Commit Graph

16384 Commits (70033576fefac82f0732d950b17a925f4517b71a)

Author SHA1 Message Date
Jon Hart b0bbce1190
Include peer in most prints 2015-01-20 08:00:02 -08:00
wez3 bd0a20a717 Update outlook.rb execute_script time_out
I have been using the script in real life cases which have bigger e-mailboxes then in the testing environment. Because of execute_script default time_out no results return, as the powershell scripts run longer then 15 seconds. Changed the timeout to 120.
2015-01-20 11:16:37 +01:00
jvazquez-r7 f7aaad1cf1
Delete some extraneous commas 2015-01-19 17:25:45 -06:00
jvazquez-r7 dbc77a2857
Land #4517, @pedrib's exploit for ManageEngine Multiple Products Authenticated File Upload
* CVE-2014-5301
2015-01-19 17:23:39 -06:00
jvazquez-r7 6403098fbc Avoid sleep(), survey instead 2015-01-19 17:22:04 -06:00
jvazquez-r7 a6e351ef5d Delete unnecessary request 2015-01-19 17:14:23 -06:00
jvazquez-r7 ed26a2fd77 Avoid modify datastore options 2015-01-19 17:11:31 -06:00
jvazquez-r7 3c0efe4a7e Do minor style changes 2015-01-19 15:36:05 -06:00
rastating 9d3397901b Correct version numbers and code tidy up 2015-01-19 20:59:46 +00:00
jvazquez-r7 ddda0b2f4b Beautify metadata 2015-01-19 14:59:31 -06:00
jvazquez-r7 43e0afeaed Delete 's' typo 2015-01-19 12:55:35 -06:00
jvazquez-r7 79a24f80b8 Use constant for play options 2015-01-19 12:50:40 -06:00
jvazquez-r7 652400451e Delete extra k 2015-01-19 12:35:26 -06:00
IMcPwn 50d43f118b Make URLs better
Removes YouTube logo, loops, hides video controls at bottom, disables keyboard controls, doesn't show info about the video on the top, hides video annotations, and doesn't show related videos at the end.
2015-01-19 12:27:18 -05:00
Hans-Martin Münch (h0ng10) 5813c639d1 Initial commit 2015-01-19 17:23:48 +01:00
Christian Mehlmauer 354e952841
fix msftidy warnings 2015-01-18 23:55:57 +01:00
Christian Mehlmauer 5b964bba6a
Land #4518, Wordpress long password DoS 2015-01-18 23:55:06 +01:00
Christian Mehlmauer 6014ff8a31
fix msftidy warnings 2015-01-18 23:54:16 +01:00
sgabe affc661524 Add module for CVE-2014-4936 2015-01-18 17:18:05 +01:00
eyalgr 7a2f0553a8 Update reverse_tcp.rb
prevent over-reading from socket
2015-01-18 17:32:53 +02:00
eyalgr 9c12fcc2f1 Update bind_tcp.rb
Read exactly l bytes
2015-01-18 15:42:09 +02:00
eyalgr 18e15a109a Update bind_tcp.rb
Prevent over reading from socket
2015-01-18 15:35:56 +02:00
jvazquez-r7 3a3e37ba6c Refactor extract_mbean_server 2015-01-18 01:20:13 -06:00
jvazquez-r7 4247747fc5 Refactor extract_object 2015-01-18 01:13:00 -06:00
William Vu 84ecde30d1
Land #4586, mcafee_epo_xxe aux module 2015-01-18 00:50:10 -06:00
William Vu 57ca285f8a
Fix msftidy warnings 2015-01-18 00:49:52 -06:00
pdeardorff-r7 db3185231a add maxkeys option, dont store loot if localhost and improve streaming 2015-01-17 09:25:32 -08:00
root 3a5d6b4717 Store password hash as loot 2015-01-17 14:17:41 +00:00
Tod Beardsley 375a7e1fe9
Typo. Filtering. 2015-01-16 16:30:52 -06:00
Jon Hart 8889f95920
Correct McAfee credential storage, prepare for store_loot 2015-01-16 12:10:01 -08:00
pdeardorff-r7 f1bcbb7d78 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-16 09:57:17 -08:00
Brent Cook a2a1a90678
Land #4316, Meatballs1 streamlines payload execution for exploits/windows/local/wmi
also fixes a typo bug in WMIC
2015-01-16 11:16:22 -06:00
Brent Cook 6a68888712
Land #4590, jvennix-r7's fix for same-scheme URLs
made a trivial string formatting tweak
2015-01-16 09:10:56 -06:00
Brent Cook 7ef721bdd6 Might as well format the url all at once. 2015-01-16 09:01:25 -06:00
James Lee 488847cecc
Split smb_cmd_session_setup into with/without esn
Extended Security Negotiation
2015-01-16 07:05:10 -06:00
James Lee 6b6a7e81c9
Style fixes 2015-01-16 06:39:21 -06:00
jvazquez-r7 d9c6c56779 Refactor extract_rmi_connection_stub 2015-01-15 23:15:30 -06:00
jvazquez-r7 2d2f26a0e3 Change method names for stream builders 2015-01-15 23:01:27 -06:00
James Lee 273ba54a21
Fix server/capture/smb to use create_credential 2015-01-15 22:39:11 -06:00
jvazquez-r7 00117fc963 Do first and ugly refactoring 2015-01-15 21:18:03 -06:00
jvazquez-r7 4d35131f59 Provide description and authentication support 2015-01-15 17:57:35 -06:00
Brandon Perry 1929f36050 Update mcafee_epo_xxe.rb 2015-01-15 16:50:14 -06:00
jvazquez-r7 2cd15d0155 Delete comments 2015-01-15 16:43:03 -06:00
jvazquez-r7 cab4787172 Add initial JMX module 2015-01-15 16:41:37 -06:00
Joe Vennix 8c3d4c8d07
Spelling tweak. 2015-01-15 15:19:46 -06:00
Joe Vennix 35c9a13199 Handle the usage of // (same-scheme) URLs. 2015-01-15 15:09:50 -06:00
Brent Cook c1e604f201
Land #4562: wchen-r7's CVE addition 2015-01-15 14:34:37 -06:00
Brent Cook bc895ab4d1
Land #4582, jhart-r7's Apple Airport Authentication Avalanche 2015-01-15 14:07:18 -06:00
Brent Cook 47cd5a3e59
Land #4562, wchen-r7's Win8 NtApphelpCacheControl privilege escalation 2015-01-15 13:52:07 -06:00
sinn3r 09eaf80a90 Add CVE 2015-01-15 13:22:00 -06:00
sgabe 68dc3ce876 Minor code formatting 2015-01-15 19:33:08 +01:00
pdeardorff-r7 507050b316 rescue from down memcached server or timeout 2015-01-15 09:51:42 -08:00
pdeardorff-r7 0e893cd772 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-15 09:40:21 -08:00
pdeardorff-r7 4d2ad8865f remove debug line 2015-01-15 09:37:51 -08:00
pdeardorff-r7 154eb7956c fix storing of loot and support localhost session 2015-01-15 09:36:15 -08:00
Brandon Perry 4e4ca15422 Update mcafee_epo_xxe.rb 2015-01-15 11:02:11 -06:00
Brandon Perry e53522b64b Update mcafee_epo_xxe.rb 2015-01-15 10:28:52 -06:00
sinn3r 57904773e7 Configurable resource 2015-01-15 10:28:03 -06:00
Brandon Perry 86d5358299 Update mcafee_epo_xxe.rb 2015-01-15 09:56:02 -06:00
Gabor Seljan ef0be946b1 Use HttpServer instead of TcpServer 2015-01-15 10:39:17 +01:00
Brandon Perry 53e1304afb Update mcafee_epo_xxe.rb 2015-01-14 18:19:27 -06:00
root f4f4787efe Move run method 2015-01-14 23:54:02 +00:00
Pedro Ribeiro 3768cf0a69 Change version to int and add proper timestamp 2015-01-14 22:59:11 +00:00
jvazquez-r7 621cada2ac Undo build_gc_call_data refactoring 2015-01-14 16:47:28 -06:00
sgabe da0fce1ea8 Add module for CVE-2014-2206 2015-01-14 22:04:30 +01:00
David Maloney f42bda1a51
refactor parsing the results
moved the result parsing into its own method
cleaned up run method a bit more, added YARD docs
to the new methods
2015-01-14 14:15:57 -06:00
David Maloney c687ecca2e
refactor filter building
move the filter_string into a seperate method
and use shovel oeprator to keep it a little cleaner
2015-01-14 14:04:28 -06:00
David Maloney 9b344a9605
move query fields to a constant
these fields should never change, so put the array
in a constant and freeze it to prevent accidental tampering
2015-01-14 13:20:00 -06:00
David Maloney 82939595f8
Merge branch 'master' into feature/metaballs1/enum_ad_users 2015-01-14 13:06:18 -06:00
Brandon Perry 1ed07bac32 Update mcafee_epo_xxe.rb 2015-01-14 11:01:14 -06:00
Brandon Perry 794bb65817 Create mcafee_epo_xxe.rb 2015-01-14 10:54:58 -06:00
rastating 8a89b3be28 Cleanup of various bits of code 2015-01-13 22:20:40 +00:00
Jon Hart b7eb4d24aa
Squash another rogue 5009 2015-01-13 10:36:43 -08:00
Jon Hart ac4eb3bb90
Land #4578, @dlanner's fix for rails_secret_deserialization 2015-01-13 09:37:28 -08:00
David Lanner c5cfc11d84 fix cookie regex by removing a space 2015-01-12 23:13:18 -05:00
Jon Hart 69f03f5c5d
Move ACPP default port into Rex 2015-01-12 19:43:57 -08:00
Jon Hart 01a9fb1483
Spelling 2015-01-12 19:29:41 -08:00
Jon Hart a076a9ab89
report_vuln 2015-01-12 19:23:08 -08:00
Jon Hart d5cdfe73ed
Big style cleanup 2015-01-12 19:11:14 -08:00
Jon Hart 9721993b8f
Allow blank password, remote more unused opts, print private 2015-01-12 18:43:54 -08:00
pdeardorff-r7 99cf668441 add memcached extractor module 2015-01-12 16:40:06 -08:00
rastating 8246f4e0bb Add ability to use both WP and EC attack vectors 2015-01-12 23:30:59 +00:00
Jon Hart 44059a6e34
Disable more unused options 2015-01-12 14:15:40 -08:00
Jon Hart ec506af8ea
Make ACPP login work 2015-01-12 14:01:23 -08:00
rastating e6f6acece9 Add a date hash to the post data 2015-01-12 21:21:50 +00:00
Jon Hart e9557ffe58 Simplify module in prep for some authbrute cleanups 2015-01-12 13:08:12 -08:00
Jon Hart 97f5cbdf08 Add initial Airport ACPP login scanner 2015-01-12 13:08:12 -08:00
sinn3r 7876401419
Land #4476 - Lexmark MarkVision Enterprise Arbitrary File Upload 2015-01-12 10:44:23 -06:00
sinn3r 34bbc5be90 print error message about limitation 2015-01-11 20:12:40 -06:00
rastating ea37e2e198 Add WP EasyCart file upload exploit module 2015-01-10 21:05:02 +00:00
root 52b929c5ca Fix https://github.com/m7x/metasploit-framework/pull/1#issuecomment-69454590 2015-01-10 14:15:53 +00:00
sinn3r 46d1616994 Hello ARCH_X86_64 2015-01-10 06:16:22 -06:00
jvazquez-r7 05d364180b Beautify descriptions 2015-01-10 01:10:08 -06:00
jvazquez-r7 a2d479a894 Refactor run method 2015-01-10 01:06:56 -06:00
jvazquez-r7 cf9d7d583e Do first code cleanup 2015-01-10 00:51:31 -06:00
jvazquez-r7 000d7dd1eb Minor beautification 2015-01-10 00:32:10 -06:00
jvazquez-r7 1d0e9a2dca Use snake_case filename 2015-01-10 00:29:28 -06:00
jvazquez-r7 070e833d46 Use snake_case filename 2015-01-10 00:28:01 -06:00
jvazquez-r7 59d602f37d Refactor cisco_cucdm_callforward 2015-01-10 00:27:31 -06:00
jvazquez-r7 511a7f8cca send_request_cgi already URI encodes 2015-01-10 00:06:26 -06:00
jvazquez-r7 5d8167dca6 Beautify description 2015-01-10 00:02:42 -06:00
jvazquez-r7 9fb4cfb442 Do First callforward cleanup 2015-01-10 00:00:27 -06:00
jvazquez-r7 f7af0d9cf0
Test landing #4065 into up to date branch 2015-01-09 23:40:16 -06:00
jvazquez-r7 bedbffa377
Land #3700, @ringt fix for oracle_login
* Avoid retrying logins when connection cannot be stablished
2015-01-09 22:59:32 -06:00
jvazquez-r7 38c36b49fb Report when nothing is rescued 2015-01-09 22:58:19 -06:00
Jon Hart 5c12f9da75
More cleanup
Handle multiple versions
Better print_
Actually extract
2015-01-09 18:01:17 -08:00
sinn3r 3c8be9e36d Just x86 2015-01-09 19:12:51 -06:00
sinn3r 74e8e057dd Use RDL 2015-01-09 19:02:08 -06:00
Christian Mehlmauer d4d1a53533
fix invalid url 2015-01-09 21:57:52 +01:00
Christian Mehlmauer fd2307680d
Land #4550, wp-symposium file upload 2015-01-09 21:55:02 +01:00
Jon Hart 35fd17c4f1
Cleanup style 2015-01-09 11:00:25 -08:00
jvazquez-r7 d65ed54e0c Check STARTUP_FOLDER option 2015-01-09 12:21:01 -06:00
jvazquez-r7 2c633e403e Do code cleanup 2015-01-09 12:07:59 -06:00
jvazquez-r7 d52e9d4e21 Fix metadata again 2015-01-09 11:20:00 -06:00
jvazquez-r7 9dbf163fe7 Do minor style fixes 2015-01-09 11:17:16 -06:00
jvazquez-r7 8f09e0c20c Fix metadata by copying the mysql_mof data 2015-01-09 11:15:32 -06:00
jvazquez-r7 da6496fee1
Test landing #2156 into up to date branch 2015-01-09 11:04:47 -06:00
sinn3r ee5c249c89 Add EDB reference 2015-01-09 00:19:12 -06:00
sinn3r 75de792558 Add a basic check 2015-01-09 00:03:39 -06:00
sinn3r 4911127fe2 Match the title and change the description a little bit 2015-01-08 21:48:01 -06:00
sinn3r b7b3ae4d2a A little randomness 2015-01-08 21:25:55 -06:00
Jon Hart e4547eb474
Land #4537, @wchen-r7's fix for #4098 2015-01-08 17:57:16 -08:00
Jon Hart f13e56aef8
Handle bracketed and unbracketed results, add more useful logging 2015-01-08 17:51:31 -08:00
Jon Hart 14db112c32 Add logging to show executed Java and result 2015-01-08 16:53:12 -08:00
sinn3r b65013c5c5 Another update 2015-01-08 18:39:04 -06:00
sinn3r b2ff5425bc Some changes 2015-01-08 18:33:30 -06:00
sinn3r 53e6f42d99 This works 2015-01-08 17:57:14 -06:00
Pedro Ribeiro c76aec60b0 Add OSVDB id and full disclosure URL 2015-01-08 23:29:38 +00:00
sinn3r 7ed6b3117a Update 2015-01-08 17:18:14 -06:00
Brent Cook fb5170e8b3
Land #2766, Meatballs1's refactoring of ExtAPI services
- Many code duplications are eliminated from modules in favor of shared
   implementations in the framework.
 - Paths are properly quoted in shell operations and duplicate operations are
   squashed.
 - Various subtle bugs in error handling are fixed.
 - Error handling is simpler.
 - Windows services API is revised and modules are updated to use it.
 - various API docs added
 - railgun API constants are organized and readable now.
2015-01-08 16:54:01 -06:00
Brent Cook e447a17795 bump deprecated date 2015-01-08 16:20:06 -06:00
sinn3r 50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012 2015-01-08 16:19:55 -06:00
jvazquez-r7 fa5cd928a1 Refactor exploit to use the mixin 2015-01-08 16:04:56 -06:00
jvazquez-r7 ca765e2cc5 Refactor client mixin 2015-01-08 15:46:24 -06:00
rastating 82e6183136 Add Msf::Exploit::FileDropper mixin 2015-01-08 21:07:00 +00:00
rastating 93dc90d9d3 Tidied up some code with existing mixins 2015-01-08 20:53:56 +00:00
jvazquez-r7 873ade3b8a Refactor exploit module 2015-01-08 14:52:55 -06:00
jvazquez-r7 3debcef00b Fix call from aux module 2015-01-08 14:24:27 -06:00
sinn3r 0e6c7181b1 "Stash" it 2015-01-08 14:13:14 -06:00
jvazquez-r7 c205ef28d4 Refactor build_gc_call 2015-01-08 14:01:04 -06:00
Meatballs a9fee9c022
Fall back to runas if UAC disabled 2015-01-08 11:07:57 +00:00
William Vu ea793802cc
Land #4528, mantisbt_php_exec improvements 2015-01-08 04:50:00 -06:00
Meatballs 3c3d28b475
Land #4551, correct spelling in dns_bruteforce 2015-01-08 10:03:28 +00:00
jvazquez-r7 73e3cd19c3 Convert java_rmi_server aux mod to use new mixin 2015-01-08 00:29:50 -06:00
OJ 844460dd87
Update bypass UAC to work on 8.1 and 2012
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.

I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
William Vu 0604b2ecc7
Land #4542, invalid splat URL fix 2015-01-07 22:54:22 -06:00
EricGershman 0496bb16bc Minor spelling fix 2015-01-07 23:43:59 -05:00
jvazquez-r7 d59805568e Do first module refactoring try 2015-01-07 19:06:09 -06:00
rastating 7b92c6c2df Add WP Symposium Shell Upload module 2015-01-07 22:02:39 +00:00
James Lee da2e088118
Land #4536, Ruby 2.2 compat fixes
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
2015-01-07 15:33:23 -06:00
Meatballs 0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
Conflicts:
	test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
David Maloney 82d129bfc4
Merge branch 'master' into feature/jtr-korelogic-rules-update 2015-01-07 12:42:23 -06:00
David Maloney df70678762
tell suer KoreLogic rules have been applied
make sure to rpovide console feedback that we are
actually applying the KoreLogic rules to wordlist mode
2015-01-07 12:36:07 -06:00
David Maloney 4ad7021336
give user option to turn on KoreLogic rules
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
sinn3r ef97d15158 Fix msftidy and make sure all print_*s in check() are vprint_*s 2015-01-07 12:12:25 -06:00
rastating a5f48b23df Add use of Msf::ThreadManager 2015-01-07 17:27:06 +00:00
James Lee 3e80efb5a8
Land #4521, Pandora FMS upload 2015-01-07 11:13:57 -06:00
James Lee 1ccef7dc3c
Shorter timeout so we get shell sooner
The request to execute our payload will never return, so waiting for the
default timeout (20 seconds) is pointless.
2015-01-07 11:11:33 -06:00
rastating e90e98547b Add configurable timeout to WordPress login 2015-01-07 17:06:31 +00:00
sinn3r 4c240e8959 Fix #4098 - False negative check for script_mvel_rce
Fix #4098, thanks @arnaudsoullie
2015-01-07 10:40:58 -06:00
sinn3r c60b6969bc Oh so that's it 2015-01-07 10:39:46 -06:00
James Lee efe83a4f31
Whitespace 2015-01-07 10:19:17 -06:00
m7x 89699d1549 Typo workspace_id 2015-01-07 10:58:59 +00:00
Christian Mehlmauer 09bd0465cf
fix regex 2015-01-07 11:54:55 +01:00
rcnunez b3def856fd Applied changes recommended by jlee-r7
used Rex::ConnectionError
refactor begin/rescue blocks
removed ::URI::InvalidURIError
changed @peer with peer
used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
2015-01-07 18:38:19 +08:00
Christian Mehlmauer eaad4e0bea
fix check method 2015-01-07 11:01:08 +01:00
dmooray 8c23e8c2e8 ruby 2.2 compatibility
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
Christian Mehlmauer 862af074e9
fix bug 2015-01-07 09:10:50 +01:00
Christian Mehlmauer d007b72ab3
favor include? over =~ 2015-01-07 07:33:16 +01:00
Christian Mehlmauer 4277c20a83
use include? 2015-01-07 06:51:28 +01:00
Christian Mehlmauer 39e33739ea
support for anonymous login 2015-01-07 00:08:04 +01:00
Christian Mehlmauer bf0bdd00df
added some links, use the res variable 2015-01-06 23:25:11 +01:00
sinn3r 2ed05869b8 Make Msf::Exploit::PDF follow the Ruby method naming convention
Just changing method names.

It will actually also fix #4520
2015-01-06 12:42:06 -06:00
Christian Mehlmauer f9f2bc07ac
some improvements to the mantis module 2015-01-06 11:33:45 +01:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
William Vu f2710f6ba7
Land #4443, BulletProof FTP client exploit 2015-01-06 02:10:42 -06:00
William Vu 482cfb8d59
Clean up some stuff 2015-01-06 02:10:25 -06:00
William Vu 46aa165ca5
Land #4481, enum_users_history improvements 2015-01-06 01:52:38 -06:00
William Vu 745bfb2f35
Clean things up 2015-01-06 01:48:18 -06:00
Meatballs dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post 2015-01-05 22:18:44 +00:00
sinn3r 44dfa746eb Resolve #4513 - Change #inspect to #to_s
Resolve #4513
2015-01-05 11:50:51 -06:00
sinn3r 4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module 2015-01-05 10:31:28 -06:00
rcnunez 547b7f2752 Syntax and File Upload BugFix
Fix unexpected ) in line 118
Fix file cleanup missing _
Fix more robust version check script
Fix file upload
2015-01-05 19:23:22 +08:00
jvazquez-r7 e7affb9048
Land #4493, @pedrib's module for ManageEngine Central Desktop create admin 2015-01-04 23:46:31 -06:00
jvazquez-r7 c5e72fb324 Change module filename 2015-01-04 23:14:12 -06:00
jvazquez-r7 4798f2328d Change module filename 2015-01-04 23:13:17 -06:00
jvazquez-r7 6bb3171328 Do minor cleanup 2015-01-04 23:12:42 -06:00
jvazquez-r7 711b97ecc5 Beautify metadata 2015-01-04 23:08:46 -06:00
rastating 92015ac124 Replace custom login with wordpress_login mixin 2015-01-04 23:07:07 +00:00
rastating 39412c4a48 Add WordPress long password DoS module 2015-01-04 18:50:23 +00:00
Pedro Ribeiro c9b76a806a Create manageengine_auth_upload.rb 2015-01-04 17:05:53 +00:00
Pedro Ribeiro 32d4bf03c3 Add OSVDB id and full disclosure URL 2015-01-04 12:36:51 +00:00
Tim c959d42a29 minor tweak 2015-01-03 10:15:52 +00:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
2015-01-02 13:29:17 -06:00
sinn3r 3c755a6dfa Template 2015-01-02 11:31:28 -06:00
root c348663204 Add McAfee Hashdump 2015-01-02 10:22:11 +00:00
Tod Beardsley c1718fa490
Land #4440, git client exploit from @jhart-r7
Also fixes #4435 and makes progress against #4445.
2015-01-01 13:18:43 -06:00
Tod Beardsley d7564f47cc
Move Mercurial option to advanced, update ref url
See #4440
2015-01-01 13:08:36 -06:00
Tod Beardsley 914c724abe
Rename module
See rapid7#4440
2015-01-01 13:03:17 -06:00
Jon Hart 65977c9762
Add some more useful URLs 2014-12-31 10:54:04 -08:00
Tod Beardsley 264d3f9faa
Minor grammar fixes on modules 2014-12-31 11:45:14 -06:00
Spencer McIntyre 6d966dbbcf
Land #4203, @jvazquez-r7's cleanup for java_rmi_server 2014-12-31 11:25:19 -05:00
Christian Mehlmauer 4f11dc009a
fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
Pedro Ribeiro e81e68bdaf Create me_dc9_admin.rb 2014-12-31 02:02:52 +00:00
Brendan Coles cc75c33d60 Use user home directories
Replace hard-coded '/home/' and '/root/' with `~username` shorthand.
2014-12-31 09:12:35 +11:00
Brendan Coles 013e45e83d Add support for MongoDB history 2014-12-31 08:38:58 +11:00
Brendan Coles d2e6f90569 Use a list of users 2014-12-31 08:12:16 +11:00
sinn3r 48919eadb6
Land #4444 - i-FTP BoF 2014-12-30 12:38:28 -06:00
William Vu 4fd4d51d78
Land #4485, Drupageddon greedy regex fix 2014-12-30 10:16:57 -06:00
Christian Mehlmauer 96fe693c54
update drupal regex 2014-12-30 09:12:39 +01:00
sinn3r 555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support) 2014-12-29 16:09:28 -06:00
sinn3r f2130311fa Add the MSF blog reference 2014-12-29 16:08:35 -06:00
Brendan Coles 897e993971 Update description 2014-12-30 08:05:53 +11:00
Brendan Coles 8719a36d84 DRY status messages 2014-12-30 08:03:40 +11:00
Brendan Coles 0de80e9c76 Minor changes to style 2014-12-30 07:58:54 +11:00
Brendan Coles 0085bcf075 Use `blank?' instead of `nil?' 2014-12-30 07:38:34 +11:00
Brendan Coles a50ac4050c Add support for PostgreSQL history 2014-12-30 07:33:22 +11:00
Brendan Coles 4ebe0fc0a8 Add support for different shells 2014-12-30 07:26:12 +11:00
jvazquez-r7 d2af956b16 Do minor cleanups 2014-12-29 10:39:51 -06:00
Tod Beardsley 1dd9d60e34
Land #4461, Android cookie database theft
`
Thanks @jvennix-r7!
2014-12-29 08:15:21 -06:00
Tod Beardsley d10222365b
Add Rafay's blog as a reference 2014-12-29 08:12:19 -06:00
Tod Beardsley 1236684954
Use get_uri instead, note lack of Rex::Text method
See rapid7#4461
2014-12-28 15:06:34 -06:00
Tod Beardsley 788e315fd4
Fix msftidy warnings 2014-12-28 14:53:29 -06:00
Borja Merino 9791acd0bf Add stager ipknock shellcode (PR 2) 2014-12-27 22:03:45 +01:00
jvazquez-r7 9f98fd4d87 Info leak webapp ROOT so we can cleanup 2014-12-27 08:47:51 -06:00
jvazquez-r7 5afd2d7f4b Add module for ZDI-14-410 2014-12-26 20:40:28 -06:00
jvazquez-r7 655cfdd416
Land #4321, @wchen-r7's fixes #4246 ms01_026_dbldecode undef method 2014-12-26 12:48:29 -06:00
Jon Hart 51049152b6
Use Rex::Text.rand_mail_address for more realistic fake commit 2014-12-26 10:39:52 -08:00
jvazquez-r7 c1b0385a4b
Land #4460, @Meatballs1's ssl cert validation bypass on powershell web delivery 2014-12-26 12:07:45 -06:00
jvazquez-r7 2bed52dcd5
Land #4459, @bcoles's ProjectSend Arbitrary File Upload module 2014-12-26 11:28:42 -06:00
jvazquez-r7 b5b0be9001 Do minor cleanup 2014-12-26 11:24:02 -06:00
jvazquez-r7 85ab11cf52 Use print_warning consistently 2014-12-26 09:54:38 -06:00
jvazquez-r7 f31a2e070e Use print_warning to print the Kerberos error 2014-12-26 09:22:09 -06:00
jvazquez-r7 d148848d31 Support Kerberos error codes 2014-12-24 18:05:48 -06:00
jvazquez-r7 121c0406e9 Beautify restart_command creation 2014-12-24 15:52:15 -06:00
jvazquez-r7 43ec8871bc Do minor c code cleanup 2014-12-24 15:45:38 -06:00
jvazquez-r7 92113a61ce Check payload 2014-12-24 15:43:49 -06:00
jvazquez-r7 36ac0e6279 Clean get_restart_commands 2014-12-24 14:55:18 -06:00
jvazquez-r7 92b3505119 Clean exploit method 2014-12-24 14:49:19 -06:00
jvazquez-r7 9c4d892f5e Use single quotes when possible 2014-12-24 14:37:39 -06:00
jvazquez-r7 bbbb917728 Do style cleaning on metadata 2014-12-24 14:35:35 -06:00
jvazquez-r7 af24e03879 Update from upstream 2014-12-24 14:25:25 -06:00
Gabor Seljan 0b85a81b01 Use REXML to generate exploit file 2014-12-24 19:23:28 +01:00
Mark Judice 30228bcfe7 Added underscore to user regex in smart_hashdump.rb to support usernames that contain underscores. Issue #4349. 2014-12-23 22:36:11 -06:00
Jon Hart a692656ab7
Update comments to reflect reality, minor cleanup 2014-12-23 19:09:45 -08:00
jvazquez-r7 ebb05a64ea
Land #4357, @Meatballs1 Kerberos Support for current_user_psexec 2014-12-23 20:38:31 -06:00
jvazquez-r7 89d0a0de8d Delete unnecessary connect 2014-12-23 19:35:59 -06:00
jvazquez-r7 265e0a7744 Upper case domain 2014-12-23 19:16:50 -06:00
jvazquez-r7 ed2d0cd07b Use USER_SID instead of DOMAIN_SID and USER_RID 2014-12-23 19:11:05 -06:00
Joe Vennix 8d73794cc8
Add hint for exploit on old devices. 2014-12-23 12:29:08 -06:00
Jon Hart 59f75709ea
Print out malicious URLs that will be used by default 2014-12-23 10:10:31 -08:00
Jon Hart 905f483915
Remove unused and commented URIPATH 2014-12-23 09:40:27 -08:00
Jon Hart 8e57688f04
Use random URIs by default, different method for enabling/disabling Git/Mercurial 2014-12-23 09:39:39 -08:00
Jon Hart bd3dc8a5e7
Use fail_with rather than fail 2014-12-23 08:20:03 -08:00
Jon Hart 015b96a24a
Add back perl and bash related payloads since Windows git will have these and OS X should 2014-12-23 08:13:00 -08:00
Meatballs 16302f752e
Enable generic command 2014-12-23 14:22:26 +00:00
Meatballs a3b0b9de62
Configure module to target bash by default 2014-12-23 14:19:51 +00:00
Meatballs 313d6cc2f8
Add super call 2014-12-23 14:12:47 +00:00
Meatballs 43221d4cb0
Remove redundant debugging stuff 2014-12-23 14:09:12 +00:00
Meatballs 42a10d6d50
Add Powershell target 2014-12-23 14:07:57 +00:00
Meatballs 40c1fb814e
one line if statement 2014-12-23 11:20:24 +00:00
Meatballs b41e259252
Move it to a common method 2014-12-23 11:16:07 +00:00
Brendan Coles 5c82b8a827 Add ProjectSend Arbitrary File Upload module 2014-12-23 10:53:03 +00:00
jvazquez-r7 01cf14d44e Fix banner 2014-12-23 01:02:09 -06:00
jvazquez-r7 4928cd36e4
Land #4187, @BorjaMerino's post module to get output rules 2014-12-23 01:01:03 -06:00
jvazquez-r7 49fef9e514 Do minor module clean up 2014-12-23 01:00:21 -06:00
Jon Hart abec7c206b
Update description to describe current limitations 2014-12-22 20:32:45 -08:00
Jon Hart 1505588bf6
Rename the file to reflect what it really is 2014-12-22 20:27:40 -08:00
Jon Hart ff440ed5a4
Describe vulns in more detail, add more URLs 2014-12-22 20:20:48 -08:00
Jon Hart b4f6d984dc
Minor style cleanup 2014-12-22 17:51:35 -08:00
Jon Hart 421fc20964
Partial mercurial support. Still need to implement bundle format 2014-12-22 17:44:14 -08:00
jvazquez-r7 708cbd7b65 Allow to provide USER SID 2014-12-22 18:24:50 -06:00
jvazquez-r7 56eadc0d55 Delete default values from options 2014-12-22 18:11:43 -06:00
jvazquez-r7 787dab998d Fix description 2014-12-22 17:51:44 -06:00
jvazquez-r7 a7faf798bf Use explicit encryption algorithms 2014-12-22 15:51:17 -06:00
jvazquez-r7 f37cf555bb Use random subkey 2014-12-22 15:39:08 -06:00
Jon Hart fdd1d085ff
Don't encode the payload because this only complicates OS X 2014-12-22 13:36:38 -08:00
Joe Vennix 0bf3a9cd55
Fix duplicate :ua_maxver key. 2014-12-22 14:57:44 -06:00
jvazquez-r7 b0a178e0a3 Delete blank line 2014-12-22 14:40:32 -06:00
jvazquez-r7 5a6c915123 Clean options 2014-12-22 14:37:37 -06:00
jvazquez-r7 20ab14d7a3 Clean module code 2014-12-22 14:29:02 -06:00
Jon Hart ea9f5ed6ca
Minor cleanup 2014-12-22 12:16:53 -08:00
Jon Hart dd73424bd1
Don't link to unused repositories 2014-12-22 12:04:55 -08:00
Jon Hart 6c8cecf895
Make git/mercurial support toggle-able, default mercurial to off 2014-12-22 11:36:50 -08:00
Jon Hart 574d3624a7
Clean up setup_git verbose printing 2014-12-22 11:09:08 -08:00
Jon Hart 16543012d7
Correct planted clone commands 2014-12-22 10:56:33 -08:00
Jon Hart 01055cd41e
Use a trigger to try to only start a handler after the malicious file has been requested 2014-12-22 10:43:54 -08:00
jvazquez-r7 dabc890b2f Change module filename again 2014-12-22 12:35:15 -06:00
jvazquez-r7 2b46bdd929 Add references and authors 2014-12-22 12:34:31 -06:00
jvazquez-r7 4319dbaaef Change module filename 2014-12-22 12:29:28 -06:00
Jon Hart 3bcd67ec2e
Unique URLs for public repo page and malicious git/mercurial repos 2014-12-22 10:03:30 -08:00
William Vu 93be828738
Fix invalid URL in splat 2014-12-22 11:26:20 -06:00
William Vu f1b9862665
Align shellcode in bind_hidden_tcp 2014-12-22 11:17:14 -06:00
Jon Hart 308eea0c2c
Make malicious hook file name be customizable 2014-12-22 08:28:55 -08:00
root 9a7e431a4a New block_api applied 2014-12-22 17:21:13 +01:00
Peregrino Gris 42636fb3c0 Handler and block_hidden_bind_tcp deleted 2014-12-22 17:21:13 +01:00
root fa8e944e34 AHOST OptAddress moved to the payload 2014-12-22 17:21:11 +01:00
Peregrino Gris c0fa8c0e3f Add stager for hidden bind shell payload 2014-12-22 17:21:11 +01:00
Jon Hart 7f3cfd2207
Add a ranking 2014-12-22 07:51:47 -08:00
Jon Cave 44084b4ef6 Correct Microsoft security bulletin for ppr_flatten_rec 2014-12-22 10:40:23 +00:00
Gabor Seljan 9be95eacb8 Use %Q for double-quoted string 2014-12-22 07:37:32 +01:00
jvazquez-r7 60d4525632 Add specs for Msf::Kerberos::Client::Pac 2014-12-21 17:49:36 -06:00
sgabe bb33a91110 Update description to be a little more descriptive 2014-12-21 19:31:58 +01:00
Jon Hart 74783b1c78
Remove ruby and telnet requirement 2014-12-21 10:06:06 -08:00
sgabe cd02e61a57 Add module for OSVDB-114279 2014-12-21 17:00:45 +01:00
Jon Hart 31f320c901
Add mercurial debugging 2014-12-20 20:00:12 -08:00
Jon Hart 3da1152743
Add better logging. Split out git support in prep for mercurial 2014-12-20 19:34:55 -08:00
Jon Hart 58d5b15141
Add another useful URL. Use a more git-like URIPATH 2014-12-20 19:11:56 -08:00
jvazquez-r7 9f1403a63e Add initial specs for Msf::Kerberos::Client::TgsResponse 2014-12-20 20:29:00 -06:00
sgabe 9f97b55a4b Add module for CVE-2014-2973 2014-12-20 18:38:22 +01:00
Jon Hart f41d0fe3ac
Randomize most everything about the malicious commit 2014-12-19 19:31:00 -08:00
Jon Hart 805241064a
Create a partially capitalized .git directory 2014-12-19 19:07:45 -08:00
Jon Hart f7630c05f8
Use payload.encoded 2014-12-19 18:52:34 -08:00
jvazquez-r7 b0ac68fbc3 Create build_subkey method 2014-12-19 19:46:57 -06:00
jvazquez-r7 4a106089b9 Move options to build_tgs_request_body 2014-12-19 19:12:17 -06:00
jvazquez-r7 e6781fcbea Build AuthorizationData from the module 2014-12-19 18:59:39 -06:00
jvazquez-r7 9bd454d288 Build PAC extensions from the module 2014-12-19 18:47:41 -06:00
jvazquez-r7 def1695e80 Use options by call 2014-12-19 18:23:11 -06:00
jvazquez-r7 f332860c19 Clean creation of client and server principal names 2014-12-19 18:16:22 -06:00
jvazquez-r7 bd85723a9d Build pre auth array out of the mixin 2014-12-19 18:10:14 -06:00
Jon Hart 7f2247f86d
Add description and URL 2014-12-19 15:50:16 -08:00
Jon Hart 9b815ea0df
Some style cleanup 2014-12-19 15:35:09 -08:00
Jon Hart 4d0b5d1a50
Add some vprints and use a sane URIPATH 2014-12-19 15:33:26 -08:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart 48444a27af
Remove debugging pp 2014-12-19 15:27:06 -08:00
Jon Hart 1c7fb7cc7d
Mostly working exploit for CVE-2014-9390 2014-12-19 15:24:27 -08:00
jvazquez-r7 d058bd5259 Refact extraction of kerberos cache credentials 2014-12-19 15:53:24 -06:00
Jon Hart 4888ebe68d
Initial commit of POC module for CVE-2013-9390 (#4435) 2014-12-19 12:58:02 -08:00
HD Moore fffa8cfdd1
Lands #4426 by cleaning up the module description 2014-12-19 14:54:17 -06:00
HD Moore 9ede2c2ca5
Lands #4429 by fixing windows/messagebox with EXITFUNC=none 2014-12-19 14:51:57 -06:00
jvazquez-r7 fad08d7fca Add specs for Rex Kerberos client 2014-12-19 12:14:33 -06:00
Joe Vennix e45af903d9
Add patch discovery date. 2014-12-19 12:04:41 -06:00
sinn3r 2c0c732967 Fix #4414 & #4415 - exitfunc and proper null-terminated string
This patch fixes the following for messagebox.rb

Issue 1 (#4415)
When exitfunc is none, the payload will not be able to generate
due to an "invalid opcode" error.

Issue 2: (#4414)
After "user32.dll" is pushed onto the stack for the LoadLibrary
call, the payload does not actually ensure bl is a null byte, it
just assumes it is and uses it to modify the stack to get a
null-terminated string.

Fix #4414
Fix #4415
2014-12-19 03:19:06 -06:00
Joe Vennix 25313b1712
Use the hash to pass the script. 2014-12-19 02:30:37 -06:00
Jon Hart 8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222 2014-12-18 17:21:26 -08:00
jvazquez-r7 f325d2f60e Add support for cache credentials in the mixin 2014-12-18 16:31:46 -06:00
Tod Beardsley c15bad44a6
Be clearer on backslash usage.
See #4282
2014-12-18 16:16:02 -06:00
jvazquez-r7 9a58617387 Add dummy test module 2014-12-17 19:57:10 -06:00
sinn3r 6b0a98b69c
Resolve #4408 - bad uncaught nil get_once 2014-12-17 14:02:42 -06:00
Meatballs 6a822cca61
Move code out of begin/rescue block 2014-12-17 06:45:00 +00:00
Meatballs dd63d793e5
Bring in @darkoperator's filters 2014-12-17 06:14:21 +00:00
Meatballs 8c7ff728ef
Gather some more info 2014-12-17 05:46:01 +00:00
Joe Vennix 84ea628284
Add Android cookie theft attack. 2014-12-16 19:12:01 -06:00
William Vu f6af86a06d
Land #4402, ms12_020_check NilClass fix 2014-12-16 15:34:25 -06:00
David Maloney f237c56a13
This oracle scheduler exploit hangs if not vuln
When this exploit gets run against a system that isn't vulnerable
it can hang for a signifigant ammount of time. This change uses the check
method on the exploit to see whether it should proceed. Don't try to exploit
the host if it's not vulnerable.
2014-12-16 09:42:42 -06:00
William Vu 2604746fb7
Land #4361, Kippo detector 2014-12-15 14:54:48 -06:00
William Vu 8394cc13a8
Perform final cleanup of detect_kippo 2014-12-15 14:38:38 -06:00
sinn3r c611249723 Take full advantage of the check command 2014-12-15 12:50:59 -06:00
sinn3r 9edb2b4fab Fix #4378 - Do exception handling
Fix #4378
2014-12-15 12:37:36 -06:00
Jon Hart effb5b966f
Land #4328, @bcoles' exploit for ActualAnalyzer < 2.81 'ant' code execution 2014-12-15 09:57:27 -08:00
Jon Hart 025c0771f8
Have exploit call check. Have check report_vuln 2014-12-15 09:53:11 -08:00
sinn3r 4c714b3eaf
Land #4386 - Fix issue #3852 (support for other languages for enable_rdp) 2014-12-15 11:37:05 -06:00
Jon Hart f521e7d234
Use newer Ruby hash syntax 2014-12-15 09:17:32 -08:00
Jon Hart c93dc04a52
Resolve address before storing the working cred 2014-12-15 09:11:12 -08:00
Brent Cook c24fdb81b5
Land #4389, Meatballs1's fix for enum_ad_* post module regressions
Fixes #4387 by adjusting for the new return type from ADSI queries.
2014-12-15 10:45:12 -06:00
Jon Hart 5ca8f187b3 Merge remote-tracking branch 'upstream/pr/4328' into temp 2014-12-15 08:15:51 -08:00
root 6480ae2c03 Show message at the end 2014-12-15 16:26:39 +01:00
root 288954afa0 recvfrom allocation changed 2014-12-14 18:58:48 +01:00
Sean Verity 9a0ed723d1 Adds error handling for drive letter enumeration 2014-12-14 12:56:20 -05:00
Brendan Coles 4530066187 return nil 2014-12-15 01:04:39 +11:00
Brendan Coles 55d9e9cff6 Use list of potential analytics hosts 2014-12-14 23:15:41 +11:00
Meatballs 00b802cc68
Reindent description 2014-12-14 10:04:18 +00:00
rcnunez 223d6b7923 Merged with Fr330wn4g3's changes 2014-12-14 13:08:19 +08:00
Sean Verity 0c5f4ce4ee Removed the handler-ish code 2014-12-13 22:18:41 -05:00
Sean Verity 2addd0fdc4 Fixed name, removed tabs, updated license 2014-12-13 20:37:19 -05:00
HD Moore e3943682a2
Improves linux/armle payloads, lands #3315 2014-12-13 18:27:14 -06:00
HD Moore 6ea5ed1a82
Shrinks windows payloads, lands #4391 2014-12-13 17:41:50 -06:00
HD Moore f67a32ef9c
Add missing commits from #3770, lands #4393 2014-12-13 17:36:26 -06:00
Meatballs 6ecf537f40
Grab user creds to database 2014-12-13 20:30:20 +00:00
Brandon Perry eb47ca593e update desc to include domain admin information 2014-12-13 13:01:41 -06:00
Brandon Perry 2e94280cba mv bmc to scanner/http 2014-12-13 12:58:16 -06:00
HD Moore 5a645c5eba Stagers updated from source 2014-12-13 12:50:47 -06:00
Meatballs e914061745
Gsub out funny character when storing to database 2014-12-13 18:35:31 +00:00
Meatballs 316710329b
Fix field.value 2014-12-13 18:31:29 +00:00
HD Moore 92490ab5e8 Singles updated from the source 2014-12-13 12:22:07 -06:00
Meatballs d3d744a7cb
Make sure we get the field :value 2014-12-13 18:13:36 +00:00
Brandon Perry 8c6b95c39c Merge branch 'landing-4359' of https://github.com/jhart-r7/metasploit-framework into bmc_trackit 2014-12-13 11:37:57 -06:00
Brandon Perry cd1e61a201 Merge branch 'master' into bmc_trackit 2014-12-13 11:36:30 -06:00
Andrew Morris 8dd5da9d64 added blog post reference 2014-12-12 18:53:26 -08:00
jvazquez-r7 b1453afb52
Land #4297, fixes #4293, Use OperatingSystems::Match::WINDOWS
* instead of Msf::OperatingSystems::WINDOWS
2014-12-12 18:19:58 -06:00
jvazquez-r7 5eb510f7bc Use the correct variable for the filename 2014-12-12 17:40:26 -06:00
jvazquez-r7 27323bcaa5 Fix #3852, make enable_rdp with other languages 2014-12-12 17:30:14 -06:00
HD Moore f676b72767
Add Kademlia scanner, lands #4210 2014-12-12 16:40:58 -06:00
HD Moore 338cce02c9 Downcase the service name for consistency 2014-12-12 16:40:42 -06:00
HD Moore 4fc4866fd8 Merge code in from #2395 2014-12-12 16:22:51 -06:00
Tod Beardsley 488f46c8a1
Land #4324, payload_exe rightening.
Fixes #4323, but /not/ #4246.
2014-12-12 15:04:57 -06:00
Tod Beardsley 9908e0e35b
Land #4384, fix typo. 2014-12-12 14:39:47 -06:00
HD Moore 50b734f996 Add Portuguese target, lands #3961 (also reorders targets) 2014-12-12 14:23:02 -06:00
Andrew Morris f5374d1552 Added report_service method for database support, added port number in the print_status output, removed arbitrary comments, fixed some spacing. Ready for another review from msf devs 2014-12-12 11:57:35 -08:00
jvazquez-r7 008c33ff51 Fix description 2014-12-12 13:36:28 -06:00
Tod Beardsley 183acb9582
Land #4383 to handle Dutch correctly. 2014-12-12 13:32:21 -06:00
Tod Beardsley 81460198b0 Add openssl payload to distcc exploit
This is required to test #4274
2014-12-12 13:25:55 -06:00
wez3 3b6e92726c Update outlook rb, "NL" to "nl_NL"
Update outlook rb, "NL" to "nl_NL"
2014-12-12 20:09:34 +01:00
jvazquez-r7 c683e7bc67
Fix banner 2014-12-12 13:01:51 -06:00
jvazquez-r7 b1f7682713 Make msftidy happy 2014-12-12 12:59:00 -06:00
jvazquez-r7 493034ad10 Land #3305, @claudijd Cisco SSL VPN Privilege Escalation exploit 2014-12-12 12:57:00 -06:00
jvazquez-r7 047bc3d752 Make msftidi happy 2014-12-12 12:49:12 -06:00
jvazquez-r7 a1876ce6fc
Land #4282, @pedrib's module for CVE-2014-5445, NetFlow Analyzer arbitrary download 2014-12-12 12:47:50 -06:00
jvazquez-r7 b334e7e0c6
Land #4322, @FireFart's wordpress exploit for download-manager plugin 2014-12-12 12:41:59 -06:00
jvazquez-r7 aaed7fe957 Make the timeout for the calling payload request lower 2014-12-12 12:41:06 -06:00
Jon Hart 00f66b6050
Correct named captures 2014-12-12 10:22:14 -08:00
jvazquez-r7 98dca6161c Delete unused variable 2014-12-12 12:03:32 -06:00
jvazquez-r7 810bf598b1 Use fail_with 2014-12-12 12:03:12 -06:00
Jon Hart 1e6bbc5be8
Use blank? 2014-12-12 09:51:08 -08:00
jvazquez-r7 4f3ac430aa
Land #4341, @EgiX's module for tuleap PHP Unserialize CVE-2014-8791 2014-12-12 11:48:25 -06:00
jvazquez-r7 64f529dcb0 Modify default timeout for the exploiting request 2014-12-12 11:47:49 -06:00
Jon Hart 24f1b916e0 Minor ruby style cleanup 2014-12-12 09:47:35 -08:00
Jon Hart 1d1aa5838f Use Gem::Version to compare versions in check 2014-12-12 09:47:01 -08:00
jvazquez-r7 d01a07b1c7 Add requirement to description 2014-12-12 11:42:45 -06:00
jvazquez-r7 fd09b5c2f6 Fix title 2014-12-12 10:52:18 -06:00
jvazquez-r7 4871228816 Do minor cleanup 2014-12-12 10:52:06 -06:00
jvazquez-r7 a0b181b698
Land #4335, @us3r777 JBoss DeploymentFileRepository aux module 2014-12-12 10:40:03 -06:00
jvazquez-r7 3059cafbcb Do minor cleanup 2014-12-12 10:37:50 -06:00
Jon Hart 751bc7a366 Revert "Move to a more appropriate location"
This reverts commit 6c82529266.
2014-12-12 07:42:22 -08:00
Jon Hart 6c82529266
Move to a more appropriate location 2014-12-12 07:40:37 -08:00
Christian Mehlmauer 0f27c63720
fix msftidy warnings 2014-12-12 13:16:21 +01:00
Jon Hart 65b316cd8c
Land #4372 2014-12-11 18:48:16 -08:00
Jon Hart e5e40307e6
Land #4373 2014-12-11 18:45:53 -08:00
Jon Hart 3c2a33a316
Allow new password to be specified as an option 2014-12-11 17:26:42 -08:00
Jon Hart a013dbf536
Correct and add more prints 2014-12-11 17:16:43 -08:00
Jon Hart 48dcfd9809
Use random security Q/A 2014-12-11 17:10:33 -08:00
Jon Hart f208f31a33
Use correct username/domain in report_vuln
It would be nice if 'vulns' showed this
2014-12-11 16:59:21 -08:00
Jon Hart 70fce0bb33
Report the changed password 2014-12-11 16:56:22 -08:00
Jon Hart f64a3be742
Avoid death by a thousand functions 2014-12-11 16:53:36 -08:00
Jon Hart 0627f708a2
Better handling of failed requests 2014-12-11 16:51:41 -08:00
Jon Hart f2bda05d42 Correct last of the print_ 2014-12-11 16:28:08 -08:00
Jon Hart 9486f67fbc report_vuln upon exploitation with more specific details 2014-12-11 16:28:08 -08:00
Jon Hart 37d0959fd6 Include info in report_vuln. More style 2014-12-11 16:28:08 -08:00
Jon Hart cfb02fe909 Add check support 2014-12-11 16:28:07 -08:00
Jon Hart 44818ba623 Minor style and usage updates as a result of Scanner 2014-12-11 16:28:07 -08:00
Jon Hart 0a29326ce7 Mixin Scanner. Yay speed! 2014-12-11 16:28:07 -08:00
Jon Hart c9acd7a233 Remove unnecessary RPORT, which comes from HttpClient 2014-12-11 16:28:07 -08:00
Jon Hart f8c25d83e5 Use get_cookies instead 2014-12-11 16:26:51 -08:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Christian Mehlmauer de88908493
code style 2014-12-11 23:30:20 +01:00
Tod Beardsley af9979d30b
Ruby style on methods please
Introduced in #4220. This ain't no JavaScript!
2014-12-11 15:24:30 -06:00
dmaloney-r7 47c38ed04e Merge pull request #4364 from todb-r7/bug/bruteforce-speed-3904
Modules should respect bruteforce_speed again
2014-12-11 13:19:42 -06:00
Tod Beardsley 51762e1194
Explicitly include the HTTP Login scanner
This should be the last commit that fixes #3904.
2014-12-11 11:08:08 -06:00
Tod Beardsley b533f74024
Add a bruteforce_speed option to all LoginScanners 2014-12-11 11:06:32 -06:00
Jon Hart 24dbc28521
Land #4356 2014-12-11 09:03:18 -08:00
Brandon Perry 54e8254a82 Update bmc_trackit_passwd_reset.rb 2014-12-11 10:59:43 -06:00
Andrew Morris 7afa87f168 screwed up formatting. updated indention at the end. ok seriously, going to bed now 2014-12-11 01:05:56 -08:00
Andrew Morris 291166e1ff forgot to run through msftidy.rb. made a few minor corrections 2014-12-11 00:47:39 -08:00
Andrew Morris a1624c15ae Addressed some recommendations made by wvu-r7. Need to remove some comments, add reporting, etc. 2014-12-11 00:40:20 -08:00
Andrew Morris 22c9db5818 added detect_kippo.rb 2014-12-10 19:37:35 -08:00
Brandon Perry 67cf3e74c0 Update bmc_trackit_passwd_reset.rb 2014-12-10 20:45:54 -06:00
Brandon Perry 90cc9a9bed Update bmc_trackit_passwd_reset.rb 2014-12-10 19:05:46 -06:00
Brandon Perry f37dc13a19 Create bmc_trackit_passwd_reset.rb 2014-12-10 18:54:37 -06:00
Tod Beardsley 0eea9a02a1
Land #3144, psexec refactoring 2014-12-10 17:30:39 -06:00
Meatballs c813c117db
Use DNS names 2014-12-10 22:25:44 +00:00