Commit Graph

6948 Commits (85acfabfcac6a9543574ccebe51ca3b3fee5e0e7)

Author SHA1 Message Date
Tyler Bennett 069a50e1b8 Revert "fixed ddns_creds import issue, by using rhost and commenting why it needs to be used"
Reverting to hopefully force a fix for issue #3968
2015-12-07 09:41:46 -05:00
Stuart Morgan ca023b6499 Simplified do_report() to comply with msftidy 2015-12-05 23:27:28 +00:00
Stuart Morgan 4f1f755c1d msftidy 2015-12-05 22:49:40 +00:00
Stuart Morgan 4469e9b5ef Finalised module 2015-12-05 22:45:08 +00:00
Stuart Morgan bd1bf4aa72 Initial test, fixed noteswq 2015-12-05 21:19:34 +00:00
Stuart Morgan 09c58e4097 Massive rework of the storage/notes/reporting 2015-12-05 21:18:29 +00:00
Tyler Bennett 385e5a9fe1 fixed more rubocop issues with the rex table for ddns 2015-12-04 15:28:01 -05:00
Tyler Bennett 4e0ab9b68f fixed ddns_creds import issue, by using rhost and commenting why it needs to be used 2015-12-04 15:10:02 -05:00
Tyler Bennett 6ce54f15ee added rex table for ddns func 2015-12-04 14:46:26 -05:00
Tyler Bennett 16e4d6a727 fixedd more rubocop errors, still needs work 2015-12-04 14:08:18 -05:00
Jon Hart 72f7efd042
Lots of style cleanup 2015-12-03 15:39:27 -08:00
Jon Hart 4b30a56f15
Add a few missing connects 2015-12-03 15:22:27 -08:00
Jon Hart 7346c528cd
Fix indentation 2015-12-03 15:21:06 -08:00
Jon Hart 6c31946995
Slightly simplify regex 2015-12-03 15:19:35 -08:00
Jon Hart 98096ab71c
Remove useless assignment 2015-12-03 15:16:54 -08:00
Jon Hart 504f6874f2
Convert to actions 2015-12-03 15:15:48 -08:00
Jon Hart 93cd3446db
Minor cleanup of some print_ lines 2015-12-03 15:01:27 -08:00
Jon Hart 753eddbbd6
Correct true/false for optional options, default values 2015-12-03 14:53:27 -08:00
Tyler Bennett 9d71ff6b9d cleaned up a few misc prints and added in logic if mailport is empty 2015-12-03 15:51:49 -05:00
Tyler Bennett 3d617efa88 added code to parse mailport from config 2015-12-03 15:36:08 -05:00
Tyler Bennett 0d89dde4a6 changed sock.get to sock.get_once and fixed booleans hopefully. Still cleaning things up but its getting closer 2015-12-03 12:51:48 -05:00
r3naissance db5c69226e
Add Usernames to Creds Database with owa_login.rb 2015-12-03 09:31:36 -07:00
Jon Hart fdbd3cfc11
Fix minor style problems, call check() from run_host 2015-12-02 15:46:35 -08:00
wchen-r7 93a4fd0ee4 Minor edits 2015-12-02 15:43:11 -06:00
Tyler Bennett a8887e6b77 firts iteration of moving each payload to its own function and setting optional vars, cleaning up rubocop warnings as well 2015-12-02 16:33:09 -05:00
Tyler Bennett ca496a376f set username as a requirement and added note about randomly assinged password for user if not set 2015-12-02 14:16:36 -05:00
Christian Mehlmauer 581ea89f7f
fix nil error 2015-12-02 11:19:08 +01:00
Christian Mehlmauer f06e4f3dbd
make this module work with other languages too 2015-12-02 11:14:10 +01:00
Christian Mehlmauer 1a4b91e33e
unzip backup file 2015-12-02 11:01:56 +01:00
Christian Mehlmauer 217374d1c0
add limesurvey file download 2015-12-02 00:06:13 +01:00
James Lee 98a0ddebda
Land #6298, Advantech shellshock module 2015-12-01 11:37:09 -06:00
HD Moore 16d0d53150 Update Shellshock modules, add Advantech coverage 2015-12-01 10:40:46 -06:00
Tyler Bennett 36f48dc945 cleaned up required opts, only left needed vars to run the rest are optional based on user preference 2015-12-01 11:02:14 -05:00
Tyler Bennett 5e9a0ab3ff removed version var in initialize method 2015-12-01 10:57:16 -05:00
Tyler Bennett cb60b41d5d added in fixes and missing typos, randomized the password for the user 2015-12-01 10:43:58 -05:00
Kyle Gray bd8177bf6c
Merge remote-tracking branch 'origin/pr/6284'
Land #6284, fix for false negatives found in #6281

@wvu found some false negatives while testing a server for #6281
2015-11-30 16:09:42 -06:00
Christian Mehlmauer 920d8c6ad7
Land #6278, wrong default option for RHOST 2015-11-26 06:49:25 +01:00
Louis Sato 90fb3e0118
Land #6277, jenkins domain cred recovery aux module 2015-11-25 22:58:43 -06:00
Jon Hart 8fd2522a59
Land #6257, @all3g's aux module for locating git repos over HTTP 2015-11-25 12:25:45 -08:00
Jon Hart a56571479f
Remove WmapScanServer mixin; not needed 2015-11-25 11:38:32 -08:00
William Vu 2da9bb8578 Follow redirects in apache_userdir_enum
Found false negatives while testing a server for #6281.
2015-11-25 13:27:06 -06:00
William Vu 8f459de064 Fix tomcat_enum for full_uri 2015-11-25 11:28:56 -06:00
William Vu 38a9efe4d6 Fix squiz_matrix_user_enum for full_uri 2015-11-25 11:28:53 -06:00
William Vu 7d17c5741b Fix nginx_source_disclosure for full_uri 2015-11-25 11:19:27 -06:00
William Vu 035882702a Fix barracuda_directory_traversal for full_uri 2015-11-25 11:18:17 -06:00
William Vu 7a5f6495d0 Fix axis_local_file_include for full_uri 2015-11-25 11:16:59 -06:00
William Vu 42d12a4d40 Fix apache_userdir_enum for full_uri 2015-11-25 11:16:22 -06:00
Waqas Ali c09d8031c6 Remove default empty string 2015-11-25 12:19:16 +05:00
Jon Hart eac4f02b66
Spelling and correct description 2015-11-24 17:57:56 -08:00
aushack 3ad7ef9814 Modify the printed URL to add https:// when SSL is used. 2015-11-25 12:46:56 +11:00
wchen-r7 b1abfe898d Update wordpress_xmlrpc_login
Replace the wordpress_xmlrpc_login code with
wordpress_xmlrpc_massive_bruteforce.rb, which should run a lot
faster.
2015-11-24 16:30:34 -06:00
Jon Hart ccdf814688
Use correct URIs in report_note 2015-11-24 09:52:07 -08:00
Jon Hart c66d56263a
Cleaner and more consistent print_ * 2015-11-24 09:43:05 -08:00
Jon Hart 1e90a8004d
Correct printing of URIs when provided TARGETURI doesn't end with / 2015-11-24 09:11:04 -08:00
Jon Hart afa4d9e74d
Add legit git UserAgent 2015-11-24 08:57:19 -08:00
Jon Hart d59c563ee3
Don't store index file 2015-11-24 08:51:43 -08:00
Jon Hart e29a229336
Minor style cleanup 2015-11-24 08:50:21 -08:00
Waqas Ali 2152c310fe Remove the default true option of RHOST 2015-11-24 14:54:54 +05:00
wchen-r7 74e1b8d5ac Fix res nil 2015-11-24 00:15:05 -06:00
wchen-r7 95ca288f9d Modify check 2015-11-23 20:33:14 -06:00
wchen-r7 09e6a54886 In case anonymous is not allowed for decryption 2015-11-23 20:26:41 -06:00
wchen-r7 20ba10d46c Spaces, how dare you 2015-11-23 16:45:02 -06:00
wchen-r7 faab28f1d6 Add Jenkins Domain Credential Discovery Auxiliary Module 2015-11-23 16:23:59 -06:00
Louis Sato 493e476a43
Land #6243, check nil for sock.read 2015-11-23 11:15:51 -06:00
Spencer McIntyre dc5e9a1d0a Support CSRF token in the Jenkins aux cmd module 2015-11-22 17:51:27 -05:00
nixawk 2dd8567741 remove GIT_HEAD / add description / git_config regex match / save index|config file(s) 2015-11-22 09:18:19 +00:00
aushack 1410d03386 Fixed msftidy capitalisation. 2015-11-22 14:32:51 +11:00
aushack fc46ce0ced Bring module title in line with other WP modules. 2015-11-22 13:39:45 +11:00
nixawk e0386d6830 add scan switches GIT_INDEX / GIT_HEAD / GIT_CONFIG 2015-11-21 03:06:37 +00:00
nixawk 1795e09a27 scan git disclosure (.git/index) 2015-11-19 09:16:32 +00:00
wchen-r7 0cda20c9e2 Fix everything pointed out by @jlee-r7 2015-11-18 12:02:28 -06:00
Tyler Bennett 5acd9b283e removed misc comments that arent needed 2015-11-18 11:54:32 -05:00
Tyler Bennett 3d95bd7851 fixed issue with msftidy and fixed rubocop issues that broke the module 2015-11-18 10:40:50 -05:00
HD Moore a9e8ab785e
Land #6220, adds ATG client module 2015-11-17 13:31:17 -06:00
HD Moore e107ec2d17 Change fail to fail_with, fix typo 2015-11-17 13:30:46 -06:00
Tyler Bennett e55ac99c12 fixed a bunch more rubocop errors 2015-11-17 14:30:33 -05:00
HD Moore 74f6ff7752 Rename to atg_client to match conventions 2015-11-17 12:59:37 -06:00
Tyler Bennett 6e4ccb46e5 knocked out a few more rubocop errors 2015-11-17 11:44:11 -05:00
Tyler Bennett 38c4e4ee6c added a few more rubocop fixes 2015-11-17 10:48:57 -05:00
Tyler Bennett f499b822cd added more rubocop fixes, still testing issue with RHOSTS 2015-11-17 10:30:50 -05:00
Tyler Bennett afd1e43226 added rubocop fixes 2015-11-17 09:41:12 -05:00
wchen-r7 17a1f2ee8a Fix #6242, Check nil for sock.read
Fix #6242
2015-11-16 14:24:46 -06:00
wchen-r7 f0da09090d
Land #6233, Konica Minolta FTP Utility 1.00 Directory Traversal 2015-11-16 13:55:29 -06:00
wchen-r7 740cacb4c0 Check nil 2015-11-16 13:54:36 -06:00
Tyler Bennett d677a8b871 Adding Dahua DVR auth bypass auxiliary scanner per CVE-2013-6117 2015-11-16 13:54:44 -05:00
jww519 fb14722ecb Update android_stock_browser_iframe_dos.rb
Update Packetstorm reference
2015-11-14 13:51:18 -05:00
jww519 f172e5298a Update android_stock_browser_iframe_dos.rb 2015-11-14 13:24:01 -05:00
Jon Hart c914c7b22c
Completely remove SET_TIME 2015-11-13 12:28:23 -08:00
Jon Hart ab3ae675ff
Hide TIME option since SET_TIME is not implemented 2015-11-13 12:26:42 -08:00
Jon Hart ad22eb8444
More cleanup 2015-11-13 12:24:28 -08:00
Jon Hart 045bab052e
Add configurable timeout 2015-11-13 12:18:40 -08:00
Jon Hart 6e9afc38ee
print_good when we get something 2015-11-13 12:12:37 -08:00
Jon Hart 196a88c39a
Style nit 2015-11-13 12:06:00 -08:00
William Vu 4401c6f1fd
Land #6178, rsync modules_list improvements 2015-11-13 10:46:24 -06:00
JT 44948a2ace Add konica_ftp_traversal.rb ( CVE-2015-7603 )
This module exploits a directory traversal vulnerability found in Konica Minolta FTP Utility 1.0. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as '..//
2015-11-13 07:51:42 +08:00
KINGSABRI ab71d94392 Make CHUNKSIZE user configurable. Thanks @jhart-r7 2015-11-12 23:02:48 +03:00
KINGSABRI 732563614b Change connecting method to send for better code naming 2015-11-12 20:26:17 +03:00
KINGSABRI 881b12f0ab Fix rebease conflic 2015-11-12 18:16:39 +03:00
KINGSABRI c2c89124b4 Remove it :@ 2015-11-12 08:58:07 +03:00
KINGSABRI ee312f86f6 Fix peer, naming, and add resp check to the code check 2015-11-12 08:50:46 +03:00
KINGSABRI 530a7bb613 Fix peer, naming, and add resp check to the code check 2015-11-12 08:42:00 +03:00
KINGSABRI 2abfa1f241 Fix exceptions and XML parsing 2015-11-12 05:30:07 +03:00
William Vu e8dacf32fd
Land #6182, Heartbleed scanner improvements 2015-11-11 16:59:20 -06:00
William Vu ce3f9e2fab Fix minor style issues 2015-11-11 16:58:20 -06:00
wchen-r7 99607e6e4d
Land #6205, BisonWare BisonFTP Server Directory Traversal
CVE-2015-7602
2015-11-11 11:47:45 -06:00
wchen-r7 40bdd2bd01 Do module cleanup for auxiliary/scanner/ftp/bison_ftp_traversal 2015-11-11 11:46:37 -06:00
wchen-r7 c79a66be02
Land #6204, directory traversal for PCMan FTP server
CVE-2015-7601
2015-11-11 11:07:34 -06:00
wchen-r7 e6e5bde492 Do module cleanup for auxiliary/scanner/ftp/pcman_ftp_traversal 2015-11-11 11:06:54 -06:00
wchen-r7 7ad42c2ba1
Land #6216, remove duplicate keys for LoginScanner modules 2015-11-11 10:12:12 -06:00
JT 75a0472db8 Update bison_ftp_traversal.rb
made some changes
2015-11-11 14:01:39 +08:00
JT 4716e2e16b Update pcman_ftp_traversal.rb
made some changes
2015-11-11 14:00:04 +08:00
Jon Hart 0cfa67f58f
Stub out more of the set time, but disable it 2015-11-10 22:00:02 -08:00
Jon Hart c98ab1dad4
update SET_TANK_NAME opt to mention necessary opts 2015-11-10 21:49:40 -08:00
Jon Hart de570a1550
Improve output when setting tank names 2015-11-10 21:41:05 -08:00
Jon Hart 0762b9fa9b
Fix option formatting 2015-11-10 21:24:58 -08:00
Jon Hart 637e570b28
Add TLS-250 reference 2015-11-10 21:21:55 -08:00
Jon Hart e67057a5c9
Add great TLS-350 resource 2015-11-10 21:19:37 -08:00
Jon Hart 8dd6003cc2
Add several untested but likely OK TLS-350 commands 2015-11-10 21:18:27 -08:00
Jon Hart d00eba23f9
Update references 2015-11-10 21:02:37 -08:00
KINGSABRI b37fb3f34d Add TARGETURI option 2015-11-11 06:25:20 +03:00
KINGSABRI cf0cb2df9e Add TARGETURI option 2015-11-11 06:24:52 +03:00
KINGSABRI 9894fe15bd Remove unused advanced options 2015-11-11 06:02:37 +03:00
KINGSABRI 136fa12ac9 Remove unused advanced options 2015-11-11 06:02:13 +03:00
KINGSABRI 67ad5452e7 Merge branch 'msfdev' 2015-11-11 02:14:14 +03:00
KINGSABRI 7b3cfa79f3 Remove ip2location module 2015-11-11 02:13:34 +03:00
KINGSABRI 57cf535ec6 Fix the comment 2015-11-11 02:06:49 +03:00
KINGSABRI 137c2e214e Fix the comment 2015-11-11 02:01:01 +03:00
William Vu 32faf7a8d4 Fix #6183, hard tabs fix 2015-11-10 16:48:03 -06:00
William Vu a9fe09497e Fix hard tabs
Mixing tabs and spaces? Seriously?
2015-11-10 16:47:29 -06:00
Jon Hart 143ac47484
Minor style cleanup 2015-11-10 14:47:12 -08:00
William Vu 8dc636507b
Land #6183, dns_srv_enum updates 2015-11-10 16:44:27 -06:00
William Vu e98570cbd1 Clean up module 2015-11-10 16:44:10 -06:00
Jon Hart dac7738f29
Clean up description; add more refs 2015-11-10 14:43:06 -08:00
Jon Hart 4f4e4c734a
Handle ATGs w/ > 10 tanks, more strict 2015-11-10 14:36:59 -08:00
Jon Hart 7c9b85551b
Support for setting ATG tank names 2015-11-10 14:24:11 -08:00
Jon Hart 9def67831c
Better printing 2015-11-10 13:20:45 -08:00
Jon Hart 97caf1d084
Add preliminary module for interacting with Veeder-Root ATGs 2015-11-10 13:15:08 -08:00
KINGSABRI 91867d344b Refactoring.. 2015-11-10 23:07:13 +03:00
KINGSABRI d19942eae3 Add wordpress masive bruteforce using XMLRPC (wordpress API) fix 2015-11-10 23:07:12 +03:00
KINGSABRI 745738f065 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-10 23:07:12 +03:00
KINGSABRI b571a79b69 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-10 23:07:12 +03:00
KINGSABRI d498dc46a1 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-10 23:07:12 +03:00
KINGSABRI fffbb4106f Refactoring.. 2015-11-10 22:33:37 +03:00
Jon Hart 8f86b2519f
Resolve 'duplicate key warning' for some modules 2015-11-09 18:40:32 -08:00
Jon Hart 15eb135295
Resolve merge conflicts 2015-11-09 18:15:40 -08:00
KINGSABRI 46e7c53950 Add wordpress masive bruteforce using XMLRPC (wordpress API) fix 2015-11-09 19:04:33 +03:00
KINGSABRI 2bf57a3cf3 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-09 18:23:15 +03:00
KINGSABRI 9586f416a1 Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-09 17:37:06 +03:00
KINGSABRI 9f4f478d2d Add wordpress masive bruteforce using XMLRPC (wordpress API) 2015-11-09 17:28:58 +03:00
JT e019aa12a0 Update pcman_ftp_traversal.rb 2015-11-08 13:40:23 +08:00
JT f60f2336e3 Update bison_ftp_traversal.rb 2015-11-08 13:39:32 +08:00
JT be85e85d40 Create bison_ftp_traversal.rb 2015-11-08 13:34:10 +08:00
JT bb78025dde Update pcman_ftp_traversal.rb 2015-11-08 13:27:45 +08:00
JT bf362be0a4 Update pcman_ftp_traversal.rb 2015-11-08 13:17:57 +08:00
JT bb9e820372 Create pcman_ftp_traversal.rb
Adding CVE-2015-7601
2015-11-08 13:08:23 +08:00
fraf0 970c5da9a6 Update dns_srv_enum.rb 2015-11-07 20:01:26 +01:00
fraf0 730f6b2326 Update dns_srv_enum.rb
Remove some comment following message on pull-request.
2015-11-07 15:23:32 +01:00
Jon Hart 43229c16e7
Correct some authors with unbalanced angle brackets 2015-11-06 13:24:58 -08:00
Jon Hart f408bca3f0
More correct exception handling 2015-11-06 12:25:27 -08:00
Jon Hart f84e9a88b0
Credit for original vuln discovery 2015-11-06 10:40:07 -08:00
Jon Hart 1473f2cfa7
More consistent printing 2015-11-06 10:03:06 -08:00
Jon Hart 7101ff2ecc
Better handling of motd printing 2015-11-06 09:52:12 -08:00
Jon Hart 55e224b7e7
Improve auth handling 2015-11-06 09:50:39 -08:00
Jon Hart fc97266588
Handle errors more carefully 2015-11-06 09:44:05 -08:00
Jon Hart d3ebb8ae93
Style cleanup of auth checking 2015-11-06 08:34:17 -08:00
dmohanty-r7 a71d7ae2ae
Land #6089, @jvazquez-r7 Fix HTTP mixins namespaces 2015-11-05 16:56:41 -06:00
Jon Hart e96596e8eb
Credit Nixawk/all3g for some of the module review/improvements/ideas
From:
  https://github.com/rapid7/metasploit-framework/pull/6191
  https://github.com/jhart-r7/metasploit-framework/pull/5
2015-11-05 09:22:30 -08:00
Jon Hart 0ae2e64bc5
Only mark rsync as req'ing auth true/false if we are sure, otherwise vprint and unknown 2015-11-05 09:20:02 -08:00
Jon Hart f1a79bd207
Make motd printing optional, off by default 2015-11-04 10:11:00 -08:00
Jon Hart 8f497faa09
Make read timeout configurable and shorter by default
This makes the time spent handling motd almost a non-issue
2015-11-04 10:01:38 -08:00
Jon Hart 3528bb2fa7
Remove optional motd handling; this is always necessary
without it, detecting authentication on systems w/ a motd does not work
2015-11-04 09:43:10 -08:00
Jon Hart 0d3232f93a
break if we get the rsync exit 2015-11-04 09:12:02 -08:00
Jon Hart ba5a8e4806
style 2015-11-04 09:11:07 -08:00
Jon Hart 2cab70294e
sprinkle in peer 2015-11-04 09:05:33 -08:00
Jon Hart 9bcdd19e0a
Correct table 2015-11-04 09:01:07 -08:00
Jon Hart 8f4f187c70
More usable format for module metadata in notes 2015-11-04 08:47:37 -08:00
Jon Hart b7ccee949e
Improve name and description; update authors 2015-11-04 08:42:29 -08:00
Jon Hart c0993c3797
Appease rubocop
You have 20 seconds to comply
2015-11-04 08:28:35 -08:00
Jon Hart c265a371d8
Make testing the rsync module for authentication optional,
but on by default
2015-11-04 08:25:38 -08:00
fraf0 3739a2fb72 Update dns_srv_enum.rb 2015-11-03 16:59:55 +01:00
fraf0 f1feccfd7c Update dns_srv_enum.rb 2015-11-03 16:53:26 +01:00
Tom Spencer 557dffd8d2 Fixed extra space at end of line 2015-11-02 21:50:39 -08:00
Tom Spencer 4d97e33bc5 Dramatic speed-up in bleeding, improved verbose output of leaked data. 2015-11-02 16:07:21 -08:00
Jon Hart dd91956c4a
ooops, puts 2015-11-02 15:07:26 -08:00
Jon Hart de959ed62b
Remove actions; check and run_* will suffice 2015-11-02 13:54:42 -08:00
Jon Hart 1c3e4d2cbf
Refactor to use Scanner; add check; add beginnings of actions 2015-11-02 13:39:09 -08:00
Jon Hart ced20ba51c
Refactor NTP symmetric packet creation; add vuln detection to NAK to the future 2015-11-02 12:46:58 -08:00
Jon Hart 17c4aa2348
Fill in description; style 2015-11-02 12:18:35 -08:00
Jon Hart 8fb0596888
Add more refs 2015-11-02 12:07:18 -08:00
Jon Hart 3c92b109d7
Don't wait for motd when testing for auth 2015-11-02 10:49:48 -08:00
Jon Hart 6c0034fba6
get_once for negotiation and trailing motd_lines
This feels hacky.
2015-11-02 09:32:54 -08:00
Jon Hart a120dd1ea9
Return nil when no motd lines 2015-11-02 09:18:10 -08:00
Jon Hart 962cf77873
Not all modules have comments 2015-11-02 09:14:41 -08:00
Jon Hart 4effd3aa81
Handle case where motd comes after negotiation 2015-11-02 09:12:57 -08:00
Jon Hart d18b6ff9cd
More doc, error handling 2015-10-30 13:13:44 -07:00
Jon Hart ff1d0709e0
vprint if the thing isn't rsync 2015-10-30 12:39:06 -07:00
William Vu f8a39ecc21
Land #6145, better RPC exception handling 2015-10-30 13:25:52 -05:00
Jon Hart eb99aaa216
Print out modules before building/reporting table 2015-10-30 09:49:07 -07:00
Jon Hart 86b48490f0
Merge branch 'master' into poc/rsunk 2015-10-30 09:42:41 -07:00
Louis Sato 57304a30a8
Land #6139, remove bad ref links 2015-10-29 16:00:43 -05:00