jvazquez-r7
7ec85c9d3a
Delete blank lines
2014-05-16 01:03:04 -05:00
jvazquez-r7
9091ce443a
Add suport to decode passwords
2014-05-16 00:59:27 -05:00
William Vu
f9982752f3
Land #3362 , ax rank for aux/dos mods
2014-05-14 15:20:07 -05:00
Tod Beardsley
dc57e31be1
Aux modules don't respect Rank anyway
2014-05-14 15:03:10 -05:00
jvazquez-r7
5b3bb8fb3b
Fix @FireFart's review
2014-05-14 09:00:52 -05:00
Karmanovskii
cbb84e854c
Update mybb_get_type_db.rb
...
14.05.2014
Eliminated notes jvazquez-r7
2014-05-14 14:56:40 +04:00
William Vu
de49241195
Land #3185 , regex option validation
2014-05-14 01:27:18 -05:00
Christian Mehlmauer
df4b832019
Resolved some more Set-Cookie warnings
2014-05-13 22:56:12 +02:00
jvazquez-r7
a7075c7e08
Add module for ZDI-14-077
2014-05-13 14:17:59 -05:00
Christian Mehlmauer
3f3283ba06
Resolved some msftidy warnings (Set-Cookie)
2014-05-12 21:23:30 +02:00
William Vu
92a9519fd9
Remove EOL spaces
2014-05-09 18:34:12 -05:00
jvazquez-r7
8c55858eae
Land #3309 , @arnaudsoullie's changes for modblusclient
2014-05-08 10:45:19 -05:00
jvazquez-r7
25f13eac37
Clean a little response parsing
2014-05-08 10:44:53 -05:00
Arnaud SOULLIE
1f3466a3a3
Added Modbus error handling.
...
It now checks for error and displays the appropriate error message.
The only error simulated was "ILLEGAL ADDRESS", don't know how
to test for others.
2014-05-05 23:21:54 +02:00
William Vu
e8bc89af30
Land #3337 , release fixes
2014-05-05 14:03:48 -05:00
jvazquez-r7
b81f94a229
Land #3336 , @todb-r7's CVEs addition
2014-05-05 13:43:04 -05:00
Tod Beardsley
c6affcd6d3
Fix caps, description on F5 module
...
The product name isn't "Load Balancer" as far as I can tell.
2014-05-05 13:38:53 -05:00
William Vu
353a50cdd0
Land #3316 , Content-Length fix for http_ntlmrelay
2014-05-05 13:38:36 -05:00
Tod Beardsley
3072c2f08a
Update CVEs for RootedCon Yokogawa modules
...
Noticed they were nicely documented at
http://chemical-facility-security-news.blogspot.com/2014/03/ics-cert-publishes-yokogawa-advisory.html
We apparently never updated with CVE numbers.
2014-05-05 13:25:55 -05:00
William Vu
a8915f0ed8
Land #3310 , OpenSSH timing attack improvements
2014-05-04 19:47:51 -05:00
Tom Sellers
a47b883083
Remove redundant simple.connect
...
Remove redundant simple.connect. Thanks @jlee-r7
2014-05-02 12:46:50 -05:00
Tom Sellers
b2eeaef475
Add admin check to smb_login
...
The attached updates changes smb_login to detect if the newly discovered user is an administrator. It is based on code from Brandon McCann "zeknox" submitted in PR #1373 , the associated changes, and the newer PR #2656 .
The changes should correct a few issues with PR #1373 and #2656 and address Redmine bug #8773 .
Specifically it:
- Fixes the admin detection code by using simple.disconnect(<share>) instead of disconnect()
- Adds support for detecting if the remote host will allow connects using any domain name when one of the new status codes is returned
- Dealt with the issue in PR #2656 where the username was prefixed with a '\'
Verification
Be connected to a database
Run this against a machine with a known user and admin user
See that the admin user is reported correctly
See that the non-admin user is reported correctly
Check the output of creds
Select a target that requires a domain in order to authenticate
In the stored credentials, with CHECK_ADMIN enabled, see that the domain name is, in fact, preserved in the reporting
To validate that the remote domain ignores domain value use the following command from a windows system:
net use \\<hostip>\admin$ /user:<random_value>\<username> <password>
2014-05-02 06:16:21 -05:00
Christian Mehlmauer
f7d8a5e3a3
rework the openssl_heartbleed module
2014-05-01 21:43:58 +02:00
jvazquez-r7
d3045814a2
Add print_status messages
2014-05-01 11:05:55 -05:00
jvazquez-r7
cc2e680724
Refactor
2014-05-01 11:04:29 -05:00
jvazquez-r7
28e9057113
Refactor make_payload
2014-05-01 10:23:33 -05:00
jvazquez-r7
bd124c85cb
Use metadata format for actions
2014-05-01 09:52:55 -05:00
William Vu
7777202045
Deconflict #3310 and correct the description
2014-04-30 12:02:57 -05:00
jvazquez-r7
9cd6c5ef2b
Land #3297 , @Th4nat0s's F6 backends disclosure module
2014-04-30 09:31:37 -05:00
jvazquez-r7
4e80e1c239
Clean up pull request code
2014-04-30 09:31:07 -05:00
Tod Beardsley
a5983b5f57
Light touchup on FP checker
2014-04-29 16:14:41 +01:00
Tod Beardsley
88efeea378
Add a false positive check
2014-04-29 16:07:42 +01:00
Arnaud SOULLIE
e386855e0e
Add ACTIONS descriptions
2014-04-29 16:55:05 +02:00
Tod Beardsley
4d76128937
Merge upstream and deconflict #3310 whitespace
2014-04-29 15:32:32 +01:00
Arnaud SOULLIE
04f2632972
Implement jvazquez-r7 comments
2014-04-29 16:09:47 +02:00
Rich Lundeen
60b9f855b4
Bug with HTTP POST requests (content type sent twice)
2014-04-28 18:44:02 -07:00
jvazquez-r7
4caf03b92f
Land #3301 , @nodeofgithub's patch for sercomm module
2014-04-28 17:19:47 -05:00
Thanat0s
70314494ca
test nil of port & host
2014-04-28 23:33:01 +02:00
Thanat0s
fe3f7fd76a
Obey to reviewer.. code fix
2014-04-28 23:26:29 +02:00
Tod Beardsley
a6edd94c7f
Just fix refs and desc for release
2014-04-28 19:47:15 +01:00
Tod Beardsley
a7e110be9e
Add a peer method, elaborate desc and prints
2014-04-28 19:41:44 +01:00
sinn3r
829b9ff4ff
Land #3308 - Fix smb_login using error_reason
2014-04-28 12:33:24 -05:00
Arnaud SOULLIE
a0add34a7d
Removed warning message and changed default unit number to 1
2014-04-28 15:47:10 +02:00
Pedro Laguna
ab913a533e
Update oracle_demantra_file_retrieval.rb
...
Fixed typo
2014-04-28 14:36:48 +01:00
Arnaud SOULLIE
a2ccbf9833
Add read/write capabilities to modbusclient
2014-04-28 15:29:55 +02:00
Zinterax
fb39e422aa
Fix smb_login calling nonexistent method
...
When a Rex::Proto::SMB::Exceptions::InvalidWordCount exception is thrown by this module, it attempts to call the nonexistent method error_reason and throws a NoMethodError:
Auxiliary failed: NoMethodError undefined method `error_reason' for #<Rex::Proto::SMB::Exceptions::InvalidWordCount:0x007f48fcda0e48>
This changes uses the built in method get_error to return an error code.
[-] x.x.x.x:445 SMB - [1/1] - \\Domain - FAILED LOGIN (xxxxxxxx) xxxx : xxxxx [STATUS_WAIT_0]
2014-04-28 09:28:29 -04:00
Thanat0s
2396d497d8
move scanner to gather
2014-04-28 12:57:54 +02:00
Thanat0s
3bfa8ea707
Pass msftidy
2014-04-28 12:53:49 +02:00
Thanat0s
f34cfefb8f
Change hash to array
2014-04-28 12:52:46 +02:00
Thanat0s
6610977e86
add cookie.match and alway return
2014-04-28 12:39:32 +02:00
Thanat0s
d5fe8471ed
unless id
2014-04-28 12:16:49 +02:00
Thanat0s
328acc44fa
Start cleaning as requested
2014-04-28 11:32:46 +02:00
nodeofgithub
b80d366bb7
Add filter to output WPA-PSK password on Netgear DG834GT
2014-04-26 15:52:31 +02:00
William Vu
c2bb26590c
Land #3250 , version handling for Heartbleed server
2014-04-25 00:17:26 -05:00
Ramon de C Valle
fd232b1acd
Use the protocol version from the handshake
...
I used the protocol version from the record layer thinking I was using
the protocol version from the handshake. This commit fix this and uses
the protocol version from the handshake instead of from the record layer
as in https://gist.github.com/rcvalle/10335282 , which is how it should
have been initially.
Thanks to @wvu-r7 for finding this out!
2014-04-25 01:48:17 -03:00
Christian Mehlmauer
ef815ca992
Land #3288 , Postgres support for Heartbleed scanner
2014-04-24 18:03:13 +02:00
Spencer McIntyre
9ccb9397e3
Land #3264 , throttl and csv output support for module
2014-04-23 19:00:28 -04:00
Spencer McIntyre
e2b92a824f
Change white space for authors in dns_reverse_lookup
2014-04-23 18:56:27 -04:00
William Vu
15bd92dd50
Fix OpenSSH timing attack module
2014-04-23 10:10:37 -05:00
William Vu
0a108acea3
Fix missing comma
...
Commas will be the death of me.
2014-04-23 10:10:12 -05:00
William Vu
6d7fde4302
Land #3157 , OpenSSH user enumeration timing attack
2014-04-23 10:01:10 -05:00
William Vu
1a2899d57b
Fix up whitespace 'n' stuff
2014-04-23 10:00:34 -05:00
Thanat0s
457c48b89b
Error on sleep
2014-04-23 11:38:23 +02:00
Jonathan Claudius
d70aa4cdbb
Fix MSFTidy complaints
2014-04-22 22:07:25 -04:00
Jonathan Claudius
b3cabaaa28
Clean up some formatting concerns
2014-04-22 21:58:14 -04:00
Jonathan Claudius
f71ad111da
Change return values from nil to false
2014-04-22 21:48:16 -04:00
Jonathan Claudius
3d793fc6f1
Add default VPN group fall back
2014-04-22 21:45:04 -04:00
Jonathan Claudius
4d9ece2f9a
Add hyphens and digits to group regex
2014-04-22 21:34:08 -04:00
kenkeiras
96f042110f
return is not needed when it's the last lifunction line
2014-04-22 22:33:47 +02:00
kenkeiras
c9d8da991a
Use Rex.sleep instead of select
2014-04-22 22:33:19 +02:00
kenkeiras
d2a558dc85
Removed unused code
2014-04-22 22:33:02 +02:00
Wiesław Kielas
8f6567967d
Heartbleed PostgreSQL TLS support improvements
2014-04-22 17:36:06 +02:00
Wiesław Kielas
fbe392a896
Add PostgreSQL TLS support to the Heartbleed scanner
2014-04-21 23:27:40 +02:00
Tod Beardsley
e514ff3607
Description and print_status fixes for release
...
@cdoughty-r7, I choose you! Or @wvu-r7.
2014-04-21 14:00:03 -05:00
William Vu
1faf069130
Land #3284 , deprecated module cleanup
2014-04-20 23:10:55 -05:00
James Lee
ee413ac385
Remove previously deprecated modules
2014-04-20 22:15:44 -05:00
kenkeiras
b8e0187647
Use OptPath for file path options
2014-04-18 21:56:17 +02:00
kenkeiras
fb0af8a799
Remove unnecesary ssh_socket variable
2014-04-18 21:50:54 +02:00
kenkeiras
c875bdadf5
Change THRESHOLD into a datastore option
2014-04-18 21:18:48 +02:00
kenkeiras
8a3329c891
Password made pseudo-random instead of a bunnch of A's
2014-04-18 21:10:34 +02:00
kenkeiras
47ff820a83
Remove unnecesary 'RHOST' deregister
2014-04-18 21:06:46 +02:00
kenkeiras
cc2d4f9ed7
Remove unnecesary @good_credentials
2014-04-18 21:03:22 +02:00
William Vu
7d801e3acc
Land #3200 , goodbye LORCON modules :(
2014-04-18 12:32:22 -05:00
jvazquez-r7
c4d4af031c
Land #3276 , @todb-r7's "make msftidy happy"'s fix
2014-04-18 09:54:52 -05:00
jvazquez-r7
5083143971
Land #3238 , @Zinterax's timeout addition in openssl_heartbleed
2014-04-18 09:28:04 -05:00
Tod Beardsley
2a729c84f6
Fix disclosure date
2014-04-18 09:27:41 -05:00
jvazquez-r7
8a011ec9f6
Land #3197 , @0x3fcoma's module for CVE-2013-5795 and CVE-2013-5880
2014-04-18 08:58:54 -05:00
jvazquez-r7
f3299e3ced
Do minor code cleanup
2014-04-18 08:58:11 -05:00
jvazquez-r7
2366f77226
Clean timeout handling code
2014-04-18 08:16:28 -05:00
Zinterax
e38f4cbfa0
Apply response_timeout to get_once, code cleanup
...
Add response_timeout to get_once
Change timeout output in establish_connect()
Add disconnect ater timeout output
Made establish_connect timeout check more readable
2014-04-18 07:57:33 -04:00
Zinterax
fab091ca88
Fix Action => DUMP
...
Fix for when Action is set to DUMP. Modifed the check to use action.name.
Console output:
msf auxiliary(openssl_heartbleed) > set action DUMP
action => DUMP
msf auxiliary(openssl_heartbleed) > run
[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Heartbeat data stored in /root/.msf4/loot/20140418070745_default_192.168.1.3_openssl.heartble_135938.bin
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:08:12 -04:00
Zinterax
1cf1616341
Rebase. Add timeout option support
...
Rebase to account for the KEYS merge.
Modify bleed() to work with timeout option.
Modify establish_connect() to work with timeout option.
Modify loot_and_report() to work with timeout option.
---Test Console Output---
Client Hello Timeout:
msf auxiliary(openssl_heartbleed) > run
[*] 127.0.0.1:443 - Sending Client Hello...
[-] 127.0.0.1:443 - No Client Hello response after 10 seconds...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Patched Apache:
msf auxiliary(openssl_heartbleed) > run
[*] 127.0.0.1:443 - Sending Client Hello...
[*] 127.0.0.1:443 - Sending Heartbeat...
[-] 127.0.0.1:443 - No Heartbeat response...
[-] 127.0.0.1:443 - Looks like there isn't leaked information...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Vulnerable Server:
msf auxiliary(openssl_heartbleed) > run
[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:04:05 -04:00
Zinterax
021ac53911
remove me
2014-04-18 07:03:36 -04:00
Jonathan Claudius
01d843f78f
Handle certificate auth nuances
2014-04-17 20:24:19 -04:00
Jonathan Claudius
6daae961cb
Add parameterized requests for detection/enumeration
2014-04-17 19:40:27 -04:00
Tod Beardsley
845108acf6
Looks like an autocorrect ran wild on TLS_CALLBACK
...
Whoops.
2014-04-17 17:47:47 -05:00
Tod Beardsley
2aa2cb17f3
Reimplement a check.
2014-04-17 17:10:54 -05:00
Tod Beardsley
d40ab039e4
Clean up whitespace. Protip: use commit hooks
2014-04-17 16:28:07 -05:00
Tod Beardsley
c34d548e50
First, undo #3252 . Sorry about that.
...
undo #3252 completely. This means a reimplementation of @dchan's work,
but his intent was simply to implement a check_host() that doesn't
actually pull memory, so that should be pretty straight forward with the
new structure of the module.
2014-04-17 16:25:15 -05:00
Jeff Jarmoc
e3daf6daf7
Singular 'TLS_CALLBACK' option
2014-04-17 15:51:37 -05:00
Jeff Jarmoc
6c832e22d6
rename scan to loot_and_report
2014-04-17 15:47:57 -05:00
Jeff Jarmoc
c12eae66b3
Error and return if public key wasn't retrieved.
2014-04-17 15:44:40 -05:00
Jeff Jarmoc
578002e016
KEYS action gets it's own function
2014-04-17 15:39:05 -05:00
Tod Beardsley
5b0b5d9476
Land #3252 , check() functionality for Heartbleed
2014-04-17 15:34:35 -05:00
Tod Beardsley
a2d6c58374
Changing << to + per @jlee-r7
2014-04-17 15:34:13 -05:00
Jeff Jarmoc
9f30976b83
Heartbleed RSA Keydump
...
Flattened, merge conflicts resolved, etc.
2014-04-17 14:30:47 -05:00
Jonathan Claudius
7ddd93cf5d
Add redirect support to #is_app_ssl_vpn?
2014-04-17 12:06:29 -04:00
Jonathan Claudius
0c5fb8c0c2
Fix bug in group enumeration regex
2014-04-17 10:31:05 -04:00
Christian Mehlmauer
71a650fe6e
Land #3259 , XMPP Hostname autodetect by @TomSellers
2014-04-17 08:54:15 +02:00
Tom Sellers
1f452aab48
Code cleanup
...
Changes requested by wvu-R7
2014-04-17 12:46:25 -05:00
Tom Sellers
9e2285619e
Additional cleanup
...
Whitespace cleanup
2014-04-17 10:46:33 -05:00
Jonathan Claudius
f53e7f84b8
Adds Cisco SSL VPN Bruteforce Aux Mod
2014-04-16 22:47:58 -04:00
Tom Sellers
ee0d30a1f3
Whitespace fix
...
Removing extra line feeds
2014-04-16 17:27:39 -05:00
Tom Sellers
92eab6c54b
Attribution addition
...
Per comment from Firefart
2014-04-16 17:26:09 -05:00
Tom Sellers
1f3ec46b8a
Heartbleed - Add autodetection of XMPP hostname (round 2)
...
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.
This version addresses issues that FireFart (Thanks!) brought up about code quality and connection reliability.
2014-04-16 08:49:45 -05:00
sinn3r
7a4e12976c
First little bit at Bug 8498
...
[FixRM #8489 ] rhost/rport modification
2014-04-15 18:20:16 -05:00
sinn3r
d7513b0eb2
Handle nil properly when no results are found
2014-04-15 18:19:29 -05:00
Tod Beardsley
9db01770ec
Add custom rhost/rport, remove editorializing desc
...
Verification:
````
resource (./a.rc)> run
[*] Connecting to FTP server ....
[*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server)
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla@example.com...
[*] FTP send: "USER anonymous\r\n"
[*] FTP recv: "331 Anonymous login ok, send your complete email address
as your password\r\n"
````
...etc.
2014-04-14 21:46:05 -05:00
Tod Beardsley
40a359f312
Include a vhost for Shodan or else it complains
...
Works now. The rhost option was not keeping the custom vhost option.
````
msf auxiliary(shodan_search) > rexploit
[*] Reloading module...
[*] Total: 13443 on 269 pages. Showing: 1
[*] Country Statistics:
[*] United States (US): 2006
[*] Germany (DE): 1787
[*] Korea, Republic of (KR): 1061
[*] Italy (IT): 916
[*] Hungary (HU): 604
[*] Collecting data, please WaitUntilAuthEmptyt...
IP Results
==========
````
2014-04-14 21:23:27 -05:00
Tod Beardsley
1436f68955
Fix shodan to not muck with datastore
2014-04-14 21:21:11 -05:00
Tod Beardsley
9035d1523d
Update wol.rb to specify rhost/rport directly
...
- [ ] Fire up tcpdump on the listening interface
- [ ] Run the module and see the pcap:
listening on vmnet8, link-type EN10MB (Ethernet), capture size 65535
bytes
20:56:02.592331 IP 192.168.145.1.41547 > 255.255.255.255.9: UDP, length
102
2014-04-14 20:57:20 -05:00
Tom Sellers
0360d1177f
Heartbleed - Add autodetection of XMPP hostname
...
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.
2014-04-14 20:09:21 -05:00
Thanat0s
07ed8d832a
Update db
2014-04-15 02:48:55 +02:00
David Chan
1a73206034
Add detection for GnuTLS with with multiple records
2014-04-14 17:09:25 -07:00
Thanat0s
fecdbd1781
F5 bigip cookie module
2014-04-15 01:11:17 +02:00
Thanat0s
176204d62d
With implemented remarks
2014-04-14 21:11:04 +02:00
Tom Sellers
634a03a852
Update to openssl_heartbleed to deal with SMTP RFC
...
Added CR character in order to have the commands match SMTP RFC 5321 2.3.8 for line termination. Some SMTP services, such as the Symantec Mail Gateway, require strict compliance or the connection will be dropped with the response '550 esmtp: protocol deviation'
Reference:
http://www.symantec.com/business/support/index?page=content&id=TECH96829
http://tools.ietf.org/html/rfc5321#section-2.3.8
2014-04-14 13:27:33 -05:00
David Maloney
c537aebf0f
Land #3228 , JtR colon Seperation
2014-04-14 11:19:16 -05:00
Thanat0s
dd7bceee56
fix threaded issues
2014-04-12 17:43:39 +02:00
Thanat0s
d493c48cc6
add thottling,notes insert and output to dns_rev_lookup
2014-04-12 16:36:18 +02:00
Ramon de C Valle
039946e8d1
Use the first cipher suite sent by the client
...
If encrypted, use the TLS_RSA_WITH_AES_128_CBC_SHA; otherwise, use the
first cipher suite sent by the client. This complements the last commit
and makes this module work with SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
when NEGOTIATE_TLS is not enabled (see
https://gist.github.com/rcvalle/10335282 ).
2014-04-12 05:05:14 -03:00
Ramon de C Valle
b95fcb9610
Use the protocol version sent by the client
...
Use the protocol version sent by the client. This should be the latest
version supported by the client, which may also be the only acceptable.
This makes this module work with SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
when NEGOTIATE_TLS is not enabled (see
https://gist.github.com/rcvalle/10335282 ).
2014-04-12 04:21:35 -03:00
David Chan
6fafc10184
Add HeartBleed check functionality
2014-04-12 00:07:00 -07:00
Sebastiano Di Paola
a63f020a68
Fixing coding style
2014-04-11 19:39:57 +02:00
Sebastiano Di Paola
4acacb005d
Fixed a bug...referring to wrong variable after filtering with regexp
2014-04-11 19:33:23 +02:00
Sebastiano Di Paola
83fe1cec65
Cleaned up Array.join call
2014-04-11 19:24:32 +02:00
Sebastiano Di Paola
55ec969bd9
Renamed FILTER -> DUMPFILTER, more intuitive and coherent
2014-04-11 19:07:57 +02:00
Sebastiano Di Paola
8268009b36
Renamed PATTERN_FILTER -> FILTER
2014-04-11 19:03:25 +02:00
Sebastiano Di Paola
c378fe95c1
Added missing space in comment
2014-04-11 19:01:01 +02:00
Sebastiano Di Paola
f8f710547c
Fixed call to String.match with regexp pattern
2014-04-11 18:59:59 +02:00
Sebastiano Di Paola
638cb41a3f
Remove Spaces at EOL, fixed if test on pattern variable
2014-04-11 18:58:05 +02:00
Sebastiano Di Paola
34fa4e29d9
Restored FTP option
2014-04-11 18:16:19 +02:00
Sebastiano Di Paola
eb0e35bf25
Fixed store on file option
2014-04-11 18:07:14 +02:00
Sebastiano Di Paola
c4029ea582
- Rubbish that was left dangling here around
2014-04-11 17:20:54 +02:00
Sebastiano Di Paola
1808fe470a
fixed conflicts, used OptRegexp for pattern
2014-04-11 17:16:06 +02:00
Sebastiano Di Paola
4315ad2987
Fixed conflict and used OptRegexp type for pattern
2014-04-11 17:15:39 +02:00
jvazquez-r7
813e0eab89
Land #3233 , @wvu-r7's improvements fort heartbleed modules
2014-04-11 09:33:57 -05:00
jvazquez-r7
e2ec53272e
Fix also negative numbers
2014-04-11 09:33:27 -05:00
jvazquez-r7
fb5881d8e2
Land #2324 , @sensepost and @Firefart's sftp support for heartbleed
2014-04-11 08:47:22 -05:00
jvazquez-r7
2134d676b4
Use verbose by default
2014-04-11 07:58:56 -05:00
Tod Beardsley
56662bd89b
Correct corpwatch_lookup_name datastore usage
...
[SeeRM #8498 ]
2014-04-10 16:56:55 -05:00
Tod Beardsley
06dedeec8f
Update corpwatch_lookup_id to run correctly
...
[SeeRM #8498 ]
2014-04-10 16:52:34 -05:00
William Vu
6675464c20
Fix a few things in the Heartbleed modules
2014-04-10 16:06:40 -05:00
Sebastiano Di Paola
9adf629ee7
Added feature to dump to file leaked memory
2014-04-10 22:51:07 +02:00
Christian Mehlmauer
f115a7f6e1
Fix intendation
2014-04-10 02:52:05 +02:00
gigstorm
f1443c039e
Updated hash value to SSLv3
...
Tested and working on server that has SSLv3 only enabled
2014-04-11 14:01:28 -07:00
gigstorm
6ab3478c7e
Update to include SSL Version 3 protocol
...
SSL Version 3 will also respond to this and a server configured to respond to SSL version 3 but not TLS will show false negative without this option (proven). May need to update cipher suites to include this option.
2014-04-11 12:41:17 -07:00
James Lee
f54654a326
More refactor on jtr_linux
...
Reducing complexity in `run` makes modules easier to read
2014-04-09 19:26:34 -05:00
James Lee
7f900c2628
Micro optimizations for jtr_linux
2014-04-09 19:26:23 -05:00
James Lee
46038d58b7
Refactor jtr_linux copy pasta
...
Move it to a nifty method
2014-04-09 19:26:11 -05:00
Christian Mehlmauer
4fc272c0e9
Fix merge error
2014-04-10 00:53:14 +02:00
jvazquez-r7
f398924280
Land @Firefart's new fix for the jabber case
2014-04-09 17:52:53 -05:00
Christian Mehlmauer
98816c3a01
Added @sensepost FTP implemenation
2014-04-10 00:48:09 +02:00
singe
ccfcf2cedb
Added FTP STARTTLS support to heartbleed scanner.
2014-04-10 00:45:59 +02:00
jvazquez-r7
c0e682b518
Land #3225 , @wvu-r7's and @hmoore-r7's improvements for openssl_heartbeat_client_memory
2014-04-09 17:39:04 -05:00
jvazquez-r7
ccdc5bd281
Switch to get since @wvu-r7 also tested successfully with get
2014-04-09 17:30:00 -05:00
William Vu
b905aece38
Fix job not backgrounding
2014-04-09 17:03:57 -05:00
HD Moore
ed247498b6
Make TLS negotiation optional
2014-04-09 17:03:38 -05:00
sinn3r
2de210f1c3
Land #3216 - Update @Meatballs1 and @FireFart in authors.rb
2014-04-09 16:38:10 -05:00
William Vu
f56f34fb69
Land #3212 , @hmoore-r7's client-side Heartbleed
2014-04-09 15:42:36 -05:00
Christian Mehlmauer
a86a8fed05
Changed heartbleed jabber implementation to match openssl s_client
...
see here for example implementation:
https://github.com/openssl/openssl/blob/master/apps/s_client.c#L1719
2014-04-09 22:20:32 +02:00
William Vu
2f9a400efa
vprint_status the other message message
2014-04-09 15:11:02 -05:00
William Vu
84ce72367b
Make the output less verbose
2014-04-09 14:57:51 -05:00
Christian Mehlmauer
856ad7e83d
heartbleed - Better output on wrong jabber domain and add. nil? check
2014-04-09 21:53:17 +02:00
Jeff Jarmoc
7a424784f8
Change default TLS Version to 1.0
...
Canonical testing shows this to be more widely supported, and yielding far more vulnerable hosts. Changing default to reflect that.
Experience of others in #metasploit seems similar.
2014-04-09 13:45:00 -05:00
Christian Mehlmauer
fec089d88d
Land #3219 , openssl_heartbleed XMPP fix from @natronkeltner
2014-04-09 20:42:55 +02:00
Christian Mehlmauer
e2b50d3709
fix openssl_heardbleed
...
-) XMPP Domain now configurable
-) Missing get_once to initiate the TLS connection
2014-04-09 20:39:33 +02:00
jvazquez-r7
5696e52fac
Fix jabber to field
2014-04-09 13:48:45 -05:00
jvazquez-r7
28a471e446
Land #3221 , @Firefart's fix for pop3 starttls
2014-04-09 13:31:45 -05:00
jvazquez-r7
bea810b5d6
Add jabber fix from @natronkeltner
2014-04-09 13:11:45 -05:00
jvazquez-r7
157fb5a905
Make title more searchable
2014-04-09 12:08:35 -05:00
jvazquez-r7
58f4a1c085
Usee loop do instead or while true
2014-04-09 11:48:45 -05:00
Tod Beardsley
76a9381b2a
Make the title of the Heartbleed module searchable
...
Right now, the title does not actually tie the Heartbeat check to the
Heartbleed attack, so people searching strictly on module title are not
going to get a hit for this module.
2014-04-09 11:03:01 -05:00
jvazquez-r7
bc36b9ebd6
Delete server side PoCs as referecences because don\'t apply here
2014-04-09 10:58:59 -05:00
jvazquez-r7
fd90203120
Change some variable names to make code reading easier
2014-04-09 10:56:50 -05:00
Christian Mehlmauer
899a7c9ea4
heartbleed bugfix for pop3
2014-04-09 17:51:44 +02:00
Tod Beardsley
062175128b
Update @Meatballs and @FireFart in authors.rb
2014-04-09 10:46:10 -05:00
Tod Beardsley
3849d1517f
Restore author credit
2014-04-09 09:42:39 -05:00
jvazquez-r7
e154d175e8
Add @hmoore-r7's heartbeat client side module
2014-04-09 09:38:11 -05:00
jvazquez-r7
8d38087a10
Fix case / when indention
2014-04-09 09:12:55 -05:00
Christian Mehlmauer
0e0fd20f88
Added RFC link
2014-04-09 15:19:29 +02:00
Christian Mehlmauer
a0a5b9faa1
Fix heartbleed module
...
-) incorrect length read
-) Parse TLS errors
2014-04-09 15:08:24 +02:00
jvazquez-r7
a93e22b5c0
Land #3209 , @Firefart's heartbleed's module fix
2014-04-09 06:38:06 -05:00
julianvilas
4e7c675f3c
Fix typo, extraquote in message
2014-04-09 10:22:15 +02:00
Christian Mehlmauer
cdfe333572
updated heartbleed module
...
-) Heartbeat length was added twice
-) Use the current date for the TLS client_hello
2014-04-09 09:19:05 +02:00
William Vu
dd69a9e5dd
Land #3206 , OpenSSL Heartbleed infoleak
2014-04-08 20:12:00 -05:00
William Vu
5e314f2a7c
Fix outstanding issues
2014-04-08 20:11:28 -05:00
jvazquez-r7
a4e1d866e1
Favor nil?
2014-04-08 18:21:49 -05:00
jvazquez-r7
153e003e23
Do small fixes
2014-04-08 18:21:09 -05:00
jvazquez-r7
39aecb140a
Use the datastore option
2014-04-08 16:55:08 -05:00