wchen-r7
93df45eff1
Land #6138 , Land joomla plugin com_realestatemanager Error Based SQLi
2015-10-28 13:36:14 -05:00
wchen-r7
09b79414ee
Report hash
2015-10-28 13:33:00 -05:00
wchen-r7
1805774b16
Resolve #6020 , Better RPC exception handling
...
Resolve #6020 . Avoid trying to rescue RuntimeError.
2015-10-28 11:16:44 -05:00
wchen-r7
e7d6493311
Replace links
2015-10-28 10:45:02 -05:00
Jon Hart
b5d0804442
Detect if an rsync module requires authentication
2015-10-27 18:15:18 -07:00
Jon Hart
4a3848cc4f
Handle rsync motd
2015-10-27 18:15:18 -07:00
Jon Hart
73a6b47606
Split out negotiation and listing
2015-10-27 18:15:18 -07:00
Jon Hart
6dd40ec063
Better reporting
2015-10-27 18:15:18 -07:00
Jon Hart
caf848ddf4
Store table better
2015-10-27 18:15:18 -07:00
Jon Hart
3e7f7f2eec
Remove unnecessary table options, as these are the default
2015-10-27 18:15:18 -07:00
Jon Hart
4f468dbcd7
Usability improvements for rsync modules_list
2015-10-27 18:15:18 -07:00
Jon Hart
6781dfa6ee
Style cleanup for rsync modules_list
2015-10-27 18:15:18 -07:00
Jon Hart
78ad9908d2
Doc
2015-10-27 18:10:18 -07:00
Jon Hart
f2b6d37630
Add WIP module for Cisco Talos' NTP 'NAK to the future'
2015-10-27 18:10:07 -07:00
wchen-r7
154fb585f4
Remove bad references (dead links)
...
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
William Vu
a65172bbcb
Land #6125 , Joomla SQLi creds gather module
2015-10-27 11:21:30 -05:00
William Vu
9041f95511
Perform final cleanup
2015-10-27 11:21:17 -05:00
nixawk
132cbf0cd7
joomla plugin com_realestatemanager Error Based SQL Ijnection
2015-10-27 15:18:17 +00:00
Brandon Perry
c7fe014854
remove global variables
2015-10-26 17:13:51 -05:00
Brandon Perry
8b4f2290ed
no more session ids in desc
2015-10-25 11:01:17 -05:00
nixawk
f738dd2acb
replace print_* with vprint_* / fix check method
2015-10-25 06:57:56 +00:00
nixawk
a6628110f6
rebuild joomla_contenthistory_sqli (cve-2015-7297)
2015-10-25 03:56:36 +00:00
Brandon Perry
949a4c797b
Update joomla_contenthistory_sqli.rb
2015-10-23 09:33:12 -05:00
Brandon Perry
07d549d783
Update joomla_contenthistory_sqli.rb
...
Remove sessions for now
2015-10-23 09:32:15 -05:00
William Vu
f00f90532a
Fix SSH_DEBUG for ssh_login{,_pubkey}
2015-10-22 15:14:45 -05:00
Brandon Perry
e4281dd1fb
Create joomla_contenthistory_sqli.rb
2015-10-22 15:05:02 -05:00
fraf0
4e50f3ebde
Update dns_srv_enum.rb
...
Patch for :
- Split record srvrcd one entry by line for readability.
- Add record for Default-First-Site-Name :
(according to https://technet.microsoft.com/en-us/library/cc759550%28v=ws.10%29.aspx )
'_gc._tcp.Default-First-Site-Name._sites.',
'_kerberos._tcp.Default-First-Site-Name._sites.',
'_kerberos.tcp.Default-First-Site-Name._sites.dc._msdcs.',
'_ldap._tcp.Default-First-Site-Name._sites.',
'_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.',
'_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.',
- Remove double entry '_kerberos.tcp.dc._msdcs.'
- Add fqdn query in logs.
- Add report_note to store and preserve the fqdn query.
Ps : I'm not very familiar with the code and patch rules for modules. Thank you to excuse my eventual errors.
2015-10-21 18:27:14 +02:00
William Vu
88159edf9f
Fix double raise in vnc_none_auth
...
Not necessary for what it's trying to accomplish, being a scanner.
2015-10-19 18:22:06 -05:00
jvazquez-r7
28ca34c40a
Fix conflicts
2015-10-16 15:38:59 -05:00
wchen-r7
896099b297
Land #6082 , Directory Traversal for Elasticsearch
2015-10-16 11:00:27 -05:00
wchen-r7
e59a4e36b7
Fix check
2015-10-16 10:59:04 -05:00
Roberto Soares
41e9f8a91b
Some code changes from Roberto
2015-10-16 10:47:19 -05:00
jvazquez-r7
67820f8b61
Fix Packetstorm references
2015-10-15 12:42:59 -05:00
jvazquez-r7
4517270627
Fix modules using Msf::HTTP::JBoss
2015-10-15 11:49:15 -05:00
jvazquez-r7
d4cf9a4eb9
Update moduels using Msf::HTTP::Typo3
2015-10-15 11:48:27 -05:00
jvazquez-r7
cf9ddbb701
Update moduels using Msf::HTTP::Wordpress
2015-10-15 11:47:13 -05:00
jvazquez-r7
db5d83a40a
Move namespaces
2015-10-15 09:17:06 -05:00
William Vu
2a2d8d941d
Land #6054 , HTTP Host header injection module
2015-10-13 23:37:31 -05:00
jaguasch
d933962ff9
Last fix, including espreto minor changes
2015-10-13 18:41:51 +01:00
William Vu
c642057fa0
Clean up module
2015-10-13 12:03:41 -05:00
jaguasch
772f9d8742
Changes based on espreto recommendations
2015-10-13 16:06:26 +01:00
jaguasch
7790f14af2
Auxiliary module to exploit CVE-2015-5531 (Directory traversal) in Elasticsearch before 1.6.1
2015-10-13 13:05:58 +01:00
Tod Beardsley
185e947ce5
Spell 'D-Link' correctly
2015-10-12 17:12:01 -05:00
jvazquez-r7
ed0b9b0721
Land #6072 , @hmoore-r7's lands Fix #6050 and moves RMI/JMX mixin namespace
2015-10-10 00:24:12 -05:00
HD Moore
cd2e9d4232
Move Msf::Java to the normal Msf::Exploit::Remote namespace
2015-10-09 13:24:34 -07:00
William Vu
b95d5790f6
Improve output
2015-10-09 11:13:50 -05:00
William Vu
6d2a89e9a6
Be more descriptive about EOFError
...
There are other modules that could be updated, surely.
2015-10-09 11:05:17 -05:00
jvazquez-r7
5fab1cc71a
Add loop timeout
2015-10-09 11:05:05 -05:00
wchen-r7
3a0f7ce699
Land #6044 , ManageEngine ServiceDesk Plus Arbitrary File Download
2015-10-07 15:24:14 -05:00
wchen-r7
f0b6d3c68e
Change error message to avoid an undef method bug
2015-10-07 15:23:29 -05:00
wchen-r7
a2c9e2549d
Land #6014 , support TCP advanced options for loginscanner mods
2015-10-07 14:26:25 -05:00
William Vu
ddea0ea708
Fix #5797 , extraneous nil fix
2015-10-07 01:11:51 -05:00
William Vu
0182f394b4
Remove extraneous nil
...
Didn't need it, forgot to remove it.
2015-10-07 01:10:33 -05:00
JT
205b175a95
Update host_header_injection.rb
2015-10-07 13:20:06 +08:00
JT
6b3da7f7d8
Update host_header_injection.rb
...
made some changes as suggested by @espreto
2015-10-07 13:01:49 +08:00
JT
a1e0e0cdd9
Add HTTP Host-Header Injection Detection
2015-10-07 11:19:00 +08:00
wchen-r7
5fac0a6ae5
Land #5995 , advanced options on Metasploit::Framework::LoginScanner::SMB
2015-10-06 16:36:18 -05:00
William Vu
3f2d5d7f06
Add newline back in
2015-10-05 11:42:58 -05:00
xistence
41b07eeef6
Small changes to servicedesk_plus_traversal
2015-10-05 08:56:00 +07:00
Roberto Soares
ed8f5456a4
Fix bugs in drupal_views_user_enum.
2015-10-04 05:53:54 -03:00
xistence
e6a57d5317
Add ManageEngine ServiceDesk Plus Path Traversal module
2015-10-03 15:54:44 +07:00
Brent Cook
dea0142da1
catch network exceptions
2015-10-02 18:26:37 -05:00
William Vu
55895c6305
Fix nil bug in mssql_idf
2015-10-02 18:20:06 -05:00
jvazquez-r7
1f26ec1252
Land #6018 , @pedrib's module for Kaseya VSA ZDI-15-448
2015-10-02 08:58:43 -05:00
Pedro Ribeiro
d334dc237f
Update kaseya_master_admin.rb
2015-10-02 13:21:28 +01:00
jvazquez-r7
1b21cd9481
Do code cleanup
2015-10-01 13:37:18 -05:00
William Vu
2ab779ad3d
Land #6010 , capture_sendto fixes
2015-10-01 10:54:24 -05:00
William Vu
2e2d27d53a
Land #5935 , final creds refactor
2015-10-01 00:25:14 -05:00
William Vu
494b9cf75f
Clean up module
...
Prefer TARGETURI and full_uri.
2015-09-30 22:37:03 -05:00
Jake Yamaki
2e5999a119
Missed colon for output standardization
2015-09-30 16:41:46 -04:00
Jake Yamaki
3d41b4046c
Standardize output and include full uri
2015-09-30 16:33:15 -04:00
Jake Yamaki
1bfa087518
Add IP to testing results
...
When specifying multiple hosts the resulting output is useless because you don't know which bypass goes to what IP address
2015-09-30 15:22:24 -04:00
Pedro Ribeiro
8af5a8e310
Create exploit for Kaseya privilege escalation
2015-09-29 11:51:21 +01:00
jvazquez-r7
269641a0ff
Update vmauthd_login to have into account advanced TCP options
2015-09-28 14:38:35 -05:00
jvazquez-r7
2f46335c90
Update brocade_enbale_login to have into account advanced TCP options
2015-09-28 14:36:23 -05:00
jvazquez-r7
adb76a9223
Update telnet_login to have into account advanced TCP options
2015-09-28 14:35:58 -05:00
jvazquez-r7
0eed30ce05
Update pop3_login to have into account advanced TCP options
2015-09-28 14:29:50 -05:00
jvazquez-r7
d02193aaeb
Update mysql_login to have into account advanced TCP options
2015-09-28 14:28:32 -05:00
jvazquez-r7
0abb387c1a
Update mssql_login to have into account advanced TCP options
2015-09-28 14:22:19 -05:00
jvazquez-r7
df3e4e8afd
Update ftp_login to have into account advanced TCP options
2015-09-28 14:18:05 -05:00
jvazquez-r7
a99e44b43a
Update vnc_login to have into account advanced TCP options
2015-09-28 14:13:08 -05:00
jvazquez-r7
4d8f0a6ec4
Update db2_auth to have into account advanced Tcp options
2015-09-28 14:10:55 -05:00
jvazquez-r7
07b44fccb9
Update AFP login scanner to have into account advanced options
2015-09-28 14:03:55 -05:00
jvazquez-r7
1e4e5c5bae
Update ACPP login scanner to have into account advanced options
2015-09-28 13:50:20 -05:00
Jon Hart
989fe49750
Fix #6008 for synflood
2015-09-27 14:50:59 -07:00
Jon Hart
7ad7db7442
Fix #6008 for rogue_send. Correctly.
2015-09-27 14:48:58 -07:00
Jon Hart
7b026676f1
Fix #6008 for avahi_portzero
2015-09-27 14:47:05 -07:00
Jon Hart
20ddb65ff8
Fix #6008 for bnat_scan
2015-09-27 14:18:51 -07:00
Jon Hart
06a10e136a
Fix #6008 for rogue_send
2015-09-27 14:12:23 -07:00
Jon Hart
d3a41323b8
Fix #6008 for ipidseq.rb
2015-09-27 14:05:05 -07:00
Jon Hart
5b1ee8c8ca
Fix #6008 for syn.rb
2015-09-27 13:54:11 -07:00
Jon Hart
3888b793bd
Fix #6008 for ack.rb
2015-09-27 13:53:47 -07:00
Jon Hart
766829c939
Fix #6008 for xmas.rb
2015-09-27 13:46:00 -07:00
jvazquez-r7
c85913fd12
Land #5983 , @jhart-r7's SOAP PortMapping UPnP auxiliary module
2015-09-26 15:47:04 -05:00
jvazquez-r7
f6f3efea75
print the body as verbose
2015-09-25 13:51:18 -05:00
jvazquez-r7
80c9cd4e6f
Restore required option
2015-09-25 13:41:27 -05:00
jvazquez-r7
e4e9609bc2
Use single quotes
2015-09-25 13:35:38 -05:00
jvazquez-r7
a5698ebce0
Fix metadata
2015-09-25 13:34:16 -05:00
William Vu
44fa188e71
Land #5984 , android_mercury_parseuri module
2015-09-23 02:44:53 -05:00
jvazquez-r7
2b7ffdc312
Use datastore advanced options used by smb_login
2015-09-21 17:48:05 -05:00
wchen-r7
060acbc496
newline
2015-09-17 11:39:39 -05:00
wchen-r7
08b5b8ebb2
Add ADDITIONAL_FILES option
2015-09-17 11:30:58 -05:00
joevennix
0d94b8a48f
Make andorid_mercury_parseuri better
2015-09-17 09:59:31 -05:00
Jon Hart
0113cbd353
Nokogiri::XML::Builder instead
2015-09-16 19:53:33 -07:00
jvazquez-r7
adab9f9548
Do final cleanup
2015-09-16 20:59:32 -05:00
jvazquez-r7
4d0d806e1d
Do minor cleanup
2015-09-16 19:30:40 -05:00
jvazquez-r7
46168e816b
Merge for retab
2015-09-16 17:13:08 -05:00
jvazquez-r7
688a5c9123
Land #5972 , @xistence's portmapper amplification scanner
2015-09-16 14:58:19 -05:00
jvazquez-r7
8ae884c1fc
Do code cleanup
2015-09-16 14:46:27 -05:00
wchen-r7
b4aab70d18
Fix another typo
2015-09-16 11:34:22 -05:00
wchen-r7
bef658f699
typo
2015-09-16 11:32:09 -05:00
wchen-r7
63bb0cd0ec
Add Android Mercury Browser Intent URI Scheme & Traversal
2015-09-16 00:48:57 -05:00
xistence
0657fdbaa7
Replaced RPORT
2015-09-13 09:19:05 +07:00
xistence
521636a016
Small changes
2015-09-13 08:31:19 +07:00
xistence
79e3a7f84b
Portmap amplification scanner
2015-09-12 16:25:06 +07:00
HD Moore
cddf72cd57
Show errors when no results are found
2015-09-10 14:05:40 -07:00
HD Moore
421fb4dcb8
Rework of the jenkins_command module
2015-09-04 16:56:44 -07:00
wchen-r7
5646f2e0c4
successful status should include last_attempted_at
2015-09-04 13:45:44 -05:00
wchen-r7
cf6d5fac2a
Use the latest cred API, no more report_auth_info
2015-09-04 13:43:15 -05:00
HD Moore
04d622b69b
Cleanup Jenkins-CI module titles and option descriptions
2015-09-04 10:25:51 -07:00
wchen-r7
d55757350d
Use the latest credential API, no more report_auth_info
2015-09-04 03:04:14 -05:00
Alton Johnson
5d59e8190e
Added OS detection.
2015-09-03 13:12:07 -05:00
HD Moore
6e4ae1238b
Land #5791 , show the VHOST in module output
2015-09-03 11:36:19 -05:00
HD Moore
b8eee4a9e4
Show the IP address if it doesn't match the VHOST
2015-09-03 11:35:38 -05:00
HD Moore
1b021464fe
Land #5919 , remove deprecated VMware modules & update resource script.
2015-09-03 10:23:48 -05:00
altjx
4b8dc143ec
Fixed output
2015-09-02 23:50:03 -04:00
altjx
255c8b63b3
Modified output
2015-09-02 23:33:06 -04:00
Alton Johnson
40176b9e3f
Updated.
2015-09-02 19:36:18 -05:00
Alton Johnson
f78f6d0a0c
Updated.
2015-09-02 19:03:07 -05:00
HD Moore
9f9bbce034
Land #5840 , add LLMNR & mDNS modules
2015-09-02 18:30:29 -05:00
HD Moore
0120e5c443
Cosmetic tweaks, don't report duplicate responses
2015-09-02 18:30:03 -05:00
Alton Johnson
59aa3975be
Updated.
2015-09-02 18:27:44 -05:00
Jon Hart
42a2a86f32
Back out all changes to ms11_030_dnsapi
2015-09-02 13:53:10 -07:00
Jon Hart
6d1ab101ed
Back out all changes to llmnr_response
2015-09-02 13:52:38 -07:00
altjx
284edbe4b0
Update jenkins_command.rb
2015-09-02 16:47:23 -04:00
altjx
bde4f40c53
Update jenkins_command.rb
2015-09-02 16:39:49 -04:00
altjx
becc599aca
Created Jenkins RCE module
...
This module simply automates the same procedures documented by Royce Davis at https://www.pentestgeek.com/penetration-testing/hacking-jenkins-servers-with-no-password/ .
2015-09-02 16:12:05 -04:00
HD Moore
126fc9881e
Cleanup and tweaks
2015-09-02 12:48:53 -05:00
Jon Hart
3d04d53e3a
first pass at better output and report_service
2015-09-02 10:31:46 -07:00
JT
b89b6b653a
Update trace.rb
2015-09-03 01:26:45 +08:00
JT
73bf812dfd
Update trace.rb
...
removed the cookie
2015-09-03 00:35:23 +08:00
JT
5ecee6aaba
Update trace.rb
...
removed some spaces so that msftidy will be happy
2015-09-03 00:27:22 +08:00
JT
34e0819a6e
Modified the HTTP Trace Detection to XST Checker
...
This was suggested by HD Moore in https://github.com/rapid7/metasploit-framework/pull/5612
2015-09-03 00:19:08 +08:00
Waqas Ali
8e993d7793
Remove deprecated vmware modules
2015-09-02 13:00:15 +05:00
wchen-r7
0c4b020089
Land #5913 , Add WP NextGEN Gallery Directory Traversal Vuln
2015-09-02 00:01:35 -05:00
HD Moore
381297ba93
Fix the regex flags
2015-09-01 23:07:48 -05:00
Roberto Soares
626704079d
Changed output store_loot
2015-09-02 00:18:10 -03:00
Roberto Soares
96600a96ab
Changed html parse by @wchen-r7
2015-09-01 22:03:21 -03:00
Alexander Salmin
3c72467b7d
Fixes bug where "cert.rb:47: warning: flags ignored" happens due to some issuer patterns.
2015-09-02 01:02:46 +02:00
Brent Cook
9dd14eb747
Merge branch 'upstream-master' into land-5899-android
2015-09-01 17:11:58 -05:00
Roberto Soares
35661d0182
Add WP NextGEN Gallery Directory Traversal Vuln
2015-09-01 13:28:04 -03:00
Jon Hart
9a2696aed4
Add Reference
2015-08-31 12:03:17 -07:00
Jon Hart
c14cae1425
Make INTERNAL_PORT optional, allowing DELETE to work
2015-08-31 11:30:18 -07:00
Jon Hart
44813370d5
Better name, description and author
2015-08-31 10:42:50 -07:00
Jon Hart
8665134691
Add add/delete action. update logging. rename module again
2015-08-31 10:22:36 -07:00
Jon Hart
436910b25f
Clean up map description
2015-08-28 15:49:29 -07:00
Jon Hart
e6e05814d0
Use an OptAddress instead, revert back to client name
2015-08-28 15:43:04 -07:00
Jon Hart
66616eeb95
Remove unused
2015-08-28 15:38:23 -07:00
Jon Hart
35555f5f24
Make most everything configurable and provide useful output
2015-08-28 15:36:49 -07:00
Jon Hart
13dd8222ec
Expose lease duration as an option
2015-08-28 15:22:19 -07:00
Jon Hart
d57041136f
Use random port mapping description
2015-08-28 15:09:58 -07:00
Jon Hart
840be71683
Add support for specifying protocol
...
UDP is fun too. Are there others?
2015-08-28 14:53:41 -07:00
Jon Hart
45fde928fc
More minor style cleanup
2015-08-28 14:49:57 -07:00
Jon Hart
ba95a7d2ac
Convert to using HttpClient
2015-08-28 14:47:13 -07:00
Jon Hart
a0aaf93f27
Relocate module to more correct location
2015-08-28 14:20:33 -07:00
Jon Hart
45c2422981
First pass at style cleanup
2015-08-28 14:19:28 -07:00
Jon Hart
cba3650488
report_service for mdns/llmnr query
2015-08-28 14:04:52 -07:00
wchen-r7
0c7d2af6bc
Land #5750 , Add WP All In One Migration Export Module
2015-08-28 14:12:14 -05:00
wchen-r7
837b6a4f71
Update description
2015-08-28 14:11:51 -05:00
wchen-r7
d2e758ac8b
Better failure handling
2015-08-28 14:08:29 -05:00
wchen-r7
3d4cb06c67
Land #5807 , Added Module WP Mobile Pack Vuln
2015-08-28 13:43:00 -05:00
wchen-r7
9e7f6d6500
Typos
2015-08-28 13:42:37 -05:00
wchen-r7
29e92aaabe
Land #5806 , WordPress Subscribe Comments File Read Vuln
2015-08-28 11:52:59 -05:00
wchen-r7
62e6b23b4c
Typo
2015-08-28 11:52:13 -05:00
wchen-r7
e82bd10817
Add aux module to be able to open android meterpreter from a browser
2015-08-27 14:36:55 -05:00
jvazquez-r7
8785083722
Ensure disconnect
2015-08-24 12:36:15 -05:00
HD Moore
1e6c53b430
Correct the storage of ssh banners in service.info
2015-08-22 01:21:15 -05:00
jvazquez-r7
1558fabdb2
Land #5844 , @joevennix updates apple_safari_webarchive_uxss to use the webarchive mixin
2015-08-21 17:27:56 -05:00
jvazquez-r7
182c1bc7fe
Disconnect socket when login fails
2015-08-17 18:20:04 -05:00
Brent Cook
b17d8f8d49
Land #5768 , update modules to use metasploit-credential
2015-08-17 17:08:58 -05:00
jvazquez-r7
a560496455
Do minor ruby style fixes
2015-08-14 14:50:03 -05:00
jvazquez-r7
82193f11e7
Minor js fixes
2015-08-14 14:45:48 -05:00
Tod Beardsley
e4cb6872f2
Add exploit for CVE-2015-4495, Firefox PDF.js
2015-08-14 12:07:15 -05:00
joev
0615d908c4
Update description to explain quarantine effects.
2015-08-13 23:46:37 -05:00
joev
84144bf6cf
Update webarchive_uxss to use the webarchive mixin.
...
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
2015-08-13 23:41:27 -05:00
Jon Hart
61e23ad23e
Switch back to ::Net::DNS::Packet.new
2015-08-13 11:29:56 -07:00
Jon Hart
9f2c62d4ce
Use query_name instead of datastore
2015-08-13 11:17:27 -07:00
Tod Beardsley
50041fad2a
Pre-Bloggery cleanup
...
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.
Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823 , mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
Jon Hart
3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts
2015-08-13 08:53:25 -07:00
jvazquez-r7
a611fff7bf
Use Rex::ThreadSafe.select on CVE-2015-1793
2015-08-08 07:43:39 -07:00
jvazquez-r7
c8ba5bb90c
Land #5513 , @rcvalle's exploit for incomplete internal state distinction in JSSE
2015-08-08 07:41:53 -07:00
jvazquez-r7
2707b3b402
Use Rex::ThreadSafe.select
2015-08-08 07:40:19 -07:00
jvazquez-r7
a0eef3880a
Initialize version local variable
2015-08-08 07:35:37 -07:00
jvazquez-r7
bb74b6fecb
Fix data reading
2015-08-08 07:18:01 -07:00
jvazquez-r7
6fe7672732
Improve Rex sockets usage
2015-08-07 00:11:58 -07:00
Josh Abraham
e96717950c
refactored
2015-08-06 08:18:26 -04:00
jvazquez-r7
67f661823a
Land #5614 , @cldrn's module to collect lansweeper credentials
2015-08-04 16:55:49 -05:00
jvazquez-r7
ed3f993b75
Do some style fixes
2015-08-04 16:41:15 -05:00
jvazquez-r7
0e3434ebad
Fix metadata
2015-08-04 16:28:50 -05:00
Roberto Soares
7bb4f9479f
Added new reference and removed empty line.
2015-08-04 03:58:57 -03:00
Roberto Soares
d9b6e9cc58
Changed res condition and some words.
2015-08-04 03:44:25 -03:00
Roberto Soares
19ceccd93a
Added JSON parse output.
2015-08-04 03:13:11 -03:00
Roberto Soares
f4679f5341
Added WP Mobile Pack Info Disclosure Vuln - Functional Module.
2015-08-04 02:21:26 -03:00
Roberto Soares
d221e9d961
Added more references.
2015-08-03 02:46:54 -03:00
Roberto Soares
e59e4828e4
Removed unnecessary DEPTH option.
2015-08-02 22:56:17 -03:00
Roberto Soares
514849bcdc
Added WP Subscribe Comments File Read Vuln - Functional.
2015-08-02 21:24:52 -03:00
Tod Beardsley
cebcf72a99
Add discoverer credit, blog ref, longer desc
2015-08-01 10:31:41 -05:00
William Vu
fcb7981199
Add BIND TKEY DoS
2015-08-01 06:01:35 -05:00
Roberto Soares
fdb2b008f9
Fix a small typo - OSVDB instead of OSVBD.
2015-07-31 02:23:19 -03:00
Greg Mikeska
3c394d673d
altered module to default
...
to replace RHOST with VHOST if it is defined.
MSP-11167
2015-07-30 16:25:15 -05:00
wchen-r7
54c5c6ea38
Another update
2015-07-29 14:31:35 -05:00
William Vu
61b2ca6675
Land #5781 , Msf::Format::Webarchive rename
2015-07-29 13:38:42 -05:00
William Vu
c46ce6c391
Land #5780 , password_prompt fix for Telnet scanner
2015-07-28 17:54:43 -05:00
Josh Abraham
0f4b2e4226
description update
2015-07-28 15:31:51 -04:00
Josh Abraham
27e5557b67
set port using rport instead of only 445
2015-07-28 15:29:23 -04:00
Josh Abraham
fafbc4db3f
GPP enumeration via an AUX module
2015-07-28 15:21:33 -04:00
kn0
2415072c17
Replaced 'and' with '&&'
2015-07-28 14:14:25 -05:00
kn0
ee5e5b1e71
Fixed NoMethodError for .match on nil
2015-07-28 09:03:54 -05:00
HD Moore
7681d73e01
Relocate Webarchive into the Exploit namespace, fixes #5717
2015-07-28 04:11:17 -07:00
Brent Cook
e53419a911
use password_prompt? not @password_prompt
2015-07-27 19:21:59 -05:00
Fabien
3fd18e4844
Update soap_addportmapping.rb
2015-07-26 21:57:49 +02:00
Fabien
1210183930
Update soap_addportmapping.rb
2015-07-26 21:41:47 +02:00
Fabien
8dbd51ae38
Update soap_addportmapping.rb
2015-07-26 20:59:43 +02:00
Fabien
fba81fc539
Create soap_addportmapping.rb
2015-07-26 20:59:04 +02:00
jvazquez-r7
18636e3b9b
Land #5739 , @wchen-r7 fixes #5738 updating L/URI HOST/PORT options
2015-07-24 15:45:31 -05:00
jvazquez-r7
ec7bf606c6
Land #5735 , @rcvalle's for CVE-2015-1793 OpenSSL mitm
2015-07-24 14:38:27 -05:00
jvazquez-r7
45b4334006
Use Rex::Socket::SslTcpServer
...
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
wchen-r7
866a99ed07
This is better
2015-07-23 20:51:21 -05:00
wchen-r7
f5387ab3f2
Fix #5766 , check res for send_request_raw
...
Fix #5766
2015-07-23 20:49:18 -05:00
wchen-r7
8bead5fde2
Modate update on using metasploit-credential
...
Update some more modules to usethe new cred API.
Also, make sure to always provide proof because that seems handy.
2015-07-23 18:07:19 -05:00
Tod Beardsley
e32b3c71f4
Fix ZDI ref on sandbox escape module
2015-07-23 17:11:19 -05:00
wchen-r7
91fc213ddf
More metasploit-credential update
2015-07-23 15:50:50 -05:00
Christian Sanders
50074c4617
Fix typo .blank to .blank?
2015-07-22 09:05:16 -05:00
wchen-r7
4561850055
Use metasploit-credential API instead of report_auth_info
2015-07-22 01:11:43 -05:00
rastating
d3f31fb56a
Fix msftidy results
2015-07-21 21:29:44 +01:00
rastating
55be2eff06
Replace return with fail_with
2015-07-21 21:25:42 +01:00
wchen-r7
6a9c934c54
Resolve conflict
2015-07-20 18:44:17 -05:00
wchen-r7
1e17ac4ec7
Use the cred API correctly
2015-07-20 18:40:48 -05:00
Tod Beardsley
f94fe3cefd
More correct URL, not just a bare wiki link
...
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
2015-07-20 16:23:29 -05:00
Tod Beardsley
4cacbcc4f7
Minor fixups on sysaid modules
...
Edited modules/auxiliary/admin/http/sysaid_file_download.rb first landed
in #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
Edited modules/auxiliary/admin/http/sysaid_sql_creds.rb first landed in
2015-07-20 16:19:21 -05:00
rastating
c63fdad1f1
Add URL reference
2015-07-20 18:15:17 +01:00
rastating
f1a909c292
Add WP All In One Migration export module
2015-07-20 18:13:32 +01:00
jvazquez-r7
454dd59da8
Add vuln discoverers
2015-07-17 13:37:30 -05:00
jvazquez-r7
29718ce4e1
Land #5474 , @pedrib's module for sysaid CVE-2015-2996 and CVE-2015-2998
...
* sysaid SQL database cred disclosure
2015-07-17 12:36:48 -05:00
jvazquez-r7
a54b58fc24
Fix port parsing and cleanup
2015-07-17 12:34:46 -05:00
jvazquez-r7
869ac87b64
Land #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
...
* SysAid arbitrary file download
2015-07-17 11:46:00 -05:00
jvazquez-r7
9ac1688eb1
Do code cleanup
2015-07-17 11:45:28 -05:00
jvazquez-r7
787c0e2c41
Land #5470 , @pedrib's module for SysAid CVE-2015-2993
...
* SysAid Help Desk Administrator Account Creation
2015-07-17 11:09:08 -05:00
jvazquez-r7
ca38fc5518
Update description
2015-07-17 11:08:28 -05:00
Ramon de C Valle
449c751521
Add missing info
2015-07-16 09:36:18 -07:00
wchen-r7
8d0e34dbc0
Resolve #5738 , make the LHOST option visible
...
Resolve #5738
2015-07-16 11:00:15 -05:00
Ramon de C Valle
5d6c15a43d
Add openssl_altchainsforgery_mitm_proxy.rb
...
This module exploits a logic error in OpenSSL by impersonating the
server and sending a specially-crafted chain of certificates, resulting
in certain checks on untrusted certificates to be bypassed on the
client, allowing it to use a valid leaf certificate as a CA certificate
to sign a fake certificate. The SSL/TLS session is then proxied to the
server allowing the session to continue normally and application data
transmitted between the peers to be saved. This module requires an
active man-in-the-middle attack.
2015-07-15 22:36:29 -07:00
jvazquez-r7
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
wchen-r7
4f8f640189
Rename autopwnv2 to just autopwn2
2015-07-14 17:38:51 -05:00
wchen-r7
8384be6466
Fix rand_text_alpha and bump max exploit count to 21
2015-07-14 01:02:01 -05:00
Brent Cook
07d05828d0
Land #5688 , remove msfcli
2015-07-13 15:27:38 -05:00
William Vu
0a5119a4ac
Land #5702 , vprint_* optional parameter
2015-07-13 18:47:22 +00:00
William Vu
53bcee011b
Land #5709 , s/Filed/Failed/ typo fixes
2015-07-13 18:37:46 +00:00
wchen-r7
e4e9ac9d28
Remove cold_fusion_version, use coldfusion_version instead
...
Please use auxiliary/scanner/http/coldfusion_version instead.
2015-07-13 12:56:46 -05:00
wchen-r7
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
Mo Sadek
6a5645d747
Changed "Filed" to "Failed" in multiple files
2015-07-13 11:21:20 -05:00
Mo Sadek
d1f23c54c7
Changed Filed to Failed on line 43 in java_rmi_registry.rb
2015-07-13 10:33:15 -05:00
wchen-r7
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
g0tmi1k
d795b2f831
Module cleanup
2015-07-11 19:40:21 +01:00
HD Moore
728b338593
Give msftidy a cookie
2015-07-10 11:28:10 -05:00
HD Moore
cf4b18700d
Fix CVE reference
2015-07-10 11:14:59 -05:00
wchen-r7
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
HD Moore
67666160e8
Add patched server detection
2015-07-08 13:47:59 -05:00
HD Moore
25e0f888dd
Initial commit of R7-2015-08 coverage
2015-07-08 13:42:11 -05:00
cldrn
d3902771b6
Fixes call to the credentials API and adds version info
2015-07-07 13:48:16 -05:00
wchen-r7
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
wchen-r7
9a1500ee96
Change module name a little bit, makes it easier to find in GUI
2015-07-06 22:31:07 -05:00
wchen-r7
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
Donny Maasland
a9edfa1b4b
Fix a small typo
2015-07-06 13:37:36 +02:00
HD Moore
d2063c92e1
Refactor datastore names to match standards
2015-07-05 18:21:45 -05:00
joev
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
HD Moore
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
Josh Abraham
99c29052c7
Merge branch 'smb_enumuser_domain_storage' of github.com:jabra-/metasploit-framework into smb_enumuser_domain_storage
2015-07-02 08:24:04 -04:00
Josh Abraham
dfa71a2b44
update to store creds using the new method
2015-07-02 08:22:21 -04:00
HD Moore
afa442ad89
Fix a stack trace with ipmi_dumphashes when no database was configured.
2015-06-29 00:46:35 -05:00
cldrn
355738909a
Fixes typo
2015-06-28 09:32:16 -05:00
cldrn
5c18fc82f2
Stores credentials using create_credential_login
2015-06-28 09:24:31 -05:00
cldrn
b332b25795
Stores credentials in DB, fixes loop variable and nil dereference bug
2015-06-27 19:06:15 -05:00
jvazquez-r7
52b49503a0
Land #5498 , @hmoore-r7's patch for a number of Net::DNS/enum_dns issues
2015-06-26 18:25:03 -05:00
William Vu
c04490e5eb
Remove comma before coordinating conjunction
...
An independent clause does not follow.
2015-06-26 12:50:37 -05:00
cldrn
2968f52ca4
Removes debug sql output
2015-06-26 12:22:34 -05:00
cldrn
a338920cb3
lansweeper_collector retrieves and decrypts credentials store in the database of Lansweeper
2015-06-26 12:21:35 -05:00
Tod Beardsley
31eedbcfa0
Minor cleanups on recent modules
...
Edited modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb
first landed in #5577 , MS15-034 HTTP.SYS Information Disclosure
Edited modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb
first landed in #5605 , CVE-2015-3105 flash exploit
Edited modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb
first landed in #5559 , Adobe Flash Player ShaderJob Buffer Overflow
Edited modules/auxiliary/test/report_auth_info.rb first landed in #5540 ,
@wchen-r7's changes for multiple auxiliary modules to use the new cred
API
2015-06-26 12:18:33 -05:00
Trevor Rosen
84c0e62fd3
Land #5493 , update OWA scanner creds persistence
2015-06-26 08:46:27 -05:00
cldrn
7f4a96f3dc
Fixes coding style issues
2015-06-26 03:29:17 -05:00
cldrn
3da3595181
MSF module to download and decrypt credentials stored in Lansweeper's database
2015-06-25 19:29:30 -05:00
root
63f584cbfd
Add last_attempted_at
2015-06-25 12:08:38 +05:00
William Vu
827d241482
Land #5539 , Quake scanner fix
2015-06-24 15:00:39 -05:00
joev
8b6fba4988
Tweak and fix some things in Safari file URL module.
2015-06-24 02:08:06 -05:00
Tod Beardsley
18a9585f7a
Add safari module for CVE-2015-1155
2015-06-23 16:15:50 -05:00
Trevor Rosen
c45e42465a
Land #5492 , update PCAnywhere login scanner
2015-06-23 14:48:25 -05:00
William Vu
5751e196bb
Remove extraneous newline
2015-06-23 14:43:37 -05:00
wchen-r7
59af7ef1fc
Remove the extra target_uri
2015-06-23 10:27:50 -05:00
wchen-r7
a2a231c242
Land #5577 , MS15-034 HTTP.SYS Information Disclosure
2015-06-23 10:20:54 -05:00
wchen-r7
11366971da
Oh never mind, user-agent makes it more difficult to use (more crashes)
2015-06-23 01:24:17 -05:00
wchen-r7
6127b8a037
Pass user-agent
2015-06-23 01:23:01 -05:00
wchen-r7
8ce5cc23cf
More consistent filename style
2015-06-23 01:08:34 -05:00
wchen-r7
e9b548e8a2
Changes for ms15034_http_sys_memory_dump.rb
2015-06-23 01:07:33 -05:00
root
302db36daa
Add last_attempted_at to creds object
2015-06-23 09:46:01 +05:00
rwhitcroft
8086a6f8cc
remove unnecessary begin/rescue, change print_* to vprint_* in check()
2015-06-22 20:25:12 -04:00
rwhitcroft
90e17aee6b
clarified affected OSes and error messages
2015-06-22 15:47:26 -04:00
rwhitcroft
774aef7241
add module to dump memory via MS15-034
2015-06-22 10:31:31 -04:00
Ramon de C Valle
7bda1e494b
Use Rex::Socket::Tcp
2015-06-21 13:40:31 -07:00
Ramon de C Valle
7f55f6631c
Remove the timeout option
2015-06-20 20:14:47 -07:00
Ramon de C Valle
01e87282a9
Use Msf::ThreadManager#spawn
2015-06-20 18:48:10 -07:00
Ramon de C Valle
dabc7abae5
Change method names to lowercase
2015-06-20 18:23:34 -07:00
Pedro Ribeiro
50a3a32bfd
Update sysaid_sql_creds.rb
2015-06-20 16:58:42 +01:00
Pedro Ribeiro
78c2f8a3a3
Update sysaid_sql_creds.rb
2015-06-20 16:57:34 +01:00
Pedro Ribeiro
11aca8b27a
Update sysaid_file_download.rb
2015-06-20 16:54:33 +01:00
Pedro Ribeiro
cf8008ed38
Update sysaid_admin_acct.rb
2015-06-20 16:52:13 +01:00
jvazquez-r7
4762e9f62c
Land #5540 , @wchen-r7's changes for multiple auxiliary modules to use the new cred API
2015-06-19 15:39:09 -05:00
jvazquez-r7
fa6e45964e
Provide context to the note
2015-06-19 15:38:26 -05:00
wchen-r7
83427583ea
report_note for group info
2015-06-19 15:09:50 -05:00
wchen-r7
ef286fdfcf
Remove report_auth_info
2015-06-19 15:06:02 -05:00
wchen-r7
b104155cf1
Do Metasploit::Model::Login::Status::UNTRIED
2015-06-19 15:05:42 -05:00
wchen-r7
bd097e3264
Land #5497 , Refactor LoginScanner::SNMP to be fast and less buggy
2015-06-19 14:57:36 -05:00
jvazquez-r7
34d5d92646
Land #5555 , @Th3R3p0's support for for RFB Version 4
2015-06-19 14:15:04 -05:00
Brent Cook
d19c2e7206
Land #5544 , track updates to SSL Labs API
2015-06-19 11:39:38 -05:00
Brent Cook
bf170a195d
the API sometimes returns negative percents - treat these as 0
2015-06-19 11:38:36 -05:00
Brent Cook
5a277389f2
remove some trailing commas
2015-06-19 11:38:22 -05:00
William Vu
2587595a92
Land #5556 , vprint_status fix
2015-06-19 11:24:54 -05:00
jvazquez-r7
ebd376e0f3
Land #5485 , @wchen-r7 updates wordpress_login_enum to use the new cred API
2015-06-19 10:50:07 -05:00
jvazquez-r7
dfae4bbbf0
Do reporting more accurate
2015-06-19 10:48:12 -05:00
wchen-r7
7f56b4635c
Land #5546 , Use the new cred API for auxiliary/server/capture/telnet
2015-06-19 10:46:01 -05:00
William Vu
d86c21e94a
Land #5567 , author fix
2015-06-19 10:41:41 -05:00
aushack
76cd9590a4
Fix author
2015-06-19 19:13:51 +10:00
wchen-r7
9b5770c966
Change to Metasploit::Model::Login::Status::SUCCESSFUL
2015-06-18 23:40:51 -05:00
g0tmi1k
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
Th3R3p0
a6c7f93bbe
changed text to show support for RFB version 4.001
2015-06-17 13:09:03 -04:00
root
fcf6212d2f
Update telnet capture module to use the new creds API
2015-06-16 16:37:36 +05:00
Denis Kolegov
c3d2797f10
Fixed Info fields
2015-06-16 04:22:22 -04:00
Denis Kolegov
2778274e47
Added new SSL Labs API fields and fixed minor errors
2015-06-16 02:59:12 -04:00
wchen-r7
b6379b4d24
Update drupal_views_user_enum
2015-06-16 00:02:02 -05:00
wchen-r7
0b88e86a49
Using the new cred API for multiple auxiliary modules
2015-06-15 16:06:57 -05:00
Jon Hart
fd0b42be4a
Properly store quake service info
2015-06-15 12:45:14 -07:00
Jon Hart
079a9d449c
Use peer
2015-06-15 11:45:55 -07:00
Jon Hart
feb7263137
Wire in recog support for ssh_version
2015-06-15 11:42:20 -07:00
Jon Hart
80f1173fcf
Style and scanner usability cleanup for ssh_version
2015-06-15 10:12:07 -07:00
wchen-r7
907f596de6
Land #5520 , Update titan_ftp_admin_pwd to use the new creds API
2015-06-15 03:26:19 -05:00
wchen-r7
940d045029
Correctly report rport
2015-06-15 03:23:39 -05:00
wchen-r7
308b1a3d7f
Don't deregister username & password
2015-06-15 03:21:09 -05:00
wchen-r7
ebce415957
Land #5507 , Update nessus_xmlrpc_logic to use the new creds API
2015-06-15 02:59:01 -05:00
wchen-r7
c20cf15104
Msut have last_attempted_at key
2015-06-15 02:58:31 -05:00
jww519
2b23c91f77
Create Android Browser DOS module (CVE-2012-6301)
...
This module exploits CVE-2012-6301, which exploits a vulnerability in
Android 4.0.3 and causes the stock browser to unexpectedly close.
Thanks @jww519!
2015-06-14 15:19:27 -04:00
Joshua Abraham
c801e52f60
Update smb_enumusers_domain.rb
2015-06-13 17:02:43 -04:00
jvazquez-r7
e628d71261
Land #5397 , @espreto's module for WordPress Simple Backup File Read Vulnerability
2015-06-12 15:32:06 -05:00
jvazquez-r7
184c20cd46
Do minor cleanup
2015-06-12 15:31:42 -05:00
wchen-r7
8dad739c76
Land #5508 , Get Ready to Move VMware modules to the VMware directory
2015-06-10 11:59:40 -05:00
Tod Beardsley
0d979f61ae
Minor fixups on newish modules
2015-06-10 11:09:42 -05:00
root
7cb82f594b
Add ftp port for service
2015-06-10 14:24:05 +05:00
root
3ffe006e09
Update titan_ftp_admin_pwd to use the new creds API
2015-06-10 13:36:26 +05:00
root
3fe6ddd10a
Change credential status from untried to successful
2015-06-10 10:09:57 +05:00
root
78a6e1bc90
Change credential status from untried to successful
2015-06-10 10:07:33 +05:00
root
1b3f911f84
Change credential status from untried to successful
2015-06-10 09:54:10 +05:00
root
49e4820c57
Add depcrecated note to the existing modules
2015-06-09 10:42:53 +05:00
Ramon de C Valle
a48d79a2e7
Add jsse_skiptls_mitm_proxy.rb
...
This module exploits an incomplete internal state distinction in Java
Secure Socket Extension (JSSE) by impersonating the server and finishing
the handshake before the peers have authenticated themselves and
instantiated negotiated security parameters, resulting in a plaintext
SSL/TLS session with the client. This plaintext SSL/TLS session is then
proxied to the server using a second SSL/TLS session from the proxy to
the server (or an alternate fake server) allowing the session to
continue normally and plaintext application data transmitted between the
peers to be saved. This module requires an active man-in-the-middle
attack.
2015-06-08 19:41:17 -07:00
Josh Abraham
8381d4f994
update smb_enumusers_domain to store enumerated users in the DB
2015-06-08 19:42:03 -04:00
root
3279518bbd
Move VMware modules to the VMware directory
2015-06-08 14:58:22 +05:00
root
245c76374d
Update nessus_xmlrpc_logic to use the new creds API
2015-06-08 14:40:15 +05:00
HD Moore
c80017992a
A dirty patch for a number of Net::DNS/dns_enum issues
2015-06-06 13:48:52 -05:00
HD Moore
135958a225
Cleanup the udp_(sweep|probe) SNMP generators
2015-06-06 00:54:08 -05:00
HD Moore
6b05302059
Fixes #5459 , refactors LoginScanner::SNMP
2015-06-06 00:50:55 -05:00
root
3ec6d9b7aa
Update owa_login to use new cred API
2015-06-05 15:41:07 +05:00
root
b6936febbe
Update pcanywhere_login to use the new cred API
2015-06-05 12:16:00 +05:00
wchen-r7
874e090aa1
Update wordpress_login_enum to use the new cred API
2015-06-04 18:16:14 -05:00
John Sherwood
d3c3741478
Use run_host so that we can use THREADS
...
- The refactor left the module using run_batch even though the
features of the code that made this desirable were removed (i.e.,
it was no longer doing one batch per community string). By now
switching back to run_host, we can again take advantage of the
built-in metasploit multithreading capabilities.
- Also, added back in the display of the result.proof field. This
aids in identifying false positives (which have a blank response)
and is functionality worth keeping.
2015-06-03 18:08:38 -04:00
Pedro Ribeiro
7f35c3b4f5
Update sysaid_sql_creds.rb
2015-06-03 22:00:08 +01:00
Pedro Ribeiro
54bfe29527
Update and rename sysaid_file_ to sysaid_file_download.rb
2015-06-03 21:59:45 +01:00
Pedro Ribeiro
42e84cd7d5
Update sysaid_admin_acct.rb
2015-06-03 21:59:04 +01:00
Pedro Ribeiro
6683b86822
Create sysaid_sql_creds.rb
2015-06-03 21:46:48 +01:00
Pedro Ribeiro
72b7982e7a
Create sysaid_file_
2015-06-03 21:46:13 +01:00
Pedro Ribeiro
765077d741
Create sysaid_admin_acct.rb
2015-06-03 21:38:43 +01:00
Roberto Soares
b305fa62f4
Changed vprint_error when nothing was downloaded.
2015-06-03 14:46:59 -03:00
Roberto Soares
24ec3b2fb5
Changed vprint_error to fail_with method.
2015-06-03 13:46:59 -03:00
jvazquez-r7
6669665d6d
Land #5402 , @nstarke's module to extract accouns information from a AVTECH744_DVR device
2015-05-29 16:14:50 -05:00
jvazquez-r7
843572df6d
Change module filename
2015-05-29 16:14:16 -05:00
jvazquez-r7
acb0af3826
Update description
2015-05-29 16:13:43 -05:00
jvazquez-r7
39ae6263e9
Use Rex::Text.encode_base64
2015-05-29 16:12:21 -05:00
jvazquez-r7
8338b21f6c
Make some code cleanup
2015-05-29 16:04:29 -05:00
wchen-r7
b6b055a5f2
Land #5431 , deprecate cold_fusion_version, use coldfusion_version instead.
2015-05-28 15:40:34 -05:00
wchen-r7
80c3022dc1
Deprecate cold_fusion_version. Please use coldfusion_version.
...
auxiliary/scanner/http/cold_fusion_version is deprecated. Please use
auxiliary/scanner/http/coldfusion_version instead.
2015-05-28 15:39:14 -05:00
Christian Mehlmauer
52e30d4fc2
Land #5434 , OSVDB reference
2015-05-28 22:00:44 +02:00
wchen-r7
068198c980
Land #5386 , automatically find file for ms15_034
2015-05-28 14:52:31 -05:00
wchen-r7
f9f35db7f3
Update description
2015-05-28 14:52:03 -05:00
Tod Beardsley
818dbf58f0
Adding an OSVDB number to the Netgear module
2015-05-28 14:37:39 -05:00
erwanlr
a74c3372c0
Uses vprint instead of print in #check_host
2015-05-28 15:46:51 +01:00
erwanlr
6d01d7f986
Uses peer instead of ip:port across all the module
2015-05-28 09:32:05 +01:00
erwanlr
447c4ee7df
Allows the targetèuri to be shared between the #check and #dos
2015-05-28 09:30:04 +01:00
wchen-r7
2ae9e39719
Land #5376 , Report ipmi_dumphashes credentials with create_credential_login
2015-05-27 13:11:07 -05:00
Tod Beardsley
95b5ff6bea
Minor fixups on recent modules.
...
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301 , @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces
Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in
Edited modules/auxiliary/scanner/http/title.rb first landed in #5333 ,
HTML Title Grabber
Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401 , multi-platform CVE-2015-0311 - Flash uncompress()
UAF
Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290 , Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
Nicholas Starke
a3ff9859c8
Adding Credentials Capabilities
...
This commit adds the ability for credentials
to be retrieved via the 'creds' command. It
also contains a few miscellaneous stylistic
syntax changes.
2015-05-24 15:03:06 -05:00
Nicholas Starke
9430d38a09
Adding AVTECH744_DVR Module
...
This module retrieves account information from
an AVTECH 744 DVR, including username, cleartext
password, account role, and the device PIN.
2015-05-21 16:33:06 -05:00
jvazquez-r7
e1f10772b3
Use create_cracked_credential
2015-05-21 16:30:42 -05:00
jvazquez-r7
305da46491
Land #5301 , @m-1-k-3's aux module to extract passwords from Netgear soap interfaces
2015-05-21 16:07:05 -05:00
Roberto Soares
b4a6cdbad0
Remove new line in vprint_line.
2015-05-21 12:33:09 -03:00