Commit Graph

12763 Commits (a86a8fed05eea038e33089dda909cf1b8807f8e8)

Author SHA1 Message Date
Christian Mehlmauer a86a8fed05
Changed heartbleed jabber implementation to match openssl s_client
see here for example implementation:
https://github.com/openssl/openssl/blob/master/apps/s_client.c#L1719
2014-04-09 22:20:32 +02:00
jvazquez-r7 fe066ae944
Land #3207, @7a69 MIPS BE support for Fritz Box's exploit 2014-04-09 23:20:45 -05:00
jvazquez-r7 fdda69d434 Align things 2014-04-09 23:19:41 -05:00
jvazquez-r7 386e2e3d29 Do final / minor cleanup 2014-04-09 23:19:12 -05:00
jvazquez-r7 f398924280
Land @Firefart's new fix for the jabber case 2014-04-09 17:52:53 -05:00
jvazquez-r7 c0e682b518
Land #3225, @wvu-r7's and @hmoore-r7's improvements for openssl_heartbeat_client_memory 2014-04-09 17:39:04 -05:00
jvazquez-r7 ccdc5bd281 Switch to get since @wvu-r7 also tested successfully with get 2014-04-09 17:30:00 -05:00
William Vu b905aece38 Fix job not backgrounding 2014-04-09 17:03:57 -05:00
HD Moore ed247498b6 Make TLS negotiation optional 2014-04-09 17:03:38 -05:00
sinn3r 2de210f1c3
Land #3216 - Update @Meatballs1 and @FireFart in authors.rb 2014-04-09 16:38:10 -05:00
William Vu f56f34fb69
Land #3212, @hmoore-r7's client-side Heartbleed 2014-04-09 15:42:36 -05:00
William Vu 2f9a400efa
vprint_status the other message message 2014-04-09 15:11:02 -05:00
William Vu 84ce72367b
Make the output less verbose 2014-04-09 14:57:51 -05:00
Christian Mehlmauer 856ad7e83d
heartbleed - Better output on wrong jabber domain and add. nil? check 2014-04-09 21:53:17 +02:00
Jeff Jarmoc 7a424784f8 Change default TLS Version to 1.0
Canonical testing shows this to be more widely supported, and yielding far more vulnerable hosts.  Changing default to reflect that.

Experience of others in #metasploit seems similar.
2014-04-09 13:45:00 -05:00
Christian Mehlmauer fec089d88d
Land #3219, openssl_heartbleed XMPP fix from @natronkeltner 2014-04-09 20:42:55 +02:00
Christian Mehlmauer e2b50d3709
fix openssl_heardbleed
-) XMPP Domain now configurable
-) Missing get_once to initiate the TLS connection
2014-04-09 20:39:33 +02:00
jvazquez-r7 5696e52fac Fix jabber to field 2014-04-09 13:48:45 -05:00
jvazquez-r7 28a471e446
Land #3221, @Firefart's fix for pop3 starttls 2014-04-09 13:31:45 -05:00
jvazquez-r7 bea810b5d6 Add jabber fix from @natronkeltner 2014-04-09 13:11:45 -05:00
jvazquez-r7 fdf4776142
Land #3217, @todb-r7's title fix for Hearbleed module 2014-04-09 12:10:13 -05:00
jvazquez-r7 157fb5a905 Make title more searchable 2014-04-09 12:08:35 -05:00
jvazquez-r7 58f4a1c085 Usee loop do instead or while true 2014-04-09 11:48:45 -05:00
sinn3r eb9d3520be
Land #3208 - Sophos Web Protection Appliance Interface Authenticated Exec 2014-04-09 11:30:59 -05:00
Tod Beardsley 76a9381b2a
Make the title of the Heartbleed module searchable
Right now, the title does not actually tie the Heartbeat check to the
Heartbleed attack, so people searching strictly on module title are not
going to get a hit for this module.
2014-04-09 11:03:01 -05:00
jvazquez-r7 bc36b9ebd6 Delete server side PoCs as referecences because don\'t apply here 2014-04-09 10:58:59 -05:00
jvazquez-r7 fd90203120 Change some variable names to make code reading easier 2014-04-09 10:56:50 -05:00
Christian Mehlmauer 899a7c9ea4
heartbleed bugfix for pop3 2014-04-09 17:51:44 +02:00
Tod Beardsley 062175128b
Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
Tod Beardsley 3849d1517f
Restore author credit 2014-04-09 09:42:39 -05:00
jvazquez-r7 e154d175e8 Add @hmoore-r7's heartbeat client side module 2014-04-09 09:38:11 -05:00
jvazquez-r7 8d38087a10 Fix case / when indention 2014-04-09 09:12:55 -05:00
Christian Mehlmauer 0e0fd20f88
Added RFC link 2014-04-09 15:19:29 +02:00
Christian Mehlmauer a0a5b9faa1
Fix heartbleed module
-) incorrect length read
-) Parse TLS errors
2014-04-09 15:08:24 +02:00
Brandon Perry 8428b37e59 move file to .rb ext 2014-04-09 05:17:14 -07:00
jvazquez-r7 a93e22b5c0
Land #3209, @Firefart's heartbleed's module fix 2014-04-09 06:38:06 -05:00
Christian Mehlmauer 9c159f0aa3
Land #3210, typo in openssl_heartbleed 2014-04-09 09:53:06 +02:00
Meatballs ae3ead6ef9
Land #2107 Post Enum Domain Users 2014-04-09 11:32:12 +01:00
julianvilas 4e7c675f3c Fix typo, extraquote in message 2014-04-09 10:22:15 +02:00
Christian Mehlmauer cdfe333572
updated heartbleed module
-) Heartbeat length was added twice
-) Use the current date for the TLS client_hello
2014-04-09 09:19:05 +02:00
joev b4f5784ba2
Land #3147, @m-1-k-3's mipsbe exec payload. 2014-04-08 22:32:21 -05:00
Brandon Perry 82c9b539ac Fix disclosure date, earlier than I thought 2014-04-08 21:43:49 -05:00
Brandon Perry 3013704c75 Create sophos_wpa_iface_exec
This module exploits both bugs in http://www.zerodayinitiative.com/advisories/ZDI-14-069/
2014-04-08 21:21:43 -05:00
William Vu dd69a9e5dd
Land #3206, OpenSSL Heartbleed infoleak 2014-04-08 20:12:00 -05:00
William Vu 5e314f2a7c
Fix outstanding issues 2014-04-08 20:11:28 -05:00
sinn3r f3086085b6
Land #3204 - MS14-017 Microsoft Word RTF Object Confusion 2014-04-08 18:47:53 -05:00
jvazquez-r7 a4e1d866e1 Favor nil? 2014-04-08 18:21:49 -05:00
jvazquez-r7 153e003e23 Do small fixes 2014-04-08 18:21:09 -05:00
jvazquez-r7 39aecb140a Use the datastore option 2014-04-08 16:55:08 -05:00
jvazquez-r7 496dd944e6 Add support for datastore TLSVERSION 2014-04-08 16:51:50 -05:00