infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
25,532 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1112 Commits (79fe3426880c2d89546237df01078880d34a9bde)

Author SHA1 Message Date
jvazquez-r7 73a66819ea Merge for retab 2013-09-06 09:50:37 -05:00
jvazquez-r7 7ce9d38eba Fix module 2013-09-06 09:49:52 -05:00
Tab Assassin f5a4c05dbc Retab changes for PR #2267 2013-09-05 14:11:03 -05:00
Tab Assassin 4703a10b64 Merge for retab 2013-09-05 14:10:58 -05:00
Tab Assassin 015ac6d92c Retab changes for PR #2273 2013-09-05 14:09:44 -05:00
Tab Assassin e25ec2d2f9 Merge for retab 2013-09-05 14:09:39 -05:00
Tab Assassin 0a1a202fb5 Retab changes for PR #2329 2013-09-05 13:04:23 -05:00
Tab Assassin 760943af2f Merge for retab 2013-09-05 13:02:51 -05:00
jvazquez-r7 c44be42cf5 Merge the check for Sentry in just one request 2013-09-05 10:41:20 -05:00
jvazquez-r7 d280d45964 Revert "Updated module - 1 req action" 
This reverts commit f85b9aa780.
 2013-09-05 10:35:13 -05:00
Karn Ganeshen f85b9aa780 Updated module - 1 req action 
Modified the code to have it work with 1 request instead of 3. Thanks Meatballs1!
 2013-09-05 20:04:02 +05:30
kaospunk 9f628b8b63 Add URI where information was discovered 
This adds the URI where the information was enumerated from to the
scanner output.

One more place where target_uri was being used was also corrected.
 2013-09-05 10:06:11 -04:00
kaospunk afaab5e0a6 Fixes issues raised by jvazquez-r7 
This commit fixes the following issues raised by jvazquez-r7:
* The local target_uri variable has been renamed to test_uri
* Logic to prepend a "/" to the uri has been removed
* The timeout of 10 for send_request_cgi has been removed to use the
  default
 2013-09-05 09:34:35 -04:00
kaospunk 533643fe2c Host Information Enumeration via NTLM Authentication 
This aux module makes requests to resources on the target server in
an attempt to find resources which permit NTLM authentication. For
resources which permit NTLM authentication a blank NTLM type 1 message
is sent to enumerate a a type 2 message from the target server. The type
2 message is then parsed for information such as the Active Directory
domain and NetBIOS name.

The user can provide their own TARGETURIS file which contains URIs
to request to attempt to get a 401 with NTLM. This PR also includes
a list of URLs that can be used as the default.
 2013-09-04 21:39:02 -04:00
Karn Ganeshen 3786376b42 Aux module for Sentry CDU enum 2013-09-03 14:44:03 +05:30
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
rbsec a574b548b2 Updated wordpress_login_enum auxilary module. 
Update wordoress_login_enum to work when the wordpress site redirects
to /author/[authorname]/ rather than displaying the author's name in
the page contents.
 2013-08-29 15:28:46 +01:00
jvazquez-r7 b9360b9de6 Land #2286, @wchen-r7's patch for undefined method errors 2013-08-26 20:46:05 -05:00
sinn3r 85ed9167f2 Print target endpoint 
If a module consistently print the target endpoint in all its print
functions, then we'll follow that.
 2013-08-26 17:51:43 -05:00
sinn3r 9f8051161f Properly implement normalize_uri 2013-08-26 17:18:00 -05:00
jvazquez-r7 c660279963 Land #2259, @wchen-r7's patch for [SeeRM #8319] 2013-08-26 16:36:45 -05:00
sinn3r 3769da2722 Better fixes 2013-08-26 14:02:45 -05:00
sinn3r 8c7f4b3e1f Avoid using inline rescue 2013-08-26 13:54:06 -05:00
Christian Mehlmauer 035258389f use feed first before trying to bruteforce 2013-08-25 10:16:43 +02:00
Christian Mehlmauer 5f7ccf1cbe naming..again 2013-08-24 18:58:00 +02:00
Christian Mehlmauer 7cd150b850 another module 2013-08-24 18:42:22 +02:00
Christian Mehlmauer c40252e0b3 bugfixing 2013-08-24 00:04:16 +02:00
kaospunk a863005d33 Removed blanks at EOL 
Fixed blanks at EOL per msftidy messages
 2013-08-22 14:20:42 -04:00
kaospunk 7e098e4d6b Domain enumeration put in own function 
The code to enumerate the AD domain is now in its own function

Additionally, a new advanced option has been added which controls
whether or not the domain enumeration will occur so that if it is
not wanted the user can disabled it. By default this is set to
enumerate the AD domain.

If AD_DOMAIN is already specified then this will be used and no
auto enumeration will occur.
 2013-08-22 14:16:00 -04:00
kaospunk 7e0b26e932 Minor fixes to syntax and error handling 2013-08-22 13:23:39 -04:00
kaospunk cdcfa88fa3 Enumerate AD Domain via NTLM Authentication 
Add functionality to attempt an NTLM auth against common directories
to try to enumerate the AD domain. If a domain is found this will be
prepended to the authentication requests, otherwise it's business as
usual.
 2013-08-22 12:26:14 -04:00
Christian Mehlmauer 556f17c47e Move modules 2013-08-22 17:33:35 +02:00
Christian Mehlmauer 8456d2c0ec remove target_uri 2013-08-22 00:48:42 +02:00
Christian Mehlmauer 959553583f -) revert last commit 
-) split into seperate modules
 2013-08-22 00:45:22 +02:00
Christian Mehlmauer 009d8796f6 wordpress is now a module, not a mixin 2013-08-22 00:05:58 +02:00
Christian Mehlmauer 2e9a579a08 implement @limhoff-r7 feedback 2013-08-21 21:05:52 +02:00
Christian Mehlmauer ffdd057f10 -) Documentation 
-) Added Wordpress checks
 2013-08-21 14:27:11 +02:00
Christian Mehlmauer 655e2dcf6c more methods 2013-08-21 13:13:41 +02:00
Christian Mehlmauer 11ef8d077c -) added wordpress mixin 
-) fixed typo in web mixin
 2013-08-21 12:45:15 +02:00
sinn3r 2fa75e0133 Fix undefined method error 
[FixRM #8325]
 2013-08-21 01:16:49 -05:00
sinn3r be29e44788 Fix undefined method error 
[FixRM #8328]
 2013-08-21 01:15:07 -05:00
sinn3r ae8c40c8f7 Fix undefined method error 
[FixRM #8329]
 2013-08-21 01:10:46 -05:00
sinn3r 42a7766f1b Fix undefined method error 
[FixRM #8330]
 2013-08-21 01:09:24 -05:00
sinn3r 0f85fa21b4 Fix undefined method error 
[FixRM #8331]
 2013-08-21 01:08:19 -05:00
sinn3r 8eeb66f96d Fix undefined method error 
[FixRM #8332]
 2013-08-21 01:06:54 -05:00
sinn3r 785f633d1d Fix undefined method error 
[FixRM #8334]
[FixRM #8333]
 2013-08-21 01:01:53 -05:00
sinn3r 0561928b92 Fix undefined method error 
[FixRM #8336]
 2013-08-21 00:54:08 -05:00
sinn3r 2597c71831 Fix undefined method error 
[FixRM #8338]
[FixRM #8337]
 2013-08-21 00:52:33 -05:00
sinn3r 092b43cbfa Fix undefined method error 
[FixRM #8339]
 2013-08-21 00:50:37 -05:00
sinn3r 32a190f1bd Fix undefined method error 
[FixRM #8340]
 2013-08-21 00:49:13 -05:00
sinn3r 217d89fa7c Fix undefined method error 
[FixRM #8341]
 2013-08-21 00:47:31 -05:00
sinn3r 3a271e7cc7 Fix undefined method error 
[FixRM #8342]
 2013-08-21 00:45:48 -05:00
jvazquez-r7 fe089030d4 Land #2257, @wchen-r7's patch for [SeeRM #8317] 2013-08-20 13:43:37 -05:00
sinn3r 1702cf2af9 Use TARGETURI 2013-08-20 13:23:32 -05:00
jvazquez-r7 3ac59fede7 Land #2251, @wchen-r7's patch to use OptRegexp 2013-08-20 12:55:30 -05:00
sinn3r 202b31d869 Better fix based on feedback 
Tell daddy how you want it.
 2013-08-20 12:52:04 -05:00
jvazquez-r7 586ae8ded3 Land #2249, @wchen-r7's patch for [SeeRM #8314] 2013-08-20 10:32:47 -05:00
sinn3r f68d581b7a [FixRM #8319] - Properly disable BLANK_PASSWORDS for ektron_cms400net 
In module ektron_cms400net.rb, datastore option "BLANK_PASSWORDS" is
set to false by default, because according to the original author, a
blank password will result in account lockouts. Since the user should
never set "BLANK_PASSWORDS" to true, this option should never be
presented as an option (when issuing the "show options").

While fixing #8319, I also noticed another bug at line 108, where
res.code is used when res could be nil due to a timeout, so I ended
up fixing it, too.
 2013-08-20 01:20:52 -05:00
sinn3r 3c27520e10 [FixRM #8317] - Fix possible double slash in file path 
It is possible to have a double slash in the base path, shouldn't
happen.
 2013-08-19 17:55:14 -05:00
sinn3r 7fc37231e0 Fix email format 
Correct email format
 2013-08-19 16:34:14 -05:00
sinn3r 8eb9266bff Use the correct var 2013-08-19 16:19:03 -05:00
sinn3r 58d5cf6faa Module should use OptRegexp for regex pattern option 
Instead of using OptString, OptRegexp should be used because this
datastore option is a regex pattern.
 2013-08-19 16:16:34 -05:00
sinn3r fb5ded1472 [FixRM #8314] - Use OptPath instead of OptString 
These modules need to use OptPath to make sure the path is validated.
 2013-08-19 15:30:33 -05:00
Tod Beardsley ca313806ae Trivial grammar and word choice fixes for modules 2013-08-19 13:24:42 -05:00
sinn3r 780293d817 Minor changes 2013-08-16 23:24:40 -05:00
sinn3r a94c6aa72b [FixRM 6264] Check required vulnerable component before testing 
tomcat_enum requires the admin web app package for it to work, but
by default many Apache Tomcat don't actually have this. The module
should check that first before trying usernames.

[FixRM 6264], see:
http://dev.metasploit.com/redmine/issues/6264

I also made changes to do_login in order to verify successful/bad
attempts more specific.
 2013-08-16 15:45:23 -05:00
sinn3r bbe57dbf3a Some cleanup, also remove TARGETURI because not registered by default 2013-08-16 12:06:24 -05:00
Karn Ganeshen e4885b2017 updated module 
removed the csrfkey parameter from login uri.
 2013-08-16 13:04:02 +05:30
Karn Ganeshen a65181d51b new revision - cisco_ironport_enum 
Added code to check successful conn first, so now if there is no connectivity on target port, script aborts run.
New check to ensure 'set-cookie' is set by the app as expected, before any further fingerprinting & b-f starts.
If the app is not Ironport, 'set-cookie' will not be set & remains null, and so script aborts run.
De-registered 'TARGETURI.'
Registered 'username' and 'password' with default value.
Changed some run messages.
And lastly, changed the csrf key piece cos I miss a cold beer right now.
 2013-08-15 04:06:30 +05:30
Juushya d526663a53 Add module to brute force the Cisco IronPort application 2013-08-14 09:16:49 -07:00
jvazquez-r7 5ef1e507b8 Make msftidy happy with http_login 2013-08-05 08:41:07 -05:00
sinn3r 8be3f511a4 Fix undefined variable 'path' for http_login 2013-08-03 21:35:22 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff 
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
 2013-07-29 21:47:52 -05:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Tod Beardsley 147d432b1d Move from DLink to D-Link 2013-07-23 14:11:16 -05:00
jvazquez-r7 2150d9efb0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-22 12:06:18 -05:00
sinn3r 64cfda8dad Final 2013-06-20 13:28:12 -05:00
sinn3r bfb78e001a Add HP System Management Homepage Login Utility 2013-06-20 12:54:03 -05:00
jvazquez-r7 6319f041df Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-20 08:21:40 -05:00
Steve Tornio 55312529d2 add osvdb ref 94417 2013-06-19 23:13:45 -05:00
jvazquez-r7 a01f0c4671 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 09:34:51 -05:00
sinn3r 90cad4b7fb Land #1980 - Canon Printer Wireless Configuration Disclosure 2013-06-18 19:09:38 -05:00
sinn3r abc3951ca2 Final touchup 2013-06-18 19:08:42 -05:00
Matt Andreko 7f1a913bdc Code Review Feedback from wchen 
Fixed the disclosure date format
Removed the rport option
Added a call to report_note to store the data
 2013-06-18 12:13:19 -04:00
jvazquez-r7 ae1a3e3ca1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-17 20:39:31 -05:00
Tod Beardsley 4ca9a88324 Tidying up grammar and titles 2013-06-17 16:49:14 -05:00
Matt Andreko df8c80e3d1 Added CVE and disclosure date 2013-06-17 17:40:36 -04:00
jvazquez-r7 2e201bb2a3 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-16 15:19:36 -05:00
jvazquez-r7 d20f72a9fd Fix indentation 2013-06-16 15:18:19 -05:00
jvazquez-r7 3cd94f5025 Do final cleanup for infovista_enum 2013-06-16 11:50:40 -05:00
Matt Andreko fd026c5b34 Added References and Disclosure Date 2013-06-15 18:31:20 -04:00
jvazquez-r7 11bf17b0d6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-15 11:55:22 -05:00
KarnGaneshen ba59434261 added infovista module 2013-06-15 17:16:26 +05:30
jvazquez-r7 7a11077834 Land #1923, @juushya's module for rfcode brute forcing 2013-06-14 13:36:14 -05:00
jvazquez-r7 ae027a9efb Final cleanup for rfcode_reader_enum 2013-06-14 13:09:48 -05:00
KarnGaneshen 6188df1b3a added note :type - Info. This is mandatory field for report_note. also, vprint statements seem to be adding an extra space with a hyphen. kinda make print dis-aligned than other regular print_* statements. changed -> to -, removed ' from '#{user/pass}'. works fine. msftidy check. module load check. pcap taken. 2013-06-13 14:03:55 +05:30
jvazquez-r7 0b9cf213df Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-12 12:03:10 -05:00
KarnGaneshen 871f1b7c1f updated prints with ip-port reference. msftidy check. module load check. go rf reader.. 2013-06-12 00:53:58 +05:30
KarnGaneshen 736bf120d9 added sname in report data, corrected :host to rhost, :port to rport. msftidy check. module load check. upping it. 2013-06-12 00:25:50 +05:30
jvazquez-r7 0578572d98 Change sevone_enum because it's an Scanner 2013-06-11 08:51:15 -05:00
KarnGaneshen 5c078f5139 added report_note to store collected info. removed register rport for 80t. msftidy & module load checked. pushing it up. 2013-06-11 12:57:26 +05:30
jvazquez-r7 c641184e37 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-10 13:30:36 -05:00
jvazquez-r7 0c6dbe9885 Add final cleanup for sevone_enum 2013-06-10 13:16:22 -05:00
KarnGaneshen 72a9c8612b setting rfcode_reader_enum straight. more updates. 2013-06-10 22:57:00 +05:30
KarnGaneshen 5c988d99fe more updates to sevone.rb. hopefully all is covered.. 2013-06-10 21:59:18 +05:30
KarnGaneshen 04171c46ec more updates to sevone.rb. hopefully all is covered. 2013-06-10 21:47:56 +05:30
Karn Ganeshen ffa18d413f Updated rfcode_reader_enum.rb ... 
Updated as per review comments. 
Removed loot of network configuration.
Used JSON.parse to bring cleaner loot output
Changed some print_goods to vprint_status
Changed if not to unless
 2013-06-08 03:21:43 +05:30
Karn Ganeshen 74bddcf339 Update sevone_enum.rb 
New updates as per review comments
 2013-06-08 02:28:09 +05:30
Karn Ganeshen 1ca8fd2cf1 Update sevone_enum.rb 
Updated as per initial review comments.
 2013-06-08 01:14:43 +05:30
Karn Ganeshen eb0ae6ed27 Update rfcode_reader_enum.rb 
Updated as per review comments
 2013-06-08 01:00:18 +05:30
Karn Ganeshen 6b8e6b3f0c Create rfcode_reader_enum.rb 
Adding new aux - RFCode Reader Web interface Login Brute Force & Config Capture Utility
 2013-06-07 23:53:09 +05:30
Karn Ganeshen fcc600aa3e Create sevone_enum.rb 
Adding new aux - SevOne Network Performance Management System application version enumeration and brute force login Utility
 2013-06-07 23:39:22 +05:30
jvazquez-r7 e5a17ba227 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-05 09:41:23 -05:00
sinn3r a3b25fd7c9 Land #1909 - Novell Zenworks Mobile Device Managment exploit & auxiliary 2013-06-05 02:45:45 -05:00
sinn3r 307773b6a1 Extra space - die! 2013-06-05 02:44:56 -05:00
sinn3r 0c1d46c465 Add more references 2013-06-05 02:43:43 -05:00
sinn3r 5d90c6cd71 Make msftidy happy 2013-06-05 02:11:23 -05:00
sinn3r ca5155f01d Final touchup novell_mdm_creds 2013-06-05 02:08:55 -05:00
sinn3r a5a3f40394 Report auth info 2013-06-05 02:06:32 -05:00
steponequit ed4766dc46 initial commit of novell mdm modules 2013-06-04 09:20:10 -07:00
jvazquez-r7 4079484968 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-03 15:27:36 -05:00
CG 571b62d19d svn scanner added print_good and rport 2013-06-02 18:05:11 -04:00
jvazquez-r7 9d91596e46 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-29 16:21:32 -05:00
Tod Beardsley 10d8bebe73 Start with a random username to test 401 codes 
SeeRM #7991

While this fixes the specific case of tomcat_mgr_login, it doesn't
address the general case where modules are attempting to test code 401
responses in order to determine if bruteforcing should continue.
 2013-05-29 12:36:28 -05:00
jvazquez-r7 aa688c4313 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-29 10:47:04 -05:00
Samuel Huckins f0e3b0c124 Merge pull request #1836 from dmaloney-r7/bug/anyuser_anypass_http 
Verified MSF specs passing, Pro on develop functional tests working (ran Bruteforce, saw normal and verbose output concerning that bruteforce was skipped for such a case and why, verified no cred saved with 'anyuser' user).
 2013-05-29 07:44:18 -07:00
jvazquez-r7 6401d557fd Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-28 19:57:16 -05:00
jvazquez-r7 96888455a7 Add new signature for CF9 2013-05-28 16:04:08 -05:00
sinn3r a6a46f82bb Updates the description a little bit 2013-05-28 14:31:56 -05:00
sinn3r e4e5edc619 Looks like we don't need to check MD5, let's keep it that way then. 2013-05-28 14:31:15 -05:00
sinn3r 8ab90e657c Adds a check for Cold Fusion 10 2013-05-28 14:21:29 -05:00
Matt Andreko 5695994432 Added module to enumerate Canon printer Wifi settings 2013-05-27 18:02:37 -04:00
jvazquez-r7 094a5f1b18 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-26 16:03:33 -05:00
Matt Andreko ea7805d3c8 Fixed a bug in the HSTS module around null headers 2013-05-23 15:02:39 -04:00
dmaloney-r7 ee28a3a8d7 Update http_login.rb 
add parens around conditional to make bikeshed prettier
 2013-05-21 11:28:23 -05:00
David Maloney 4503a7af50 Don't save creds of anyuser:anypass 
If http accepts any user and any pass, it's not a real auth
there is no reason to create cred objects for this.
These creds have been confusing our users
 2013-05-16 10:25:32 -05:00
jvazquez-r7 38e41f20fe Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-24 13:24:13 -05:00
sinn3r cae30bec23 Clean up all the whitespace found 2013-04-23 18:27:11 -05:00
jvazquez-r7 d1c5179b83 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-19 17:48:12 -05:00
jvazquez-r7 c7fcd6931a Use vprint_error 2013-04-19 16:22:07 -05:00
Christian Mehlmauer eaff87879e added text 2013-04-19 22:03:05 +02:00
Christian Mehlmauer a6be72b019 fixes for mediawiki aux module 2013-04-19 21:43:12 +02:00
jvazquez-r7 d4fa2ba96d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-19 14:14:36 -05:00
jvazquez-r7 31586770a0 Added module for OSVDB 92490 2013-04-18 14:34:02 -05:00
jvazquez-r7 cc35591723 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-15 17:43:15 -05:00
Tod Beardsley a36c6d2434 Lands #1730, adds a VERBOSE option checker 
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
 2013-04-15 15:32:56 -05:00
Tod Beardsley 29101bad41 Removing VERBOSE offenders 2013-04-15 15:29:56 -05:00
jvazquez-r7 79620ed660 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-09 17:12:16 +02:00
Tod Beardsley ba86e14d43 Whitespace and caps fixes 2013-04-09 08:57:53 -05:00
jvazquez-r7 d65bf8bab9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-08 18:19:41 +02:00
sinn3r d24371eaff Merge branch 'hp_imc_reportimgservlt_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_reportimgservlt_traversal 2013-04-08 10:18:30 -05:00
sinn3r 1b5c34db1a Merge branch 'hp_imc_ictdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_ictdownloadservlet_traversal 2013-04-08 10:17:19 -05:00
sinn3r 11253c8f3e Merge branch 'hp_imc_faultdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_faultdownloadservlet_traversal 2013-04-08 10:16:52 -05:00
jvazquez-r7 daba48035d fix DEPTH description and basename 2013-04-05 11:05:46 +02:00
jvazquez-r7 b6edad1f1d fix DEPTH description and basename 2013-04-05 11:04:43 +02:00
jvazquez-r7 d163e96d6a fix DEPTH description and basename 2013-04-05 11:02:59 +02:00
jvazquez-r7 d823f724cd Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-04 22:16:35 +02:00
jvazquez-r7 30f44c3a24 final cleanup for dlink_dir_615h_http_login 2013-04-04 22:02:45 +02:00
jvazquez-r7 8f60d12e46 Merge branch 'dlink_login_dir_615H' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login_dir_615H 2013-04-04 22:01:49 +02:00
jvazquez-r7 b75d038fc2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-04 21:54:36 +02:00
jvazquez-r7 7d1e9af728 final cleanup for dlink_dir_session_cgi_http_login 2013-04-04 21:41:42 +02:00
jvazquez-r7 0b9fe53919 module filename changed 2013-04-04 21:41:10 +02:00
jvazquez-r7 6ec6638568 Merge branch 'dlink_login_dir_300B_600B' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login_dir_300B_600B 2013-04-04 21:40:21 +02:00
jvazquez-r7 498a0dc309 final cleanup for dlink_dir_300_615_http_login 2013-04-04 21:15:22 +02:00
jvazquez-r7 cff70e41be Merge branch 'dlink_login' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login 2013-04-04 21:14:56 +02:00
m-1-k-3 7b4cdf4671 make msftidy happy 2013-04-04 13:22:01 +02:00
m-1-k-3 78c492da20 is_dlink, more feedback included, msftidy 2013-04-04 13:18:32 +02:00
m-1-k-3 2f96a673cd is_dlink, more feedback included 2013-04-04 13:17:45 +02:00
m-1-k-3 64f3e68310 is_dlink and some more feedback included 2013-04-04 13:01:18 +02:00
jvazquez-r7 89de9fdf22 cleanup for dlink_dir_300_615_http_login 2013-04-03 10:04:01 +02:00
jvazquez-r7 b4b3c82c86 delete space 2013-04-03 00:31:00 +02:00
jvazquez-r7 54120a2d3a delete space 2013-04-03 00:30:24 +02:00
jvazquez-r7 85d9e3e9ee delete space 2013-04-03 00:29:38 +02:00
jvazquez-r7 0b4eab2499 added module for ZDI-13-053 2013-04-03 00:24:11 +02:00
jvazquez-r7 018e147063 added module for ZDI-13-052 2013-04-03 00:22:38 +02:00
jvazquez-r7 dc17b4931c added module for ZDI-13-051 2013-04-03 00:21:01 +02:00
jvazquez-r7 070fd399f2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-31 20:23:08 +02:00
m-1-k-3 587170ae52 fixed author details - next try 2013-03-30 12:43:55 +01:00
m-1-k-3 1d6184cd63 fixed author details 2013-03-30 12:41:31 +01:00
m-1-k-3 8032a33cd5 report_auth_info - proof 2013-03-29 22:06:25 +01:00
m-1-k-3 1156194a6b feedback included, server fingerprinting 2013-03-29 22:04:22 +01:00
m-1-k-3 2b4d6eb455 feedback included, server header check 2013-03-29 21:30:45 +01:00
m-1-k-3 b6a50da394 feedback included, server header check 2013-03-29 21:20:51 +01:00
m-1-k-3 aa981cc991 DIR-645 also working 2013-03-27 12:11:14 +01:00
m-1-k-3 615aa57399 Dlink DIR615 HW rev B login module 2013-03-27 09:26:23 +01:00
m-1-k-3 680b551215 default to user admin 2013-03-27 08:59:19 +01:00
m-1-k-3 032214fb1d default to user admin 2013-03-27 08:49:04 +01:00
m-1-k-3 e1a719a6c0 http login module for DLink DIR300revB, DIR600revB, DIR815 2013-03-26 20:57:24 +01:00
m-1-k-3 c4fe21865c user fix 2013-03-26 20:15:19 +01:00
jvazquez-r7 3c12459703 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-25 19:33:36 +01:00
jvazquez-r7 9717a8c3b4 cleanup for tplink_traversal_noauth 2013-03-25 19:20:18 +01:00
jvazquez-r7 543b401a55 Merge branch 'tplink-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-tplink-traversal 2013-03-25 19:18:53 +01:00
jvazquez-r7 393d5d8bf5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-25 19:09:42 +01:00
sinn3r dcce23d23d Merge branch 'bugs/tomcat_enum-double_check' of github.com:neinwechter/metasploit-framework into neinwechter-bugs/tomcat_enum-double_check 2013-03-25 12:19:52 -05:00
Nathan Einwechter aad0eed485 Fix whitespace EOL 2013-03-25 13:00:37 -04:00
Nathan Einwechter 3f79b2fd3b Use :abort for scanner mixin 2013-03-25 12:59:18 -04:00
sinn3r 0d56da0511 Merge branch 'netgear-sph200d' of github.com:m-1-k-3/metasploit-framework into m-1-k-3-netgear-sph200d 2013-03-25 11:45:40 -05:00
Nathan Einwechter 99fe2a33d7 Deregister USER_AS_PASS and stop on connect error 2013-03-25 12:35:52 -04:00
jvazquez-r7 53b862300e cleanup for linksys_e1500_traversal 2013-03-25 17:33:38 +01:00
jvazquez-r7 ea804d433e change file name 2013-03-25 17:33:16 +01:00
m-1-k-3 e57498190b dlink dir 300/600 login module - initial commit 2013-03-25 08:48:24 +01:00
m-1-k-3 7ff9c70e38 10 to 0 is good :) 2013-03-23 22:46:26 +01:00
m-1-k-3 47d458a294 replacement of the netgear-sph200d module 2013-03-23 22:40:32 +01:00
m-1-k-3 bd522a03e3 replace module to the scanner directory 2013-03-23 22:29:44 +01:00
m-1-k-3 8f59999f82 replace module to the scanner directory 2013-03-23 22:25:04 +01:00
jvazquez-r7 b498bf9b71 up to date 2013-03-12 16:50:35 +01:00
jvazquez-r7 074ea7dee4 Merge branch 'ssl' of https://github.com/luh2/metasploit-framework into luh2-ssl 2013-03-11 15:36:20 +01:00
James Lee 2160718250 Fix file header comment 
[See #1555]
 2013-03-07 17:53:19 -06:00
David Maloney 71ba044d03 remove debugging aid 2013-03-04 11:25:34 -06:00
David Maloney 6dcca7df78 Remove duplicated header issues 
Headers were getting duped back into client config, causing invalid
requests to be sent out
 2013-03-04 11:24:26 -06:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
James Lee d3b3587660 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-27 14:01:57 -06:00
J.Townsend cbce1bdff2 update module description 
This adds the version of wordpress the issue was fixed in to the description
 2013-02-26 00:24:46 +00:00
James Lee 1ce86b7adb Whitespace 2013-02-25 14:29:10 -06:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
jvazquez-r7 a19da61177 deleting trailing comma 2013-02-16 00:53:28 +01:00
sinn3r 4eca6e5502 Merge branch 'feature/web_crawler_skip_paths' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/web_crawler_skip_paths 2013-02-13 14:07:20 -06:00
jvazquez-r7 167f5970c1 minor cleanup for rails_json_yaml_scanner 2013-02-13 00:07:58 +01:00
jvazquez-r7 3e2a368823 Merge branch 'rails_json_yaml_scanner' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-rails_json_yaml_scanner 2013-02-13 00:07:11 +01:00
Jeff Jarmoc 846052a34d s/URIPATH/TARGETURI/g per @jvasquez-r7 comments on another pull. 2013-02-12 15:13:06 -06:00
Tasos Laskos f2cf4304d2 Merge remote-tracking branch 'upstream/master' into feature/web_crawler_skip_paths 2013-02-12 22:10:40 +02:00
Tasos Laskos 9efd3f6c5e scanner/http/crawler: added ExcludePathPatterns opt 
Option 'ExcludePathPatterns' allows users to specify which paths should
be excluded from the crawl (and which forms to ignore) by passing a
list of patterns (only allows '*' wildcards).
 2013-02-12 21:47:12 +02:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444 
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
 2013-02-11 20:49:55 -06:00
Jeff Jarmoc ddd7d307e6 Add a scanner aux module for Rails JSON/YAML vuln CVE-2013-0333 2013-02-11 16:48:44 -06:00
David Maloney a43b902b5c Fix tomcat_mgr_login auth 2013-02-11 12:00:40 -06:00
sinn3r 7370d7d31b Final touchup 2013-02-08 18:21:06 -06:00
Spencer McIntyre 7522a87cf9 Adding an auxiliary scanner module for Titan FTP password disclosure. 2013-02-08 15:43:02 -05:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
sinn3r 035e8b7100 Merge branch 'groupwise_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-groupwise_traversal 2013-02-07 17:33:34 -06:00
jvazquez-r7 e9912496d8 nice check learned from sinn3r 2013-02-07 22:05:39 +01:00
jvazquez-r7 0d3c32b0a4 Added module for CVE-2012-0419 2013-02-07 21:15:49 +01:00
sinn3r 7f746e1caa That's what he said. 2013-02-07 11:13:18 -06:00
sinn3r d554c3a56a Don't really need the bottom comment 2013-02-07 10:46:42 -06:00
sinn3r 98559d4d51 Do a check and make sure this is Simple Web Server 2013-02-07 10:45:53 -06:00
sinn3r b11f052746 Allow arbitrary depth 2013-02-07 10:32:29 -06:00
sinn3r a3264e18e2 There aint no fail_with(), must use print_error 2013-02-07 10:30:17 -06:00
sinn3r b09f819e4b Add Simple Web Server dir traversal 2013-02-06 17:02:07 -06:00
James Lee 1095fe198b Merge branch 'rapid7' into dmaloney-r7-http/auth_methods 2013-02-06 16:57:50 -06:00
Jeff Jarmoc 39cafd0cde Use OptEnum instead of OptString 2013-02-04 15:08:34 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup 
cleanup all the old BasicAuth datastore options
 2013-02-04 13:02:26 -06:00
David Maloney 8b1febb4cf add myself to the blame list for the module =P 2013-02-04 12:32:43 -06:00
David Maloney 9497e38ef7 Fix http login scanner 
Fix the http_login scanner to use new buitin auth
 2013-02-04 12:31:19 -06:00
Jeff Jarmoc 5e0c18af2f adding self to credits 2013-02-03 16:14:42 -06:00
Jeff Jarmoc 57c8e41846 Re-order probes and checks. 
This causes module to exit if error conditions are found, before sending unecessary probes.
 2013-02-03 16:10:46 -06:00
Jeff Jarmoc 8dff427776 Allow 4xx codes, display codes in verbose output 2013-02-03 16:07:07 -06:00
Jeff Jarmoc 810470de3b Make HTTP_METHOD Configurable 2013-02-03 16:05:45 -06:00
David Maloney 5814c59620 move httpauth to mixin 
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
 2013-02-01 15:12:10 -06:00
egypt 5332e80ae9 Fix errant use of .to_s instead of .path 2013-01-31 14:18:42 -06:00
sinn3r c174e6a208 Correctly use normalize_uri() 
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
 2013-01-30 23:23:41 -06:00
Tod Beardsley b1f8b87f14 Chmod -x the joomla modules. Also fix a title typo 
joomla_pages was incorrectly titled as "Joomla Version Scanner," which
of course is actually joomla_version.
 2013-01-29 17:02:43 -06:00
sinn3r 1ea1ad3166 Fix the forgotten path() 2013-01-28 14:48:22 -06:00
sinn3r 690ef85ac1 Fix trailing slash problem 
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.

Related to: [SeeRM: #7727]
 2013-01-28 13:19:31 -06:00
jvazquez-r7 01b7e3554e fix issue found by newpid0 2013-01-25 22:05:09 +01:00
jvazquez-r7 d0ecb617c3 Merge branch 'joomla-scanner' of https://github.com/Newpid0/metasploit-framework into Newpid0-joomla-scanner 2013-01-25 21:47:05 +01:00
jvazquez-r7 d6e9f891ea Proposal for joomla-scanner 2013-01-25 20:44:49 +01:00
f8lerror dd1ce34ecc Made recommended changes removed short timeout added returns and other small changes 2013-01-24 17:04:22 -05:00
sinn3r af3a1db4c1 Make better use of ruby regex 2013-01-24 14:16:01 -06:00
sinn3r 077c04d13a Merge branch 'feature/rm6822-cold_fusion_version' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-cold_fusion_version 2013-01-24 13:51:27 -06:00
f8lerror 6cdb1a80de Remove app from fingerprint and blank line 2013-01-24 09:47:20 -05:00
f8lerror bf2b01f8ef Delete a file and strip space 2013-01-24 09:30:04 -05:00
f8lerror 6e94c04a52 Code Corrections and Enhancements 2013-01-23 20:26:23 -05:00
sinn3r 5cfabb0443 Apply the changes I suggested before 2013-01-23 00:15:09 -06:00
sinn3r 1e39c31cc2 Merge branch 'feature/rm6822-coldfusion_locale_traversal' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm6822-coldfusion_locale_traversal 2013-01-23 00:06:35 -06:00
f8lerror 5cfe58e8d5 General code review and corrections 2013-01-20 22:33:04 -05:00
Christian Mehlmauer e613c860a5 Added Name and Emailadress 2013-01-17 23:17:14 +01:00
Tod Beardsley a43b218917 Line full of whitespace 2013-01-17 12:43:06 -08:00
f8lerror 0b61d28e0e added Joomla scanner and url wordlist 2013-01-17 11:36:59 -05:00
lmercer a701b5eb79 fixed an error that occurred when patching. 2013-01-16 18:21:19 -05:00
lmercer ddd2dbc17b Updated coldfusion_local_traversal as described in Redmine Feature #6822 2013-01-16 17:54:15 -05:00
lmercer 481f2eb791 updated cold_fusion_version from Redmine Feature #6822 2013-01-16 17:23:35 -05:00
sinn3r 9dc42e93e7 Reduce unnecessary indent level 2013-01-15 14:36:41 -06:00
sinn3r 5109cc97fe Add more verbs 
[SeeRM: #7138] by jabra
 2013-01-15 14:11:53 -06:00
sinn3r ef6eec949c Move impersonate_ssl 
To 'gather', because it grabs stuff, not scans.
 2013-01-11 17:22:27 -06:00
jvazquez-r7 8c5847a13c Make output compatible with an scanner module 2013-01-11 00:10:15 +01:00
jvazquez-r7 0e950997e6 Merge branch 'wordpress-pingback-access' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-wordpress-pingback-access 2013-01-10 23:57:22 +01:00
smilingraccoon 0c58a118ff Found the issue I believe, fixed two issues. One with 301/302 responses getting a bad URI due to switch from ip to dns in location header and other from res.to_s rather than res.body being passed to regex 2013-01-10 11:32:48 -05:00
smilingraccoon fc5a0e22b2 stupid push, forgot to remove test puts 2013-01-10 10:43:57 -05:00
smilingraccoon ed9d290a85 added status messages, made var blog_posts initalize as nil rather than empty string 2013-01-10 10:41:25 -05:00
smilingraccoon 5bafd6ddcc added status message 2013-01-10 09:43:37 -05:00
jvazquez-r7 5fe2f967da this rescue is done in the mixin 2013-01-09 21:28:06 +01:00
HD Moore 07f8eb6a07 Fix up a typo 2013-01-09 13:05:27 -06:00
HD Moore adb4c89602 Add a scanner module for CVE-2013-0156 2013-01-09 12:50:38 -06:00
smilingraccoon a0a4ef843b added error msgs to rescue 2013-01-09 11:22:36 -05:00
Thomas McCarthy f45739933e Update modules/auxiliary/scanner/http/wordpress_pingback_access.rb 
Changed name var in initialize
 2013-01-08 19:20:02 -05:00
luh2 8e80f5e82c Public key size determined properly 2013-01-08 16:39:27 +01:00
smilingraccoon 9f69dbbd30 update unless statements, targeturi, and resolve var 2013-01-07 13:17:49 -05:00
Tod Beardsley 36adf86184 Various and sundry fixes for normalize_uri 2013-01-07 12:02:08 -06:00
Tod Beardsley 6a9445966a Caught missing paren 2013-01-07 11:21:55 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes 
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
 2013-01-07 11:16:58 -06:00
smilingraccoon 0de23a7edb fixed description 2013-01-04 21:16:56 -05:00
smilingraccoon e35afdce5d added wordpress-pingback scanner 2013-01-04 20:59:33 -05:00
smilingraccoon 3936725958 added wordpress-pingback scanner 2013-01-04 20:44:40 -05:00
sinn3r 6f50410e5f Merge branch 'patch-1' of github.com:mubix/metasploit-framework into mubix-patch-1 2013-01-03 17:51:54 -06:00
James Lee 9e912a23ff Merge branch 'rapid7' into FireFart-msftidy_aux_1 2013-01-03 16:54:25 -06:00
Tonimir Kisasondi 39e81fb07f Update modules/auxiliary/scanner/http/wordpress_login_enum.rb 
Simple fix for msfconsole start error.
 2013-01-03 21:52:10 +01:00
Christian Mehlmauer e4a6669927 msftidy: remove $Revision$ 2013-01-03 01:05:45 +01:00
Christian Mehlmauer 4d8a2a0885 msftidy: remove $Revision$ 2013-01-03 01:01:18 +01:00
Christian Mehlmauer 95948b9d7c msftidy: remove $Revision$ 2013-01-03 00:58:09 +01:00
Christian Mehlmauer ca890369b1 msftidy: remove $Id$ 2013-01-03 00:54:48 +01:00
Rob Fuller 88d12da3db hilight positive results in WebDAV scanner 
As suggested by Lee Baird
 2013-01-02 13:27:25 -05:00