e583847a31
I missed this sucker.
2012-10-15 22:02:26 -05:00
8e668e2808
Check STATUS_ACCESS_DENIED properly
...
When Samba throws STATUS_ACCESS_DENIED, the exception that's
throwin is actually Rex::Proto::SMB::Exception::ErrorCode, not
as LoginError. It was handled correctly in try_user_pass(), but
not in other functions that also use smb_login().
2012-10-15 16:52:34 -05:00
29299b29a5
Added modules for CVE-2012-4933
2012-10-15 16:03:19 +02:00
e00dbfcc0d
You mean.. FILEPATH.
2012-10-14 18:18:11 -05:00
2f04fdd71a
Merge branch 'apache_activemq_traversal' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-apache_activemq_traversal
2012-10-14 18:16:41 -05:00
d971abaeb9
deleted extra comma
2012-10-14 22:39:07 +02:00
14bd0373d3
deleted extra space
2012-10-14 22:38:14 +02:00
ac6a4c9283
Added module for CVE-2010-1587
2012-10-14 22:36:02 +02:00
2b644dbc45
added module for Apache ActiveMQ directory traversal
2012-10-14 22:30:38 +02:00
79da6c7186
added Lantronix telnet password recovery module
2012-10-14 12:46:52 -05:00
286b86949b
Prefix with host:port for readability
2012-10-08 15:23:26 -05:00
c0d746a36a
remove ternary assignment
2012-10-03 23:34:41 -04:00
94f8a41b57
Add subdomain input file for VHOST scanner
...
This commit allows the vhost scanner to take subdomains from a
text file, one subdomain per line. Lines are stripped of the top
level domain name if present before testing.
2012-10-03 03:51:58 -04:00
6aefa40ec1
fix my english
2012-09-28 00:32:02 +02:00
12177b0ed2
Added module for 2011-1900
2012-09-28 00:29:12 +02:00
f6baf824b6
The USER_FILE path is wrong.
2012-09-27 01:33:11 -05:00
75d40d4d82
Make msftidy happy
2012-09-27 01:33:11 -05:00
99ec988485
Updated with wordlist path registered options
2012-09-27 01:33:11 -05:00
75f5e24178
Dell iDrac login aux scanner
2012-09-27 01:33:11 -05:00
77a0cf18da
Fix errors when pivoting
...
Printing stack traces is rude.
Also removes Capture which isn't necessary for this module
2012-09-23 22:59:44 -05:00
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
11f82de098
Update author information
2012-09-19 14:00:51 -03:00
270fa1b87b
updated descriptions for hp sitescope modules tested over linux
2012-09-05 23:25:08 +02:00
bed3c7bbac
Merge branch 'hp_sitescope_loadfilecontent_fileaccess' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_loadfilecontent_fileaccess
2012-09-05 13:59:49 -05:00
598fdb5c50
Merge branch 'hp_sitescope_getsitescopeconfiguration' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_sitescope_getsitescopeconfiguration
2012-09-05 13:58:39 -05:00
20655232d7
cleanup, tested and added osvdb reference
2012-09-05 20:03:46 +02:00
c6f5b1f072
cleanup, test, osvdb reference
2012-09-05 19:56:04 +02:00
ea2eb046c3
cleanup, final test, osvdb reference
2012-09-05 19:45:50 +02:00
166f68b194
added module for ZDI-12-177
2012-09-05 12:54:30 +02:00
534ab55e5c
Added module for ZDI-12-173
2012-09-05 12:53:03 +02:00
8a50ca2f47
Added module for ZDI-12-176
2012-09-05 12:51:25 +02:00
9d97dc8327
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
53a9a8afce
Awww, typo! Nice catch, @Agarri_FR! :-)
2012-08-31 14:23:51 -05:00
638d9d1095
Fix nil res bug, change action name, etc
2012-08-25 02:41:50 -05:00
cad590488d
Update modules/auxiliary/scanner/http/http_traversal.rb
2012-08-24 15:47:07 -03:00
586d937161
Msftidy fix and adding OSVDB
2012-08-15 13:43:50 -05:00
e5666d70e2
Merge branch 'glassfish-uri' of https://github.com/bonsaiviking/metasploit-framework into bonsaiviking-glassfish-uri
2012-08-13 11:53:03 -05:00
f72f334124
Fix an odd issue with search due to use of the builtin Proxies option
2012-08-12 23:22:38 -05:00
33c74c97e2
Add Opt::Proxies and opthash[:proxies] to ssh mods
2012-08-12 16:23:22 -04:00
c9690033c7
This commit allows ssh_login to use socks proxies. Net::SSH::Transport::Session could take a :proxy option,
...
but it expects a factory object not a string, when setting :proxy => datastore['Proxies'] user got:
"Auxiliary failed: NoMethodError private method `open' called for \"socks4:localhost:1080\":String."
VALID_OPTIONS in ssh.rb now takes :proxies option which is passed to the Rex socket in
Net::SSH::Transport::Session.new.
Testing: block all outgoing to SSH server, try to connect with a proxy. Try with :proxy option,
then merge this pull request and try again.
2012-08-12 16:01:52 -04:00
db4f31de76
Fix use of URI option for glassfish_login
...
auxiliary/scanner/http/glassfish_login offers URI option to set the path
where Glassfish is installed, but it doesn't work. Replaced it with
TARGETURI and call target_uri.path to get a base path.
2012-08-10 15:44:53 -05:00
d04fdc9382
Added aux module for CVE-2009-1730
2012-08-08 16:26:41 +02:00
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
99d3ee6fc4
Merge branch 'webpagetest_traversal' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest_traversal
2012-08-06 03:15:16 -05:00
f1e7ef06cc
Add webpagetest dir traversal module
...
How did I forget this while writing the exploit?
2012-08-06 03:11:07 -05:00
d5b165abbb
Msftidy.rb cleanup on recent modules.
...
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
87aae548e6
Final cleanup
2012-07-24 13:11:04 -05:00
dbc779e02d
implemented fixes requested by sinn3r
...
Implemented the fixes, and re-tested the modules
2012-07-24 11:02:49 +01:00
397d708340
Added bulk file retrieval to sap_mgmt_con_getlogfiles, and new module to get SAP process list from remote host
...
* Added option to retrieve all available files from remote SAP host to
sap_mgmt_con_getlogfiles, based on the listing request provided in
sap_mgmt_con_listlogfiles module, if the variable GETALL is set to true.
Kept previous functionality of retrieving just one chosen file.
* Added new module sap_mgmt_con_getprocesslist to remotely list SAP
processes using SAP SOAP interface. Based on the other sap_mgmt_con_*
modules by Chris John Riley.
2012-07-23 16:26:33 +01:00
9bff1c913b
Merge pull request #592 from alexmaloteaux/ipv6arpfix
...
ipv6 and arp_scanner fix
2012-07-18 20:40:27 -07:00
c887e0aaff
Re-add AFP changes due to mangled merge
2012-07-17 00:42:49 -05:00
f62e0b1cca
AFP fixes and JTR typo fix
2012-07-16 21:45:45 -05:00
bc2edeace2
Cleanup AFP module output
2012-07-16 21:02:40 -05:00
2da984d700
Added module for OSVDB 83275
2012-07-12 13:12:31 +02:00
81ba60169f
ipv6 and arp_scanner fix
2012-07-10 18:28:24 +01:00
b817070545
Merge branch 'mac_oui' of https://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-mac_oui
2012-07-09 20:14:25 -05:00
e509c72574
better handle company name
2012-07-10 00:24:30 +01:00
e949b8c2c8
mac_oui
2012-07-09 23:46:57 +01:00
b33220bf90
Added module for CVE-2012-2215
2012-07-09 17:32:55 +02:00
d626de66f7
Print out where the scheme info is stored.
...
This module needs to print out where the scheme is stored so the
user knows where it is, see complaint:
https://community.rapid7.com/message/4448
2012-07-08 18:24:18 -05:00
ecb4e20c92
Instead of deleting the "/", here's a different approach
2012-07-06 01:23:41 -05:00
7876d7fd60
Delete the extra "/"
2012-07-06 01:20:31 -05:00
686f176a99
Correct path
2012-07-06 01:12:47 -05:00
0c18662d46
Make msftidy happy and change the traversal option
2012-07-06 01:10:39 -05:00
3b7e1cd73a
Add Dillion's module for Wangkongbao
2012-07-06 00:54:55 -05:00
68c582873b
Add the MSF license text
2012-06-27 17:11:00 -05:00
d3bc78c53b
applied changes proposed by sinn3r
2012-06-27 23:55:51 +02:00
2c5cc697c9
Added auxiliary module for CVE-2012-2926
2012-06-27 10:21:18 +02:00
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
c28d47dc70
Take into account an integer-normalized datastore
2012-06-24 23:00:02 -05:00
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
05eaac9085
Fix possible param duplicates
2012-06-24 19:05:42 -05:00
3e974415d9
Give some verbose feedback if connection failed
2012-06-23 00:58:27 -06:00
073205a875
Merge branch 'master' into feature/vuln-info
2012-06-18 20:21:36 -05:00
909614569a
Revert "Banner encoding fix when running against dd-wrt on ruby 1.9.3"
...
This reverts commit 89d5af7ab2fe1ce31cd70561893d94bb73f3762c.
Telnet banner parsing restored
2012-06-18 10:44:06 -04:00
dd476f8c5d
Merge branch 'master' into feature/vuln-info
2012-06-18 01:32:49 -05:00
c388cba421
Fix up modules calling report_vuln() to use new syntax
2012-06-17 23:39:20 -05:00
78876b74dd
Maintain scanner module standard
2012-06-17 20:09:01 +02:00
74cbca5809
Print out successful mysql connection URI
2012-06-17 13:19:53 +02:00
5006db7550
The cert module now defaults SSL to true (didnt make sense)
2012-06-15 10:55:53 -05:00
b55f233f16
The cert module now defaults SSL to true (didnt make sense)
2012-06-15 10:55:07 -05:00
ef84ce68e4
Fixes a module that used Wmap stuff without including it
...
[FIXRM #6983 ]
2012-06-13 15:58:54 -06:00
a579709bac
Cleaning up Modbus scanner
2012-06-13 14:00:07 -05:00
3c73133a44
Fixing up mysql module text
2012-06-13 13:59:58 -05:00
ca8769d725
Whitespace on mysql module.
2012-06-13 13:59:38 -05:00
26e72b4061
Enforce a timeout in the ssh handshake (avoid hangs in some cases)
2012-06-12 15:20:25 -05:00
5922ec1f7a
Permissions
2012-06-12 15:20:25 -05:00
efbaff8b37
add osvdb ref
2012-06-11 22:47:30 -05:00
59f591ac46
Adds jcran's MySQL bruteforce and dump module for CVE-2012-2122
2012-06-11 01:42:06 -05:00
34be642f84
msftidy found EOL spaces on new modules
2012-06-06 10:42:10 -05:00
698e2eab68
Fix nil res when vprints
2012-06-06 09:53:19 -05:00
462a91b005
Massive whitespace destruction
...
Remove tabs at the end of the line
2012-06-06 00:44:38 -05:00
3f0431cf51
Massive whitespace destruction
...
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
c30af98b53
Massive whitespace destruction
...
Remove all the lines that have nothing but whitespace
2012-06-06 00:22:36 -05:00
37846c0de2
Handle get_once return value correctly
2012-06-05 15:40:49 -05:00
b6f591718a
Change recv to get_once
2012-06-05 15:40:20 -05:00
bc91135808
Correct description
2012-06-05 15:32:41 -05:00
19e187e88e
Correct the description
2012-06-05 15:08:43 -05:00
28511cf666
Title change, use get_once instead of recv. Add a reference.
2012-06-05 15:06:05 -05:00
1c99119ecd
Remove the version key, and correct spacing
2012-06-05 13:53:11 -05:00
8f5759ac13
Move these SCADA modules to SCADA folder
2012-06-05 13:50:53 -05:00
215e0e48a0
Fix Modbus version scanner's format
2012-06-05 11:47:44 -05:00
50243a9679
Add Metasploit license disclaimer since it has a MSF_LICENSE
2012-06-05 11:36:45 -05:00
30ceb98d87
Merge branch 'modbus-auxil' of https://github.com/esmnemon/metasploit-framework into esmnemon-modbus-auxil
2012-06-05 11:35:10 -05:00
b282901b08
Correct emails for aux and exploit modules
2012-06-04 21:58:01 -05:00
0fcc53b0a2
Handle nil for get_once
2012-06-04 15:31:10 -05:00
a071d2805e
Fix the rest of possible nil res bugs I've found
2012-06-04 14:56:27 -05:00
01803c4a33
Fix possible nil res. Bug #6939 . Part 1.
2012-06-04 13:11:47 -05:00
0759c3b75c
Adding swtornio's OSVDB ref
...
Watch the trailing commas, that wangs up Ruby 1.8.7 and prior.
Squashed commit of the following:
commit c00363993a726cd0c87fbaee769c44f680feff72
Author: Tod Beardsley <todb@metasploit.com>
Date: Mon Jun 4 09:33:18 2012 -0500
Removing trailing comma
commit 594cae0cab60ba0493a6c50a001cd6885f05522b
Author: Steve Tornio <swtornio@gmail.com>
Date: Mon Jun 4 09:10:36 2012 -0500
add osvdb ref
2012-06-04 09:34:28 -05:00
3752c10ccf
Adding FireFart's RPORT(80) cleanup
...
This was tested by creating a resource script to load every changed
module and displaying the options, like so:
````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````
...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.
Thanks FireFart!
Squashed commit of the following:
commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Fri May 25 22:09:42 2012 +0200
Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
92dafd4d17
Bringin in new version of pcanywhere_login
2012-06-01 11:15:12 -05:00
933949a6b0
trying to work around wierd git issue
2012-06-01 11:13:28 -05:00
28bf017ca9
Fix nil responses
2012-05-31 23:12:17 -05:00
2ad17299e2
Handle cisco devices better with ssh logins
2012-05-31 14:59:24 -05:00
e93a6ddf83
Adds thelightcosine's pcanywhere module
...
Adds PCAnywhere bruteforce capabilities
Squashed commit of the following:
commit 5354fd849f0c009c534d7ce18369382dd56de550
Author: David Maloney <DMaloney@rapid7.com>
Date: Thu May 31 14:35:23 2012 -0500
Add explicit pack to encrypted header
commit 7911dd309a94df2729c8247c3817cf5de6b99aad
Author: David Maloney <DMaloney@rapid7.com>
Date: Thu May 31 13:11:19 2012 -0500
adds pcanywhere_login module
2012-05-31 14:46:26 -05:00
4d94eeb79d
Merge pull request #430 from wchen-r7/s40_traversal
...
Add s40 dir traversal vuln
2012-05-31 02:46:53 -07:00
a19583624e
Add s40 dir traversal vuln
...
I can't believe I stayed up all night, and this is all I could find.
2012-05-31 04:43:57 -05:00
9e7acf3a57
left debug statement in module
2012-05-29 20:23:56 -05:00
c00222b4c2
Added one modbus-scanner and one modbus-client aux-module SCADA
2012-05-29 20:34:33 +02:00
df85e4f586
Remove trailing comma
2012-05-21 16:28:02 -05:00
17943c7a48
Makes it so we don't ever use local config files for Net::SSH
...
Also makes sure that the :config =>false option keeps
Net:SSH from meddling with knowns_hosts too
2012-05-21 16:09:08 -05:00
c386e1ce31
Add an option to the schemadump modules to not display output to the
...
screen
2012-05-21 16:09:07 -05:00
77f95df1e9
Banner encoding fix when running against dd-wrt on ruby 1.9.3
2012-05-21 14:50:57 -05:00
7a78c99c5e
Adding credit to original PoC guy for RuggedCom
...
Just added and commented. It'd be nice to have a real spot for this kind
of credit, because it comes up a lot and it's hard to parse out in a
machine way who 'wrote' the module and who came up with the exploit.
2012-05-16 13:47:15 -05:00
4ee24f7e42
Adding Justin's CCTV module.
2012-05-15 08:03:39 -05:00
84269f399b
Correct EDB reference
2012-05-14 15:10:21 -05:00
f4a446a6c1
Add module CVE-2011-4404
2012-05-14 15:08:43 -05:00
79a590ccf7
Merge pull request #380 from wchen-r7/bmerinofe-telnet_ruggedcom
...
Modified version of pull request #379 - RuggedCom Telnet Password Generator by bmerinofe
2012-05-13 11:13:27 -07:00
15fbb1e86c
This the modified version of pull request #379 . Changes include:
...
* Add more references
* Update description
* MSF license disclaimer
* Remove the to() function. Instead it's in run_host()
* Put 'info' in the :proof key
* Remove ::Exception handling, so we can see the original that's also logged in framework.log
2012-05-13 04:09:17 -05:00
86500aad47
Author is always singular.
2012-05-08 08:47:52 -05:00
91a8ff2766
Use print_good when SQL injection is found
2012-05-08 01:30:13 -05:00
fa9d23d839
When a blind SQL injection, it's a good thing (for the attacker), so we should use print_good
2012-05-08 01:26:39 -05:00
9c3d2355b1
Allow this module to be more verbose for future debugging
2012-05-04 15:47:30 -05:00
f48d36ca31
Output changes. #6511
2012-05-04 15:11:54 -05:00
457ca44f27
Fix #6511
2012-05-04 14:33:49 -05:00
8b3b952ccd
Fix bug #6761 - false negative when OWA brings the user to the Options page insetad of inbox
2012-05-04 12:30:43 -05:00
43d730d564
Squashed commit of minor cosmetic fixes:
...
commit eed15ea9ecc88683c8d922fe155d4777a7ce1286
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed May 2 21:55:56 2012 -0500
Whitespace at EOL. Dangit.
commit 8159b27728d1a4fd0ad94ff56c4b4f2b995646f8
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed May 2 16:38:01 2012 -0500
Disambiguating 'WebCalendar'
2012-05-02 21:57:41 -05:00
1c03c2b157
Fix indentation
2012-05-01 15:21:42 -06:00
194c0906c2
Fix a stack trace when SMBUser is nil
2012-05-01 15:21:42 -06:00
6ab66dc59e
Fix a stack trace when the SMBUser isn't set
...
For some reason an invalid user/pass don't seem to trigger
STATUS_ACCESS_DENIED responses, but an empty user does.
2012-05-01 15:21:42 -06:00
d68d832c9d
Squashed commit of the following:
...
commit a0b50c394962fc90afc8d6232e1875588ed7ecb3
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date: Fri Apr 20 01:45:06 2012 +0100
enumshare: add srvsvc netshareenum request for compatibility with win 7 / 2008r2
[Closes #346 ]
2012-05-01 15:21:42 -06:00
348da8e5a6
Fixes an issue with mysql probes not timing out properly.
2012-04-30 12:22:49 -05:00
e12c29a5dc
Fix up the check so it doesn't throw a marshal exception
2012-04-29 18:40:01 -05:00
ffd91793b9
Make RMI easier to correlate, add a vulnerability check to the scanner module
2012-04-29 18:11:28 -05:00
4c2e1c2859
Small updates to the rmi modules
2012-04-27 00:07:00 -05:00
d985ba5e5d
Clean up whitespace
2012-04-26 02:36:29 -05:00
91763dd063
Fix 1.8 compatibility
2012-04-25 15:54:42 -05:00
2a5a80a485
Rename and updates
2012-04-25 12:09:23 -05:00
03117ffa95
Add a version scanner for RMI
2012-04-25 11:24:28 -05:00
sinn3r
jvazquez-r7
jgor
HD Moore
RageLtMan
Cristiano Maruti
James Lee
David Maloney
Ramon de C Valle
Ewerson Guimaraes (Crash)
Tod Beardsley
Daniel Miller
Bruno Morisson
Bruno Morisson
Alexandre Maloteaux
Thomas Grainger
Steve Tornio
Christian Mehlmauer
sinn3r
esmnemon
David Maloney