5646f2e0c4
successful status should include last_attempted_at
2015-09-04 13:45:44 -05:00
cf6d5fac2a
Use the latest cred API, no more report_auth_info
2015-09-04 13:43:15 -05:00
d55757350d
Use the latest credential API, no more report_auth_info
2015-09-04 03:04:14 -05:00
0c7d2af6bc
Land #5750 , Add WP All In One Migration Export Module
2015-08-28 14:12:14 -05:00
837b6a4f71
Update description
2015-08-28 14:11:51 -05:00
d2e758ac8b
Better failure handling
2015-08-28 14:08:29 -05:00
1558fabdb2
Land #5844 , @joevennix updates apple_safari_webarchive_uxss to use the webarchive mixin
2015-08-21 17:27:56 -05:00
a560496455
Do minor ruby style fixes
2015-08-14 14:50:03 -05:00
82193f11e7
Minor js fixes
2015-08-14 14:45:48 -05:00
e4cb6872f2
Add exploit for CVE-2015-4495, Firefox PDF.js
2015-08-14 12:07:15 -05:00
0615d908c4
Update description to explain quarantine effects.
2015-08-13 23:46:37 -05:00
84144bf6cf
Update webarchive_uxss to use the webarchive mixin.
...
- Fixes extension installation to use a new window, not an iframe
- Steals the entire cookie file
- Removes cache poisoning scripts, which no longer seem to work
2015-08-13 23:41:27 -05:00
50041fad2a
Pre-Bloggery cleanup
...
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.
Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823 , mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
67f661823a
Land #5614 , @cldrn's module to collect lansweeper credentials
2015-08-04 16:55:49 -05:00
ed3f993b75
Do some style fixes
2015-08-04 16:41:15 -05:00
0e3434ebad
Fix metadata
2015-08-04 16:28:50 -05:00
7681d73e01
Relocate Webarchive into the Exploit namespace, fixes #5717
2015-07-28 04:11:17 -07:00
e32b3c71f4
Fix ZDI ref on sandbox escape module
2015-07-23 17:11:19 -05:00
d3f31fb56a
Fix msftidy results
2015-07-21 21:29:44 +01:00
55be2eff06
Replace return with fail_with
2015-07-21 21:25:42 +01:00
c63fdad1f1
Add URL reference
2015-07-20 18:15:17 +01:00
f1a909c292
Add WP All In One Migration export module
2015-07-20 18:13:32 +01:00
53bcee011b
Land #5709 , s/Filed/Failed/ typo fixes
2015-07-13 18:37:46 +00:00
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
d1f23c54c7
Changed Filed to Failed on line 43 in java_rmi_registry.rb
2015-07-13 10:33:15 -05:00
d3902771b6
Fixes call to the credentials API and adds version info
2015-07-07 13:48:16 -05:00
a9edfa1b4b
Fix a small typo
2015-07-06 13:37:36 +02:00
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
355738909a
Fixes typo
2015-06-28 09:32:16 -05:00
5c18fc82f2
Stores credentials using create_credential_login
2015-06-28 09:24:31 -05:00
b332b25795
Stores credentials in DB, fixes loop variable and nil dereference bug
2015-06-27 19:06:15 -05:00
52b49503a0
Land #5498 , @hmoore-r7's patch for a number of Net::DNS/enum_dns issues
2015-06-26 18:25:03 -05:00
2968f52ca4
Removes debug sql output
2015-06-26 12:22:34 -05:00
a338920cb3
lansweeper_collector retrieves and decrypts credentials store in the database of Lansweeper
2015-06-26 12:21:35 -05:00
7f4a96f3dc
Fixes coding style issues
2015-06-26 03:29:17 -05:00
3da3595181
MSF module to download and decrypt credentials stored in Lansweeper's database
2015-06-25 19:29:30 -05:00
8b6fba4988
Tweak and fix some things in Safari file URL module.
2015-06-24 02:08:06 -05:00
18a9585f7a
Add safari module for CVE-2015-1155
2015-06-23 16:15:50 -05:00
bf170a195d
the API sometimes returns negative percents - treat these as 0
2015-06-19 11:38:36 -05:00
5a277389f2
remove some trailing commas
2015-06-19 11:38:22 -05:00
c3d2797f10
Fixed Info fields
2015-06-16 04:22:22 -04:00
2778274e47
Added new SSL Labs API fields and fixed minor errors
2015-06-16 02:59:12 -04:00
0d979f61ae
Minor fixups on newish modules
2015-06-10 11:09:42 -05:00
c80017992a
A dirty patch for a number of Net::DNS/dns_enum issues
2015-06-06 13:48:52 -05:00
843572df6d
Change module filename
2015-05-29 16:14:16 -05:00
acb0af3826
Update description
2015-05-29 16:13:43 -05:00
39ae6263e9
Use Rex::Text.encode_base64
2015-05-29 16:12:21 -05:00
8338b21f6c
Make some code cleanup
2015-05-29 16:04:29 -05:00
a3ff9859c8
Adding Credentials Capabilities
...
This commit adds the ability for credentials
to be retrieved via the 'creds' command. It
also contains a few miscellaneous stylistic
syntax changes.
2015-05-24 15:03:06 -05:00
9430d38a09
Adding AVTECH744_DVR Module
...
This module retrieves account information from
an AVTECH 744 DVR, including username, cleartext
password, account role, and the device PIN.
2015-05-21 16:33:06 -05:00
a5267ab77e
Land #4940 , @dnkolegov's modules for F5 BIG-IP devices
2015-05-12 09:59:21 -05:00
efb226a55c
Fixed some minor errors
2015-05-10 02:59:57 -04:00
2e01eb519d
Do minor fixes
2015-05-08 14:04:44 -05:00
4df622c76b
Oops, one last for #5312 .
2015-05-06 14:48:17 -05:00
f423306b6f
Various post-commit fixups
...
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192 , @joevennix's module for Safari CVE-2015-1126
Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in
Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016 ,
add SSL Labs scanner
Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101 , Add Directory Traversal for GoAhead Web Server
Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158 , OWA internal IP disclosure scanner
Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159 , WordPress Mobile Edition Plugin File Read Vuln
Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131 , WordPress Slideshow Upload
Edited modules/exploits/windows/local/run_as.rb first landed in #4649 ,
improve post/windows/manage/run_as and as an exploit
(These results courtesy of a delightful git alias, here:
```
cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"
```
So that's kind of fun.
2015-05-06 11:39:15 -05:00
7fb99cdaaf
Merged fixed conflicts
2015-05-02 05:37:36 -04:00
83288ff391
Fix typo
2015-04-30 17:58:26 -05:00
ff96101dba
Land #5218 , fix #3816 , remove print_debug / DEBUG
2015-04-24 13:41:07 -05:00
bb0b2eee37
Fix missing . in SRV query
...
This update adds a missing . to the end of the
_ldap._tcp SRV record so that it properly forms
the DNS query.
2015-04-24 10:42:31 -04:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
9a49538c1a
Land #5016 , add SSL Labs scanner
2015-04-20 21:34:16 -05:00
752c3243f6
wrap print* functions in report_* wrappers
...
Preserve the semantics in the code, but don't call functions like 'print_error'
unless there is an actual error running the module. Fix spelling of 'Overall'.
2015-04-20 21:13:43 -05:00
c6c7560aed
Land #4846 , @joevennix's android 4.3 uxss module
2015-04-20 18:43:24 -05:00
9b240e1d8f
Use parenthesis
2015-04-20 18:42:34 -05:00
f762873a31
Land #5192 , @joevennix's module for Safari CVE-2015-1126
...
* Module to profit cross domain vulnerability on safari
2015-04-20 15:19:54 -05:00
e2eaff6b3a
Don't modify datastore options
2015-04-20 15:16:21 -05:00
88c52ae7ae
Delete second stop_service, the mixin should had done the job
2015-04-20 15:13:11 -05:00
dc0549d2dd
Use #wait
2015-04-20 15:06:01 -05:00
c1234e05e2
Delete parenthesis from condition
2015-04-20 14:56:37 -05:00
0283ac05e5
Do minor style fixes
2015-04-20 14:54:39 -05:00
69b8edda4a
Use single quotes
2015-04-20 14:53:38 -05:00
16daa935dd
Do minor code cleanup
2015-04-20 13:08:51 -05:00
2010e966b3
Add non-httponly cookie theft module for ios/osx safari.
2015-04-19 11:32:37 -05:00
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
b4b8ac0849
moar fail_with's
2015-04-16 21:26:37 +02:00
4dc402fd3c
moar fail_with's
2015-04-16 21:16:52 +02:00
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
e03f2df691
Land #5002 , RMI/JMX improvements
2015-04-08 15:23:29 -05:00
e1af495d21
Add extra release fixes
2015-04-06 13:08:40 -05:00
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
452ebcf9ad
travis
2015-04-03 16:29:35 +05:00
be829e77ba
cravis error solve
2015-04-03 16:25:18 +05:00
4bd40fed7f
yard doc and comment corrections for auxiliary
2015-04-03 16:12:23 +05:00
d1318d1b48
Fixups for release
2015-03-31 11:02:12 -05:00
8ff54ff98d
Add msb reference
2015-03-30 10:58:08 -05:00
9af1e76bf7
Obfuscate js
2015-03-30 10:52:01 -05:00
c7fa01c5ae
Rename file
2015-03-30 10:39:33 -05:00
9d78aa96d9
Add output of API errors to console
2015-03-30 02:42:09 -04:00
45f8738cfe
Fix stdout errors
2015-03-27 07:53:59 -04:00
3515a0a71f
Initial commit for supporting SSL Labs API
2015-03-27 07:34:11 -04:00
f996c5a888
Update description
2015-03-27 02:31:36 -05:00
67dc46791d
Limit the module to IE 8 and IE9
2015-03-27 02:30:04 -05:00
f88d9651b6
I don't think it's worth putting the js in ie_addons.js
2015-03-27 02:26:50 -05:00
bd2763292a
Properly credit Soroush Dalili
2015-03-26 23:36:16 -05:00
560f31c34d
Minor changes
2015-03-26 23:29:44 -05:00
68624dd56e
Final for ie_files_disclosure.rb
2015-03-26 22:49:22 -05:00
b0b17775c2
First working version
2015-03-26 21:53:26 -05:00
5d80ef9325
Fix minor issues
2015-03-25 02:53:36 -04:00
040a1af9c5
Delete useless ecnryption cookie detection, fix minor issues
2015-03-25 02:34:33 -04:00
39e87f927a
Make code consistent
2015-03-24 11:44:26 -05:00
2a0deaa6c8
Deleted default options and SYN scan
2015-03-23 04:31:08 -04:00
b839547dc3
Add documentation for Registry modules and methods
2015-03-19 17:57:21 -05:00
a7f1244251
Finish the java_rmi_registry gather module
2015-03-19 17:33:45 -05:00
5c3134a616
Add first support to gather information from RMI registries
2015-03-19 11:16:04 -05:00
e943cb550f
Land #4585 : CVE-2015-0975 XXE in OpenNMS
2015-03-18 22:34:52 +10:00
d1a2f58303
Fix of regex for file capture and format tweaks
2015-03-18 22:17:44 +10:00
fa7242388b
Move the module to the correct location
2015-03-18 18:18:54 +10:00
dd751a3371
Add ssl/tls support, change default parameters
2015-03-17 02:23:13 -04:00
0d36115112
Update MS15-018 MSB reference
2015-03-12 10:13:37 -05:00
df80d56fda
Land #4898 , prefer URI to open-uri
2015-03-09 09:14:10 -05:00
ccd0712d43
Use ===, doh.
2015-03-06 12:29:34 -06:00
fefd4e271a
Don't hardcode the hex.
2015-03-06 12:16:03 -06:00
3fb4fbe8e6
Add 'not allowed' check instead of magic check.
2015-03-06 00:01:31 -06:00
7db3277731
Actually hide the iframe.
2015-03-05 23:52:29 -06:00
d7295959ca
Remove open-uri usage in msf.
2015-03-05 23:45:28 -06:00
3c5d7b3ef0
Okay, putting source code in a quoted string is horrible.
2015-03-05 23:25:37 -06:00
5f3ed83922
Land #4836 , Solarwinds Core Orion Service SQL injection
2015-03-02 11:44:26 -06:00
f8e3874203
add nil check
2015-02-28 20:43:19 -06:00
ceb92cdf5e
update login method
2015-02-26 07:33:51 -06:00
c4b85603d2
Fix encoding, oops.
2015-02-25 22:56:33 -06:00
d486d17302
Add reference to 2014 fix.
2015-02-25 21:04:01 -06:00
a410d2ec25
Add android 4.3 stock browser cookie/password theft.
2015-02-25 21:02:15 -06:00
6feae9524b
Fix up funny indent on description
...
[See #4770 ]
2015-02-24 12:25:48 -06:00
1134b0a6fa
fix dataastore to datastore
2015-02-24 10:34:33 -06:00
c9439addf8
fix url
2015-02-23 16:50:58 -06:00
3d82c7755b
add solarwinds module
2015-02-22 15:35:42 -06:00
c820431879
Land #4770 , Wordpress Ultimate CSV Importer user extract module
2015-02-22 08:52:45 +01:00
f9dbff8a6c
Add store path output
2015-02-21 23:41:26 +00:00
c9ddd0dac9
Land #4795 , f5_bigip_cookie_disclosure update
2015-02-20 13:11:42 -06:00
b676f5a07e
Clean up #4795
2015-02-20 13:10:31 -06:00
f6c871a8e5
Deleted spaces at EOL
2015-02-19 05:06:00 -05:00
caabb82975
Fixed indentation errors
2015-02-19 05:02:10 -05:00
2a584da6d9
Added cookie value in print function
2015-02-19 00:43:57 -05:00
e0d87a8886
Update to use store_loot for CSV export
2015-02-17 19:21:31 +00:00
19cd00e6d5
Fix cookit name split
2015-02-16 23:53:32 +07:00
a44e858bd7
Fixed minor errors in F5 BigIP cookie disclosure module
2015-02-16 01:31:52 -05:00
73bac94fa8
Add Ultimate CSV Importer extract module
2015-02-15 15:27:27 +00:00
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
fd441d2c5e
Fix #4764 , NameError unitialized constant Net::DNS in shodan_search
2015-02-13 14:40:23 -06:00
19144e143a
Fixed some errors in F5 BigIP cookie disclosure module
2015-02-13 03:29:23 -05:00
29163db7fc
Add CVE reference for ie_uxss_injection
2015-02-12 17:16:59 -06:00
f8c81e601c
Land #4710 for real.
...
This isn't a proper merge commit. Will need to figure out what I did to
wang up the last landing -- I'm guessing I didn't fetch enough first.
This should fix #4710 .
2015-02-05 17:18:51 -06:00
0a587c9f5a
Land #4710 , really
...
Looks like my publish script ended up rebasing wchen-r7/aux_ie_uxss and
didn't catch the file rename correctly.
Conflicts:
modules/auxiliary/gather/ie_uxss_injection.rb
2015-02-05 17:13:53 -06:00
79e0ddadf6
Rename file again
2015-02-05 17:09:11 -06:00
97aa9f9dd2
Credit @joevennix
2015-02-05 17:09:11 -06:00
7585c625fa
Another update
...
Thanks @joevennix
2015-02-05 17:09:11 -06:00
12aadb3132
Another update
2015-02-05 17:09:10 -06:00
17f2d8048d
Another update
2015-02-05 17:09:10 -06:00
01252078ea
Use store_loot to store coookie
2015-02-05 17:09:10 -06:00
6fd38307e7
An update
2015-02-05 17:09:10 -06:00
727fc51c0b
Don't need this line
2015-02-05 17:09:10 -06:00
4924749b96
Try to make the filename more self explanatory
2015-02-05 17:09:09 -06:00
26af10c3b6
Change public ip option name and store cookie to db
2015-02-05 17:09:09 -06:00
bfa7b61663
Final
2015-02-05 17:09:09 -06:00
b90515ae5d
IE UXSS
2015-02-05 17:09:09 -06:00
d16cc843b2
Correct disclosure date
2015-02-05 15:00:13 -06:00
0955e14dad
Final, really, I think
2015-02-05 14:59:24 -06:00
578423501a
Another update
2015-02-05 13:08:33 -06:00
562063c4d5
Rename file again
2015-02-05 12:26:17 -06:00
80ebde4fe1
Credit @joevennix
2015-02-05 12:25:38 -06:00
27b8d1057f
Another update
...
Thanks @joevennix
2015-02-05 12:23:32 -06:00
988b54f594
Another update
2015-02-05 12:01:19 -06:00
53134aeb17
Another update
2015-02-05 11:46:38 -06:00
871c8aa8d0
Use store_loot to store coookie
2015-02-05 11:36:35 -06:00
dbe99014f2
An update
2015-02-05 11:29:52 -06:00
08d796c5e3
Don't need this line
2015-02-05 10:53:29 -06:00
d6fe077f79
Try to make the filename more self explanatory
2015-02-05 09:53:38 -06:00
ed6ee27896
Change public ip option name and store cookie to db
2015-02-05 09:48:45 -06:00
75c697c4dc
Final
2015-02-05 04:36:44 -06:00
1ccfb6cb43
IE UXSS
2015-02-05 03:03:28 -06:00
46210a4963
Fix punctuation
2015-01-26 12:05:54 -06:00
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
c6901caf39
Change module location
2015-01-24 10:14:46 -06:00
e46395f592
Land #4596 , @pdeardorff-r7's memcached extractor
2015-01-22 08:00:19 -08:00
1cdcd3ccfa
Use a more consistent format in Rex table and loot for memcache
2015-01-22 07:59:48 -08:00
0d4d06fb83
Print table for all scans, add preview size option
2015-01-20 11:12:47 -08:00
f1bf607386
Minor Ruby style cleanup
2015-01-20 08:47:47 -08:00
ef89a3d323
Add protocol reference
2015-01-20 08:34:08 -08:00
9c97824d5c
Move MAXKEYS to advanced
2015-01-20 08:28:49 -08:00
9d430eb1d5
Use the simpler 'version' command to get the version
2015-01-20 08:16:22 -08:00
6588f92206
Move rex connection errors to vprint since this is a Scanner
2015-01-20 08:11:09 -08:00
10100df054
report_service
2015-01-20 08:09:35 -08:00
b0bbce1190
Include peer in most prints
2015-01-20 08:00:02 -08:00
84ecde30d1
Land #4586 , mcafee_epo_xxe aux module
2015-01-18 00:50:10 -06:00
57ca285f8a
Fix msftidy warnings
2015-01-18 00:49:52 -06:00
db3185231a
add maxkeys option, dont store loot if localhost and improve streaming
2015-01-17 09:25:32 -08:00
f1bcbb7d78
Merge remote-tracking branch 'live/master' into feature/memcached-module
2015-01-16 09:57:17 -08:00
7ef721bdd6
Might as well format the url all at once.
2015-01-16 09:01:25 -06:00
1929f36050
Update mcafee_epo_xxe.rb
2015-01-15 16:50:14 -06:00
8c3d4c8d07
Spelling tweak.
2015-01-15 15:19:46 -06:00
35c9a13199
Handle the usage of // (same-scheme) URLs.
2015-01-15 15:09:50 -06:00
507050b316
rescue from down memcached server or timeout
2015-01-15 09:51:42 -08:00
0e893cd772
Merge remote-tracking branch 'live/master' into feature/memcached-module
2015-01-15 09:40:21 -08:00
4d2ad8865f
remove debug line
2015-01-15 09:37:51 -08:00
154eb7956c
fix storing of loot and support localhost session
2015-01-15 09:36:15 -08:00
4e4ca15422
Update mcafee_epo_xxe.rb
2015-01-15 11:02:11 -06:00
e53522b64b
Update mcafee_epo_xxe.rb
2015-01-15 10:28:52 -06:00
86d5358299
Update mcafee_epo_xxe.rb
2015-01-15 09:56:02 -06:00
53e1304afb
Update mcafee_epo_xxe.rb
2015-01-14 18:19:27 -06:00
1ed07bac32
Update mcafee_epo_xxe.rb
2015-01-14 11:01:14 -06:00
794bb65817
Create mcafee_epo_xxe.rb
2015-01-14 10:54:58 -06:00
99cf668441
add memcached extractor module
2015-01-12 16:40:06 -08:00
4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module
2015-01-05 10:31:28 -06:00
264d3f9faa
Minor grammar fixes on modules
2014-12-31 11:45:14 -06:00
d10222365b
Add Rafay's blog as a reference
2014-12-29 08:12:19 -06:00
1236684954
Use get_uri instead, note lack of Rex::Text method
...
See rapid7#4461
2014-12-28 15:06:34 -06:00
788e315fd4
Fix msftidy warnings
2014-12-28 14:53:29 -06:00
8d73794cc8
Add hint for exploit on old devices.
2014-12-23 12:29:08 -06:00
e45af903d9
Add patch discovery date.
2014-12-19 12:04:41 -06:00
25313b1712
Use the hash to pass the script.
2014-12-19 02:30:37 -06:00
84ea628284
Add Android cookie theft attack.
2014-12-16 19:12:01 -06:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
0887127264
Fixed several recommended changes by jvazquez-r7 and jlee-r7
2014-11-30 00:53:24 -05:00
9fe4994492
Chris McNab has been working with MITRE to add these CVEs
...
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
57aef9a6f5
Land #4177 , @hmoore-r7's fix for #4169
2014-11-13 18:29:57 -08:00
dd1920edd6
Minor typos and grammar fixes
2014-11-13 14:48:23 -06:00
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
5bf8901822
Fixed several recommended changes by jvazquez-r7, Also Correct a XML parsing issue
2014-11-09 02:43:36 -05:00
e7b448537f
Add OSVDB ids
2014-11-08 11:05:34 +00:00
9d6e0664a4
Guess service name and port
2014-11-07 20:56:01 -06:00
a44640c9fc
Use single quotes
2014-11-07 20:48:04 -06:00
7c1c08fc19
Use single quotes without interpolation
2014-11-07 20:46:47 -06:00
0373156cce
Use unless over if not
2014-11-07 20:42:08 -06:00
f5a920da99
Use || operator
2014-11-07 20:41:44 -06:00
64754a5609
Delete unnecessary begin..end block
2014-11-07 20:38:36 -06:00
0919f74a3d
Delete unused variable
2014-11-07 20:37:57 -06:00
22b875d0f3
Reduce code complexity
2014-11-07 20:37:40 -06:00
b1517e6ace
Delete unnecessary nil comparision
2014-11-07 20:34:13 -06:00
aa1fec7f02
Use fail_with
2014-11-07 20:33:33 -06:00
d630eac272
Reduce code complexity
2014-11-07 20:32:15 -06:00
cea30b5427
Use built-in format for RPORT
2014-11-07 20:30:32 -06:00
e99cc00a57
No more than 100 columns on description
2014-11-07 20:29:38 -06:00
c00a3ac9cd
Add full disclosure URL
2014-11-07 08:06:21 +00:00
8a0249cdbf
Address Juan's points
2014-11-06 21:02:28 +00:00
e71ba1ad4a
Push exploit for CVE-2014-6038/39
2014-11-05 20:12:03 +00:00
ebb8b70472
Land #4015 , another Android < 4.4 UXSS module
2014-11-04 15:52:29 -06:00
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
6f013cdcaf
Missed these
2014-10-31 18:48:48 -05:00
d6a830eb6e
Rescue the correct exception: Rex::HostUnreachable
2014-10-31 16:43:33 -05:00
1e9f9ce425
Handle invalid JSON errors and fix typo.
2014-10-31 11:01:49 -05:00
92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor
2014-10-30 13:52:07 -05:00
470a067384
Final changes
2014-10-30 13:51:44 -05:00
02b1c5c4bc
Final changes
2014-10-30 13:37:02 -05:00
127d1640da
Print password
2014-10-30 13:27:40 -05:00
a6980b9eb8
Updated to module based feedback from wchen-r7
2014-10-30 12:59:11 -04:00
6dc13f90cd
Update descriptions to mention Webview bugginess.
2014-10-30 10:55:56 -05:00
0ad9f95806
Remove stray alert() for debugging.
2014-10-30 10:52:06 -05:00
88040fbce0
Add another Android < 4.4 UXSS exploit.
2014-10-30 10:34:14 -05:00
9d56f0298a
Changed upper XXX to lower XXX.
2014-10-29 20:09:02 -05:00
6c13c14be1
Konica MFP ftp and SMB credential gathering module
2014-10-29 16:12:16 -04:00
b35a8935db
Updated get_once for get_once undefined method and EOFError
2014-10-29 13:47:07 -05:00
2bc8767751
Updated rescue to catch other errors from the socket API
2014-10-29 08:03:28 -05:00
604cad9fbb
Updated timeout to default to 45 seconds to wait for the print job to finish.
2014-10-28 15:45:28 -05:00
b17d6a661d
Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds.
2014-10-28 15:23:47 -05:00
0e42cf25d1
Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri
2014-10-28 15:13:16 -05:00
6b9742b444
Land #3966 - Add exploit for CVE-2014-4872 BMC / Numara Track-It!
2014-10-20 11:23:23 -05:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
6ea3a78b47
Clarify the description on HP perfd module
...
Introduced in #3992
2014-10-14 11:58:52 -05:00
76275a259a
Minor style cleanup of help and a failure message
2014-10-12 18:34:13 -07:00
c3a58cec9e
Make note of other commands to investigate
2014-10-11 13:07:52 -07:00
c80a5b5796
List commands in sorted order
2014-10-11 13:00:30 -07:00
4ffc8b153c
Support running more than one perfd command in a single pass
2014-10-11 11:38:00 -07:00
c72593fae4
Store just banner for service, loot the rest. Also, minor style.
2014-10-11 11:12:49 -07:00
9550c54cd2
Correct indentation and whitespace
2014-10-11 10:39:12 -07:00
7bd0f2c114
Changed Name, array in OptEnum and operator
2014-10-11 09:03:18 -03:00
cbde2e8cd1
Variable cmd now with interpolation
2014-10-10 18:21:16 -03:00
291bfed47e
Using Rex.sleep instead of select
2014-10-10 15:17:40 -03:00
bd315d7655
Changed print_good and OptEnum
2014-10-10 13:54:42 -03:00
08fdb4fab2
Add module to enumerate environment HP via perfd daemon
2014-10-10 13:09:36 -03:00
8163b7de96
Thanks for helping me clean up Todd!
2014-10-09 18:20:31 +01:00
9d1e206e43
Incorporate cred changes and other minor fixes
2014-10-09 17:59:38 +01:00
4817e1e953
Update trackit_sql_domain_creds.rb
2014-10-08 21:41:04 +01:00
3c7be9c4c5
Remove hash rockets from references #3766
...
[SeeRM #8776 ]
2014-10-08 09:01:19 +00:00
6af6b502c3
Remove spaces at EOL
2014-10-08 08:30:30 +01:00
713ff5134a
Add OSVDB id
2014-10-08 08:24:44 +01:00
bd812c593c
Add full disclosure URL
2014-10-08 08:24:04 +01:00
bbac61397d
Restore :address to rhost and explain why
2014-10-08 08:23:43 +01:00
9cb0ad1ac2
Change the reporting address to the real value
2014-10-08 01:18:17 +01:00
6e9bebdaf9
Fix noob mistake in assignment
2014-10-08 01:04:15 +01:00
7dbfa19e65
Add exploit for Track-It! domain/sql creds vuln
2014-10-07 23:54:43 +01:00
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
c00094ba6e
Land #3345 , @mvdevnull's auxiliary module for OSVDB 106815, Alienvault sqli
2014-09-19 15:01:21 -05:00
62414e2214
Add Timeout to exploit sqli
2014-09-19 15:00:54 -05:00
db6372ec8b
Do minor module cleanup
2014-09-19 14:43:35 -05:00
4a9294e3bf
Mark module as not executable
2014-09-19 14:36:44 -05:00
59dfa624c4
Add a REMOTE_JS datastore option for BeEf hooks etc.
2014-09-16 13:31:03 -05:00
4fc1ec09c7
Land #3759 , Android UXSS, with ref/desc fixes
...
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)
Also fixes #3782 (opened by accident).
2014-09-11 14:27:51 -05:00
fbba4b32e0
Update the title and desc to be more descriptive
...
See #3759
2014-09-11 14:06:14 -05:00
d627ab7628
Add refs for Android UXSS
...
See #3759
2014-09-11 14:05:50 -05:00
280e16c241
Land #3677 - Updated shodan_search for new API
2014-09-10 11:39:00 -05:00
006393360e
Add conditions to check healthy shodan results
2014-09-10 11:38:06 -05:00
7793ed4fea
Add some common UXSS scripts.
2014-09-09 02:31:27 -05:00
27889ea411
Add a safety fallback on js load.
2014-09-08 00:46:47 -05:00
8407d45c9c
Rework the timers.
2014-09-08 00:40:00 -05:00
5c9c8edfcf
Fix refs.
2014-09-07 23:33:45 -05:00
5efaf7d4cf
rename module, handle asyncness.
2014-09-07 23:25:08 -05:00
1bf89fb6bd
Add Android <= 4.3 AOSP UXSS module.
2014-09-07 20:44:03 -05:00
abffdd8705
Update alienvault_newpolicyform_sqli.rb
...
cleaned up according to msftidy.rb suggestions
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
2014-09-04 21:46:37 -04:00
664cc131e3
Update alienvault_newpolicyform_sqli.rb
...
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
2014-09-04 21:34:24 -04:00
ff210a7c0a
delete parenthesis
2014-09-04 16:16:29 -05:00
2d8c7a7a4d
Refactor if statement to early return
...
This eliminates the protracted if statement and aligns the code body.
2014-09-04 15:05:30 -05:00
3281781f6a
Addressed r7 comments, fixed bug in results loop
2014-09-01 13:43:31 -04:00
246f021437
Update natpmp_external_address to use Msf::Auxiliary::UDPScanner
2014-08-26 10:49:53 -07:00
162508f532
Update NAT-PMP modules to use new/updated mixins
2014-08-26 10:49:53 -07:00
816404bb88
Move common NAT-PMP functionality into a central place
2014-08-26 10:49:53 -07:00
ca11eae3a9
Show a useful failure message when the external address probe fails
2014-08-26 10:49:52 -07:00
0a27a18104
Committing changes from r7 comments
2014-08-23 00:08:27 -04:00
1959f7a235
Updated shodan_search for new API
2014-08-20 00:48:13 -04:00
674c3ca260
Use [] for references
2014-07-30 10:44:42 -05:00
3d2a62bc29
Updated W3 Total Cache Hash extract module
2014-07-29 19:49:48 +02:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
43f41de124
Land #3508 , CVE-2014-4671 Flash JSONP disclosure
2014-07-11 10:11:48 -05:00
b8225ae2dc
Remove unnecessary ||= and ivars.
2014-07-10 16:06:28 -05:00
e0389dfbc3
Update code as per @wvu's code review.
2014-07-10 15:03:40 -05:00
dd439066ca
Patch rhost to display hostname of JSONP_URL.
2014-07-10 12:02:22 -05:00
841cb6a590
STEAL_URL -> STEAL_URLS.
2014-07-10 09:14:32 -05:00
fad30bc874
Add flash rosetta exploit module for stealing URLs.
2014-07-10 09:09:10 -05:00
002234993f
SMB lib fixes, unattend.xml cred gathering
2014-06-23 20:08:42 -05:00
615aeb66a5
Dont use or
2014-06-23 23:11:04 +01:00
752007848b
Tidy up code
...
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
2014-06-23 23:08:33 +01:00
2772d84a18
Major rework of this module, please see the diff
2014-06-23 16:13:42 -05:00
a0aca251f5
Land #3472 , releae fixes
2014-06-23 11:41:35 -05:00
0219c4974a
Release fixups, word choice, refs, etc.
2014-06-23 11:17:00 -05:00
40d1ec551e
Add WEP, PSK, and MGT
2014-06-21 23:15:20 -05:00
c685e0d06e
Land #3444 , chromecast wifi enumeration
2014-06-17 22:09:58 -04:00
1394ad1431
Break my double quote habit
...
Doesn't it feel better? C doesn't love me anymore.
2014-06-17 14:22:55 -05:00
8376b4aa2b
Map constants to readable values
...
Thanks, @zeroSteiner and @kernelsmith. :)
2014-06-17 13:10:08 -05:00
2aa26fa290
Minor spacing and word choice fixups
2014-06-16 11:40:21 -05:00
1ab379a0fe
Land #3448 , ident =! indent
2014-06-12 14:15:06 -05:00
e9783200f2
Land #3447 , fix variable typo
2014-06-12 14:07:34 -05:00
cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key)
2014-06-12 13:41:44 -05:00
a647246148
Use correct variable name
2014-06-12 19:38:41 +01:00
3f5e50d18f
Aux modules don't have ranking.
...
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
2014-06-12 13:21:59 -05:00
6bc37cca0c
Land #3430 , @brandonprry's generic MongoDB injection enum.
2014-06-11 21:41:23 -05:00
23f7fe45ed
Add Chromecast wifi enumeration module
2014-06-11 21:00:47 -05:00
cca91dd7c5
Update mongodb_js_inject_collection_enum.rb
...
some @jvennix-r7 fixes
2014-06-11 17:07:57 -05:00
4367e8ef0c
Update mongodb_js_inject_collection_enum.rb
...
Fix some logic bugs that caused incorrect results.
2014-06-07 21:03:28 -05:00
dc89621d5c
Update mongodb_js_inject_collection_enum.rb
...
No need to make extra requests. Off by one.
2014-06-07 20:09:00 -05:00
2663af986b
Update mongodb_js_inject_collection_enum.rb
...
This adds a bit more error handling, and better decision making in regards to false responses.
2014-06-07 19:58:12 -05:00
4071fb332b
Create mongodb_js_inject_collection_enum.rb
...
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7
https://gist.github.com/brandonprry/c2de8ac2be825007c4de
2014-06-07 11:20:34 -05:00
69e8286838
Fix title
2014-05-27 10:29:32 -05:00
1316365c2f
Fix description
2014-05-27 10:22:39 -05:00
abe1d6ffc7
Land #3190 , @Karmanovskii's module to fingerprint MyBB database
2014-05-27 10:20:24 -05:00
86221de10e
Fix message
2014-05-27 10:18:27 -05:00
b96c2dd0ca
Change module filename
2014-05-27 10:15:39 -05:00
1d8c46155b
Do last code cleaning
2014-05-27 10:14:55 -05:00
eacf70af83
Update mybb_get_type_db.rb
...
26.05.2014 23:26
I deleted mimicking IE11
2014-05-26 23:26:28 +04:00
99046ba12a
Update alienvault_newpolicyform_sqli.rb
...
Added EDB link - should be ready now.
2014-05-23 10:07:45 -04:00
fa353e6bd9
Add CVE, IBM ref for SameTime modules
2014-05-22 11:34:04 -05:00
wchen-r7
jvazquez-r7
Tod Beardsley
joev
HD Moore
rastating
William Vu
Mo Sadek
cldrn
Donny Maasland
Brent Cook
Denis Kolegov
Nicholas Starke
kaospunk
Christian Mehlmauer
root
OJ
Brandon Perry
Nikita Oleksov
Jon Hart
pdeardorff-r7
Joe Vennix
Deral Heiland
Pedro Ribeiro
Peter Arzamendi
URI Assassin
Roberto Soares Espreto
Brendan Coles
Chris Hebert
John Sawyer
Meatballs
Spencer McIntyre
Jon Cave
Karmanovskii