Commit Graph

30702 Commits (8a17acf847fef4d79a819a6c795d7efc2a32beec)

Author SHA1 Message Date
David Maloney 4ad7021336
give user option to turn on KoreLogic rules
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
David Maloney 5480cb81f5
add updated KoreLogic rules to john.conf
updated our shipped john.conf to include a
more up to date version of the KoreLogic JtR rules.
They add overhead to the cracking time but are
probably some of the best/most effective JtR
rules out there.
2015-01-07 12:25:04 -06:00
sinn3r ef97d15158 Fix msftidy and make sure all print_*s in check() are vprint_*s 2015-01-07 12:12:25 -06:00
David Maloney 5d68d48ca5
Land #4385, fixes bruteforce_speed validator
bruteforce_speed validator now accepts nil
2015-01-07 12:09:25 -06:00
David Maloney 702511dbc5
respect DB_ALL_USERS & DB_ALL_PASS
fix last few things in authbrute
and make the CredentialCollections understand the
additional seperate components

MSP-11986
2015-01-07 11:41:41 -06:00
David Maloney 7ff2ba0725
first pass on fixing DB_ALL authbrute stuff
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin

MSP-11986
2015-01-07 11:30:39 -06:00
rastating a5f48b23df Add use of Msf::ThreadManager 2015-01-07 17:27:06 +00:00
Meatballs aef8c702d7
Filter creds by type 2015-01-07 17:19:31 +00:00
James Lee 3e80efb5a8
Land #4521, Pandora FMS upload 2015-01-07 11:13:57 -06:00
James Lee 1ccef7dc3c
Shorter timeout so we get shell sooner
The request to execute our payload will never return, so waiting for the
default timeout (20 seconds) is pointless.
2015-01-07 11:11:33 -06:00
rastating e90e98547b Add configurable timeout to WordPress login 2015-01-07 17:06:31 +00:00
sinn3r 4c240e8959 Fix #4098 - False negative check for script_mvel_rce
Fix #4098, thanks @arnaudsoullie
2015-01-07 10:40:58 -06:00
sinn3r c60b6969bc Oh so that's it 2015-01-07 10:39:46 -06:00
James Lee efe83a4f31
Whitespace 2015-01-07 10:19:17 -06:00
Trevor Rosen 3ba3465afb
Ensure logging in ~/.msf4/log
Fix #4511
2015-01-07 09:37:07 -06:00
m7x 89699d1549 Typo workspace_id 2015-01-07 10:58:59 +00:00
Christian Mehlmauer 09bd0465cf
fix regex 2015-01-07 11:54:55 +01:00
rcnunez b3def856fd Applied changes recommended by jlee-r7
used Rex::ConnectionError
refactor begin/rescue blocks
removed ::URI::InvalidURIError
changed @peer with peer
used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
2015-01-07 18:38:19 +08:00
Christian Mehlmauer eaad4e0bea
fix check method 2015-01-07 11:01:08 +01:00
dmooray 8c23e8c2e8 ruby 2.2 compatibility
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
dmooray 478505c17a ruby 2.2 compatibility
https://bugs.ruby-lang.org/issues/10314
2015-01-07 11:41:34 +02:00
Christian Mehlmauer 862af074e9
fix bug 2015-01-07 09:10:50 +01:00
Christian Mehlmauer d007b72ab3
favor include? over =~ 2015-01-07 07:33:16 +01:00
Christian Mehlmauer 4277c20a83
use include? 2015-01-07 06:51:28 +01:00
Christian Mehlmauer 39e33739ea
support for anonymous login 2015-01-07 00:08:04 +01:00
Christian Mehlmauer bf0bdd00df
added some links, use the res variable 2015-01-06 23:25:11 +01:00
William Vu fee49b0b85
Land #4531, Msf::Exploit::PDF method name fix 2015-01-06 14:26:58 -06:00
David Maloney a626c45813
update gemspec for newest credential
we need the latest metasploit-credential to migrate
over any old style creds still lingering around in the
database.

MSP-11919
2015-01-06 14:25:55 -06:00
sinn3r 609c490b3c I missed nobfu 2015-01-06 12:49:39 -06:00
sinn3r 2ed05869b8 Make Msf::Exploit::PDF follow the Ruby method naming convention
Just changing method names.

It will actually also fix #4520
2015-01-06 12:42:06 -06:00
Christian Mehlmauer f9f2bc07ac
some improvements to the mantis module 2015-01-06 11:33:45 +01:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
William Vu f2710f6ba7
Land #4443, BulletProof FTP client exploit 2015-01-06 02:10:42 -06:00
William Vu 482cfb8d59
Clean up some stuff 2015-01-06 02:10:25 -06:00
William Vu 46aa165ca5
Land #4481, enum_users_history improvements 2015-01-06 01:52:38 -06:00
William Vu 745bfb2f35
Clean things up 2015-01-06 01:48:18 -06:00
Meatballs 42b6c5425f
Update tests 2015-01-05 22:25:14 +00:00
Meatballs dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post 2015-01-05 22:18:44 +00:00
David Maloney fc91244252
insert deprecation error message
report_auth_info will now issue an error message
stating that the method is deprecated along with the module name
that called it

MSP-11919
2015-01-05 14:02:16 -06:00
David Maloney db8f260557
add some YARD docs to report_auth_info
add yard docs for the modified report_auth_info

MSP-11919
2015-01-05 13:58:25 -06:00
David Maloney 71d600e829
make report_auth_info create new creds and logins
report_auth_info coerces old data into the new credential
types as best as it is able

MSP-11919
2015-01-05 13:41:30 -06:00
Brent Cook a69609fe04
Land #4523: wchen-r7's #inspect->to_s conversions
Keep custom object display behavior the same between Ruby 1.9 and 2.1.
2015-01-05 13:26:08 -06:00
Brent Cook e73ff61f42
Land #4512, OJ's removal of superfluous path expansion 2015-01-05 13:14:59 -06:00
sinn3r 44dfa746eb Resolve #4513 - Change #inspect to #to_s
Resolve #4513
2015-01-05 11:50:51 -06:00
sinn3r 4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module 2015-01-05 10:31:28 -06:00
rcnunez 547b7f2752 Syntax and File Upload BugFix
Fix unexpected ) in line 118
Fix file cleanup missing _
Fix more robust version check script
Fix file upload
2015-01-05 19:23:22 +08:00
William Vu 1f4d62aff3
Land #4514, invalid splat URL fix 2015-01-05 03:44:40 -06:00
jvazquez-r7 e7affb9048
Land #4493, @pedrib's module for ManageEngine Central Desktop create admin 2015-01-04 23:46:31 -06:00
jvazquez-r7 c5e72fb324 Change module filename 2015-01-04 23:14:12 -06:00
jvazquez-r7 4798f2328d Change module filename 2015-01-04 23:13:17 -06:00