Trevor Rosen
651871bd7a
Resolve upstream conflict
2014-06-11 13:34:45 -05:00
David Maloney
9593422f9c
Merge branch 'master' into staging/electro-release
2014-06-11 10:23:56 -05:00
William Vu
6ca5cf6c26
Add Chromecast YouTube remote control
2014-06-11 00:08:08 -05:00
James Lee
fb8c1f4c4b
Refactor ssh_login to use LoginScanner stuffs
...
Also, Metasploit::Credential::Creation stuffs.
2014-06-10 17:30:06 -05:00
David Maloney
c06fd21fb1
refactor tomcat_mgr_login
...
uses the new Metasploit::Credential magic now
2014-06-10 15:59:00 -05:00
David Maloney
693c4aae66
make sure we capture realms
...
need to account for the possability of
realms in mssql_login
2014-06-10 14:41:45 -05:00
Luke Imhoff
b05e7fb9ac
Fix require
...
MSP-10004
Change 'zip/zip' to 'zip' to match >= 1.0.0 rubyzip API.
2014-06-10 13:58:07 -05:00
David Maloney
74d376e387
refactor db2_auth module
...
you know what it is
2014-06-10 13:43:07 -05:00
Luke Imhoff
4d923a4809
Update to Rubyzip 1.X API
...
MSP-10004
`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
Tod Beardsley
44540e6d00
Land #3437 , CSS Injection MITM scanner
2014-06-10 13:36:35 -05:00
jvazquez-r7
4aa1fee398
Land #3326 , @FireFart's Heartbleed - server response parsing
2014-06-10 13:27:28 -05:00
David Maloney
0c89d6cdce
refactor mssql_login
...
now uses all the Metasploit::Credential goodness
2014-06-10 11:49:08 -05:00
David Maloney
15ceb1e826
put calls in right place it helps
2014-06-10 11:17:19 -05:00
David Maloney
63ec83ea90
missing public
...
missing the public in the invalidate_login call
now fixed
2014-06-10 11:12:17 -05:00
David Maloney
6362eac0b0
add invalidate_login call
2014-06-10 11:11:22 -05:00
David Maloney
e9d9806408
invalidate_login
...
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
David Maloney
dc590008a7
add invalidate_login call
...
add the new invalidate login call to make sure
we update the status on failed logins appropriately
2014-06-10 10:58:27 -05:00
Tod Beardsley
521284253f
Be more clear about the vuln and impact
2014-06-10 10:29:23 -05:00
jvazquez-r7
9b55f5143a
Add module for CVE-2014-0224
2014-06-09 17:38:11 -05:00
James Lee
e629fdb47d
Report the realm, too
...
derp
2014-06-09 17:06:56 -05:00
David Maloney
32f87b985c
refactor mysql_login
...
refactor mysql_login to use the new
Metasploit::Credential apradigm
2014-06-09 14:20:58 -05:00
David Maloney
61fd962331
refactor vnc_login
...
refactor for new credential usage
2014-06-09 13:55:24 -05:00
Tod Beardsley
4103f2295b
Missing comma
2014-06-09 13:44:46 -05:00
Tod Beardsley
0e14d77dba
Minor fixup on DTLS module
2014-06-09 13:42:30 -05:00
jvazquez-r7
0e611b5d64
Land #3429 , @jhart-r7's auxiliary module for CVE-2014-0195
2014-06-09 13:34:38 -05:00
jvazquez-r7
ed5d83a41b
Add vulnerability discoverer
2014-06-09 13:25:33 -05:00
jvazquez-r7
daf662b3c0
Do minor cleanup
2014-06-09 13:23:56 -05:00
David Maloney
a4e96d8f59
Merge branch 'master' into staging/electro-release
2014-06-09 13:07:22 -05:00
David Maloney
f8f5691eee
refactor postgres_login module
...
postgres_login now uses all the new components
such as Metasploit::Credential and the LoginScanner
class
2014-06-09 12:59:05 -05:00
jvazquez-r7
1f33566033
Land #3432 , @Meatballs1 sap_soap_rfc_brute_login's clean up
2014-06-09 11:39:52 -05:00
jvazquez-r7
b39b41e29f
Land #3371 , @Meatballs1 fix for sap_mgmt_con_getprocessparameter
2014-06-09 11:25:01 -05:00
Jon Hart
06e45e8253
Clean up TLS fragment building
2014-06-09 08:39:30 -07:00
David Maloney
482aa2ea08
Merge branch 'master' into staging/electro-release
2014-06-09 10:27:22 -05:00
Christian Mehlmauer
099003708c
Land #3422 , SAP Bruterforcer datastore cleanup
2014-06-08 08:42:27 +02:00
Brandon Perry
4367e8ef0c
Update mongodb_js_inject_collection_enum.rb
...
Fix some logic bugs that caused incorrect results.
2014-06-07 21:03:28 -05:00
Brandon Perry
dc89621d5c
Update mongodb_js_inject_collection_enum.rb
...
No need to make extra requests. Off by one.
2014-06-07 20:09:00 -05:00
Brandon Perry
2663af986b
Update mongodb_js_inject_collection_enum.rb
...
This adds a bit more error handling, and better decision making in regards to false responses.
2014-06-07 19:58:12 -05:00
Jon Hart
a7a1a2bf3b
Move dtls_fragment_overflow.rb under ssl where it belongs
2014-06-07 12:56:34 -07:00
Brandon Perry
4071fb332b
Create mongodb_js_inject_collection_enum.rb
...
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7
https://gist.github.com/brandonprry/c2de8ac2be825007c4de
2014-06-07 11:20:34 -05:00
Jon Hart
8637a1fff1
OpenSSL DTLS CVE-2014-0195 POC
2014-06-06 19:24:47 -07:00
Meatballs
fe20e6e1c4
Merge remote-tracking branch 'upstream/master' into soap_brute_fix
...
Conflicts:
modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
2014-06-07 02:44:16 +01:00
Meatballs
8624ddfc3e
Clean up SAP SOAP RFC Brute Login
...
Honour the user supplied settings
Abort a host on connection error
Check a 200 response for some appropriate data
Let datastore validation handle things like options being present
Be more verbose if needed
Use the HTTPClient more appropriately
2014-06-07 02:34:49 +01:00
Meatballs
b997c2ac1f
Further tidies
2014-06-07 02:00:35 +01:00
dmaloney-r7
ff8e6d2c50
Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
...
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
James Lee
2ee408e9db
Refactor winrm_login with Credentials
2014-06-05 14:26:29 -05:00
James Lee
8b6e188ba8
Add support for realm in CredentialCollection
...
MSP-9988
2014-06-04 17:03:52 -05:00
David Maloney
4960503a59
fix jtr_format
...
use raw-md5 as that sort of works
2014-06-04 14:10:28 -05:00
David Maloney
30c35907bf
refactor psotgres_hashdump
...
refactor psotgres_hashdump to now save
hashes as Metasploit::Credential objects
2014-06-04 12:21:49 -05:00
David Maloney
d1f7f93e4b
refactor mysql_hashdump
...
mysql_hashdump now uses Metasploit::Credential to
save hashes.
2014-06-04 11:59:47 -05:00
David Maloney
201e6e9866
Merge branch 'feature/MSP-9750/MSSQL_hashdump' into feature/MSP-9751/mysql_hashdump
2014-06-04 11:58:58 -05:00
David Maloney
28bf29980e
Merge branch 'master' into staging/electro-release
2014-06-04 10:21:08 -05:00
David Maloney
d3949b3d6c
refactor mssql_hashdump
...
refactor mssql_hashdump to use Metasploit:Credential
2014-06-03 15:02:59 -05:00
Meatballs
0e3549ebc4
mc brute tidy
2014-06-03 17:27:46 +01:00
Tod Beardsley
b7dc89f569
I prefer "bruteforce" to "brute force" for search
...
Just makes it easier to search for, since it's an industry term of art.
2014-06-02 13:09:46 -05:00
David Maloney
34004908bb
Merge branch 'master' into staging/electro-release
...
Conflicts:
.ruby-version
2014-06-02 11:10:33 -05:00
William Vu
8bd4e8d30a
Land #3406 , indeces_enum -> indices_enum
2014-06-02 11:06:33 -05:00
RageLtMan
74400549a1
Resolve undefined method `get_cookies'
...
Anemone::Page is not a Rex HTTP request/response, and uses the
:cookies method to return an array of cookies.
This resolves the method naming error, though it does break with
Rex naming convention since Anemone still uses a lot non-Rex
methods for working with pages/traffic.
2014-05-30 14:39:51 -04:00
jvazquez-r7
4a1fea7abb
Land #2948 , @juushya's PocketPAD login bruteforce module
2014-05-30 11:47:16 -05:00
jvazquez-r7
b0bdfa7680
Clean up code
2014-05-30 11:44:42 -05:00
jvazquez-r7
fb59221189
Land #2494 , @juushya's etherpadduo login module
2014-05-30 11:35:28 -05:00
jvazquez-r7
d92a7adc68
change module filename
2014-05-30 11:31:49 -05:00
jvazquez-r7
40a103967e
Minor code cleanup
2014-05-30 11:28:37 -05:00
jvazquez-r7
6f330ea190
Add deprecation information
2014-05-29 17:38:01 -05:00
jvazquez-r7
aea0379451
Fix typos
2014-05-29 12:37:51 -05:00
David Maloney
696d2b7e6b
Merge branch 'master' into staging/electro-release
2014-05-29 12:30:32 -05:00
dmaloney-r7
e669324366
Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner
...
Add axis2 login scanner
2014-05-29 11:22:22 -05:00
William Vu
53ab2aefaa
Land #3386 , a few datastore msftidy error fixes
2014-05-29 10:44:37 -05:00
William Vu
8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings
2014-05-29 04:42:49 -05:00
William Vu
3f86aebabf
Land #3398 , CAPWAP DoS description cleanup
2014-05-28 14:55:22 -05:00
William Vu
785b53820e
Land #3399 , print_error instead of print_status
2014-05-28 14:53:00 -05:00
James Lee
05e24326a6
Style compliance
2014-05-28 14:31:34 -05:00
joev
c89cd24621
Rewire some snmp modules to use print_error instead of print_status.
2014-05-28 13:31:00 -05:00
Tod Beardsley
4b5c62ba8d
Dress up CAPWAP DoS desc a little.
2014-05-28 12:19:17 -05:00
jvazquez-r7
55ef5dd484
Land #3115 , @silascutler's module for elasticsearch indeces enumeration
2014-05-27 11:28:34 -05:00
jvazquez-r7
2271afc1a5
Change module filename
2014-05-27 11:25:39 -05:00
jvazquez-r7
3de8beb5fd
Clean code
2014-05-27 11:22:40 -05:00
jvazquez-r7
69e8286838
Fix title
2014-05-27 10:29:32 -05:00
jvazquez-r7
1316365c2f
Fix description
2014-05-27 10:22:39 -05:00
jvazquez-r7
abe1d6ffc7
Land #3190 , @Karmanovskii's module to fingerprint MyBB database
2014-05-27 10:20:24 -05:00
jvazquez-r7
86221de10e
Fix message
2014-05-27 10:18:27 -05:00
jvazquez-r7
b96c2dd0ca
Change module filename
2014-05-27 10:15:39 -05:00
jvazquez-r7
1d8c46155b
Do last code cleaning
2014-05-27 10:14:55 -05:00
William Vu
352e14c21a
Land #3391 , all vars_get msftidy warning fixes
2014-05-26 23:41:46 -05:00
Karmanovskii
eacf70af83
Update mybb_get_type_db.rb
...
26.05.2014 23:26
I deleted mimicking IE11
2014-05-26 23:26:28 +04:00
jvazquez-r7
217a14e4d7
Land #3366 , @jholgui's module for CVE-2013-4074
2014-05-25 18:53:30 -05:00
jvazquez-r7
33ba134147
Clean msftidy warnings and metadata
2014-05-25 18:52:01 -05:00
jvazquez-r7
d3c17d8e3e
Delete wireshark_capwap_dos
2014-05-25 18:39:53 -05:00
Christian Mehlmauer
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
JoseMi
9f166b87f6
Changed the description
2014-05-24 18:58:36 +01:00
JoseMi
71e2d19040
Adapted to auxiliary modules structure
2014-05-24 18:53:10 +01:00
Tod Beardsley
1aee0f3305
Warn if it's not UPPERCASE method (@wchen-r7)
...
See the discussion on f7bfab5a26
, PR #3386
2014-05-23 17:10:27 -05:00
Tod Beardsley
9f78bec457
Use normalize_uri (@wchen-r7)
...
Instead of editing the datastore['PATH'], use normalize_uri.
Since the purpose of this module is quite fuzz-like, I didn't want to
apply the normalize_uri to the whole uri -- the original code merely
applied to datastore['PATH'] (which seems like it should be
datastore['URI'] really) and then added on a bunch of other stuff to
test for traversals.
2014-05-23 15:43:50 -05:00
Tod Beardsley
f7bfab5a26
HTTP traversal shouldnt upcase METHOD (@wchen-r7)
...
If the user wants to use downcased or mixed case HTTP methods, heck,
more power to them. If it doesn't work, it doesn't work. No other HTTP
module makes this call.
2014-05-23 15:32:04 -05:00
Tod Beardsley
7f59cf5035
Ora XID HTTP needn't edit DBUSER (@cellabosm)
...
Looks like copypasta artifacts. DBUSER and DBPASS aren't ever set as
options in the module, and the module doesn't include MC's
Exploit::ORACLE mixin. It's also from four years ago and doesn't
report_auth or anything useful like that, but that's out of scope for
this branch.
2014-05-23 15:20:46 -05:00
Tod Beardsley
f189033e8a
OWA bruteforce shouldnt edit datastore (@wchen-r7)
...
This module was written in an era where the defaults for bruteforcing
included a lot of lock-inducing behavior, thus, it was quite serious
about setting datastore options directly. Also, there was apparently a
bug in USER_AS_PASS that this module attempted to avoid by setting the
datastore directly, rather than fixing the bug directly. As far as I
know, this bug has been long since resolved.
2014-05-23 15:08:19 -05:00
Tod Beardsley
fa353e6bd9
Add CVE, IBM ref for SameTime modules
2014-05-22 11:34:04 -05:00
jvazquez-r7
8a9c005f13
Add URL
2014-05-20 17:43:07 -05:00
Karmanovskii
e26dee5e22
Update mybb_get_type_db.rb
...
19/05/2014
I deleted - #return Exploit::CheckCode::Unknown # necessary ????
2014-05-19 21:32:30 +04:00
William Vu
a30d6b1f2d
Quick cleanup for sap_icm_urlscan
2014-05-19 09:21:26 -05:00
William Vu
dc0e649a10
Clean up case statement
2014-05-19 09:21:07 -05:00
William Vu
bc64e47698
Land #3370 , cleanup for sap_icm_urlscan
2014-05-19 09:16:18 -05:00
Tod Beardsley
0ef2e07012
Minor desc and status updates, cosmetic
2014-05-19 08:59:54 -05:00
Meatballs
6b1e4c3a9d
Show loot and error code
2014-05-19 11:17:58 +01:00
Meatballs
848227e18a
401 should be a valid url
2014-05-19 10:59:38 +01:00
Meatballs
5d96f54410
Be verbose about 307
2014-05-19 10:52:06 +01:00
Meatballs
88b7dc3def
re-add content length
2014-05-19 10:46:47 +01:00
Meatballs
e59f104195
Use unless
2014-05-19 10:41:01 +01:00
William Vu
a97d9ed54f
Land #3148 , check_urlprefixes for sap_icm_urlscan
2014-05-17 16:10:52 -05:00
sappirate
dd1a47f31f
Modified sap_icm_urlscan to check for authentication of custom URLs
...
Fixed ruby coding style
2014-05-17 22:47:49 +02:00
Karmanovskii
06912ac2b6
Update mybb_get_type_db.rb
...
1.Changed "Rex::Proto::Http::Client" to "Msf::Exploit::Remote::HttpClient"
2.changed the name of the variable "_Version_server".
2014-05-17 16:30:29 +04:00
JoseMi
21cf0a162c
Added module to crash capwap dissector in wireshark tool
2014-05-17 11:31:43 +01:00
Christian Mehlmauer
488c3e6b93
Land #3358 , @jvazquez-r7 Advantech WebAccess 7.1 SQLI module
2014-05-16 21:26:41 +02:00
jvazquez-r7
2012d41b3d
Add origin of the user, and mark web users
2014-05-16 13:51:42 -05:00
jvazquez-r7
4143474da9
Add support for web databases
2014-05-16 11:47:01 -05:00
jvazquez-r7
883d2f14b5
delete debug print_status
2014-05-16 11:13:03 -05:00
jvazquez-r7
ea38a2c6e5
Handle ISO-8859-1 special chars
2014-05-16 11:11:58 -05:00
jvazquez-r7
c9465a8922
Rescue when the recovered info is in a format we can't understand
2014-05-16 08:57:59 -05:00
Tod Beardsley
3c1363b990
Add new SNMP enumeration modules
2014-05-16 08:32:46 -05:00
jvazquez-r7
7ec85c9d3a
Delete blank lines
2014-05-16 01:03:04 -05:00
jvazquez-r7
9091ce443a
Add suport to decode passwords
2014-05-16 00:59:27 -05:00
William Vu
f9982752f3
Land #3362 , ax rank for aux/dos mods
2014-05-14 15:20:07 -05:00
Tod Beardsley
dc57e31be1
Aux modules don't respect Rank anyway
2014-05-14 15:03:10 -05:00
jvazquez-r7
5b3bb8fb3b
Fix @FireFart's review
2014-05-14 09:00:52 -05:00
Karmanovskii
cbb84e854c
Update mybb_get_type_db.rb
...
14.05.2014
Eliminated notes jvazquez-r7
2014-05-14 14:56:40 +04:00
William Vu
de49241195
Land #3185 , regex option validation
2014-05-14 01:27:18 -05:00
Christian Mehlmauer
df4b832019
Resolved some more Set-Cookie warnings
2014-05-13 22:56:12 +02:00
jvazquez-r7
a7075c7e08
Add module for ZDI-14-077
2014-05-13 14:17:59 -05:00
Christian Mehlmauer
3f3283ba06
Resolved some msftidy warnings (Set-Cookie)
2014-05-12 21:23:30 +02:00
William Vu
92a9519fd9
Remove EOL spaces
2014-05-09 18:34:12 -05:00
jvazquez-r7
8c55858eae
Land #3309 , @arnaudsoullie's changes for modblusclient
2014-05-08 10:45:19 -05:00
jvazquez-r7
25f13eac37
Clean a little response parsing
2014-05-08 10:44:53 -05:00
Arnaud SOULLIE
1f3466a3a3
Added Modbus error handling.
...
It now checks for error and displays the appropriate error message.
The only error simulated was "ILLEGAL ADDRESS", don't know how
to test for others.
2014-05-05 23:21:54 +02:00
William Vu
e8bc89af30
Land #3337 , release fixes
2014-05-05 14:03:48 -05:00
jvazquez-r7
b81f94a229
Land #3336 , @todb-r7's CVEs addition
2014-05-05 13:43:04 -05:00
Tod Beardsley
c6affcd6d3
Fix caps, description on F5 module
...
The product name isn't "Load Balancer" as far as I can tell.
2014-05-05 13:38:53 -05:00
William Vu
353a50cdd0
Land #3316 , Content-Length fix for http_ntlmrelay
2014-05-05 13:38:36 -05:00
Tod Beardsley
3072c2f08a
Update CVEs for RootedCon Yokogawa modules
...
Noticed they were nicely documented at
http://chemical-facility-security-news.blogspot.com/2014/03/ics-cert-publishes-yokogawa-advisory.html
We apparently never updated with CVE numbers.
2014-05-05 13:25:55 -05:00
William Vu
a8915f0ed8
Land #3310 , OpenSSH timing attack improvements
2014-05-04 19:47:51 -05:00
Tom Sellers
a47b883083
Remove redundant simple.connect
...
Remove redundant simple.connect. Thanks @jlee-r7
2014-05-02 12:46:50 -05:00
Tom Sellers
b2eeaef475
Add admin check to smb_login
...
The attached updates changes smb_login to detect if the newly discovered user is an administrator. It is based on code from Brandon McCann "zeknox" submitted in PR #1373 , the associated changes, and the newer PR #2656 .
The changes should correct a few issues with PR #1373 and #2656 and address Redmine bug #8773 .
Specifically it:
- Fixes the admin detection code by using simple.disconnect(<share>) instead of disconnect()
- Adds support for detecting if the remote host will allow connects using any domain name when one of the new status codes is returned
- Dealt with the issue in PR #2656 where the username was prefixed with a '\'
Verification
Be connected to a database
Run this against a machine with a known user and admin user
See that the admin user is reported correctly
See that the non-admin user is reported correctly
Check the output of creds
Select a target that requires a domain in order to authenticate
In the stored credentials, with CHECK_ADMIN enabled, see that the domain name is, in fact, preserved in the reporting
To validate that the remote domain ignores domain value use the following command from a windows system:
net use \\<hostip>\admin$ /user:<random_value>\<username> <password>
2014-05-02 06:16:21 -05:00
Christian Mehlmauer
f7d8a5e3a3
rework the openssl_heartbleed module
2014-05-01 21:43:58 +02:00
jvazquez-r7
d3045814a2
Add print_status messages
2014-05-01 11:05:55 -05:00
jvazquez-r7
cc2e680724
Refactor
2014-05-01 11:04:29 -05:00
jvazquez-r7
28e9057113
Refactor make_payload
2014-05-01 10:23:33 -05:00
jvazquez-r7
bd124c85cb
Use metadata format for actions
2014-05-01 09:52:55 -05:00
William Vu
7777202045
Deconflict #3310 and correct the description
2014-04-30 12:02:57 -05:00
jvazquez-r7
9cd6c5ef2b
Land #3297 , @Th4nat0s's F6 backends disclosure module
2014-04-30 09:31:37 -05:00
jvazquez-r7
4e80e1c239
Clean up pull request code
2014-04-30 09:31:07 -05:00
Tod Beardsley
a5983b5f57
Light touchup on FP checker
2014-04-29 16:14:41 +01:00
Tod Beardsley
88efeea378
Add a false positive check
2014-04-29 16:07:42 +01:00