Commit Graph

2763 Commits (711630d059f9f7f716a5f4ad875b2635776a3817)

Author SHA1 Message Date
Christian Mehlmauer 71a650fe6e
Land #3259, XMPP Hostname autodetect by @TomSellers 2014-04-17 08:54:15 +02:00
Tom Sellers 1f452aab48 Code cleanup
Changes requested by wvu-R7
2014-04-17 12:46:25 -05:00
Tom Sellers 9e2285619e Additional cleanup
Whitespace cleanup
2014-04-17 10:46:33 -05:00
Jonathan Claudius f53e7f84b8 Adds Cisco SSL VPN Bruteforce Aux Mod 2014-04-16 22:47:58 -04:00
Tom Sellers ee0d30a1f3 Whitespace fix
Removing extra line feeds
2014-04-16 17:27:39 -05:00
Tom Sellers 92eab6c54b Attribution addition
Per comment from Firefart
2014-04-16 17:26:09 -05:00
Tom Sellers 1f3ec46b8a Heartbleed - Add autodetection of XMPP hostname (round 2)
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.

This version addresses issues that FireFart (Thanks!) brought up about code quality and connection reliability.
2014-04-16 08:49:45 -05:00
sinn3r 7a4e12976c
First little bit at Bug 8498
[FixRM #8489] rhost/rport modification
2014-04-15 18:20:16 -05:00
Tod Beardsley 9db01770ec
Add custom rhost/rport, remove editorializing desc
Verification:

````
resource (./a.rc)> run
[*] Connecting to FTP server ....
[*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server)
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla@example.com...
[*] FTP send: "USER anonymous\r\n"
[*] FTP recv: "331 Anonymous login ok, send your complete email address
as your password\r\n"
````

...etc.
2014-04-14 21:46:05 -05:00
Tom Sellers 0360d1177f Heartbleed - Add autodetection of XMPP hostname
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server.  This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS.  The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.
2014-04-14 20:09:21 -05:00
David Chan 1a73206034 Add detection for GnuTLS with with multiple records 2014-04-14 17:09:25 -07:00
Tom Sellers 634a03a852 Update to openssl_heartbleed to deal with SMTP RFC
Added CR character in order to have the commands match SMTP RFC 5321 2.3.8 for line termination. Some SMTP services, such as the Symantec Mail Gateway, require strict compliance or the connection will be dropped with the response  '550 esmtp: protocol deviation'

Reference:
   http://www.symantec.com/business/support/index?page=content&id=TECH96829
   http://tools.ietf.org/html/rfc5321#section-2.3.8
2014-04-14 13:27:33 -05:00
David Chan 6fafc10184 Add HeartBleed check functionality 2014-04-12 00:07:00 -07:00
Sebastiano Di Paola a63f020a68 Fixing coding style 2014-04-11 19:39:57 +02:00
Sebastiano Di Paola 4acacb005d Fixed a bug...referring to wrong variable after filtering with regexp 2014-04-11 19:33:23 +02:00
Sebastiano Di Paola 83fe1cec65 Cleaned up Array.join call 2014-04-11 19:24:32 +02:00
Sebastiano Di Paola 55ec969bd9 Renamed FILTER -> DUMPFILTER, more intuitive and coherent 2014-04-11 19:07:57 +02:00
Sebastiano Di Paola 8268009b36 Renamed PATTERN_FILTER -> FILTER 2014-04-11 19:03:25 +02:00
Sebastiano Di Paola c378fe95c1 Added missing space in comment 2014-04-11 19:01:01 +02:00
Sebastiano Di Paola f8f710547c Fixed call to String.match with regexp pattern 2014-04-11 18:59:59 +02:00
Sebastiano Di Paola 638cb41a3f Remove Spaces at EOL, fixed if test on pattern variable 2014-04-11 18:58:05 +02:00
Sebastiano Di Paola 34fa4e29d9 Restored FTP option 2014-04-11 18:16:19 +02:00
Sebastiano Di Paola eb0e35bf25 Fixed store on file option 2014-04-11 18:07:14 +02:00
Sebastiano Di Paola 4315ad2987 Fixed conflict and used OptRegexp type for pattern 2014-04-11 17:15:39 +02:00
jvazquez-r7 813e0eab89
Land #3233, @wvu-r7's improvements fort heartbleed modules 2014-04-11 09:33:57 -05:00
jvazquez-r7 e2ec53272e Fix also negative numbers 2014-04-11 09:33:27 -05:00
jvazquez-r7 fb5881d8e2
Land #2324, @sensepost and @Firefart's sftp support for heartbleed 2014-04-11 08:47:22 -05:00
jvazquez-r7 2134d676b4 Use verbose by default 2014-04-11 07:58:56 -05:00
William Vu 6675464c20
Fix a few things in the Heartbleed modules 2014-04-10 16:06:40 -05:00
Sebastiano Di Paola 9adf629ee7 Added feature to dump to file leaked memory 2014-04-10 22:51:07 +02:00
Christian Mehlmauer f115a7f6e1
Fix intendation 2014-04-10 02:52:05 +02:00
gigstorm f1443c039e Updated hash value to SSLv3
Tested and working on server that has SSLv3 only enabled
2014-04-11 14:01:28 -07:00
gigstorm 6ab3478c7e Update to include SSL Version 3 protocol
SSL Version 3 will also respond to this and a server configured to respond to SSL version 3 but not TLS will show false negative without this option (proven).  May need to update cipher suites to include this option.
2014-04-11 12:41:17 -07:00
Christian Mehlmauer 4fc272c0e9
Fix merge error 2014-04-10 00:53:14 +02:00
Christian Mehlmauer 98816c3a01
Added @sensepost FTP implemenation 2014-04-10 00:48:09 +02:00
singe ccfcf2cedb Added FTP STARTTLS support to heartbleed scanner. 2014-04-10 00:45:59 +02:00
jvazquez-r7 ccdc5bd281 Switch to get since @wvu-r7 also tested successfully with get 2014-04-09 17:30:00 -05:00
Christian Mehlmauer a86a8fed05
Changed heartbleed jabber implementation to match openssl s_client
see here for example implementation:
https://github.com/openssl/openssl/blob/master/apps/s_client.c#L1719
2014-04-09 22:20:32 +02:00
Christian Mehlmauer 856ad7e83d
heartbleed - Better output on wrong jabber domain and add. nil? check 2014-04-09 21:53:17 +02:00
sinn3r 2de210f1c3
Land #3216 - Update @Meatballs1 and @FireFart in authors.rb 2014-04-09 16:38:10 -05:00
Christian Mehlmauer fec089d88d
Land #3219, openssl_heartbleed XMPP fix from @natronkeltner 2014-04-09 20:42:55 +02:00
Jeff Jarmoc 7a424784f8 Change default TLS Version to 1.0
Canonical testing shows this to be more widely supported, and yielding far more vulnerable hosts.  Changing default to reflect that.

Experience of others in #metasploit seems similar.
2014-04-09 13:45:00 -05:00
Christian Mehlmauer e2b50d3709
fix openssl_heardbleed
-) XMPP Domain now configurable
-) Missing get_once to initiate the TLS connection
2014-04-09 20:39:33 +02:00
jvazquez-r7 5696e52fac Fix jabber to field 2014-04-09 13:48:45 -05:00
jvazquez-r7 28a471e446
Land #3221, @Firefart's fix for pop3 starttls 2014-04-09 13:31:45 -05:00
jvazquez-r7 bea810b5d6 Add jabber fix from @natronkeltner 2014-04-09 13:11:45 -05:00
Tod Beardsley 76a9381b2a
Make the title of the Heartbleed module searchable
Right now, the title does not actually tie the Heartbeat check to the
Heartbleed attack, so people searching strictly on module title are not
going to get a hit for this module.
2014-04-09 11:03:01 -05:00
Christian Mehlmauer 899a7c9ea4
heartbleed bugfix for pop3 2014-04-09 17:51:44 +02:00
Tod Beardsley 062175128b
Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
Tod Beardsley 3849d1517f
Restore author credit 2014-04-09 09:42:39 -05:00
jvazquez-r7 8d38087a10 Fix case / when indention 2014-04-09 09:12:55 -05:00
Christian Mehlmauer 0e0fd20f88
Added RFC link 2014-04-09 15:19:29 +02:00
Christian Mehlmauer a0a5b9faa1
Fix heartbleed module
-) incorrect length read
-) Parse TLS errors
2014-04-09 15:08:24 +02:00
jvazquez-r7 a93e22b5c0
Land #3209, @Firefart's heartbleed's module fix 2014-04-09 06:38:06 -05:00
julianvilas 4e7c675f3c Fix typo, extraquote in message 2014-04-09 10:22:15 +02:00
Christian Mehlmauer cdfe333572
updated heartbleed module
-) Heartbeat length was added twice
-) Use the current date for the TLS client_hello
2014-04-09 09:19:05 +02:00
William Vu dd69a9e5dd
Land #3206, OpenSSL Heartbleed infoleak 2014-04-08 20:12:00 -05:00
William Vu 5e314f2a7c
Fix outstanding issues 2014-04-08 20:11:28 -05:00
jvazquez-r7 a4e1d866e1 Favor nil? 2014-04-08 18:21:49 -05:00
jvazquez-r7 153e003e23 Do small fixes 2014-04-08 18:21:09 -05:00
jvazquez-r7 39aecb140a Use the datastore option 2014-04-08 16:55:08 -05:00
jvazquez-r7 496dd944e6 Add support for datastore TLSVERSION 2014-04-08 16:51:50 -05:00
jvazquez-r7 d51aa34437 Use Random generation Time as pointed by @Firefart 2014-04-08 16:46:15 -05:00
jvazquez-r7 d964243cc4 Move heartbeat length to a variable 2014-04-08 16:33:05 -05:00
jvazquez-r7 3d6c553efd Fix endianess 2014-04-08 16:29:31 -05:00
jvazquez-r7 373b05c5aa Minimize extensions in the Hello 2014-04-08 16:21:38 -05:00
jvazquez-r7 3254cce832 Align comment 2014-04-08 16:04:38 -05:00
jvazquez-r7 c20b71e7b6 Switch to vprint unless success 2014-04-08 16:03:38 -05:00
jvazquez-r7 7dbd690c99 Add new references 2014-04-08 16:01:06 -05:00
jvazquez-r7 a55579dd4a Fix references 2014-04-08 15:56:56 -05:00
jvazquez-r7 4004cd8f9a Allow hello data to grow dinamically 2014-04-08 15:52:39 -05:00
jvazquez-r7 b8e2c9fe42 Clean and fix @Firefart's code 2014-04-08 15:32:13 -05:00
jvazquez-r7 80bdbbed92 Solve conflict 2014-04-08 15:18:38 -05:00
Christian Mehlmauer 8c7debb81d
Added some comments and modified JABBER 2014-04-08 22:13:02 +02:00
jvazquez-r7 021da84459 Add authors and switch and's format 2014-04-08 15:10:27 -05:00
Christian Mehlmauer 9c053a5b91
Added additional protocols 2014-04-08 21:56:05 +02:00
jvazquez-r7 5f29026cb2 Complete @Firefart's module 2014-04-08 14:13:56 -05:00
Christian Mehlmauer ac0cafcca6
Initial commit for openssl Heartbleed bug 2014-04-07 21:15:54 +02:00
coma 44640b126c Add Oracle Demantra 2013-5795 (Database Credentials Retrieval) 2014-04-07 11:42:47 -07:00
silascutler 7b9b20a07e Corrected Spaces Issues
Removed extra spaces on line 23&24
2014-04-07 14:30:52 -04:00
Tod Beardsley 7572d6612e
Spelling and grammar on new release modules 2014-04-07 12:18:13 -05:00
sinn3r 0c883723ba
Land #3149 - Oracle Demantra Arbitrary File Retrieval with auth bypass 2014-04-07 11:11:55 -05:00
sinn3r 31dfae3a01 Follow the 100 columns per line guideline 2014-04-07 11:10:20 -05:00
sinn3r de242ecc00 Correct date format
Hmm weird, msftidy didn't pick this up
2014-04-07 11:09:27 -05:00
Spencer McIntyre 395f5beef8
Land #3178, http header scan module 2014-04-04 11:36:35 -04:00
Spencer McIntyre 2b6ae68cbf Minor modifications for http_header 2014-04-04 10:46:03 -04:00
Christian Mehlmauer b4aa08251f
changed option from string to regex 2014-04-03 19:34:40 +02:00
Christian Mehlmauer a4adfac312
Added feedback for http_header module 2014-04-02 23:01:23 +02:00
Christian Mehlmauer 69192edd4b
Added new http_header module 2014-04-02 22:04:54 +02:00
coma 149948485a Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra fixed issues 2014-04-01 12:28:41 -07:00
silascutler 3788f136d9 Update es_enum.rb
Updated based on comments.
2014-04-01 11:43:15 -04:00
William Vu c37dbd104a
Clean up perms and whitespace for owa_login 2014-04-02 01:45:15 -05:00
Tod Beardsley 2972220f60
Land #3047 for real.
Merge branch 'land-3047-really' into upstream-master
2014-04-01 13:16:13 -05:00
Spencer McIntyre dfec2eb53f Cleanup an expression and avoid fail_with 2014-03-31 18:05:20 -04:00
Spencer McIntyre 07e04717c2 Allow using a single URI and/or a list of URIs 2014-03-31 18:05:20 -04:00
Joshua Smith b21d5c1801 use TARGET_URI if given, otherwise TARGET_URIS_FILE 2014-03-31 18:05:20 -04:00
Spencer McIntyre 5e9e7e15c8 Return whether result is nil or not. 2014-03-31 18:05:20 -04:00
Spencer McIntyre 0ac112b5e7 Support checking a single URI for ntlm information. 2014-03-31 18:05:19 -04:00
William Vu 3b6d73420e
Fix syntax error in dns_amp 2014-03-31 16:18:49 -05:00
Joshua Smith 159bc264a4 unretards the uri normalize loop 2014-03-31 15:58:21 -04:00
Joshua Smith 2290249a42 uses fail_with to bomb out on datastore probs 2014-03-31 15:52:05 -04:00
Joshua Smith 4f121e3e03 fixes if-logic for error condition 2014-03-31 15:38:05 -04:00
Tod Beardsley 894bbcae97
More fix-up on the DNS amplication scanner 2014-03-31 14:37:10 -05:00
Tod Beardsley 4d597174d0
Merge up from upstream/master 2014-03-31 14:33:28 -05:00
William Vu 387da26f8d
Land #3159, HP LaserJet printer SNMP enumeration 2014-03-31 12:48:23 -05:00
William Vu c6ceb8cdfd
Land #2929, DNS recursion amplification scanner 2014-03-31 12:47:46 -05:00
William Vu aaa15d13d9
Land #2928, extended SMTP open relay checks 2014-03-31 12:47:10 -05:00
Tod Beardsley ffdca3bf42
Fixup on some modules for release
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
Joshua Smith 2530fb9741 adds the return back in (forgot in prev commit) 2014-03-28 19:27:04 -04:00
Joshua Smith dc4b8461e8 unbreaks & DRYs my previous change. 2014-03-28 19:15:38 -04:00
Matteo Cantoni c559a6b39f fix description
(cherry picked from commit 7c860b9553)
2014-03-28 17:36:21 -05:00
Matteo Cantoni ae53d75cdb Module to HP LaserJet Printer SNMP Enumeration
(cherry picked from commit f18fef1864)
2014-03-28 17:36:21 -05:00
kenkeiras 3a4f983a6f Add CVE 2006-5229 reference 2014-03-28 22:35:19 +01:00
jvazquez-r7 9374777da1
Land #2996, @mcantoni's jboss status aux module 2014-03-28 16:07:08 -05:00
jvazquez-r7 7689751c10 Module module location 2014-03-28 16:05:37 -05:00
kenkeiras bca0d603ef SSH user enumeration script 2014-03-28 16:23:52 +01:00
William Vu 5458200434
Fix a couple minor annoyances in PJL 2014-03-28 02:19:30 -05:00
William Vu c1fdc4d945
Fix a couple things that were bugging me 2014-03-28 02:15:38 -05:00
coma 107901b481 Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra msftidy fix 2014-03-26 22:37:21 -07:00
coma 30da3575e8 Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra 2014-03-26 21:53:12 -07:00
Tod Beardsley 5b8d8d8009
Get Pro and Framework back in sync. 2014-03-26 09:25:19 -05:00
William Vu cd448ba46c
Land #3132, ntp_monlist improvements 2014-03-25 15:19:45 -05:00
William Vu 1c4797337f Clean up rapid7/metasploit-framework#3132 2014-03-25 14:04:43 -05:00
Brandon Turner 460a1f551c
Fix for R7-2014-05 2014-03-24 14:12:12 -05:00
Joshua Smith 312f117262 updates file read to close file more quickly 2014-03-21 14:53:15 -04:00
Matteo Cantoni 4b2a2d4dea Improve NTP monlist auxiliary module 2014-03-21 16:39:53 +01:00
Matteo Cantoni fbcd661504 removed snmp_enum_hp_laserjet from this pull request 2014-03-21 15:58:53 +01:00
Spencer McIntyre aa26405c23 Cleanup an expression and avoid fail_with 2014-03-20 17:33:09 -04:00
Spencer McIntyre 74398c4b6e Allow using a single URI and/or a list of URIs 2014-03-20 09:54:02 -04:00
Joshua Smith a8d919feb0 use TARGET_URI if given, otherwise TARGET_URIS_FILE 2014-03-19 23:32:04 -05:00
William Vu b79920ba8f
Land #3089, InvalidWordCount fix for smb_login
[FixRM #8730]
2014-03-19 16:12:56 -05:00
sinn3r fe0b76e24e
Land #2994 - OWA 2013 support 2014-03-19 13:16:37 -05:00
silascutler d361597104 Update es_enum.rb 2014-03-18 09:20:04 -04:00
silascutler ad4c354460 Update es_enum.rb
Corrected changes from dev module
2014-03-17 13:38:33 -04:00
Silas Cutler 975c2adbad Fixed spaces issues 2014-03-17 13:34:45 -04:00
Silas Cutler b032f2c270 Added Elastic Search Enum 2014-03-17 13:31:24 -04:00
xistence 8fdb5250d4 changes to smtp relay aux module 2014-03-17 15:09:29 +07:00
David Maloney da0c37cee2
Land #2684, Meatballs PSExec refactor 2014-03-14 13:01:20 -05:00
William Vu 5aad8f2dc3
Land #3088, SNMP timestamp elements fix 2014-03-13 02:22:14 -05:00
Tod Beardsley 206660ddde
Recreate the intent of cfebdae from @parzamendi-r7
The idea was to rescue on a NoReply instead of just fail, and was part
of a fix in #2656.

[SeeRM #8730]
2014-03-11 14:30:01 -05:00
sho-luv f7af9780dc
Rescue InvalidWordCount error
This is a cherry-pick of commit ea86da2 from PR #2656
2014-03-11 14:17:36 -05:00
James Lee f51ee2d6b4
snmp_enum: Treat missing timestamp elements as 0
Timestamps don't always have all the elements we expect. This treats
them as zeroes to ensure that we don't raise silly exceptions in that
case.
2014-03-11 12:44:07 -05:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
Spencer McIntyre ebee365fce
Land #2742, report_vuln for MongoDB no auth 2014-03-06 19:34:45 -05:00
Spencer McIntyre 84f280d74f
Use a more descriptive MongoDB vulnerability title 2014-03-06 19:20:52 -05:00
Spencer McIntyre 12e4e0e36d Return whether result is nil or not. 2014-02-28 10:17:37 -05:00
Spencer McIntyre dfa91310c2 Support checking a single URI for ntlm information. 2014-02-28 08:47:29 -05:00
jgor 8be33f42fe Define service as udp 2014-02-27 12:53:29 -06:00
Peter Arzamendi ea5fe9ec0a Updated to use get_cookie 2014-02-27 08:52:54 -06:00
Peter Arzamendi 9e52a10f2d Set SSL to default to true and removed SSL from register_options. Updated Author to include full name 2014-02-26 20:49:03 -06:00
William Vu 6f398f374e
Land #3032, inside_workspace_boundary? typo fix 2014-02-24 14:55:09 -06:00
James Lee d2945b55c1
Fix typo
inside_workspace_boundary() -> inside_workspace_boundary?()
2014-02-24 14:46:08 -06:00
sinn3r 5cdd9a2ff3
Land #2995 - sqlmap minor cleanup, description & file tests 2014-02-24 10:39:01 -06:00
jvazquez-r7 4ca4d82d89
Land #2939, @Meatballs1 exploit for Wikimedia RCE and a lot more... 2014-02-18 17:48:02 -06:00
xistence 1864089085 removed rport definition 2014-02-17 11:32:24 +07:00
Tod Beardsley f6be574453
Slightly better file checks on sqlmap.py 2014-02-15 09:58:03 -06:00
Tod Beardsley dacbf55fc1
Minor cleanup of title and desc on sqlmap 2014-02-15 09:55:06 -06:00
Royce Davis 0e7074c139 Modififed output for smb_enumshares module 2014-02-14 13:39:13 -06:00
Royce Davis 6dc9840064 Modified output for smb_enumshares 2014-02-14 13:12:52 -06:00
Russell Sim ee3f1fc25b Record successful passwordless access to mongodb 2014-02-14 08:52:17 +11:00
Matteo Cantoni 7c860b9553 fix description 2014-02-13 21:11:50 +01:00
Peter Arzamendi 5ef40e3844 Removed bad sets on datastore['USERNAME'] and datastore['PASSWORD'] 2014-02-12 13:31:03 -06:00
Peter Arzamendi 2b8a8259f9 Updates to support OWA 2013 and some syntax changes 2014-02-12 09:40:49 -06:00
xistence 6944c54d13 Added EXTENDED option to smtp_relay 2014-02-12 15:44:53 +07:00
jvazquez-r7 79d559a0c9 Fix MIME message to_s 2014-02-10 22:23:23 -06:00
Tod Beardsley 1236a4eb07
Fixup on description and some option descrips 2014-02-10 14:41:59 -06:00
xistence 02fb84db20 Changed dns_amp to avoid false positives 2014-02-10 17:13:06 +07:00
Karn Ganeshen 4c01420f38 msftidy done 2014-02-06 16:52:39 +02:00
Karn Ganeshen 036ae2fd80 msftidy done 2014-02-06 16:25:41 +02:00
Karn Ganeshen 2c0ce2dffc PocketPAD login 2014-02-05 20:22:52 +02:00
Karn Ganeshen 32e46c00d3 Rename ehterpadduo_login.rb to etherpadduo_login.rb 2014-02-05 20:21:16 +02:00
Karn Ganeshen 73418a975a Rename ehterpadduo_login to ehterpadduo_login.rb 2014-02-05 20:20:30 +02:00
Karn Ganeshen 88b2e6b1c3 EtherPAD Duo Login
I've run it through retab. Msfpro loads the module fine. msftidy seems broken though. Gives this on run:
msftidy.rb:444: undefined (?...) sequence: /(?<!\.)datastore\[["'][^"']+["']\]\s*=(?![=~>])/

BR
2014-02-05 20:17:11 +02:00
William Vu a58698c177
Land #2922, multithreaded check command 2014-02-04 11:21:05 -06:00
jvazquez-r7 cccf2e4258
Land #2926, @xistence A10 Networks Loadbalancer dir traversal module 2014-02-04 07:28:51 -06:00
jvazquez-r7 cc09367c62 Change the datastore name option 2014-02-04 07:28:14 -06:00
jvazquez-r7 ffd90a3d38 Add confirmation datastore option 2014-02-03 12:40:58 -06:00
jvazquez-r7 a92256e8d1 Clean a10networks_ax_directory_traversal 2014-02-03 08:41:23 -06:00
jvazquez-r7 53c2a737e9 Don't register rport again 2014-01-31 09:42:41 -06:00
jvazquez-r7 452042e757
Land #2925, @xistence aux module for Support Center Plus traversal 2014-01-31 09:38:01 -06:00
jvazquez-r7 e9f04d9203 Do final cleanup for Support Center Plus module 2014-01-31 09:37:40 -06:00
jvazquez-r7 32c5d77ebd
Land #2918, @wvu's fix for long argument lists 2014-01-31 08:49:22 -06:00
xistence e81a0ed22b Changes as requested for SupportCenterPlus module 2014-01-31 13:28:45 +07:00
William Vu 56287e308d Clean up unused variables 2014-01-30 11:20:21 -06:00
xistence 8ac0ef396e Added DNS recursion amplification scanner 2014-01-29 14:21:21 +07:00
xistence d3be54fed6 Added Extended SMTP Open Relay aux module 2014-01-29 13:46:54 +07:00
xistence c8296298b3 added A10Networks AX loadbalancer Dir Traversal Auxiliary Module 2014-01-28 16:37:25 +07:00
xistence 32d7f15a5c added ManageEngine Support Center Plus directory traversal auxiliary module 2014-01-28 15:45:23 +07:00
jvazquez-r7 f766a74150
Land #2920, @wvu-r7's author metadata update for printer aux modules 2014-01-27 13:02:31 -06:00
William Vu d19e9307c6 Fix missing colon in :caller_host symbol
Good catch, @jvazquez-r7!
2014-01-27 12:43:59 -06:00
jvazquez-r7 0dbaeb6742 Add Matteo's email 2014-01-27 08:40:44 -06:00
sinn3r f471f50092 ms08_067_check.rb is deprecated.
[SeeRM #8755]
2014-01-26 12:22:13 -06:00
William Vu 52371be52a Clarify why contributors are listed as authors
Also adding @mcantoni to the list of authors. Sorry we missed you!

Dear contributors,

Even though we weren't able to use your code, we absolutely appreciate
that you wrote it. That's why we're listing you as authors. Thanks!!!

https://dev.metasploit.com/redmine/issues/6034
https://dev.metasploit.com/redmine/issues/5217
https://dev.metasploit.com/redmine/issues/6864
2014-01-25 18:02:17 -06:00
Matteo Cantoni f18fef1864 Module to HP LaserJet Printer SNMP Enumeration 2014-01-25 15:48:13 +01:00
William Vu eaeb2af97f Use opts hash for h323_version
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:32:37 -06:00
Tod Beardsley 82bf02910d
Land #2911, correct author name for PJL credit 2014-01-24 11:00:12 -06:00
jvazquez-r7 fdaa172cc5
Land #2896, @wchen-r7's check's normalization for auxiliary modules 2014-01-24 08:53:53 -06:00
sinn3r 9ba72ffc71 Remove check support
Actually, you can't support check because in check mode the module
doesn't know the IP
2014-01-23 21:30:11 -06:00
sinn3r dc52d00be6 Modify vmware_http_login to work with check 2014-01-23 21:27:36 -06:00
William Vu a67068f019 Correct author name
Was using the name quoted in Redmine. Technically, the author is Myo Soe
of the YGN Ethical Hacker Group (YEHG).
2014-01-23 19:09:20 -06:00
Tod Beardsley f5809423a3
Let's spell right in my spellcheck PR
Updates #2900
2014-01-21 15:57:59 -06:00
Tod Beardsley b3b51eb48c
Pre-release fixup
* Updated descriptions to be a little more descriptive.

  * Updated store_loot calls to inform the user where the
loot is stored.

  * Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.

Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
2014-01-21 13:29:08 -06:00
sinn3r 0a8aa07131 Fix check method
This isn't a check, so shouldn't be using the check method
2014-01-19 16:47:15 -06:00
sinn3r a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules 2014-01-16 15:57:38 -06:00
William Vu 9bf90b836b Add environment variables support 2014-01-16 14:53:25 -06:00
William Vu 311704fc0a Perform final cleanup 2014-01-15 13:49:37 -06:00
William Vu 7c52f9b496 Update description to use %q{} 2014-01-13 14:42:25 -06:00
jvazquez-r7 fe6d10ac5d
Land #2852, @mandreko's scanner for OSVDB 101653 2014-01-13 14:07:07 -06:00
jvazquez-r7 8c3a71a2e7 Clean sercomm_backdoor scanner according to feedback 2014-01-13 13:53:47 -06:00
William Vu d69b658de0
Land #2848, @sho-luv's MS08-067 scanner 2014-01-09 14:39:25 -06:00
William Vu fc616c4413 Clean up formatting 2014-01-09 14:16:31 -06:00
Matt Andreko 93668b3286 Code Review Feedback
Made it less verbose, converting to vprint_error
2014-01-09 14:53:33 -05:00
Matt Andreko e21c97fd4d Added missing metadata
Add credit where due
Add disclosure date and references
2014-01-09 14:33:54 -05:00
Matt Andreko 9456d26467 Added Scanner module for SerComm backdoor 2014-01-09 14:25:28 -05:00
William Vu 7fd4935263 Make the module output prettier 2014-01-09 01:03:01 -06:00
William Vu 27f079ad7c Move {begin,end}_job from libs to modules 2014-01-09 01:03:01 -06:00
William Vu 131bfcaf41 Refactor away leftover get_rdymsg 2014-01-09 01:03:01 -06:00
William Vu d3bbe5b5d0 Add filesystem commands and new PoC modules
This commit also refactors some of the code.
2014-01-09 01:03:01 -06:00
William Vu af66310e3a Address @jlee-r7's comments 2014-01-09 01:03:01 -06:00
William Vu bab32d15f3 Address @wchen-r7's comments 2014-01-09 01:03:00 -06:00
William Vu 1c889beada Add Rex::Proto::PJL and PoC modules 2014-01-09 01:03:00 -06:00
sho-luv a8fcf13972 Added credits and clean initialize
Added wvu to creds as he did most of work. ;)
2014-01-08 21:16:09 -05:00
William Vu 8993c74083 Fix even moar outstanding issues 2014-01-08 19:38:54 -06:00
William Vu 1dd29d3b64 Fix moar outstanding issues 2014-01-08 18:11:18 -06:00
William Vu 945a2a296a Fix outstanding issues 2014-01-08 17:09:41 -06:00
sho-luv 35ac9712ab Added auxiliary check for MS08_067
I simply copied the check from ms08_0867_netapi.rb and put them in
a auxiliary check so I could scan for it. This was done because
Nmap's check is not safe and this is more stable.
2014-01-08 16:41:44 -05:00
jvazquez-r7 90158b9932
Land #2791, @morisson's support to remote dns resolution on sap_router_portscanner 2014-01-02 12:19:50 -06:00
jvazquez-r7 f75782bc2f Use RHOST, RPORT for the SAPROUTER options 2014-01-02 12:18:54 -06:00
Tod Beardsley c34a5f3758
Unacronym the title on Poison Ivy C&C 2013-12-26 10:30:30 -06:00
Tod Beardsley 47765a1c4f
Fix chargen probe title, comment on the CVE 2013-12-26 10:29:11 -06:00
Tod Beardsley 056661e5dd
No at-signs in names please. 2013-12-26 10:26:01 -06:00
jvazquez-r7 b02e21a1d3
Land #2779, @wchen-r7's mod to raise Msf::OptionValidateError when PORTS is invalid 2013-12-26 09:27:27 -06:00
rbsec 86a94022c0 Fix lotus_domino_hashes not working.
Some Lotus Domino servers prefix the "dspHTTPPassword" with a dollar
sign. Updated regex to take this into account.
2013-12-24 11:57:13 +00:00
sinn3r 213556761a
Land #2765 - Added Poison Ivy Command and Control Scanner 2013-12-23 17:36:18 -06:00
sinn3r 0a07bbdf2e Minor changes 2013-12-23 17:35:42 -06:00
jvazquez-r7 88b3b2c78e Switch RHOSTS to TARGETS and add validation 2013-12-23 11:58:26 -06:00
Bruno Morisson 94da642f5c fixed typo: innacurated -> inaccurate 2013-12-21 20:36:43 +00:00
Bruno Morisson c387a850ca Fixed default value for RESOLVE (local) 2013-12-21 19:21:57 +00:00
Bruno Morisson 6ce0bab036 Cleanup, also split IP addresses separated by commas. 2013-12-21 00:15:00 +00:00
SeawolfRN bf2dc97595 Merge branch 'poisonivyscanner' of github.com:SeawolfRN/metasploit-framework into poisonivyscanner 2013-12-20 18:46:35 +00:00
SeawolfRN ae7a0159e7 Changed to Puts and get_once - also forgot the timeout... 2013-12-20 18:44:42 +00:00
jvazquez-r7 8be481f324
Land #2681, @mcantoni and @todb-r7's support for chargen 2013-12-20 11:53:08 -06:00
jvazquez-r7 12efa99ce5 Fix udp_sweep 2013-12-20 11:47:48 -06:00
jvazquez-r7 2dc7ef4398 Fix udp_probe 2013-12-20 11:45:27 -06:00
Tod Beardsley 2f34f8458b
Downcase chargen service name 2013-12-20 10:41:53 -06:00
Tod Beardsley 35c847da94
Add chargen to udp_probe and udp_sweep
This simplifies the checks considerably for PR #2681 from @mcantoni
2013-12-20 10:32:15 -06:00
jvazquez-r7 eba164d2e3 Clean chargen_probe 2013-12-20 09:10:15 -06:00
Bruno Morisson 6ac0aad38b Prevent report_* when RESOLVE is remote, since hostname may be unknown and local resolution fail, thus spitting out an error and failing 2013-12-19 23:37:13 +00:00
Bruno Morisson c881ef5472 Unreachable and time out error identification 2013-12-19 22:59:56 +00:00
Matteo Cantoni a199dc39af used the recvfrom timeout 2013-12-19 20:56:11 +01:00