Tod Beardsley
f58558f605
Updated all the brute force login modules to record successful logins and avoid duplicating credentials.
...
git-svn-id: file:///home/svn/framework3/trunk@8553 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 19:04:51 +00:00
Joshua Drake
2e77c76824
add exploit module to get code exec on a tomcat manager instance, closes #772
...
git-svn-id: file:///home/svn/framework3/trunk@8552 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 18:18:43 +00:00
Tod Beardsley
38a3b8203e
Properly checking for credential duplication.
...
git-svn-id: file:///home/svn/framework3/trunk@8551 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 18:11:18 +00:00
Joshua Drake
534d56cdd8
adjust text wrap
...
git-svn-id: file:///home/svn/framework3/trunk@8550 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 18:04:11 +00:00
Tod Beardsley
c24a708db6
See #859 . Adds keyboard-interactive as an acceptable method of authentication.
...
git-svn-id: file:///home/svn/framework3/trunk@8548 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 16:11:58 +00:00
Patrick Webster
350c189a34
Added exploit module qbik_wingate_wwwproxy.
...
git-svn-id: file:///home/svn/framework3/trunk@8547 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 15:58:26 +00:00
Tod Beardsley
27c3266c0a
Serializes telnet brute forcing so it's a little bit faster (as it happens) and
...
about a zillion times more reliable.
git-svn-id: file:///home/svn/framework3/trunk@8543 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 00:22:02 +00:00
Tod Beardsley
4197f00701
Moves @credentials_tried and @credentials_good into auth_brute proper, though modules still
...
need to handle them themselves... which telnet and ssh both do now.
git-svn-id: file:///home/svn/framework3/trunk@8542 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 21:55:02 +00:00
Joshua Drake
797ab55f52
add exploit module for cve-2009-2011
...
git-svn-id: file:///home/svn/framework3/trunk@8541 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 20:14:40 +00:00
Tod Beardsley
443e82bc75
Reworked ssh_login to a) handle all SSH errors, b) cease trying users if we already guessed a password and c) cease trying the same user:pass combo more than once.
...
git-svn-id: file:///home/svn/framework3/trunk@8540 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 20:12:02 +00:00
Steve Tornio
a71a24b6d3
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@8538 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 18:56:05 +00:00
Steve Tornio
ed395fcda4
add osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@8537 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 18:48:34 +00:00
Steve Tornio
b17fc35986
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@8536 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 18:35:01 +00:00
Steve Tornio
3314e6a10b
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@8535 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 17:25:47 +00:00
Steve Tornio
fa877eb567
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@8534 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 17:11:45 +00:00
Steve Tornio
e5609bbf82
add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@8533 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 17:07:54 +00:00
HD Moore
1686931efe
More SSH versions
...
git-svn-id: file:///home/svn/framework3/trunk@8532 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 14:42:11 +00:00
Joshua Drake
b4ead057f6
add exploit module for cve-2000-0917
...
git-svn-id: file:///home/svn/framework3/trunk@8530 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 00:56:28 +00:00
Tod Beardsley
5fce04ce22
See #843 , but this really just masks the problem. Investigate more thoroughly.
...
git-svn-id: file:///home/svn/framework3/trunk@8529 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 23:35:22 +00:00
Tod Beardsley
25ec6e8021
Removing the require rescues for SSH, now that it's shipping in lib directly.
...
git-svn-id: file:///home/svn/framework3/trunk@8528 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 23:21:51 +00:00
Tod Beardsley
206b70ace7
Indentation fixes (wrapping everything in a begin;rescue;end, didn't want
...
to obfuscate that with the last change).
git-svn-id: file:///home/svn/framework3/trunk@8522 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 18:09:51 +00:00
Tod Beardsley
b45cfb8793
Fixes #808 . Removes the pre-connect test from login and version.
...
git-svn-id: file:///home/svn/framework3/trunk@8521 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 18:05:51 +00:00
Steve Tornio
ceb65d7dc0
Add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@8519 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 16:38:58 +00:00
Joshua Drake
4800d6841c
commit cmd stager stuff from bannedit
...
git-svn-id: file:///home/svn/framework3/trunk@8518 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 16:38:19 +00:00
et
cf29ff333e
Added a path to prepend
...
git-svn-id: file:///home/svn/framework3/trunk@8514 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 05:24:31 +00:00
HD Moore
185ff610eb
Add an example of how to break out of the capture loop
...
git-svn-id: file:///home/svn/framework3/trunk@8513 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 01:32:25 +00:00
Joshua Drake
48b7aec12d
corrected cve reference
...
git-svn-id: file:///home/svn/framework3/trunk@8512 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:30:17 +00:00
Joshua Drake
a996668cfa
added payload notes
...
git-svn-id: file:///home/svn/framework3/trunk@8511 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:27:45 +00:00
Joshua Drake
82369aa9e8
add exploit module for cve-2007-2447
...
git-svn-id: file:///home/svn/framework3/trunk@8510 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:26:41 +00:00
Joshua Drake
8c59c9cfdc
fix typos
...
git-svn-id: file:///home/svn/framework3/trunk@8508 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 22:42:16 +00:00
Joshua Drake
b1ef6075c0
add exploit module for cve-2007-5208
...
git-svn-id: file:///home/svn/framework3/trunk@8507 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 22:38:50 +00:00
HD Moore
1857268af8
Uber-fast-get-me-a-php-shell mode :)
...
git-svn-id: file:///home/svn/framework3/trunk@8505 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 17:59:54 +00:00
kris
5a5fb84e2c
strings, not constants
...
git-svn-id: file:///home/svn/framework3/trunk@8502 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 13:34:07 +00:00
HD Moore
32357b1f64
Skip the debugging target for automatic mode
...
git-svn-id: file:///home/svn/framework3/trunk@8499 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 01:02:12 +00:00
HD Moore
5d7139ad6f
Various module cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@8498 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 00:48:03 +00:00
Patrick Webster
f9ae031055
Added piranha_passwd_exec exploit module.
...
git-svn-id: file:///home/svn/framework3/trunk@8497 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 20:27:24 +00:00
HD Moore
43e89bf3a2
Consistency fix
...
git-svn-id: file:///home/svn/framework3/trunk@8496 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 19:38:47 +00:00
HD Moore
ca4b9bbd52
Ignore lang/service pack for non-Windows hosts in the OS information
...
git-svn-id: file:///home/svn/framework3/trunk@8490 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 17:25:05 +00:00
HD Moore
337e00d57e
Swap flavor/name
...
git-svn-id: file:///home/svn/framework3/trunk@8489 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 17:13:55 +00:00
HD Moore
352a367857
Handle OS X better
...
git-svn-id: file:///home/svn/framework3/trunk@8488 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 17:13:00 +00:00
et
26bb74ad6e
file autopwn minor fixes
...
git-svn-id: file:///home/svn/framework3/trunk@8486 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 00:06:32 +00:00
et
11cc5b0a32
fix name
...
git-svn-id: file:///home/svn/framework3/trunk@8484 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 23:38:01 +00:00
et
24084024c0
Add file format exploits generator. Kind of a File autopwn. Next step add Emailer
...
git-svn-id: file:///home/svn/framework3/trunk@8483 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 23:32:33 +00:00
HD Moore
9c227ea0e7
Improved auxiliary detection
...
git-svn-id: file:///home/svn/framework3/trunk@8481 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 23:26:07 +00:00
Patrick Webster
ee4fd8c75d
Ported sambar6_search_results from v2.
...
git-svn-id: file:///home/svn/framework3/trunk@8480 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 20:15:19 +00:00
HD Moore
7aa7995da9
Autodetect and exploit 2003 SP0
...
git-svn-id: file:///home/svn/framework3/trunk@8479 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 20:04:24 +00:00
Patrick Webster
01cbe85468
Fixed OSVDB refs and added CA Server module.
...
git-svn-id: file:///home/svn/framework3/trunk@8478 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 16:16:13 +00:00
Patrick Webster
c8da073f80
Ported calicclnt_getconfig exploit module from msf2.
...
git-svn-id: file:///home/svn/framework3/trunk@8476 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 15:38:06 +00:00
Joshua Drake
1896c82e39
add exploit module for cve-2009-2484
...
git-svn-id: file:///home/svn/framework3/trunk@8475 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 06:58:27 +00:00
Joshua Drake
8c28d583aa
bump ranking up a notch
...
git-svn-id: file:///home/svn/framework3/trunk@8474 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 06:57:58 +00:00
Tod Beardsley
0e48287310
Adding a quickie ssh_login checker.
...
This will certainly change -- it's mostly just a placeholder now (though it does work).
git-svn-id: file:///home/svn/framework3/trunk@8472 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 23:00:36 +00:00
Joshua Drake
d561b8e8ec
add references, update description
...
git-svn-id: file:///home/svn/framework3/trunk@8471 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 21:09:09 +00:00
Joshua Drake
f3c6b01bbd
add first exploit module using Rex::OLE (cve-2009-3129)
...
git-svn-id: file:///home/svn/framework3/trunk@8470 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 20:52:41 +00:00
Tod Beardsley
49b0e8a077
Argh should be mssql not tcp.
...
git-svn-id: file:///home/svn/framework3/trunk@8469 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 19:58:14 +00:00
Tod Beardsley
fb30d8e8c9
Renaming services to mssql-m and mssql because nobody uses ms-sql-s to talk about port 1433 except /etc/services
...
git-svn-id: file:///home/svn/framework3/trunk@8468 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 19:53:18 +00:00
Tod Beardsley
58913b6a71
Trivial fixup on print_status
...
git-svn-id: file:///home/svn/framework3/trunk@8467 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 19:16:05 +00:00
Patrick Webster
3fd3d44ad6
Added barcode_ax49.rb exploit module.
...
git-svn-id: file:///home/svn/framework3/trunk@8466 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 18:06:49 +00:00
Tod Beardsley
537007c9cb
Implementing database reporting for mssql_ping.
...
git-svn-id: file:///home/svn/framework3/trunk@8464 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 16:53:46 +00:00
HD Moore
3fe41a0d94
Fix a small typo
...
git-svn-id: file:///home/svn/framework3/trunk@8463 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 14:44:23 +00:00
natron
9729b22972
Loopty version of the wireshark exploit. This will continually blast packets as a background job.
...
git-svn-id: file:///home/svn/framework3/trunk@8460 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 01:58:33 +00:00
HD Moore
993ba44fcf
SMB updates, better reporting of SSL status for HTTP
...
git-svn-id: file:///home/svn/framework3/trunk@8459 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 22:37:00 +00:00
Tod Beardsley
c52b37ea17
Prettify the telnet banner display for db_services
...
git-svn-id: file:///home/svn/framework3/trunk@8458 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 20:14:38 +00:00
Tod Beardsley
8a44f4b9d8
Using a proper variable instead of $1 token for ora version.
...
git-svn-id: file:///home/svn/framework3/trunk@8456 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 18:29:24 +00:00
Tod Beardsley
53ce10ac12
Switching Oracle scanner to use db_service rather than db_note to record version numbers.
...
git-svn-id: file:///home/svn/framework3/trunk@8455 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 17:57:33 +00:00
Joshua Drake
6e80c7a62c
use Rex::Arch::pack_addr
...
git-svn-id: file:///home/svn/framework3/trunk@8454 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 09:03:48 +00:00
Joshua Drake
0f942df9cd
whitespace changes
...
git-svn-id: file:///home/svn/framework3/trunk@8451 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 06:00:12 +00:00
Joshua Drake
f82c53db2a
move 70k binary to data/exploits instead of hex encoded in the exploit
...
git-svn-id: file:///home/svn/framework3/trunk@8446 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 23:17:19 +00:00
James Lee
eb6ce38e0c
old zero-day shows its age
...
git-svn-id: file:///home/svn/framework3/trunk@8445 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 20:41:07 +00:00
Steve Tornio
df55aee06f
add osvdb and cve refs
...
git-svn-id: file:///home/svn/framework3/trunk@8444 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 19:35:28 +00:00
Steve Tornio
a1ec895cee
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@8443 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 19:26:18 +00:00
Tod Beardsley
e4494d3582
Added a verbosity line to telnet.
...
git-svn-id: file:///home/svn/framework3/trunk@8442 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 19:06:01 +00:00
Steve Tornio
b37b409c3e
update osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@8441 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 18:46:03 +00:00
Joshua Drake
d96a6a1f8f
add exploit module for cve-2009-2261 - first consumer of zip library!
...
git-svn-id: file:///home/svn/framework3/trunk@8440 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 17:28:25 +00:00
natron
f93a8e878e
Auxiliary failed: NoMethodError undefined method `each' for "GET ([^ ?]+) HTTP":String
...
git-svn-id: file:///home/svn/framework3/trunk@8436 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 22:36:37 +00:00
Tod Beardsley
65c5eae59e
Calling it postgres instead of postgresql for overall consistency.
...
git-svn-id: file:///home/svn/framework3/trunk@8435 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 20:44:23 +00:00
James Lee
e2d70519d7
add the ability to check for a prompt before sending user/pass; now works with cisco, aix, solaris, linux, and windows telnetds
...
git-svn-id: file:///home/svn/framework3/trunk@8434 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 19:07:02 +00:00
Stephen Fewer
a03b7c3feb
Commit the modified auxiliary modules to include a CHOST option so the relevant modules can avail of the new UDP pivoting.
...
git-svn-id: file:///home/svn/framework3/trunk@8432 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 16:47:38 +00:00
HD Moore
a92f5f207b
Handle null user lists
...
git-svn-id: file:///home/svn/framework3/trunk@8429 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 16:43:26 +00:00
HD Moore
11e8710a60
Catch OpenDomain failures
...
git-svn-id: file:///home/svn/framework3/trunk@8428 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 16:34:49 +00:00
Joshua Drake
48a159006a
Regenerate the payload with the specified AIX level, cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@8427 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 04:15:47 +00:00
Joshua Drake
e7f7ac20ea
extended brute range, minor cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@8426 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 04:15:15 +00:00
HD Moore
af978cbbdc
Regenerate the payload with the specified AIX level
...
git-svn-id: file:///home/svn/framework3/trunk@8424 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 03:59:20 +00:00
et
36c61ff5ed
Fix typo
...
git-svn-id: file:///home/svn/framework3/trunk@8423 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 01:10:29 +00:00
Joshua Drake
7bf3de2a3d
randomize filler
...
git-svn-id: file:///home/svn/framework3/trunk@8422 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 00:43:56 +00:00
Joshua Drake
40579ce936
it works! don't forget to "set AIX <version>"
...
git-svn-id: file:///home/svn/framework3/trunk@8421 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 00:41:49 +00:00
Joshua Drake
17bd4b8b7d
fixed aix payloads to REALLY do variable substitution
...
git-svn-id: file:///home/svn/framework3/trunk@8418 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 22:41:36 +00:00
Tod Beardsley
c763052c57
See #816 . This came up while learning how to perform various postgre tasks via Metasploit.
...
This module in particular reads a text file on the remote machine, copies it to a temporary table, and then selects the table.
Looks like this:
http://pastie.org/private/uoxgaw7ibjpvuepolr1fuw
git-svn-id: file:///home/svn/framework3/trunk@8417 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 22:34:09 +00:00
HD Moore
ba34abc232
Fix unpack("H*") vs unpack("H*")[0]
...
git-svn-id: file:///home/svn/framework3/trunk@8416 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 21:37:07 +00:00
Tod Beardsley
2860d57e01
Cosmetic change to print_status messages to be consistent with Postgres
...
git-svn-id: file:///home/svn/framework3/trunk@8414 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 20:12:35 +00:00
HD Moore
c6c1cda153
Try to delete the file (doesn't always work)
...
git-svn-id: file:///home/svn/framework3/trunk@8413 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 19:12:59 +00:00
HD Moore
bc62eaf99b
Adds a module to exploit insecure IIS configurations (PUT)
...
git-svn-id: file:///home/svn/framework3/trunk@8412 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 19:04:19 +00:00
Tod Beardsley
d374c16662
Fixed up reporting for DB2 and tested; also added other default usernames for db2.
...
git-svn-id: file:///home/svn/framework3/trunk@8411 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 18:54:50 +00:00
Steve Tornio
f3ad1c0a15
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@8410 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 18:53:21 +00:00
Tod Beardsley
0b6c44b2cb
Adding reporting to postgres_login. Logging version info more verbosely for authenticated login, since it's way useful.
...
git-svn-id: file:///home/svn/framework3/trunk@8408 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 17:35:58 +00:00
Tod Beardsley
67bb7a1926
Cleaning up print_status messages for Postgres SQL module and Postgres library.
...
git-svn-id: file:///home/svn/framework3/trunk@8407 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 16:43:44 +00:00
HD Moore
79c68e3784
Fix the description
...
git-svn-id: file:///home/svn/framework3/trunk@8406 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 13:53:50 +00:00
HD Moore
c28f15d02c
Quote the share name
...
git-svn-id: file:///home/svn/framework3/trunk@8405 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 13:36:35 +00:00
Joshua Drake
f04ae6f20d
minor cleanups -- getting closer
...
git-svn-id: file:///home/svn/framework3/trunk@8402 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 01:03:46 +00:00
HD Moore
7870638481
Expose the SunRPC socket; we need to overhaul the SunRPC code sometime
...
git-svn-id: file:///home/svn/framework3/trunk@8399 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:52:58 +00:00
Joshua Drake
8b63d506f7
initial commit of aix cmsd exploit (not fully working yet)
...
git-svn-id: file:///home/svn/framework3/trunk@8398 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:44:54 +00:00
Joshua Drake
d68efa61d2
initial commit of aix cmsd exploit (not fully working yet)
...
git-svn-id: file:///home/svn/framework3/trunk@8397 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:44:37 +00:00
Joshua Drake
9f174795d4
add exploit module for vermillion ftpd memory corruption
...
git-svn-id: file:///home/svn/framework3/trunk@8396 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:39:48 +00:00
Joshua Drake
a772bc2c85
minor cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@8395 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-07 21:42:12 +00:00
James Lee
c6c1afe543
open sessions when a telnet login succeeds; needs testing on more telnetd's
...
git-svn-id: file:///home/svn/framework3/trunk@8393 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-07 01:24:41 +00:00
James Lee
3b0b2731fd
fix telnet scanner
...
git-svn-id: file:///home/svn/framework3/trunk@8392 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-07 00:14:29 +00:00
HD Moore
bd91871763
Correct credit for the advisory
...
git-svn-id: file:///home/svn/framework3/trunk@8391 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 23:22:28 +00:00
HD Moore
b2518b7c68
Remove the starting host verbage; it gets noisy in scanning mode
...
git-svn-id: file:///home/svn/framework3/trunk@8390 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 22:07:44 +00:00
HD Moore
715e2c4c2e
Add a link to the vendor response
...
git-svn-id: file:///home/svn/framework3/trunk@8389 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 21:54:57 +00:00
James Lee
c48fe399f7
references have to be strings. fixes 815
...
git-svn-id: file:///home/svn/framework3/trunk@8387 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 21:41:06 +00:00
HD Moore
4c8dc37435
Add the OSVDB reference
...
git-svn-id: file:///home/svn/framework3/trunk@8382 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 14:51:56 +00:00
HD Moore
2c6b9c2800
Use the full \\host\share syntax to work with all versions of Samba. Thanks Eren!
...
git-svn-id: file:///home/svn/framework3/trunk@8381 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 14:45:43 +00:00
Joshua Drake
875a66553f
clean up a couple comments to save future pain
...
git-svn-id: file:///home/svn/framework3/trunk@8380 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 06:53:31 +00:00
Joshua Drake
bd3a4760da
fixes to adobe_pdf_embedded_exe
...
optimized the directory search, and cmdline in general
added the Documents (Vista/Win7) to the list of directories to check
fixes #767
git-svn-id: file:///home/svn/framework3/trunk@8379 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 06:51:13 +00:00
James Lee
9b59f0e3c2
give the reported service a name
...
git-svn-id: file:///home/svn/framework3/trunk@8377 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 00:37:16 +00:00
James Lee
509b2aab3a
use new api
...
git-svn-id: file:///home/svn/framework3/trunk@8376 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-05 23:00:51 +00:00
James Lee
0e1af9ed6a
add reporting, see #385
...
git-svn-id: file:///home/svn/framework3/trunk@8375 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-05 21:13:07 +00:00
Tod Beardsley
43bbfefa8f
Adding a Windows signature for Postgres.
...
git-svn-id: file:///home/svn/framework3/trunk@8374 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-05 18:02:13 +00:00
Tod Beardsley
c8cdf9c938
Fixes #811 by implementing an enumerator for PostgreSQL.
...
git-svn-id: file:///home/svn/framework3/trunk@8371 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-05 15:20:59 +00:00
HD Moore
aeba7e0429
Store RPC information
...
git-svn-id: file:///home/svn/framework3/trunk@8370 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-05 14:53:09 +00:00
HD Moore
b3a588b8cc
Adds a module for kcope's samba filesystem traversal
...
git-svn-id: file:///home/svn/framework3/trunk@8369 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-05 06:38:24 +00:00
Joshua Drake
4f9490f63f
add default username/passwords for IBM Cognos Express Tomcat Manager
...
git-svn-id: file:///home/svn/framework3/trunk@8368 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-04 20:34:55 +00:00
Joshua Drake
9397c897ba
fix spoof support
...
git-svn-id: file:///home/svn/framework3/trunk@8367 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-04 04:56:18 +00:00
Tod Beardsley
6e8e6ef16a
Fixes #769 by implementing a brute force module for Postgres. A couple notes: If you guess wrong at the database name, you still can try to login with a username and password -- you'll get a successful auth, but then get disconnected. So, that's pretty neat.
...
Also, since Postgres-PR uses the stock TCPSocket object, connection timeouts and other errors take forever. This is avoided in the brute forcer by pre-validating the connection with Rex::Socket, but this is a hack -- it would be better to convert Postgres-PR to a Rex::Socket flavor, so you also get nicer error messages and what all. I did fork it off the main distribute it already anyway, so may as well will open a feature bug on this, but it's pretty low priority.
git-svn-id: file:///home/svn/framework3/trunk@8366 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 21:45:13 +00:00
Joshua Drake
9b79ebd000
add a windows target, thx redsand!
...
also removed some cruft
git-svn-id: file:///home/svn/framework3/trunk@8364 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 18:24:42 +00:00
Tod Beardsley
376e2ee62c
Gah!
...
git-svn-id: file:///home/svn/framework3/trunk@8363 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 13:53:47 +00:00
Tod Beardsley
b785d5af00
Keywords.
...
git-svn-id: file:///home/svn/framework3/trunk@8362 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 13:53:12 +00:00
Joshua Drake
7538b93aae
add exploit module for cve-2006-6665
...
git-svn-id: file:///home/svn/framework3/trunk@8361 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 06:09:31 +00:00
Joshua Drake
a41647a922
add silly jmp esp target for wireshark gui on debian
...
git-svn-id: file:///home/svn/framework3/trunk@8360 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 00:08:28 +00:00
James Lee
1ee79780e9
fix the http option scanner
...
git-svn-id: file:///home/svn/framework3/trunk@8355 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 23:11:18 +00:00
Tod Beardsley
2ffe4abb5d
Fixes #730 by fixing up the Postgres query module and nicifying the output.
...
git-svn-id: file:///home/svn/framework3/trunk@8352 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 21:02:12 +00:00
Tod Beardsley
44fbe35871
Fixing revision keyword
...
git-svn-id: file:///home/svn/framework3/trunk@8351 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 17:37:34 +00:00
Tod Beardsley
4fcc9856d0
Adding a Juniper JunOS DoS exploit (no CVE, BID: 37670)
...
git-svn-id: file:///home/svn/framework3/trunk@8349 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 17:19:14 +00:00
Steve Tornio
2cbd6d152d
Add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@8347 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 12:37:07 +00:00
Joshua Drake
98dd073368
add an exploit module for one of the wireshark lwres vulns
...
git-svn-id: file:///home/svn/framework3/trunk@8346 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 06:20:18 +00:00
Joshua Drake
746c4fc263
whitespace change
...
git-svn-id: file:///home/svn/framework3/trunk@8345 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 06:19:34 +00:00
Tod Beardsley
01adf60550
See #730 . First pass at a Postgres Query module. Doesn't handle errors very well yet (still need to work all that out and create some test cases).
...
git-svn-id: file:///home/svn/framework3/trunk@8344 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 01:40:48 +00:00
Joshua Drake
fde3fbb2e3
add exploit module for cve-2009-1569
...
git-svn-id: file:///home/svn/framework3/trunk@8339 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:56:02 +00:00
Joshua Drake
c073cd707a
removed unecessary parameter, commented target
...
git-svn-id: file:///home/svn/framework3/trunk@8338 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:33:38 +00:00
et
edc64f824e
Added trace.axd scanner by C4an
...
git-svn-id: file:///home/svn/framework3/trunk@8337 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 02:49:18 +00:00
Joshua Drake
2783c5884e
add exploit module for cve-2009-1568
...
git-svn-id: file:///home/svn/framework3/trunk@8336 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 02:40:47 +00:00
et
7964d0f38a
Renaming wmap modules
...
git-svn-id: file:///home/svn/framework3/trunk@8335 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 02:12:30 +00:00
et
7e5793af2a
New enumeration modules by Mubix
...
git-svn-id: file:///home/svn/framework3/trunk@8331 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-31 00:52:51 +00:00
natron
3ecabe1be9
Adds static signed jar and user messages letting them know.
...
git-svn-id: file:///home/svn/framework3/trunk@8328 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 19:47:40 +00:00
Joshua Drake
4863faf0a7
add reference to cve-2000-1209 (sa blank password)
...
git-svn-id: file:///home/svn/framework3/trunk@8324 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 16:37:06 +00:00
Joshua Drake
c514c2274b
typo, fixes #786 , see also r8315
...
git-svn-id: file:///home/svn/framework3/trunk@8316 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 01:06:06 +00:00
Joshua Drake
53fd14c9c0
updated description, added PATH variable
...
git-svn-id: file:///home/svn/framework3/trunk@8315 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 01:04:23 +00:00
Tod Beardsley
a76480d42c
See #726 . Cleaning up my gross whitespace.
...
git-svn-id: file:///home/svn/framework3/trunk@8311 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 23:08:39 +00:00
natron
69ad365b46
Added STDERR to pure java payload, cleaned up user's view.
...
git-svn-id: file:///home/svn/framework3/trunk@8308 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 22:53:36 +00:00
Steve Tornio
70c0cb7530
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@8307 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 21:04:40 +00:00
Steve Tornio
a3f4d4f65e
add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@8306 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 21:04:01 +00:00
Joshua Drake
c0e556f7ad
oops, broke the tree again!
...
git-svn-id: file:///home/svn/framework3/trunk@8305 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:37:44 +00:00
Joshua Drake
4751d83cb8
some cleanups, added some CVE references
...
git-svn-id: file:///home/svn/framework3/trunk@8304 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:15:32 +00:00
Joshua Drake
7789db860d
add exploit module for Audiotran .pls file bof
...
git-svn-id: file:///home/svn/framework3/trunk@8303 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 19:24:41 +00:00
Joshua Drake
d9e5de5683
note the CLSID of this control
...
git-svn-id: file:///home/svn/framework3/trunk@8302 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 19:17:50 +00:00
Joshua Drake
15e13348c0
add exploit module for AOL phobos bug
...
git-svn-id: file:///home/svn/framework3/trunk@8300 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 18:58:14 +00:00
Joshua Drake
0fbe42395f
added automatic target detection
...
git-svn-id: file:///home/svn/framework3/trunk@8287 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 07:34:47 +00:00
HD Moore
214d624ddc
Fix the report_host() code (broken by previous commit), add an advanced option to store db hosts from monlist
...
git-svn-id: file:///home/svn/framework3/trunk@8283 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 23:25:17 +00:00
Joshua Drake
008755b025
add exploit module for yassl CertDecoder::GetName vuln
...
also renames old mysql_yassl exploit to _hello
git-svn-id: file:///home/svn/framework3/trunk@8282 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 23:24:44 +00:00
natron
9891d60dfc
Move applet generation up for slight speed improvement and less spamminess to the user.
...
git-svn-id: file:///home/svn/framework3/trunk@8281 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 23:15:36 +00:00
Tod Beardsley
bedbc2c341
See #782 . Deregistering filter and pcapfile (not needed for these), moving GATEWAY to advanced options.
...
git-svn-id: file:///home/svn/framework3/trunk@8277 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:58:45 +00:00
natron
5e4442a4d4
Fix a bug missed due to caching issues.
...
git-svn-id: file:///home/svn/framework3/trunk@8276 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:58:13 +00:00
Tod Beardsley
e224d621aa
See #782 . Updating bailiwicked to use capture_sendo.
...
git-svn-id: file:///home/svn/framework3/trunk@8275 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:36:49 +00:00
natron
c135462768
<@jduck> natron: you need some svn keywords magic
...
git-svn-id: file:///home/svn/framework3/trunk@8274 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:20:32 +00:00
Tod Beardsley
8d64f8a10c
See #782 . Updating to use capture_sendto.
...
git-svn-id: file:///home/svn/framework3/trunk@8273 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:17:45 +00:00
Tod Beardsley
246fe53ff4
See #782 . Updating the ntpd dos attack to use capture_sendto.
...
git-svn-id: file:///home/svn/framework3/trunk@8272 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:13:44 +00:00
Tod Beardsley
170b9f7705
See #782 . Converted synflood.rb to use capture_sendto.
...
Note, this makes the SYN flooding significantly more sucky, since if it's a remote address, capture_sendto will always try to arp. Need to deal with this. I have a couple strategies in mind.
git-svn-id: file:///home/svn/framework3/trunk@8271 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:04:14 +00:00
Tod Beardsley
e05e3d7248
Adding Id tag.
...
git-svn-id: file:///home/svn/framework3/trunk@8269 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:55:31 +00:00
Tod Beardsley
3baeb9c199
See #782 . Updating chunked.rb to use capture_sendto. Also adjusted TTL's for ldap and chunked.
...
git-svn-id: file:///home/svn/framework3/trunk@8268 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:54:33 +00:00
natron
cd5e5880d2
Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit.
...
git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:46:39 +00:00
Tod Beardsley
2f76affadb
See #782 . Updating ldap exploit to use capture_sendto. Also updating capture.rb to include RHOST.
...
git-svn-id: file:///home/svn/framework3/trunk@8266 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:37:22 +00:00
Tod Beardsley
0f37a27fe4
See #782 . Updating ip_spoof to use capture_sendto
...
git-svn-id: file:///home/svn/framework3/trunk@8265 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:00:21 +00:00
Tod Beardsley
71c44dadd8
See #782 . Updating rogue_send form capture_sendto
...
git-svn-id: file:///home/svn/framework3/trunk@8264 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 18:46:48 +00:00
Tod Beardsley
4374b8ccc4
See #782 . Updating ipidseq to use capture_sendto.
...
git-svn-id: file:///home/svn/framework3/trunk@8263 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 18:40:38 +00:00
Tod Beardsley
99f9cf76a8
See #782 . Updating syn to use capture_sendto.
...
git-svn-id: file:///home/svn/framework3/trunk@8262 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 18:34:35 +00:00
Tod Beardsley
280e7f8bdd
See #782 . Revising ack to use the new capture_sendto.
...
git-svn-id: file:///home/svn/framework3/trunk@8261 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 18:31:36 +00:00
Tod Beardsley
709c634bfa
Renaming sendto to capture_sendto to give the user a hint as to where it came from.
...
git-svn-id: file:///home/svn/framework3/trunk@8260 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 18:21:33 +00:00
Tod Beardsley
3053bd702a
See #782 . Updated xmas.rb (again), now uses the nicer frontend function sendto. Diff against r8026 to get an idea of what's changed for module writers.
...
git-svn-id: file:///home/svn/framework3/trunk@8259 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 18:12:02 +00:00
HD Moore
393cf5becb
Add the NTP monlist scanner
...
git-svn-id: file:///home/svn/framework3/trunk@8255 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 06:53:24 +00:00
Tod Beardsley
fb09655c42
See #782 . Fixing the packet send, but that's it (the module is still busted for other reasons).
...
git-svn-id: file:///home/svn/framework3/trunk@8251 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 03:03:51 +00:00
Tod Beardsley
bf24295d1d
See #782 . Updating ipidseq.
...
git-svn-id: file:///home/svn/framework3/trunk@8248 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 22:36:27 +00:00
Tod Beardsley
23f06ca8a6
See #782 . Updating syn scanner. Also, before I forget: should optimize the arp cache to keep negatives so we don't rearp all the time for nonexistant hosts.
...
git-svn-id: file:///home/svn/framework3/trunk@8247 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 22:16:03 +00:00
Tod Beardsley
658e07a0de
See #782 . Updating ack scanner.
...
git-svn-id: file:///home/svn/framework3/trunk@8246 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 21:59:30 +00:00
Tod Beardsley
4bb6e650da
See #782 . Implemented a more sensible arp cache so as not to spam with UDP probes and arps. Also refactored xmas to use the new methods.
...
git-svn-id: file:///home/svn/framework3/trunk@8245 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 21:37:40 +00:00
Joshua Drake
31949c4343
svn keywords fixups
...
fixed a bunch of $Id$ and $Revision$ typos
added keywords property to files missing it
git-svn-id: file:///home/svn/framework3/trunk@8242 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 20:12:13 +00:00
Tod Beardsley
c003a663d1
See #782 . Extended the injection ARP query methods to handle local addresses more satisfactorially, fixed a couple errors, and added a bunch of inline documentation to explain how it all works together.
...
git-svn-id: file:///home/svn/framework3/trunk@8238 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 16:00:16 +00:00
Tod Beardsley
cac3d6d56b
See #782 . This introduces some inject methods to the Capture mixin, and edits the ip_spoof module to take advantage of them.
...
git-svn-id: file:///home/svn/framework3/trunk@8237 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 06:38:41 +00:00
Tod Beardsley
37c1441c6c
Formatting on db2 output.
...
git-svn-id: file:///home/svn/framework3/trunk@8225 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 16:37:56 +00:00
Tod Beardsley
7cc01b07f3
See #726 . Post-commit fixes. Rename probe to version, clean up includes, fix verbosity on the probe and convert to single-line output.
...
git-svn-id: file:///home/svn/framework3/trunk@8224 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 16:25:29 +00:00
Tod Beardsley
359e1ad53a
See #726 . Adds a DB2 scanner and brute forcer.
...
git-svn-id: file:///home/svn/framework3/trunk@8223 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 15:58:24 +00:00
HD Moore
1bdd286936
This bug actually affected 9.2 as well according to adobe, reference updated
...
git-svn-id: file:///home/svn/framework3/trunk@8222 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 14:22:13 +00:00
Joshua Drake
87adb7714f
fixed whitespace
...
git-svn-id: file:///home/svn/framework3/trunk@8219 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 04:52:49 +00:00
Joshua Drake
83f47796fe
add reference to ms09-032 (the mitigation)
...
git-svn-id: file:///home/svn/framework3/trunk@8212 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-24 00:05:19 +00:00
James Lee
cc41516a79
don't wait for the client reporting
...
git-svn-id: file:///home/svn/framework3/trunk@8210 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-23 00:17:59 +00:00
Joshua Drake
14862e0106
added another target
...
git-svn-id: file:///home/svn/framework3/trunk@8204 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 21:43:40 +00:00
Joshua Drake
4bb3adc397
move new tomcat_mgr_login scanner into scanner/http
...
git-svn-id: file:///home/svn/framework3/trunk@8202 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 20:33:11 +00:00
Joshua Drake
40be42676b
new tomcat_mgr_login aux module
...
- uses auth_brute mixin
- has old and new default users/passes/pairs
- replaces older modules/auxiliary/admin/http/tomcat_manager.rb
git-svn-id: file:///home/svn/framework3/trunk@8201 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 20:31:51 +00:00
Joshua Drake
5ebb0c4b38
add CVE, two default users & passwords, see #711
...
git-svn-id: file:///home/svn/framework3/trunk@8194 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 16:22:12 +00:00
Joshua Drake
6fd20d411f
add exploit module for cve-2009-4179
...
git-svn-id: file:///home/svn/framework3/trunk@8192 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 05:52:53 +00:00
Joshua Drake
409d44bfad
fix another typo
...
git-svn-id: file:///home/svn/framework3/trunk@8190 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:26:04 +00:00
Joshua Drake
9cb3ac9340
fix typo
...
git-svn-id: file:///home/svn/framework3/trunk@8189 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:24:54 +00:00
Joshua Drake
ab1a1c58db
escape more format specifiers passed to util.printd
...
prevents mucking with the allocation size (hopefully)
a better solution would be to find a different way to allocate the freed memory..
git-svn-id: file:///home/svn/framework3/trunk@8188 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 18:32:01 +00:00
Joshua Drake
a87d4e7eb4
escape randomly generated format specifiers passed to util.printd
...
prevents mucking with the allocation size (hopefully)
git-svn-id: file:///home/svn/framework3/trunk@8186 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 17:09:46 +00:00
Joshua Drake
2b8a2d56a1
some variable renaming
...
git-svn-id: file:///home/svn/framework3/trunk@8184 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 04:55:16 +00:00
Joshua Drake
72e1b9bb50
added a couple better error messages
...
git-svn-id: file:///home/svn/framework3/trunk@8183 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:30:08 +00:00
Joshua Drake
97c3159293
fixed version command, check function
...
git-svn-id: file:///home/svn/framework3/trunk@8182 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:15:20 +00:00
Joshua Drake
e8048704be
add exploit module for cve-2009-1979 (oracle pre-auth bof)
...
git-svn-id: file:///home/svn/framework3/trunk@8181 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:05:18 +00:00
James Lee
865a50594b
add a telnet login scanner
...
git-svn-id: file:///home/svn/framework3/trunk@8179 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-20 03:25:34 +00:00
Joshua Drake
4a54388119
use print_error for failed login
...
git-svn-id: file:///home/svn/framework3/trunk@8178 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-20 02:33:15 +00:00
James Lee
e19f66ec1f
use the new authbrute mixin
...
git-svn-id: file:///home/svn/framework3/trunk@8176 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-20 01:43:01 +00:00
Joshua Drake
310be42bfa
try not to repeatedly load static files - see #694
...
git-svn-id: file:///home/svn/framework3/trunk@8166 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 19:12:42 +00:00
James Lee
ca7f85c054
more consistent printing of found credentials
...
git-svn-id: file:///home/svn/framework3/trunk@8164 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 19:06:03 +00:00
James Lee
d85c801b11
name consistency with arp_sweep
...
git-svn-id: file:///home/svn/framework3/trunk@8162 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 17:49:00 +00:00
Joshua Drake
db5097af91
bump ranking up, comment about crash recovery
...
git-svn-id: file:///home/svn/framework3/trunk@8154 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 07:23:22 +00:00
Joshua Drake
477468147b
cleanup exceptions, optimize query length, add some entropy
...
git-svn-id: file:///home/svn/framework3/trunk@8153 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 05:09:40 +00:00
Joshua Drake
7c402d1d79
changed a comment
...
git-svn-id: file:///home/svn/framework3/trunk@8152 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 01:56:31 +00:00
Joshua Drake
52b71077d3
major overhaul of ms09-004 (cve-2008-5416) exploit
...
git-svn-id: file:///home/svn/framework3/trunk@8151 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 01:51:48 +00:00
James Lee
08eb80f4a9
use the authbrute mixin
...
git-svn-id: file:///home/svn/framework3/trunk@8150 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-18 22:22:22 +00:00
James Lee
cb9cf943b4
Remove the database lookups so we don't trigger lockout policies unnecessarily. We'll probably have to revisit this at some point
...
git-svn-id: file:///home/svn/framework3/trunk@8145 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-18 21:19:28 +00:00
James Lee
d4c42806f6
can't really be a scanner since a sid is needed for each host
...
git-svn-id: file:///home/svn/framework3/trunk@8141 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-17 17:56:05 +00:00
James Lee
bbe10b439f
let the user know when a client connects
...
git-svn-id: file:///home/svn/framework3/trunk@8140 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 01:00:01 +00:00
James Lee
6c572466fa
make the oracle login a scanner for consistency. see 757
...
git-svn-id: file:///home/svn/framework3/trunk@8139 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 00:59:06 +00:00
HD Moore
69f609bdcd
Updated description to make the source of the exploit clear and why it only triggers reliably vs 6 now. Adjusts the heap spray to be slightly bigger
...
git-svn-id: file:///home/svn/framework3/trunk@8138 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 00:55:42 +00:00
Steve Tornio
a0326fc842
add CVE and OSVDB refs
...
git-svn-id: file:///home/svn/framework3/trunk@8137 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 22:05:02 +00:00
HD Moore
579a6fe799
Metasploit port of the IE "Aurora" exploit, based on this sample: http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js
...
git-svn-id: file:///home/svn/framework3/trunk@8136 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 21:36:04 +00:00
HD Moore
2ba892aa69
Report host mac, name, and whether its a VM
...
git-svn-id: file:///home/svn/framework3/trunk@8133 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 15:49:13 +00:00
HD Moore
7390b1d42d
Add and improve database reporting to existing scanner modules
...
git-svn-id: file:///home/svn/framework3/trunk@8131 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 03:25:34 +00:00
HD Moore
90221c1191
Consistency change
...
git-svn-id: file:///home/svn/framework3/trunk@8130 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 02:58:59 +00:00
HD Moore
0b7df74615
Rename modules to be consistent with the new convention
...
git-svn-id: file:///home/svn/framework3/trunk@8129 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 02:55:08 +00:00
Joshua Drake
fba8a1d110
added a German target with 0x0a0a0a0a as the spray addr
...
git-svn-id: file:///home/svn/framework3/trunk@8125 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-14 22:24:56 +00:00
James Lee
df1cb6b36e
move smb/login. see 757
...
git-svn-id: file:///home/svn/framework3/trunk@8121 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-14 18:51:04 +00:00
James Lee
54095a585e
update the auth bruteforcer, and use it in smb/login
...
git-svn-id: file:///home/svn/framework3/trunk@8116 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-14 16:58:43 +00:00
HD Moore
396e894cdb
Finger user enumerator
...
git-svn-id: file:///home/svn/framework3/trunk@8109 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-13 23:37:14 +00:00
HD Moore
9bb14e1c4e
Add a telnet banner grabber
...
git-svn-id: file:///home/svn/framework3/trunk@8108 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-13 21:46:48 +00:00
HD Moore
831833667a
Minor tweak (run inside of sh -c '')
...
git-svn-id: file:///home/svn/framework3/trunk@8107 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-13 20:19:51 +00:00
HD Moore
dded66d71a
Fixed up to work against Windows 2000 -> Windows 7
...
git-svn-id: file:///home/svn/framework3/trunk@8106 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-13 14:37:15 +00:00
HD Moore
de2a293c26
Lookup users via SAMR
...
git-svn-id: file:///home/svn/framework3/trunk@8103 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-13 00:27:11 +00:00
HD Moore
a2b883ff3d
Adds a SID lookup module
...
git-svn-id: file:///home/svn/framework3/trunk@8101 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-12 07:39:53 +00:00
Carlos Perez
f9f4f31fdd
Changed to checking the size and not the line count on queries
...
git-svn-id: file:///home/svn/framework3/trunk@8083 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-07 17:52:40 +00:00
HD Moore
b1f79c6342
Use nohup to prevent the telnet session close from killing the command
...
git-svn-id: file:///home/svn/framework3/trunk@8082 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-07 00:10:03 +00:00
Joshua Drake
8399ff46b2
oops, left out a var
...
git-svn-id: file:///home/svn/framework3/trunk@8081 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:55:41 +00:00
Joshua Drake
c51c14bcba
fix typos :-/
...
git-svn-id: file:///home/svn/framework3/trunk@8080 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:09:34 +00:00
Joshua Drake
97338e6848
add exploit module for cve-2007-2280 (split from other)
...
git-svn-id: file:///home/svn/framework3/trunk@8079 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:04:58 +00:00
Joshua Drake
75ff9d327a
_2 == cve-2009-3844
...
git-svn-id: file:///home/svn/framework3/trunk@8078 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:01:08 +00:00
Joshua Drake
3a9b384554
renamed the moduled
...
git-svn-id: file:///home/svn/framework3/trunk@8077 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 19:29:11 +00:00
Joshua Drake
4a0051d93a
lots of updates, preparing to split into two modules
...
git-svn-id: file:///home/svn/framework3/trunk@8076 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 19:28:19 +00:00
HD Moore
6a10d6b6ca
Cleanup for tcp mixin, report smb version better, downcase service names
...
git-svn-id: file:///home/svn/framework3/trunk@8074 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 18:47:04 +00:00
Steve Tornio
888b7637c0
Add OSVDB ref, fixed exploit-db refs
...
git-svn-id: file:///home/svn/framework3/trunk@8071 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 11:49:12 +00:00
Joshua Drake
905d391d5e
add exploit module for bigant 2.52 usv bug
...
git-svn-id: file:///home/svn/framework3/trunk@8070 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 08:24:35 +00:00
Joshua Drake
efb3dbb2af
minor tweaks
...
git-svn-id: file:///home/svn/framework3/trunk@8069 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 00:35:46 +00:00
Joshua Drake
789d875d24
record addr for stack hijacking
...
git-svn-id: file:///home/svn/framework3/trunk@8068 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 00:02:15 +00:00