ee46771de5
Land #1799 , @m-1-k-3's auth bypass module for Dlink DSL320
2013-05-12 17:34:08 -05:00
a94d078bfd
Added the statement return to condition: if res.nil?
2013-05-11 00:59:05 -03:00
18ee9af59f
Added couchdb_enum.rb to list essential information about CouchDB
2013-05-10 23:18:48 -03:00
7a7f4a1727
Added couchdb_login.rb to try to brute-force credentials of CouchDB
2013-05-10 23:16:11 -03:00
891e36c947
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-09 17:47:35 -05:00
d37d211ecc
Fix short escape sequences error
2013-05-09 17:29:55 -05:00
cf05602c6f
Land #1661 , @nmonkee's sap_soap_rfc_eps_get_directory_listing module
2013-05-09 16:46:13 -05:00
b18a98259b
Modify default rport
2013-05-09 16:24:54 -05:00
3e1d1a3f98
Land #1659 , @nmonkee's sap_soap_rfc_eps_delete_file module
2013-05-09 16:22:54 -05:00
53c08cd60f
fix incorrect printing typo
2013-05-09 21:37:04 +01:00
ca41d859a9
up to date
2013-05-09 13:00:10 -05:00
e711474654
Merge branch 'sap_soap_xmla_bw_smb_relay_' of https://github.com/nmonkee/metasploit-framework
2013-05-09 12:37:46 -05:00
866fa167ab
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-08 16:29:52 -05:00
4c75354a6a
Land #1786 , request_cgi instead of request_raw
...
Also some other small changes to modules, such as sensible defaults for
options.
2013-05-08 14:58:04 -05:00
e3582887cf
OSVDB, Base64
2013-05-07 08:28:48 +02:00
a1d2680a17
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-06 23:24:21 -05:00
fff8593795
Fix author name
2013-05-06 17:34:37 -05:00
ad21a107ec
up to date
2013-05-06 15:48:59 -05:00
fcb9dc1384
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-06 15:40:22 -05:00
c84febb81a
Fix extra character
2013-05-06 15:19:15 -05:00
92b4d23c09
Add Mariano as Author because of the abuse disclosure
2013-05-06 15:15:15 -05:00
db243e78c8
Land #1682 , sap_router_info_request fix from @nmonkee
2013-05-06 15:13:57 -05:00
85581a0b6f
Clean up sap_soap_rfc_eps_get_directory_listing
2013-05-06 13:21:42 -05:00
1fc0bfa165
Change module filename
2013-05-06 13:20:07 -05:00
0f2a3fc2d4
dsl320b authentication bypass - password extract
2013-05-06 14:31:47 +02:00
7b960a4f18
Add OSVDB reference
2013-05-06 00:54:00 -05:00
a17062405d
Clean up for sap_soap_rfc_eps_delete_file
2013-05-06 00:53:07 -05:00
5adc2879bf
Change module filename
2013-05-06 00:51:23 -05:00
66a5eb74c5
Move file to auxiliary/dos/sap
2013-05-06 00:50:50 -05:00
425a16c511
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-05 22:00:07 -05:00
63b0eace32
Add a missing require
2013-05-04 22:39:57 -05:00
2384f34ada
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-03 15:39:16 -05:00
589be270bf
Land #1658 , @nmonkee's SAP module for PFL_CHECK_OS_FILE_EXISTENCE
2013-05-03 14:19:36 -05:00
9e1037bce0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-02 16:15:28 -05:00
b096449a97
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-02 15:12:19 -05:00
7579b574cb
Rework parse_xml
...
We try to avoid using Nokogiri in modules due to the sometimes
uncomfortable dependencies it creates with particular compiled libxml
versions. Also, the previous parse_xml doesn't seem to be correctly
skipping item entries with blank names.
I will paste the test XML in the PR proper, but do check against a live
target to make sure I'm not screwing it up.
2013-05-02 14:43:30 -05:00
902cd7ec85
Revert removal of the SAP module
...
This reverts commit 26da7a6ee7
2013-05-02 14:42:35 -05:00
26da7a6ee7
Removing this from master due to test problems
...
This module was moved over to the unstable branch in commit
7106afdf7d
2013-05-02 13:43:02 -05:00
132c09af82
Add BID reference
2013-05-02 10:21:09 -05:00
6e68f3cf34
Clean up sap_soap_rfc_pfl_check_os_file_existence
2013-05-02 10:19:15 -05:00
244bf71d4a
Change module filename
2013-05-02 10:15:50 -05:00
29d4e378aa
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-02 09:27:51 -05:00
d9cdb6a138
Fix more feedback provided by @nmonkee: CMD vs COMMAND
2013-05-02 09:08:48 -05:00
c6c7998e3b
Fix feedback provided by @nmonkee
2013-05-02 09:06:51 -05:00
4db81923bf
Update description
2013-05-02 08:45:01 -05:00
4054d91955
Land #1657 , @nmonkee's RZL_READ_DIR_LOCAL SAP dir listing module
2013-05-02 08:38:50 -05:00
e25057b64a
Fix indent level
2013-05-01 22:01:36 -05:00
c406271921
Cleanup sap_soap_rfc_rzl_read_dir
2013-05-01 21:51:06 -05:00
98dd96c57d
Change module filename
2013-05-01 21:50:24 -05:00
6b6b53240b
Fix SAP modules, mainly to make a better use of send_request_cgi
2013-05-01 14:06:53 -05:00
76e70adcff
Added Memcached Remote Denial of Service module
...
https://code.google.com/p/memcached/issues/detail?id=192
2013-04-30 17:45:09 +03:00
a7e4ba5015
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-30 08:32:24 -05:00
4227c23133
Add a reference for Safari module
2013-04-29 14:07:55 -05:00
431cba8f36
Update print_status labels.
2013-04-29 11:13:53 -05:00
c2a1d296a2
Rename DOWNLOAD_URI -> DOWNLOAD_PATH.
...
Conflicts:
modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
2013-04-29 11:11:06 -05:00
55e0ec3187
Add support for DOWNLOAD_URI option.
...
* Fixes some comments that were no longer accurate.
Conflicts:
modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
2013-04-29 11:10:19 -05:00
a4632b773a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-28 12:59:16 -05:00
c27245e092
Touch descriptions for module and options
2013-04-26 13:05:16 -05:00
b4606ba60a
Remove unnecessary puts call.
2013-04-26 12:55:02 -05:00
ca6d6fbc84
msftidy for whitespace
2013-04-26 12:44:11 -05:00
16769a9260
Fixing path normalization
2013-04-26 12:40:24 -05:00
2fa16f4d36
Rewrite relative script URLs to be absolute.
...
* Adds rescue clauses around URI parsing/pulling
* Actually use the URI_PATH datastore option.
2013-04-26 11:25:20 -05:00
2a41422276
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-25 20:24:17 -05:00
993356c73e
Add safari webarchive uxss to framework as an aux module.
2013-04-25 11:14:16 -05:00
7bf4aa317f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-25 10:31:51 -05:00
b67fcd3219
Add OSVDB ref to sap_configservlet_exec_noauth
2013-04-25 08:13:32 -05:00
38e41f20fe
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-24 13:24:13 -05:00
cae30bec23
Clean up all the whitespace found
2013-04-23 18:27:11 -05:00
96b66d3856
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 21:49:59 -05:00
1529dff3f3
Do final cleanup for sap_configservlet_exec_noauth
2013-04-22 21:43:41 -05:00
8c9715c2ed
Land #1751 , @andrewkabai's SAP Portal remote OS command exec
2013-04-22 21:41:53 -05:00
5f5e772f7c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 21:31:16 -05:00
a09b3b8023
Lands #1169 - Adds a check
...
[Closes #1169 ]
Conflicts:
modules/auxiliary/dos/http/apache_range_dos.rb
2013-04-22 15:50:15 -05:00
882b084cba
Changes the default action
2013-04-22 15:47:38 -05:00
7e28a4ddb0
Uses "ACTIONS" keys instead of datastore options
...
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
2013-04-22 15:41:47 -05:00
79eb2ff62d
add EDB ID to references
2013-04-22 18:37:28 +02:00
15b06c43aa
sap_configservlet_exec_noauth auxiliary module
...
the final module was moved from my master branch to here because of the
pull request needs
2013-04-22 17:40:27 +02:00
b4f1f3efbb
remove aux module from master branch
2013-04-22 17:34:01 +02:00
0115833724
SyntaxError fixes
2013-04-21 20:22:41 +00:00
d1c5179b83
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-19 17:48:12 -05:00
49b055e5fd
make msftidy happy
2013-04-20 00:26:04 +02:00
e4d9c45ce9
remove unnecessary rank rating
2013-04-20 00:23:55 +02:00
c7fcd6931a
Use vprint_error
2013-04-19 16:22:07 -05:00
eaff87879e
added text
2013-04-19 22:03:05 +02:00
a6be72b019
fixes for mediawiki aux module
2013-04-19 21:43:12 +02:00
763d1ac2f1
remove unnecessary option declaration
2013-04-19 21:42:28 +02:00
85932a2445
improve URI path and parameter handling
...
switch from PATH to TARGETURI datastore;
use normalize_uri to build uri;
use query in send_request_cgi to to prepare query string (instead of
vars_get that escapes the necessary semicolons)
2013-04-19 21:37:39 +02:00
d4fa2ba96d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-19 14:14:36 -05:00
c52588f579
remove Scanner mixin
...
remove Scanner mixin because this module is not a scanner modul
2013-04-19 20:28:44 +02:00
7fdf84ac45
Landing #1744 - Checks nil before using resp.headers['Server']
...
[Closes #1744 ]
2013-04-19 10:37:05 -05:00
31586770a0
Added module for OSVDB 92490
2013-04-18 14:34:02 -05:00
8f76c436d6
SAP ConfigServlet OS Command Execution module
...
This module allows execution of operating system commands throug the
SAP ConfigServlet without any authentication.
2013-04-18 20:26:48 +02:00
15c6df1482
Check for nil before calling on value
2013-04-18 00:32:37 -04:00
cc35591723
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-15 17:43:15 -05:00
a36c6d2434
Lands #1730 , adds a VERBOSE option checker
...
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
2013-04-15 15:32:56 -05:00
29101bad41
Removing VERBOSE offenders
2013-04-15 15:29:56 -05:00
ba7603e66c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-09 17:34:23 +02:00
76d4538d2a
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-04-09 10:24:54 -05:00
1e258170dc
It's a filename, so not trying to match any single char
2013-04-09 10:20:52 -05:00
50cf039170
Merge branch 'cve-2013-1899-not-auth' of github.com:jhart-r7/metasploit-framework into jhart-r7-cve-2013-1899-not-auth
2013-04-09 10:19:15 -05:00
79620ed660
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-09 17:12:16 +02:00
ba86e14d43
Whitespace and caps fixes
2013-04-09 08:57:53 -05:00
ef63a4f5cf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-08 21:29:01 +02:00
225342ce8f
final cleanup for sysax_sshd_kexchange
2013-04-08 20:28:37 +02:00
5bc454035c
Merge remote-tracking branch 'origin/pr/1710' into landing-pr1710
2013-04-08 20:20:11 +02:00
b1152d1567
Improve Postgres CVE-2013-1899 to detect unauthorized connections
2013-04-08 09:55:23 -07:00
d65bf8bab9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-08 18:19:41 +02:00
d24371eaff
Merge branch 'hp_imc_reportimgservlt_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_reportimgservlt_traversal
2013-04-08 10:18:30 -05:00
1b5c34db1a
Merge branch 'hp_imc_ictdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_ictdownloadservlet_traversal
2013-04-08 10:17:19 -05:00
11253c8f3e
Merge branch 'hp_imc_faultdownloadservlet_traversal' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-hp_imc_faultdownloadservlet_traversal
2013-04-08 10:16:52 -05:00
f96baa7e7e
Code Review Feedback
...
made the CLIENTVERSION always include the "SSH-2.0-OpenSSH_5.1p1 " to trigger DoS
2013-04-08 10:58:35 -04:00
4c8e19ad1a
Added reference
...
Removed final debug print statement
2013-04-08 08:28:53 -04:00
daba48035d
fix DEPTH description and basename
2013-04-05 11:05:46 +02:00
b6edad1f1d
fix DEPTH description and basename
2013-04-05 11:04:43 +02:00
d163e96d6a
fix DEPTH description and basename
2013-04-05 11:02:59 +02:00
d823f724cd
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-04 22:16:35 +02:00
30f44c3a24
final cleanup for dlink_dir_615h_http_login
2013-04-04 22:02:45 +02:00
8f60d12e46
Merge branch 'dlink_login_dir_615H' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login_dir_615H
2013-04-04 22:01:49 +02:00
b75d038fc2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-04 21:54:36 +02:00
7d1e9af728
final cleanup for dlink_dir_session_cgi_http_login
2013-04-04 21:41:42 +02:00
0b9fe53919
module filename changed
2013-04-04 21:41:10 +02:00
6ec6638568
Merge branch 'dlink_login_dir_300B_600B' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login_dir_300B_600B
2013-04-04 21:40:21 +02:00
498a0dc309
final cleanup for dlink_dir_300_615_http_login
2013-04-04 21:15:22 +02:00
cff70e41be
Merge branch 'dlink_login' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink_login
2013-04-04 21:14:56 +02:00
fe2b598503
Add the advisory URL
2013-04-04 10:22:31 -05:00
c8a6dfbda2
Add scanner module for the new PostgreSQL flaw
2013-04-04 10:19:47 -05:00
7b4cdf4671
make msftidy happy
2013-04-04 13:22:01 +02:00
78c492da20
is_dlink, more feedback included, msftidy
2013-04-04 13:18:32 +02:00
2f96a673cd
is_dlink, more feedback included
2013-04-04 13:17:45 +02:00
64f3e68310
is_dlink and some more feedback included
2013-04-04 13:01:18 +02:00
89de9fdf22
cleanup for dlink_dir_300_615_http_login
2013-04-03 10:04:01 +02:00
b4b3c82c86
delete space
2013-04-03 00:31:00 +02:00
54120a2d3a
delete space
2013-04-03 00:30:24 +02:00
85d9e3e9ee
delete space
2013-04-03 00:29:38 +02:00
0b4eab2499
added module for ZDI-13-053
2013-04-03 00:24:11 +02:00
018e147063
added module for ZDI-13-052
2013-04-03 00:22:38 +02:00
dc17b4931c
added module for ZDI-13-051
2013-04-03 00:21:01 +02:00
070fd399f2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-31 20:23:08 +02:00
587170ae52
fixed author details - next try
2013-03-30 12:43:55 +01:00
1d6184cd63
fixed author details
2013-03-30 12:41:31 +01:00
8032a33cd5
report_auth_info - proof
2013-03-29 22:06:25 +01:00
1156194a6b
feedback included, server fingerprinting
2013-03-29 22:04:22 +01:00
2b4d6eb455
feedback included, server header check
2013-03-29 21:30:45 +01:00
b6a50da394
feedback included, server header check
2013-03-29 21:20:51 +01:00
5616b8245b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-29 11:59:33 +01:00
9086c53751
Not an HttpClient, so doesn't have normalize_uri
...
[FixRM #7851 ]
2013-03-28 13:16:21 -05:00
5b30115336
vprint_status changed to vprint_error as requested
2013-03-28 14:27:51 +00:00
0f147dcf47
vprint_status changed to vprint_error as requested
2013-03-28 14:24:57 +00:00
eee702a329
vprint_status changed to vprint_error as requested
2013-03-28 14:23:21 +00:00
e2212ca8c9
vprint_status changed to vprint_error as requested
2013-03-28 14:22:01 +00:00
9594693ecb
vprint_status changed to vprint_error as requested
2013-03-28 14:16:19 +00:00
9d87db6831
vprint_status changed to vprint_error as requested
2013-03-28 14:08:24 +00:00
aae1d5933e
removed socket print, left over from debugging
2013-03-28 10:49:23 +00:00
376ca7b107
fixed issue with access denied condition thanks to @pho_bos
2013-03-28 10:41:37 +00:00
aa981cc991
DIR-645 also working
2013-03-27 12:11:14 +01:00
615aa57399
Dlink DIR615 HW rev B login module
2013-03-27 09:26:23 +01:00
680b551215
default to user admin
2013-03-27 08:59:19 +01:00
032214fb1d
default to user admin
2013-03-27 08:49:04 +01:00
e1a719a6c0
http login module for DLink DIR300revB, DIR600revB, DIR815
2013-03-26 20:57:24 +01:00
c4fe21865c
user fix
2013-03-26 20:15:19 +01:00
bcc26427c0
EPS_GET_DIRECTORY_LISTING (List Directory abd SMB Relay)
2013-03-25 20:26:56 +00:00
d8086a27a6
vprint_status mod
2013-03-25 20:20:29 +00:00
121c75f646
vprint_status mod
2013-03-25 20:18:14 +00:00
da6a99defb
vprint_status mod
2013-03-25 20:16:11 +00:00
f66ffbfa81
vprint_status mod
2013-03-25 20:13:45 +00:00
95e7d55313
remove sap_soap_rfc_eps_delete_file_smb_relay.rb
2013-03-25 20:09:59 +00:00
f7ccfa634e
This module exploits an authentication bypass vulnerability in SAP NetWeaver CTC service
2013-03-25 19:59:16 +00:00
3c12459703
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 19:33:36 +01:00
9717a8c3b4
cleanup for tplink_traversal_noauth
2013-03-25 19:20:18 +01:00
543b401a55
Merge branch 'tplink-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-tplink-traversal
2013-03-25 19:18:53 +01:00
393d5d8bf5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 19:09:42 +01:00
f92f59bfad
EPS_DELETE_FILE (File deletion and SMB Relay)
2013-03-25 17:23:27 +00:00
dcce23d23d
Merge branch 'bugs/tomcat_enum-double_check' of github.com:neinwechter/metasploit-framework into neinwechter-bugs/tomcat_enum-double_check
2013-03-25 12:19:52 -05:00
01ee30e389
PFL_CHECK_OS_FILE_EXISTENCE (file existence and SMB relay)
2013-03-25 17:11:23 +00:00
fdd06c923a
cleanup for dlink_dir_645_password_extractor
2013-03-25 18:04:12 +01:00
a9a5a3f64f
Merge branch 'dlink-dir645-password-extractor' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-dlink-dir645-password-extractor
2013-03-25 18:02:51 +01:00
aad0eed485
Fix whitespace EOL
2013-03-25 13:00:37 -04:00
5be98593a9
RZL_READ_DIR_LOCAL (directory listing and SMB relay)
2013-03-25 16:59:37 +00:00
3f79b2fd3b
Use :abort for scanner mixin
2013-03-25 12:59:18 -04:00
e840578ea2
SAP /sap/bw/xml/soap/xmla XMLA service (XML DOCTYPE) SMB relay
2013-03-25 16:57:12 +00:00
0d56da0511
Merge branch 'netgear-sph200d' of github.com:m-1-k-3/metasploit-framework into m-1-k-3-netgear-sph200d
2013-03-25 11:45:40 -05:00
99fe2a33d7
Deregister USER_AS_PASS and stop on connect error
2013-03-25 12:35:52 -04:00
53b862300e
cleanup for linksys_e1500_traversal
2013-03-25 17:33:38 +01:00
ea804d433e
change file name
2013-03-25 17:33:16 +01:00
660d3d5388
Merge branch 'linksys-traversal' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-traversal
2013-03-25 17:31:11 +01:00
2d5a0d6916
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-25 17:08:23 +01:00
e57498190b
dlink dir 300/600 login module - initial commit
2013-03-25 08:48:24 +01:00
98ac6e8090
feedback included
2013-03-24 21:01:30 +01:00
d90de54891
reporting and feedback
2013-03-24 15:00:18 +01:00
9f8ec37060
store loot
2013-03-24 11:48:49 +01:00
71708c4bc3
dir 645 password extractor - initial commit
2013-03-24 11:44:24 +01:00
49ac3ac1a3
cleanup for linksys_e1500_e2500_exec
2013-03-23 23:30:49 +01:00
98be5d97b8
Merge branch 'linksys-e1500-e2500-exec' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-linksys-e1500-e2500-exec
2013-03-23 23:30:14 +01:00
b2bf1df098
fixed encoding and set telnetd as default cmd
2013-03-23 22:56:15 +01:00
7ff9c70e38
10 to 0 is good :)
2013-03-23 22:46:26 +01:00
47d458a294
replacement of the netgear-sph200d module
2013-03-23 22:40:32 +01:00
bd522a03e3
replace module to the scanner directory
2013-03-23 22:29:44 +01:00
b1ae2f7bf4
replace module to the scanner directory
2013-03-23 22:29:31 +01:00
8f59999f82
replace module to the scanner directory
2013-03-23 22:25:04 +01:00
f58554bb57
replace module to the scanner directory
2013-03-23 22:24:50 +01:00
965ec34368
check of the server on the first try
2013-03-23 22:13:01 +01:00
aacd14ae45
version removed, encode params removed
2013-03-23 21:31:08 +01:00
b01959ea70
tplink traversal - initial commit
2013-03-23 20:30:32 +01:00
cb56b2de4b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-23 20:06:05 +01:00
36d1746c0d
linksys traversal module - initial commit
2013-03-23 17:01:02 +01:00
270f64acc2
feedback included
2013-03-23 15:54:34 +01:00
f22c18e026
Merge branch 'module-psexec_command-file_prefix' of github.com:kn0/metasploit-framework into kn0-module-psexec_command-file_prefix
2013-03-22 13:08:13 -05:00
b30a5aa6e8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-21 09:07:41 +01:00
dcd2aebdcd
feedback included
2013-03-20 21:34:30 +01:00
011b6899b0
Merge 'neinwechter/browser_autopwn-updates'
...
Brings in neinwechter's BAP fixes. Seems to not only be a more sane
strategy, but in practice, ends up with tons more shells for at least
MSIE which is what most people are using it for anyway.
[Closes #1612 ]
2013-03-20 15:26:09 -05:00
e377e30873
unscrewing syntax error
2013-03-20 15:04:31 -05:00
fd20eba35e
Expanding the title and desc for external_ip
...
Also allowing the capitalization on "via" to be small.
2013-03-20 14:42:12 -05:00
44f07cef19
Merge branch 'linksys-e1500-e2500-exec' of https://github.com/m-1-k-3/metasploit-framework
2013-03-20 00:47:31 +01:00
80d218b284
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-19 19:55:51 +01:00
9fc0f9a927
initial commit
2013-03-19 17:31:01 +01:00
116f5b87f0
Merge branch 'axigen_file_access' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-axigen_file_access
2013-03-19 08:33:58 -05:00
fd5bd52e6d
Added some error handling if the connection dies.
2013-03-18 17:26:40 -04:00
66dcbca562
Sysax Multi-Server SSHD DoS
...
This exploit affects Sysax Multi-Server version 6.10. It causes a
Denial of Service by sending a specially crafted Key Exchange, which
causes the service to crash.
2013-03-18 17:16:12 -04:00
3eb4505f6f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-14 16:01:40 +01:00
02f90b5bbd
cleanup for dopewars
2013-03-14 15:53:19 +01:00
4d9f2bbb06
Merge branch 'master' of https://github.com/dougsko/metasploit-framework into dougsko-master
2013-03-14 15:51:47 +01:00
d3a78db77a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-14 14:12:11 +01:00
7403239de7
cleanup for psexec_ntdsgrab
2013-03-14 13:40:45 +01:00
9ae2c8e718
Merge branch 'ntdsgrab4' of https://github.com/R3dy/metasploit-framework into R3dy-ntdsgrab4
2013-03-14 13:39:41 +01:00
97023413cb
Added advanced option for temp filenames prefix
2013-03-14 01:50:52 -05:00
abbb3b248d
methods that use @ip now reference it directly instead of being passed in as paramaters
2013-03-13 19:35:53 -05:00
462ffb78c1
Simplified copy_ntds & copy_sys check on line 91
2013-03-13 19:31:36 -05:00
4e9af74763
All print statements now use #{peer}
2013-03-13 19:28:09 -05:00
edf2804bb5
Added simple.disconnect to end of cleanup_after method
2013-03-13 19:23:22 -05:00
8eba71ebe2
Added simple.disconnect to end of download_sys_hive method
2013-03-13 19:20:58 -05:00
2f11796dfa
Fix typo
...
[SeeRM #7800 ]
2013-03-13 16:10:20 -05:00
e5f7c08d6f
Added module for CVE-2012-4940
2013-03-13 11:52:54 +01:00
22133ba8ff
removed version number
2013-03-12 16:36:14 -04:00
70da739666
fixed errors in dopewars.rb shown by msftidy
2013-03-12 15:47:31 -04:00
c8c50a6407
cleaned up dopewars module
2013-03-12 12:56:12 -04:00
91fbeda062
up to date
2013-03-12 17:04:27 +01:00
6055438476
up to date
2013-03-12 17:04:27 +01:00
ee98f28017
up to date
2013-03-12 16:58:48 +01:00
1331952515
up to date
2013-03-12 16:55:06 +01:00
6bd995f37e
up to date
2013-03-12 16:53:37 +01:00
9891650c30
up to date
2013-03-12 16:51:00 +01:00
b498bf9b71
up to date
2013-03-12 16:50:35 +01:00
9a970415bc
Module uses store_loot now instead of logdir which has been removed
2013-03-11 20:05:23 -05:00
a199c397e4
...
2013-03-11 17:09:17 -04:00
4d6e19b40b
small edits to dopewars.rb
2013-03-11 17:07:05 -04:00
0e607f8252
added dopewars module
2013-03-11 16:52:49 -04:00
2684e6103c
use of send_request_cgi
2013-03-11 20:36:47 +01:00
9c89599737
cleanup before merge external_ip
2013-03-11 20:35:25 +01:00
546e24a9c6
Merge branch 'external_ip_discovery' of https://github.com/sempervictus/metasploit-framework into sempervictus-external_ip_discovery
2013-03-11 20:35:07 +01:00
aa4cc11640
Removed Scanner class running as stand-alone single target module now
2013-03-11 13:39:47 -05:00
074ea7dee4
Merge branch 'ssl' of https://github.com/luh2/metasploit-framework into luh2-ssl
2013-03-11 15:36:20 +01:00
a96753e9df
Added licensing stuff at the top
2013-03-10 20:07:04 -05:00
bf9a2e4f52
Fixed module to use psexec mixin
2013-03-10 15:15:50 -05:00
907983db4a
updating with r7-msf
2013-03-10 14:19:20 -05:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
25f3f935c4
Apply Egypt's cleanup
...
Remove revision, raise the exception itself, remove scanner mixin,
datastore['RHOST'] unstead of RHOSTS, and useles agent var removed.
2013-03-07 18:34:12 -05:00
db1f4d7e1d
added license info
2013-03-07 00:20:02 +00:00
e8c1899dc2
added license info
2013-03-07 00:18:32 +00:00
3946cdf91e
added license info
2013-03-07 00:17:55 +00:00
1b493d0e4c
added license info
2013-03-07 00:16:26 +00:00
9e89d9608f
added license info
2013-03-07 00:11:45 +00:00
56639e7f15
added license info
2013-03-07 00:10:46 +00:00
dfe3a4f394
msftidy and module placement per todb
2013-03-06 17:36:01 -05:00
1d8c759a34
yeah
2013-03-06 16:01:36 -06:00
225b15f7f3
Add external IP discovery module
...
This module performs an HTTP request to ifconfig.me/ip.
The body of the response contains the publicly routable IP from
which the request originated. This can be useful in discovering
routes on pivoted hosts and initial recon as a simple aux module.
2013-03-05 23:42:31 -05:00
ca43900a7c
Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7
2013-03-05 16:34:11 -06:00
781132b1cf
cleanup for openssl_aesni
2013-03-05 22:41:16 +01:00
784c075986
Merge branch 'module-cve-2012-2686' of https://github.com/ettisan/metasploit-framework into ettisan-module-cve-2012-2686
2013-03-05 22:40:46 +01:00
27727df415
Merge branch 'R3dy-psexec-mixin2' into rapid7
2013-03-05 14:36:55 -06:00
867875b445
Beautified OpenSSL-AESNI module
...
Modifed the CVE-2012-2686 module to follow
suggestions by @jvazquez-r7:
* Added description for all fields in the
SSL packets
* MAX_TRIES now required
* use get_once instead of timeout
2013-03-04 19:09:50 +01:00
71ba044d03
remove debugging aid
2013-03-04 11:25:34 -06:00
6dcca7df78
Remove duplicated header issues
...
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
b2f68f0fdb
Merge branch 'dmaloney-r7-feature/http/authv2' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-dmaloney-r7-feature/http/authv2
2013-02-28 14:37:37 -06:00
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
8f58c7b25e
cleanup for sap_icf_public_info
2013-02-28 18:47:48 +01:00
0dcfb51071
cleanup for sap_soap_rfc_system_info
2013-02-28 18:46:18 +01:00
1a10c27872
Merge branch 'sap_rfc_system_info' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-sap_rfc_system_info
2013-02-28 18:45:42 +01:00
e7015985e7
Added CVE-2012-2686
...
Added Module for a DoS issue in OpenSSL (pre 1.0.1d). Can be exploited
with services that use TLS >= 1.1 and AES-NI. Because of improper
length computation, an integer underflow occurs leading to a
segmentation fault. This module brute-forces serveral encrypted
messages - when the decrypted message coincidentally specifies a
certain value for the size, the integer underflow occurs. Though this
could be accomplished more effectively (e.g. implementing or
maninpulating and TLS implementation), this module still does what it
should do.
2013-02-27 22:57:53 +01:00
d3b3587660
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-27 14:01:57 -06:00
cbce1bdff2
update module description
...
This adds the version of wordpress the issue was fixed in to the description
2013-02-26 00:24:46 +00:00
1ce86b7adb
Whitespace
2013-02-25 14:29:10 -06:00
cae1939914
Kinda too long
2013-02-25 13:44:11 -06:00
2c0a916c83
Made the password optional
2013-02-23 17:14:30 -05:00
b221711ecd
Added basic error handling
2013-02-23 10:24:04 -05:00
67c2c3da20
Code Review Feedback
...
Fixed the USER/PASS that I missed in last review
Converted from Scanner module to Gather
2013-02-23 10:09:23 -05:00
fc07bf16e7
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-22 15:41:49 -06:00
b4f002d080
Code Review Feedback
...
Modified USER and PASS to USERNAME and PASSWORD
Moved the Scanner mixin to the bottom and removed deregister
2013-02-21 16:55:27 -05:00
4784db3403
Fixed name
2013-02-21 15:48:41 -05:00
29cb4b1008
Merge remote-tracking branch 'upstream/master' into xbmc
2013-02-21 15:25:37 -05:00
ac50c32d51
Tested, works on server 2k8
2013-02-20 10:02:50 -06:00
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
92093cd7d8
There's no HttpClient, so it shouldn't be using normalize_uri
2013-02-19 15:04:18 -06:00
4703278183
Move SMB mixins into their own directory
2013-02-19 12:55:06 -06:00
ede804e6af
Make psexec mixin a bit better
...
* Removes copy-pasted code from psexec_command module and uses the mixin
instead
* Uses the SMB protocol to delete files rather than psexec'ing to call
cmd.exe and del
* Replaces several instances of "rescue StandardError" with better
exception handling so we don't accidentally swallow things like
NoMethodError
* Moves file reading and existence checking into the Exploit::SMB mixin
2013-02-19 12:33:19 -06:00
49f00acc11
Fix nil deref when dnsdomain is empty
2013-02-19 11:24:05 -06:00
d49797267e
Correct SAP Table Name
2013-02-19 11:20:49 +01:00
358b2f5783
Added module credit as this has turned into a rewrite ;)
2013-02-19 11:15:04 +01:00
f3cf8ad1b9
Whitespace EOL
2013-02-19 11:13:33 +01:00
a75bae927d
Replaced report_note and table output with single function
...
Added proposed extract data function (HDM)
2013-02-19 11:12:12 +01:00
jvazquez-r7
Roberto Soares Espreto
nmonkee
Tod Beardsley
m-1-k-3
HD Moore
Gregory Man
Joe Vennix
sinn3r
Andras Kabai
Antoine
Christian Mehlmauer
RageLtMan
Tod Beardsley
sinn3r
Jon Hart
Matt Andreko
James Lee
Nathan Einwechter
Trenton Ivey
Royce Davis
Doug P
J.Townsend
Wolfgang Ettlinger
David Maloney
Chris John Riley