249fb79a21
Fix print_* calls
2014-11-25 13:02:53 -06:00
87cfd7c321
Dont use disconnect
2014-11-25 13:00:53 -06:00
fb8372f505
Fix metadata
2014-11-25 12:59:11 -06:00
71f35f5cd6
Update from upstream master
2014-11-25 12:46:44 -06:00
3a5de9970f
Update description, rename xnu_ver -> osx_ver.
2014-11-25 12:38:29 -06:00
7a3fb12124
Add an OSX privilege escalation from Google's Project Zero.
2014-11-25 12:34:16 -06:00
4bd579bc1c
added mssql_enum_domain_accounts_sqli
2014-11-25 09:57:20 -06:00
5294594379
dd Windows post module for reading/searching Outlook e-mail #5 Add DE
2014-11-25 14:36:14 +01:00
64f2b45ef4
Land #4258 , release fixes
2014-11-24 21:44:14 -06:00
71669b9f9e
Change module filename
2014-11-24 20:34:12 -06:00
5c4b1b0283
Output some information
2014-11-24 20:31:26 -06:00
6e9cd331b3
Modify description
2014-11-24 20:28:38 -06:00
261da9306e
Use store_loot
2014-11-24 20:22:21 -06:00
cf52dd895f
Refactor search
2014-11-24 20:20:37 -06:00
2fa5223d3b
move check out of the begin block
2014-11-24 19:28:53 -06:00
90bdc770b5
Use literal creation notation
2014-11-24 19:27:50 -06:00
2c4caeed29
Clean metadata
2014-11-24 19:26:12 -06:00
443dd7b6c0
Use constants
2014-11-24 19:04:02 -06:00
250250beb0
Fix indentation
2014-11-24 18:58:07 -06:00
88ccffacb4
Update from upstream master
2014-11-24 18:32:35 -06:00
bd948eb346
Normalize author name
...
From #4061 , please don't decorate author names with URLs.
2014-11-24 13:03:42 -06:00
343a0d78bc
Delete admin check
2014-11-24 12:28:19 -06:00
7164c4e038
Use shorter filename
2014-11-24 12:10:08 -06:00
021b27dd83
Clean reporting
2014-11-24 12:01:09 -06:00
f74ab34881
Delente unnecessary check
2014-11-24 11:50:41 -06:00
3c858c793a
Use vprint
2014-11-24 11:49:36 -06:00
583494c0db
use BrowserExploitServer
2014-11-24 18:49:27 +01:00
4a169210ab
Use vprint
2014-11-24 11:48:16 -06:00
ecb74c543a
Beautify description
2014-11-24 11:27:32 -06:00
c52104e91d
Beautify metadata
2014-11-24 11:24:41 -06:00
fcb4bea3c1
Fix code comments
2014-11-24 11:23:27 -06:00
77b1f2d2f0
Fixup for release
...
Fixes the grammar on the SMTP enumeration module and the Cisco CDP
module, and adds a more informative description and reference for the
CDP module introduced on PR #4061 .
2014-11-24 10:50:43 -06:00
10d0305cb2
Update from upstream master
2014-11-24 09:48:43 -06:00
e9750e2df8
Minor style/usability cleanups
2014-11-24 06:57:31 -08:00
08a67d78c5
module for CVE-2014-6332.
2014-11-24 08:25:18 +01:00
57419bb0fc
Fix #4253 - Print access level for snmp_login
...
Fix #4253 - module should print the access level
2014-11-22 23:09:15 -06:00
9828598cb7
removing timeout method and option
2014-11-22 00:28:56 -07:00
57b04f96a7
working with DLSw protocol check
2014-11-21 23:54:00 -07:00
b9a274f869
improving DLSw detection
2014-11-21 18:58:02 -07:00
53b69583f4
Add Windows post module for reading/searching Outlook e-mail #4
2014-11-21 20:00:30 +01:00
3ac1f7d4fb
Land #4242 , @Meatballs1 fix for sap_service_discovery report_note
...
* I cannot reproduce @Meatballs1 issue
* But I noticed report_note should :update with :unique_data
* Fixed the :update
2014-11-21 10:16:08 -06:00
e30ee9fee2
Update with :unique_data
2014-11-21 10:14:39 -06:00
99a23ada5c
Module cleanup, error handling, and reporting
2014-11-20 16:18:20 -06:00
2f6c4a9ba4
Slight tweak to description/author email formatting
2014-11-20 14:53:52 -06:00
ee15179441
Fix service discovery errors
2014-11-20 18:22:33 +00:00
8306d739e3
add scanner module to extract domain from NTLM challenge
2014-11-20 11:02:21 -05:00
9e9954e831
fix placeholder to show the firmware version I used
2014-11-19 21:23:39 +01:00
a718e6f83e
add exploit for r7-2014-18 / CVE-2014-4880
2014-11-19 21:07:02 +01:00
6a58774dd6
Land #4234 , crediting @jduck
2014-11-19 12:43:04 -06:00
a4a1048f95
modified to get data collection off sock working
2014-11-19 11:17:58 -07:00
684975a315
Use correct target address for fake As
2014-11-19 08:28:56 -08:00
3777e78a85
Sanitize creation of target host. Return minimal for SRV
2014-11-19 08:28:56 -08:00
52e004d8ab
Use less conflicting name for SRV record port
2014-11-19 08:28:56 -08:00
ee90e4353b
Add more consistent logging for fakedns types that support fake vs bypass
2014-11-19 08:28:55 -08:00
0910275fac
Don't artificially insert additional records when BYPASS
2014-11-19 08:28:55 -08:00
a38cb3ee53
@jhart-r7 commits are accepted and conflicts fixed.
2014-11-19 08:28:55 -08:00
ab7f6866f5
FAKE and BYPASS actions are implemented for SRV queries
2014-11-19 08:28:55 -08:00
f403d27fbd
Author update for the fakedns module
2014-11-19 08:28:55 -08:00
47f7d8c4be
IN:SRV expansion for Fake DNS server
2014-11-19 08:28:55 -08:00
a9cb6e0d2f
Add jduck as an author on samsung_knox_smdm_url
2014-11-19 10:18:08 -06:00
895bdd9c6f
Remove unused options
2014-11-19 08:09:52 -08:00
134046975e
Remove report mixin which was not used
2014-11-19 08:09:52 -08:00
4c112e71c1
Remove errant whitespace, unnecessary to_s
2014-11-19 08:09:52 -08:00
f54fc3da87
More CDP cleanup. Loop, cleaner packet construction, style
2014-11-19 08:09:52 -08:00
0dac2de3fd
Use PacketFu::EthHeader.mac2str for MAC formatting
2014-11-19 08:09:52 -08:00
2d484a3e1a
Remove sniffing capabilities from cdp -- use wireshark/tcpdump instead
2014-11-19 08:09:52 -08:00
39d691086e
First round of basic Ruby style cleanup in cdp
2014-11-19 08:09:52 -08:00
7e93d890ab
Viproy is removed from names
...
Author section is fixed
2014-11-19 08:09:52 -08:00
d78d57eaf4
Viproy VoIP Pen-Test Kit - Cisco CDP Testing Module
2014-11-19 08:09:52 -08:00
7d6e7a6bfa
Minor Ruby style and module usability cleanup
2014-11-18 16:33:05 -08:00
6b8b49ff98
improving metasploit module based on feedback
2014-11-18 15:03:18 -07:00
fb4b6543e2
Handle other rex exceptions
2014-11-18 15:57:41 -06:00
542eb6e301
Handle exception in brute force exploits
2014-11-18 12:17:10 -08:00
60e31cb342
Allow sunrpc_create to raise on its own
2014-11-18 12:17:10 -08:00
500c4249fe
Update solaris_kcms_readfile to gracefully handle RPC errors
2014-11-18 12:17:10 -08:00
82f89e620b
Clean up nfs mount scanner to *print_* better
2014-11-18 12:17:10 -08:00
b2f9307e0a
vprint # of RPC programs, since the table comes right after
2014-11-18 12:17:10 -08:00
a9f9a8b116
Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner
2014-11-18 12:17:10 -08:00
c7794a7ed9
Clean up Ruby style in sunrpc_portmapper
2014-11-18 12:17:09 -08:00
059d84e4ca
More consistent *print_* and Rex::Ui::Text::Table for sunrpc_portmapper
2014-11-18 12:17:09 -08:00
435c6eef81
Add Windows post module for reading/searching Outlook e-mail #3
2014-11-18 16:27:33 +01:00
91a53dc36c
Add Windows post module for reading/searching Outlook e-mail
2014-11-18 12:41:24 +01:00
703e0486fb
Add DLSw leak capture module for CVE-2014-7992
2014-11-17 20:35:54 -07:00
d5ebd8a2dc
Shorten the reverse_http stager by renaming a var
2014-11-17 19:04:26 -05:00
7daedac399
Land #3972 @jhart-r7's post gather module for remmina Remmina
...
* Gather credentials managed with Remmina
2014-11-17 16:44:41 -06:00
45d219c0d8
Land #4102 , @jhart-r7's fix for nbns_response
...
* Use request src_port instead of 137
2014-11-17 15:46:38 -06:00
286827c6e5
Land #4186 , Samsung KNOX exploit. Ty @jvennix-r7!
2014-11-17 13:29:39 -06:00
39980c7e87
Fix up KNOX caps, descriptive description
2014-11-17 13:29:00 -06:00
0f41bdc8b8
Add an OSVDB ref
2014-11-17 13:26:21 -06:00
8c34f35ca9
added mssql_enum_windows_domain_accounts.rb
2014-11-17 13:03:43 -06:00
54de805b7a
Report credentials
...
* Even when we are not associating them to hosts
* It's a post module so maybe we cannot solve some names
2014-11-17 12:49:18 -06:00
7a2b7208e7
Add Windows post module for reading/searching Outlook e-mail
2014-11-17 19:38:55 +01:00
b3b37c7c9f
Use longer description lines
2014-11-17 12:23:22 -06:00
145e610c0f
Avoid shadowing new method
2014-11-17 12:22:30 -06:00
fd53e969fd
Land #4217 , browser_autopwn variable fix
2014-11-17 11:46:52 -06:00
405eae4b6e
Remove EOL whitespace
2014-11-17 11:46:36 -06:00
20195e7f37
Update from upstream/master
2014-11-17 11:43:48 -06:00
91ba25a898
Land #4208 , psexec delay fix
2014-11-17 11:35:56 -06:00
2c36f79934
Land #4165 , @jhart-r7's check for datastore options on Cisco dtp
...
* Fix modules/auxiliary/spoof/cisco/dtp
* Just one of the two options is required
2014-11-17 11:23:31 -06:00
d5afb2b766
%q
2014-11-17 09:01:14 -08:00
ce73e32673
Doc and named captures
2014-11-17 09:01:14 -08:00
bf05fe1389
Refactoring, simplification, better print_*
2014-11-17 09:01:14 -08:00
6e1cdfde36
Rip out create_credential* stuff. Use what works
2014-11-17 09:01:14 -08:00
e5bb13a609
If remmina config files are missing data for creds, tell me what
2014-11-17 09:01:14 -08:00
875d1f9ea0
Convert Remmina credential gatherer to use new credentials model
2014-11-17 09:01:14 -08:00
086f0c02d6
Remove excessive logging
2014-11-17 09:01:14 -08:00
90e58e9e71
Binary encoding
2014-11-17 09:01:14 -08:00
e76373340e
Correct some Rubocop things that I agree with
2014-11-17 09:01:14 -08:00
f729a6cf02
Add Remmina RDP/SSH/VNC password gathering
2014-11-17 09:01:13 -08:00
cd61975966
Change puts to vprint_debug.
2014-11-17 10:13:13 -06:00
9243cfdbb7
Minor fixes to ruby style things
2014-11-17 17:12:17 +01:00
fc1635e80a
Fix BAP JS ref error.
2014-11-17 10:06:15 -06:00
2a24151fa8
Remove BAP target, payload is flaky. Add warning.
2014-11-17 02:02:37 -06:00
9fe4994492
Chris McNab has been working with MITRE to add these CVEs
...
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
0bf93acf6b
Pymeterp http proxy and user agent support
2014-11-16 14:29:20 -05:00
5de69ab6a6
minor syntax fixes.
2014-11-15 21:39:37 -06:00
3fb6ee4f7d
Remove dead constant.
2014-11-15 21:38:11 -06:00
7a62b71839
Some URL fixes from @jduck and exploit ideas from Andre Moulu.
...
The exploit works with the URLs fixed, installs the APK, but hangs at the Installing...
screen and never actually launches. We tried opening the APK in a setTimeout() intent
URI, but the previously launched intent seemed unresponsive. Andre had the bright
idea of re-opening the previously launched intent with invalid args, crashing it and
allow us to launch the payload.
2014-11-15 21:33:16 -06:00
a521d469ed
Land #4194 , Quake protocol support
2014-11-15 17:44:19 -06:00
28135bcb09
Land #4159 , MantisBT PHP code execution by @itseco
2014-11-15 07:49:54 +01:00
27d5ed624f
fix for IE9 exploit config
2014-11-14 17:21:59 -08:00
17ab0cf96e
ADD winxpIE8 exploit for MS13-080
2014-11-14 17:16:51 -08:00
7c14e818f6
Patch pymeterp http settings
2014-11-14 17:12:23 -05:00
e194d5490d
See #4162 - Don't delay before deleting a file via SMB
...
So I was looking at issue #4162 , and on my box I was seeing this
problem of the exploit failing to delete the payload in C:\Windows,
and the error was "Rex::Proto::SMB::Exceptions::NoReply The SMB
server did not reply to our request". I ended up removing the sleep(),
and that got it to function properly again. The box was a Win 7 SP1.
I also tested other Winodws boxes such as Win XP SP3, Windows Server
2008 SP2 and not having the sleep() doesn't seem to break anything.
So I don't even know why someone had to add the sleep() in the first
place.
2014-11-14 15:45:37 -06:00
681ae8ce6b
Pymet reverse_http stager basic implementation
2014-11-14 14:15:46 -05:00
57aef9a6f5
Land #4177 , @hmoore-r7's fix for #4169
2014-11-13 18:29:57 -08:00
3faa48d810
small bugfix
2014-11-13 22:51:41 +01:00
7d6b6cba43
some changes
2014-11-13 22:46:53 +01:00
e2dc862121
Fix newly introduced typo.
2014-11-13 14:53:57 -06:00
dd1920edd6
Minor typos and grammar fixes
2014-11-13 14:48:23 -06:00
17032b1eed
Fix issue reported by FireFart
2014-11-13 04:48:45 -05:00
31f3aa1f6d
Refactor create packager methods
2014-11-13 01:16:15 -06:00
38a96e3cfc
Update target info
2014-11-13 00:56:42 -06:00
e25b6145f9
Add module for MS14-064 bypassing UAC through python for windows
2014-11-13 00:56:10 -06:00
f081ede2aa
Land #4155 , @pedrib's module for CVE-2014-8499
...
* Password Manager Pro privesc + password disclosure
2014-11-12 23:56:26 -06:00
ea6d8860a1
Not root, just arbitrary permissions.
2014-11-12 21:51:55 -06:00
ebf6fe4e56
Minor style cleanup
2014-11-12 16:44:43 -08:00
a5009170e7
Land #4185 - Add CVE-2014-6352 (ms14-060 aka sandworm)
2014-11-12 17:11:43 -06:00
07a1653e57
Add gather module for Quake servers
2014-11-12 13:32:56 -08:00
9df31e950f
Add OSVDB id
2014-11-12 21:32:33 +00:00
54158c8662
Land #4005 , TNS poison checker
2014-11-12 13:29:59 -06:00
d242bc220b
Minor fixups and disclosure date for TNS module
2014-11-12 13:25:10 -06:00
955a5142ca
Edit e-mail address for antispam
2014-11-12 13:19:04 -06:00
1895311911
Change URL to single line.
2014-11-12 10:56:51 -06:00
8689b0adef
Add module for samsung knox root exploit.
2014-11-12 09:53:20 -06:00
70589668c2
Really land the #4130 module
2014-11-12 09:39:01 -06:00
ece8013d7a
Use #empty?
2014-11-12 09:35:06 -06:00
f048463ed6
Do minor fixupts
...
* Delete peer method
* Make verifications more strict
2014-11-12 09:33:49 -06:00
a5c87db65e
Do minor cleanup
...
* Beautify description
* Use double quotes for interpolation
2014-11-12 09:29:53 -06:00
e1164d3e14
Use snake_case on filename
2014-11-12 09:26:47 -06:00
jvazquez-r7
Joe Vennix
nullbind
wez3
William Vu
Tod Beardsley
spdfire
Jon Hart
sinn3r
tate
HD Moore
Meatballs
Rich Whitcroft
Mark Schloesser
Fatih Ozavci
Spencer McIntyre
floyd
Christian Mehlmauer
Rich Lundeen
Juan Escobar
Pedro Ribeiro