2d8c7a7a4d
Refactor if statement to early return
...
This eliminates the protracted if statement and aligns the code body.
2014-09-04 15:05:30 -05:00
34455b5dc6
Fix missing require for jtr_oracle_fast
2014-09-04 14:38:07 -05:00
50ac8366fd
Refactor CHANGE/RESET to actions
...
Missed in c1fdc4d945
2014-09-04 14:36:04 -05:00
0dcf481d76
This one is good to go
2014-09-04 14:13:33 -05:00
84f9ec0aad
Refactor implicit options hash
...
Missed in c1fdc4d945
2014-09-04 13:30:06 -05:00
00ec47fb83
call new prepend cred methods
...
add method calls o all the lgoinscanner modules
so that they call the prepend_db_* methods as approrpiate
these methods automatically check to see if DB_ALL_CREDS was
selected
2014-09-04 12:32:35 -05:00
c5755824a6
pass in vhost and useragent
...
have http loginscanner modules pass in VHOST
and Useragent to the LoginScanner classes
2014-09-04 11:02:19 -05:00
dd4fd7bb39
The reporting part
2014-09-03 16:32:23 -05:00
e1694ec3e5
LoginScanner update for hp_sys_mgmt_login
...
Work in progress
2014-09-03 16:23:57 -05:00
185ce36859
Land #3701 , @wchen-ru's AppleTV modules
2014-09-03 12:30:50 -05:00
10dee28fbd
Add http socket to the module sockets and allow the framework to cleanup
2014-09-03 12:01:48 -05:00
5acbcc80e2
no threading
2014-09-03 11:37:30 -05:00
3281781f6a
Addressed r7 comments, fixed bug in results loop
2014-09-01 13:43:31 -04:00
7dd73084bb
Added WiFi ifindex discovery and enhanced error handling
2014-09-01 00:49:10 -04:00
cf0f00a376
Variable name changes per ruby style guide
2014-08-31 23:57:20 -04:00
0735de0fd4
Changes to error output per PR comments
2014-08-31 23:57:20 -04:00
0a01da1ca9
Changed default value for SNMP Version option
2014-08-31 23:57:20 -04:00
e6126fde72
Modified to pull username and password first
2014-08-31 23:57:19 -04:00
5153886077
Added disclosure URL and cleaned up output fields
2014-08-31 23:57:19 -04:00
4ef369112f
Cleanup per msftidy report of Spaces at EOL
2014-08-31 23:57:19 -04:00
e37d56766f
Corrected extraction of WEP keys, current key, RADIUS server and port
2014-08-31 23:57:19 -04:00
f1cd601401
Modified logic to attempt to process WiFi key data even if primary Wifi interface is not up
2014-08-31 23:57:19 -04:00
e5111f7634
Simplified get_radius_info method and cleaned up comments
2014-08-31 23:57:19 -04:00
c556a6e331
Fixed syntax issue
2014-08-31 23:57:19 -04:00
81047e911a
Corrected OIDs to all numeric
2014-08-31 23:57:19 -04:00
b253e444cb
Initial commit of SBG6580 scanner after cleanup
2014-08-31 23:57:18 -04:00
8ba5488198
Update wordpress_login_enum.rb
...
Fixed some typos.
2014-08-30 13:37:48 -10:00
a142e78a66
refactor wordpress_xml_rpc_login
...
refactor the login module to use the loginscanner class
2014-08-29 13:09:09 -05:00
0e14b271a1
Merge branch 'master' into wordpress-xmlrpc-login-scanner
2014-08-29 12:50:34 -05:00
f7091d854e
Add a timeout
2014-08-28 22:26:38 -05:00
40f581458a
Land #3570 , @ikkini scanner for rsync
2014-08-28 18:48:32 -05:00
9fb9ab813c
Add URL reference
2014-08-28 18:47:56 -05:00
bc542a011d
Change module filename
2014-08-28 18:42:30 -05:00
213fe23970
Clean rsync_modules_list
2014-08-28 18:40:55 -05:00
f097ef96e0
Use &&
2014-08-28 12:13:03 -05:00
d0d9949d91
Do SSL options correctly
2014-08-28 12:04:14 -05:00
784ece574e
Found additional typos.
2014-08-28 09:03:19 -05:00
cb634cfef3
Fixed annoying typo that shows up in validation screenshots
2014-08-28 08:50:30 -05:00
0ba2f1e457
Leave a note about the old empty password issue
2014-08-27 17:06:11 -05:00
d5b70cca24
"Auth bypass" does not really describe what the feature actually does
2014-08-27 16:56:07 -05:00
a32ffc4c26
Add the final portion for Glassfish login module
2014-08-27 15:09:11 -05:00
5d8cbe0544
Early version of Glassfish using LoginScanner
2014-08-27 01:23:02 -05:00
fde2687c9e
Store edition,version,build in the fingerprint.match
2014-08-26 18:44:08 -05:00
d5e39ae284
Adjustments for new LoginScanner code
2014-08-26 18:13:00 -05:00
ba1f7c3bf6
Land #3687 , reworks the nat-pmp portscanner
2014-08-26 14:34:46 -05:00
ed9bb3e52c
Fix a small typo
2014-08-26 14:34:10 -05:00
775ebce56b
Correct natpmp_portscan's print_* usage to include peer
2014-08-26 12:27:12 -07:00
4e19d9ade1
Land #3545 , fix up sip scanners, msftidy, db services cmd
2014-08-26 14:07:21 -05:00
5826d7b164
vprint_status when no external address obtained, print_ is too noisy
2014-08-26 12:05:40 -07:00
e75e213b52
Clarify SIP mixin method name, store header values as string, etc
2014-08-26 11:40:49 -07:00
246f021437
Update natpmp_external_address to use Msf::Auxiliary::UDPScanner
2014-08-26 10:49:53 -07:00
5c57f9b4eb
Don't overload RPORT/LPORT for mapping external -> internal ports
2014-08-26 10:49:53 -07:00
162508f532
Update NAT-PMP modules to use new/updated mixins
2014-08-26 10:49:53 -07:00
816404bb88
Move common NAT-PMP functionality into a central place
2014-08-26 10:49:53 -07:00
ca11eae3a9
Show a useful failure message when the external address probe fails
2014-08-26 10:49:52 -07:00
bb00c97f46
Add a CERT reference
2014-08-26 08:29:28 -07:00
40fe2fd3a9
Remove DRDoS references, as this just proves amplification
2014-08-26 08:23:50 -07:00
10f52d8765
Use MX of 1 to speed up responses from endpoints that respect it
2014-08-26 08:00:30 -07:00
333c3a90ae
Space between SSDP headers and values, which is sometimes required
2014-08-26 07:57:59 -07:00
337cd02dd7
Change Auxiliary::DRDoS' prove_drdos to prove_amplification
2014-08-26 07:48:44 -07:00
04fbd07a16
vprint_error in the unlikely event we get an unexpected response
2014-08-26 07:30:14 -07:00
79b05db409
Correct minor style issues
2014-08-26 07:26:30 -07:00
63b75a0093
SSDP Amplification module changes
2014-08-26 16:03:32 +07:00
a90d142140
Add UPnP SSDP Amplication Scanner
2014-08-26 12:53:14 +07:00
73e4ec709f
Fix smb_port and require 'recog' when no DB/MDM
2014-08-25 15:42:18 -05:00
463815d240
Add AppleTV modules (imge, video and login)
2014-08-25 15:24:41 -05:00
6a522cc105
Remove unused BATCHSIZE from SIP options_tcp, duplicate from options
2014-08-25 13:12:29 -07:00
bfa89bb3a5
Enforce binary encoding on non-modules, no encoding on modules
2014-08-25 13:12:29 -07:00
6185721a61
Address @hmoore-r7's feedback regarding binary encoding
2014-08-25 13:11:22 -07:00
9955cb5b27
Enforce proper protocol case where necessary
2014-08-25 13:11:22 -07:00
637f86f37d
Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner
2014-08-25 13:11:21 -07:00
c2e70446ed
Move SIP module stuff to Msf::Exploit::Remote::SIP
2014-08-25 13:11:21 -07:00
02e41c27e7
Split SIP response parsing out on its own, add unit tests.
...
Passes rspec but fails in framework. WIP.
2014-08-25 13:11:20 -07:00
d4ea3e9f29
Pass protocol down to parse_reply for report_* purposes
2014-08-25 13:09:39 -07:00
a2e2e37a69
Fix SIP options scanning
2014-08-25 13:09:39 -07:00
2a4d73ee35
Add status message that displays delay between requests
2014-08-25 12:55:27 -07:00
5c61c09c6b
auxiliary/scanner/http/soap_xml cleanup
...
This:
* Corrects Ruby style (most) everywhere
* Uses Rex's sleep, converts to milliseconds -- seconds are too granular
* Moves begin/rescue inside nested verb+noun loop
* Prints errors even if not in verbose mode
* Corrects URI construction when PATH ends with /
2014-08-25 12:55:27 -07:00
152ddb2f32
refactor the ipboard-login module
...
now that we have the loginScanner class, we simplify the module
by using the scanner and credcollection classes to handle all
the real work for us
2014-08-25 14:32:47 -05:00
6d9833e32b
Minor pre-release updates with descriptions
2014-08-25 13:34:45 -05:00
03a1f4455d
No need to escape single quotes in %q{} strigns
2014-08-25 13:03:33 -05:00
2f87c880df
Add link to blog post for NTP modules
2014-08-25 12:58:10 -05:00
c3213a73e5
Use peer when writing scanner modules
...
This fixes the module seen in PR rapid7#3684 to use the peer method at
the beginning of print_* messages, rather than the vhost method at the
end. Doing this tends to make reading the output much easier since it's
more consistent.
Incidentally, this module has an msftidy complaint:
````
--- Checking new and changed module syntax with tools/msftidy.rb ---
modules/auxiliary/scanner/http/ipboard_login.rb - [INFO] Please use
vars_get in send_request_cgi: send_request_cgi({ 'uri' =>
normalize_uri(target_uri.path,
"index.php?app=core&module=global§ion=login&do=process"
````
This should be fixed as well, or explained why it's not being honored.
2014-08-25 12:48:32 -05:00
1ee83ff57e
Land #3696 , pile of NTP DRDoS 0days
...
Dr. DoS in da house?
2014-08-25 11:47:28 -05:00
7a76efa7f7
Add reference and disclosure date
2014-08-25 11:46:47 -05:00
a39f7b94ec
Land #3684 - IP Board Login Scanner
2014-08-25 11:54:42 +10:00
302e4025ba
Removed unnecessary function
2014-08-24 20:45:28 -04:00
2b59063d6c
Updated based on feedback
2014-08-24 19:53:29 -04:00
0a27a18104
Committing changes from r7 comments
2014-08-23 00:08:27 -04:00
84f4fa5c76
Updated module based on feedback
2014-08-22 21:16:53 -04:00
0737d0dbd5
Refactor auxiliary module
2014-08-22 17:05:45 -05:00
9ef09a7725
Pass msftidy
2014-08-22 13:24:59 -05:00
38e6576990
Update
2014-08-22 13:22:57 -05:00
95fbb8f1b7
Land PR #3672 , dmaloney-r7's login scanner credential rework.
2014-08-22 11:15:32 -05:00
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc6382760bf5b319ba7772f362b81d681448f0743d1b
2014-08-22 10:50:38 -05:00
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
2014-08-22 10:17:44 -05:00
3918acb1e1
Changed keyword used when returning
2014-08-21 12:34:54 -04:00
a0b72bba93
Updated module based on feedback
2014-08-21 12:26:41 -04:00
383906c26c
Removed function no longer used
2014-08-20 22:51:01 -04:00
c93bfb4673
Fixed targeturi value
2014-08-20 21:23:45 -04:00
7f90b81711
IP Board Login Scanner Module
2014-08-20 21:18:19 -04:00
9f9f28cc31
If a peer is 127.0.0.1, don't try to store it because we (currently...) can't
2014-08-20 15:48:54 -07:00
9db3dc7ad8
Store peer data note in the same format as originally
2014-08-20 15:10:45 -07:00
758c3fa518
Only discard monlist replies that are impossibly short
...
This fixes the case where if a monlist reply only includes one peer
2014-08-20 15:02:21 -07:00
7ad9300d37
Update ntp_monlist to use UDPScanner, NTP and DRDoS mixins
2014-08-20 14:41:00 -07:00
8fd4ee87ab
Allow singular NTP version and mode 7 implementation testing
2014-08-20 12:21:39 -07:00
1959f7a235
Updated shodan_search for new API
2014-08-20 00:48:13 -04:00
74920d26a4
Update to server/capture/imap.rb for new Credential system
2014-08-19 15:25:31 -05:00
3fdad4dc91
Update auxillary/scanner/ftp with Credential Gem
2014-08-19 13:13:05 -05:00
473b92a060
Merge branch 'master' into feature/MSP-10992/scanner-dry
...
Conflicts:
Gemfile.lock
lib/metasploit/framework/command/console.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/credential.rb
lib/metasploit/framework/credential_collection.rb
lib/metasploit/framework/login_scanner/afp.rb
lib/metasploit/framework/login_scanner/axis2.rb
lib/metasploit/framework/login_scanner/db2.rb
lib/metasploit/framework/login_scanner/ftp.rb
lib/metasploit/framework/login_scanner/http.rb
lib/metasploit/framework/login_scanner/mssql.rb
lib/metasploit/framework/login_scanner/mysql.rb
lib/metasploit/framework/login_scanner/pop3.rb
lib/metasploit/framework/login_scanner/postgres.rb
lib/metasploit/framework/login_scanner/result.rb
lib/metasploit/framework/login_scanner/smb.rb
lib/metasploit/framework/login_scanner/snmp.rb
lib/metasploit/framework/login_scanner/ssh.rb
lib/metasploit/framework/login_scanner/telnet.rb
lib/metasploit/framework/login_scanner/vnc.rb
lib/metasploit/framework/parsed_options/console.rb
lib/metasploit/framework/require.rb
lib/metasploit/framework/version.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/afp/afp_login.rb
modules/auxiliary/scanner/db2/db2_auth.rb
modules/auxiliary/scanner/ftp/ftp_login.rb
modules/auxiliary/scanner/http/axis_login.rb
modules/auxiliary/scanner/http/http_login.rb
modules/auxiliary/scanner/http/tomcat_mgr_login.rb
modules/auxiliary/scanner/mssql/mssql_login.rb
modules/auxiliary/scanner/mysql/mysql_login.rb
modules/auxiliary/scanner/pop3/pop3_login.rb
modules/auxiliary/scanner/postgres/postgres_login.rb
modules/auxiliary/scanner/snmp/snmp_login.rb
modules/auxiliary/scanner/ssh/ssh_login.rb
modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
modules/auxiliary/scanner/telnet/telnet_login.rb
modules/auxiliary/scanner/vnc/vnc_login.rb
modules/auxiliary/scanner/winrm/winrm_login.rb
spec/lib/metasploit/framework/credential_spec.rb
spec/lib/msf/core/framework_spec.rb
2014-08-19 10:30:16 -05:00
7330e3585f
Support Glassfish 4.0 and lots of other changes
2014-08-18 19:03:26 -05:00
f169b8dff3
Fix hashes being stored as passwords
2014-08-18 15:52:13 -05:00
cad281494f
Minor caps, grammar, desc fixes
2014-08-18 13:35:34 -05:00
5bfbb7654e
Add android meterpreter to browser autopwn.
2014-08-18 11:09:16 -05:00
6d92d701d7
Merge feature/recog into post-electro master for this PR
2014-08-16 01:19:08 -05:00
149c3ecc63
Various merge resolutions from master <- staging
...
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
93990f4578
Land #3631 , @wchen-r7's fixes to avoid datastore options assignment at runtime
2014-08-12 14:46:02 -05:00
b46b6af50d
Land #3630 , @wchen-r7's fix for datastore assignments on smb_enumusers
2014-08-12 14:26:55 -05:00
33da1a6871
Give a chance to the mixin
2014-08-12 13:49:39 -05:00
fcfce9efec
Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry
2014-08-12 11:22:51 -05:00
c937e80521
Added Fixes#2 mentioned by Firefart
...
Details:
* MSF's HTTP::Wordpress class included and wordpress related
variables are used.
2014-08-12 15:16:43 +03:00
4aeb1eda9c
Don't use datastore options as default values
2014-08-11 18:55:32 -05:00
c90434c926
Added Fixes mentioned by Firefart
...
Details:
* string interpolation removed
* Minor styling issues are fixed
* peer var used
* target_uri added instead of datastore
2014-08-11 14:37:39 +03:00
08bb815bd8
Add Yokogawa unauth admin module
2014-08-09 13:30:10 -05:00
a5e9abc227
Update R7-2014-12 NTP modules to use new DRDoS mixin
2014-08-08 23:15:54 -07:00
00452b41c9
Gut admin functions from R7-2014-12 NTP modules
...
None of these are admin modules. All of that stuff should eventually go
in auxiliary/admin
2014-08-08 21:22:11 -07:00
ed3ccdc9e0
Initial commit of modules for NTP vulns described in R7-2014-12
...
Not entirely functional or polished, but mostly working
2014-08-08 21:00:43 -07:00
3307726c21
Land #3627 , @wchen-r7's cleanup of ctypes in smb_enumshares
2014-08-08 19:17:15 -07:00
b3bb20f569
Land #3629 , @wchen-r7's HTTP traversal fixes
2014-08-08 18:08:32 -07:00
c35dc4d3ac
Extract query params separately
...
Prevents stomping on data
2014-08-08 18:07:25 -07:00
969e5ddd39
Override the correct smb_direct
2014-08-07 18:48:46 -05:00
3b27102c4c
Override the correct smb_direct
2014-08-07 18:47:33 -05:00
436e2abfff
Fix datastore options
2014-08-07 17:59:40 -05:00
1963318e70
Fix datastore options
2014-08-07 17:58:25 -05:00
ab8f2c7d3f
Datastore option fix
2014-08-07 17:57:44 -05:00
6f8c7f092a
Fix direct datastore assignments to pass msftidy
2014-08-07 17:51:45 -05:00
c79fe731c5
Um, this is the right way to do it.
2014-08-07 13:32:48 -05:00
f7bda738cf
Fix file handle leak
2014-08-07 13:30:34 -05:00
711630d059
Fix datastore assignments
2014-08-07 13:28:51 -05:00
c7090f57a5
Fix "text" ctype in smb_enumshares
...
"text" is not a valid ctype, should be text/plain
2014-08-07 11:25:55 -05:00
a7be5b5164
Added fingerprinting
2014-08-07 18:12:58 +02:00
d6e60453d6
Added Wordpress XMLRPC DoS
2014-08-07 11:38:44 +02:00
91bb0b6e10
Metasploit Framework 4.9.3-2014072301
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
/lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
aJ0QgKJz8thZgafZc89I
=e1z9
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
AjGcfOzhhcsY+WAQ7OG+
=Pjob
-----END PGP SIGNATURE-----
Merge tag '2014072301' into staging/electro-release
Conflicts:
Gemfile.lock
modules/post/windows/gather/credentials/gpp.rb
This removes the active flag in the gpp.rb module. According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
9b6259e58b
Land #3569 - Updated smb_enumshares to support spidering
2014-08-05 20:23:09 -05:00
f520616730
This fixes a few things, see commit message for more info
...
This commit fixes the following:
1. Not handling eval_host()'s nil file return value, which can causes
a NoMethodError at runtime due to various conditions.
2. Renames datastore option VERBOSE to ShowFiles to pass msftidy
3. Avoids overwriting datastore options directly to pass msftidy
2014-08-05 19:20:11 -05:00
da845c7e89
Changed default VERBOSE option to false.
2014-08-04 18:06:35 -05:00
b81c7e28f4
Land #3588 , @tobd-r7's Fix SpaceBeforeModifierKeyword Rubocop warning
2014-08-04 14:25:03 -07:00
ed97751ead
Land #2999 , @j0hnf's modifiction to check_dir_file to handle file:
2014-08-04 11:55:18 -05:00
cd45ed0e0a
Handle exceptions when connecting the SMBHSARE
2014-08-04 11:54:30 -05:00
85b5c5a691
Refactor check_path
2014-08-04 11:48:13 -05:00
1e29bef51b
Fix msftidy warnings
2014-08-04 11:46:27 -05:00
04bf0b4ab6
Fix forgotten comma
2014-08-04 11:34:12 -05:00
3bc8d1fee9
See #RM8838. Handle null domain_sid properly
...
This switches to the local sid if the domain sid is null, even if
the ACTION is set to DOMAIN. This solves the issue identified in
```
[*] 192.168.0.4 PIPE(LSARPC) LOCAL(NAS - 5-21-2272853860-1115691317-1341221697) DOMAIN(WORKGROUP - )
[-] 192.168.0.4 No domain SID identified, falling back to the local SID...
[*] 192.168.0.4 USER=guest RID=501
[*] 192.168.0.4 GROUP=None RID=513
```
2014-08-02 14:25:17 -05:00
cd2e225359
Refactored auxilliary jboss_bshdeployer
...
Switch modules/auxiliary/admin/http/jboss_bshdeployer.rb to use the
changes.
2014-08-02 11:10:49 +02:00
ab7111120b
and all the rest
...
finally!
2014-08-01 14:54:18 -05:00
4821851ae4
telnet and ssh next
2014-08-01 14:47:08 -05:00
12902b0a6d
the refactor continues!
2014-08-01 14:41:03 -05:00
b74813b9a1
mysql and pop3 now
2014-08-01 14:30:33 -05:00
2e7738c788
http and mssql now
2014-08-01 14:22:58 -05:00
33f73a8af7
refactor db2
2014-08-01 13:00:27 -05:00
439b893fea
refactor axislogin
2014-08-01 12:30:16 -05:00
0fffb179fa
refactor afp_login
2014-08-01 12:10:52 -05:00
c3691ba056
finish refactoring ftp_login
2014-08-01 12:06:13 -05:00
a380646667
start refactoring ftp loginscanner
2014-08-01 11:47:13 -05:00
4ed085d0d2
Land #3581 , @FireFart's update for W3 Total Cache Hash extract module
2014-07-30 10:45:11 -05:00
674c3ca260
Use [] for references
2014-07-30 10:44:42 -05:00
1fe459eb42
Add info to know where the info comes from
2014-07-29 18:47:40 -05:00
adf03e28ce
Fix SpaceBeforeModifierKeyword Rubocop warning
...
This also deals with some errant tabs where internal spaces should be,
as well as one syntax error which was preventing an old meterpreter
script from ever working correctly.
Some day, we need to get rid of those Meterpeter scripts. Srsly.
2014-07-29 17:10:54 -05:00
3d2a62bc29
Updated W3 Total Cache Hash extract module
2014-07-29 19:49:48 +02:00
9e9244830a
Added spec for lib/msf/http/jboss
...
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
7129108c58
Fixed status in MSF db for Nessus
2014-07-28 13:49:24 -04:00
7247f8879b
Empty line fix
...
Details:
* Empty line fix added to each_user_pass function
2014-07-28 12:50:41 +03:00
5679a72aa8
Added Fixes mentioned by jhart-r7
...
Details:
* res && res.body fix
* empty return removed
* vprint added/changed
* is_? convention fixed
* Unknown error removed
* Minor styling issues are fixed
* VERBOSE Option Removed
2014-07-27 00:40:37 +03:00
555e6c9cff
Modified a few things based on suggestions.
2014-07-25 18:23:12 -05:00
58502f139a
Updated.
2014-07-25 15:46:50 -05:00
cdabfb84f4
Add Wordpress XML-RPC Login Scanner
...
This module attempts to authenticate against a Wordpress-site (via
XMLRPC) using username and password combinations indicated by the
USER_FILE, PASS_FILE, and USERPASS_FILE options.
The module, checks for XMLRPC response using `demo.sayHello` function
and sweeps users with `wp.getUsers` function.
If `verbose` is set `true`, the raw XML response will be printed.
The module might be usefull when the target's administration page
is protected.
2014-07-25 16:24:09 +03:00
d0cd5cfc7a
Updated.
2014-07-24 21:53:23 -05:00
cdc56df09f
Updated smb_enumshares.rb
2014-07-24 21:18:02 -05:00
51c488a5ea
Added smb_enumshares.
2014-07-24 21:11:18 -05:00
03f68e21e7
Merge branch 'rsync_modules' of https://github.com/ikkini/metasploit-framework into rsync_modules
2014-07-24 23:29:14 +02:00
ccb26637e7
List all (listable) modules from a rsync daemon
2014-07-24 23:26:41 +02:00
cd2ec0a863
Refactored jboss mixin and modules
...
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
2014-07-24 22:58:58 +02:00
bd1970ced9
Fix basic HTTP directory traversal detection
2014-07-24 13:22:58 -07:00
6692545eb6
Delete rsync_list.rb
2014-07-24 22:10:08 +02:00
f12b97e8c0
List all (listable) modules from a rsync daemon
2014-07-24 22:04:00 +02:00
6c1a3f4992
Merge pull request #3555 from jlee-r7/bug/MSP-10817/jtr-typo
...
Now able to complete without error.
MSP-10817 #land
2014-07-23 15:55:42 -05:00
eee72a86ba
Fix the case when john cracks only half of LM
2014-07-23 15:25:32 -05:00
b526fc50f8
Refactored jboss mixin and modules
...
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
2014-07-22 23:08:42 +02:00
e54f5e8ee7
working snmp_login module
2014-07-22 12:44:21 -05:00
c553fcac73
start refacotirng snmp_login
2014-07-22 11:46:22 -05:00
917d2c718b
Use All4 instead of LanMan
...
... Which was the original behavior. A full incremental LanMan can take
many hours instead of the few seconds this module was intended to run.
2014-07-21 18:24:35 -05:00
ae2cd63391
Refactored Jboss mixin
...
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
fe0b6fa79e
Land #3532 , @luisco's joomla login bruteforcer
2014-07-21 12:56:15 -05:00
aefaa3dd96
Make rubocop more happy
2014-07-21 12:55:45 -05:00
ffafd4c01f
Add NTP fuzzer from @jhart-r7
...
Looks good to me!
2014-07-21 12:38:12 -05:00
478e43170a
Report credentials to database
2014-07-21 12:26:13 -05:00
63fca1bfdd
Make some datastore options required
2014-07-21 12:10:52 -05:00
436ac706e8
Rescue Rex::ConnectionError while finding the uri
2014-07-21 12:00:24 -05:00
30de4cdf8d
Fix get_login_hidden
2014-07-21 11:57:37 -05:00
ff3a21b520
Refactor do_web_login
2014-07-21 11:35:19 -05:00
22f41e4435
Use vars_post
2014-07-21 11:07:00 -05:00
92fd3bc72b
Deleting REQUEST_TYPE option because I don't think has sense here
2014-07-21 10:53:43 -05:00
986b8e5d02
First style issues cleanup
2014-07-21 09:49:05 -05:00
5ba96d6054
Fix peer(rhost)->peer() usage in mediawiki_svg_fileaccess
2014-07-19 15:56:41 -05:00
7a5f3b8991
Implementing Ruby Style Guide and replace send_request_raw send_request_cgi
2014-07-18 14:31:38 -05:00
088f208c7c
Added auxiliary module jboss_bshdeployer
...
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
1f02891dc7
Change name of module and implementation of the recommended changes 2
2014-07-18 00:17:35 -05:00
0168a99eaa
Change name of module and implementation of the recommended changes
2014-07-17 23:49:25 -05:00
f2eabdba94
implementation of the recommended changes
2014-07-17 23:36:37 -05:00
ad2e7c3713
print header only if there are results...
2014-07-17 18:02:24 -05:00
36f6bcca15
Applied Jon Hart's recommendations
2014-07-17 20:29:26 +01:00
06fd1ead9d
Address more style issues
2014-07-17 09:37:27 -07:00
7e6e154a39
Fix null pointer dereference
2014-07-17 08:51:12 -05:00
bebf11c969
Resolves some Login::Status migration issues
...
MSP-10730
2014-07-16 21:52:08 -05:00
ceff18de9d
Add modifiable UserAgent and translations to English
2014-07-16 20:44:20 -05:00
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
b6ded9813a
Remove EOL whitespace
2014-07-16 14:56:34 -05:00
5534599cfc
fix for jtr warnings
...
remmove include for Jtr mixin in deprecated jtr_unshadow module
remove deprecated postgres_crack module
2014-07-16 12:52:29 -05:00
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
9e5c24a97e
Address some Ruby style issues
2014-07-15 16:55:54 -07:00
674447c891
final cleanup steps
2014-07-15 15:31:51 -05:00
7ac6640cfd
Merge branch 'staging/electro-release' into feature/MSP-10711/login-status
...
Conflicts:
Gemfile
Gemfile.lock
modules/auxiliary/scanner/smb/smb_login.rb
2014-07-15 15:12:33 -05:00
51a9a763c0
Move error_name to InvalidPacket and check for nil
...
MSP-10713
2014-07-15 15:02:53 -05:00
34635ab968
module login status cleanup
...
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
3becfff41e
Add Bruteforce Joomla
2014-07-14 14:07:23 -05:00
7184d2ed5e
Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor
...
Refactor pop3_login
2014-07-14 13:27:11 -05:00
8814863a00
applied todbs snmp fixs for OSX https://dev.metasploit.com/redmine/issues/7480
...
added psProcessUsername MIB to snmp_enumusers - to enumerate users on Solaris Systems
2014-07-13 10:27:45 +01:00
e68dcdbb06
Refactor pop3_login
...
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.
See http://wiki2.dovecot.org/Authentication/Penalty
2014-07-11 17:26:49 -05:00
2fd7bcf8bf
Land #3514 , report_note for scraper
2014-07-11 17:17:10 -05:00
5d833cbb16
http_header report_note remove to_s
2014-07-11 17:14:45 -05:00
7e9eb84531
http_header report_note remove brackets, move rport
2014-07-11 17:14:45 -05:00
a8ec733a3a
Interpolate all the things!
2014-07-11 17:14:09 -05:00
4abe856fc1
Rescue http_header notes from getting truncated
...
Seems that only one header line gets added to host notes, and the rest are thrown away. This adds the counter number to the type string, so that each header line entry is unique and correctly saved. I also added port in case you want headers from several ports on one host without the previous getting overwritten.
(scanning shodanhq.com)
----BEFORE----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: deleted header Expires
[*] 162.159.245.38:80: CF-RAY: 1485d013ca880773-EWR
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 14:50:20 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 7 headers
[*] Scanned 1 of 1 hosts (100% complete)
msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 14:50:19 UTC Note: host=162.159.245.38 type=HTTP header data="SET-COOKIE: __cfduid=d3914e07fc681306bb53129adb3e6b1d41405090220122; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >
----AFTER----
msf auxiliary(http_header) > run -j
[*] Auxiliary module running as background job
msf auxiliary(http_header) >
[*] 162.159.245.38:80: requesting / via HEAD
[*] 162.159.245.38:80: CF-RAY: 14869ad5c0970f57-FRA
[*] 162.159.245.38:80: CACHE-CONTROL: max-age=15
[*] 162.159.245.38:80: CONNECTION: keep-alive
[*] 162.159.245.38:80: CONTENT-TYPE: text/html; charset=UTF-8
[*] 162.159.245.38:80: DATE: Fri, 11 Jul 2014 17:08:45 GMT
[*] 162.159.245.38:80: EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT
[*] 162.159.245.38:80: SERVER: cloudflare-nginx
[*] 162.159.245.38:80: SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly
[+] 162.159.245.38:80: detected 8 headers
[*] Scanned 1 of 1 hosts (100% complete)
msf auxiliary(http_header) > notes
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.0 data="CF-RAY: 14869ad5c0970f57-FRA"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.1 data="CACHE-CONTROL: max-age=15"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.2 data="CONNECTION: keep-alive"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.3 data="CONTENT-TYPE: text/html; charset=UTF-8"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.4 data="DATE: Fri, 11 Jul 2014 17:08:45 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.5 data="EXPIRES: Fri, 11 Jul 2014 17:09:00 GMT"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.6 data="SERVER: cloudflare-nginx"
[*] Time: 2014-07-11 17:08:44 UTC Note: host=162.159.245.38 type=http.80.header.7 data="SET-COOKIE: __cfduid=db2918126c4b49780b4669e88b72580521405098525082; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; HttpOnly"
msf auxiliary(http_header) >
2014-07-11 17:14:09 -05:00
6ef69b4014
scraper report_note, remove eol whitespace
2014-07-11 21:21:56 +02:00
ad46c37988
scraper report_note, remove unnecessary to_s
2014-07-11 21:08:35 +02:00
7a7d149dc5
scraper report_note, change note type string
2014-07-11 21:01:20 +02:00
b09fab13f0
Fix one flubbed author address
2014-07-11 13:50:37 -05:00
8b302cd472
Add report_note to scraper.rb
...
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:31:46 +02:00
b834e7d3cb
Update scraper.rb
2014-07-11 20:20:40 +02:00
da67a63ad0
Add report_note to scraper.rb
...
Just a suggestion. I always personally modify this. I use it to scrape titles often, and i prefer it to be saved in notes rather than wmap results, because i find it easier to search and automatically add results to rhosts.
2014-07-11 20:07:48 +02:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
43f41de124
Land #3508 , CVE-2014-4671 Flash JSONP disclosure
2014-07-11 10:11:48 -05:00
b8225ae2dc
Remove unnecessary ||= and ivars.
2014-07-10 16:06:28 -05:00
e0389dfbc3
Update code as per @wvu's code review.
2014-07-10 15:03:40 -05:00
62a2f1dc0a
Credential -> Model for realm key constants
2014-07-10 14:30:25 -05:00
dd439066ca
Patch rhost to display hostname of JSONP_URL.
2014-07-10 12:02:22 -05:00
841cb6a590
STEAL_URL -> STEAL_URLS.
2014-07-10 09:14:32 -05:00
fad30bc874
Add flash rosetta exploit module for stealing URLs.
2014-07-10 09:09:10 -05:00
c5226352de
Un-login-able should be print_status, not good
2014-07-09 17:45:41 -05:00
7d9c0da691
Record correct creds with non-success status
2014-07-09 13:26:49 -05:00
afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
...
Conflicts:
lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
aeda74f394
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-07 16:41:23 -05:00
2a9ac0a007
Axe SSHKey in favor of a unified SSH
2014-07-07 13:35:17 -05:00
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
1500f33e1b
Default to only fuzzing versions 2-4
2014-07-03 07:32:44 -07:00
b15297eee0
Land #3490 , @Meatballs1 tns listener verbose output
2014-07-03 16:20:38 +02:00
c6675a2900
Add verbosity to Jenkins Enum
2014-07-02 13:25:18 -04:00
68ba79aa16
Remove access_level, since we don't have access
2014-07-01 17:53:18 -05:00
5fa0981026
Add login and move print_status
2014-07-01 17:48:42 -05:00
1830bdc7a5
Add rspec coverage for Rex::Proto::NTP
2014-07-01 12:29:47 -07:00
864f0f1bbc
Update description, loot -> creds
2014-07-01 11:46:21 -05:00
bc274b358f
Move NTP message code to Rex::Proto::NTP, simplify option handling
2014-06-30 23:57:47 -07:00
3079c47d41
Refactor oracle_hashdump creds
2014-07-01 01:07:22 -05:00
bf9c64d3ee
Land #3483 , @hmoore-r7's title change for ipmi_cipher_zero
2014-06-30 17:31:12 -05:00
cf720a88e8
Be verbose about error codes
2014-06-30 19:10:03 +01:00
f8ef6c50b4
Land #3470 , Cerberus SFTP User Enumeration
2014-06-30 19:01:15 +01:00
94c5a0b603
More verbose around connection errors
2014-06-30 18:56:30 +01:00
183d601aae
Small tidyup
2014-06-30 18:17:49 +01:00
004afa6e0c
Clean commit of Cerberus FTP User Enumeration Module
2014-06-30 17:53:46 +01:00
72d8d8a40c
RAKP defines auth, not cipher-0 bypass, see below.
...
Dan Farmer noted that the RAKP reference in the title was not correct
and that RAKP is a separate issue and protocol implementation than
the use of Cipher Zero to perform an authentication bypass.
Cosmetic only change
2014-06-30 00:52:40 -05:00
4bff68ff2b
Use the specified UA, dont duplicate ports
2014-06-30 00:49:21 -05:00
6e8415143c
Fix msftidy and tweak a few modules missing timeouts
2014-06-30 00:46:28 -05:00
90eccefcc8
Fix sock.get use and some minor bugs
2014-06-28 16:17:15 -05:00
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
3868348045
Fix incorrect use of sock.get that leads to indefinite hang
2014-06-28 15:48:58 -05:00
3ae91410f5
Fix incorrect use of sock.get(), remove rundant return values
2014-06-28 15:24:02 -05:00
6d0d8a911d
Fix incorrect use of sock.get() that could lead to indefinite hang
2014-06-28 15:22:16 -05:00
a9cd9c584a
Respect RPORT even if additional ports are specified
2014-06-28 15:21:54 -05:00
43420aa984
Fix incorrect use of sock.get that can lead to an indefinite timeout
...
console1:
```
msf> use auxiliary/scanner/http/open_proxy
msf auxiliary(open_proxy) > set RHOSTS 192.168.0.4
msf auxiliary(open_proxy) > set RPORT 8888
msf auxiliary(open_proxy) > run
< the connection never times out >
```
console2:
```
$ nc -vlp 8888
Listening on [0.0.0.0] (family 0, port 8888)
Connection from [192.168.0.4] port 8888 [tcp/*] accepted (family 2, sport 43245)
GET http://209.85.148.147/ HTTP/1.1
Host: 209.85.148.147
Connection: close
User-Agent: user_agent
Accept-Encoding: *
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7
Cache-Control: no
Accept-Language: de,en;q=0.7,en-us;q=0.3
```
After the patch, requests timeout after 10 seconds:
```
msf auxiliary(open_proxy) > run
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-06-28 15:18:11 -05:00
3e1ac3fee1
This module was broken due to a hardcoded IP address for google.com
2014-06-28 15:14:29 -05:00
9cec330f05
Merge branch 'master' into staging/electro-release
2014-06-26 10:22:30 -05:00
48e93b7fc2
Merge branch 'feature/MSP-9715/linux_hashcracker' into staging/electro-release
2014-06-25 16:15:44 -05:00
34c57f51b1
Merge branch 'staging/electro-release' of github.com:rapid7/metasploit-framework-private into staging/electro-release
2014-06-25 15:02:35 -05:00
ac61a8fe4f
deprecate jtr_unshadow
2014-06-25 15:01:35 -05:00
75be200b97
Merge branch 'feature/MSP-9714/jtr_aix' into staging/electro-release
2014-06-25 14:34:41 -05:00
70fd3344fd
Merge branch 'feature/MSP-9713/jtr_crack_fast' into staging/electro-release
2014-06-25 14:15:50 -05:00
61d8597a00
missing require
2014-06-25 10:13:41 -05:00
5b0a356045
properly strip extra colons
2014-06-25 10:04:48 -05:00
4e0bcc123d
More useful msg when domain is ignored
2014-06-25 10:01:07 -05:00
f225ac92ab
Refactor smb_login
...
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
560fc93834
jtr_aix refactor
...
updated the aix cracker for jtr
2014-06-24 15:34:28 -05:00
85611702f9
Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor
2014-06-23 23:58:47 -05:00
b9925bb24c
Minor option cleanup
2014-06-23 18:38:47 -07:00
002234993f
SMB lib fixes, unattend.xml cred gathering
2014-06-23 20:08:42 -05:00
615aeb66a5
Dont use or
2014-06-23 23:11:04 +01:00
752007848b
Tidy up code
...
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
2014-06-23 23:08:33 +01:00
6651af2d9b
refactor jtr_linux cracker
2014-06-23 16:27:28 -05:00
2772d84a18
Major rework of this module, please see the diff
2014-06-23 16:13:42 -05:00
57c4ed51e9
fix mssql incremental modes
2014-06-23 15:37:37 -05:00
1cbc324774
fix up incremental modes
...
those incrmenetal rules don't exist
in all versions. All and Alnum are too long
for a 'fast-mode' crack. We wwill do Digits though
which does all digits 0-8 and gets us blank passwords
for free.
2014-06-23 15:36:17 -05:00
520c82d7fc
deal with blank password in ntlm
2014-06-23 15:32:50 -05:00
c5f2efda18
fixed up casing
2014-06-23 15:26:12 -05:00
b246e66eb8
successfully cracking ntlm hashes
...
still need to handle casing for lm
2014-06-23 14:40:32 -05:00
050091d0dd
Fuzz all 255 possible mode 7 request codes
2014-06-23 11:38:30 -07:00
57cc390681
fix how we save mssql hashes
...
since the 0x prefix is neccisary, just save the hash that way in the first place
2014-06-23 12:38:36 -05:00
c61f59d8a9
make sure to report the realm
2014-06-23 12:08:49 -05:00
dadd959c6a
refactor postgres hash cracking
...
refactored postgres_hashdump to report the creds
it logged in with. added a new jtr module for
dealing with postgres hashes instead of the
crappy old md5 one we had before
2014-06-23 12:02:39 -05:00
a0aca251f5
Land #3472 , releae fixes
2014-06-23 11:41:35 -05:00
0219c4974a
Release fixups, word choice, refs, etc.
2014-06-23 11:17:00 -05:00
40d1ec551e
Add WEP, PSK, and MGT
2014-06-21 23:15:20 -05:00
61f4c769eb
Land #3461 , Chromecast factory reset module
2014-06-21 17:43:31 -04:00
79bf80e6bf
Add generic error handling
...
Just in case a factory reset happens to fail.
2014-06-21 15:35:03 -05:00
469fae7058
Land #3465 , @hmoore-r7's module for SMC IPMI Port 49152 file exposure vulnerability
2014-06-20 17:22:28 -05:00
252d917bbb
Fix msftidy and favor && over and
2014-06-20 17:21:10 -05:00
8cfba5770a
missing require
2014-06-20 15:22:37 -05:00
d80f4d9e67
refactor jtr_mysql_fast and mysql_hashdump
...
have mysql_hashdump report the cred it logged in with
refactor jtr_mysql to use the new jtr cracker
2014-06-20 15:21:35 -05:00
669779defb
SMB cred creation refactor
2014-06-20 15:17:40 -05:00
35c0ef0c68
Merge branch 'feature/MSP-9716/mssql_crack' into staging/electro-release
2014-06-20 12:39:07 -05:00
a929a55404
fix show command parsing
...
this ius better than a regex and handles special charachters
in usernames and passwords far better than the previous way
2014-06-20 10:48:42 -05:00
93da4dc561
account for mssql12 format
...
mssql2012 and later uses a new format. some versions
of john support this and some do not yet
2014-06-19 16:11:14 -05:00
4453dcdc8e
some minor fixes
2014-06-19 15:45:24 -05:00
fa5fc724eb
Fix the disclosure date
2014-06-19 15:36:17 -05:00
f7fd17106a
Add the final cari.net URL
2014-06-19 15:33:06 -05:00
aca532b994
making egypt happy
...
it's a full time job
2014-06-19 15:07:33 -05:00
9421beedb3
Refactor http_login
2014-06-19 14:12:21 -05:00
6f03f6657f
Support only fuzzing specific mode 6 operations
2014-06-19 11:10:11 -07:00
0ff8708e6d
some minor fixes
2014-06-19 13:08:43 -05:00
53352924d2
Merge branch 'staging/electro-release' into feature/MSP-9716/mssql_crack
...
Conflicts:
Gemfile
2014-06-19 12:45:53 -05:00
20f7cde9cc
add incremental and single modes
...
make sure we run single mode and incremnetal modes
during our runs through these hashes.
2014-06-19 12:38:01 -05:00
bb120fd1e2
report access level on mssql_hashdump
...
if we know we have admin access on mssql hashdumop
we should report that on the Login object.
2014-06-19 12:20:42 -05:00
d3c77b345c
report cracked credentials
...
also makes mssql_hashdump report the credentials it logged in with
2014-06-19 12:16:49 -05:00
62f4054858
startring refactor on jtr_mssql
...
started work on the mssql hash cracker
fixed some minor bugs with the underlying mixin
crackers now runs. still have to have the cred objects created
2014-06-18 14:50:08 -05:00
190923e9a7
Merge pull request #79 from rapid7/feature/MSP-9699/axis2-refactor
...
Refactor axis_login
2014-06-18 11:43:23 -05:00
4c3cc793ba
fix missing .present?
2014-06-18 10:52:27 -05:00
58b016202b
Merge branch 'staging/electro-release' into feature/MSP-9709/ssh-pubkey
2014-06-18 10:50:29 -05:00
2b0bb608b1
Merge branch 'master' into staging/electro-release
2014-06-18 10:49:58 -05:00
075eec39e1
Add Chromecast factory reset module
2014-06-18 10:04:17 -05:00
c685e0d06e
Land #3444 , chromecast wifi enumeration
2014-06-17 22:09:58 -04:00
5f176a56cb
Fix typo
2014-06-17 17:16:46 -05:00
d114dd1da2
Fix bugs. :fail != :failed
2014-06-17 17:12:50 -05:00
d6de0da5a7
Refactor axis_login
2014-06-17 17:07:53 -05:00
1394ad1431
Break my double quote habit
...
Doesn't it feel better? C doesn't love me anymore.
2014-06-17 14:22:55 -05:00
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
8376b4aa2b
Map constants to readable values
...
Thanks, @zeroSteiner and @kernelsmith. :)
2014-06-17 13:10:08 -05:00
6237d56398
Refactor ssh_login_pubkey
...
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
where the ssh_socket accessor was not being set because of a
shadowing local var
* Fix a bug in the db command dispatcher where an extra column was
added to the table, causing an unhandled exception when running the
creds command
* Add a big, ugly, untested class for imitating
Metasploit::Framework::CredentialCollection for ssh keys. This class
continues the current behavoir of silently ignoring files that are a)
encrypted or b) not private keys.
* Remove unnecessary proof gathering in the module (it's already
handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
1a82a20c09
re-added incorrectly removed SMBSHARE option
2014-06-16 20:10:11 +01:00
8fa81de3bb
Fuzz mode 7 more correctly. Cleanup.
...
Provide empty 188-byte payload for mode 7 messages, otherwise nothing
seems to response. Provide more useful defaults for versions/modes.
Allow control over what mode 7 stuff is fuzzed.
2014-06-16 11:56:27 -07:00
0352a5305c
When fuzzing mode 6 (control) and 7 (private) messages, print out each version tested since these tend to take a long time
2014-06-16 10:31:08 -07:00
28bf9f8d50
Correct order of mixins so RHOSTS works properly
2014-06-16 10:02:27 -07:00
9e5281d0c6
Mixin Msf::Auxiliary::Scanner, switch to run_host to fix DNS lookup issues
2014-06-16 09:58:20 -07:00
2aa26fa290
Minor spacing and word choice fixups
2014-06-16 11:40:21 -05:00
c7c0528e44
Fuzz NTP private messages too
2014-06-15 20:23:33 -07:00
5fe8814af6
Land #3330 adding admin check to smb_login
2014-06-15 14:42:26 -05:00
fa8c9bc4f3
Merge pull request #75 from rapid7/feature/MSP-9692/afp_login
...
MSP-9692 #land
2014-06-13 10:51:26 -05:00
f452652f54
Merge pull request #61 from rapid7/feature/MSP-9708/ssh-bruteforce
...
Functional steps updated and passing, along with specs. Proof being maintained seemed off, but it's not persisted, just used for setting platform.
MSP-9708 #land
2014-06-12 18:37:44 -05:00
d215b8e5b2
Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
...
45 merged, steps passing.
MSP-9712 #land
2014-06-12 16:04:17 -05:00
52d63f51bb
Merge pull request #50 from rapid7/feature/MSP-9705/postgres_login
...
Verily verified.
MSP-9705 #land
2014-06-12 15:49:39 -05:00
539f30e720
refactor afp_login
2014-06-12 14:16:05 -05:00
1ab379a0fe
Land #3448 , ident =! indent
2014-06-12 14:15:06 -05:00
e9783200f2
Land #3447 , fix variable typo
2014-06-12 14:07:34 -05:00
96e492f572
Merge branch 'master' into staging/electro-release
2014-06-12 14:02:27 -05:00
cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key)
2014-06-12 13:41:44 -05:00
a647246148
Use correct variable name
2014-06-12 19:38:41 +01:00
62a4991508
Land #3446 , some code cleanup from @todb-r7
2014-06-12 13:35:36 -05:00
3f5e50d18f
Aux modules don't have ranking.
...
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
2014-06-12 13:21:59 -05:00
1aa029dbed
Avoid double quotes in the initialize/elewhere
...
There is no need to have double quotes there for uninterpolated strings,
and every other module uses single quotes.
2014-06-12 13:20:59 -05:00
fe33444858
Merge pull request #58 from rapid7/feature/MSP-9693/db2_auth
...
Errors resolved, cred created
MSP-9693 #land
2014-06-12 12:49:54 -05:00
e85f829ee4
modules living inside scanner should include the Scanner mixin
2014-06-12 12:20:44 -05:00
fa4e835804
Fix up scanner mixin usage, actual test/bug fix
2014-06-12 11:52:34 -05:00
430b3d181e
Merge pull request #67 from rapid7/feature/MSP-9695/ftp_login
...
Access level string clarified, specs passing, valid looking cores with proper info
MSP-9695 #land
2014-06-12 11:33:18 -05:00
71a4f1ab33
Clarified RW access level
...
MSP-9695
2014-06-12 11:32:20 -05:00
67d4097e1d
Land #3271 , @claudijd's Cisco ASA SSL VPN Bruteforce Aux Module
2014-06-12 11:27:23 -05:00
487bf219f0
Rename to match the title
2014-06-12 11:23:34 -05:00
7650067b41
Fix metadata
2014-06-12 11:22:52 -05:00
e76c85c5d1
Fix usage of print_*
2014-06-12 11:13:45 -05:00
e4ff07dfa8
Merge branch 'staging/electro-release' into feature/MSP-9693/db2_auth
2014-06-12 10:52:06 -05:00
88f8b585a3
Merge branch 'staging/electro-release' into feature/MSP-9705/postgres_login
...
Conflicts:
Gemfile
Gemfile.lock
2014-06-12 10:47:02 -05:00
a5d88fd2ab
Space in arg list, because I don't hate feedom.
2014-06-12 10:29:14 -05:00
6bc37cca0c
Land #3430 , @brandonprry's generic MongoDB injection enum.
2014-06-11 21:41:23 -05:00
23f7fe45ed
Add Chromecast wifi enumeration module
2014-06-11 21:00:47 -05:00
c074ebda7b
refactor telnet_login
2014-06-11 17:46:42 -05:00
85bee6ea12
Update ftp_login.rb
2014-06-11 17:29:23 -05:00
cca91dd7c5
Update mongodb_js_inject_collection_enum.rb
...
some @jvennix-r7 fixes
2014-06-11 17:07:57 -05:00
83a2dc250d
make ftp guest attempts optional
2014-06-11 16:37:59 -05:00
c8e1fab6ec
Merge branch 'staging/electro-release' into feature/MSP-9708/ssh-bruteforce
...
Conflicts:
lib/metasploit/framework/credential.rb
2014-06-11 16:28:01 -05:00
b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
...
Conflicts:
lib/metasploit/framework/credential_collection.rb
spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
1164cf5363
refactor ftp_login
...
uses new cred goodness
2014-06-11 16:21:55 -05:00
7ce9114a1e
Initial commit of an NTP fuzzer
2014-06-11 13:46:08 -07:00
87a9ee9a69
Merge pull request #59 from rapid7/feature/MSP-9697/tomcat_login
...
Feature/msp 9697/tomcat login
MSP-9697 #land
2014-06-11 15:35:09 -05:00
81019ed850
Supermicro work
2014-06-11 15:03:54 -05:00
6c0d668f0a
Merge pull request #55 from rapid7/feature/MSP-9701/msssql_login
...
Feature/msp 9701/msssql login
MSP-9701 #land
2014-06-11 13:48:59 -05:00
84aa0d42ed
Merge pull request #57 from rapid7/bug/MSP-10004/rubyzip
...
Trevor added a 0.4.1 tag right before this PR landed, making this unmergable. Pulled in staging/electro-release, specs passing.
2014-06-11 13:48:03 -05:00
1903542683
Merge branch 'staging/electro-release' into bug/MSP-10004/rubyzip
...
Conflicts:
Gemfile
Gemfile.lock
2014-06-11 13:42:26 -05:00
e8752f9c56
Point to correct creds version
2014-06-11 13:38:35 -05:00
651871bd7a
Resolve upstream conflict
2014-06-11 13:34:45 -05:00
9593422f9c
Merge branch 'master' into staging/electro-release
2014-06-11 10:23:56 -05:00
6ca5cf6c26
Add Chromecast YouTube remote control
2014-06-11 00:08:08 -05:00
fb8c1f4c4b
Refactor ssh_login to use LoginScanner stuffs
...
Also, Metasploit::Credential::Creation stuffs.
2014-06-10 17:30:06 -05:00
c06fd21fb1
refactor tomcat_mgr_login
...
uses the new Metasploit::Credential magic now
2014-06-10 15:59:00 -05:00
693c4aae66
make sure we capture realms
...
need to account for the possability of
realms in mssql_login
2014-06-10 14:41:45 -05:00
b05e7fb9ac
Fix require
...
MSP-10004
Change 'zip/zip' to 'zip' to match >= 1.0.0 rubyzip API.
2014-06-10 13:58:07 -05:00
74d376e387
refactor db2_auth module
...
you know what it is
2014-06-10 13:43:07 -05:00
4d923a4809
Update to Rubyzip 1.X API
...
MSP-10004
`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
44540e6d00
Land #3437 , CSS Injection MITM scanner
2014-06-10 13:36:35 -05:00
4aa1fee398
Land #3326 , @FireFart's Heartbleed - server response parsing
2014-06-10 13:27:28 -05:00
0c89d6cdce
refactor mssql_login
...
now uses all the Metasploit::Credential goodness
2014-06-10 11:49:08 -05:00
15ceb1e826
put calls in right place it helps
2014-06-10 11:17:19 -05:00
63ec83ea90
missing public
...
missing the public in the invalidate_login call
now fixed
2014-06-10 11:12:17 -05:00
6362eac0b0
add invalidate_login call
2014-06-10 11:11:22 -05:00
e9d9806408
invalidate_login
...
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
dc590008a7
add invalidate_login call
...
add the new invalidate login call to make sure
we update the status on failed logins appropriately
2014-06-10 10:58:27 -05:00
521284253f
Be more clear about the vuln and impact
2014-06-10 10:29:23 -05:00
9b55f5143a
Add module for CVE-2014-0224
2014-06-09 17:38:11 -05:00
e629fdb47d
Report the realm, too
...
derp
2014-06-09 17:06:56 -05:00
32f87b985c
refactor mysql_login
...
refactor mysql_login to use the new
Metasploit::Credential apradigm
2014-06-09 14:20:58 -05:00
61fd962331
refactor vnc_login
...
refactor for new credential usage
2014-06-09 13:55:24 -05:00
4103f2295b
Missing comma
2014-06-09 13:44:46 -05:00
0e14d77dba
Minor fixup on DTLS module
2014-06-09 13:42:30 -05:00
0e611b5d64
Land #3429 , @jhart-r7's auxiliary module for CVE-2014-0195
2014-06-09 13:34:38 -05:00
ed5d83a41b
Add vulnerability discoverer
2014-06-09 13:25:33 -05:00
daf662b3c0
Do minor cleanup
2014-06-09 13:23:56 -05:00
a4e96d8f59
Merge branch 'master' into staging/electro-release
2014-06-09 13:07:22 -05:00
f8f5691eee
refactor postgres_login module
...
postgres_login now uses all the new components
such as Metasploit::Credential and the LoginScanner
class
2014-06-09 12:59:05 -05:00
1f33566033
Land #3432 , @Meatballs1 sap_soap_rfc_brute_login's clean up
2014-06-09 11:39:52 -05:00
b39b41e29f
Land #3371 , @Meatballs1 fix for sap_mgmt_con_getprocessparameter
2014-06-09 11:25:01 -05:00
06e45e8253
Clean up TLS fragment building
2014-06-09 08:39:30 -07:00
482aa2ea08
Merge branch 'master' into staging/electro-release
2014-06-09 10:27:22 -05:00
099003708c
Land #3422 , SAP Bruterforcer datastore cleanup
2014-06-08 08:42:27 +02:00
4367e8ef0c
Update mongodb_js_inject_collection_enum.rb
...
Fix some logic bugs that caused incorrect results.
2014-06-07 21:03:28 -05:00
dc89621d5c
Update mongodb_js_inject_collection_enum.rb
...
No need to make extra requests. Off by one.
2014-06-07 20:09:00 -05:00
2663af986b
Update mongodb_js_inject_collection_enum.rb
...
This adds a bit more error handling, and better decision making in regards to false responses.
2014-06-07 19:58:12 -05:00
a7a1a2bf3b
Move dtls_fragment_overflow.rb under ssl where it belongs
2014-06-07 12:56:34 -07:00
4071fb332b
Create mongodb_js_inject_collection_enum.rb
...
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7
https://gist.github.com/brandonprry/c2de8ac2be825007c4de
2014-06-07 11:20:34 -05:00
8637a1fff1
OpenSSL DTLS CVE-2014-0195 POC
2014-06-06 19:24:47 -07:00
fe20e6e1c4
Merge remote-tracking branch 'upstream/master' into soap_brute_fix
...
Conflicts:
modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
2014-06-07 02:44:16 +01:00
8624ddfc3e
Clean up SAP SOAP RFC Brute Login
...
Honour the user supplied settings
Abort a host on connection error
Check a 200 response for some appropriate data
Let datastore validation handle things like options being present
Be more verbose if needed
Use the HTTPClient more appropriately
2014-06-07 02:34:49 +01:00
b997c2ac1f
Further tidies
2014-06-07 02:00:35 +01:00
ff8e6d2c50
Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
...
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
2ee408e9db
Refactor winrm_login with Credentials
2014-06-05 14:26:29 -05:00
8b6e188ba8
Add support for realm in CredentialCollection
...
MSP-9988
2014-06-04 17:03:52 -05:00
4960503a59
fix jtr_format
...
use raw-md5 as that sort of works
2014-06-04 14:10:28 -05:00
30c35907bf
refactor psotgres_hashdump
...
refactor psotgres_hashdump to now save
hashes as Metasploit::Credential objects
2014-06-04 12:21:49 -05:00
d1f7f93e4b
refactor mysql_hashdump
...
mysql_hashdump now uses Metasploit::Credential to
save hashes.
2014-06-04 11:59:47 -05:00
201e6e9866
Merge branch 'feature/MSP-9750/MSSQL_hashdump' into feature/MSP-9751/mysql_hashdump
2014-06-04 11:58:58 -05:00
28bf29980e
Merge branch 'master' into staging/electro-release
2014-06-04 10:21:08 -05:00
d3949b3d6c
refactor mssql_hashdump
...
refactor mssql_hashdump to use Metasploit:Credential
2014-06-03 15:02:59 -05:00
0e3549ebc4
mc brute tidy
2014-06-03 17:27:46 +01:00
b7dc89f569
I prefer "bruteforce" to "brute force" for search
...
Just makes it easier to search for, since it's an industry term of art.
2014-06-02 13:09:46 -05:00
34004908bb
Merge branch 'master' into staging/electro-release
...
Conflicts:
.ruby-version
2014-06-02 11:10:33 -05:00
8bd4e8d30a
Land #3406 , indeces_enum -> indices_enum
2014-06-02 11:06:33 -05:00
74400549a1
Resolve undefined method `get_cookies'
...
Anemone::Page is not a Rex HTTP request/response, and uses the
:cookies method to return an array of cookies.
This resolves the method naming error, though it does break with
Rex naming convention since Anemone still uses a lot non-Rex
methods for working with pages/traffic.
2014-05-30 14:39:51 -04:00
4a1fea7abb
Land #2948 , @juushya's PocketPAD login bruteforce module
2014-05-30 11:47:16 -05:00
b0bdfa7680
Clean up code
2014-05-30 11:44:42 -05:00
fb59221189
Land #2494 , @juushya's etherpadduo login module
2014-05-30 11:35:28 -05:00
d92a7adc68
change module filename
2014-05-30 11:31:49 -05:00
40a103967e
Minor code cleanup
2014-05-30 11:28:37 -05:00
6f330ea190
Add deprecation information
2014-05-29 17:38:01 -05:00
aea0379451
Fix typos
2014-05-29 12:37:51 -05:00
696d2b7e6b
Merge branch 'master' into staging/electro-release
2014-05-29 12:30:32 -05:00
e669324366
Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner
...
Add axis2 login scanner
2014-05-29 11:22:22 -05:00
53ab2aefaa
Land #3386 , a few datastore msftidy error fixes
2014-05-29 10:44:37 -05:00
8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings
2014-05-29 04:42:49 -05:00
3f86aebabf
Land #3398 , CAPWAP DoS description cleanup
2014-05-28 14:55:22 -05:00
785b53820e
Land #3399 , print_error instead of print_status
2014-05-28 14:53:00 -05:00
05e24326a6
Style compliance
2014-05-28 14:31:34 -05:00
c89cd24621
Rewire some snmp modules to use print_error instead of print_status.
2014-05-28 13:31:00 -05:00
4b5c62ba8d
Dress up CAPWAP DoS desc a little.
2014-05-28 12:19:17 -05:00
55ef5dd484
Land #3115 , @silascutler's module for elasticsearch indeces enumeration
2014-05-27 11:28:34 -05:00
2271afc1a5
Change module filename
2014-05-27 11:25:39 -05:00
3de8beb5fd
Clean code
2014-05-27 11:22:40 -05:00
69e8286838
Fix title
2014-05-27 10:29:32 -05:00
1316365c2f
Fix description
2014-05-27 10:22:39 -05:00
abe1d6ffc7
Land #3190 , @Karmanovskii's module to fingerprint MyBB database
2014-05-27 10:20:24 -05:00
86221de10e
Fix message
2014-05-27 10:18:27 -05:00
b96c2dd0ca
Change module filename
2014-05-27 10:15:39 -05:00
1d8c46155b
Do last code cleaning
2014-05-27 10:14:55 -05:00
352e14c21a
Land #3391 , all vars_get msftidy warning fixes
2014-05-26 23:41:46 -05:00
eacf70af83
Update mybb_get_type_db.rb
...
26.05.2014 23:26
I deleted mimicking IE11
2014-05-26 23:26:28 +04:00
217a14e4d7
Land #3366 , @jholgui's module for CVE-2013-4074
2014-05-25 18:53:30 -05:00
33ba134147
Clean msftidy warnings and metadata
2014-05-25 18:52:01 -05:00
d3c17d8e3e
Delete wireshark_capwap_dos
2014-05-25 18:39:53 -05:00
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
9f166b87f6
Changed the description
2014-05-24 18:58:36 +01:00
71e2d19040
Adapted to auxiliary modules structure
2014-05-24 18:53:10 +01:00
1aee0f3305
Warn if it's not UPPERCASE method (@wchen-r7)
...
See the discussion on f7bfab5a26#3386
2014-05-23 17:10:27 -05:00
9f78bec457
Use normalize_uri (@wchen-r7)
...
Instead of editing the datastore['PATH'], use normalize_uri.
Since the purpose of this module is quite fuzz-like, I didn't want to
apply the normalize_uri to the whole uri -- the original code merely
applied to datastore['PATH'] (which seems like it should be
datastore['URI'] really) and then added on a bunch of other stuff to
test for traversals.
2014-05-23 15:43:50 -05:00
f7bfab5a26
HTTP traversal shouldnt upcase METHOD (@wchen-r7)
...
If the user wants to use downcased or mixed case HTTP methods, heck,
more power to them. If it doesn't work, it doesn't work. No other HTTP
module makes this call.
2014-05-23 15:32:04 -05:00
7f59cf5035
Ora XID HTTP needn't edit DBUSER (@cellabosm)
...
Looks like copypasta artifacts. DBUSER and DBPASS aren't ever set as
options in the module, and the module doesn't include MC's
Exploit::ORACLE mixin. It's also from four years ago and doesn't
report_auth or anything useful like that, but that's out of scope for
this branch.
2014-05-23 15:20:46 -05:00
f189033e8a
OWA bruteforce shouldnt edit datastore (@wchen-r7)
...
This module was written in an era where the defaults for bruteforcing
included a lot of lock-inducing behavior, thus, it was quite serious
about setting datastore options directly. Also, there was apparently a
bug in USER_AS_PASS that this module attempted to avoid by setting the
datastore directly, rather than fixing the bug directly. As far as I
know, this bug has been long since resolved.
2014-05-23 15:08:19 -05:00
99046ba12a
Update alienvault_newpolicyform_sqli.rb
...
Added EDB link - should be ready now.
2014-05-23 10:07:45 -04:00
fa353e6bd9
Add CVE, IBM ref for SameTime modules
2014-05-22 11:34:04 -05:00
8a9c005f13
Add URL
2014-05-20 17:43:07 -05:00
e26dee5e22
Update mybb_get_type_db.rb
...
19/05/2014
I deleted - #return Exploit::CheckCode::Unknown # necessary ????
2014-05-19 21:32:30 +04:00
ddc8a4f103
Merge branch 'master' of github.com:rapid7/metasploit-framework into feature/recog
2014-05-19 11:42:30 -05:00
a30d6b1f2d
Quick cleanup for sap_icm_urlscan
2014-05-19 09:21:26 -05:00
dc0e649a10
Clean up case statement
2014-05-19 09:21:07 -05:00
bc64e47698
Land #3370 , cleanup for sap_icm_urlscan
2014-05-19 09:16:18 -05:00
0ef2e07012
Minor desc and status updates, cosmetic
2014-05-19 08:59:54 -05:00
6b1e4c3a9d
Show loot and error code
2014-05-19 11:17:58 +01:00
848227e18a
401 should be a valid url
2014-05-19 10:59:38 +01:00
5d96f54410
Be verbose about 307
2014-05-19 10:52:06 +01:00
William Vu
HD Moore
sinn3r
David Maloney
jvazquez-r7
John Sawyer
Matthew Kienow
inokii
DrDinosaur
Matt Andreko
Tom Sellers
Jon Hart
xistence
Tod Beardsley
OJ
Christopher Truncer
Joe Vennix
Brandon Turner
James Lee
joev
Samuel Huckins
cx
Christian Mehlmauer
Alton Johnson
us3r777
ikkini
root
midnitesnake
Trevor Rosen
nodeofgithub
Rob Fuller
Meatballs
attackdebris
Spencer McIntyre
j0hnf
scriptjunkie
Jon Cave
Brandon Perry
Luke Imhoff
RageLtMan
Karmanovskii
JoseMi
Chris Hebert