Commit Graph

780 Commits (75661291fa485c8d761d5f207c4ea66ca29ddd56)

Author SHA1 Message Date
HD Moore 3dbfd0b8e3 A little too verbose
git-svn-id: file:///home/svn/framework3/trunk@8884 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-22 22:44:58 +00:00
Tod Beardsley 1458fbad54 Adds some fingerprinting to the tomcat manager login auxiliary module.
git-svn-id: file:///home/svn/framework3/trunk@8883 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-22 22:19:46 +00:00
Tod Beardsley 83d96d713c Refactoring Auxiliary::AuthBrute. Now that several modules actually use it, the real use cases have become obvious. So, refactored for simplicity and readability. Also touched up all the authentication modules to behave consistently.
git-svn-id: file:///home/svn/framework3/trunk@8879 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-22 20:07:26 +00:00
HD Moore 4c913a576d Remove OS reporting, this is handled better elsewhere
git-svn-id: file:///home/svn/framework3/trunk@8871 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-22 00:20:09 +00:00
HD Moore 9632f8251a Move OS-level fingerprints out, report note-level fingerprints instead
git-svn-id: file:///home/svn/framework3/trunk@8869 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-22 00:09:04 +00:00
HD Moore 480380003c Make verbose status printing standardized across login modules
git-svn-id: file:///home/svn/framework3/trunk@8866 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-21 18:42:47 +00:00
Tod Beardsley c1976e22f3 Adding J Duenow's sport patch to synflood. Thanks!
git-svn-id: file:///home/svn/framework3/trunk@8849 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-18 16:30:57 +00:00
Joshua Drake 9311253e32 <pre>revert stty -echo execution -- it breaks telnets to some devices</pre>
git-svn-id: file:///home/svn/framework3/trunk@8848 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-18 15:40:15 +00:00
Tod Beardsley 3f69bb8053 Fixes the handling for telnet services when the server is "busy" -- this is common wit HP JetDirect servers, where the server will respond with a busy message up to several seconds after the last connection logged off. While this does mean that credential tests will be skipped, they will at least not be scored incorrectly as false postives.
Also, this removes the disconnect() method in favor of self.sock.close(). Disconnect seems to have a tendency to leave sessions half-closed, which will cause a busy state to never clear. self.sock.close doesn't appear to have this effect if you use a slower bruteforce_speed option (3 seems to work all right).



git-svn-id: file:///home/svn/framework3/trunk@8835 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-16 18:45:50 +00:00
HD Moore 0f7a6cd1f2 Store the name and domain in the service info
git-svn-id: file:///home/svn/framework3/trunk@8826 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-15 21:35:21 +00:00
HD Moore 1b54c0e493 Closes #1129. Merges in Thomas's xdb_sid_brute patch
git-svn-id: file:///home/svn/framework3/trunk@8825 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-15 20:31:53 +00:00
HD Moore 9f4ba25823 Add shiny new Oracle 0day (found by David Litchfield, ported to Metasploit by sid)
git-svn-id: file:///home/svn/framework3/trunk@8822 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-15 16:34:46 +00:00
Carlos Perez 5c7045e680 Applied Patch provided by Rob Fuller Mubix
git-svn-id: file:///home/svn/framework3/trunk@8819 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-15 00:37:26 +00:00
HD Moore b1af1feb3f Use double not single quotes
git-svn-id: file:///home/svn/framework3/trunk@8815 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-14 04:13:00 +00:00
HD Moore 821a0bcf37 SMB share enumeration
git-svn-id: file:///home/svn/framework3/trunk@8813 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-14 03:44:50 +00:00
HD Moore 84b7f4bb85 Store the nfs service and export information into the db
git-svn-id: file:///home/svn/framework3/trunk@8812 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-14 00:34:46 +00:00
Joshua Drake a6377cc63b turn off echo for telnet sessions
git-svn-id: file:///home/svn/framework3/trunk@8801 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-11 23:03:44 +00:00
Mario Ceballos 5b6442aa58 added a patch and added a new module from Thomas Ring.
git-svn-id: file:///home/svn/framework3/trunk@8800 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-11 22:55:37 +00:00
Mario Ceballos b01f9ff233 adds a patch from Thomas Ring.
git-svn-id: file:///home/svn/framework3/trunk@8775 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 22:42:49 +00:00
Tod Beardsley efbdaba298 Making telnet timeouts much less disasterous, since they can happen pretty commonly.
git-svn-id: file:///home/svn/framework3/trunk@8769 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 21:54:20 +00:00
Tod Beardsley 542a9a0617 Report MySQL application-level protocol errors (such as host not allowed messages).
git-svn-id: file:///home/svn/framework3/trunk@8767 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 17:56:03 +00:00
Joshua Drake b419a40c45 finished periodic missing CVE reference check (hint vulns w/o CVEs here!)
also some minor cleanups here and there

git-svn-id: file:///home/svn/framework3/trunk@8762 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 05:58:01 +00:00
Tod Beardsley 4415e3fbbf Fixing up ssh_login reporting.
git-svn-id: file:///home/svn/framework3/trunk@8759 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-09 22:07:04 +00:00
Joshua Drake df395f3ff0 added Brett Gervasoni to authors
git-svn-id: file:///home/svn/framework3/trunk@8758 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-09 09:12:57 +00:00
HD Moore a239963a7d Handle wrapped TCP services better
git-svn-id: file:///home/svn/framework3/trunk@8756 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-09 05:38:28 +00:00
Joshua Drake 5543e4551f add auxiliary dos module for apache mod_isapi bug
git-svn-id: file:///home/svn/framework3/trunk@8752 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-08 23:21:17 +00:00
HD Moore b1973c6630 Adds detection and exploitation coverage for the Energizer Duo trojan
git-svn-id: file:///home/svn/framework3/trunk@8749 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-08 19:06:50 +00:00
HD Moore a35817f0cc Store more information
git-svn-id: file:///home/svn/framework3/trunk@8742 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-08 13:52:39 +00:00
HD Moore d5b85db27f Fixes a false positive when the server always replies with 200 OK
git-svn-id: file:///home/svn/framework3/trunk@8740 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-08 05:26:33 +00:00
HD Moore a5d05fc2fb Fix up a typo
git-svn-id: file:///home/svn/framework3/trunk@8738 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-08 04:39:06 +00:00
HD Moore 5cc63cf983 Report the epm service as well
git-svn-id: file:///home/svn/framework3/trunk@8737 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-08 04:35:14 +00:00
Tod Beardsley 5ce7b4d186 Pass this_cred for tomcat_mgr_login
git-svn-id: file:///home/svn/framework3/trunk@8730 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-05 20:05:01 +00:00
Tod Beardsley 3d1f773f18 Reimplementing DB2's auth checker to use the same methods as the other auth_brute modules.
git-svn-id: file:///home/svn/framework3/trunk@8722 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-05 00:44:39 +00:00
Tod Beardsley a5e187bd69 Add the ability to slow down brute force sessions.
git-svn-id: file:///home/svn/framework3/trunk@8719 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 23:29:26 +00:00
Joshua Drake 0ed5fc1af1 change VERBOSE option from OptString to OptBool
git-svn-id: file:///home/svn/framework3/trunk@8715 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 20:59:49 +00:00
James Lee bf2a64b3ac use new argument list for get_host
git-svn-id: file:///home/svn/framework3/trunk@8711 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 07:59:55 +00:00
James Lee 4f08e6fd25 treat the database as write-only and use the (improved) target cache, fixes 986
git-svn-id: file:///home/svn/framework3/trunk@8708 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 07:37:58 +00:00
James Lee b70b17b42a don't use undefined variables.
git-svn-id: file:///home/svn/framework3/trunk@8701 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 19:51:05 +00:00
James Lee c07b47b30b explicitly rescue timeouts since they inherit from ::Interrupt on ruby 1.8
git-svn-id: file:///home/svn/framework3/trunk@8694 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 23:08:05 +00:00
Tod Beardsley 7d3ac25586 Adds Citrix-ICA to the UDP sweep discovery module.
git-svn-id: file:///home/svn/framework3/trunk@8693 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 18:48:28 +00:00
Joshua Drake 7a37934a01 process autorun scripts for telnet_login and ssh_login
1. create session.process_autoruns in Msf::Sessions::CommandShell
2. call process_autoruns from within the handler on_session code
4. set user_input and user_output in sessions base set_from_exploit method
5. remove on_session from Msf::Sessions::CommandShellOptions
6. include CommandShellOptions into telnet_login and ssh_login
7. call sess.process_autoruns from telnet_login and ssh_login
8. celebrate (while crossing fingers of course)!

git-svn-id: file:///home/svn/framework3/trunk@8692 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 18:07:50 +00:00
Tod Beardsley 09a669875c Bumping the minimum version of MySQL to try back to 4.1.20, no problems seen
on that build.



git-svn-id: file:///home/svn/framework3/trunk@8691 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 16:52:22 +00:00
Tod Beardsley 453451a26d Check the version number of the remote MySQL server before attempting
to log in. Sadly, the library we're using right now doesn't know
how to correctly negotiate 4.x and 3.x versions of MySQL. Until that
gets resolved (by writing a new library for these old versions), 
this will at least prevent false positives/negatives from getting
reported.



git-svn-id: file:///home/svn/framework3/trunk@8681 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 22:56:00 +00:00
Tod Beardsley e2af2f9ab9 Again.
git-svn-id: file:///home/svn/framework3/trunk@8680 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 20:20:37 +00:00
Tod Beardsley e1a02d602d Fixing up the tomcat login scanner.
git-svn-id: file:///home/svn/framework3/trunk@8679 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 20:20:20 +00:00
HD Moore 304a238d3e Add pop3/imap4 scanners
git-svn-id: file:///home/svn/framework3/trunk@8664 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 19:06:26 +00:00
HD Moore 0d87003497 Rename for consistency
git-svn-id: file:///home/svn/framework3/trunk@8662 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 18:48:09 +00:00
HD Moore 2cbf64b85a Fix up the stored banner for SMTP
git-svn-id: file:///home/svn/framework3/trunk@8661 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 18:47:48 +00:00
Joshua Drake e1c5334d56 add register_autofilter_ports
git-svn-id: file:///home/svn/framework3/trunk@8652 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 01:53:02 +00:00
HD Moore d5e07a3ba9 Change info
git-svn-id: file:///home/svn/framework3/trunk@8650 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 01:09:09 +00:00