sinn3r
f5a935a186
Support check for bailiwicked_host
2014-01-23 15:31:37 -06:00
sinn3r
8d411d2037
Fix bailiwicked_domain to allow support of check()
2014-01-23 15:29:40 -06:00
Tod Beardsley
f5809423a3
Let's spell right in my spellcheck PR
...
Updates #2900
2014-01-21 15:57:59 -06:00
Tod Beardsley
b3b51eb48c
Pre-release fixup
...
* Updated descriptions to be a little more descriptive.
* Updated store_loot calls to inform the user where the
loot is stored.
* Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.
Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
2014-01-21 13:29:08 -06:00
sinn3r
5025736d87
Fix check for modicon_password_recovery
2014-01-19 17:20:20 -06:00
sinn3r
a239e14084
Fix nodejs_popelining check
2014-01-19 17:06:35 -06:00
sinn3r
7080bb336c
Update ColdFusion check
2014-01-19 17:05:03 -06:00
sinn3r
4fdd2c19a1
Update vbulletin check
2014-01-19 16:54:27 -06:00
sinn3r
0a8aa07131
Fix check method
...
This isn't a check, so shouldn't be using the check method
2014-01-19 16:47:15 -06:00
jvazquez-r7
01ab6fd545
Do small fixes
2014-01-17 17:59:03 -06:00
jvazquez-r7
5ec062ea1c
Beautify print message
2014-01-17 17:42:26 -06:00
jvazquez-r7
d96772ead1
Clean multi-threading on ibm_sametime_enumerate_users
2014-01-17 17:38:16 -06:00
jvazquez-r7
bb3d9da0bb
Do first cleaning on ibm_sametime_enumerate_users
2014-01-17 16:33:25 -06:00
jvazquez-r7
584401dc3f
Clean ibm_sametime_room_brute code
2014-01-17 15:57:12 -06:00
jvazquez-r7
4d079d47b8
Enable SSL by default
2014-01-17 15:34:33 -06:00
jvazquez-r7
277711b578
Fix metadata
2014-01-17 15:31:51 -06:00
jvazquez-r7
10fd5304ce
Parse response body just one time
2014-01-17 15:17:25 -06:00
jvazquez-r7
fe64dbde83
Use rhost and rport methods
2014-01-17 14:49:50 -06:00
jvazquez-r7
5e8ab6fb89
Clea ibm_sametime_version
2014-01-17 12:23:11 -06:00
jvazquez-r7
bce321c628
Do response handling a little better, fake test
2014-01-17 11:02:35 -06:00
jvazquez-r7
11d613f1a7
Clean ibm_sametime_webplayer_dos
2014-01-17 10:52:42 -06:00
jvazquez-r7
51b3d164f7
Move the DoS module to the correct location
2014-01-17 09:30:51 -06:00
sinn3r
a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules
2014-01-16 15:57:38 -06:00
William Vu
9bf90b836b
Add environment variables support
2014-01-16 14:53:25 -06:00
William Vu
311704fc0a
Perform final cleanup
2014-01-15 13:49:37 -06:00
kicks4kittens
d0d82fe405
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:53:14 +01:00
kicks4kittens
87648476e1
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:52:45 +01:00
kicks4kittens
55d4ad1b6a
Fixed code issues as requested in PR2801
...
Mostly coding style issues
Re-tested in testbed - output as expected
2014-01-15 13:51:19 +01:00
jvazquez-r7
0b1671f1b8
Undo debugging comment
2014-01-14 17:02:30 -06:00
jvazquez-r7
6372ae6121
Save some parsing
2014-01-14 17:00:00 -06:00
Matt Andreko
2d40f936e3
Added some additional creds that were useful
2014-01-13 23:15:51 -05:00
Matt Andreko
42fb8c48d1
Fixed the credential parsing and made output consistent
...
So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.
The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.
2014-01-13 22:57:25 -05:00
William Vu
7c52f9b496
Update description to use %q{}
2014-01-13 14:42:25 -06:00
William Vu
61b30e8b60
Land #2869 , pre-release title/desc fixes
2014-01-13 14:29:27 -06:00
Tod Beardsley
207e9c413d
Add the test info for sercomm_dump_config
2014-01-13 14:27:03 -06:00
jvazquez-r7
fe6d10ac5d
Land #2852 , @mandreko's scanner for OSVDB 101653
2014-01-13 14:07:07 -06:00
Tod Beardsley
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
jvazquez-r7
8c3a71a2e7
Clean sercomm_backdoor scanner according to feedback
2014-01-13 13:53:47 -06:00
jvazquez-r7
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
jvazquez-r7
4a64c4651e
Land #2822 , @mandreko's aux module for OSVDB 101653
2014-01-09 15:15:37 -06:00
jvazquez-r7
410302d6d1
Fix indentation
2014-01-09 15:14:52 -06:00
Matt Andreko
b1073b3dbb
Code Review Feedback
...
Removed the parameters from get() since it works without them
2014-01-09 15:54:23 -05:00
William Vu
d69b658de0
Land #2848 , @sho-luv's MS08-067 scanner
2014-01-09 14:39:25 -06:00
Matt Andreko
2a0f2acea4
Made fixes from the PR from jvazquez-r7
...
The get_once would *only* return "MMcS", and stop. I
modified it to be a get(3, 3). Additionally, the command
length was set to 0x01 when it needed to be 0x00.
2014-01-09 15:33:04 -05:00
William Vu
fc616c4413
Clean up formatting
2014-01-09 14:16:31 -06:00
Matt Andreko
93668b3286
Code Review Feedback
...
Made it less verbose, converting to vprint_error
2014-01-09 14:53:33 -05:00
jvazquez-r7
be6958c965
Clean sercomm_dump_config
2014-01-09 13:42:11 -06:00
Matt Andreko
e21c97fd4d
Added missing metadata
...
Add credit where due
Add disclosure date and references
2014-01-09 14:33:54 -05:00
Matt Andreko
9456d26467
Added Scanner module for SerComm backdoor
2014-01-09 14:25:28 -05:00
Matt Andreko
01c5585d44
Moved auxiliary module to a more appropriate folder
2014-01-09 10:17:26 -05:00
Matt Andreko
d9e737c3ab
Code Review Feedback
...
Refactored the configuration settings so that creds could be reported to
the database more easily, while still being able to print general
configuration settings separately.
2014-01-09 10:14:34 -05:00
Matt Andreko
81adff2bff
Code Review Feedback
...
Changed datastore['rhost'] to rhost
Made the array storing configuration values into a class const
Moved superfluous array look-over to not be executed unless in verbose
mode
2014-01-09 09:19:13 -05:00
William Vu
7fd4935263
Make the module output prettier
2014-01-09 01:03:01 -06:00
William Vu
27f079ad7c
Move {begin,end}_job from libs to modules
2014-01-09 01:03:01 -06:00
William Vu
131bfcaf41
Refactor away leftover get_rdymsg
2014-01-09 01:03:01 -06:00
William Vu
d3bbe5b5d0
Add filesystem commands and new PoC modules
...
This commit also refactors some of the code.
2014-01-09 01:03:01 -06:00
William Vu
af66310e3a
Address @jlee-r7's comments
2014-01-09 01:03:01 -06:00
William Vu
bab32d15f3
Address @wchen-r7's comments
2014-01-09 01:03:00 -06:00
William Vu
1c889beada
Add Rex::Proto::PJL and PoC modules
2014-01-09 01:03:00 -06:00
sho-luv
a8fcf13972
Added credits and clean initialize
...
Added wvu to creds as he did most of work. ;)
2014-01-08 21:16:09 -05:00
William Vu
8993c74083
Fix even moar outstanding issues
2014-01-08 19:38:54 -06:00
William Vu
1dd29d3b64
Fix moar outstanding issues
2014-01-08 18:11:18 -06:00
William Vu
945a2a296a
Fix outstanding issues
2014-01-08 17:09:41 -06:00
sho-luv
35ac9712ab
Added auxiliary check for MS08_067
...
I simply copied the check from ms08_0867_netapi.rb and put them in
a auxiliary check so I could scan for it. This was done because
Nmap's check is not safe and this is more stable.
2014-01-08 16:41:44 -05:00
Niel Nielsen
1479ef3903
Update typo3_winstaller_default_enc_keys.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:08:10 +01:00
Matt Andreko
c5a3a0b5b7
Cleanup
2014-01-02 20:44:18 -05:00
Matt Andreko
6effdd42fa
Added module to enumerate certain Sercomm devices through backdoor
...
See more: https://github.com/elvanderb/TCP-32764
2014-01-02 20:42:42 -05:00
jvazquez-r7
90158b9932
Land #2791 , @morisson's support to remote dns resolution on sap_router_portscanner
2014-01-02 12:19:50 -06:00
jvazquez-r7
f75782bc2f
Use RHOST, RPORT for the SAPROUTER options
2014-01-02 12:18:54 -06:00
Tod Beardsley
b8e17c2d8e
Don't use Pcap.lookupaddrs any more
2014-01-01 18:50:15 -06:00
jvazquez-r7
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
Tod Beardsley
c34a5f3758
Unacronym the title on Poison Ivy C&C
2013-12-26 10:30:30 -06:00
Tod Beardsley
47765a1c4f
Fix chargen probe title, comment on the CVE
2013-12-26 10:29:11 -06:00
Tod Beardsley
056661e5dd
No at-signs in names please.
2013-12-26 10:26:01 -06:00
jvazquez-r7
b02e21a1d3
Land #2779 , @wchen-r7's mod to raise Msf::OptionValidateError when PORTS is invalid
2013-12-26 09:27:27 -06:00
kicks4kittens
17c0751677
Create ibm_sametime_room_brute.rb
...
init
2013-12-26 13:02:52 +01:00
kicks4kittens
7ba1950424
Create ibm_sametime_enumerate_users.rb
...
init
2013-12-26 13:01:48 +01:00
kicks4kittens
2d6f41d67f
Create ibm_sametime_version.rb
...
init
2013-12-26 13:00:39 +01:00
rbsec
86a94022c0
Fix lotus_domino_hashes not working.
...
Some Lotus Domino servers prefix the "dspHTTPPassword" with a dollar
sign. Updated regex to take this into account.
2013-12-24 11:57:13 +00:00
sinn3r
213556761a
Land #2765 - Added Poison Ivy Command and Control Scanner
2013-12-23 17:36:18 -06:00
sinn3r
0a07bbdf2e
Minor changes
2013-12-23 17:35:42 -06:00
jvazquez-r7
88b3b2c78e
Switch RHOSTS to TARGETS and add validation
2013-12-23 11:58:26 -06:00
Bruno Morisson
94da642f5c
fixed typo: innacurated -> inaccurate
2013-12-21 20:36:43 +00:00
Bruno Morisson
c387a850ca
Fixed default value for RESOLVE (local)
2013-12-21 19:21:57 +00:00
Bruno Morisson
6ce0bab036
Cleanup, also split IP addresses separated by commas.
2013-12-21 00:15:00 +00:00
SeawolfRN
bf2dc97595
Merge branch 'poisonivyscanner' of github.com:SeawolfRN/metasploit-framework into poisonivyscanner
2013-12-20 18:46:35 +00:00
SeawolfRN
ae7a0159e7
Changed to Puts and get_once - also forgot the timeout...
2013-12-20 18:44:42 +00:00
jvazquez-r7
8be481f324
Land #2681 , @mcantoni and @todb-r7's support for chargen
2013-12-20 11:53:08 -06:00
jvazquez-r7
12efa99ce5
Fix udp_sweep
2013-12-20 11:47:48 -06:00
jvazquez-r7
2dc7ef4398
Fix udp_probe
2013-12-20 11:45:27 -06:00
Tod Beardsley
2f34f8458b
Downcase chargen service name
2013-12-20 10:41:53 -06:00
Tod Beardsley
35c847da94
Add chargen to udp_probe and udp_sweep
...
This simplifies the checks considerably for PR #2681 from @mcantoni
2013-12-20 10:32:15 -06:00
jvazquez-r7
eba164d2e3
Clean chargen_probe
2013-12-20 09:10:15 -06:00
Bruno Morisson
6ac0aad38b
Prevent report_* when RESOLVE is remote, since hostname may be unknown and local resolution fail, thus spitting out an error and failing
2013-12-19 23:37:13 +00:00
Bruno Morisson
c881ef5472
Unreachable and time out error identification
2013-12-19 22:59:56 +00:00
Matteo Cantoni
a199dc39af
used the recvfrom timeout
2013-12-19 20:56:11 +01:00
Bruno Morisson
773d4c5cd1
commented out response packet vprint
2013-12-19 18:35:11 +00:00
Bruno Morisson
ad8a156263
RHOSTS can be a comma separated list of hostnames
2013-12-19 18:33:32 +00:00
Bruno Morisson
564601e083
msftidy - fixed
2013-12-19 17:30:34 +00:00
Bruno Morisson
2480f023b1
Dropped scanner mixin. Tried to maintain usage
2013-12-19 17:15:44 +00:00
Bruno Morisson
21d959c58d
RESOLVE option takes either "remote" or "local"
2013-12-19 00:38:47 +00:00
Bruno Morisson
1778a08e98
Keeping changes away from the "ip" variable
2013-12-19 00:19:58 +00:00
sinn3r
d41f05e0b6
Land #2776 - Avoid having the same port twice
2013-12-18 18:09:43 -06:00
Bruno Morisson
7ebcd5a8c9
Option to perform host resolution on remote saprouter
2013-12-18 23:53:58 +00:00
jvazquez-r7
f21d666631
Land #2744 , @rcvalle module for CVE-2013-2050
2013-12-18 16:19:25 -06:00
jvazquez-r7
0eac17083a
Clean cfme_manageiq_evm_pass_reset
2013-12-18 16:16:32 -06:00
sinn3r
ee87f357b0
Raise Msf::OptionValidateError when the PORTS option is invalid
...
Instead of print_error for invalid ports, modules should be raising
Msf::OptionValidateError to warn the user about the invalid input.
2013-12-18 15:04:53 -06:00
sinn3r
4028dcede7
Add an input check for datastore option PORTS
...
If Rex::Socket.portspec_crack returns an empty array, we assume
there are no valid ports to test, so we raise an OptionValidateError
to warn the user about it.
2013-12-18 14:55:51 -06:00
Ramon de C Valle
b9a9b90088
Update module to use added bcrypt gem
2013-12-18 16:15:35 -02:00
Ramon de C Valle
e20569181b
Remove EzCrypto-related code as per review
2013-12-18 16:15:22 -02:00
Ramon de C Valle
ef081cec49
Add missing disclosure date as per review
2013-12-18 15:47:23 -02:00
OJ
5e4c395f86
Fix small spacing issue
2013-12-18 17:14:47 +10:00
jvazquez-r7
80eea97ccd
ChrisJohnRiley fix for sap_service_discovery
2013-12-17 13:31:56 -06:00
zeknox
2eee34babf
added timeout options and rescue timeout
2013-12-16 20:00:13 -06:00
zeknox
fe34d0e36e
fixed syntax
2013-12-16 19:26:40 -06:00
zeknox
7b8de95f6b
fixed database overwriting issues
2013-12-16 19:16:12 -06:00
zeknox
07f686bb1a
added ResolverArgumentError rescue statement
2013-12-16 18:46:14 -06:00
SeawolfRN
24bc10905e
Added Spaces and removed Interrupt
2013-12-16 22:12:35 +00:00
SeawolfRN
bf561fef95
Corrected Extraneous Whitespace\Newlines
2013-12-16 16:38:49 +00:00
SeawolfRN
79022c2e29
Probably should have checked it worked...
2013-12-16 11:33:08 +00:00
SeawolfRN
59003a9842
Updated Poison Ivy Scanner
2013-12-15 22:02:14 +00:00
SeawolfRN
226cd241bf
Added Poison Ivy Command and Control Scanner\n Auxiliary module to scan for Poison Ivy C&C on ports 80,8080,443 and 3460
2013-12-15 14:34:50 +00:00
Matteo Cantoni
999006e037
fixed some things, as suggested by jvazquez-r7
2013-12-14 19:41:31 +01:00
zeknox
e6f1f648be
modified wordlist path, modified report_goods to log udp or tcp, made wordlist not required
2013-12-13 10:49:44 -06:00
zeknox
d6e19df8e2
added additional url reference
2013-12-12 22:57:23 -06:00
zeknox
9f18c57fce
added period to description and changed tester to user
2013-12-12 22:11:02 -06:00
zeknox
dba0e9bf77
msftidy done
2013-12-12 20:30:46 -06:00
zeknox
554cd41403
added dns_cache_scraper and useful wordlists
2013-12-12 20:18:18 -06:00
William Vu
ff9cb481fb
Land #2464 , fixes for llmnr_response and friends
...
Fixed conflict in lib/msf/core/exploit/http/server.rb.
2013-12-10 13:41:45 -06:00
Tod Beardsley
e737b136cc
Minor grammar/caps fixup for release
2013-12-09 14:01:27 -06:00
Ramon de C Valle
37826688ce
Add cfme_manageiq_evm_pass_reset.rb
...
This module exploits a SQL injection vulnerability in the "explorer"
action of "miq_policy" controller of the Red Hat CloudForms Management
Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier)
by changing the password of the target account to the specified
password.
2013-12-09 16:49:07 -02:00
jvazquez-r7
c59b8fd7bc
Land #2741 , @russell TCP support for nfsmount
2013-12-09 09:46:34 -06:00
Russell Sim
291a52712e
Allow the NFS protocol to be specified in the mount scanner
2013-12-09 21:26:29 +11:00
sinn3r
1e30cd55f7
Land #2740 - Real regex for MATCH and EXCLUDE
2013-12-09 03:05:08 -06:00
sinn3r
feca3efafb
Land #2728 - vBulletin Password Collector via nodeid SQL Injection
2013-12-09 02:12:42 -06:00
sinn3r
92412279ae
Account for failed cred gathering attempts
...
Sometimes the SQL error doesn't contain the info we need.
2013-12-09 02:11:46 -06:00
Joe Vennix
cd66cca8a1
Make browser autopwn datastore use OptRegexp.
2013-12-08 17:46:33 -06:00
jvazquez-r7
75fb38fe8d
Land #2724 , @wchen-r7 and @jvennix-r7's module for CVE-2013-6414
2013-12-07 14:26:46 -06:00
jvazquez-r7
fdebfe3d2f
Add references
2013-12-07 14:25:58 -06:00
sinn3r
adc241faf8
Last one, I say
2013-12-06 15:52:42 -06:00
sinn3r
17193e06a9
Last commit, I swear
2013-12-06 15:49:44 -06:00
sinn3r
58a70779ac
Final update
2013-12-06 15:48:59 -06:00
sinn3r
9f5768ae37
Another update
2013-12-06 14:53:35 -06:00
sinn3r
af16f11784
Another update
2013-12-06 14:39:26 -06:00
sinn3r
87e77b358e
Use the correct URI
2013-12-06 12:08:19 -06:00
sinn3r
5d4acfa274
Plenty of changes
2013-12-06 11:57:02 -06:00
sinn3r
c07686988c
random uri
2013-12-05 18:07:24 -06:00
jvazquez-r7
f2f8c08c8e
Use blank? method
2013-12-05 16:36:44 -06:00
jvazquez-r7
a380d9b4f2
Add aux module for CVE-2013-3522
2013-12-05 15:58:05 -06:00
sinn3r
8e9723788d
Correct description
2013-12-04 17:25:58 -06:00
sinn3r
fb2fcf429f
This one actually works
2013-12-04 17:22:42 -06:00
sinn3r
d0071d7baa
Add CVE-2013-6414 Rails Action View DoS
2013-12-04 14:57:30 -06:00
sinn3r
230db6451b
Remove @peer for modules that use HttpClient
...
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
sinn3r
99dc9f9e7e
Fix msftidy warning
2013-12-03 00:09:51 -06:00
Jonathan Claudius
e37f7d3643
Use send_request_cgi instead of send_request_raw
2013-12-03 00:57:26 -05:00
Jonathan Claudius
14e600a431
Clean up res nil checking
2013-12-03 00:51:19 -05:00
Jonathan Claudius
b796095582
Use peer vs. rhost and rport for prints
2013-12-03 00:49:05 -05:00
Jonathan Claudius
0480e01830
Account for nil res value
2013-12-03 00:45:57 -05:00
Jonathan Claudius
c91d190d39
Add Cisco ASA ASDM Login
2013-12-03 00:16:04 -05:00
Tod Beardsley
55847ce074
Fixup for release
...
Notably, adds a description for the module landed in #2709 .
2013-12-02 16:19:05 -06:00
sinn3r
20e0a7dcfb
Land #2709 - ZyXEL GS1510-16 Password Extractor
2013-12-02 13:13:01 -06:00
Sven Vetsch / Disenchant
39fbb59ba9
re-added the reference I accidentally deleted
2013-12-02 19:06:19 +01:00
Sven Vetsch / Disenchant
cb98d68e47
added @wchen-r7's code to store the password into the database
2013-12-02 18:35:59 +01:00
jvazquez-r7
ba39a8e826
Land #2705 , @jjarmoc's user object configuration on rails_devise_pass_reset
2013-12-02 11:04:29 -06:00
jvazquez-r7
8d6a534582
Change title
2013-12-02 08:54:37 -06:00
jvazquez-r7
24d09f2085
Land #2700 , @juushya's Oracle ILO Brute Forcer login
2013-12-02 08:53:10 -06:00
Sven Vetsch / Disenchant
8e73023baa
and now in the correct data structure
2013-12-01 17:38:35 +01:00
Sven Vetsch / Disenchant
ef77b7fbbf
added reference as requested at https://github.com/rapid7/metasploit-framework/pull/2709
2013-12-01 17:36:15 +01:00
Sven Vetsch / Disenchant
aa62800184
added ZyXEL GS1510-16 Password Extractor
2013-11-29 10:42:17 +01:00
Karn Ganeshen
bc41120b75
Updated
2013-11-29 12:47:47 +05:30
Karn Ganeshen
1109a1d157
Updated
2013-11-28 11:30:02 +05:30
Jeff Jarmoc
03838aaa79
Update rails_devise_pass_reset.rb
...
Fixed erroneous status if FLUSHTOKENS is false.
2013-11-27 22:27:45 -06:00
Jeff Jarmoc
7f8baf979d
Adds the ability to configure object name in URI and XML. This allows exploiting other platforms that include devise.
...
For example, activeadmin is exploitable if running a vulnerable devise and rails version with the following settings;
msf > use auxiliary/admin/http/rails_devise_pass_reset
msf auxiliary(rails_devise_pass_reset) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf auxiliary(rails_devise_pass_reset) > set RPORT 3000
RPORT => 3000
msf auxiliary(rails_devise_pass_reset) > set TARGETEMAIL admin@example.com
TARGETEMAIL => admin@example.com
msf auxiliary(rails_devise_pass_reset) > set TARGETURI /admin/password
TARGETURI => /admin/password
msf auxiliary(rails_devise_pass_reset) > set PASSWORD msf_pwnd
PASSWORD => msf_pwnd
msf auxiliary(rails_devise_pass_reset) > set OBJECTNAME admin_user
OBJECTNAME => admin_user
msf auxiliary(rails_devise_pass_reset) > exploit
[*] Clearing existing tokens...
[*] Generating reset token for admin@example.com...
[+] Reset token generated successfully
[*] Resetting password to "msf_pwnd"...
[+] Password reset worked successfully
[*] Auxiliary module execution completed
msf auxiliary(rails_devise_pass_reset) >
2013-11-27 15:35:43 -06:00
Matteo Cantoni
3111aee866
fix match and boolean expression
2013-11-26 21:42:09 +01:00
jvazquez-r7
a7e6a79b15
Land #2685 , @wchen-r7's update for the word injector description
2013-11-25 15:47:57 -06:00
jvazquez-r7
92807d0399
Land #2676 , @todb-r7 module for CVE-2013-4164
2013-11-25 15:40:33 -06:00
Tod Beardsley
23448b58e7
Remove timeout checkers that are rescued anyway
2013-11-25 12:37:23 -06:00
Tod Beardsley
f311b0cd1e
Add user-controlled verbs.
...
GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
2013-11-25 12:29:05 -06:00
jvazquez-r7
cc60ca2e2a
Fix module title
2013-11-25 09:33:43 -06:00
jvazquez-r7
cc261d2c25
Land #2670 , @juushya's aux brute forcer mod for OpenMind
2013-11-25 09:29:41 -06:00
Karn Ganeshen
e157ff73d3
Oracle ILOM Login utility
2013-11-25 13:55:31 +05:30
sinn3r
48578c3bc0
Update description about suitable targets
...
The same technique work for Microsoft Office 2013 as well. Tested.
2013-11-24 23:02:37 -06:00
Meatballs
dd9bb459bf
PSEXEC Refactor
...
Move peer into mixin
PSEXEC should use the psexec mixin
2013-11-24 16:24:05 +00:00
Matteo Cantoni
f3b907537c
Module to identifies open Chargen service
2013-11-23 17:17:24 +01:00
Tod Beardsley
6a28aa298e
Module for CVE-2013-4164
...
So far, just a DoS. So far, just tested on recent Rails with Webrick and
Thin front ends -- would love to see some testing on ngix/apache with
passenger/mod_rails but I don't have it set up at the moment.
2013-11-22 16:51:02 -06:00
Karn Ganeshen
266de2d27f
Updated
2013-11-23 00:01:03 +03:00
Karn Ganeshen
b5011891a0
corrected rport syntax
2013-11-21 08:57:45 +03:00
Karn Ganeshen
9539972340
Module for OpenMind Message-OS portal login
2013-11-21 06:33:05 +03:00
William Vu
9f45121b23
Remove EOL spaces
2013-11-20 15:08:13 -06:00
Tod Beardsley
ded56f89c3
Fix caps in description
2013-11-18 16:15:50 -06:00
jvazquez-r7
f963f960cb
Update title
2013-11-18 15:07:59 -06:00
jvazquez-r7
274247bfcd
Land #2647 , @jvennix-r7's module for Gzip Memory Bomb DoS
2013-11-18 15:06:46 -06:00
joev
589660872e
Kill FILEPATH datastore option.
2013-11-18 14:13:25 -06:00
jvazquez-r7
f690667294
Land #2617 , @FireFart's mixin and login bruteforcer for TYPO3
2013-11-18 13:37:16 -06:00
jvazquez-r7
0391ae2bc0
Delete general reference
2013-11-18 13:19:09 -06:00
jvazquez-r7
1c4dabaf34
Beautify typo3_bruteforce module
2013-11-18 13:17:15 -06:00
sinn3r
b5fc0493a5
Land #2642 - Fix titles
2013-11-18 12:14:36 -06:00
joev
8e889c61f7
Update description.
2013-11-17 15:48:27 -06:00
joev
f7820139dc
Add a content_type datastore option.
2013-11-17 15:38:55 -06:00
joev
43d2711b98
Default to 1 round compression.
2013-11-17 15:35:35 -06:00
joev
1e3860d648
Add gzip bomb dos aux module.
2013-11-17 14:44:33 -06:00
jvazquez-r7
7d22312cd8
Fix redis communication
2013-11-15 19:36:18 -06:00
William Vu
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
William Vu
334a93af45
Land #2638 , refs for android_htmlfileprovider
2013-11-13 14:51:46 -06:00
joev
0612f340f1
Commas are good.
2013-11-13 14:38:50 -06:00
joev
ad5f82d211
Add missing refs to aux/gather/android_htmlfileprovider.
2013-11-13 14:36:18 -06:00
sinn3r
970e70a853
Land #2626 - Add wordpress scanner
2013-11-12 11:30:23 -06:00
sinn3r
6a28f1f2a7
Change 4-space tabs to 2-space tabs
2013-11-12 11:29:28 -06:00
Tod Beardsley
2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
...
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints
[SeeRM #8498 ]
2013-11-11 21:23:35 -06:00
FireFart
48faa38c44
bugfix for wordpress_scanner
2013-11-11 00:24:32 +01:00
FireFart
b472c2b195
added a wordpress scanner
2013-11-10 23:08:59 +01:00
FireFart
bdd33d4daf
implement feedback from @jlee-r7
2013-11-07 23:07:58 +01:00
FireFart
cc3ee5f97b
typo3_bruteforce: update msf license
2013-11-07 22:53:28 +01:00
FireFart
e897c8379f
typo3_bruteforce: bugfix
2013-11-07 22:46:26 +01:00
FireFart
9d616dbfe9
added typo3 bruteforcer
2013-11-07 22:38:27 +01:00
HD Moore
09c31f7582
Small nitpicks to catch bad http responses
2013-11-06 15:06:04 -06:00
Tod Beardsley
91639dbb99
Trailing whitespace
2013-11-06 14:25:28 -06:00
Tod Beardsley
079816777a
I kin spel
2013-11-06 14:22:41 -06:00
HD Moore
6b43d94c72
Rename, change titles/descriptions, fix minor bugs
2013-11-06 13:45:40 -06:00
jvazquez-r7
b9caf091d4
Change supermicro_ipmi_traversal location
2013-11-06 12:47:50 -06:00
jvazquez-r7
c132a60973
Move Supermicro web interface name to a constant
2013-11-06 12:47:50 -06:00
jvazquez-r7
0609c5b290
Move private key to a constant
2013-11-06 12:47:50 -06:00
jvazquez-r7
275fd5e2ba
Sort options by name
2013-11-06 12:47:50 -06:00
jvazquez-r7
9f87fb33a7
Move digest calculation to a variable
2013-11-06 12:47:50 -06:00
Tod Beardsley
46f0998903
Add URL refs
2013-11-06 12:47:50 -06:00
Tod Beardsley
a973862c74
Add new modules
2013-11-06 12:47:50 -06:00
Tod Beardsley
84572c58a8
Minor fixup for release
...
* Adds some new refs.
* Fixes a typo in a module desc.
* Fixes a weird slash continuation for string building (See #2589 )
2013-11-04 12:10:38 -06:00
William Vu
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
Tod Beardsley
344413b74d
Reorder refs for some reason.
2013-10-30 12:25:55 -05:00
Tod Beardsley
32794f9d37
Move OpenBravo to aux module land
2013-10-30 12:20:04 -05:00
Tod Beardsley
9045eb06b0
Various title and description updates
2013-10-28 14:00:19 -05:00
Tod Beardsley
9bb9f8b27b
Update descriptions on SMB file utils.
2013-10-28 13:48:25 -05:00
Tod Beardsley
0f63420e9f
Be specific about the type of hash
...
See #2583 . Since there are several types of hashes, we need to be more
specific about this -- see modules/exploits/windows/smb/psexec.rb which
uses an "smb_hash" as a password type.
Also, the fixes in #2583 do not appear to address anything else reported
on the Redmine issue, namely, operating system and architecture
identification discovered with this module (assuming good credentials).
Therefore, the Redmine issue should not be considered resolved.
[SeeRM #4398 ]
2013-10-28 13:40:07 -05:00
William Vu
1fee3ce952
Land #2584 , reporting for energizer_duo_detect
2013-10-28 10:48:20 -05:00
jvazquez-r7
efcfc9eef7
Land #2273 , @kaospunk's enum domain feature for owa_login
2013-10-28 09:47:54 -05:00
jvazquez-r7
71a1ccf771
Clean owa_login enum_domain feature
2013-10-28 09:46:41 -05:00
jvazquez-r7
e0aec13ce1
[FixRM #4397 ] Add reporting for energizer_duo_detect
2013-10-25 16:51:44 -05:00
jvazquez-r7
9276a839d4
[FixRM #4398 ] Report credentials to database
2013-10-25 16:19:47 -05:00
sinn3r
7d788fbf76
Land #2571 - HP Intelligent Management SOM FileDownloadServlet Arbitrary Download
2013-10-24 14:15:26 -05:00
sinn3r
7ee615223d
Land #2570 - HP Intelligent Management SOM Account Creation
2013-10-24 14:14:06 -05:00
jvazquez-r7
ea80c15c3b
Land #2383 , @jamcut's aux module for jenkins enum
2013-10-24 11:31:36 -05:00
jvazquez-r7
8428671f32
Land #2455 , @juushya's aux module for radware
2013-10-24 10:54:02 -05:00
jvazquez-r7
1673b66cbe
Delete some white lines
2013-10-24 10:50:14 -05:00
jvazquez-r7
b589e9aa6e
Use the peer method
2013-10-24 10:45:02 -05:00
Tod Beardsley
b5f26455a3
Land #2545 , javascript library overhaul
2013-10-23 16:12:49 -05:00
jvazquez-r7
255cd18868
Use peer helper
2013-10-23 16:08:40 -05:00
jvazquez-r7
69da39ad52
Add module for ZDI-13-240
2013-10-23 16:01:01 -05:00
sinn3r
d1e1968cb9
Land #2566 - Download and delete a file via SMB
2013-10-23 12:28:57 -05:00
sinn3r
9a51dd5fc4
Do exception handling and stuff
2013-10-23 12:28:25 -05:00
sinn3r
0500842625
Do some exception handling
2013-10-23 12:22:49 -05:00