Jon Hart
121ebdfef6
update_info
2014-10-31 13:17:50 -07:00
Jon Hart
b99e71dcdd
Example UDPScanner style cleanup, move most to UDPScanner
2014-10-31 12:14:04 -07:00
Jon Hart
ff0b52cffb
Example per-batch vprint, a useful default
2014-10-31 10:31:31 -07:00
Jon Hart
94d4388af9
Improvements to example UDPScanner
2014-10-31 09:53:10 -07:00
Joe Vennix
1e9f9ce425
Handle invalid JSON errors and fix typo.
2014-10-31 11:01:49 -05:00
Jon Hart
d9f0a10737
Add new example template for scanning UDP services
2014-10-31 08:06:31 -07:00
William Vu
953a642b0e
Finally write a decent description
2014-10-30 22:51:42 -05:00
William Vu
e3ed7905f1
Add tnftp_savefile exploit
...
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
sinn3r
92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor
2014-10-30 13:52:07 -05:00
sinn3r
470a067384
Final changes
2014-10-30 13:51:44 -05:00
sinn3r
912f6c8eee
Land #4085 - Xerox Administrator Console Password Extract
2014-10-30 13:37:32 -05:00
sinn3r
02b1c5c4bc
Final changes
2014-10-30 13:37:02 -05:00
sinn3r
127d1640da
Print password
2014-10-30 13:27:40 -05:00
Deral Heiland
a6980b9eb8
Updated to module based feedback from wchen-r7
2014-10-30 12:59:11 -04:00
Joe Vennix
6dc13f90cd
Update descriptions to mention Webview bugginess.
2014-10-30 10:55:56 -05:00
Joe Vennix
0ad9f95806
Remove stray alert() for debugging.
2014-10-30 10:52:06 -05:00
Joe Vennix
88040fbce0
Add another Android < 4.4 UXSS exploit.
2014-10-30 10:34:14 -05:00
Jon Hart
15e1c253fa
Numerous cleanups for snmp_enumusers
...
* Bring in line with Ruby standards
* More sane format for adding new OSs
* Better logging for use on larger networks
* Better error handling
2014-10-29 23:54:32 -07:00
Peter Arzamendi
9d56f0298a
Changed upper XXX to lower XXX.
2014-10-29 20:09:02 -05:00
Deral Heiland
6c13c14be1
Konica MFP ftp and SMB credential gathering module
2014-10-29 16:12:16 -04:00
Peter Arzamendi
b35a8935db
Updated get_once for get_once undefined method and EOFError
2014-10-29 13:47:07 -05:00
Peter Arzamendi
2bc8767751
Updated rescue to catch other errors from the socket API
2014-10-29 08:03:28 -05:00
Jon Hart
ba5035c7ef
Prevent calling match when there is no WWW-auth header
2014-10-28 17:13:57 -07:00
Jon Hart
a5d883563d
Abort if 2013 desired but redirect didn't happen
2014-10-28 15:59:22 -07:00
Jon Hart
7ca4ba26b0
Show more helpful vprint messages when login fails
2014-10-28 15:48:04 -07:00
Jon Hart
bce8f34a71
Set proper Cookie header from built cookie string
2014-10-28 15:41:36 -07:00
Jon Hart
a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response
2014-10-28 15:40:15 -07:00
Peter Arzamendi
604cad9fbb
Updated timeout to default to 45 seconds to wait for the print job to finish.
2014-10-28 15:45:28 -05:00
Peter Arzamendi
b17d6a661d
Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds.
2014-10-28 15:23:47 -05:00
Peter Arzamendi
0e42cf25d1
Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri
2014-10-28 15:13:16 -05:00
Tod Beardsley
9c028c1435
Fixes #4083 , make the split nil-safe
...
In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.
This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.
2014-10-28 14:59:20 -05:00
Peter Arzamendi
1012cd8d6b
Updated based on wchen-r7 feedback.
2014-10-28 11:38:50 -05:00
Tod Beardsley
dade6b97ba
Land #4088 , wget exploit
...
Fixes #4077 as well.
2014-10-28 09:03:07 -05:00
sinn3r
e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner
2014-10-28 01:45:57 -05:00
Jonathan Claudius
d799625507
Switch to vprint_good for verbose good things
2014-10-28 01:53:54 -04:00
Jonathan Claudius
0fa461737e
Fix null arguments syntax
2014-10-28 01:49:54 -04:00
Jonathan Claudius
7a727f9bff
Make msftidy happy
2014-10-28 01:48:13 -04:00
Jonathan Claudius
595b4d2bbd
Clean up aux check review comments
2014-10-28 01:44:52 -04:00
HD Moore
64c206fa62
Add module for CVE-2014-4877 (Wget)
2014-10-27 23:37:41 -05:00
Fatih Ozavci
329b9ac292
Actions updates of the Viproy CUCDM exploits
2014-10-28 14:11:07 +11:00
Fatih Ozavci
703393e9f1
First revision of the Viproy CUCDM exploits
2014-10-28 13:53:13 +11:00
Peter Arzamendi
0b225d94b1
Xerox Admin password extractor.
2014-10-27 19:26:40 -05:00
jvazquez-r7
b990b14a65
Land #3771 , @us3r777's deletion of jboss_bshdeployer STAGERNAME option
2014-10-27 18:09:35 -05:00
parzamendi-r7
f7f6cff327
Update xerox_workcentre_5XXX_ldap.rb
2014-10-27 17:23:47 -05:00
Peter Arzamendi
f119abbf8c
Xerox workcentre 5735 LDAP credential extractor
2014-10-27 15:52:12 -05:00
Jon Hart
b8c9ef96ca
Land #4003 , @nstarke's Login Scanner for WD MyBook Live NAS
2014-10-27 09:57:43 -07:00
scriptjunkie
4dfbce425a
use vprintf...
2014-10-26 09:20:32 -05:00
scriptjunkie
c31fb0633d
Merge branch 'wp-psexeccmd' of github.com:webstersprodigy/metasploit-framework into webstersprodigy-wp-psexeccmd
2014-10-26 09:05:25 -05:00
Fatih Ozavci
1db09fee01
Viproy VoIP Pen-Test Kit - Cisco CUCDM Exploits
2014-10-24 11:46:52 +11:00
Jon Hart
83df08aaa7
Properly encode body and catch invalid configs
2014-10-22 22:43:06 -07:00
sinn3r
0ea03c00a5
Use print_brute instead of print_good for format consistency
2014-10-22 16:14:45 -05:00
Jon Hart
ce8a9941ea
Cleanup. Sanity check in setup. vprint
2014-10-22 10:36:24 -07:00
James Lee
46acf08e2d
Merge remote-tracking branch 'upstream/master' into bug/msp-11497/loginscanner-tcp-evasions
2014-10-22 09:09:34 -05:00
nstarke
ee3dd3a2ac
More Fixes for WD MyBook Live Scanner
...
Fixes include removing deregistered options
from credentials collection object and adding proof
when there is no response
2014-10-22 03:06:21 +00:00
James Lee
0fcd1ac4f6
Restore tcp evasions to smb_login
2014-10-21 18:59:11 -05:00
James Lee
e1a7e902d6
Re-enable tcp evasions for more LoginScanners
...
Untested since I don't have targets for these.
2014-10-21 18:58:28 -05:00
sinn3r
6d11ec8477
These mods support Proxies, so make the option visible for the user
2014-10-21 15:39:24 -05:00
sinn3r
db7c420d8d
Merge the latest changes
2014-10-21 13:49:42 -05:00
James Lee
f9f8c413a8
Derp, ssh modules don't include Tcp for #proxies
2014-10-21 13:28:13 -05:00
sinn3r
79d393c5aa
Resolve merge conflicts
...
Conflicts:
lib/msf/core/exploit/smb.rb
lib/msf/core/exploit/tcp.rb
modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
James Lee
4705aeb762
Restore tcp evasions to ftp, pop3, vnc
2014-10-21 11:06:55 -05:00
James Lee
7d150ce0dd
Add tcp evasions to mysql
2014-10-21 10:05:18 -05:00
James Lee
e76ee294a1
Restore tcp evasions to telnet
2014-10-21 09:44:55 -05:00
nstarke
82b74d5f3c
Fixes to MyBook Live Module
...
This commit contains three fixes as requested on PR
#4003 . Those include:
+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
nstarke
70b13819d9
Adding Login Scanner for MyBook Live
...
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
jvazquez-r7
d6f4c02c2a
Land #3979 , @wchen-r7 fixes #3976 , http_login not using TARGETURI, neither uri normalization
2014-10-20 18:10:57 -05:00
jvazquez-r7
74ac16081f
Land #3981 , @wchen-r7 Fixes #3974 , axis_login.rb does not normalize URI
2014-10-20 17:51:13 -05:00
jvazquez-r7
00f137cdcf
Land #4040 , @nullbind's MS SQL privilege escalation through SQLi
2014-10-20 16:23:50 -05:00
jvazquez-r7
acc590b59c
Modify metadata
2014-10-20 16:22:10 -05:00
jvazquez-r7
1381c7fb37
Modify title
2014-10-20 16:17:47 -05:00
jvazquez-r7
323680c31a
Clean code
2014-10-20 16:17:06 -05:00
HD Moore
935a23296d
Updates to NAT-PMP, lands #4041
2014-10-20 11:26:26 -05:00
sinn3r
6b9742b444
Land #3966 - Add exploit for CVE-2014-4872 BMC / Numara Track-It!
2014-10-20 11:23:23 -05:00
James Lee
3051b6c5ba
Clean up exceptions
...
Of particular note is mysql, who was rescuing Rex::ConnectionTimeout
*after* Rex::ConnectionError, which never would have fired anyway.
2014-10-20 10:27:02 -05:00
James Lee
b7d69bec83
Restore proxies to ssh scanners
2014-10-20 10:19:06 -05:00
nullbind
036d43ba37
fixed logic bug
2014-10-19 20:56:29 -05:00
Jon Hart
2985b39267
Land #3980 , @wchen-r7 fixed #3975
2014-10-19 17:11:06 -07:00
ikkini
c2174c7910
return if no version response received
2014-10-19 00:29:36 +02:00
nullbind
1e2f1eaee0
cleaning up
2014-10-18 12:00:11 -05:00
James Lee
329a600b84
Add tcp evasion options to mssql_login
2014-10-17 17:40:21 -05:00
William Vu
10f3969079
Land #4043 , s/http/http:/ splat
...
What is a splat?
2014-10-17 13:41:07 -05:00
William Vu
367ea5d3db
Add disclosure date
2014-10-17 12:35:28 -05:00
Tod Beardsley
ccdaf2b576
Fix the banner
...
Turns out these will be broken in outstanding PRs for a while. At least
they won't be merge conflicts.
2014-10-17 12:23:23 -05:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley
ad501b25e4
Filename move to be less redundant
2014-10-17 11:25:14 -05:00
nullbind
bf92769ba2
added mssql_escalate_dbowner_sqli
2014-10-17 10:25:20 -05:00
Jon Hart
8fdae8fbfb
Move protocol and lifetime to mixin, use correct map_target if CHOST
2014-10-16 13:24:17 -07:00
James Lee
40b360555f
Make the error message a little more useful
2014-10-16 12:47:13 -05:00
Tod Beardsley
8cf10be779
Don't assume SSLv3 is set (kill FP+s)
2014-10-16 10:43:58 -05:00
Tod Beardsley
0b67efd51e
Add a POODLE scanner and general SSL version scan
2014-10-16 10:27:37 -05:00
James Lee
41a57b7ba5
Re-enable proxies for HTTP-based login scanners
2014-10-15 17:00:44 -05:00
Jon Hart
07f2d4dafe
Further improvements to NAT-PMP. Faster, more useful, less not useful
2014-10-15 06:39:38 -07:00
Tod Beardsley
592f1e9893
Land #3999 , errors on login suppressed by default
...
This also solved the merge conflict on:
modules/auxiliary/scanner/http/jenkins_login.rb
Fixes #3995 .
2014-10-14 16:35:09 -05:00
Jon Hart
ea6824c46f
WIP of NAT-PMP rework
2014-10-14 14:20:24 -07:00
William Vu
bdbad5a81d
Fix misaligned bracket
2014-10-14 13:43:59 -05:00
Tod Beardsley
9f6008e275
A couple OSVDB updates for recent modules
2014-10-14 13:39:36 -05:00
Tod Beardsley
56534e7ad3
Changed a login failed to vprint instead of print
...
People often like to supress failed attempts. Note that this change may
or may not have any effect, given the status of #3995 .
This module was introduced in PR #3947 .
2014-10-14 12:01:09 -05:00
Tod Beardsley
6ea3a78b47
Clarify the description on HP perfd module
...
Introduced in #3992
2014-10-14 11:58:52 -05:00
Nikita
621b9523b1
Update tnspoison_checker.rb
2014-10-13 22:05:08 +04:00
Nikita
1996886ae9
Update tnspoison_checker.rb
2014-10-13 12:53:39 +04:00
Nikita
22aabc7805
Add new module to test TNS poison
...
This module simply checks the server for vulnerabilities like TNS Poison
2014-10-13 12:21:07 +04:00
Jon Hart
d51d2bf5a0
Land #3990 , @wchen-r7's fix for #3984 , a busted check in drupal_views_user_enum
2014-10-12 19:38:55 -07:00
Jon Hart
76275a259a
Minor style cleanup of help and a failure message
2014-10-12 18:34:13 -07:00
Jon Hart
c3a58cec9e
Make note of other commands to investigate
2014-10-11 13:07:52 -07:00
Jon Hart
c80a5b5796
List commands in sorted order
2014-10-11 13:00:30 -07:00
Jon Hart
4ffc8b153c
Support running more than one perfd command in a single pass
2014-10-11 11:38:00 -07:00
Jon Hart
c72593fae4
Store just banner for service, loot the rest. Also, minor style.
2014-10-11 11:12:49 -07:00
Jon Hart
9550c54cd2
Correct indentation and whitespace
2014-10-11 10:39:12 -07:00
sinn3r
9500038695
Fix #3995 - Make negative messages less verbose
...
As an user testing against a large network, I only want to see
good news, not bad news.
2014-10-11 11:11:09 -05:00
Roberto Soares Espreto
7bd0f2c114
Changed Name, array in OptEnum and operator
2014-10-11 09:03:18 -03:00
Roberto Soares Espreto
cbde2e8cd1
Variable cmd now with interpolation
2014-10-10 18:21:16 -03:00
Roberto Soares Espreto
291bfed47e
Using Rex.sleep instead of select
2014-10-10 15:17:40 -03:00
Roberto Soares Espreto
bd315d7655
Changed print_good and OptEnum
2014-10-10 13:54:42 -03:00
Roberto Soares Espreto
08fdb4fab2
Add module to enumerate environment HP via perfd daemon
2014-10-10 13:09:36 -03:00
sinn3r
260aa8dc22
Fix #3984 - Fix broken check for drupal_views_user_enum
2014-10-10 10:23:20 -05:00
nstarke
472985a8a8
Adding Buffalo Linkstation NAS Login Scanner
...
I have added a login scanner for the Buffalo Linkstation
NAS. I have been testing against version 1.68 of the
firmware. Also included are some specs for this module.
2014-10-10 03:16:48 +00:00
Tod Beardsley
aefd15c185
Land #3376 , ARRIS SNMP enumerator from @inokii
2014-10-09 15:28:06 -05:00
sinn3r
7d8eadada6
Fix #3974 - Validate and normalize URI for axis_login
2014-10-09 14:33:39 -05:00
sinn3r
c9c34beafa
Fix #3975 - Register TARGETURI, not URI
...
The module should register TARGETURI and call #target_uri for
URI validation.
2014-10-09 14:10:29 -05:00
Pedro Ribeiro
8163b7de96
Thanks for helping me clean up Todd!
2014-10-09 18:20:31 +01:00
sinn3r
d366cdcd6e
Fix #3976 - validate and normalize user-supplied URI for http_login.rb
...
URI should be validated and normalized before being used in an HTTP
request.
2014-10-09 12:14:33 -05:00
Pedro Ribeiro
9d1e206e43
Incorporate cred changes and other minor fixes
2014-10-09 17:59:38 +01:00
Spencer McIntyre
a535d236f6
Land #3947 , login scanner for jenkins by @nstarke
2014-10-09 12:59:02 -04:00
Spencer McIntyre
6ea530988e
Apply rubocop changes and remove multiline print
2014-10-09 12:57:39 -04:00
jvazquez-r7
3305b1e9c3
Land #3984 , @nullbind's MSSQL privilege escalation module
2014-10-09 11:39:15 -05:00
jvazquez-r7
10b160bedd
Do final cleanup
2014-10-09 11:38:45 -05:00
jvazquez-r7
bbe435f5c9
Don't rescue everything
2014-10-09 11:25:13 -05:00
jvazquez-r7
0cd7454a64
Use default value for doprint
2014-10-09 11:04:42 -05:00
jvazquez-r7
db6f6d4559
Reduce code complexity
2014-10-09 10:59:14 -05:00
jvazquez-r7
615b8e5f4a
Make easy method comments
2014-10-09 10:48:00 -05:00
jvazquez-r7
dd03e5fd7d
Make just one connection
2014-10-09 10:46:51 -05:00
sinn3r
df0d4f9fb2
Fix #3973 - Unneeded datastore option URI
...
When Glassfish is installed, the web root is always /, so there is
no point to make this arbitrary.
2014-10-09 00:06:15 -05:00
nullbind
168f1e559c
fixed status
2014-10-08 21:19:50 -05:00
nullbind
3ebcaa16a1
removed scanner
2014-10-08 21:18:56 -05:00
nstarke
328be3cf34
Fine Tuning Jenkins Login Module
...
At the request of the maintainers, I have deregistered the
RHOST option and made the failure proof a verbose only
print.
2014-10-08 17:53:21 -05:00
Pedro Ribeiro
4817e1e953
Update trackit_sql_domain_creds.rb
2014-10-08 21:41:04 +01:00
Tod Beardsley
a901916b0b
Remove nonfunctional jtr_unshadow
...
This module hasn't been doing anything but print_error a go away message
since June, so may as well get rid of it.
2014-10-08 10:23:29 -05:00
Brendan Coles
3c7be9c4c5
Remove hash rockets from references #3766
...
[SeeRM #8776 ]
2014-10-08 09:01:19 +00:00
Pedro Ribeiro
6af6b502c3
Remove spaces at EOL
2014-10-08 08:30:30 +01:00
Pedro Ribeiro
713ff5134a
Add OSVDB id
2014-10-08 08:24:44 +01:00
Pedro Ribeiro
bd812c593c
Add full disclosure URL
2014-10-08 08:24:04 +01:00
Pedro Ribeiro
bbac61397d
Restore :address to rhost and explain why
2014-10-08 08:23:43 +01:00
Pedro Ribeiro
9cb0ad1ac2
Change the reporting address to the real value
2014-10-08 01:18:17 +01:00
Pedro Ribeiro
6e9bebdaf9
Fix noob mistake in assignment
2014-10-08 01:04:15 +01:00
Pedro Ribeiro
7dbfa19e65
Add exploit for Track-It! domain/sql creds vuln
2014-10-07 23:54:43 +01:00
nullbind
031fb19153
requested updates
2014-10-06 23:52:30 -05:00
William Vu
399a61d52e
Land #3946 , ntp_readvar updates
2014-10-06 21:57:57 -05:00
nstarke
e1b0ba5d3d
Removing 'require pry'
...
I accidentally left a reference to pry in my code.
Removing
2014-10-06 21:40:39 -05:00
nstarke
b8c2643d56
Converting Module to LoginScanner w/ Specs
...
The previous commits for this Jenkins CI module relied on an
obsolete pattern. Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
sinn3r
d3354d01f0
Fix #3808 - NoMethodError undefined method `map'
...
NoMethodError undefined method `map' due to an incorrect use of
load_password_vars
2014-10-06 15:42:51 -05:00
Jon Hart
8c8ccc1d54
Update Authors
2014-10-06 11:30:39 -07:00
nstarke
69400cf280
Fixing Author Declaration
...
I had accidentally listed myself three times as the author.
Fixing that issue so that I am only declaring myself once.
2014-10-05 23:17:28 -05:00
nstarke
c0a3691817
Adding Jenkins-CI Login Scanner
...
Per Github issue #3871 (RM8774), I have added a
login scanner module for Jenkins-CI installations.
2014-10-05 22:08:34 -05:00
James Lee
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
Jon Hart
a341756e83
Support spoofing source IPs for NTP readvar, include status messages
2014-10-03 14:05:57 -07:00
Jon Hart
fa4414155a
Only include the exact readvar payload, not any padding
2014-10-03 13:58:13 -07:00
Jon Hart
65c1a8230a
Address most Rubocop complaints
2014-10-03 13:47:29 -07:00
Jon Hart
0715c671c6
Update NTP readvar module to detect DRDoS, UDPScanner to be faster
2014-10-03 13:28:30 -07:00
Christian Mehlmauer
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
Christian Mehlmauer
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
William Vu
5df614d39b
Land #3928 , release fixes
2014-10-01 17:21:08 -05:00
HD Moore
77bb2df215
Adds support for both CVEs, lands #3931
2014-10-01 17:06:59 -05:00
William Vu
51bc5f52c1
Add CVE-2014-6278 support
...
Going with an OptEnum to simplify the code for now...
2014-10-01 16:40:55 -05:00
James Lee
7e05ff343e
Fix smbdirect
...
Also some whitespace and a typo in output message
2014-10-01 16:02:59 -05:00
Tod Beardsley
4fbab43f27
Release fixes, all titles and descs
2014-10-01 14:26:09 -05:00
sinn3r
be1df68563
Remove auxiliary/scanner/elasticsearch/indeces_enum.rb
...
Time is up, so good bye.
2014-09-30 17:24:21 -05:00
William Vu
5ea968f3ee
Update description to prefer the exploit module
2014-09-30 11:34:28 -05:00
William Vu
162e42080a
Update title to reflect scanner status
2014-09-30 11:04:17 -05:00
William Vu
12d7073086
Use idiomatic Ruby for the marker
2014-09-29 22:32:07 -05:00
William Vu
71d6b37088
Fix bad header error from pure Bash CGI script
2014-09-29 22:25:42 -05:00
William Vu
df44dfb01a
Add OSVDB and EDB references to Shellshock modules
2014-09-29 21:39:07 -05:00
Christian Mehlmauer
b266233e95
fix bug
2014-09-30 00:21:52 +02:00
HD Moore
878f3d12cd
Remove kind_of? per @trosen-r7
2014-09-29 15:39:10 -05:00
HD Moore
77efa7c19a
Change if/else to case statement
2014-09-29 15:37:58 -05:00
sinn3r
21b2d9eb3f
Land #3899 - WordPress custom-contact-forms Plugin SQL Upload
2014-09-29 14:40:28 -05:00
HD Moore
64dbc396dd
Add header specification to check module, lands #3902
2014-09-27 12:58:29 -05:00
William Vu
044eeb87a0
Add variable HTTP header
...
Also switch from OptEnum to OptString for flexibility.
2014-09-27 12:39:24 -05:00
Christian Mehlmauer
c51c19ca88
bugfix
2014-09-27 14:56:34 +02:00
Christian Mehlmauer
9a424a81bc
fixed bug
2014-09-27 13:46:55 +02:00
Christian Mehlmauer
1c30c35717
Added WordPress custom_contact_forms module
2014-09-27 13:42:49 +02:00
sinn3r
c75a0185ec
Land #3897 - Fix check for apache_mod_cgi_bash_env & apache_mod_cgi_bash_env_exec
2014-09-26 17:06:23 -05:00
jvazquez-r7
80d9af9b49
Fix spacing in description
2014-09-26 17:03:28 -05:00
jvazquez-r7
9e540637ba
Add module for CVE-2014-5377 ManageEngine DeviceExpert User Credentials
2014-09-26 17:02:27 -05:00
jvazquez-r7
3259509a9c
Use return
2014-09-26 16:04:15 -05:00
jvazquez-r7
0a3735fab4
Make it better
2014-09-26 16:01:10 -05:00
jvazquez-r7
3538b84693
Try to make a better check
2014-09-26 15:55:26 -05:00
jvazquez-r7
e1f00a83bc
Fix Rex because domainname and domain_name were duplicated
2014-09-26 13:40:52 -05:00
jvazquez-r7
5044117a78
Refactor dhclient_bash_env to use the egypt's mixin mods
2014-09-26 13:34:44 -05:00
nullbind
ebf4e5452e
Added mssql_escalate_dbowner module
2014-09-26 10:29:35 -05:00
jvazquez-r7
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
James Lee
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
HD Moore
b878ad2b75
Add a module to exploit bash via DHCP, lands #3891
...
This module is just a starting point for folks to test their DHCP client implementations and we plan to significantly overhaul this once we get a bit of breathing room.
2014-09-25 23:38:40 -05:00
Ramon de C Valle
9c11d80968
Add dhclient_bash_env.rb (Bash exploit)
...
This module exploits a code injection in specially crafted environment
variables in Bash, specifically targeting dhclient network configuration
scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
2014-09-26 01:37:00 -03:00
William Vu
f66c854ad6
Fix description to be less lulzy
2014-09-25 07:09:08 -05:00
William Vu
9ed28408e1
Favor check_host for a scanner
2014-09-25 07:06:12 -05:00
William Vu
62b74aeaed
Reimplement old check code I was testing before
...
I would like to credit @wchen-r7 for providing advice and feedback.
@jvazquez-r7, too! :)
2014-09-25 06:38:25 -05:00
William Vu
d9120cd586
Fix typo in description
...
Running on fumes here...
2014-09-25 01:22:08 -05:00
William Vu
790df96396
Fix missed var
2014-09-25 01:19:14 -05:00
William Vu
e051cf020d
Add missed mixin
2014-09-25 01:14:58 -05:00
William Vu
27b8580f8d
Add protip to description
...
This gets you lots of shells.
2014-09-25 01:10:22 -05:00
William Vu
b1e9b3664e
Improve false positive check
2014-09-25 01:01:11 -05:00
William Vu
8daf8d4339
Report vuln for apache_mod_cgi_bash_env
...
Now with fewer false positives! It's kinda like a check method.
2014-09-25 00:42:14 -05:00
William Vu
5a59b7cd89
Fix formatting
2014-09-24 23:12:11 -05:00
William Vu
e6f0736797
Add peer
2014-09-24 22:48:51 -05:00
William Vu
8b6519b5b4
Revert shortened reference
...
But it's so long. :(
2014-09-24 22:43:33 -05:00
William Vu
ecb10ebe28
Add variable HTTP method and other stuff
2014-09-24 22:41:01 -05:00
William Vu
a600a0655d
Scannerify the module
2014-09-24 18:58:39 -05:00
William Vu
abadf65d8d
Clean up title and formatting
2014-09-24 18:42:43 -05:00
William Vu
2562964581
Revert to my original code of using CMD
2014-09-24 18:00:13 -05:00
William Vu
6ae578f80f
Add Stephane Chazelas as an author
2014-09-24 17:14:18 -05:00
William Vu
b2555408a4
Rename module
...
I don't think we're gonna make a supermodule like we had hoped.
2014-09-24 16:55:10 -05:00
William Vu
31e9e97146
Replace unnecessary reference with a better one
2014-09-24 16:52:43 -05:00
William Vu
fc04bf9d48
Update description
...
This is what I had when @todb-r7 beat me to the punch. >:P
2014-09-24 16:22:58 -05:00
Tod Beardsley
2f788c2e0c
Fix description
2014-09-24 16:13:05 -05:00
William Vu
ca63fe931d
Add CVE-2014-6271 PoC
2014-09-24 16:02:59 -05:00
Brendan Coles
5f6e84580c
Clean up and use Metasploit::Credential
2014-09-24 01:00:23 +00:00
Thomas Ring
81406defed
hopefully what you are looking for this time
2014-09-23 11:36:13 -05:00
Jon Hart
259a368577
Land #3841 , @jabra-'s modifications to ssdp_amp to support spoofing
2014-09-22 12:28:46 -07:00
Jon Hart
fc4c1907d3
Land #3839 , @jabra-'s updates to dns_amp to support spoofing
2014-09-22 12:14:39 -07:00
Jon Hart
8f63075da4
Land #3837 , @jabra-'s update to chargen scanner to support spoofing
2014-09-22 12:02:01 -07:00
Jon Hart
4e9f1282de
Land #3834 , @jabra-'s updates to UDPscanner to support spoofing
2014-09-22 11:49:53 -07:00
sinn3r
2a714a7c4d
Fix a typo
...
Downloading and deleting are two very different things. Thanks Dan.
2014-09-21 18:35:26 -05:00
Josh Abraham
b7a0847114
SRC IP spoofing added to the SSDP amplification module
2014-09-20 21:37:01 -04:00
Josh Abraham
bb018de3a1
chargen src IP spoofing
2014-09-20 16:08:52 -04:00
Josh Abraham
3fb00ece9e
refactored the code based on PR feedback
2014-09-20 14:10:00 -04:00
jvazquez-r7
c00094ba6e
Land #3345 , @mvdevnull's auxiliary module for OSVDB 106815, Alienvault sqli
2014-09-19 15:01:21 -05:00
jvazquez-r7
62414e2214
Add Timeout to exploit sqli
2014-09-19 15:00:54 -05:00
jvazquez-r7
db6372ec8b
Do minor module cleanup
2014-09-19 14:43:35 -05:00
jvazquez-r7
4a9294e3bf
Mark module as not executable
2014-09-19 14:36:44 -05:00
jvazquez-r7
405ac34a16
Fix author name
2014-09-19 13:56:13 -05:00
jvazquez-r7
79d5fb56d4
Land #3829 , @jhart-r7's UDP emtpy probe scanner
2014-09-19 13:54:35 -05:00
Jon Hart
737f77d31a
Cleaner output when PORTS is invalid
2014-09-19 11:12:14 -07:00
Jon Hart
3493987300
report_service when we find something this way
2014-09-19 10:45:06 -07:00
Josh Abraham
43171141da
update for ntp modules
2014-09-19 11:14:11 -04:00
Jon Hart
a54b23642e
Relocate empty UDP scanner
2014-09-18 12:31:52 -07:00
Brendan Coles
6cad5d9aeb
Add ManageEngine DeviceExpert User Credentials
2014-09-18 19:18:59 +00:00
Tod Beardsley
5dad73a28f
Explicitly require credential_collection
...
Otherwise, you run into a require ordering problem on some platforms.
This is not a great way to fix this -- but it's a fast way, and possibly
even a good way, since you're being explicit about what your module
requirements are.
2014-09-17 15:47:30 -05:00
sinn3r
169d04020d
Land #3571 - Add Wordpress XML-RPC Login Scanner (with LoginScanner)
2014-09-16 14:51:24 -05:00
sinn3r
4ed1fa55f5
Don't need this header
2014-09-16 14:50:32 -05:00
Joe Vennix
59dfa624c4
Add a REMOTE_JS datastore option for BeEf hooks etc.
2014-09-16 13:31:03 -05:00
jvazquez-r7
7d4c4c3658
Land #3699 , @dmaloney-r7's ipboard login refactor
2014-09-15 08:29:42 -05:00
jvazquez-r7
373861abb0
Land #3526 , @jhart-r7's soap_xml scanner cleanup
2014-09-12 13:29:52 -05:00
jvazquez-r7
12f949781a
Use double quote for xml strings
2014-09-12 13:18:48 -05:00
jvazquez-r7
67c0ee654b
Use Gem::Version
2014-09-12 10:35:12 -05:00
jvazquez-r7
0d054d8354
Update with master changes
2014-09-12 09:52:32 -05:00
Luke Imhoff
706655f755
Land #3779 , Glassfish LoginScanner exception
...
MSP-11343
2014-09-11 15:57:47 -05:00
Tod Beardsley
d2f2b142b4
Land #3760 , Arris WEP/WPA leak from @dheiland-r7
2014-09-11 15:39:19 -05:00
Tod Beardsley
4fc1ec09c7
Land #3759 , Android UXSS, with ref/desc fixes
...
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)
Also fixes #3782 (opened by accident).
2014-09-11 14:27:51 -05:00
Tod Beardsley
fbba4b32e0
Update the title and desc to be more descriptive
...
See #3759
2014-09-11 14:06:14 -05:00
Tod Beardsley
d627ab7628
Add refs for Android UXSS
...
See #3759
2014-09-11 14:05:50 -05:00
James Lee
8aa06b8605
Better api for check_setup
2014-09-10 23:43:54 -05:00
James Lee
c1658e5d51
Add a check_setup method
2014-09-10 20:09:46 -05:00
James Lee
84e4db9035
Don't raise in the middle
...
MSP-11343
This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
2014-09-10 20:09:33 -05:00
Deral Heiland
872ba6a53b
Update arris_dg950 module with required changes
...
Collapsed several levels of the if/else statement and changed out 2 with
case. Changed print_good to print_line. Removed rescue ::Interrupt and
altered variable names to make them more readable
2014-09-10 19:07:53 -04:00
Jon Hart
e317bfe0d5
Add preliminary module for discovering services with empty UDP probes
2014-09-10 10:58:22 -07:00
sinn3r
280e16c241
Land #3677 - Updated shodan_search for new API
2014-09-10 11:39:00 -05:00
sinn3r
006393360e
Add conditions to check healthy shodan results
2014-09-10 11:38:06 -05:00
James Lee
257f0fc93e
Quick fix for ssh_login_pubkey
...
Fixes #3772 , closes #3774
2014-09-10 09:57:17 -05:00
us3r777
2ae23bbe99
Remove STAGERNAME option
...
This option wasn't really required, the stager can be removed as
soon as the WAR is deployed. This commit does the modifications needed
to remove the stager right after the WAR deployment.
2014-09-09 21:44:08 +02:00
Joe Vennix
7793ed4fea
Add some common UXSS scripts.
2014-09-09 02:31:27 -05:00
James Lee
b8000517cf
Land #3746 , reinstate DB_ALL_CREDS
2014-09-08 17:24:12 -05:00
David Maloney
2ac15f2088
some fixes based on Christruncer's feedback
...
fixed some stuff i borked, back to you chris
2014-09-08 15:27:01 -05:00
David Maloney
cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor
2014-09-08 14:48:37 -05:00
Tod Beardsley
4abee39ab2
Fixup for release
...
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
David Maloney
09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds
2014-09-08 12:52:25 -05:00
Deral Heiland
9a6ee5090a
Add Arris DG950A SNMP data extraction module
...
This module will extract critical data such as WPA and WEP keys from
the Arris DG950a model cable modem via the SNMP protocal.
2014-09-08 11:04:31 -04:00
sinn3r
0ccb39c057
Land #3726 - Fix typos in wordpress login
2014-09-08 09:40:57 -05:00
Joe Vennix
27889ea411
Add a safety fallback on js load.
2014-09-08 00:46:47 -05:00
Joe Vennix
8407d45c9c
Rework the timers.
2014-09-08 00:40:00 -05:00
Joe Vennix
5c9c8edfcf
Fix refs.
2014-09-07 23:33:45 -05:00
Joe Vennix
5efaf7d4cf
rename module, handle asyncness.
2014-09-07 23:25:08 -05:00
jvazquez-r7
10bb77af9f
Land #3716 , @wchen-r7's Glassfish LoginScanner update
2014-09-07 21:54:34 -05:00
Joe Vennix
1bf89fb6bd
Add Android <= 4.3 AOSP UXSS module.
2014-09-07 20:44:03 -05:00
jvazquez-r7
c86d01a667
Fix win.ini signature
2014-09-07 01:46:38 -05:00
sinn3r
44b9dc9b28
Update tmlisten_traversal
2014-09-06 01:18:11 -05:00
Chris Hebert
abffdd8705
Update alienvault_newpolicyform_sqli.rb
...
cleaned up according to msftidy.rb suggestions
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
2014-09-04 21:46:37 -04:00
Chris Hebert
664cc131e3
Update alienvault_newpolicyform_sqli.rb
...
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
2014-09-04 21:34:24 -04:00
sinn3r
08ce278cca
Got these wrong
2014-09-04 17:05:51 -05:00
sinn3r
cb490fc00e
[SeeRM #8836 ] Change boot.ini to win.ini
2014-09-04 17:03:21 -05:00
jvazquez-r7
d83131f1d9
Land #3750 , @wvu favoring unless
2014-09-04 16:17:07 -05:00
jvazquez-r7
ff210a7c0a
delete parenthesis
2014-09-04 16:16:29 -05:00
jvazquez-r7
c32b977a27
Land #3747 , @wvu changes to printer_ready_message
2014-09-04 15:26:52 -05:00
William Vu
2d8c7a7a4d
Refactor if statement to early return
...
This eliminates the protracted if statement and aligns the code body.
2014-09-04 15:05:30 -05:00
HD Moore
34455b5dc6
Fix missing require for jtr_oracle_fast
2014-09-04 14:38:07 -05:00
William Vu
50ac8366fd
Refactor CHANGE/RESET to actions
...
Missed in c1fdc4d945
.
2014-09-04 14:36:04 -05:00
sinn3r
0dcf481d76
This one is good to go
2014-09-04 14:13:33 -05:00
William Vu
84f9ec0aad
Refactor implicit options hash
...
Missed in c1fdc4d945
.
2014-09-04 13:30:06 -05:00
David Maloney
00ec47fb83
call new prepend cred methods
...
add method calls o all the lgoinscanner modules
so that they call the prepend_db_* methods as approrpiate
these methods automatically check to see if DB_ALL_CREDS was
selected
2014-09-04 12:32:35 -05:00
David Maloney
c5755824a6
pass in vhost and useragent
...
have http loginscanner modules pass in VHOST
and Useragent to the LoginScanner classes
2014-09-04 11:02:19 -05:00
sinn3r
dd4fd7bb39
The reporting part
2014-09-03 16:32:23 -05:00
sinn3r
e1694ec3e5
LoginScanner update for hp_sys_mgmt_login
...
Work in progress
2014-09-03 16:23:57 -05:00
jvazquez-r7
185ce36859
Land #3701 , @wchen-ru's AppleTV modules
2014-09-03 12:30:50 -05:00
jvazquez-r7
10dee28fbd
Add http socket to the module sockets and allow the framework to cleanup
2014-09-03 12:01:48 -05:00
sinn3r
5acbcc80e2
no threading
2014-09-03 11:37:30 -05:00
John Sawyer
3281781f6a
Addressed r7 comments, fixed bug in results loop
2014-09-01 13:43:31 -04:00
Matthew Kienow
7dd73084bb
Added WiFi ifindex discovery and enhanced error handling
2014-09-01 00:49:10 -04:00
Matthew Kienow
cf0f00a376
Variable name changes per ruby style guide
2014-08-31 23:57:20 -04:00
Matthew Kienow
0735de0fd4
Changes to error output per PR comments
2014-08-31 23:57:20 -04:00
Matthew Kienow
0a01da1ca9
Changed default value for SNMP Version option
2014-08-31 23:57:20 -04:00
Matthew Kienow
e6126fde72
Modified to pull username and password first
2014-08-31 23:57:19 -04:00
Matthew Kienow
5153886077
Added disclosure URL and cleaned up output fields
2014-08-31 23:57:19 -04:00
inokii
4ef369112f
Cleanup per msftidy report of Spaces at EOL
2014-08-31 23:57:19 -04:00
inokii
e37d56766f
Corrected extraction of WEP keys, current key, RADIUS server and port
2014-08-31 23:57:19 -04:00
inokii
f1cd601401
Modified logic to attempt to process WiFi key data even if primary Wifi interface is not up
2014-08-31 23:57:19 -04:00
inokii
e5111f7634
Simplified get_radius_info method and cleaned up comments
2014-08-31 23:57:19 -04:00
inokii
c556a6e331
Fixed syntax issue
2014-08-31 23:57:19 -04:00
inokii
81047e911a
Corrected OIDs to all numeric
2014-08-31 23:57:19 -04:00
inokii
b253e444cb
Initial commit of SBG6580 scanner after cleanup
2014-08-31 23:57:18 -04:00
DrDinosaur
8ba5488198
Update wordpress_login_enum.rb
...
Fixed some typos.
2014-08-30 13:37:48 -10:00
David Maloney
a142e78a66
refactor wordpress_xml_rpc_login
...
refactor the login module to use the loginscanner class
2014-08-29 13:09:09 -05:00
David Maloney
0e14b271a1
Merge branch 'master' into wordpress-xmlrpc-login-scanner
2014-08-29 12:50:34 -05:00
Thomas Ring
fbae68870c
cleanup one stray comment
2014-08-29 10:57:51 -05:00
Thomas Ring
4c93cbc62c
changes based on feedback, added timeout error message
2014-08-29 10:57:20 -05:00
sinn3r
f7091d854e
Add a timeout
2014-08-28 22:26:38 -05:00
jvazquez-r7
40f581458a
Land #3570 , @ikkini scanner for rsync
2014-08-28 18:48:32 -05:00
jvazquez-r7
9fb9ab813c
Add URL reference
2014-08-28 18:47:56 -05:00
jvazquez-r7
bc542a011d
Change module filename
2014-08-28 18:42:30 -05:00
jvazquez-r7
213fe23970
Clean rsync_modules_list
2014-08-28 18:40:55 -05:00
sinn3r
f097ef96e0
Use &&
2014-08-28 12:13:03 -05:00
sinn3r
d0d9949d91
Do SSL options correctly
2014-08-28 12:04:14 -05:00
Matt Andreko
784ece574e
Found additional typos.
2014-08-28 09:03:19 -05:00
Matt Andreko
cb634cfef3
Fixed annoying typo that shows up in validation screenshots
2014-08-28 08:50:30 -05:00
sinn3r
0ba2f1e457
Leave a note about the old empty password issue
2014-08-27 17:06:11 -05:00
sinn3r
d5b70cca24
"Auth bypass" does not really describe what the feature actually does
2014-08-27 16:56:07 -05:00
sinn3r
a32ffc4c26
Add the final portion for Glassfish login module
2014-08-27 15:09:11 -05:00
Thomas Ring
67efa76fc4
changes based on feedback
2014-08-27 09:08:18 -05:00
sinn3r
5d8cbe0544
Early version of Glassfish using LoginScanner
2014-08-27 01:23:02 -05:00
HD Moore
fde2687c9e
Store edition,version,build in the fingerprint.match
2014-08-26 18:44:08 -05:00
Tom Sellers
d5e39ae284
Adjustments for new LoginScanner code
2014-08-26 18:13:00 -05:00
HD Moore
ba1f7c3bf6
Land #3687 , reworks the nat-pmp portscanner
2014-08-26 14:34:46 -05:00
HD Moore
ed9bb3e52c
Fix a small typo
2014-08-26 14:34:10 -05:00
Jon Hart
775ebce56b
Correct natpmp_portscan's print_* usage to include peer
2014-08-26 12:27:12 -07:00
HD Moore
4e19d9ade1
Land #3545 , fix up sip scanners, msftidy, db services cmd
2014-08-26 14:07:21 -05:00
Jon Hart
5826d7b164
vprint_status when no external address obtained, print_ is too noisy
2014-08-26 12:05:40 -07:00
Jon Hart
e75e213b52
Clarify SIP mixin method name, store header values as string, etc
2014-08-26 11:40:49 -07:00
Jon Hart
246f021437
Update natpmp_external_address to use Msf::Auxiliary::UDPScanner
2014-08-26 10:49:53 -07:00
Jon Hart
5c57f9b4eb
Don't overload RPORT/LPORT for mapping external -> internal ports
2014-08-26 10:49:53 -07:00
Jon Hart
162508f532
Update NAT-PMP modules to use new/updated mixins
2014-08-26 10:49:53 -07:00
Jon Hart
816404bb88
Move common NAT-PMP functionality into a central place
2014-08-26 10:49:53 -07:00
Jon Hart
ca11eae3a9
Show a useful failure message when the external address probe fails
2014-08-26 10:49:52 -07:00
Jon Hart
bb00c97f46
Add a CERT reference
2014-08-26 08:29:28 -07:00
Jon Hart
40fe2fd3a9
Remove DRDoS references, as this just proves amplification
2014-08-26 08:23:50 -07:00
Jon Hart
10f52d8765
Use MX of 1 to speed up responses from endpoints that respect it
2014-08-26 08:00:30 -07:00
Jon Hart
333c3a90ae
Space between SSDP headers and values, which is sometimes required
2014-08-26 07:57:59 -07:00
Jon Hart
337cd02dd7
Change Auxiliary::DRDoS' prove_drdos to prove_amplification
2014-08-26 07:48:44 -07:00
Jon Hart
04fbd07a16
vprint_error in the unlikely event we get an unexpected response
2014-08-26 07:30:14 -07:00
Jon Hart
79b05db409
Correct minor style issues
2014-08-26 07:26:30 -07:00
xistence
63b75a0093
SSDP Amplification module changes
2014-08-26 16:03:32 +07:00
xistence
a90d142140
Add UPnP SSDP Amplication Scanner
2014-08-26 12:53:14 +07:00
HD Moore
73e4ec709f
Fix smb_port and require 'recog' when no DB/MDM
2014-08-25 15:42:18 -05:00
sinn3r
463815d240
Add AppleTV modules (imge, video and login)
2014-08-25 15:24:41 -05:00
Jon Hart
6a522cc105
Remove unused BATCHSIZE from SIP options_tcp, duplicate from options
2014-08-25 13:12:29 -07:00
Jon Hart
bfa89bb3a5
Enforce binary encoding on non-modules, no encoding on modules
2014-08-25 13:12:29 -07:00
Jon Hart
6185721a61
Address @hmoore-r7's feedback regarding binary encoding
2014-08-25 13:11:22 -07:00
Jon Hart
9955cb5b27
Enforce proper protocol case where necessary
2014-08-25 13:11:22 -07:00
Jon Hart
637f86f37d
Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner
2014-08-25 13:11:21 -07:00
Jon Hart
c2e70446ed
Move SIP module stuff to Msf::Exploit::Remote::SIP
2014-08-25 13:11:21 -07:00
Jon Hart
02e41c27e7
Split SIP response parsing out on its own, add unit tests.
...
Passes rspec but fails in framework. WIP.
2014-08-25 13:11:20 -07:00
Jon Hart
d4ea3e9f29
Pass protocol down to parse_reply for report_* purposes
2014-08-25 13:09:39 -07:00
Jon Hart
a2e2e37a69
Fix SIP options scanning
2014-08-25 13:09:39 -07:00
Thomas Ring
e23acf8d82
fix for oracle_login not checking connection status and stopping on timeout
2014-08-25 14:57:45 -05:00
Jon Hart
2a4d73ee35
Add status message that displays delay between requests
2014-08-25 12:55:27 -07:00
Jon Hart
5c61c09c6b
auxiliary/scanner/http/soap_xml cleanup
...
This:
* Corrects Ruby style (most) everywhere
* Uses Rex's sleep, converts to milliseconds -- seconds are too granular
* Moves begin/rescue inside nested verb+noun loop
* Prints errors even if not in verbose mode
* Corrects URI construction when PATH ends with /
2014-08-25 12:55:27 -07:00
David Maloney
152ddb2f32
refactor the ipboard-login module
...
now that we have the loginScanner class, we simplify the module
by using the scanner and credcollection classes to handle all
the real work for us
2014-08-25 14:32:47 -05:00
Tod Beardsley
6d9833e32b
Minor pre-release updates with descriptions
2014-08-25 13:34:45 -05:00
Tod Beardsley
03a1f4455d
No need to escape single quotes in %q{} strigns
2014-08-25 13:03:33 -05:00
Tod Beardsley
2f87c880df
Add link to blog post for NTP modules
2014-08-25 12:58:10 -05:00
Tod Beardsley
c3213a73e5
Use peer when writing scanner modules
...
This fixes the module seen in PR rapid7#3684 to use the peer method at
the beginning of print_* messages, rather than the vhost method at the
end. Doing this tends to make reading the output much easier since it's
more consistent.
Incidentally, this module has an msftidy complaint:
````
--- Checking new and changed module syntax with tools/msftidy.rb ---
modules/auxiliary/scanner/http/ipboard_login.rb - [INFO] Please use
vars_get in send_request_cgi: send_request_cgi({ 'uri' =>
normalize_uri(target_uri.path,
"index.php?app=core&module=global§ion=login&do=process"
````
This should be fixed as well, or explained why it's not being honored.
2014-08-25 12:48:32 -05:00
William Vu
1ee83ff57e
Land #3696 , pile of NTP DRDoS 0days
...
Dr. DoS in da house?
2014-08-25 11:47:28 -05:00
William Vu
7a76efa7f7
Add reference and disclosure date
2014-08-25 11:46:47 -05:00
OJ
a39f7b94ec
Land #3684 - IP Board Login Scanner
2014-08-25 11:54:42 +10:00
Christopher Truncer
302e4025ba
Removed unnecessary function
2014-08-24 20:45:28 -04:00
Christopher Truncer
2b59063d6c
Updated based on feedback
2014-08-24 19:53:29 -04:00
John Sawyer
0a27a18104
Committing changes from r7 comments
2014-08-23 00:08:27 -04:00
Christopher Truncer
84f4fa5c76
Updated module based on feedback
2014-08-22 21:16:53 -04:00
jvazquez-r7
0737d0dbd5
Refactor auxiliary module
2014-08-22 17:05:45 -05:00
jvazquez-r7
9ef09a7725
Pass msftidy
2014-08-22 13:24:59 -05:00
jvazquez-r7
38e6576990
Update
2014-08-22 13:22:57 -05:00
Joe Vennix
95fbb8f1b7
Land PR #3672 , dmaloney-r7's login scanner credential rework.
2014-08-22 11:15:32 -05:00
Brandon Turner
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63
and
82760bf5b3
).
We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3
).
This merge commit merges the staging/electro-release branch
(62b81d6814
) into master
(48f0743d1b
). It ensures that any changes
committed to master since the original squashed merge are retained.
As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
.
Conflicts:
lib/metasploit/framework/command/base.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/require.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/smb/smb_login.rb
msfconsole
2014-08-22 10:17:44 -05:00
Christopher Truncer
3918acb1e1
Changed keyword used when returning
2014-08-21 12:34:54 -04:00
Christopher Truncer
a0b72bba93
Updated module based on feedback
2014-08-21 12:26:41 -04:00
Christopher Truncer
383906c26c
Removed function no longer used
2014-08-20 22:51:01 -04:00
Christopher Truncer
c93bfb4673
Fixed targeturi value
2014-08-20 21:23:45 -04:00
Christopher Truncer
7f90b81711
IP Board Login Scanner Module
2014-08-20 21:18:19 -04:00
Jon Hart
9f9f28cc31
If a peer is 127.0.0.1, don't try to store it because we (currently...) can't
2014-08-20 15:48:54 -07:00
Jon Hart
9db3dc7ad8
Store peer data note in the same format as originally
2014-08-20 15:10:45 -07:00
Jon Hart
758c3fa518
Only discard monlist replies that are impossibly short
...
This fixes the case where if a monlist reply only includes one peer
2014-08-20 15:02:21 -07:00
Jon Hart
7ad9300d37
Update ntp_monlist to use UDPScanner, NTP and DRDoS mixins
2014-08-20 14:41:00 -07:00
Jon Hart
8fd4ee87ab
Allow singular NTP version and mode 7 implementation testing
2014-08-20 12:21:39 -07:00
John Sawyer
1959f7a235
Updated shodan_search for new API
2014-08-20 00:48:13 -04:00
Tom Sellers
74920d26a4
Update to server/capture/imap.rb for new Credential system
2014-08-19 15:25:31 -05:00
Tom Sellers
3fdad4dc91
Update auxillary/scanner/ftp with Credential Gem
2014-08-19 13:13:05 -05:00
David Maloney
473b92a060
Merge branch 'master' into feature/MSP-10992/scanner-dry
...
Conflicts:
Gemfile.lock
lib/metasploit/framework/command/console.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/credential.rb
lib/metasploit/framework/credential_collection.rb
lib/metasploit/framework/login_scanner/afp.rb
lib/metasploit/framework/login_scanner/axis2.rb
lib/metasploit/framework/login_scanner/db2.rb
lib/metasploit/framework/login_scanner/ftp.rb
lib/metasploit/framework/login_scanner/http.rb
lib/metasploit/framework/login_scanner/mssql.rb
lib/metasploit/framework/login_scanner/mysql.rb
lib/metasploit/framework/login_scanner/pop3.rb
lib/metasploit/framework/login_scanner/postgres.rb
lib/metasploit/framework/login_scanner/result.rb
lib/metasploit/framework/login_scanner/smb.rb
lib/metasploit/framework/login_scanner/snmp.rb
lib/metasploit/framework/login_scanner/ssh.rb
lib/metasploit/framework/login_scanner/telnet.rb
lib/metasploit/framework/login_scanner/vnc.rb
lib/metasploit/framework/parsed_options/console.rb
lib/metasploit/framework/require.rb
lib/metasploit/framework/version.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/afp/afp_login.rb
modules/auxiliary/scanner/db2/db2_auth.rb
modules/auxiliary/scanner/ftp/ftp_login.rb
modules/auxiliary/scanner/http/axis_login.rb
modules/auxiliary/scanner/http/http_login.rb
modules/auxiliary/scanner/http/tomcat_mgr_login.rb
modules/auxiliary/scanner/mssql/mssql_login.rb
modules/auxiliary/scanner/mysql/mysql_login.rb
modules/auxiliary/scanner/pop3/pop3_login.rb
modules/auxiliary/scanner/postgres/postgres_login.rb
modules/auxiliary/scanner/snmp/snmp_login.rb
modules/auxiliary/scanner/ssh/ssh_login.rb
modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
modules/auxiliary/scanner/telnet/telnet_login.rb
modules/auxiliary/scanner/vnc/vnc_login.rb
modules/auxiliary/scanner/winrm/winrm_login.rb
spec/lib/metasploit/framework/credential_spec.rb
spec/lib/msf/core/framework_spec.rb
2014-08-19 10:30:16 -05:00
sinn3r
7330e3585f
Support Glassfish 4.0 and lots of other changes
2014-08-18 19:03:26 -05:00
James Lee
f169b8dff3
Fix hashes being stored as passwords
2014-08-18 15:52:13 -05:00
Tod Beardsley
cad281494f
Minor caps, grammar, desc fixes
2014-08-18 13:35:34 -05:00
joev
5bfbb7654e
Add android meterpreter to browser autopwn.
2014-08-18 11:09:16 -05:00
HD Moore
6d92d701d7
Merge feature/recog into post-electro master for this PR
2014-08-16 01:19:08 -05:00
Samuel Huckins
149c3ecc63
Various merge resolutions from master <- staging
...
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
jvazquez-r7
93990f4578
Land #3631 , @wchen-r7's fixes to avoid datastore options assignment at runtime
2014-08-12 14:46:02 -05:00
jvazquez-r7
b46b6af50d
Land #3630 , @wchen-r7's fix for datastore assignments on smb_enumusers
2014-08-12 14:26:55 -05:00
jvazquez-r7
33da1a6871
Give a chance to the mixin
2014-08-12 13:49:39 -05:00
David Maloney
fcfce9efec
Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry
2014-08-12 11:22:51 -05:00
cx
c937e80521
Added Fixes#2 mentioned by Firefart
...
Details:
* MSF's HTTP::Wordpress class included and wordpress related
variables are used.
2014-08-12 15:16:43 +03:00
sinn3r
4aeb1eda9c
Don't use datastore options as default values
2014-08-11 18:55:32 -05:00
cx
c90434c926
Added Fixes mentioned by Firefart
...
Details:
* string interpolation removed
* Minor styling issues are fixed
* peer var used
* target_uri added instead of datastore
2014-08-11 14:37:39 +03:00
Tod Beardsley
08bb815bd8
Add Yokogawa unauth admin module
2014-08-09 13:30:10 -05:00
Jon Hart
a5e9abc227
Update R7-2014-12 NTP modules to use new DRDoS mixin
2014-08-08 23:15:54 -07:00
Jon Hart
00452b41c9
Gut admin functions from R7-2014-12 NTP modules
...
None of these are admin modules. All of that stuff should eventually go
in auxiliary/admin
2014-08-08 21:22:11 -07:00
Jon Hart
ed3ccdc9e0
Initial commit of modules for NTP vulns described in R7-2014-12
...
Not entirely functional or polished, but mostly working
2014-08-08 21:00:43 -07:00
Jon Hart
3307726c21
Land #3627 , @wchen-r7's cleanup of ctypes in smb_enumshares
2014-08-08 19:17:15 -07:00
Jon Hart
b3bb20f569
Land #3629 , @wchen-r7's HTTP traversal fixes
2014-08-08 18:08:32 -07:00
Jon Hart
c35dc4d3ac
Extract query params separately
...
Prevents stomping on data
2014-08-08 18:07:25 -07:00
sinn3r
969e5ddd39
Override the correct smb_direct
2014-08-07 18:48:46 -05:00
sinn3r
3b27102c4c
Override the correct smb_direct
2014-08-07 18:47:33 -05:00
sinn3r
436e2abfff
Fix datastore options
2014-08-07 17:59:40 -05:00
sinn3r
1963318e70
Fix datastore options
2014-08-07 17:58:25 -05:00
sinn3r
ab8f2c7d3f
Datastore option fix
2014-08-07 17:57:44 -05:00
sinn3r
6f8c7f092a
Fix direct datastore assignments to pass msftidy
2014-08-07 17:51:45 -05:00
sinn3r
c79fe731c5
Um, this is the right way to do it.
2014-08-07 13:32:48 -05:00
sinn3r
f7bda738cf
Fix file handle leak
2014-08-07 13:30:34 -05:00
sinn3r
711630d059
Fix datastore assignments
2014-08-07 13:28:51 -05:00
sinn3r
c7090f57a5
Fix "text" ctype in smb_enumshares
...
"text" is not a valid ctype, should be text/plain
2014-08-07 11:25:55 -05:00
Christian Mehlmauer
a7be5b5164
Added fingerprinting
2014-08-07 18:12:58 +02:00
Christian Mehlmauer
d6e60453d6
Added Wordpress XMLRPC DoS
2014-08-07 11:38:44 +02:00
Brandon Turner
91bb0b6e10
Metasploit Framework 4.9.3-2014072301
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
/lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
aJ0QgKJz8thZgafZc89I
=e1z9
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
AjGcfOzhhcsY+WAQ7OG+
=Pjob
-----END PGP SIGNATURE-----
Merge tag '2014072301' into staging/electro-release
Conflicts:
Gemfile.lock
modules/post/windows/gather/credentials/gpp.rb
This removes the active flag in the gpp.rb module. According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
sinn3r
9b6259e58b
Land #3569 - Updated smb_enumshares to support spidering
2014-08-05 20:23:09 -05:00
sinn3r
f520616730
This fixes a few things, see commit message for more info
...
This commit fixes the following:
1. Not handling eval_host()'s nil file return value, which can causes
a NoMethodError at runtime due to various conditions.
2. Renames datastore option VERBOSE to ShowFiles to pass msftidy
3. Avoids overwriting datastore options directly to pass msftidy
2014-08-05 19:20:11 -05:00
aczire
6028c6b053
Updated as per Juan Vazquez's comments.
2014-08-05 09:57:23 +05:30
aczire
4674089fca
Updated as per Juan Vazquez's comments.
2014-08-05 09:49:59 +05:30
Alton Johnson
da845c7e89
Changed default VERBOSE option to false.
2014-08-04 18:06:35 -05:00
Jon Hart
b81c7e28f4
Land #3588 , @tobd-r7's Fix SpaceBeforeModifierKeyword Rubocop warning
2014-08-04 14:25:03 -07:00
jvazquez-r7
ed97751ead
Land #2999 , @j0hnf's modifiction to check_dir_file to handle file:
2014-08-04 11:55:18 -05:00
jvazquez-r7
cd45ed0e0a
Handle exceptions when connecting the SMBHSARE
2014-08-04 11:54:30 -05:00
jvazquez-r7
85b5c5a691
Refactor check_path
2014-08-04 11:48:13 -05:00
jvazquez-r7
1e29bef51b
Fix msftidy warnings
2014-08-04 11:46:27 -05:00
jvazquez-r7
04bf0b4ab6
Fix forgotten comma
2014-08-04 11:34:12 -05:00
HD Moore
3bc8d1fee9
See #RM8838. Handle null domain_sid properly
...
This switches to the local sid if the domain sid is null, even if
the ACTION is set to DOMAIN. This solves the issue identified in
```
[*] 192.168.0.4 PIPE(LSARPC) LOCAL(NAS - 5-21-2272853860-1115691317-1341221697) DOMAIN(WORKGROUP - )
[-] 192.168.0.4 No domain SID identified, falling back to the local SID...
[*] 192.168.0.4 USER=guest RID=501
[*] 192.168.0.4 GROUP=None RID=513
```
2014-08-02 14:25:17 -05:00
us3r777
cd2e225359
Refactored auxilliary jboss_bshdeployer
...
Switch modules/auxiliary/admin/http/jboss_bshdeployer.rb to use the
changes.
2014-08-02 11:10:49 +02:00
David Maloney
ab7111120b
and all the rest
...
finally!
2014-08-01 14:54:18 -05:00
David Maloney
4821851ae4
telnet and ssh next
2014-08-01 14:47:08 -05:00
David Maloney
12902b0a6d
the refactor continues!
2014-08-01 14:41:03 -05:00
David Maloney
b74813b9a1
mysql and pop3 now
2014-08-01 14:30:33 -05:00
David Maloney
2e7738c788
http and mssql now
2014-08-01 14:22:58 -05:00
David Maloney
33f73a8af7
refactor db2
2014-08-01 13:00:27 -05:00
David Maloney
439b893fea
refactor axislogin
2014-08-01 12:30:16 -05:00
David Maloney
0fffb179fa
refactor afp_login
2014-08-01 12:10:52 -05:00
David Maloney
c3691ba056
finish refactoring ftp_login
2014-08-01 12:06:13 -05:00
David Maloney
a380646667
start refactoring ftp loginscanner
2014-08-01 11:47:13 -05:00
jvazquez-r7
4ed085d0d2
Land #3581 , @FireFart's update for W3 Total Cache Hash extract module
2014-07-30 10:45:11 -05:00
jvazquez-r7
674c3ca260
Use [] for references
2014-07-30 10:44:42 -05:00
jvazquez-r7
1fe459eb42
Add info to know where the info comes from
2014-07-29 18:47:40 -05:00
Tod Beardsley
adf03e28ce
Fix SpaceBeforeModifierKeyword Rubocop warning
...
This also deals with some errant tabs where internal spaces should be,
as well as one syntax error which was preventing an old meterpreter
script from ever working correctly.
Some day, we need to get rid of those Meterpeter scripts. Srsly.
2014-07-29 17:10:54 -05:00
Christian Mehlmauer
3d2a62bc29
Updated W3 Total Cache Hash extract module
2014-07-29 19:49:48 +02:00
us3r777
9e9244830a
Added spec for lib/msf/http/jboss
...
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
Christopher Truncer
7129108c58
Fixed status in MSF db for Nessus
2014-07-28 13:49:24 -04:00
cx
7247f8879b
Empty line fix
...
Details:
* Empty line fix added to each_user_pass function
2014-07-28 12:50:41 +03:00
cx
5679a72aa8
Added Fixes mentioned by jhart-r7
...
Details:
* res && res.body fix
* empty return removed
* vprint added/changed
* is_? convention fixed
* Unknown error removed
* Minor styling issues are fixed
* VERBOSE Option Removed
2014-07-27 00:40:37 +03:00
Alton Johnson
555e6c9cff
Modified a few things based on suggestions.
2014-07-25 18:23:12 -05:00
Alton Johnson
58502f139a
Updated.
2014-07-25 15:46:50 -05:00
cx
cdabfb84f4
Add Wordpress XML-RPC Login Scanner
...
This module attempts to authenticate against a Wordpress-site (via
XMLRPC) using username and password combinations indicated by the
USER_FILE, PASS_FILE, and USERPASS_FILE options.
The module, checks for XMLRPC response using `demo.sayHello` function
and sweeps users with `wp.getUsers` function.
If `verbose` is set `true`, the raw XML response will be printed.
The module might be usefull when the target's administration page
is protected.
2014-07-25 16:24:09 +03:00
Alton Johnson
d0cd5cfc7a
Updated.
2014-07-24 21:53:23 -05:00
Alton Johnson
cdc56df09f
Updated smb_enumshares.rb
2014-07-24 21:18:02 -05:00
Alton Johnson
51c488a5ea
Added smb_enumshares.
2014-07-24 21:11:18 -05:00
ikkini
03f68e21e7
Merge branch 'rsync_modules' of https://github.com/ikkini/metasploit-framework into rsync_modules
2014-07-24 23:29:14 +02:00
ikkini
ccb26637e7
List all (listable) modules from a rsync daemon
2014-07-24 23:26:41 +02:00
us3r777
cd2ec0a863
Refactored jboss mixin and modules
...
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
2014-07-24 22:58:58 +02:00
Jon Hart
bd1970ced9
Fix basic HTTP directory traversal detection
2014-07-24 13:22:58 -07:00
ikkini
6692545eb6
Delete rsync_list.rb
2014-07-24 22:10:08 +02:00
ikkini
f12b97e8c0
List all (listable) modules from a rsync daemon
2014-07-24 22:04:00 +02:00
Samuel Huckins
6c1a3f4992
Merge pull request #3555 from jlee-r7/bug/MSP-10817/jtr-typo
...
Now able to complete without error.
MSP-10817 #land
2014-07-23 15:55:42 -05:00
James Lee
eee72a86ba
Fix the case when john cracks only half of LM
2014-07-23 15:25:32 -05:00
us3r777
b526fc50f8
Refactored jboss mixin and modules
...
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
2014-07-22 23:08:42 +02:00
David Maloney
e54f5e8ee7
working snmp_login module
2014-07-22 12:44:21 -05:00
David Maloney
c553fcac73
start refacotirng snmp_login
2014-07-22 11:46:22 -05:00
James Lee
917d2c718b
Use All4 instead of LanMan
...
... Which was the original behavior. A full incremental LanMan can take
many hours instead of the few seconds this module was intended to run.
2014-07-21 18:24:35 -05:00
us3r777
ae2cd63391
Refactored Jboss mixin
...
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
jvazquez-r7
fe0b6fa79e
Land #3532 , @luisco's joomla login bruteforcer
2014-07-21 12:56:15 -05:00
jvazquez-r7
aefaa3dd96
Make rubocop more happy
2014-07-21 12:55:45 -05:00
Tod Beardsley
ffafd4c01f
Add NTP fuzzer from @jhart-r7
...
Looks good to me!
2014-07-21 12:38:12 -05:00
jvazquez-r7
478e43170a
Report credentials to database
2014-07-21 12:26:13 -05:00
jvazquez-r7
63fca1bfdd
Make some datastore options required
2014-07-21 12:10:52 -05:00
jvazquez-r7
436ac706e8
Rescue Rex::ConnectionError while finding the uri
2014-07-21 12:00:24 -05:00
jvazquez-r7
30de4cdf8d
Fix get_login_hidden
2014-07-21 11:57:37 -05:00
jvazquez-r7
ff3a21b520
Refactor do_web_login
2014-07-21 11:35:19 -05:00
jvazquez-r7
22f41e4435
Use vars_post
2014-07-21 11:07:00 -05:00
jvazquez-r7
92fd3bc72b
Deleting REQUEST_TYPE option because I don't think has sense here
2014-07-21 10:53:43 -05:00
jvazquez-r7
986b8e5d02
First style issues cleanup
2014-07-21 09:49:05 -05:00
HD Moore
5ba96d6054
Fix peer(rhost)->peer() usage in mediawiki_svg_fileaccess
2014-07-19 15:56:41 -05:00
root
7a5f3b8991
Implementing Ruby Style Guide and replace send_request_raw send_request_cgi
2014-07-18 14:31:38 -05:00
us3r777
088f208c7c
Added auxiliary module jboss_bshdeployer
...
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
root
1f02891dc7
Change name of module and implementation of the recommended changes 2
2014-07-18 00:17:35 -05:00
root
0168a99eaa
Change name of module and implementation of the recommended changes
2014-07-17 23:49:25 -05:00
root
f2eabdba94
implementation of the recommended changes
2014-07-17 23:36:37 -05:00
jvazquez-r7
ad2e7c3713
print header only if there are results...
2014-07-17 18:02:24 -05:00
midnitesnake
36f6bcca15
Applied Jon Hart's recommendations
2014-07-17 20:29:26 +01:00
Jon Hart
06fd1ead9d
Address more style issues
2014-07-17 09:37:27 -07:00
jvazquez-r7
7e6e154a39
Fix null pointer dereference
2014-07-17 08:51:12 -05:00