Commit Graph

830 Commits (ae655e42d225b0a847f1e4d3c05825d7e88593fe)

Author SHA1 Message Date
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
jvazquez-r7 b9360b9de6 Land #2286, @wchen-r7's patch for undefined method errors 2013-08-26 20:46:05 -05:00
sinn3r 85ed9167f2 Print target endpoint
If a module consistently print the target endpoint in all its print
functions, then we'll follow that.
2013-08-26 17:51:43 -05:00
sinn3r 9f8051161f Properly implement normalize_uri 2013-08-26 17:18:00 -05:00
jvazquez-r7 c660279963 Land #2259, @wchen-r7's patch for [SeeRM #8319] 2013-08-26 16:36:45 -05:00
sinn3r 3769da2722 Better fixes 2013-08-26 14:02:45 -05:00
sinn3r 8c7f4b3e1f Avoid using inline rescue 2013-08-26 13:54:06 -05:00
sinn3r 2fa75e0133 Fix undefined method error
[FixRM #8325]
2013-08-21 01:16:49 -05:00
sinn3r be29e44788 Fix undefined method error
[FixRM #8328]
2013-08-21 01:15:07 -05:00
sinn3r ae8c40c8f7 Fix undefined method error
[FixRM #8329]
2013-08-21 01:10:46 -05:00
sinn3r 42a7766f1b Fix undefined method error
[FixRM #8330]
2013-08-21 01:09:24 -05:00
sinn3r 0f85fa21b4 Fix undefined method error
[FixRM #8331]
2013-08-21 01:08:19 -05:00
sinn3r 8eeb66f96d Fix undefined method error
[FixRM #8332]
2013-08-21 01:06:54 -05:00
sinn3r 785f633d1d Fix undefined method error
[FixRM #8334]
[FixRM #8333]
2013-08-21 01:01:53 -05:00
sinn3r 0561928b92 Fix undefined method error
[FixRM #8336]
2013-08-21 00:54:08 -05:00
sinn3r 2597c71831 Fix undefined method error
[FixRM #8338]
[FixRM #8337]
2013-08-21 00:52:33 -05:00
sinn3r 092b43cbfa Fix undefined method error
[FixRM #8339]
2013-08-21 00:50:37 -05:00
sinn3r 32a190f1bd Fix undefined method error
[FixRM #8340]
2013-08-21 00:49:13 -05:00
sinn3r 217d89fa7c Fix undefined method error
[FixRM #8341]
2013-08-21 00:47:31 -05:00
sinn3r 3a271e7cc7 Fix undefined method error
[FixRM #8342]
2013-08-21 00:45:48 -05:00
jvazquez-r7 fe089030d4 Land #2257, @wchen-r7's patch for [SeeRM #8317] 2013-08-20 13:43:37 -05:00
sinn3r 1702cf2af9 Use TARGETURI 2013-08-20 13:23:32 -05:00
jvazquez-r7 3ac59fede7 Land #2251, @wchen-r7's patch to use OptRegexp 2013-08-20 12:55:30 -05:00
sinn3r 202b31d869 Better fix based on feedback
Tell daddy how you want it.
2013-08-20 12:52:04 -05:00
jvazquez-r7 586ae8ded3 Land #2249, @wchen-r7's patch for [SeeRM #8314] 2013-08-20 10:32:47 -05:00
sinn3r f68d581b7a [FixRM #8319] - Properly disable BLANK_PASSWORDS for ektron_cms400net
In module ektron_cms400net.rb, datastore option "BLANK_PASSWORDS" is
set to false by default, because according to the original author, a
blank password will result in account lockouts. Since the user should
never set "BLANK_PASSWORDS" to true, this option should never be
presented as an option (when issuing the "show options").

While fixing #8319, I also noticed another bug at line 108, where
res.code is used when res could be nil due to a timeout, so I ended
up fixing it, too.
2013-08-20 01:20:52 -05:00
sinn3r 3c27520e10 [FixRM #8317] - Fix possible double slash in file path
It is possible to have a double slash in the base path, shouldn't
happen.
2013-08-19 17:55:14 -05:00
sinn3r 7fc37231e0 Fix email format
Correct email format
2013-08-19 16:34:14 -05:00
sinn3r 8eb9266bff Use the correct var 2013-08-19 16:19:03 -05:00
sinn3r 58d5cf6faa Module should use OptRegexp for regex pattern option
Instead of using OptString, OptRegexp should be used because this
datastore option is a regex pattern.
2013-08-19 16:16:34 -05:00
sinn3r fb5ded1472 [FixRM #8314] - Use OptPath instead of OptString
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
Tod Beardsley ca313806ae Trivial grammar and word choice fixes for modules 2013-08-19 13:24:42 -05:00
sinn3r 780293d817 Minor changes 2013-08-16 23:24:40 -05:00
sinn3r a94c6aa72b [FixRM 6264] Check required vulnerable component before testing
tomcat_enum requires the admin web app package for it to work, but
by default many Apache Tomcat don't actually have this. The module
should check that first before trying usernames.

[FixRM 6264], see:
http://dev.metasploit.com/redmine/issues/6264

I also made changes to do_login in order to verify successful/bad
attempts more specific.
2013-08-16 15:45:23 -05:00
sinn3r bbe57dbf3a Some cleanup, also remove TARGETURI because not registered by default 2013-08-16 12:06:24 -05:00
Karn Ganeshen e4885b2017 updated module
removed the csrfkey parameter from login uri.
2013-08-16 13:04:02 +05:30
Karn Ganeshen a65181d51b new revision - cisco_ironport_enum
Added code to check successful conn first, so now if there is no connectivity on target port, script aborts run.
New check to ensure 'set-cookie' is set by the app as expected, before any further fingerprinting & b-f starts.
If the app is not Ironport, 'set-cookie' will not be set & remains null, and so script aborts run.
De-registered 'TARGETURI.'
Registered 'username' and 'password' with default value.
Changed some run messages.
And lastly, changed the csrf key piece cos I miss a cold beer right now.
2013-08-15 04:06:30 +05:30
Juushya d526663a53 Add module to brute force the Cisco IronPort application 2013-08-14 09:16:49 -07:00
jvazquez-r7 5ef1e507b8 Make msftidy happy with http_login 2013-08-05 08:41:07 -05:00
sinn3r 8be3f511a4 Fix undefined variable 'path' for http_login 2013-08-03 21:35:22 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Tod Beardsley 147d432b1d Move from DLink to D-Link 2013-07-23 14:11:16 -05:00
jvazquez-r7 2150d9efb0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-22 12:06:18 -05:00
sinn3r 64cfda8dad Final 2013-06-20 13:28:12 -05:00
sinn3r bfb78e001a Add HP System Management Homepage Login Utility 2013-06-20 12:54:03 -05:00
jvazquez-r7 6319f041df Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-20 08:21:40 -05:00
Steve Tornio 55312529d2 add osvdb ref 94417 2013-06-19 23:13:45 -05:00
jvazquez-r7 a01f0c4671 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 09:34:51 -05:00
sinn3r 90cad4b7fb Land #1980 - Canon Printer Wireless Configuration Disclosure 2013-06-18 19:09:38 -05:00