Commit Graph

3025 Commits (7359151c1493e540f669260d123781f92d89ea5f)

Author SHA1 Message Date
Matt Andreko 29cb4b1008 Merge remote-tracking branch 'upstream/master' into xbmc 2013-02-21 15:25:37 -05:00
Royce Davis ac50c32d51 Tested, works on server 2k8 2013-02-20 10:02:50 -06:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
sinn3r 92093cd7d8 There's no HttpClient, so it shouldn't be using normalize_uri 2013-02-19 15:04:18 -06:00
James Lee 4703278183 Move SMB mixins into their own directory 2013-02-19 12:55:06 -06:00
James Lee ede804e6af Make psexec mixin a bit better
* Removes copy-pasted code from psexec_command module and uses the mixin
  instead

* Uses the SMB protocol to delete files rather than psexec'ing to call
  cmd.exe and del

* Replaces several instances of "rescue StandardError" with better
  exception handling so we don't accidentally swallow things like
  NoMethodError

* Moves file reading and existence checking into the Exploit::SMB mixin
2013-02-19 12:33:19 -06:00
James Lee 49f00acc11 Fix nil deref when dnsdomain is empty 2013-02-19 11:24:05 -06:00
Chris John Riley d49797267e Correct SAP Table Name 2013-02-19 11:20:49 +01:00
Chris John Riley 358b2f5783 Added module credit as this has turned into a rewrite ;) 2013-02-19 11:15:04 +01:00
Chris John Riley f3cf8ad1b9 Whitespace EOL 2013-02-19 11:13:33 +01:00
Chris John Riley a75bae927d Replaced report_note and table output with single function
Added proposed extract data function (HDM)
2013-02-19 11:12:12 +01:00
Chris John Riley d4011227e3 Made suitable changes to original module also (only report on non empty response) 2013-02-19 09:43:36 +01:00
Chris John Riley 4170a85d8a Added logic to only report when value is present 2013-02-19 09:42:13 +01:00
jvazquez-r7 ec5c8e3a88 Merge branch 'dlink-dir300-600-execution' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink-dir300-600-execution 2013-02-16 19:12:42 +01:00
jvazquez-r7 a19da61177 deleting trailing comma 2013-02-16 00:53:28 +01:00
jvazquez-r7 829cf0f076 name changed to dns_srv_enum 2013-02-15 16:20:55 +01:00
jvazquez-r7 d1ba860409 changing filename for dns_srv 2013-02-15 16:20:33 +01:00
jvazquez-r7 374faf9b02 cleanup for dns_srv 2013-02-15 16:19:48 +01:00
jvazquez-r7 9d4bd763a6 Merge branch 'darkoperator-dnsenum2dnssrv' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnssrv 2013-02-15 16:19:31 +01:00
jvazquez-r7 38f5fbced3 cleanup for dns_reverse_lookup 2013-02-15 12:56:01 +01:00
jvazquez-r7 f1e3dab45f Merge branch 'darkoperator-dnsenum2dnsreverselookup' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnsreverselookup 2013-02-15 12:55:39 +01:00
jvazquez-r7 6aed858f80 cleanup for dns_bruteforce 2013-02-15 12:37:46 +01:00
jvazquez-r7 1be003a4d0 Merge branch 'darkoperator-dnsenum2dnsbruteforce' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnsbruteforce 2013-02-15 12:37:27 +01:00
jvazquez-r7 57e1d1baa5 cleanup for dns_info 2013-02-15 12:03:08 +01:00
jvazquez-r7 8a1874b4d1 Merge branch 'darkoperator-dnsenum2dnsinfo' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-dnsenum2dnsinfo 2013-02-15 12:02:48 +01:00
Carlos Perez bcd59aa8fa Typo word module does not go in the name. 2013-02-14 21:56:24 -04:00
Carlos Perez 1d64de6c11 Typo word module does not go in the name. 2013-02-14 21:55:38 -04:00
Carlos Perez 7f7b4e5a97 more changes to description and name 2013-02-14 21:49:57 -04:00
Carlos Perez faf970cf1f more changes to description and name 2013-02-14 21:47:43 -04:00
Carlos Perez 1b8610042a more changes to description and name 2013-02-14 21:46:21 -04:00
Carlos Perez 0b9d4d976f more changes to description and name 2013-02-14 21:44:31 -04:00
Carlos Perez 23320a5dde Fix spelling problems 2013-02-14 15:48:11 -04:00
Carlos Perez a7d4f5ff4a Fix spelling problems 2013-02-14 15:46:36 -04:00
Carlos Perez 7f97ff271f Fix spelling problems 2013-02-14 15:44:32 -04:00
Carlos Perez 1872b137f5 Fix spelling problems 2013-02-14 15:41:17 -04:00
Carlos Perez e8ccfae048 Fix spelling problems 2013-02-14 15:38:17 -04:00
Jeff Jarmoc c2f8e4adbd Minor - Note Rails 3.1.11 patch in Description. 2013-02-13 22:30:54 -06:00
sinn3r 4eca6e5502 Merge branch 'feature/web_crawler_skip_paths' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/web_crawler_skip_paths 2013-02-13 14:07:20 -06:00
jvazquez-r7 d1784babea little cleanup plus msftidy compliant 2013-02-13 20:24:49 +01:00
jvazquez-r7 0ae473b010 info updated with rails information 2013-02-13 09:52:17 +01:00
jvazquez-r7 f46eda2fa9 Merge branch 'rails_devise_pw_reset' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-rails_devise_pw_reset 2013-02-13 09:51:37 +01:00
jvazquez-r7 799beb5adc minor cleanup 2013-02-13 01:00:25 +01:00
jvazquez-r7 167f5970c1 minor cleanup for rails_json_yaml_scanner 2013-02-13 00:07:58 +01:00
jvazquez-r7 3e2a368823 Merge branch 'rails_json_yaml_scanner' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-rails_json_yaml_scanner 2013-02-13 00:07:11 +01:00
Jeff Jarmoc 846052a34d s/URIPATH/TARGETURI/g per @jvasquez-r7 comments on another pull. 2013-02-12 15:13:06 -06:00
Jeff Jarmoc 1d5d33f306 use normalize_uri() 2013-02-12 14:58:07 -06:00
Jeff Jarmoc c6a7a4e68d /URIPATH/TARGETURI/g 2013-02-12 14:50:10 -06:00
Tasos Laskos f2cf4304d2 Merge remote-tracking branch 'upstream/master' into feature/web_crawler_skip_paths 2013-02-12 22:10:40 +02:00
Tasos Laskos 9efd3f6c5e scanner/http/crawler: added ExcludePathPatterns opt
Option 'ExcludePathPatterns' allows users to specify which paths should
be excluded from the crawl (and which forms to ignore) by passing a
list of patterns (only allows '*' wildcards).
2013-02-12 21:47:12 +02:00
Jeff Jarmoc c7719bf4cb Verify response is non-nil. 2013-02-12 13:41:21 -06:00
Jeff Jarmoc 9e1f106a87 msftidy cleanup 2013-02-12 13:38:58 -06:00
Chris John Riley 3a6cd6f395 Added module for requesting RFC_SYSTEM_INFO via ICF web interface 2013-02-12 14:42:59 +01:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
Jeff Jarmoc ddd7d307e6 Add a scanner aux module for Rails JSON/YAML vuln CVE-2013-0333 2013-02-11 16:48:44 -06:00
jvazquez-r7 766257d26a pointed by @m-1-k-3 while working on #1472 2013-02-11 21:21:43 +01:00
Jeff Jarmoc 5f0a3c6b9e Removes pry, oops. 2013-02-11 14:02:46 -06:00
Jeff Jarmoc 753fa2c853 Handles error when TARGETEMAIL is invalid. 2013-02-11 13:58:56 -06:00
David Maloney a43b902b5c Fix tomcat_mgr_login auth 2013-02-11 12:00:40 -06:00
Jeff Jarmoc 61ffcedbfd Address HD's other comments, fixes mismatched var name in last commit. 2013-02-11 11:17:26 -06:00
Jeff Jarmoc e72dc47448 Uses REXML for encoding of password. 2013-02-11 11:12:29 -06:00
Carlos Perez 6c85e5242e change wildcard message to print_warning 2013-02-11 12:04:30 -04:00
Carlos Perez 431641fec9 added check for retry options 2013-02-11 12:02:15 -04:00
Carlos Perez fd6f00f641 added report note for wildcard 2013-02-11 11:37:20 -04:00
Carlos Perez 5f10704697 applied fixes 2013-02-11 11:31:13 -04:00
Carlos Perez 55efe01bf7 Applied fixes 2013-02-11 11:23:06 -04:00
jvazquez-r7 24c3f1b99d fix msftidy 2013-02-11 15:07:49 +01:00
jvazquez-r7 991e65770c minor cleanup for word_unc_injector 2013-02-11 15:06:19 +01:00
jvazquez-r7 41564fd51d Merge branch 'aux-word_unc_injector.rb' of https://github.com/SphaZ/metasploit-framework into SphaZ-aux-word_unc_injector.rb 2013-02-11 15:05:27 +01:00
Jeff Jarmoc 43a1fbb6f2 Make msftiday happy. 2013-02-10 21:13:18 -06:00
Jeff Jarmoc 55cba56591 Aux module for joernchen's devise vuln - CVE-2013-0233 2013-02-10 21:10:00 -06:00
m-1-k-3 63c6791473 return 2013-02-09 11:17:02 +01:00
m-1-k-3 6cccf86a00 Merge branch 'master' of git://github.com/rapid7/metasploit-framework into dlink-dir300-600-execution 2013-02-09 11:09:56 +01:00
Carlos Perez fd15436a96 Added new line to end of file. 2013-02-08 20:52:49 -04:00
Carlos Perez 78f81843f6 Added new line to end of file. 2013-02-08 20:51:37 -04:00
Carlos Perez eda3fc0715 Added new line to end of file. 2013-02-08 20:50:23 -04:00
Carlos Perez 166b59b61a Added new line to end of file. 2013-02-08 20:48:57 -04:00
sinn3r 7370d7d31b Final touchup 2013-02-08 18:21:06 -06:00
Spencer McIntyre 7522a87cf9 Adding an auxiliary scanner module for Titan FTP password disclosure. 2013-02-08 15:43:02 -05:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
Carlos Perez ac8194ed07 Split of DNS SRV Record Enumeration from enum_dns 2013-02-08 10:09:34 -04:00
Carlos Perez 256ab7f737 Split of DNS Reverse Lookup from enum_dns 2013-02-08 09:50:21 -04:00
Carlos Perez 906585798d Split of DNS General Info from enum_dns 2013-02-08 09:49:19 -04:00
Carlos Perez 2186db5295 Split of DNS Name Brutforce from enum_dns 2013-02-08 09:48:32 -04:00
SphaZ 66f0bddb54 fixed error check, a comment, manipulate_file all in memory now 2013-02-08 12:46:13 +01:00
sinn3r 25d8dac4c0 Merge branch 'bugs/linksys-fixes' of github.com:todb-r7/metasploit-framework into todb-r7-bugs/linksys-fixes 2013-02-07 19:10:36 -06:00
sinn3r ce7da154a6 Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into hmoore-r7-master 2013-02-07 17:35:28 -06:00
sinn3r 035e8b7100 Merge branch 'groupwise_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-groupwise_traversal 2013-02-07 17:33:34 -06:00
jvazquez-r7 e9912496d8 nice check learned from sinn3r 2013-02-07 22:05:39 +01:00
jvazquez-r7 0d3c32b0a4 Added module for CVE-2012-0419 2013-02-07 21:15:49 +01:00
sinn3r 7f746e1caa That's what he said. 2013-02-07 11:13:18 -06:00
sinn3r d554c3a56a Don't really need the bottom comment 2013-02-07 10:46:42 -06:00
sinn3r 98559d4d51 Do a check and make sure this is Simple Web Server 2013-02-07 10:45:53 -06:00
sinn3r b11f052746 Allow arbitrary depth 2013-02-07 10:32:29 -06:00
sinn3r a3264e18e2 There aint no fail_with(), must use print_error 2013-02-07 10:30:17 -06:00
HD Moore 77390a5935 Fix a bug reported by Tom Liston 2013-02-06 23:34:55 -06:00
sinn3r b09f819e4b Add Simple Web Server dir traversal 2013-02-06 17:02:07 -06:00
James Lee 1095fe198b Merge branch 'rapid7' into dmaloney-r7-http/auth_methods 2013-02-06 16:57:50 -06:00
HD Moore f0ca4b2f08 Merge remote-tracking branch 'upstream/master' 2013-02-06 16:31:31 -06:00
Tod Beardsley 5357e23675 Fixups to the Linksys module
Professionalizes the description a little, but more importantly, handles
LANIP better, I think. Instead of faking a 1.1.1.1 address, just detect
if it's set or not in a method and return the right thing accordingly.

Please test this before landing, obviously. I think it's what's
intended.
2013-02-06 12:46:50 -06:00
Tod Beardsley e175e2c9e9 typo in method name 2013-02-06 12:19:57 -06:00
HD Moore 22e3458cea Fix multi-line output due to bad regex flag 2013-02-06 11:27:58 -06:00
Tod Beardsley faeaa74a49 Msftidy whitespace 2013-02-06 11:06:13 -06:00
HD Moore 9af888c03b Merge pull request #1433 from jjarmoc/jjarmoc-rails_xml_scan
rails_xml_yaml_scanner.rb improvements
2013-02-05 12:34:10 -08:00
Matt Andreko 2cdeca5422 Added reference & depth
Added reference to IOActive's release.
Added a depth option to allow user to specify how many folders to traverse.
2013-02-05 14:32:50 -05:00
m-1-k-3 43f3bb4fe6 small updates 2013-02-05 13:54:10 +01:00
SphaZ 0f46ed72e1 Using snake_case, fixed using tmp files, changed errorhandling 2013-02-05 12:00:04 +01:00
David Maloney 877fb017b6 remove negotiate requirements
winrm can support basic, and now these modules can too, for free
2013-02-04 16:50:43 -06:00
David Maloney 44d4e298dc Attempting to cleanup winrm auth 2013-02-04 15:48:31 -06:00
Jeff Jarmoc 39cafd0cde Use OptEnum instead of OptString 2013-02-04 15:08:34 -06:00
David Maloney 8d013d1034 Merge branch 'master' into http/auth_methods 2013-02-04 13:11:57 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
David Maloney 8b1febb4cf add myself to the blame list for the module =P 2013-02-04 12:32:43 -06:00
David Maloney 9497e38ef7 Fix http login scanner
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
David Maloney 2c3de43f4b datastore opts cleanup
cleanuo digestauth datastore options in modules
2013-02-04 12:10:44 -06:00
SphaZ fa1811ac38 changed SOURCE to be OptPath 2013-02-04 15:25:11 +01:00
SphaZ 3b528d7f6d removed data files from docx 2013-02-04 14:00:13 +01:00
SphaZ 145cf618aa msftidy 2013-02-04 13:51:01 +01:00
SphaZ 24de0d2274 Data files moved. Updated to use Rex::zip and Msf::Exploit::FILEFORMAT 2013-02-04 13:37:09 +01:00
m-1-k-3 5ca0e45388 initial commit 2013-02-04 08:44:12 +01:00
HD Moore 0660347fca Explicit mult-line match 2013-02-03 21:06:57 -06:00
jvazquez-r7 2bf2d4d8a4 Merge branch 'netgear_sph200d_traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-netgear_sph200d_traversal 2013-02-03 23:35:29 +01:00
Jeff Jarmoc 5e0c18af2f adding self to credits 2013-02-03 16:14:42 -06:00
Jeff Jarmoc 57c8e41846 Re-order probes and checks.
This causes module to exit if error conditions are found, before sending unecessary probes.
2013-02-03 16:10:46 -06:00
Jeff Jarmoc 8dff427776 Allow 4xx codes, display codes in verbose output 2013-02-03 16:07:07 -06:00
Jeff Jarmoc 810470de3b Make HTTP_METHOD Configurable 2013-02-03 16:05:45 -06:00
David Maloney 5814c59620 move httpauth to mixin
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
HD Moore d5ae005332 Rename with underscores 2013-02-01 14:39:01 -06:00
HD Moore 4e6c93ec7d Various style fixes, fix ruby 1.8 compat 2013-02-01 14:38:20 -06:00
jvazquez-r7 c24c926ffa add aditional check to detect valid device 2013-02-01 20:55:06 +01:00
jvazquez-r7 996ee06b0f fix another print_ call 2013-02-01 20:43:54 +01:00
jvazquez-r7 152f397a1f first module cleanup 2013-02-01 20:38:11 +01:00
m-1-k-3 988761a6de more updates, BID, Exploit-DB 2013-02-01 20:18:53 +01:00
m-1-k-3 fdd5fe77c1 more updates ... 2013-02-01 19:59:19 +01:00
m-1-k-3 0e22ee73b5 updates ... 2013-02-01 19:26:34 +01:00
SphaZ e71c2c5ece added word_unc_injector auxiliary module 2013-02-01 08:03:41 +01:00
jvazquez-r7 70b252dc7b Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2 2013-01-31 22:32:50 +01:00
sinn3r 39cdb89831 Oh don't be so sensitive about it.
Fixnum vs String
2013-01-31 15:04:13 -06:00
egypt 5332e80ae9 Fix errant use of .to_s instead of .path 2013-01-31 14:18:42 -06:00
sinn3r c174e6a208 Correctly use normalize_uri()
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
sinn3r a68ad8f600 Merge branch 'bug/rm7021-MySQL-login-scanner-exception' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7021-MySQL-login-scanner-exception 2013-01-30 13:22:33 -06:00
jvazquez-r7 cf6aae7bb7 add checks for enabled services 2013-01-30 17:37:41 +01:00
jvazquez-r7 668520d8d9 added module for cve-2013-1391 2013-01-30 17:22:03 +01:00
Tod Beardsley b1f8b87f14 Chmod -x the joomla modules. Also fix a title typo
joomla_pages was incorrectly titled as "Joomla Version Scanner," which
of course is actually joomla_version.
2013-01-29 17:02:43 -06:00
m-1-k-3 ea5e993bf3 initial 2013-01-29 22:02:29 +01:00
Tod Beardsley 6002e35460 Merge pull request #1397 from wchen-r7/target_uri_fix
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
Tod Beardsley e618a2a347 Merge pull request #1405 from rapid7/add/upnp-scanner
Adds CVE reporting to the UPnP scanner
2013-01-28 23:10:14 -08:00
Tod Beardsley f5eaa87c80 comment typo 2013-01-29 01:05:18 -06:00
Tod Beardsley 25ae49154a Added author, vprint dressing-up 2013-01-29 00:55:45 -06:00
HD Moore 358f7cc62f Adds CVE reporting to the UPnP scanner 2013-01-29 00:15:39 -06:00
sinn3r 1ea1ad3166 Fix the forgotten path() 2013-01-28 14:48:22 -06:00