issue 7632 where MSF keeps trying after success. 
Thanks to Wei who suggested adding "return :next_user" after success.
 2016-11-29 14:57:15 -06:00
Jin Qian 1beeb99d44 Fix issue 7628, username extracted became garbled 
Make the regular expression less aggressive.
 2016-11-29 12:52:57 -06:00
William Vu c39c53b102 Prefer DefaultOptions to reregistering SSL option 2016-11-28 14:29:02 -06:00
Pearce Barry 8c54b0e5f4
Land #7622, Fix check_conn? method in cisco_ironport_enum 2016-11-28 14:19:02 -06:00
William Vu 777d5c1820 Fix check_conn? method in cisco_ironport_enum 2016-11-28 14:02:39 -06:00
Cantoni Matteo f0b5b5a153 call store_loot once at the end 2016-11-28 20:28:36 +01:00
wchen-r7 4eb109b22f
Land #7609, set SSL to true by default for cisco_nac_manager_traversal 2016-11-28 11:30:41 -06:00
Brent Cook 60210f57e9
Land #7505, fixed some targets for cisco_asa_extrabacon 2016-11-27 22:19:45 -06:00
jjarmoc 8824cc990a Use Auxilliary Actions for different behaviors. 2016-11-26 13:04:04 -06:00
John Q. Public 0935d31de1 Changed print_status to print_good 
Changed line 315 print type to good instead of the general status indication, so that the result output is easier to see.
 2016-11-25 16:54:58 -06:00
John Q. Public c286c708d9 Print file contents 
Added a print_good statement at line 63 in order to print to contents of the newly discovered robots.txt file.
 2016-11-25 15:57:37 -06:00
h00die efa191dd10 fixed some spacing 2016-11-25 11:50:56 -05:00
h00die 00d9e69a98 potential double fix for #7582 2016-11-24 12:14:09 -05:00
Pearce Barry ec020e3d07
Land #7611, cisco_ironport_enum falsely claimed connection failed 
Fixes #7610
 2016-11-24 09:54:09 -06:00
Cantoni Matteo fd11e7c4df modified it as recommended (@brandonprry) and added Module Documentation 2016-11-24 10:36:32 +01:00
Jin Qian 65b858ac06 Fix issue 7610, cisco_ironport_enum falsely claimed connection failed. 
Make sure we return 1 in check_conn method.
 2016-11-23 14:59:07 -06:00
Jin Qian b7ae7a47be Fix issue #7608 where the SSL option was not turned on by default 
Set the SSL option to be on by default.
 2016-11-23 14:45:42 -06:00
Jin Qian 0df3e17e0c Fix the issue in MS2132 where OWA_LOGIN doesn't continue on connection error. 
The possibility of temporary connnection disruption means this module should keep trying other user/pass pairs upon error.
 2016-11-23 09:56:27 -06:00
h00die 372cf740da saving before changing branches 2016-11-21 22:06:20 -05:00
wchen-r7 83a3a4e348 Fix #7463, check nil return value when using redis_command 
Fix #7463
 2016-11-21 15:52:12 -06:00
William Vu 6f8660f345
Land #7586, NameError fix for brute_dirs 2016-11-21 14:46:19 -06:00
William Vu c8320d661f
Land #7590, mixin order fix for buffalo_login 2016-11-21 13:57:27 -06:00
Jin Qian 90d360a592 Fix the issue 7589, both RHOST and RHOSTS options are quired 
Thanks to Will who found it's due to the order of mixin.
 2016-11-21 11:06:32 -06:00
Jin Qian 18b873be47 Fix the exception issue reported in issue #7585 
Fix the exception by initialize a key variable that caused the exception.
 2016-11-21 10:00:23 -06:00
Brent Cook 0504cae21f
Land #7536, fix get_ipv4_addr(@interface) usage 2016-11-21 01:09:05 -06:00
h00die 05e59bbe19 non-working copy of varnish 2016-11-19 22:09:19 -05:00
h00die 774d363220 direct copy 2016-11-18 16:43:53 -05:00
David Maloney 6a35b366bc
Land #7577, URPORT fix 2016-11-18 14:41:10 -06:00
wchen-r7 00e4a8881f
Land #7574, Update open_proxy aux module 2016-11-18 11:41:43 -06:00
wchen-r7 d3adfff663 Change syntax 2016-11-18 11:41:04 -06:00
wchen-r7 f894b9a4c5 Fix typo 2016-11-18 11:39:26 -06:00
David Maloney 8d1c718873
Land #7572, wireshark dos typos 
Lands mcantoni's pr for fixing typos in the
wireshark dos modules
 2016-11-18 11:01:32 -06:00
wchen-r7 22d70ddd09 Fix #7455, handle the URIPORT option properly in is_uxss_injection 
Fix #7455
 2016-11-17 15:50:35 -06:00
Brian Patterson abddeb5cd2 Land 7473, add censys search module 2016-11-17 13:44:00 -06:00
Brendan f2b9498643
Land #7576, Fix RHOSTS use in auxiliary/scanner/ftp/titanftp_xcrc_traversal 2016-11-17 13:06:29 -06:00
Jin Qian c03f35ef13 Fix the hanging of module auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb 
Thanks for Wei who pointed out the error: in store_loop call, it used "rhosts", should have been ip.
 2016-11-17 10:08:59 -06:00
Cantoni Matteo c9b9be9328 Update open_proxy aux module 2016-11-17 15:44:03 +01:00
Cantoni Matteo b3b89a57b5 Add WordPress Symposium Plugin SQL Injection module 2016-11-17 15:04:53 +01:00
Cantoni Matteo 30f7006b5b Fixed typos of an old commit 2016-11-17 14:39:33 +01:00
wchen-r7 f50e609d12
Land #7556, Prevent psexec_command from dying when one host errors 2016-11-15 12:17:01 -06:00
wchen-r7 e5d3289c18 Fix name for exception 2016-11-15 12:14:58 -06:00
j91321 3fd3bbdfb6 Added comments, removed uneccesary code 2016-11-13 23:22:15 +01:00
j91321 b377cd8fa3 Allegrosoft rompager auth bypass auxiliary module 2016-11-13 10:39:26 +01:00
Dylan Davis a8a09261e1 Use files for rescue error, because left is not available 2016-11-11 21:49:06 -07:00
Jenna Magius db32c5fdcc msftidy whitespace fixes 2016-11-11 10:28:37 -07:00
Dylan Davis fddc2c221f Catch the specific exception. Include the error code in the error message. 2016-11-11 10:24:05 -07:00
Dylan Davis 69a4a327b8 Add begin-rescue blocks that prevent individual hosts from bailing out a threaded multi-host execution 2016-11-11 10:15:36 -07:00
William Vu 4eb42a9171
Fix broken ternary in phoenix_command 2016-11-07 00:12:04 -06:00
Tijl Deneut 92964c1f95 Update phoenix_command.rb 2016-11-06 21:22:54 +01:00
Tijl Deneut 2c2729f0b2 Update phoenix_command.rb 
Coded was messed up by MS Edge, don't use it :)
 2016-11-06 21:21:20 +01:00
Tijl Deneut 1b4409f950 Update phoenix_command.rb 
Style fix: replace "ractionport == nil ?" with "ractionport.nil?"

Is it OK? Did not find time to install and run rubocop ...
 2016-11-06 21:15:31 +01:00
Tijl Deneut 4ea9214466 Fixed a small bug 2016-11-06 16:20:55 +01:00
朱雄宇 e9d85750c2 fix get_ipv4_addr(@interface) usage 
get_ipv4_addr(@interface) returns a string not list, so get_ipv4_addr(@interface)[0] only got the first character of IP, which raises an error.
 2016-11-06 19:04:57 +08:00
Jon Hart 5b810fae41
Update atg_client to identify responses that indicate the command was not understood 2016-11-04 10:12:02 -07:00
William Vu a651985b4f
Land #7498, Joomla account creation and privesc 2016-11-01 22:46:36 -05:00
William Vu f414db5d6d Clean up module 2016-11-01 22:46:28 -05:00
h00die a924981369
Landing #7516, X11 print fixes 2016-11-01 19:50:05 -04:00
Brendan 05e2aad837
Land #7497, Add Kerberos domain user enumeration module 2016-11-01 14:34:47 -05:00
attackdebris 1b4cef10d1 Change creds_name to Kerberos 2016-11-01 17:59:51 +00:00
William Vu 5c065459ae print_{good,error} more specifically in open_x11 2016-10-31 11:29:00 -05:00
Pearce Barry 991a3fe448
Markdown docs added. 2016-10-28 17:38:00 -05:00
Jan Rude 971c8207bd Update telpho10_credential_dump.rb 
Code improvements suggested by @h00die
 2016-10-28 16:45:14 -05:00
Jan Rude c9574a4707 Update telpho10_credential_dump.rb 
output correction
 2016-10-28 16:44:52 -05:00
Jan Rude 05ee51a832 Update telpho10_credential_dump.rb 
do not write to stdout
 2016-10-28 16:44:40 -05:00
Jan Rude fb534a9e85 add telpho10_exploit 
telpho10 credential dump exploit
 2016-10-28 16:44:27 -05:00
Jeff 5eca6866f2 Fix failing versions, specify version explicitly 2016-10-28 16:24:06 -05:00
Filipe Reis 88a2a770a3 Update to have checks in place 
Add: added checks to the code
 2016-10-28 11:24:39 +01:00
Brendan 9eaaba1dea Added user logging into the db and humored rubocop 2016-10-27 15:50:17 -05:00
attackdebris c2af2ab214 Move kerberos_enumusers module to aux/gather & add documentation 2016-10-27 19:11:22 +01:00
Filipe Reis 88beea0c56 updating code 
Fix: changing to seggested fixes
 2016-10-27 14:30:59 +01:00
Filipe Reis 2851faefe8 Update module info 
Fix: removed info that didn't belong
 2016-10-27 03:11:38 +01:00
Filipe Reis e522d7f5a4 Fixing issues regarding travis checks 
Fix: EOL spaces;
 2016-10-27 02:50:20 +01:00
Filipe Reis 8ad1c66bd3 Code update and file rename 
Fix: clean up and improving code using all the comments.
Fix: rename file to a more meaning and more easy to search
 2016-10-27 02:46:40 +01:00
Filipe Reis 0af47ef411 Fixing warning from travis checks 
Fixing: Auxiliary modules have no 'Rank': Rank = ExcellentRanking
Fixing: Spaces at EOL
 2016-10-26 23:29:17 +01:00
Filipe Reis 5a127886bb Fixing issues regarding travis checks 
Fixing unicode issues;
Fixing CVE format;
Fixing EOL spaces;
Fixing the way cookies are read.
 2016-10-26 23:24:09 +01:00
Filipe Reis 94b05d7943 Joomla Account Creation and Privilege Escalation 
This module allows to create an arbitrary account with administrative privileges in Joomla versions 3.4.4 through 3.6.3.
 2016-10-26 23:11:38 +01:00
William Webb 9672759be8
Land #7462, Add support for Unicode domains 2016-10-26 16:47:09 -05:00
attackdebris 18c3d42aca This commit adds the kerberos_enumusers module 2016-10-26 20:56:41 +01:00
Jon Hart 342bfd628a Dont' set default PORTS or PROBE options. Require user configuration. 2016-10-25 15:58:46 -05:00
Jon Hart 2a18ea0e33 Initial commit of generic module for detecting UDP amplification vulnerabilities 2016-10-25 15:58:46 -05:00
Louis Sato f7f28a0833 Land #7480, deprecation msg for udp_probe 2016-10-25 15:52:56 -05:00
David Maloney c00df4dd71
Land #6969, Regsrv cmd delivery server module 
This Lands kn0's PR for the Regsrv32 command delivery server
 2016-10-24 11:46:59 -05:00
Jon Hart 7f65b28483
Deprecate udp_probe in favor of udp_sweep 2016-10-23 13:06:58 -07:00
Vex Woo b5ba862e98 parse ipv4 / website info 2016-10-23 10:53:43 -05:00
Vex Woo 50284cf01b parse domain/ip info from certificate 2016-10-23 10:33:17 -05:00
nixawk c79c102998 remove unuse variable @uri 2016-10-21 23:59:09 -05:00
nixawk 893a6ef82e add censys search module 2016-10-21 23:45:44 -05:00
David Maloney e442f5f76b
Land #7460, zoomeye search module 
typo in previous land commit
 2016-10-21 13:48:28 -05:00
David Maloney 264fe7b8f8 Land #7460, zoomeye search module 2016-10-21 13:47:46 -05:00
David Maloney 05ffa0074c
Land 37460, zoomeye search module 
Lands nixawk's zoomeye search aux module
 2016-10-21 10:25:58 -05:00
nixawk ada571bfdf Fix login - check condition 2016-10-20 22:52:24 -05:00
nixawk 344b688ae5 remove ZoomEye_APIKEY, add (USERNAME / PASSWORD) 2016-10-20 22:48:01 -05:00
nixawk 097a273abb fix dork_search 2016-10-19 20:54:31 -05:00
nixawk 72b2ba2e88 replace [Net::HTTP] with [rex/proto/http] 2016-10-19 20:40:45 -05:00
nixawk a77f415893 remove unuseful condition 2016-10-19 20:05:12 -05:00
nixawk 9f3f0fd358 make [matches_records] simple 2016-10-19 19:59:02 -05:00
Brendan b5a41c3011 Convert ANSI data to UTF-8 char by char because MS might 
put an invalid character in the WORKGROUP name during SMB
handshake
 2016-10-19 17:42:26 -05:00
nixawk fcc22d9027 add module references info 2016-10-19 02:23:11 -05:00
William Vu 2668a4a1cd
Fix #6993, tnspoison_checker cleanup 2016-10-19 00:53:33 -05:00
nixawk 3630388e91 zoomeye search 2016-10-18 22:52:23 -05:00
William Webb 8e2ff8df80
Land #7433, Add IP Addresses to HTTP PUT/DELETE scanner output 2016-10-14 13:27:17 -05:00
Brent Cook 9fbe1ddd9d
Land #7384, CVE-2016-6415 - Cisco IKE Information Disclosure 2016-10-14 08:41:34 -05:00
nixawk b74539be44 check if isakmp payload is same to IKE Leak data 2016-10-13 04:20:23 -05:00
nixawk 7536d1d94a print leak data 2016-10-12 02:42:50 -05:00
nixawk 70d4833654 Fix report_vuln 2016-10-12 02:16:00 -05:00
Alton J 98d7b19ab9 Passed IP parameter to additional functions. 2016-10-11 15:09:50 -05:00
Alton J acff0fa9cf Added IP addresses to output. 2016-10-11 14:43:42 -05:00
Alton J f0ff4a0721 Added IP addresses to output. 2016-10-11 14:42:06 -05:00
Sonny Gonzalez 3fd806b87f Merge remote-tracking branch 'upstream/pr/6993' into land-6993 2016-10-11 09:33:26 -05:00
Brent Cook e074669406
Land #7296, Added a SCADA module for detecting Profinet devices, e.g. Siemens controllers 2016-10-08 21:34:40 -05:00
William Vu e8c3a61e72
Land #7405, nil fix for ntp_protocol_fuzzer 2016-10-05 15:26:39 -05:00
“lvarela” 8749eaf097 Fix the default num to be 0 when not specified. 2016-10-05 14:52:43 -05:00
Jon Hart b95cc7bbbe
Set correct default options; fix usage on OS X 
Fixes 7404
 2016-10-05 09:51:31 -07:00
Stephen Haywood 2d361fabc6 No need to interpolate when using .to_s 2016-10-03 11:38:36 -04:00
Stephen Haywood 95f9b778bd Use standard status messages instead of verbose. 2016-10-03 11:01:51 -04:00
Stephen Haywood d088005d95 TABLE_NAME option not needed. 2016-10-03 10:58:13 -04:00
Stephen Haywood 5f12c8e026 Incorrect warning message 
The filename is not always test so the warning message and the note in the description are incorrect.
 2016-10-03 10:57:25 -04:00
Stephen Haywood 25996a16bb Fixed file read block. 2016-10-03 10:47:03 -04:00
Stephen Haywood 708eb0eb4f Fixed syntax error. 2016-10-03 10:17:29 -04:00
Stephen Haywood fac03570d1 Use File.open block. 2016-10-03 10:09:45 -04:00
Stephen Haywood bc57537205 Add warning statement. 2016-10-03 10:07:40 -04:00
Stephen Haywood a627c3cd5e Removed unnecessary return statements. 2016-10-03 10:02:26 -04:00
Stephen Haywood 6fa8f40b31 Use unless instead of if (not ...) 2016-10-03 10:00:56 -04:00
Interference Security 3e01dbfded Fixed Space-Tab mixed indent warning 2016-10-01 15:13:26 +05:30
Interference Security 4227cb76a8 Fixed stack trace bug & verified logic 
- Fixed stack trace bug when value of "packet" is nill.
- Verified logic of Oracle TNS Listener poisoning which requires an ACCEPT response to be marked as vulnerable.
 2016-10-01 15:01:02 +05:30
Stephen Haywood 63c0b6f569 Login failure message. 2016-09-30 17:09:41 -04:00
Stephen Haywood 7996c4b048 Warning about leaving files on disk. 2016-09-30 14:53:15 -04:00
Stephen Haywood 3e4a23cdf6 Removed unnecessary require statement. 2016-09-30 14:51:43 -04:00
nixawk ac76c3591a reference urls 2016-09-29 22:43:00 -05:00
nixawk 5929d72266 CVE-2016-6415 - cisco_ike_benigncertain.rb 2016-09-29 22:25:57 -05:00
averagesecurityguy f7e588cdeb Initial commit of module. 2016-09-28 14:55:32 -04:00
Brendan b9de73e803
Land #7334, Add aux module to exploit WINDOWS based (java) Colorado 
FTP server directory traversal
 2016-09-26 14:15:23 -05:00
Brent Cook df28e2a85e Add credit to wwebb-r7 for the initial module and ASA hacking notes 2016-09-24 05:48:31 -04:00
TheNaterz cd4299b3a2 Added offsets for version 9.2(4)14 
This version of the ASA is patched and our offsets do not work currently. We may do more work on this to find a solution.
 2016-09-23 16:57:08 -06:00
TheNaterz 087e9461ce Added offsets for version 9.2(4)13 2016-09-23 16:50:50 -06:00
TheNaterz 3f985d94d7 Added offsets for version 8.4(6)5 2016-09-23 16:32:42 -06:00
TheNaterz 352946d8f5 Added offsets for version 8.4(4)9 2016-09-23 16:19:36 -06:00
TheNaterz 368fd1a77f Added offsets for version 8.4(4)5 2016-09-23 16:07:42 -06:00
TheNaterz 19fe09318a Added offsets for version 8.4(4)3 2016-09-23 15:56:02 -06:00
TheNaterz 8840af0e90 Added offsets for version 8.4(4)1 2016-09-23 15:44:39 -06:00
TheNaterz 19caff2293 Added offsets for 8.3(2)40 2016-09-23 15:26:02 -06:00
TheNaterz ba4505bcce Added offsets for version 8.3(2)39 2016-09-23 15:05:39 -06:00
TheNaterz 64df7b0524 Added offsets for verion 8.3(2)-npe 
We currently can't distinguish between 8.3(2) and 8.3(2)-npe versions from the SNMP strings. We've commented out the 8.3(2)-npe offsets, but in the future, we'd like to incorporate this version.
 2016-09-23 14:49:57 -06:00
TheNaterz 926e5fab9e Added offsets for version 8.2(5)41 2016-09-23 14:00:23 -06:00
TheNaterz b4d3e8ea3e Added offsets for version 9.2(1) 2016-09-23 13:52:13 -06:00
TheNaterz d36e16fc32 Added offsets for version 8.2(5)33 2016-09-23 13:15:39 -06:00
TheNaterz f19ed4376b Adding new version offsets 2016-09-23 12:57:36 -06:00
Tijl Deneut 2fab62b14d Update profinet_siemens.rb 
Removed unnecessary rescue, gave "timeout" variable a better name.
 2016-09-23 18:05:45 +02:00
TheNaterz 98cf5d8eb5 Changed 'build_offsets' to 'build_payload' 2016-09-23 09:32:17 -06:00
zerosum0x0 1868371ba7 fix merge conflicts 2016-09-23 14:49:36 +00:00
zerosum0x0 2591d0b7c6 numerous fixes as per @busterb 2016-09-23 14:46:40 +00:00
TheNaterz dda6b67928 Added basic error handling for unsupported ASA versions 2016-09-22 18:24:25 -06:00
TheNaterz cf070853e9 Moved required datastore option into constructor 2016-09-22 18:08:35 -06:00
TheNaterz df25f07b34 Replaced '+=' with '<<' 2016-09-22 17:53:28 -06:00
TheNaterz f525c24a9f Added offsets for 8.4(7) 2016-09-22 17:16:37 -06:00
zerosum0x0 28a09c2d13 stupid comment 2016-09-22 22:57:42 +00:00
TheNaterz 7762f42dfa Added offsets for 8.3(1) 2016-09-22 16:17:37 -06:00
TheNaterz 064aed858b Added RiskSense contributor repo to references 2016-09-22 16:10:30 -06:00
TheNaterz 961524d648 Adding offsets for 9.1(1)4 2016-09-22 16:04:44 -06:00
TheNaterz 4e9459d876 Added offsets for 9.0(1) 2016-09-22 15:35:59 -06:00
TheNaterz 5ca6563c8f Fixed problem with 9.2(2)8 offsets 2016-09-22 15:24:49 -06:00
TheNaterz b77adc97f0 Removing redundant version check 2016-09-22 15:05:42 -06:00
TheNaterz c22a2a19e8 Added offsets for 9.2(2)8 2016-09-22 14:59:49 -06:00
TheNaterz e8d1f6d5a0 Added offsets for 8.2(3) 2016-09-22 14:38:52 -06:00
Jenna Magius a0ba8b7401 Fix whitespace per msftidy 2016-09-22 14:25:04 -06:00
TheNaterz 022189c075 Added offsets for 8.4(3) 2016-09-22 14:12:33 -06:00
zerosum0x0 4288c3fb46 added always_return_true variable 2016-09-22 19:44:55 +00:00
TheNaterz c18045128a Replaced global vars, made 'patched_code' value static 2016-09-22 13:42:23 -06:00
zerosum0x0 3c7fc49788 Added module auxiliary/admin/cisco/cisco_asa_extrabacon 
This module patches the authentication functions of a Cisco ASA
to allow uncredentialed logins. Uses improved shellcode for payload.
 2016-09-22 18:06:03 +00:00
Brent Cook 88cef32ea4
Land #7339, SSH module fixes from net:ssh updates 2016-09-22 00:27:32 -05:00
Brent Cook a9a1146155 fix more ssh option hashes 2016-09-20 01:30:35 -05:00
David Maloney e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules 2016-09-19 15:27:37 -05:00
David Maloney 06ff7303a6
make pubkey verifier work with old module 
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together

7321
 2016-09-19 15:20:35 -05:00
Pearce Barry 3f5ed75198
Relocate Rex::Platform:Windows content (fixes MS-1714) 2016-09-19 14:34:44 -05:00
h00die 9c922d111f colorado ftp 2016-09-18 20:03:16 -04:00
William Vu 4ba1ed2e00
Fix formatting in fortinet_backdoor 
Also add :config and :use_agent options.
 2016-09-16 12:32:30 -05:00
David Maloney 26491eed1a
pass the public key in as a file instead of data 
when using key_data it seems to assume it is a private
key now. the initial key parsing error can be bypassed
by doing this

7321
 2016-09-16 11:48:51 -05:00
David Maloney dfcd5742c1
some more minor fixes 
some more minor fixes around broken
ssh modules

7321
 2016-09-15 14:25:17 -05:00
David Maloney e10c133eef
fix the exagrid exploit module 
split the exagrid exploit module up and
refactor to be able to easily tell if the
key or the password was used

7321
 2016-09-15 11:44:19 -05:00
William Vu cac890a797
Land #7308, disclosure date additions 2016-09-13 23:16:30 -05:00
William Vu e4e6f5daac Fix indentation 2016-09-13 23:15:37 -05:00
h00die d73531c0d3 added disclosure dates 2016-09-13 20:37:04 -04:00
Brent Cook 7352029497 first round of SSL damage fixes 2016-09-13 17:42:31 -05:00
wchen-r7 245237d650
Land #7288, Add LoginScannerfor Octopus Deploy server 2016-09-13 17:26:56 -05:00
Pedro Ribeiro 4d49f7140c update links and CVE on webnms_file_download 2016-09-13 18:50:53 +01:00
Pedro Ribeiro 8b90df8b67 update links and CVE on webnms_cred_disclosure 2016-09-13 18:49:58 +01:00
Tijl Deneut 8df8f7dda0 Initial commit of profinet_siemens.rb 2016-09-11 09:15:41 +02:00
Brent Cook a81f351cb3
Land #7274, Remove deprecated modules 2016-09-09 12:01:59 -05:00
Brent Cook 1d4b0de560
Land #6616, Added an Outlook EWS NTLM login module. 2016-09-09 11:43:52 -05:00
Brendan a30711ddcd
Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
aushack 7632c74aba Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2016-09-07 14:15:57 +10:00
aushack 6e21684ff7 Fix typo. 2016-09-07 14:08:46 +10:00
james-otten dcf0d74428 Adding module to scan for Octopus Deploy server 
This module tries to log into one or more Octopus Deploy servers.

More information about Octopus Deploy:
https://octopus.com
 2016-09-06 20:52:49 -05:00
William Vu fed2ed444f Remove deprecated modules 
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
 2016-09-03 12:43:01 -05:00
Brendan 81bc6bd672
Land #7228, Create zabbix_toggleids_sqli auxiliary module 2016-09-01 16:33:17 -05:00
Jon Hart b0e45341e5
Update redis file_upload to optionally FLUSHALL before writing 
This increases the chances that the uploaded file will be usable as-is
rather than being surround by the data in redis itself.
 2016-08-31 14:27:18 -07:00
Brandon Perry 874fec4e31 Update zabbix_toggleids_sqli.rb 2016-08-31 17:23:16 -04:00
Brandon Perry d43380330e Update zabbix_toggleids_sqli.rb 2016-08-31 17:18:28 -04:00
Brendan b21ea2ba3f Added code to assign CPORT value to the parent scanner object 2016-08-29 13:17:10 -05:00
Pearce Barry 226ded8d7e
Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
William Vu cd858a149f Add DETECT_ANY_AUTH to make bogus login optional 2016-08-23 23:05:47 -05:00
Brandon Perry 38a8d21e5b Update zabbix_toggleids_sqli.rb 2016-08-22 18:57:25 -05:00
Brandon Perry 6b9635d7a5 Rename zabbix_toggleids_sqli to zabbix_toggleids_sqli.rb 2016-08-22 18:52:16 -05:00
David Maloney 20947cd6cd
remove old dependency on net-ssh moneykpatch 
the ssh_login_pubkey scanner relied on functionality that
was monkeypatched into our vendored copy. this was an uneeded solution
in the first palce, and we now use a more sane method of accomplishing
the same thing
 2016-08-22 10:54:09 -05:00
Brandon Perry 2abf71a3ac Create zabbix_toggleids_sqli 2016-08-21 12:43:20 -05:00
wchen-r7 5f8ef6682a Fix #7202, Make print_brute print ip:rport if available 
Fix #7202
 2016-08-16 15:34:30 -05:00
Pearce Barry 1e7663c704
Land #7200, Rex::Ui::Text cleanup 2016-08-12 16:22:55 -05:00
wchen-r7 c2c05a820a Force uripath and srvport options 2016-08-10 18:25:45 -05:00
wchen-r7 e56e801c12 Update ie_sandbox_findfiles.rb 2016-08-10 18:09:58 -05:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs 
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
 2016-08-10 13:30:09 -05:00
Yorick Koster 87b27951cf Fixed some build errors 2016-08-09 20:46:49 +02:00
Yorick Koster 79a84fb320 Internet Explorer iframe sandbox local file name disclosure vulnerability 
It was found that Internet Explorer allows the disclosure of local file
names. This issue exists due to the fact that Internet Explorer behaves
different for file:// URLs pointing to existing and non-existent files.
When used in combination with HTML5 sandbox iframes it is possible to
use this behavior to find out if a local file exists. This technique
only works on Internet Explorer 10 & 11 since these support the HTML5
sandbox. Also it is not possible to do this from a regular website as
file:// URLs are blocked all together. The attack must be performed
locally (works with Internet zone Mark of the Web) or from a share.
 2016-08-09 20:35:42 +02:00
wchen-r7 de16a6d536
Land #7182, Nuuo / Netgear Surveillance admin password reset module 2016-08-08 16:10:30 -05:00
Pedro Ribeiro 7ca7682d17 Fix whitespace error from msftidy 2016-08-08 17:57:03 +01:00
Pedro Ribeiro 106f26587e Add bugtraq reference 2016-08-05 21:52:46 +01:00
Pedro Ribeiro 036d0502db Add github link 2016-08-04 17:38:45 +01:00
Pedro Ribeiro ec67db03f1 add exploit for CVE 2016-5676 2016-08-04 16:56:16 +01:00
Jon Hart 554a0c5ad7
Deprecate nbname_probe, which duplicate nbname as of 77cd6dbc8b 2016-08-02 17:36:22 -07:00
William Vu e699d3f05b Fix empty output in nbns_response 
Normally, the module prints nothing unless VERBOSE is true. In practice,
we at least want to see responded-to hosts. We leave details to be
printed when VERBOSE is set.
 2016-07-31 09:47:19 -07:00
wchen-r7 cce1ae6026 Fix #6989, scanner modules printing RHOST in progress messages 
Fix #6989
 2016-07-25 23:15:59 -05:00
James Lee ff63e6e05a
Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00