Commit Graph

4844 Commits (97754afe4f2e2ee6056d753e76ac06430ea9390f)

Author SHA1 Message Date
joev dd439066ca
Patch rhost to display hostname of JSONP_URL. 2014-07-10 12:02:22 -05:00
joev 841cb6a590
STEAL_URL -> STEAL_URLS. 2014-07-10 09:14:32 -05:00
joev fad30bc874
Add flash rosetta exploit module for stealing URLs. 2014-07-10 09:09:10 -05:00
James Lee c5226352de
Un-login-able should be print_status, not good 2014-07-09 17:45:41 -05:00
James Lee 7d9c0da691
Record correct creds with non-success status 2014-07-09 13:26:49 -05:00
James Lee afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
Conflicts:
	lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
David Maloney aeda74f394
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-07 16:41:23 -05:00
James Lee 2a9ac0a007
Axe SSHKey in favor of a unified SSH 2014-07-07 13:35:17 -05:00
Jon Hart 1500f33e1b Default to only fuzzing versions 2-4 2014-07-03 07:32:44 -07:00
Christian Mehlmauer b15297eee0
Land #3490, @Meatballs1 tns listener verbose output 2014-07-03 16:20:38 +02:00
Rob Fuller c6675a2900 Add verbosity to Jenkins Enum 2014-07-02 13:25:18 -04:00
William Vu 68ba79aa16
Remove access_level, since we don't have access 2014-07-01 17:53:18 -05:00
William Vu 5fa0981026
Add login and move print_status 2014-07-01 17:48:42 -05:00
Jon Hart 1830bdc7a5 Add rspec coverage for Rex::Proto::NTP 2014-07-01 12:29:47 -07:00
William Vu 864f0f1bbc
Update description, loot -> creds 2014-07-01 11:46:21 -05:00
Jon Hart bc274b358f Move NTP message code to Rex::Proto::NTP, simplify option handling 2014-06-30 23:57:47 -07:00
William Vu 3079c47d41
Refactor oracle_hashdump creds 2014-07-01 01:07:22 -05:00
jvazquez-r7 bf9c64d3ee
Land #3483, @hmoore-r7's title change for ipmi_cipher_zero 2014-06-30 17:31:12 -05:00
Meatballs cf720a88e8
Be verbose about error codes 2014-06-30 19:10:03 +01:00
Meatballs f8ef6c50b4
Land #3470, Cerberus SFTP User Enumeration 2014-06-30 19:01:15 +01:00
Meatballs 94c5a0b603
More verbose around connection errors 2014-06-30 18:56:30 +01:00
Meatballs 183d601aae
Small tidyup 2014-06-30 18:17:49 +01:00
attackdebris 004afa6e0c Clean commit of Cerberus FTP User Enumeration Module 2014-06-30 17:53:46 +01:00
HD Moore 72d8d8a40c RAKP defines auth, not cipher-0 bypass, see below.
Dan Farmer noted that the RAKP reference in the title was not correct
and that RAKP is a separate issue and protocol implementation than
the use of Cipher Zero to perform an authentication bypass.

Cosmetic only change
2014-06-30 00:52:40 -05:00
HD Moore 4bff68ff2b Use the specified UA, dont duplicate ports 2014-06-30 00:49:21 -05:00
HD Moore 6e8415143c Fix msftidy and tweak a few modules missing timeouts 2014-06-30 00:46:28 -05:00
HD Moore 90eccefcc8 Fix sock.get use and some minor bugs 2014-06-28 16:17:15 -05:00
HD Moore 5e900a9f49 Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse 2014-06-28 16:06:46 -05:00
HD Moore 3868348045 Fix incorrect use of sock.get that leads to indefinite hang 2014-06-28 15:48:58 -05:00
HD Moore 3ae91410f5 Fix incorrect use of sock.get(), remove rundant return values 2014-06-28 15:24:02 -05:00
HD Moore 6d0d8a911d Fix incorrect use of sock.get() that could lead to indefinite hang 2014-06-28 15:22:16 -05:00
HD Moore a9cd9c584a Respect RPORT even if additional ports are specified 2014-06-28 15:21:54 -05:00
HD Moore 43420aa984 Fix incorrect use of sock.get that can lead to an indefinite timeout
console1:
```
msf> use auxiliary/scanner/http/open_proxy
msf auxiliary(open_proxy) > set RHOSTS 192.168.0.4
msf auxiliary(open_proxy) > set RPORT 8888
msf auxiliary(open_proxy) > run
< the connection never times out >
```

console2:
```
$ nc -vlp 8888
Listening on [0.0.0.0] (family 0, port 8888)
Connection from [192.168.0.4] port 8888 [tcp/*] accepted (family 2, sport 43245)
GET http://209.85.148.147/ HTTP/1.1
Host: 209.85.148.147
Connection: close
User-Agent: user_agent
Accept-Encoding: *
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7
Cache-Control: no
Accept-Language: de,en;q=0.7,en-us;q=0.3
```

After the patch, requests timeout after 10 seconds:
```
msf auxiliary(open_proxy) > run
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-06-28 15:18:11 -05:00
HD Moore 3e1ac3fee1 This module was broken due to a hardcoded IP address for google.com 2014-06-28 15:14:29 -05:00
David Maloney 9cec330f05
Merge branch 'master' into staging/electro-release 2014-06-26 10:22:30 -05:00
James Lee 48e93b7fc2
Merge branch 'feature/MSP-9715/linux_hashcracker' into staging/electro-release 2014-06-25 16:15:44 -05:00
David Maloney 34c57f51b1 Merge branch 'staging/electro-release' of github.com:rapid7/metasploit-framework-private into staging/electro-release 2014-06-25 15:02:35 -05:00
David Maloney ac61a8fe4f
deprecate jtr_unshadow 2014-06-25 15:01:35 -05:00
James Lee 75be200b97
Merge branch 'feature/MSP-9714/jtr_aix' into staging/electro-release 2014-06-25 14:34:41 -05:00
James Lee 70fd3344fd
Merge branch 'feature/MSP-9713/jtr_crack_fast' into staging/electro-release 2014-06-25 14:15:50 -05:00
David Maloney 61d8597a00
missing require 2014-06-25 10:13:41 -05:00
David Maloney 5b0a356045
properly strip extra colons 2014-06-25 10:04:48 -05:00
James Lee 4e0bcc123d
More useful msg when domain is ignored 2014-06-25 10:01:07 -05:00
James Lee f225ac92ab
Refactor smb_login
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
David Maloney 560fc93834
jtr_aix refactor
updated the aix cracker for jtr
2014-06-24 15:34:28 -05:00
James Lee 85611702f9 Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor 2014-06-23 23:58:47 -05:00
Jon Hart b9925bb24c Minor option cleanup 2014-06-23 18:38:47 -07:00
HD Moore 002234993f
SMB lib fixes, unattend.xml cred gathering 2014-06-23 20:08:42 -05:00
Meatballs 615aeb66a5
Dont use or 2014-06-23 23:11:04 +01:00
Meatballs 752007848b
Tidy up code
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
2014-06-23 23:08:33 +01:00
David Maloney 6651af2d9b
refactor jtr_linux cracker 2014-06-23 16:27:28 -05:00
HD Moore 2772d84a18 Major rework of this module, please see the diff 2014-06-23 16:13:42 -05:00
David Maloney 57c4ed51e9
fix mssql incremental modes 2014-06-23 15:37:37 -05:00
David Maloney 1cbc324774
fix up incremental modes
those incrmenetal rules don't exist
in all versions. All and Alnum are too long
for a 'fast-mode' crack. We wwill do Digits though
which does all digits 0-8 and gets us blank passwords
for free.
2014-06-23 15:36:17 -05:00
David Maloney 520c82d7fc
deal with blank password in ntlm 2014-06-23 15:32:50 -05:00
David Maloney c5f2efda18
fixed up casing 2014-06-23 15:26:12 -05:00
David Maloney b246e66eb8
successfully cracking ntlm hashes
still need to handle casing for lm
2014-06-23 14:40:32 -05:00
Jon Hart 050091d0dd Fuzz all 255 possible mode 7 request codes 2014-06-23 11:38:30 -07:00
David Maloney 57cc390681
fix how we save mssql hashes
since the 0x prefix is neccisary, just save the hash that way in the first place
2014-06-23 12:38:36 -05:00
David Maloney c61f59d8a9
make sure to report the realm 2014-06-23 12:08:49 -05:00
David Maloney dadd959c6a
refactor postgres hash cracking
refactored postgres_hashdump to report the creds
it logged in with. added a new jtr module for
dealing with postgres hashes instead of the
crappy old md5 one we had before
2014-06-23 12:02:39 -05:00
William Vu a0aca251f5
Land #3472, releae fixes 2014-06-23 11:41:35 -05:00
Tod Beardsley 0219c4974a
Release fixups, word choice, refs, etc. 2014-06-23 11:17:00 -05:00
William Vu 40d1ec551e
Add WEP, PSK, and MGT 2014-06-21 23:15:20 -05:00
Spencer McIntyre 61f4c769eb
Land #3461, Chromecast factory reset module 2014-06-21 17:43:31 -04:00
William Vu 79bf80e6bf
Add generic error handling
Just in case a factory reset happens to fail.
2014-06-21 15:35:03 -05:00
jvazquez-r7 469fae7058
Land #3465, @hmoore-r7's module for SMC IPMI Port 49152 file exposure vulnerability 2014-06-20 17:22:28 -05:00
jvazquez-r7 252d917bbb Fix msftidy and favor && over and 2014-06-20 17:21:10 -05:00
David Maloney 8cfba5770a
missing require 2014-06-20 15:22:37 -05:00
David Maloney d80f4d9e67
refactor jtr_mysql_fast and mysql_hashdump
have mysql_hashdump report the cred it logged in with
refactor jtr_mysql to use the new jtr cracker
2014-06-20 15:21:35 -05:00
James Lee 669779defb
SMB cred creation refactor 2014-06-20 15:17:40 -05:00
James Lee 35c0ef0c68
Merge branch 'feature/MSP-9716/mssql_crack' into staging/electro-release 2014-06-20 12:39:07 -05:00
David Maloney a929a55404
fix show command parsing
this ius better than a regex and handles special charachters
in usernames and passwords far better than the previous way
2014-06-20 10:48:42 -05:00
David Maloney 93da4dc561
account for mssql12 format
mssql2012 and later uses a new format. some versions
of john support this and some do not yet
2014-06-19 16:11:14 -05:00
David Maloney 4453dcdc8e
some minor fixes 2014-06-19 15:45:24 -05:00
HD Moore fa5fc724eb Fix the disclosure date 2014-06-19 15:36:17 -05:00
HD Moore f7fd17106a Add the final cari.net URL 2014-06-19 15:33:06 -05:00
David Maloney aca532b994
making egypt happy
it's a full time job
2014-06-19 15:07:33 -05:00
James Lee 9421beedb3
Refactor http_login 2014-06-19 14:12:21 -05:00
Jon Hart 6f03f6657f Support only fuzzing specific mode 6 operations 2014-06-19 11:10:11 -07:00
David Maloney 0ff8708e6d
some minor fixes 2014-06-19 13:08:43 -05:00
David Maloney 53352924d2
Merge branch 'staging/electro-release' into feature/MSP-9716/mssql_crack
Conflicts:
	Gemfile
2014-06-19 12:45:53 -05:00
David Maloney 20f7cde9cc
add incremental and single modes
make sure we run single mode and incremnetal modes
during our runs through these hashes.
2014-06-19 12:38:01 -05:00
David Maloney bb120fd1e2
report access level on mssql_hashdump
if we know we have admin access on mssql hashdumop
we should report that on the Login object.
2014-06-19 12:20:42 -05:00
David Maloney d3c77b345c
report cracked credentials
also makes mssql_hashdump report the credentials it logged in with
2014-06-19 12:16:49 -05:00
David Maloney 62f4054858
startring refactor on jtr_mssql
started work on the mssql hash cracker
fixed some minor bugs with the underlying mixin
crackers now runs. still have to have the cred objects created
2014-06-18 14:50:08 -05:00
dmaloney-r7 190923e9a7 Merge pull request #79 from rapid7/feature/MSP-9699/axis2-refactor
Refactor axis_login
2014-06-18 11:43:23 -05:00
David Maloney 4c3cc793ba
fix missing .present? 2014-06-18 10:52:27 -05:00
David Maloney 58b016202b
Merge branch 'staging/electro-release' into feature/MSP-9709/ssh-pubkey 2014-06-18 10:50:29 -05:00
David Maloney 2b0bb608b1
Merge branch 'master' into staging/electro-release 2014-06-18 10:49:58 -05:00
William Vu 075eec39e1
Add Chromecast factory reset module 2014-06-18 10:04:17 -05:00
Spencer McIntyre c685e0d06e
Land #3444, chromecast wifi enumeration 2014-06-17 22:09:58 -04:00
James Lee 5f176a56cb
Fix typo 2014-06-17 17:16:46 -05:00
James Lee d114dd1da2
Fix bugs. :fail != :failed 2014-06-17 17:12:50 -05:00
James Lee d6de0da5a7
Refactor axis_login 2014-06-17 17:07:53 -05:00
William Vu 1394ad1431
Break my double quote habit
Doesn't it feel better? C doesn't love me anymore.
2014-06-17 14:22:55 -05:00
Christian Mehlmauer 8e1949f3c8
Added newline at EOF 2014-06-17 21:03:18 +02:00
William Vu 8376b4aa2b
Map constants to readable values
Thanks, @zeroSteiner and @kernelsmith. :)
2014-06-17 13:10:08 -05:00
James Lee 6237d56398
Refactor ssh_login_pubkey
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
   where the ssh_socket accessor was not being set because of a
   shadowing local var
 * Fix a bug in the db command dispatcher where an extra column was
   added to the table, causing an unhandled exception when running the
   creds command
 * Add a big, ugly, untested class for imitating
   Metasploit::Framework::CredentialCollection for ssh keys. This class
   continues the current behavoir of silently ignoring files that are a)
   encrypted or b) not private keys.
 * Remove unnecessary proof gathering in the module (it's already
   handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
j0hnf 1a82a20c09 re-added incorrectly removed SMBSHARE option 2014-06-16 20:10:11 +01:00
Jon Hart 8fa81de3bb Fuzz mode 7 more correctly. Cleanup.
Provide empty 188-byte payload for mode 7 messages, otherwise nothing
seems to response.  Provide more useful defaults for versions/modes.
Allow control over what mode 7 stuff is fuzzed.
2014-06-16 11:56:27 -07:00
Jon Hart 0352a5305c When fuzzing mode 6 (control) and 7 (private) messages, print out each version tested since these tend to take a long time 2014-06-16 10:31:08 -07:00
Jon Hart 28bf9f8d50 Correct order of mixins so RHOSTS works properly 2014-06-16 10:02:27 -07:00
Jon Hart 9e5281d0c6 Mixin Msf::Auxiliary::Scanner, switch to run_host to fix DNS lookup issues 2014-06-16 09:58:20 -07:00
Tod Beardsley 2aa26fa290
Minor spacing and word choice fixups 2014-06-16 11:40:21 -05:00
Jon Hart c7c0528e44 Fuzz NTP private messages too 2014-06-15 20:23:33 -07:00
scriptjunkie 5fe8814af6
Land #3330 adding admin check to smb_login 2014-06-15 14:42:26 -05:00
Samuel Huckins fa8c9bc4f3 Merge pull request #75 from rapid7/feature/MSP-9692/afp_login
MSP-9692 #land
2014-06-13 10:51:26 -05:00
Samuel Huckins f452652f54 Merge pull request #61 from rapid7/feature/MSP-9708/ssh-bruteforce
Functional steps updated and passing, along with specs. Proof being maintained seemed off, but it's not persisted, just used for setting platform.

MSP-9708 #land
2014-06-12 18:37:44 -05:00
Samuel Huckins d215b8e5b2 Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
45 merged, steps passing.

MSP-9712 #land
2014-06-12 16:04:17 -05:00
Samuel Huckins 52d63f51bb Merge pull request #50 from rapid7/feature/MSP-9705/postgres_login
Verily verified.

MSP-9705 #land
2014-06-12 15:49:39 -05:00
David Maloney 539f30e720
refactor afp_login 2014-06-12 14:16:05 -05:00
Tod Beardsley 1ab379a0fe
Land #3448, ident =! indent 2014-06-12 14:15:06 -05:00
Tod Beardsley e9783200f2
Land #3447, fix variable typo 2014-06-12 14:07:34 -05:00
David Maloney 96e492f572
Merge branch 'master' into staging/electro-release 2014-06-12 14:02:27 -05:00
William Vu cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key) 2014-06-12 13:41:44 -05:00
Jon Cave a647246148 Use correct variable name 2014-06-12 19:38:41 +01:00
William Vu 62a4991508
Land #3446, some code cleanup from @todb-r7 2014-06-12 13:35:36 -05:00
Tod Beardsley 3f5e50d18f
Aux modules don't have ranking.
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
2014-06-12 13:21:59 -05:00
Tod Beardsley 1aa029dbed
Avoid double quotes in the initialize/elewhere
There is no need to have double quotes there for uninterpolated strings,
and every other module uses single quotes.
2014-06-12 13:20:59 -05:00
Samuel Huckins fe33444858 Merge pull request #58 from rapid7/feature/MSP-9693/db2_auth
Errors resolved, cred created

MSP-9693 #land
2014-06-12 12:49:54 -05:00
jvazquez-r7 e85f829ee4 modules living inside scanner should include the Scanner mixin 2014-06-12 12:20:44 -05:00
HD Moore fa4e835804 Fix up scanner mixin usage, actual test/bug fix 2014-06-12 11:52:34 -05:00
Samuel Huckins 430b3d181e Merge pull request #67 from rapid7/feature/MSP-9695/ftp_login
Access level string clarified, specs passing, valid looking cores with proper info

MSP-9695 #land
2014-06-12 11:33:18 -05:00
Samuel Huckins 71a4f1ab33
Clarified RW access level
MSP-9695
2014-06-12 11:32:20 -05:00
jvazquez-r7 67d4097e1d
Land #3271, @claudijd's Cisco ASA SSL VPN Bruteforce Aux Module 2014-06-12 11:27:23 -05:00
HD Moore 487bf219f0 Rename to match the title 2014-06-12 11:23:34 -05:00
jvazquez-r7 7650067b41 Fix metadata 2014-06-12 11:22:52 -05:00
jvazquez-r7 e76c85c5d1 Fix usage of print_* 2014-06-12 11:13:45 -05:00
David Maloney e4ff07dfa8
Merge branch 'staging/electro-release' into feature/MSP-9693/db2_auth 2014-06-12 10:52:06 -05:00
David Maloney 88f8b585a3
Merge branch 'staging/electro-release' into feature/MSP-9705/postgres_login
Conflicts:
	Gemfile
	Gemfile.lock
2014-06-12 10:47:02 -05:00
Samuel Huckins a5d88fd2ab
Space in arg list, because I don't hate feedom. 2014-06-12 10:29:14 -05:00
joev 6bc37cca0c
Land #3430, @brandonprry's generic MongoDB injection enum. 2014-06-11 21:41:23 -05:00
William Vu 23f7fe45ed
Add Chromecast wifi enumeration module 2014-06-11 21:00:47 -05:00
David Maloney c074ebda7b
refactor telnet_login 2014-06-11 17:46:42 -05:00
dmaloney-r7 85bee6ea12 Update ftp_login.rb 2014-06-11 17:29:23 -05:00
Brandon Perry cca91dd7c5 Update mongodb_js_inject_collection_enum.rb
some @jvennix-r7 fixes
2014-06-11 17:07:57 -05:00
David Maloney 83a2dc250d
make ftp guest attempts optional 2014-06-11 16:37:59 -05:00
James Lee c8e1fab6ec
Merge branch 'staging/electro-release' into feature/MSP-9708/ssh-bruteforce
Conflicts:
	lib/metasploit/framework/credential.rb
2014-06-11 16:28:01 -05:00
James Lee b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
Conflicts:
	lib/metasploit/framework/credential_collection.rb
	spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
David Maloney 1164cf5363
refactor ftp_login
uses new cred goodness
2014-06-11 16:21:55 -05:00
Jon Hart 7ce9114a1e Initial commit of an NTP fuzzer 2014-06-11 13:46:08 -07:00
Trevor Rosen 87a9ee9a69 Merge pull request #59 from rapid7/feature/MSP-9697/tomcat_login
Feature/msp 9697/tomcat login

MSP-9697 #land
2014-06-11 15:35:09 -05:00
HD Moore 81019ed850 Supermicro work 2014-06-11 15:03:54 -05:00
Trevor Rosen 6c0d668f0a Merge pull request #55 from rapid7/feature/MSP-9701/msssql_login
Feature/msp 9701/msssql login

MSP-9701 #land
2014-06-11 13:48:59 -05:00
Samuel Huckins 84aa0d42ed Merge pull request #57 from rapid7/bug/MSP-10004/rubyzip
Trevor added a 0.4.1 tag right before this PR landed, making this unmergable. Pulled in staging/electro-release, specs passing.
2014-06-11 13:48:03 -05:00
Samuel Huckins 1903542683
Merge branch 'staging/electro-release' into bug/MSP-10004/rubyzip
Conflicts:
	Gemfile
	Gemfile.lock
2014-06-11 13:42:26 -05:00
Trevor Rosen e8752f9c56 Point to correct creds version 2014-06-11 13:38:35 -05:00
Trevor Rosen 651871bd7a Resolve upstream conflict 2014-06-11 13:34:45 -05:00
David Maloney 9593422f9c
Merge branch 'master' into staging/electro-release 2014-06-11 10:23:56 -05:00
William Vu 6ca5cf6c26
Add Chromecast YouTube remote control 2014-06-11 00:08:08 -05:00
James Lee fb8c1f4c4b
Refactor ssh_login to use LoginScanner stuffs
Also, Metasploit::Credential::Creation stuffs.
2014-06-10 17:30:06 -05:00
David Maloney c06fd21fb1
refactor tomcat_mgr_login
uses the new Metasploit::Credential magic now
2014-06-10 15:59:00 -05:00
David Maloney 693c4aae66
make sure we capture realms
need to account for the possability of
realms in mssql_login
2014-06-10 14:41:45 -05:00
Luke Imhoff b05e7fb9ac
Fix require
MSP-10004

Change 'zip/zip' to 'zip' to match >= 1.0.0 rubyzip API.
2014-06-10 13:58:07 -05:00
David Maloney 74d376e387
refactor db2_auth module
you know what it is
2014-06-10 13:43:07 -05:00
Luke Imhoff 4d923a4809
Update to Rubyzip 1.X API
MSP-10004

`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
Tod Beardsley 44540e6d00
Land #3437, CSS Injection MITM scanner 2014-06-10 13:36:35 -05:00
jvazquez-r7 4aa1fee398 Land #3326, @FireFart's Heartbleed - server response parsing 2014-06-10 13:27:28 -05:00
David Maloney 0c89d6cdce
refactor mssql_login
now uses all the Metasploit::Credential goodness
2014-06-10 11:49:08 -05:00
David Maloney 15ceb1e826
put calls in right place it helps 2014-06-10 11:17:19 -05:00
David Maloney 63ec83ea90
missing public
missing the public in the invalidate_login call
now fixed
2014-06-10 11:12:17 -05:00
David Maloney 6362eac0b0
add invalidate_login call 2014-06-10 11:11:22 -05:00
David Maloney e9d9806408
invalidate_login
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
David Maloney dc590008a7
add invalidate_login call
add the new invalidate login call to make sure
we update the status on failed logins appropriately
2014-06-10 10:58:27 -05:00
Tod Beardsley 521284253f
Be more clear about the vuln and impact 2014-06-10 10:29:23 -05:00
jvazquez-r7 9b55f5143a Add module for CVE-2014-0224 2014-06-09 17:38:11 -05:00
James Lee e629fdb47d
Report the realm, too
derp
2014-06-09 17:06:56 -05:00
David Maloney 32f87b985c
refactor mysql_login
refactor mysql_login to use the new
Metasploit::Credential apradigm
2014-06-09 14:20:58 -05:00
David Maloney 61fd962331
refactor vnc_login
refactor for new credential usage
2014-06-09 13:55:24 -05:00
Tod Beardsley 4103f2295b
Missing comma 2014-06-09 13:44:46 -05:00
Tod Beardsley 0e14d77dba
Minor fixup on DTLS module 2014-06-09 13:42:30 -05:00
jvazquez-r7 0e611b5d64
Land #3429, @jhart-r7's auxiliary module for CVE-2014-0195 2014-06-09 13:34:38 -05:00
jvazquez-r7 ed5d83a41b Add vulnerability discoverer 2014-06-09 13:25:33 -05:00
jvazquez-r7 daf662b3c0 Do minor cleanup 2014-06-09 13:23:56 -05:00
David Maloney a4e96d8f59
Merge branch 'master' into staging/electro-release 2014-06-09 13:07:22 -05:00
David Maloney f8f5691eee
refactor postgres_login module
postgres_login now uses all the new components
such as Metasploit::Credential and the LoginScanner
class
2014-06-09 12:59:05 -05:00
jvazquez-r7 1f33566033
Land #3432, @Meatballs1 sap_soap_rfc_brute_login's clean up 2014-06-09 11:39:52 -05:00
jvazquez-r7 b39b41e29f
Land #3371, @Meatballs1 fix for sap_mgmt_con_getprocessparameter 2014-06-09 11:25:01 -05:00
Jon Hart 06e45e8253 Clean up TLS fragment building 2014-06-09 08:39:30 -07:00
David Maloney 482aa2ea08
Merge branch 'master' into staging/electro-release 2014-06-09 10:27:22 -05:00
Christian Mehlmauer 099003708c
Land #3422, SAP Bruterforcer datastore cleanup 2014-06-08 08:42:27 +02:00
Brandon Perry 4367e8ef0c Update mongodb_js_inject_collection_enum.rb
Fix some logic bugs that caused incorrect results.
2014-06-07 21:03:28 -05:00
Brandon Perry dc89621d5c Update mongodb_js_inject_collection_enum.rb
No need to make extra requests. Off by one.
2014-06-07 20:09:00 -05:00
Brandon Perry 2663af986b Update mongodb_js_inject_collection_enum.rb
This adds a bit more error handling, and better decision making in regards to false responses.
2014-06-07 19:58:12 -05:00
Jon Hart a7a1a2bf3b Move dtls_fragment_overflow.rb under ssl where it belongs 2014-06-07 12:56:34 -07:00
Brandon Perry 4071fb332b Create mongodb_js_inject_collection_enum.rb
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7

https://gist.github.com/brandonprry/c2de8ac2be825007c4de
2014-06-07 11:20:34 -05:00
Jon Hart 8637a1fff1 OpenSSL DTLS CVE-2014-0195 POC 2014-06-06 19:24:47 -07:00
Meatballs fe20e6e1c4
Merge remote-tracking branch 'upstream/master' into soap_brute_fix
Conflicts:
	modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
2014-06-07 02:44:16 +01:00
Meatballs 8624ddfc3e
Clean up SAP SOAP RFC Brute Login
Honour the user supplied settings
Abort a host on connection error
Check a 200 response for some appropriate data
Let datastore validation handle things like options being present
Be more verbose if needed
Use the HTTPClient more appropriately
2014-06-07 02:34:49 +01:00
Meatballs b997c2ac1f
Further tidies 2014-06-07 02:00:35 +01:00
dmaloney-r7 ff8e6d2c50 Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
James Lee 2ee408e9db
Refactor winrm_login with Credentials 2014-06-05 14:26:29 -05:00
James Lee 8b6e188ba8
Add support for realm in CredentialCollection
MSP-9988
2014-06-04 17:03:52 -05:00
David Maloney 4960503a59
fix jtr_format
use raw-md5 as that sort of works
2014-06-04 14:10:28 -05:00
David Maloney 30c35907bf
refactor psotgres_hashdump
refactor psotgres_hashdump to now save
hashes as Metasploit::Credential objects
2014-06-04 12:21:49 -05:00
David Maloney d1f7f93e4b
refactor mysql_hashdump
mysql_hashdump now uses Metasploit::Credential to
save hashes.
2014-06-04 11:59:47 -05:00
David Maloney 201e6e9866
Merge branch 'feature/MSP-9750/MSSQL_hashdump' into feature/MSP-9751/mysql_hashdump 2014-06-04 11:58:58 -05:00
David Maloney 28bf29980e
Merge branch 'master' into staging/electro-release 2014-06-04 10:21:08 -05:00
David Maloney d3949b3d6c
refactor mssql_hashdump
refactor mssql_hashdump to use Metasploit:Credential
2014-06-03 15:02:59 -05:00