Commit Graph

15091 Commits (78733fcd20e948268bbd103460f5c8cd133352bf)

Author SHA1 Message Date
jvazquez-r7 79cabc6d68 Fix clean up 2014-11-05 15:46:33 -06:00
jvazquez-r7 c08993a9c0 Add module for ZDI-14-372 2014-11-05 15:31:20 -06:00
Pedro Ribeiro e71ba1ad4a Push exploit for CVE-2014-6038/39 2014-11-05 20:12:03 +00:00
Tod Beardsley cca30b536f
Land #4094, fixes for OWA brute forcer
Fixes #4083

Thanks TONS to @jhart-r7 for doing most of the work on this!
2014-11-05 14:00:26 -06:00
Jon Hart ff8d481eec Update description to remove comments about defaults. Default to 2013 2014-11-04 21:21:19 -08:00
Jon Hart 2c028ca7a6 Move redirect check before body check -- a redirect won't have a body 2014-11-04 14:19:21 -08:00
Jon Hart 7855ede2de Move userpass emptiness checking into setup 2014-11-04 14:07:39 -08:00
William Vu ebb8b70472
Land #4015, another Android < 4.4 UXSS module 2014-11-04 15:52:29 -06:00
Tod Beardsley f8593ca1b5
Land #4109, tnftp savefile exploit from @wvu-r7 2014-11-04 15:44:13 -06:00
Tod Beardsley 5fb268bbdf
Updates to better OWA fix 2014-11-04 14:32:54 -06:00
nullbind 56a02fdb4a added mssql_escalate_executeas_sqli.rb 2014-11-04 13:38:13 -06:00
Jon Hart b0e388f4c3
Land #3516, @midnitesnake's snmp_enumusers fix for Solaris, OS X 2014-11-04 08:23:16 -08:00
nullbind 15119d2a0f comment fix-sorry 2014-11-04 09:07:08 -06:00
nullbind f108d7b20a fixed code comment 2014-11-04 08:51:27 -06:00
jvazquez-r7 400ef51897
Land #4076, exploit for x7chat PHP application 2014-11-03 18:22:04 -06:00
jvazquez-r7 3bf7473ac2 Add github pull request as reference 2014-11-03 18:18:42 -06:00
jvazquez-r7 44a2f366cf Switch ranking 2014-11-03 18:06:09 -06:00
jvazquez-r7 039d3cf9ae Do minor cleanup 2014-11-03 18:04:30 -06:00
William Vu 277fd5c7a1
Land #4123, release fixes 2014-11-03 16:20:00 -06:00
Juan Escobar 7e4248b601 Added compatibility with older versions, Updated descriptions and fixed issue with Ubuntu 12.04 2014-11-03 16:42:50 -05:00
Tod Beardsley 0199e4d658
Land #3770, resolve random stager bugs 2014-11-03 14:15:14 -06:00
sinn3r 9a27984ac1 switch from error to switch 2014-11-03 13:56:41 -06:00
sinn3r a823ca6b2f Add support for HTTP authentication. And more informative. 2014-11-03 13:46:53 -06:00
Tod Beardsley 51b96cb85b
Cosmetic title/desc updates 2014-11-03 13:37:45 -06:00
nullbind fbe3adcb4c added mssql_escalate_executeas module 2014-11-03 11:29:15 -06:00
Jon Hart 8f197d4918 Move to build_probe 2014-11-03 08:41:51 -08:00
sinn3r 6f013cdcaf Missed these 2014-10-31 18:48:48 -05:00
sinn3r d6a830eb6e Rescue the correct exception: Rex::HostUnreachable 2014-10-31 16:43:33 -05:00
Jon Hart 121ebdfef6 update_info 2014-10-31 13:17:50 -07:00
Jon Hart b99e71dcdd Example UDPScanner style cleanup, move most to UDPScanner 2014-10-31 12:14:04 -07:00
Jon Hart ff0b52cffb Example per-batch vprint, a useful default 2014-10-31 10:31:31 -07:00
Jon Hart 94d4388af9 Improvements to example UDPScanner 2014-10-31 09:53:10 -07:00
Joe Vennix 1e9f9ce425
Handle invalid JSON errors and fix typo. 2014-10-31 11:01:49 -05:00
Jon Hart d9f0a10737 Add new example template for scanning UDP services 2014-10-31 08:06:31 -07:00
jvazquez-r7 40bf44bd05 Don't allow 127.0.0.1 as SRVHOST 2014-10-31 08:19:15 -05:00
jvazquez-r7 7d2fa9ee94 Delete unnecessary to_s 2014-10-30 22:59:22 -05:00
William Vu 953a642b0e
Finally write a decent description 2014-10-30 22:51:42 -05:00
sinn3r 64f4777407
Land #4091 - Xerox DLM injection 2014-10-30 22:15:16 -05:00
sinn3r b7a1722b46 Pass msftidy, more descriptive name and description 2014-10-30 22:14:18 -05:00
William Vu e3ed7905f1
Add tnftp_savefile exploit
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
jvazquez-r7 8fdea5f74c Change module filename 2014-10-30 20:34:24 -05:00
jvazquez-r7 9404e24b24 Update module information 2014-10-30 20:33:38 -05:00
Jon Hart 1a37a6638c Fix splunk_upload_app_exec to work on new installs. Style 2014-10-30 18:28:56 -07:00
Jon Hart 55f245f20f
Merge #3507 into local, recently updated branch of master for landing 2014-10-30 17:28:20 -07:00
OJ cc7f7c9986
Land #4108 - Avoid local offsets in CVE-2014-4113 2014-10-31 09:08:51 +10:00
jvazquez-r7 6574db5dbb Fix the 64 bits code 2014-10-30 17:01:59 -05:00
sinn3r 92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor 2014-10-30 13:52:07 -05:00
sinn3r 470a067384 Final changes 2014-10-30 13:51:44 -05:00
sinn3r 912f6c8eee
Land #4085 - Xerox Administrator Console Password Extract 2014-10-30 13:37:32 -05:00
sinn3r 02b1c5c4bc Final changes 2014-10-30 13:37:02 -05:00
sinn3r 127d1640da Print password 2014-10-30 13:27:40 -05:00
Joe Vennix 6dc13f90cd
Update descriptions to mention Webview bugginess. 2014-10-30 10:55:56 -05:00
Joe Vennix 0ad9f95806
Remove stray alert() for debugging. 2014-10-30 10:52:06 -05:00
Joe Vennix 88040fbce0
Add another Android < 4.4 UXSS exploit. 2014-10-30 10:34:14 -05:00
Jon Hart 15e1c253fa Numerous cleanups for snmp_enumusers
* Bring in line with Ruby standards
* More sane format for adding new OSs
* Better logging for use on larger networks
* Better error handling
2014-10-29 23:54:32 -07:00
jvazquez-r7 ac939325ce Add module first version 2014-10-29 21:11:57 -05:00
Peter Arzamendi 9d56f0298a Changed upper XXX to lower XXX. 2014-10-29 20:09:02 -05:00
Peter Arzamendi b35a8935db Updated get_once for get_once undefined method and EOFError 2014-10-29 13:47:07 -05:00
Deral Heiland 64a59e805c Fix a simple typo 2014-10-29 12:40:24 -04:00
Deral Heiland 1bf1be0e46 Updated to module based feedback from wchen-r7 2014-10-29 11:42:07 -04:00
Juan Escobar 2e53027bb6 Fix value of X7C2P cookie and typo 2014-10-29 08:32:36 -05:00
Peter Arzamendi 2bc8767751 Updated rescue to catch other errors from the socket API 2014-10-29 08:03:28 -05:00
Juan Escobar 9f21ac8ba2 Fix issues reported by wchen-r7 2014-10-28 21:31:33 -05:00
Jon Hart ba5035c7ef
Prevent calling match when there is no WWW-auth header 2014-10-28 17:13:57 -07:00
Jon Hart a5d883563d
Abort if 2013 desired but redirect didn't happen 2014-10-28 15:59:22 -07:00
Jon Hart 7ca4ba26b0
Show more helpful vprint messages when login fails 2014-10-28 15:48:04 -07:00
Jon Hart bce8f34a71
Set proper Cookie header from built cookie string 2014-10-28 15:41:36 -07:00
Jon Hart a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response 2014-10-28 15:40:15 -07:00
Peter Arzamendi 604cad9fbb Updated timeout to default to 45 seconds to wait for the print job to finish. 2014-10-28 15:45:28 -05:00
Peter Arzamendi b17d6a661d Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds. 2014-10-28 15:23:47 -05:00
Peter Arzamendi 0e42cf25d1 Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri 2014-10-28 15:13:16 -05:00
Tod Beardsley 9c028c1435
Fixes #4083, make the split nil-safe
In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.

This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.
2014-10-28 14:59:20 -05:00
William Vu 71a6ec8b12
Land #4093, cups_bash_env_exec CVE-2014-6278 2014-10-28 12:47:51 -05:00
Brendan Coles 57baf0f393 Add support for CVE-2014-6278 2014-10-28 17:10:19 +00:00
William Vu 3de5c43cf4
Land #4050, CUPS Shellshock
Bashbleeded!!!!!!!!!!!
2014-10-28 11:59:31 -05:00
Peter Arzamendi 1012cd8d6b Updated based on wchen-r7 feedback. 2014-10-28 11:38:50 -05:00
Brendan Coles 78b199fe72 Remove CVE-2014-6278 2014-10-28 16:18:24 +00:00
Joe Vennix c6bbc5bccf
Merge branch 'landing-4055' into upstream-master 2014-10-28 11:18:20 -05:00
Deral Heiland 9021e4dae6 Xerox Workcentre firmware injection exploit 2014-10-28 11:15:43 -04:00
jvazquez-r7 5e0993d756
Add OJ as author 2014-10-28 09:58:34 -05:00
Tod Beardsley dade6b97ba
Land #4088, wget exploit
Fixes #4077 as well.
2014-10-28 09:03:07 -05:00
Brendan Coles a060fec760 Detect version in check() 2014-10-28 12:28:18 +00:00
sinn3r e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner 2014-10-28 01:45:57 -05:00
HD Moore 64c206fa62 Add module for CVE-2014-4877 (Wget) 2014-10-27 23:37:41 -05:00
Peter Arzamendi 0b225d94b1 Xerox Admin password extractor. 2014-10-27 19:26:40 -05:00
Juan Escobar 2ba2388889 Fix issues reported by jvasquez 2014-10-27 19:15:39 -05:00
jvazquez-r7 b990b14a65
Land #3771, @us3r777's deletion of jboss_bshdeployer STAGERNAME option 2014-10-27 18:09:35 -05:00
parzamendi-r7 f7f6cff327 Update xerox_workcentre_5XXX_ldap.rb 2014-10-27 17:23:47 -05:00
Peter Arzamendi f119abbf8c Xerox workcentre 5735 LDAP credential extractor 2014-10-27 15:52:12 -05:00
jvazquez-r7 373ce8d340 Use perl encoding 2014-10-27 15:30:02 -05:00
Luke Imhoff 216360d664
Add missing require
MSP-11145
2014-10-27 15:19:59 -05:00
jvazquez-r7 9da83b6782 Update master changes 2014-10-27 14:35:30 -05:00
Spencer McIntyre 04a99f09bb
Land #4064, Win32k.sys NULL Pointer Dereference 2014-10-27 14:01:07 -04:00
William Vu 090d9b95d1
Land #4078, pureftpd_bash_env_exec desc. update 2014-10-27 12:12:09 -05:00
William Vu 950fc46e4b
Normalize description 2014-10-27 12:09:39 -05:00
Jon Hart b8c9ef96ca
Land #4003, @nstarke's Login Scanner for WD MyBook Live NAS 2014-10-27 09:57:43 -07:00
Spencer McIntyre 830f631da4 Make the check routine less strict 2014-10-27 12:51:20 -04:00
sinn3r aa5dc0a354 100 columns per line 2014-10-27 10:24:11 -05:00
sinn3r 7e56948191 Update description about pureftpd_bash_env_exec
Make exploitable requirements more obvious
2014-10-27 10:23:06 -05:00
Spencer McIntyre 46b1abac4a More robust check routine for cve-2014-4113 2014-10-27 11:19:12 -04:00