Commit Graph

2190 Commits (78f77a3df2c8b344ccf8af605ee9b5465e3a6796)

Author SHA1 Message Date
Daniel Miller 7005216d1f Fix axfr support for auxiliary/gather/enum_dns
AXFR support in net-dns is broken. This fixes it, and makes the
requisite modifications to enum_dns module. Basic problem is that AXFR
responses consist of a chain of DNS replies, not a single reply with
multiple answers. Previously, only the first of these replies, the SOA
record, was returned. Also added some exception handling to avoid
problems like #483.
2012-08-16 20:40:24 -05:00
Daniel Miller 0311caf4df Alternate means of looking up NS IP
Sometimes a nameserver won't have an A record for its own name. Check
for this and fall back to using the system resolver via
Rex::Socket.gethostbyname. Example:

    $ dig +short zonetransfer.me NS
    ns12.zoneedit.com.
    ns16.zoneedit.com.
    $ dig +short @ns12.zoneedit.com ns12.zoneedit.com A
    $ dig +short @ns16.zoneedit.com ns12.zoneedit.com A
    $ dig +short @ns16.zoneedit.com ns16.zoneedit.com A
    $

Also removed an extra A lookup that was unnecessary.
2012-08-16 11:48:37 -05:00
Tod Beardsley 586d937161 Msftidy fix and adding OSVDB 2012-08-15 13:43:50 -05:00
sinn3r 7c6b6281d7 Merge branch 'beacon-addr' of https://github.com/bonsaiviking/metasploit-framework into bonsaiviking-beacon-addr 2012-08-13 11:57:22 -05:00
sinn3r e5666d70e2 Merge branch 'glassfish-uri' of https://github.com/bonsaiviking/metasploit-framework into bonsaiviking-glassfish-uri 2012-08-13 11:53:03 -05:00
HD Moore f72f334124 Fix an odd issue with search due to use of the builtin Proxies option 2012-08-12 23:22:38 -05:00
RageLtMan 33c74c97e2 Add Opt::Proxies and opthash[:proxies] to ssh mods 2012-08-12 16:23:22 -04:00
RageLtMan c9690033c7 This commit allows ssh_login to use socks proxies. Net::SSH::Transport::Session could take a :proxy option,
but it expects a factory object not a string, when setting :proxy => datastore['Proxies'] user got:
"Auxiliary failed: NoMethodError private method `open' called for \"socks4:localhost:1080\":String."
VALID_OPTIONS in ssh.rb now takes :proxies option which is passed to the Rex socket in
Net::SSH::Transport::Session.new.

Testing: block all outgoing to SSH server, try to connect with a proxy. Try with :proxy option,
then merge this pull request and try again.
2012-08-12 16:01:52 -04:00
Daniel Miller ed43418156 Fix unused ADDR_DST option in fuzz_beacon
auxiliary/fuzzers/wifi/fuzz_beacon offers ADDR_DST option, probably
copy-pasted from some other wifi modules, but does not use it, likely
because beacons are meant to be sent to broadcast address only. Since
this is a fuzzer, changing the destination address may be desirable.
Used the option in building the frame to be sent.
2012-08-10 16:14:50 -05:00
Daniel Miller db4f31de76 Fix use of URI option for glassfish_login
auxiliary/scanner/http/glassfish_login offers URI option to set the path
where Glassfish is installed, but it doesn't work. Replaced it with
TARGETURI and call target_uri.path to get a base path.
2012-08-10 15:44:53 -05:00
sinn3r b4b860f356 Correct MC's name 2012-08-08 14:16:02 -05:00
jvazquez-r7 d04fdc9382 Added aux module for CVE-2009-1730 2012-08-08 16:26:41 +02:00
sinn3r b46fb260a6 Comply with msftidy
*Knock, knock!*  Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
sinn3r f26053c2c3 Add vendor's name in there for easier searching 2012-08-07 12:16:52 -05:00
sinn3r 614ae02a26 Add CVE-2012-2626 Scrutinizer add-user aux mod 2012-08-07 12:13:25 -05:00
jvazquez-r7 c2cc4b3b15 juan author name updated 2012-08-06 18:59:16 +02:00
sinn3r 99d3ee6fc4 Merge branch 'webpagetest_traversal' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-webpagetest_traversal 2012-08-06 03:15:16 -05:00
sinn3r f1e7ef06cc Add webpagetest dir traversal module
How did I forget this while writing the exploit?
2012-08-06 03:11:07 -05:00
Tod Beardsley d5b165abbb Msftidy.rb cleanup on recent modules.
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
2012-08-04 12:18:00 -05:00
Rob Fuller 76fee330ee Squashed commit of the following:
commit dadb717f5e17851a85183847f3fdb01e45e6caaa
Author: James Lee <egypt@metasploit.com>
Date:   Fri Aug 3 18:48:53 2012 -0600

    Rescue SMB errors

    Prevents backtraces and gives the user some idea of what happened.
    Specifically useful for STATUS_ACCESS_DENIED and STATUS_LOGON_FAILURE.

commit aba203ead75eec22606f52d7eb67f1581c44c4df
Author: Rob Fuller <jd.mubix@gmail.com>
Date:   Fri Jul 20 03:24:26 2012 -0400

    add SMB list directory module

[Closes #628]
2012-08-03 19:00:11 -06:00
David Maloney fa2b0c26bb Fixes password seeding for JtR modules 2012-08-01 14:15:51 -05:00
sinn3r 87aae548e6 Final cleanup 2012-07-24 13:11:04 -05:00
Bruno Morisson dbc779e02d implemented fixes requested by sinn3r
Implemented the fixes, and re-tested the modules
2012-07-24 11:02:49 +01:00
Bruno Morisson 397d708340 Added bulk file retrieval to sap_mgmt_con_getlogfiles, and new module to get SAP process list from remote host
* Added option to retrieve all available files from remote SAP host to
sap_mgmt_con_getlogfiles, based on the listing request provided in
sap_mgmt_con_listlogfiles module, if the variable GETALL is set to true.
Kept previous functionality of retrieving just one chosen file.

* Added new module sap_mgmt_con_getprocesslist to remotely list SAP
processes using SAP SOAP interface. Based on the other sap_mgmt_con_*
modules by Chris John Riley.
2012-07-23 16:26:33 +01:00
webstersprodigy 3c7ad96b45 Changing a string concat from + to << 2012-07-22 20:28:17 -04:00
webstersprodigy 6bb31280fb Took/tested all egypt's comments, other than the Actions one 2012-07-22 20:02:12 -04:00
sinn3r 33ee6ee699 Merge branch 'sip-capture' of https://github.com/nevdull77/metasploit-framework into nevdull77-sip-capture 2012-07-22 03:36:13 -05:00
Patrik Karlsson 08f0f693b0 change sname in report_auth_info from sip_challenge to sip_client 2012-07-20 19:48:15 +02:00
Patrik Karlsson 5dc985c911 fix msftidy WARNING 2012-07-20 17:15:06 +02:00
Patrik Karlsson 3fc1c1db73 fix problem with report_auth_info that was passed invalid host and port params. 2012-07-20 17:07:42 +02:00
Patrik Karlsson d494ed9bf7 add a function to sanitize source and dest ip's to avoid breaking JtR format. 2012-07-20 13:27:45 +02:00
Patrik Karlsson 7ec5c0d6e0 change module to use Rex::Socket::Udp instead of Ruby's ::UDPSocket. 2012-07-19 20:34:02 +02:00
sinn3r 1c6ce20ad8 Merge branch 'sip-capture' of https://github.com/nevdull77/metasploit-framework into nevdull77-sip-capture 2012-07-19 10:51:57 -05:00
sinn3r 9c510a738e Improve outputs 2012-07-19 10:50:58 -05:00
sinn3r 7cb12921d6 Don't print cli addr twice 2012-07-19 10:43:55 -05:00
sinn3r afd314701e Improve outputs 2012-07-19 10:41:25 -05:00
sinn3r 3253929555 Fix indent 2012-07-19 10:21:30 -05:00
HD Moore 9bff1c913b Merge pull request #592 from alexmaloteaux/ipv6arpfix
ipv6 and arp_scanner fix
2012-07-18 20:40:27 -07:00
Patrik Karlsson ad4a4b2ae3 add module for capturing SIP authentication challenge and response pairs.
The module starts a fake SIP server listening for incoming REGISTER requests.
It then triggers an authentication request at the client and captures the
response for cracking in JtR or Cain.
2012-07-18 20:45:08 +02:00
sinn3r 981ba60fee Fix exception handlings
Two things:
1. Make msftidy happy
2. Exception handling shouldn't be used to shut errors up.
2012-07-18 12:05:14 -05:00
Rory McCune 464df4ed1d Oraenum - added error handling
The oraenum module has errror handling to catch instances where the user used to run the checks doesn't have the appropriate rights, however in one place (The default password check) the error handling code isn't included.  This patch just adds the same check for that code.
2012-07-18 09:22:22 +01:00
sinn3r 78edf15a86 Improve module 2012-07-17 08:39:56 -05:00
sinn3r dde2254f29 rename file 2012-07-17 08:36:02 -05:00
sinn3r d5711efd26 Merge branch 'master' of https://github.com/j0hnf/metasploit-framework into j0hnf-master 2012-07-17 08:35:49 -05:00
jvazquez-r7 6ac6e375a7 Changes according to hdm and sinn3r feedback 2012-07-17 12:02:24 +02:00
jvazquez-r7 7c2ea2ff23 Merge branch 'mysql-capture' of https://github.com/nevdull77/metasploit-framework into nevdull77-mysql-capture 2012-07-17 12:01:19 +02:00
sinn3r 3def2afb46 Correct e-mail format 2012-07-17 04:24:54 -05:00
HD Moore c887e0aaff Re-add AFP changes due to mangled merge 2012-07-17 00:42:49 -05:00
HD Moore f62e0b1cca AFP fixes and JTR typo fix 2012-07-16 21:45:45 -05:00
HD Moore bc2edeace2 Cleanup AFP module output 2012-07-16 21:02:40 -05:00
Patrik Karlsson 88275620ab removed JtR support due to bugs in cracking module. 2012-07-16 15:59:43 +02:00
Patrik Karlsson 25a78e6ab0 change so that both Cain and JTR hashes can be stored at the same time and
added username report_auth_info
2012-07-16 14:13:35 +02:00
Patrik Karlsson 4859e0809e add missing username to john hash 2012-07-16 09:14:44 +02:00
HD Moore 10db74d480 Show the IP address in the output 2012-07-15 21:35:43 -05:00
HD Moore 6c058d9a9a Skip blank usernames (corner case) 2012-07-15 21:14:55 -05:00
Patrik Karlsson 8889d89eea msftidy cleanup 2012-07-16 02:07:45 +02:00
Patrik Karlsson 6331c33472 add MySQL password capturing module
This module provides a fake MySQL service that is designed to
capture authentication credentials. It captures	challenge and
response pairs that can be supplied to Cain or JTR for
cracking.
2012-07-16 01:55:22 +02:00
HD Moore 6cdd044e10 Remove a buggy payload that doesn't have NX support 2012-07-12 12:15:57 -05:00
jvazquez-r7 2da984d700 Added module for OSVDB 83275 2012-07-12 13:12:31 +02:00
webstersprodigy fd009fe3ff Improved smb_put reliability
The .write function was having issues with large files, the
connection would close or sometimes there would be errors.
I changed thefunction to act more like smb_relay and it works better.
2012-07-11 23:30:55 -04:00
jvazquez-r7 b12f13f837 Review of Pull request #594 2012-07-12 00:46:24 +02:00
jvazquez-r7 16cd847e5a Merge branch 'mssql_review' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-mssql_review 2012-07-12 00:36:54 +02:00
jvazquez-r7 a840ff8cf8 Review of pull request #598 2012-07-12 00:34:17 +02:00
jvazquez-r7 f933d98d38 Review of #595 2012-07-12 00:19:27 +02:00
webstersprodigy c593a3429d fixed a type bug with the default response 2012-07-11 02:23:37 -04:00
Alexandre Maloteaux 81ba60169f ipv6 and arp_scanner fix 2012-07-10 18:28:24 +01:00
webstersprodigy f50843e0b7 Adding http_ntlmrelay module 2012-07-09 22:56:24 -04:00
sinn3r b817070545 Merge branch 'mac_oui' of https://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-mac_oui 2012-07-09 20:14:25 -05:00
Alexandre Maloteaux e509c72574 better handle company name 2012-07-10 00:24:30 +01:00
Alexandre Maloteaux e949b8c2c8 mac_oui 2012-07-09 23:46:57 +01:00
jvazquez-r7 b33220bf90 Added module for CVE-2012-2215 2012-07-09 17:32:55 +02:00
sinn3r d626de66f7 Print out where the scheme info is stored.
This module needs to print out where the scheme is stored so the
user knows where it is, see complaint:
https://community.rapid7.com/message/4448
2012-07-08 18:24:18 -05:00
sinn3r 87bac91d71 Apply additional changes from #549
From pull request #549. Changes include:
* Use OptEnum to enforce the use of wpad.dat or proxy.pac
* Remove cli.peerhost:cli.peerport, the API does that already
* cleanup function to restore uripath datastore option
* More friendly error when the user doesn't have enough permission
  to bind to port 80, that way they don't blame it's a bug on msf.
* Remove unnecessary SVN stuff in modinfo
2012-07-07 15:59:16 -05:00
sinn3r 4e90da002d Merge branch 'master' of https://github.com/efraintorres/wmap-metasploit into wpad 2012-07-07 15:44:05 -05:00
sinn3r ecb4e20c92 Instead of deleting the "/", here's a different approach 2012-07-06 01:23:41 -05:00
sinn3r 7876d7fd60 Delete the extra "/" 2012-07-06 01:20:31 -05:00
sinn3r 686f176a99 Correct path 2012-07-06 01:12:47 -05:00
sinn3r 0c18662d46 Make msftidy happy and change the traversal option 2012-07-06 01:10:39 -05:00
sinn3r 3b7e1cd73a Add Dillion's module for Wangkongbao 2012-07-06 00:54:55 -05:00
efraintorres 4c68cdd584 Actions removed. 2012-07-02 10:57:32 -05:00
efraintorres be666fde89 Full msftidy compliant 2012-06-30 22:08:10 -05:00
efraintorres cad749d495 More formatting. 2012-06-30 21:21:56 -05:00
efraintorres 22b47e32fe Fixed wrapping of module description 2012-06-30 21:12:01 -05:00
efraintorres f8aacc3482 All fixes applied to wpad module. 2012-06-30 20:57:59 -05:00
sinn3r e5dd6fc672 Update milw0rm references.
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links.  Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
sinn3r 68c582873b Add the MSF license text 2012-06-27 17:11:00 -05:00
sinn3r 6c80fd9b42 Merge branch 'atlassian_crowd' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-atlassian_crowd 2012-06-27 17:09:25 -05:00
jvazquez-r7 d3bc78c53b applied changes proposed by sinn3r 2012-06-27 23:55:51 +02:00
sinn3r dc30a2dddb Merge branch 'atlassian_crowd' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-atlassian_crowd 2012-06-27 15:37:15 -05:00
Tod Beardsley 97974d9241 Shorten title for display 2012-06-27 10:19:46 -05:00
jvazquez-r7 2c5cc697c9 Added auxiliary module for CVE-2012-2926 2012-06-27 10:21:18 +02:00
j0hn__f 7d20f14525 exec SQL from file 2012-06-26 12:40:34 +01:00
j0hn__f 83260c9c89 module to exe SQL queries from a file 2012-06-26 12:15:30 +01:00
sinn3r 063a2119a3 Merge branch 'iis_auth_bypass' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-iis_auth_bypass 2012-06-25 15:51:33 -05:00
sinn3r f93658b37a Minor name change 2012-06-25 15:51:02 -05:00
sinn3r 637edc21ce Add CVE-2010-2731 2012-06-25 15:48:36 -05:00
HD Moore f7dca272b6 IE 10/Win8 detection support 2012-06-25 00:36:49 -05:00
HD Moore 1989f0ab46 IE 10/Win8 detection support 2012-06-25 00:36:04 -05:00
HD Moore 348a0b8f6e Merge branch 'master' into feature/vuln-info 2012-06-24 23:00:13 -05:00
HD Moore c28d47dc70 Take into account an integer-normalized datastore 2012-06-24 23:00:02 -05:00