infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
35,166 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

691 Commits (9f9bbce034595414c1fe98c616ff650e4c467a05)

Author SHA1 Message Date
jvazquez-r7 5c3134a616
Add first support to gather information from RMI registries 2015-03-19 11:16:04 -05:00
OJ e943cb550f
Land #4585 : CVE-2015-0975 XXE in OpenNMS 2015-03-18 22:34:52 +10:00
OJ d1a2f58303 Fix of regex for file capture and format tweaks 2015-03-18 22:17:44 +10:00
OJ fa7242388b Move the module to the correct location 2015-03-18 18:18:54 +10:00
dnkolegov dd751a3371 Add ssl/tls support, change default parameters 2015-03-17 02:23:13 -04:00
sinn3r 0d36115112 Update MS15-018 MSB reference 2015-03-12 10:13:37 -05:00
Tod Beardsley df80d56fda
Land #4898, prefer URI to open-uri 2015-03-09 09:14:10 -05:00
joev ccd0712d43 Use ===, doh. 2015-03-06 12:29:34 -06:00
joev fefd4e271a Don't hardcode the hex. 2015-03-06 12:16:03 -06:00
joev 3fb4fbe8e6 Add 'not allowed' check instead of magic check. 2015-03-06 00:01:31 -06:00
joev 7db3277731 Actually hide the iframe. 2015-03-05 23:52:29 -06:00
joev d7295959ca Remove open-uri usage in msf. 2015-03-05 23:45:28 -06:00
joev 3c5d7b3ef0 Okay, putting source code in a quoted string is horrible. 2015-03-05 23:25:37 -06:00
sinn3r 5f3ed83922
Land #4836, Solarwinds Core Orion Service SQL injection 2015-03-02 11:44:26 -06:00
Brandon Perry f8e3874203 add nil check 2015-02-28 20:43:19 -06:00
Brandon Perry ceb92cdf5e update login method 2015-02-26 07:33:51 -06:00
joev c4b85603d2 Fix encoding, oops. 2015-02-25 22:56:33 -06:00
joev d486d17302 Add reference to 2014 fix. 2015-02-25 21:04:01 -06:00
joev a410d2ec25 Add android 4.3 stock browser cookie/password theft. 2015-02-25 21:02:15 -06:00
Tod Beardsley 6feae9524b
Fix up funny indent on description 
[See #4770]
 2015-02-24 12:25:48 -06:00
Brandon Perry 1134b0a6fa fix dataastore to datastore 2015-02-24 10:34:33 -06:00
Brandon Perry c9439addf8 fix url 2015-02-23 16:50:58 -06:00
Brandon Perry 3d82c7755b add solarwinds module 2015-02-22 15:35:42 -06:00
Christian Mehlmauer c820431879
Land #4770, Wordpress Ultimate CSV Importer user extract module 2015-02-22 08:52:45 +01:00
rastating f9dbff8a6c Add store path output 2015-02-21 23:41:26 +00:00
William Vu c9ddd0dac9
Land #4795, f5_bigip_cookie_disclosure update 2015-02-20 13:11:42 -06:00
William Vu b676f5a07e Clean up #4795 2015-02-20 13:10:31 -06:00
dnkolegov f6c871a8e5 Deleted spaces at EOL 2015-02-19 05:06:00 -05:00
dnkolegov caabb82975 Fixed indentation errors 2015-02-19 05:02:10 -05:00
dnkolegov 2a584da6d9 Added cookie value in print function 2015-02-19 00:43:57 -05:00
rastating e0d87a8886 Update to use store_loot for CSV export 2015-02-17 19:21:31 +00:00
Nikita Oleksov 19cd00e6d5 Fix cookit name split 2015-02-16 23:53:32 +07:00
dnkolegov a44e858bd7 Fixed minor errors in F5 BigIP cookie disclosure module 2015-02-16 01:31:52 -05:00
rastating 73bac94fa8 Add Ultimate CSV Importer extract module 2015-02-15 15:27:27 +00:00
jvazquez-r7 0372b08d83 Fix mixin usage on modules 2015-02-13 17:17:59 -06:00
sinn3r fd441d2c5e Fix #4764, NameError unitialized constant Net::DNS in shodan_search 2015-02-13 14:40:23 -06:00
dnkolegov 19144e143a Fixed some errors in F5 BigIP cookie disclosure module 2015-02-13 03:29:23 -05:00
sinn3r 29163db7fc Add CVE reference for ie_uxss_injection 2015-02-12 17:16:59 -06:00
Tod Beardsley f8c81e601c
Land #4710 for real. 
This isn't a proper merge commit. Will need to figure out what I did to
wang up the last landing -- I'm guessing I didn't fetch enough first.

This should fix #4710.
 2015-02-05 17:18:51 -06:00
Tod Beardsley 0a587c9f5a
Land #4710, really 
Looks like my publish script ended up rebasing wchen-r7/aux_ie_uxss and
didn't catch the file rename correctly.

Conflicts:
	modules/auxiliary/gather/ie_uxss_injection.rb
 2015-02-05 17:13:53 -06:00
sinn3r 79e0ddadf6 Rename file again 2015-02-05 17:09:11 -06:00
sinn3r 97aa9f9dd2 Credit @joevennix 2015-02-05 17:09:11 -06:00
sinn3r 7585c625fa Another update 
Thanks @joevennix
 2015-02-05 17:09:11 -06:00
sinn3r 12aadb3132 Another update 2015-02-05 17:09:10 -06:00
sinn3r 17f2d8048d Another update 2015-02-05 17:09:10 -06:00
sinn3r 01252078ea Use store_loot to store coookie 2015-02-05 17:09:10 -06:00
sinn3r 6fd38307e7 An update 2015-02-05 17:09:10 -06:00
sinn3r 727fc51c0b Don't need this line 2015-02-05 17:09:10 -06:00
sinn3r 4924749b96 Try to make the filename more self explanatory 2015-02-05 17:09:09 -06:00
sinn3r 26af10c3b6 Change public ip option name and store cookie to db 2015-02-05 17:09:09 -06:00
sinn3r bfa7b61663 Final 2015-02-05 17:09:09 -06:00
sinn3r b90515ae5d IE UXSS 2015-02-05 17:09:09 -06:00
sinn3r d16cc843b2 Correct disclosure date 2015-02-05 15:00:13 -06:00
sinn3r 0955e14dad Final, really, I think 2015-02-05 14:59:24 -06:00
sinn3r 578423501a Another update 2015-02-05 13:08:33 -06:00
sinn3r 562063c4d5 Rename file again 2015-02-05 12:26:17 -06:00
sinn3r 80ebde4fe1 Credit @joevennix 2015-02-05 12:25:38 -06:00
sinn3r 27b8d1057f Another update 
Thanks @joevennix
 2015-02-05 12:23:32 -06:00
sinn3r 988b54f594 Another update 2015-02-05 12:01:19 -06:00
sinn3r 53134aeb17 Another update 2015-02-05 11:46:38 -06:00
sinn3r 871c8aa8d0 Use store_loot to store coookie 2015-02-05 11:36:35 -06:00
sinn3r dbe99014f2 An update 2015-02-05 11:29:52 -06:00
sinn3r 08d796c5e3 Don't need this line 2015-02-05 10:53:29 -06:00
sinn3r d6fe077f79 Try to make the filename more self explanatory 2015-02-05 09:53:38 -06:00
sinn3r ed6ee27896 Change public ip option name and store cookie to db 2015-02-05 09:48:45 -06:00
sinn3r 75c697c4dc Final 2015-02-05 04:36:44 -06:00
sinn3r 1ccfb6cb43 IE UXSS 2015-02-05 03:03:28 -06:00
William Vu 46210a4963
Fix punctuation 2015-01-26 12:05:54 -06:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
jvazquez-r7 c6901caf39 Change module location 2015-01-24 10:14:46 -06:00
Jon Hart e46395f592
Land #4596, @pdeardorff-r7's memcached extractor 2015-01-22 08:00:19 -08:00
Jon Hart 1cdcd3ccfa
Use a more consistent format in Rex table and loot for memcache 2015-01-22 07:59:48 -08:00
pdeardorff-r7 0d4d06fb83 Print table for all scans, add preview size option 2015-01-20 11:12:47 -08:00
Jon Hart f1bf607386
Minor Ruby style cleanup 2015-01-20 08:47:47 -08:00
Jon Hart ef89a3d323
Add protocol reference 2015-01-20 08:34:08 -08:00
Jon Hart 9c97824d5c
Move MAXKEYS to advanced 2015-01-20 08:28:49 -08:00
Jon Hart 9d430eb1d5
Use the simpler 'version' command to get the version 2015-01-20 08:16:22 -08:00
Jon Hart 6588f92206
Move rex connection errors to vprint since this is a Scanner 2015-01-20 08:11:09 -08:00
Jon Hart 10100df054
report_service 2015-01-20 08:09:35 -08:00
Jon Hart b0bbce1190
Include peer in most prints 2015-01-20 08:00:02 -08:00
William Vu 84ecde30d1
Land #4586, mcafee_epo_xxe aux module 2015-01-18 00:50:10 -06:00
William Vu 57ca285f8a
Fix msftidy warnings 2015-01-18 00:49:52 -06:00
pdeardorff-r7 db3185231a add maxkeys option, dont store loot if localhost and improve streaming 2015-01-17 09:25:32 -08:00
pdeardorff-r7 f1bcbb7d78 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-16 09:57:17 -08:00
Brent Cook 7ef721bdd6 Might as well format the url all at once. 2015-01-16 09:01:25 -06:00
Brandon Perry 1929f36050 Update mcafee_epo_xxe.rb 2015-01-15 16:50:14 -06:00
Joe Vennix 8c3d4c8d07
Spelling tweak. 2015-01-15 15:19:46 -06:00
Joe Vennix 35c9a13199 Handle the usage of // (same-scheme) URLs. 2015-01-15 15:09:50 -06:00
pdeardorff-r7 507050b316 rescue from down memcached server or timeout 2015-01-15 09:51:42 -08:00
pdeardorff-r7 0e893cd772 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-15 09:40:21 -08:00
pdeardorff-r7 4d2ad8865f remove debug line 2015-01-15 09:37:51 -08:00
pdeardorff-r7 154eb7956c fix storing of loot and support localhost session 2015-01-15 09:36:15 -08:00
Brandon Perry 4e4ca15422 Update mcafee_epo_xxe.rb 2015-01-15 11:02:11 -06:00
Brandon Perry e53522b64b Update mcafee_epo_xxe.rb 2015-01-15 10:28:52 -06:00
Brandon Perry 86d5358299 Update mcafee_epo_xxe.rb 2015-01-15 09:56:02 -06:00
Brandon Perry 53e1304afb Update mcafee_epo_xxe.rb 2015-01-14 18:19:27 -06:00
Brandon Perry 1ed07bac32 Update mcafee_epo_xxe.rb 2015-01-14 11:01:14 -06:00
Brandon Perry 794bb65817 Create mcafee_epo_xxe.rb 2015-01-14 10:54:58 -06:00
pdeardorff-r7 99cf668441 add memcached extractor module 2015-01-12 16:40:06 -08:00
sinn3r 4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module 2015-01-05 10:31:28 -06:00
Tod Beardsley 264d3f9faa
Minor grammar fixes on modules 2014-12-31 11:45:14 -06:00
Tod Beardsley d10222365b
Add Rafay's blog as a reference 2014-12-29 08:12:19 -06:00
Tod Beardsley 1236684954
Use get_uri instead, note lack of Rex::Text method 
See rapid7#4461
 2014-12-28 15:06:34 -06:00
Tod Beardsley 788e315fd4
Fix msftidy warnings 2014-12-28 14:53:29 -06:00
Joe Vennix 8d73794cc8
Add hint for exploit on old devices. 2014-12-23 12:29:08 -06:00
Joe Vennix e45af903d9
Add patch discovery date. 2014-12-19 12:04:41 -06:00
Joe Vennix 25313b1712
Use the hash to pass the script. 2014-12-19 02:30:37 -06:00
Joe Vennix 84ea628284
Add Android cookie theft attack. 2014-12-16 19:12:01 -06:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Deral Heiland 0887127264 Fixed several recommended changes by jvazquez-r7 and jlee-r7 2014-11-30 00:53:24 -05:00
HD Moore 9fe4994492 Chris McNab has been working with MITRE to add these CVEs 
These CVEs are not live yet, but have been confirmed by cve-assign
t
 2014-11-16 18:42:53 -06:00
Jon Hart 57aef9a6f5
Land #4177, @hmoore-r7's fix for #4169 2014-11-13 18:29:57 -08:00
Tod Beardsley dd1920edd6
Minor typos and grammar fixes 2014-11-13 14:48:23 -06:00
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169 
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
 2014-11-11 14:59:41 -06:00
Deral Heiland 5bf8901822 Fixed several recommended changes by jvazquez-r7, Also Correct a XML parsing issue 2014-11-09 02:43:36 -05:00
Pedro Ribeiro e7b448537f Add OSVDB ids 2014-11-08 11:05:34 +00:00
jvazquez-r7 9d6e0664a4 Guess service name and port 2014-11-07 20:56:01 -06:00
jvazquez-r7 a44640c9fc Use single quotes 2014-11-07 20:48:04 -06:00
jvazquez-r7 7c1c08fc19 Use single quotes without interpolation 2014-11-07 20:46:47 -06:00
jvazquez-r7 0373156cce Use unless over if not 2014-11-07 20:42:08 -06:00
jvazquez-r7 f5a920da99 Use || operator 2014-11-07 20:41:44 -06:00
jvazquez-r7 64754a5609 Delete unnecessary begin..end block 2014-11-07 20:38:36 -06:00
jvazquez-r7 0919f74a3d Delete unused variable 2014-11-07 20:37:57 -06:00
jvazquez-r7 22b875d0f3 Reduce code complexity 2014-11-07 20:37:40 -06:00
jvazquez-r7 b1517e6ace Delete unnecessary nil comparision 2014-11-07 20:34:13 -06:00
jvazquez-r7 aa1fec7f02 Use fail_with 2014-11-07 20:33:33 -06:00
jvazquez-r7 d630eac272 Reduce code complexity 2014-11-07 20:32:15 -06:00
jvazquez-r7 cea30b5427 Use built-in format for RPORT 2014-11-07 20:30:32 -06:00
jvazquez-r7 e99cc00a57 No more than 100 columns on description 2014-11-07 20:29:38 -06:00
Pedro Ribeiro c00a3ac9cd Add full disclosure URL 2014-11-07 08:06:21 +00:00
Pedro Ribeiro 8a0249cdbf Address Juan's points 2014-11-06 21:02:28 +00:00
Pedro Ribeiro e71ba1ad4a Push exploit for CVE-2014-6038/39 2014-11-05 20:12:03 +00:00
William Vu ebb8b70472
Land #4015, another Android < 4.4 UXSS module 2014-11-04 15:52:29 -06:00
Tod Beardsley 51b96cb85b
Cosmetic title/desc updates 2014-11-03 13:37:45 -06:00
sinn3r 6f013cdcaf Missed these 2014-10-31 18:48:48 -05:00
sinn3r d6a830eb6e Rescue the correct exception: Rex::HostUnreachable 2014-10-31 16:43:33 -05:00
Joe Vennix 1e9f9ce425
Handle invalid JSON errors and fix typo. 2014-10-31 11:01:49 -05:00
sinn3r 92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor 2014-10-30 13:52:07 -05:00
sinn3r 470a067384 Final changes 2014-10-30 13:51:44 -05:00
sinn3r 02b1c5c4bc Final changes 2014-10-30 13:37:02 -05:00
sinn3r 127d1640da Print password 2014-10-30 13:27:40 -05:00
Deral Heiland a6980b9eb8 Updated to module based feedback from wchen-r7 2014-10-30 12:59:11 -04:00
Joe Vennix 6dc13f90cd
Update descriptions to mention Webview bugginess. 2014-10-30 10:55:56 -05:00
Joe Vennix 0ad9f95806
Remove stray alert() for debugging. 2014-10-30 10:52:06 -05:00
Joe Vennix 88040fbce0
Add another Android < 4.4 UXSS exploit. 2014-10-30 10:34:14 -05:00
Peter Arzamendi 9d56f0298a Changed upper XXX to lower XXX. 2014-10-29 20:09:02 -05:00
Deral Heiland 6c13c14be1 Konica MFP ftp and SMB credential gathering module 2014-10-29 16:12:16 -04:00
Peter Arzamendi b35a8935db Updated get_once for get_once undefined method and EOFError 2014-10-29 13:47:07 -05:00
Peter Arzamendi 2bc8767751 Updated rescue to catch other errors from the socket API 2014-10-29 08:03:28 -05:00
Peter Arzamendi 604cad9fbb Updated timeout to default to 45 seconds to wait for the print job to finish. 2014-10-28 15:45:28 -05:00