Commit Graph

5709 Commits (b43522a2b8e3db12207150c3ac0d92fb71ef49b3)

Author SHA1 Message Date
jvazquez-r7 65dbb1a83f Do print_status 2014-11-10 11:26:53 -06:00
jvazquez-r7 7aed1e9581 Create loot_passwords method 2014-11-10 11:21:44 -06:00
jvazquez-r7 92df11baa7 Create report_super_admin_creds method 2014-11-10 11:16:25 -06:00
jvazquez-r7 8f17011909 do run clean up
* Reduce code complexity
* Don't report not valid administrator credentials
2014-11-10 11:12:04 -06:00
jvazquez-r7 635df2f233 Fail with NoAccess 2014-11-10 09:50:26 -06:00
jvazquez-r7 9c033492d2 Fix indentation 2014-11-10 09:48:22 -06:00
jvazquez-r7 2236518694 Check res.body before accessing #to_s 2014-11-10 09:47:05 -06:00
jvazquez-r7 8b8ab61e3d Favor && over and 2014-11-10 09:45:12 -06:00
jvazquez-r7 ee4924582a Use target_uri 2014-11-10 09:43:44 -06:00
jvazquez-r7 8ddd6a4655 Redefine RPORT having into account it is builtin 2014-11-10 09:42:30 -06:00
jvazquez-r7 eb36a36272 Change title 2014-11-10 09:40:22 -06:00
Pedro Ribeiro b3c27452cd Add full disclosure URL 2014-11-09 10:40:41 +00:00
Deral Heiland 5bf8901822 Fixed several recommended changes by jvazquez-r7, Also Correct a XML parsing issue 2014-11-09 02:43:36 -05:00
Pedro Ribeiro f680b666c7 Add github adv URL 2014-11-08 11:29:36 +00:00
Pedro Ribeiro 143033f657 Rename manageengine_pmp_sadmin.rb to manageengine_pmp_privesc.rb 2014-11-08 11:28:04 +00:00
Pedro Ribeiro 2843437ca9 Create exploit for CVE-2014-8499 2014-11-08 11:24:50 +00:00
Pedro Ribeiro e7b448537f Add OSVDB ids 2014-11-08 11:05:34 +00:00
jvazquez-r7 9d6e0664a4 Guess service name and port 2014-11-07 20:56:01 -06:00
jvazquez-r7 a44640c9fc Use single quotes 2014-11-07 20:48:04 -06:00
jvazquez-r7 7c1c08fc19 Use single quotes without interpolation 2014-11-07 20:46:47 -06:00
jvazquez-r7 0373156cce Use unless over if not 2014-11-07 20:42:08 -06:00
jvazquez-r7 f5a920da99 Use || operator 2014-11-07 20:41:44 -06:00
jvazquez-r7 64754a5609 Delete unnecessary begin..end block 2014-11-07 20:38:36 -06:00
jvazquez-r7 0919f74a3d Delete unused variable 2014-11-07 20:37:57 -06:00
jvazquez-r7 22b875d0f3 Reduce code complexity 2014-11-07 20:37:40 -06:00
jvazquez-r7 b1517e6ace Delete unnecessary nil comparision 2014-11-07 20:34:13 -06:00
jvazquez-r7 aa1fec7f02 Use fail_with 2014-11-07 20:33:33 -06:00
jvazquez-r7 d630eac272 Reduce code complexity 2014-11-07 20:32:15 -06:00
jvazquez-r7 cea30b5427 Use built-in format for RPORT 2014-11-07 20:30:32 -06:00
jvazquez-r7 e99cc00a57 No more than 100 columns on description 2014-11-07 20:29:38 -06:00
Pedro Ribeiro c00a3ac9cd Add full disclosure URL 2014-11-07 08:06:21 +00:00
Pedro Ribeiro 8a0249cdbf Address Juan's points 2014-11-06 21:02:28 +00:00
Pedro Ribeiro e71ba1ad4a Push exploit for CVE-2014-6038/39 2014-11-05 20:12:03 +00:00
Tod Beardsley cca30b536f
Land #4094, fixes for OWA brute forcer
Fixes #4083

Thanks TONS to @jhart-r7 for doing most of the work on this!
2014-11-05 14:00:26 -06:00
Jon Hart ff8d481eec Update description to remove comments about defaults. Default to 2013 2014-11-04 21:21:19 -08:00
Fatih Ozavci d91ffa893b Viproy is removed from names
Author sections are fixed
2014-11-05 15:44:32 +11:00
Jon Hart 2c028ca7a6 Move redirect check before body check -- a redirect won't have a body 2014-11-04 14:19:21 -08:00
Jon Hart 7855ede2de Move userpass emptiness checking into setup 2014-11-04 14:07:39 -08:00
William Vu ebb8b70472
Land #4015, another Android < 4.4 UXSS module 2014-11-04 15:52:29 -06:00
Tod Beardsley f8593ca1b5
Land #4109, tnftp savefile exploit from @wvu-r7 2014-11-04 15:44:13 -06:00
Tod Beardsley 5fb268bbdf
Updates to better OWA fix 2014-11-04 14:32:54 -06:00
nullbind 56a02fdb4a added mssql_escalate_executeas_sqli.rb 2014-11-04 13:38:13 -06:00
Jon Hart b0e388f4c3
Land #3516, @midnitesnake's snmp_enumusers fix for Solaris, OS X 2014-11-04 08:23:16 -08:00
nullbind 15119d2a0f comment fix-sorry 2014-11-04 09:07:08 -06:00
nullbind f108d7b20a fixed code comment 2014-11-04 08:51:27 -06:00
Tod Beardsley 51b96cb85b
Cosmetic title/desc updates 2014-11-03 13:37:45 -06:00
nullbind fbe3adcb4c added mssql_escalate_executeas module 2014-11-03 11:29:15 -06:00
Jon Hart 8f197d4918 Move to build_probe 2014-11-03 08:41:51 -08:00
sinn3r 6f013cdcaf Missed these 2014-10-31 18:48:48 -05:00
sinn3r d6a830eb6e Rescue the correct exception: Rex::HostUnreachable 2014-10-31 16:43:33 -05:00
Jon Hart 121ebdfef6 update_info 2014-10-31 13:17:50 -07:00
Jon Hart b99e71dcdd Example UDPScanner style cleanup, move most to UDPScanner 2014-10-31 12:14:04 -07:00
Jon Hart ff0b52cffb Example per-batch vprint, a useful default 2014-10-31 10:31:31 -07:00
Jon Hart 94d4388af9 Improvements to example UDPScanner 2014-10-31 09:53:10 -07:00
Joe Vennix 1e9f9ce425
Handle invalid JSON errors and fix typo. 2014-10-31 11:01:49 -05:00
Jon Hart d9f0a10737 Add new example template for scanning UDP services 2014-10-31 08:06:31 -07:00
William Vu 953a642b0e
Finally write a decent description 2014-10-30 22:51:42 -05:00
William Vu e3ed7905f1
Add tnftp_savefile exploit
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
sinn3r 92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor 2014-10-30 13:52:07 -05:00
sinn3r 470a067384 Final changes 2014-10-30 13:51:44 -05:00
sinn3r 912f6c8eee
Land #4085 - Xerox Administrator Console Password Extract 2014-10-30 13:37:32 -05:00
sinn3r 02b1c5c4bc Final changes 2014-10-30 13:37:02 -05:00
sinn3r 127d1640da Print password 2014-10-30 13:27:40 -05:00
Deral Heiland a6980b9eb8 Updated to module based feedback from wchen-r7 2014-10-30 12:59:11 -04:00
Joe Vennix 6dc13f90cd
Update descriptions to mention Webview bugginess. 2014-10-30 10:55:56 -05:00
Joe Vennix 0ad9f95806
Remove stray alert() for debugging. 2014-10-30 10:52:06 -05:00
Joe Vennix 88040fbce0
Add another Android < 4.4 UXSS exploit. 2014-10-30 10:34:14 -05:00
Jon Hart 15e1c253fa Numerous cleanups for snmp_enumusers
* Bring in line with Ruby standards
* More sane format for adding new OSs
* Better logging for use on larger networks
* Better error handling
2014-10-29 23:54:32 -07:00
Peter Arzamendi 9d56f0298a Changed upper XXX to lower XXX. 2014-10-29 20:09:02 -05:00
Deral Heiland 6c13c14be1 Konica MFP ftp and SMB credential gathering module 2014-10-29 16:12:16 -04:00
Peter Arzamendi b35a8935db Updated get_once for get_once undefined method and EOFError 2014-10-29 13:47:07 -05:00
Peter Arzamendi 2bc8767751 Updated rescue to catch other errors from the socket API 2014-10-29 08:03:28 -05:00
Jon Hart ba5035c7ef
Prevent calling match when there is no WWW-auth header 2014-10-28 17:13:57 -07:00
Jon Hart a5d883563d
Abort if 2013 desired but redirect didn't happen 2014-10-28 15:59:22 -07:00
Jon Hart 7ca4ba26b0
Show more helpful vprint messages when login fails 2014-10-28 15:48:04 -07:00
Jon Hart bce8f34a71
Set proper Cookie header from built cookie string 2014-10-28 15:41:36 -07:00
Jon Hart a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response 2014-10-28 15:40:15 -07:00
Peter Arzamendi 604cad9fbb Updated timeout to default to 45 seconds to wait for the print job to finish. 2014-10-28 15:45:28 -05:00
Peter Arzamendi b17d6a661d Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds. 2014-10-28 15:23:47 -05:00
Peter Arzamendi 0e42cf25d1 Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri 2014-10-28 15:13:16 -05:00
Tod Beardsley 9c028c1435
Fixes #4083, make the split nil-safe
In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.

This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.
2014-10-28 14:59:20 -05:00
Peter Arzamendi 1012cd8d6b Updated based on wchen-r7 feedback. 2014-10-28 11:38:50 -05:00
Tod Beardsley dade6b97ba
Land #4088, wget exploit
Fixes #4077 as well.
2014-10-28 09:03:07 -05:00
sinn3r e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner 2014-10-28 01:45:57 -05:00
Jonathan Claudius d799625507 Switch to vprint_good for verbose good things 2014-10-28 01:53:54 -04:00
Jonathan Claudius 0fa461737e Fix null arguments syntax 2014-10-28 01:49:54 -04:00
Jonathan Claudius 7a727f9bff Make msftidy happy 2014-10-28 01:48:13 -04:00
Jonathan Claudius 595b4d2bbd Clean up aux check review comments 2014-10-28 01:44:52 -04:00
HD Moore 64c206fa62 Add module for CVE-2014-4877 (Wget) 2014-10-27 23:37:41 -05:00
Fatih Ozavci 329b9ac292 Actions updates of the Viproy CUCDM exploits 2014-10-28 14:11:07 +11:00
Fatih Ozavci 703393e9f1 First revision of the Viproy CUCDM exploits 2014-10-28 13:53:13 +11:00
Peter Arzamendi 0b225d94b1 Xerox Admin password extractor. 2014-10-27 19:26:40 -05:00
jvazquez-r7 b990b14a65
Land #3771, @us3r777's deletion of jboss_bshdeployer STAGERNAME option 2014-10-27 18:09:35 -05:00
parzamendi-r7 f7f6cff327 Update xerox_workcentre_5XXX_ldap.rb 2014-10-27 17:23:47 -05:00
Peter Arzamendi f119abbf8c Xerox workcentre 5735 LDAP credential extractor 2014-10-27 15:52:12 -05:00
Jon Hart b8c9ef96ca
Land #4003, @nstarke's Login Scanner for WD MyBook Live NAS 2014-10-27 09:57:43 -07:00
scriptjunkie 4dfbce425a use vprintf... 2014-10-26 09:20:32 -05:00
scriptjunkie c31fb0633d Merge branch 'wp-psexeccmd' of github.com:webstersprodigy/metasploit-framework into webstersprodigy-wp-psexeccmd 2014-10-26 09:05:25 -05:00
Fatih Ozavci 1db09fee01 Viproy VoIP Pen-Test Kit - Cisco CUCDM Exploits 2014-10-24 11:46:52 +11:00
Jon Hart 83df08aaa7 Properly encode body and catch invalid configs 2014-10-22 22:43:06 -07:00
sinn3r 0ea03c00a5 Use print_brute instead of print_good for format consistency 2014-10-22 16:14:45 -05:00
Jon Hart ce8a9941ea Cleanup. Sanity check in setup. vprint 2014-10-22 10:36:24 -07:00
James Lee 46acf08e2d Merge remote-tracking branch 'upstream/master' into bug/msp-11497/loginscanner-tcp-evasions 2014-10-22 09:09:34 -05:00
nstarke ee3dd3a2ac More Fixes for WD MyBook Live Scanner
Fixes include removing deregistered options
from credentials collection object and adding proof
 when there is no response
2014-10-22 03:06:21 +00:00
James Lee 0fcd1ac4f6
Restore tcp evasions to smb_login 2014-10-21 18:59:11 -05:00
James Lee e1a7e902d6
Re-enable tcp evasions for more LoginScanners
Untested since I don't have targets for these.
2014-10-21 18:58:28 -05:00
sinn3r 6d11ec8477 These mods support Proxies, so make the option visible for the user 2014-10-21 15:39:24 -05:00
sinn3r db7c420d8d Merge the latest changes 2014-10-21 13:49:42 -05:00
James Lee f9f8c413a8
Derp, ssh modules don't include Tcp for #proxies 2014-10-21 13:28:13 -05:00
sinn3r 79d393c5aa Resolve merge conflicts
Conflicts:
	lib/msf/core/exploit/smb.rb
	lib/msf/core/exploit/tcp.rb
	modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
James Lee 4705aeb762
Restore tcp evasions to ftp, pop3, vnc 2014-10-21 11:06:55 -05:00
James Lee 7d150ce0dd
Add tcp evasions to mysql 2014-10-21 10:05:18 -05:00
James Lee e76ee294a1
Restore tcp evasions to telnet 2014-10-21 09:44:55 -05:00
nstarke 82b74d5f3c Fixes to MyBook Live Module
This commit contains three fixes as requested on PR
#4003.  Those include:

+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
nstarke 70b13819d9 Adding Login Scanner for MyBook Live
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
jvazquez-r7 d6f4c02c2a
Land #3979, @wchen-r7 fixes #3976, http_login not using TARGETURI, neither uri normalization 2014-10-20 18:10:57 -05:00
jvazquez-r7 74ac16081f
Land #3981, @wchen-r7 Fixes #3974, axis_login.rb does not normalize URI 2014-10-20 17:51:13 -05:00
jvazquez-r7 00f137cdcf
Land #4040, @nullbind's MS SQL privilege escalation through SQLi 2014-10-20 16:23:50 -05:00
jvazquez-r7 acc590b59c Modify metadata 2014-10-20 16:22:10 -05:00
jvazquez-r7 1381c7fb37 Modify title 2014-10-20 16:17:47 -05:00
jvazquez-r7 323680c31a Clean code 2014-10-20 16:17:06 -05:00
HD Moore 935a23296d
Updates to NAT-PMP, lands #4041 2014-10-20 11:26:26 -05:00
sinn3r 6b9742b444
Land #3966 - Add exploit for CVE-2014-4872 BMC / Numara Track-It! 2014-10-20 11:23:23 -05:00
James Lee 3051b6c5ba
Clean up exceptions
Of particular note is mysql, who was rescuing Rex::ConnectionTimeout
*after* Rex::ConnectionError, which never would have fired anyway.
2014-10-20 10:27:02 -05:00
James Lee b7d69bec83
Restore proxies to ssh scanners 2014-10-20 10:19:06 -05:00
nullbind 036d43ba37 fixed logic bug 2014-10-19 20:56:29 -05:00
Jon Hart 2985b39267
Land #3980, @wchen-r7 fixed #3975 2014-10-19 17:11:06 -07:00
ikkini c2174c7910 return if no version response received 2014-10-19 00:29:36 +02:00
nullbind 1e2f1eaee0 cleaning up 2014-10-18 12:00:11 -05:00
James Lee 329a600b84
Add tcp evasion options to mssql_login 2014-10-17 17:40:21 -05:00
William Vu 10f3969079
Land #4043, s/http/http:/ splat
What is a splat?
2014-10-17 13:41:07 -05:00
William Vu 367ea5d3db
Add disclosure date 2014-10-17 12:35:28 -05:00
Tod Beardsley ccdaf2b576
Fix the banner
Turns out these will be broken in outstanding PRs for a while. At least
they won't be merge conflicts.
2014-10-17 12:23:23 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley ad501b25e4
Filename move to be less redundant 2014-10-17 11:25:14 -05:00
nullbind bf92769ba2 added mssql_escalate_dbowner_sqli 2014-10-17 10:25:20 -05:00
Jon Hart 8fdae8fbfb Move protocol and lifetime to mixin, use correct map_target if CHOST 2014-10-16 13:24:17 -07:00
James Lee 40b360555f
Make the error message a little more useful 2014-10-16 12:47:13 -05:00
Tod Beardsley 8cf10be779
Don't assume SSLv3 is set (kill FP+s) 2014-10-16 10:43:58 -05:00
Tod Beardsley 0b67efd51e
Add a POODLE scanner and general SSL version scan 2014-10-16 10:27:37 -05:00
James Lee 41a57b7ba5
Re-enable proxies for HTTP-based login scanners 2014-10-15 17:00:44 -05:00
Jon Hart 07f2d4dafe
Further improvements to NAT-PMP. Faster, more useful, less not useful 2014-10-15 06:39:38 -07:00
Tod Beardsley 592f1e9893
Land #3999, errors on login suppressed by default
This also solved the merge conflict on:

	modules/auxiliary/scanner/http/jenkins_login.rb

Fixes #3995.
2014-10-14 16:35:09 -05:00
Jon Hart ea6824c46f WIP of NAT-PMP rework 2014-10-14 14:20:24 -07:00
William Vu bdbad5a81d
Fix misaligned bracket 2014-10-14 13:43:59 -05:00
Tod Beardsley 9f6008e275
A couple OSVDB updates for recent modules 2014-10-14 13:39:36 -05:00
Tod Beardsley 56534e7ad3
Changed a login failed to vprint instead of print
People often like to supress failed attempts. Note that this change may
or may not have any effect, given the status of #3995.

This module was introduced in PR #3947.
2014-10-14 12:01:09 -05:00
Tod Beardsley 6ea3a78b47
Clarify the description on HP perfd module
Introduced in #3992
2014-10-14 11:58:52 -05:00
Nikita 621b9523b1 Update tnspoison_checker.rb 2014-10-13 22:05:08 +04:00
Nikita 1996886ae9 Update tnspoison_checker.rb 2014-10-13 12:53:39 +04:00
Nikita 22aabc7805 Add new module to test TNS poison
This module simply checks the server for vulnerabilities like TNS Poison
2014-10-13 12:21:07 +04:00
Jon Hart d51d2bf5a0
Land #3990, @wchen-r7's fix for #3984, a busted check in drupal_views_user_enum 2014-10-12 19:38:55 -07:00
Jon Hart 76275a259a
Minor style cleanup of help and a failure message 2014-10-12 18:34:13 -07:00
Jon Hart c3a58cec9e
Make note of other commands to investigate 2014-10-11 13:07:52 -07:00
Jon Hart c80a5b5796 List commands in sorted order 2014-10-11 13:00:30 -07:00
Jon Hart 4ffc8b153c
Support running more than one perfd command in a single pass 2014-10-11 11:38:00 -07:00
Jon Hart c72593fae4
Store just banner for service, loot the rest. Also, minor style. 2014-10-11 11:12:49 -07:00
Jon Hart 9550c54cd2
Correct indentation and whitespace 2014-10-11 10:39:12 -07:00
sinn3r 9500038695 Fix #3995 - Make negative messages less verbose
As an user testing against a large network, I only want to see
good news, not bad news.
2014-10-11 11:11:09 -05:00
Roberto Soares Espreto 7bd0f2c114 Changed Name, array in OptEnum and operator 2014-10-11 09:03:18 -03:00
Roberto Soares Espreto cbde2e8cd1 Variable cmd now with interpolation 2014-10-10 18:21:16 -03:00
Roberto Soares Espreto 291bfed47e Using Rex.sleep instead of select 2014-10-10 15:17:40 -03:00
Roberto Soares Espreto bd315d7655 Changed print_good and OptEnum 2014-10-10 13:54:42 -03:00
Roberto Soares Espreto 08fdb4fab2 Add module to enumerate environment HP via perfd daemon 2014-10-10 13:09:36 -03:00
sinn3r 260aa8dc22 Fix #3984 - Fix broken check for drupal_views_user_enum 2014-10-10 10:23:20 -05:00
nstarke 472985a8a8 Adding Buffalo Linkstation NAS Login Scanner
I have added a login scanner for the Buffalo Linkstation
NAS.  I have been testing against version 1.68 of the
firmware.  Also included are some specs for this module.
2014-10-10 03:16:48 +00:00
Tod Beardsley aefd15c185
Land #3376, ARRIS SNMP enumerator from @inokii 2014-10-09 15:28:06 -05:00
sinn3r 7d8eadada6 Fix #3974 - Validate and normalize URI for axis_login 2014-10-09 14:33:39 -05:00
sinn3r c9c34beafa Fix #3975 - Register TARGETURI, not URI
The module should register TARGETURI and call #target_uri for
URI validation.
2014-10-09 14:10:29 -05:00
Pedro Ribeiro 8163b7de96 Thanks for helping me clean up Todd! 2014-10-09 18:20:31 +01:00
sinn3r d366cdcd6e Fix #3976 - validate and normalize user-supplied URI for http_login.rb
URI should be validated and normalized before being used in an HTTP
request.
2014-10-09 12:14:33 -05:00
Pedro Ribeiro 9d1e206e43 Incorporate cred changes and other minor fixes 2014-10-09 17:59:38 +01:00
Spencer McIntyre a535d236f6
Land #3947, login scanner for jenkins by @nstarke 2014-10-09 12:59:02 -04:00
Spencer McIntyre 6ea530988e Apply rubocop changes and remove multiline print 2014-10-09 12:57:39 -04:00
jvazquez-r7 3305b1e9c3
Land #3984, @nullbind's MSSQL privilege escalation module 2014-10-09 11:39:15 -05:00
jvazquez-r7 10b160bedd Do final cleanup 2014-10-09 11:38:45 -05:00
jvazquez-r7 bbe435f5c9 Don't rescue everything 2014-10-09 11:25:13 -05:00
jvazquez-r7 0cd7454a64 Use default value for doprint 2014-10-09 11:04:42 -05:00
jvazquez-r7 db6f6d4559 Reduce code complexity 2014-10-09 10:59:14 -05:00
jvazquez-r7 615b8e5f4a Make easy method comments 2014-10-09 10:48:00 -05:00
jvazquez-r7 dd03e5fd7d Make just one connection 2014-10-09 10:46:51 -05:00
sinn3r df0d4f9fb2 Fix #3973 - Unneeded datastore option URI
When Glassfish is installed, the web root is always /, so there is
no point to make this arbitrary.
2014-10-09 00:06:15 -05:00
nullbind 168f1e559c fixed status 2014-10-08 21:19:50 -05:00
nullbind 3ebcaa16a1 removed scanner 2014-10-08 21:18:56 -05:00
nstarke 328be3cf34 Fine Tuning Jenkins Login Module
At the request of the maintainers, I have deregistered the
RHOST option and made the failure proof a verbose only
print.
2014-10-08 17:53:21 -05:00
Pedro Ribeiro 4817e1e953 Update trackit_sql_domain_creds.rb 2014-10-08 21:41:04 +01:00
Tod Beardsley a901916b0b
Remove nonfunctional jtr_unshadow
This module hasn't been doing anything but print_error a go away message
since June, so may as well get rid of it.
2014-10-08 10:23:29 -05:00
Brendan Coles 3c7be9c4c5 Remove hash rockets from references #3766
[SeeRM #8776]
2014-10-08 09:01:19 +00:00
Pedro Ribeiro 6af6b502c3 Remove spaces at EOL 2014-10-08 08:30:30 +01:00
Pedro Ribeiro 713ff5134a Add OSVDB id 2014-10-08 08:24:44 +01:00
Pedro Ribeiro bd812c593c Add full disclosure URL 2014-10-08 08:24:04 +01:00
Pedro Ribeiro bbac61397d Restore :address to rhost and explain why 2014-10-08 08:23:43 +01:00
Pedro Ribeiro 9cb0ad1ac2 Change the reporting address to the real value 2014-10-08 01:18:17 +01:00
Pedro Ribeiro 6e9bebdaf9 Fix noob mistake in assignment 2014-10-08 01:04:15 +01:00
Pedro Ribeiro 7dbfa19e65 Add exploit for Track-It! domain/sql creds vuln 2014-10-07 23:54:43 +01:00
nullbind 031fb19153 requested updates 2014-10-06 23:52:30 -05:00
William Vu 399a61d52e
Land #3946, ntp_readvar updates 2014-10-06 21:57:57 -05:00
nstarke e1b0ba5d3d Removing 'require pry'
I accidentally left a reference to pry in my code.
Removing
2014-10-06 21:40:39 -05:00
nstarke b8c2643d56 Converting Module to LoginScanner w/ Specs
The previous commits for this Jenkins CI module relied on an
obsolete pattern.  Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
sinn3r d3354d01f0 Fix #3808 - NoMethodError undefined method `map'
NoMethodError undefined method `map' due to an incorrect use of
load_password_vars
2014-10-06 15:42:51 -05:00
Jon Hart 8c8ccc1d54
Update Authors 2014-10-06 11:30:39 -07:00
nstarke 69400cf280 Fixing Author Declaration
I had accidentally listed myself three times as the author.
Fixing that issue so that I am only declaring myself once.
2014-10-05 23:17:28 -05:00
nstarke c0a3691817 Adding Jenkins-CI Login Scanner
Per Github issue #3871 (RM8774), I have added a
login scanner module for Jenkins-CI installations.
2014-10-05 22:08:34 -05:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
Jon Hart a341756e83
Support spoofing source IPs for NTP readvar, include status messages 2014-10-03 14:05:57 -07:00
Jon Hart fa4414155a
Only include the exact readvar payload, not any padding 2014-10-03 13:58:13 -07:00
Jon Hart 65c1a8230a
Address most Rubocop complaints 2014-10-03 13:47:29 -07:00
Jon Hart 0715c671c6
Update NTP readvar module to detect DRDoS, UDPScanner to be faster 2014-10-03 13:28:30 -07:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
William Vu 5df614d39b
Land #3928, release fixes 2014-10-01 17:21:08 -05:00
HD Moore 77bb2df215 Adds support for both CVEs, lands #3931 2014-10-01 17:06:59 -05:00
William Vu 51bc5f52c1
Add CVE-2014-6278 support
Going with an OptEnum to simplify the code for now...
2014-10-01 16:40:55 -05:00
James Lee 7e05ff343e
Fix smbdirect
Also some whitespace and a typo in output message
2014-10-01 16:02:59 -05:00
Tod Beardsley 4fbab43f27
Release fixes, all titles and descs 2014-10-01 14:26:09 -05:00
sinn3r be1df68563 Remove auxiliary/scanner/elasticsearch/indeces_enum.rb
Time is up, so good bye.
2014-09-30 17:24:21 -05:00
William Vu 5ea968f3ee
Update description to prefer the exploit module 2014-09-30 11:34:28 -05:00
William Vu 162e42080a
Update title to reflect scanner status 2014-09-30 11:04:17 -05:00
William Vu 12d7073086
Use idiomatic Ruby for the marker 2014-09-29 22:32:07 -05:00
William Vu 71d6b37088
Fix bad header error from pure Bash CGI script 2014-09-29 22:25:42 -05:00
William Vu df44dfb01a
Add OSVDB and EDB references to Shellshock modules 2014-09-29 21:39:07 -05:00
Christian Mehlmauer b266233e95 fix bug 2014-09-30 00:21:52 +02:00
HD Moore 878f3d12cd Remove kind_of? per @trosen-r7 2014-09-29 15:39:10 -05:00
HD Moore 77efa7c19a Change if/else to case statement 2014-09-29 15:37:58 -05:00
sinn3r 21b2d9eb3f
Land #3899 - WordPress custom-contact-forms Plugin SQL Upload 2014-09-29 14:40:28 -05:00
HD Moore 64dbc396dd Add header specification to check module, lands #3902 2014-09-27 12:58:29 -05:00
William Vu 044eeb87a0
Add variable HTTP header
Also switch from OptEnum to OptString for flexibility.
2014-09-27 12:39:24 -05:00
Christian Mehlmauer c51c19ca88 bugfix 2014-09-27 14:56:34 +02:00
Christian Mehlmauer 9a424a81bc fixed bug 2014-09-27 13:46:55 +02:00
Christian Mehlmauer 1c30c35717 Added WordPress custom_contact_forms module 2014-09-27 13:42:49 +02:00
sinn3r c75a0185ec
Land #3897 - Fix check for apache_mod_cgi_bash_env & apache_mod_cgi_bash_env_exec 2014-09-26 17:06:23 -05:00
jvazquez-r7 80d9af9b49 Fix spacing in description 2014-09-26 17:03:28 -05:00
jvazquez-r7 9e540637ba Add module for CVE-2014-5377 ManageEngine DeviceExpert User Credentials 2014-09-26 17:02:27 -05:00
jvazquez-r7 3259509a9c Use return 2014-09-26 16:04:15 -05:00
jvazquez-r7 0a3735fab4 Make it better 2014-09-26 16:01:10 -05:00
jvazquez-r7 3538b84693 Try to make a better check 2014-09-26 15:55:26 -05:00
jvazquez-r7 e1f00a83bc Fix Rex because domainname and domain_name were duplicated 2014-09-26 13:40:52 -05:00
jvazquez-r7 5044117a78 Refactor dhclient_bash_env to use the egypt's mixin mods 2014-09-26 13:34:44 -05:00
nullbind ebf4e5452e Added mssql_escalate_dbowner module 2014-09-26 10:29:35 -05:00
jvazquez-r7 a31b4ecad9
Merge branch 'review_3893' into test_land_3893 2014-09-26 08:41:43 -05:00
James Lee 86f85a356d
Add DHCP server module for CVE-2014-6271 2014-09-26 01:24:42 -05:00
HD Moore b878ad2b75 Add a module to exploit bash via DHCP, lands #3891
This module is just a starting point for folks to test their DHCP client implementations and we plan to significantly overhaul this once we get a bit of breathing room.
2014-09-25 23:38:40 -05:00
Ramon de C Valle 9c11d80968 Add dhclient_bash_env.rb (Bash exploit)
This module exploits a code injection in specially crafted environment
variables in Bash, specifically targeting dhclient network configuration
scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
2014-09-26 01:37:00 -03:00
William Vu f66c854ad6
Fix description to be less lulzy 2014-09-25 07:09:08 -05:00
William Vu 9ed28408e1
Favor check_host for a scanner 2014-09-25 07:06:12 -05:00
William Vu 62b74aeaed
Reimplement old check code I was testing before
I would like to credit @wchen-r7 for providing advice and feedback.

@jvazquez-r7, too! :)
2014-09-25 06:38:25 -05:00
William Vu d9120cd586
Fix typo in description
Running on fumes here...
2014-09-25 01:22:08 -05:00
William Vu 790df96396
Fix missed var 2014-09-25 01:19:14 -05:00
William Vu e051cf020d
Add missed mixin 2014-09-25 01:14:58 -05:00
William Vu 27b8580f8d
Add protip to description
This gets you lots of shells.
2014-09-25 01:10:22 -05:00
William Vu b1e9b3664e
Improve false positive check 2014-09-25 01:01:11 -05:00
William Vu 8daf8d4339 Report vuln for apache_mod_cgi_bash_env
Now with fewer false positives! It's kinda like a check method.
2014-09-25 00:42:14 -05:00
William Vu 5a59b7cd89
Fix formatting 2014-09-24 23:12:11 -05:00
William Vu e6f0736797
Add peer 2014-09-24 22:48:51 -05:00
William Vu 8b6519b5b4
Revert shortened reference
But it's so long. :(
2014-09-24 22:43:33 -05:00
William Vu ecb10ebe28
Add variable HTTP method and other stuff 2014-09-24 22:41:01 -05:00
William Vu a600a0655d
Scannerify the module 2014-09-24 18:58:39 -05:00
William Vu abadf65d8d
Clean up title and formatting 2014-09-24 18:42:43 -05:00
William Vu 2562964581
Revert to my original code of using CMD 2014-09-24 18:00:13 -05:00
William Vu 6ae578f80f
Add Stephane Chazelas as an author 2014-09-24 17:14:18 -05:00
William Vu b2555408a4
Rename module
I don't think we're gonna make a supermodule like we had hoped.
2014-09-24 16:55:10 -05:00
William Vu 31e9e97146
Replace unnecessary reference with a better one 2014-09-24 16:52:43 -05:00
William Vu fc04bf9d48
Update description
This is what I had when @todb-r7 beat me to the punch. >:P
2014-09-24 16:22:58 -05:00
Tod Beardsley 2f788c2e0c
Fix description 2014-09-24 16:13:05 -05:00
William Vu ca63fe931d
Add CVE-2014-6271 PoC 2014-09-24 16:02:59 -05:00
Brendan Coles 5f6e84580c Clean up and use Metasploit::Credential 2014-09-24 01:00:23 +00:00
Thomas Ring 81406defed hopefully what you are looking for this time 2014-09-23 11:36:13 -05:00
Jon Hart 259a368577
Land #3841, @jabra-'s modifications to ssdp_amp to support spoofing 2014-09-22 12:28:46 -07:00
Jon Hart fc4c1907d3 Land #3839, @jabra-'s updates to dns_amp to support spoofing 2014-09-22 12:14:39 -07:00
Jon Hart 8f63075da4
Land #3837, @jabra-'s update to chargen scanner to support spoofing 2014-09-22 12:02:01 -07:00
Jon Hart 4e9f1282de
Land #3834, @jabra-'s updates to UDPscanner to support spoofing 2014-09-22 11:49:53 -07:00
sinn3r 2a714a7c4d Fix a typo
Downloading and deleting are two very different things. Thanks Dan.
2014-09-21 18:35:26 -05:00
Josh Abraham b7a0847114 SRC IP spoofing added to the SSDP amplification module 2014-09-20 21:37:01 -04:00
Josh Abraham bb018de3a1 chargen src IP spoofing 2014-09-20 16:08:52 -04:00
Josh Abraham 3fb00ece9e refactored the code based on PR feedback 2014-09-20 14:10:00 -04:00
jvazquez-r7 c00094ba6e
Land #3345, @mvdevnull's auxiliary module for OSVDB 106815, Alienvault sqli 2014-09-19 15:01:21 -05:00
jvazquez-r7 62414e2214 Add Timeout to exploit sqli 2014-09-19 15:00:54 -05:00
jvazquez-r7 db6372ec8b Do minor module cleanup 2014-09-19 14:43:35 -05:00
jvazquez-r7 4a9294e3bf Mark module as not executable 2014-09-19 14:36:44 -05:00
jvazquez-r7 405ac34a16 Fix author name 2014-09-19 13:56:13 -05:00
jvazquez-r7 79d5fb56d4
Land #3829, @jhart-r7's UDP emtpy probe scanner 2014-09-19 13:54:35 -05:00
Jon Hart 737f77d31a
Cleaner output when PORTS is invalid 2014-09-19 11:12:14 -07:00
Jon Hart 3493987300
report_service when we find something this way 2014-09-19 10:45:06 -07:00
Josh Abraham 43171141da update for ntp modules 2014-09-19 11:14:11 -04:00
Jon Hart a54b23642e
Relocate empty UDP scanner 2014-09-18 12:31:52 -07:00
Brendan Coles 6cad5d9aeb Add ManageEngine DeviceExpert User Credentials 2014-09-18 19:18:59 +00:00
Tod Beardsley 5dad73a28f
Explicitly require credential_collection
Otherwise, you run into a require ordering problem on some platforms.
This is not a great way to fix this -- but it's a fast way, and possibly
even a good way, since you're being explicit about what your module
requirements are.
2014-09-17 15:47:30 -05:00
sinn3r 169d04020d
Land #3571 - Add Wordpress XML-RPC Login Scanner (with LoginScanner) 2014-09-16 14:51:24 -05:00
sinn3r 4ed1fa55f5 Don't need this header 2014-09-16 14:50:32 -05:00
Joe Vennix 59dfa624c4
Add a REMOTE_JS datastore option for BeEf hooks etc. 2014-09-16 13:31:03 -05:00
jvazquez-r7 7d4c4c3658
Land #3699, @dmaloney-r7's ipboard login refactor 2014-09-15 08:29:42 -05:00
jvazquez-r7 373861abb0
Land #3526, @jhart-r7's soap_xml scanner cleanup 2014-09-12 13:29:52 -05:00
jvazquez-r7 12f949781a Use double quote for xml strings 2014-09-12 13:18:48 -05:00
jvazquez-r7 67c0ee654b Use Gem::Version 2014-09-12 10:35:12 -05:00
jvazquez-r7 0d054d8354 Update with master changes 2014-09-12 09:52:32 -05:00
Luke Imhoff 706655f755
Land #3779, Glassfish LoginScanner exception
MSP-11343
2014-09-11 15:57:47 -05:00
Tod Beardsley d2f2b142b4
Land #3760, Arris WEP/WPA leak from @dheiland-r7 2014-09-11 15:39:19 -05:00
Tod Beardsley 4fc1ec09c7
Land #3759, Android UXSS, with ref/desc fixes
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)

Also fixes #3782 (opened by accident).
2014-09-11 14:27:51 -05:00
Tod Beardsley fbba4b32e0
Update the title and desc to be more descriptive
See #3759
2014-09-11 14:06:14 -05:00
Tod Beardsley d627ab7628
Add refs for Android UXSS
See #3759
2014-09-11 14:05:50 -05:00
James Lee 8aa06b8605
Better api for check_setup 2014-09-10 23:43:54 -05:00
James Lee c1658e5d51 Add a check_setup method 2014-09-10 20:09:46 -05:00
James Lee 84e4db9035 Don't raise in the middle
MSP-11343

This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
2014-09-10 20:09:33 -05:00
Deral Heiland 872ba6a53b Update arris_dg950 module with required changes
Collapsed several levels of the if/else statement and changed out 2 with
case. Changed print_good to print_line. Removed rescue ::Interrupt and
altered variable names to make them more readable
2014-09-10 19:07:53 -04:00
Jon Hart e317bfe0d5
Add preliminary module for discovering services with empty UDP probes 2014-09-10 10:58:22 -07:00
sinn3r 280e16c241
Land #3677 - Updated shodan_search for new API 2014-09-10 11:39:00 -05:00
sinn3r 006393360e Add conditions to check healthy shodan results 2014-09-10 11:38:06 -05:00
James Lee 257f0fc93e
Quick fix for ssh_login_pubkey
Fixes #3772, closes #3774
2014-09-10 09:57:17 -05:00
us3r777 2ae23bbe99 Remove STAGERNAME option
This option wasn't really required, the stager can be removed as
soon as the WAR is deployed. This commit does the modifications needed
to remove the stager right after the WAR deployment.
2014-09-09 21:44:08 +02:00
Joe Vennix 7793ed4fea
Add some common UXSS scripts. 2014-09-09 02:31:27 -05:00
James Lee b8000517cf
Land #3746, reinstate DB_ALL_CREDS 2014-09-08 17:24:12 -05:00
David Maloney 2ac15f2088
some fixes based on Christruncer's feedback
fixed some stuff i borked, back to you chris
2014-09-08 15:27:01 -05:00
David Maloney cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor 2014-09-08 14:48:37 -05:00
Tod Beardsley 4abee39ab2
Fixup for release
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
David Maloney 09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds 2014-09-08 12:52:25 -05:00
Deral Heiland 9a6ee5090a Add Arris DG950A SNMP data extraction module
This module will extract critical data such as WPA and WEP keys from
the Arris DG950a model cable modem via the SNMP protocal.
2014-09-08 11:04:31 -04:00
sinn3r 0ccb39c057
Land #3726 - Fix typos in wordpress login 2014-09-08 09:40:57 -05:00
Joe Vennix 27889ea411
Add a safety fallback on js load. 2014-09-08 00:46:47 -05:00
Joe Vennix 8407d45c9c
Rework the timers. 2014-09-08 00:40:00 -05:00
Joe Vennix 5c9c8edfcf
Fix refs. 2014-09-07 23:33:45 -05:00
Joe Vennix 5efaf7d4cf
rename module, handle asyncness. 2014-09-07 23:25:08 -05:00
jvazquez-r7 10bb77af9f
Land #3716, @wchen-r7's Glassfish LoginScanner update 2014-09-07 21:54:34 -05:00
Joe Vennix 1bf89fb6bd Add Android <= 4.3 AOSP UXSS module. 2014-09-07 20:44:03 -05:00
jvazquez-r7 c86d01a667 Fix win.ini signature 2014-09-07 01:46:38 -05:00
sinn3r 44b9dc9b28 Update tmlisten_traversal 2014-09-06 01:18:11 -05:00
Chris Hebert abffdd8705 Update alienvault_newpolicyform_sqli.rb
cleaned up according to msftidy.rb suggestions

modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
2014-09-04 21:46:37 -04:00
Chris Hebert 664cc131e3 Update alienvault_newpolicyform_sqli.rb
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
2014-09-04 21:34:24 -04:00
sinn3r 08ce278cca Got these wrong 2014-09-04 17:05:51 -05:00
sinn3r cb490fc00e [SeeRM #8836] Change boot.ini to win.ini 2014-09-04 17:03:21 -05:00
jvazquez-r7 d83131f1d9
Land #3750, @wvu favoring unless 2014-09-04 16:17:07 -05:00
jvazquez-r7 ff210a7c0a delete parenthesis 2014-09-04 16:16:29 -05:00
jvazquez-r7 c32b977a27
Land #3747, @wvu changes to printer_ready_message 2014-09-04 15:26:52 -05:00
William Vu 2d8c7a7a4d
Refactor if statement to early return
This eliminates the protracted if statement and aligns the code body.
2014-09-04 15:05:30 -05:00
HD Moore 34455b5dc6 Fix missing require for jtr_oracle_fast 2014-09-04 14:38:07 -05:00
William Vu 50ac8366fd
Refactor CHANGE/RESET to actions
Missed in c1fdc4d945.
2014-09-04 14:36:04 -05:00
sinn3r 0dcf481d76 This one is good to go 2014-09-04 14:13:33 -05:00
William Vu 84f9ec0aad
Refactor implicit options hash
Missed in c1fdc4d945.
2014-09-04 13:30:06 -05:00
David Maloney 00ec47fb83
call new prepend cred methods
add method calls o all the lgoinscanner modules
so that they call the prepend_db_* methods as approrpiate
these methods automatically check to see if DB_ALL_CREDS was
selected
2014-09-04 12:32:35 -05:00
David Maloney c5755824a6
pass in vhost and useragent
have http loginscanner modules pass in VHOST
and Useragent to the LoginScanner classes
2014-09-04 11:02:19 -05:00
sinn3r dd4fd7bb39 The reporting part 2014-09-03 16:32:23 -05:00
sinn3r e1694ec3e5 LoginScanner update for hp_sys_mgmt_login
Work in progress
2014-09-03 16:23:57 -05:00
jvazquez-r7 185ce36859
Land #3701, @wchen-ru's AppleTV modules 2014-09-03 12:30:50 -05:00
jvazquez-r7 10dee28fbd Add http socket to the module sockets and allow the framework to cleanup 2014-09-03 12:01:48 -05:00
sinn3r 5acbcc80e2 no threading 2014-09-03 11:37:30 -05:00
John Sawyer 3281781f6a Addressed r7 comments, fixed bug in results loop 2014-09-01 13:43:31 -04:00
Matthew Kienow 7dd73084bb
Added WiFi ifindex discovery and enhanced error handling 2014-09-01 00:49:10 -04:00
Matthew Kienow cf0f00a376 Variable name changes per ruby style guide 2014-08-31 23:57:20 -04:00
Matthew Kienow 0735de0fd4 Changes to error output per PR comments 2014-08-31 23:57:20 -04:00
Matthew Kienow 0a01da1ca9 Changed default value for SNMP Version option 2014-08-31 23:57:20 -04:00
Matthew Kienow e6126fde72 Modified to pull username and password first 2014-08-31 23:57:19 -04:00
Matthew Kienow 5153886077 Added disclosure URL and cleaned up output fields 2014-08-31 23:57:19 -04:00
inokii 4ef369112f Cleanup per msftidy report of Spaces at EOL 2014-08-31 23:57:19 -04:00
inokii e37d56766f Corrected extraction of WEP keys, current key, RADIUS server and port 2014-08-31 23:57:19 -04:00
inokii f1cd601401 Modified logic to attempt to process WiFi key data even if primary Wifi interface is not up 2014-08-31 23:57:19 -04:00
inokii e5111f7634 Simplified get_radius_info method and cleaned up comments 2014-08-31 23:57:19 -04:00
inokii c556a6e331 Fixed syntax issue 2014-08-31 23:57:19 -04:00
inokii 81047e911a Corrected OIDs to all numeric 2014-08-31 23:57:19 -04:00
inokii b253e444cb Initial commit of SBG6580 scanner after cleanup 2014-08-31 23:57:18 -04:00
DrDinosaur 8ba5488198 Update wordpress_login_enum.rb
Fixed some typos.
2014-08-30 13:37:48 -10:00
David Maloney a142e78a66
refactor wordpress_xml_rpc_login
refactor the login module to use the loginscanner class
2014-08-29 13:09:09 -05:00
David Maloney 0e14b271a1
Merge branch 'master' into wordpress-xmlrpc-login-scanner 2014-08-29 12:50:34 -05:00
Thomas Ring fbae68870c cleanup one stray comment 2014-08-29 10:57:51 -05:00
Thomas Ring 4c93cbc62c changes based on feedback, added timeout error message 2014-08-29 10:57:20 -05:00
sinn3r f7091d854e Add a timeout 2014-08-28 22:26:38 -05:00
jvazquez-r7 40f581458a
Land #3570, @ikkini scanner for rsync 2014-08-28 18:48:32 -05:00
jvazquez-r7 9fb9ab813c Add URL reference 2014-08-28 18:47:56 -05:00
jvazquez-r7 bc542a011d Change module filename 2014-08-28 18:42:30 -05:00
jvazquez-r7 213fe23970 Clean rsync_modules_list 2014-08-28 18:40:55 -05:00
sinn3r f097ef96e0 Use && 2014-08-28 12:13:03 -05:00
sinn3r d0d9949d91 Do SSL options correctly 2014-08-28 12:04:14 -05:00
Matt Andreko 784ece574e Found additional typos. 2014-08-28 09:03:19 -05:00
Matt Andreko cb634cfef3 Fixed annoying typo that shows up in validation screenshots 2014-08-28 08:50:30 -05:00
sinn3r 0ba2f1e457 Leave a note about the old empty password issue 2014-08-27 17:06:11 -05:00
sinn3r d5b70cca24 "Auth bypass" does not really describe what the feature actually does 2014-08-27 16:56:07 -05:00
sinn3r a32ffc4c26 Add the final portion for Glassfish login module 2014-08-27 15:09:11 -05:00
Thomas Ring 67efa76fc4 changes based on feedback 2014-08-27 09:08:18 -05:00
sinn3r 5d8cbe0544 Early version of Glassfish using LoginScanner 2014-08-27 01:23:02 -05:00
HD Moore fde2687c9e Store edition,version,build in the fingerprint.match 2014-08-26 18:44:08 -05:00
Tom Sellers d5e39ae284 Adjustments for new LoginScanner code 2014-08-26 18:13:00 -05:00
HD Moore ba1f7c3bf6 Land #3687, reworks the nat-pmp portscanner 2014-08-26 14:34:46 -05:00
HD Moore ed9bb3e52c Fix a small typo 2014-08-26 14:34:10 -05:00
Jon Hart 775ebce56b
Correct natpmp_portscan's print_* usage to include peer 2014-08-26 12:27:12 -07:00
HD Moore 4e19d9ade1 Land #3545, fix up sip scanners, msftidy, db services cmd 2014-08-26 14:07:21 -05:00
Jon Hart 5826d7b164
vprint_status when no external address obtained, print_ is too noisy 2014-08-26 12:05:40 -07:00
Jon Hart e75e213b52
Clarify SIP mixin method name, store header values as string, etc 2014-08-26 11:40:49 -07:00
Jon Hart 246f021437 Update natpmp_external_address to use Msf::Auxiliary::UDPScanner 2014-08-26 10:49:53 -07:00
Jon Hart 5c57f9b4eb Don't overload RPORT/LPORT for mapping external -> internal ports 2014-08-26 10:49:53 -07:00
Jon Hart 162508f532 Update NAT-PMP modules to use new/updated mixins 2014-08-26 10:49:53 -07:00
Jon Hart 816404bb88 Move common NAT-PMP functionality into a central place 2014-08-26 10:49:53 -07:00
Jon Hart ca11eae3a9 Show a useful failure message when the external address probe fails 2014-08-26 10:49:52 -07:00
Jon Hart bb00c97f46
Add a CERT reference 2014-08-26 08:29:28 -07:00
Jon Hart 40fe2fd3a9
Remove DRDoS references, as this just proves amplification 2014-08-26 08:23:50 -07:00
Jon Hart 10f52d8765
Use MX of 1 to speed up responses from endpoints that respect it 2014-08-26 08:00:30 -07:00
Jon Hart 333c3a90ae
Space between SSDP headers and values, which is sometimes required 2014-08-26 07:57:59 -07:00
Jon Hart 337cd02dd7
Change Auxiliary::DRDoS' prove_drdos to prove_amplification 2014-08-26 07:48:44 -07:00
Jon Hart 04fbd07a16
vprint_error in the unlikely event we get an unexpected response 2014-08-26 07:30:14 -07:00
Jon Hart 79b05db409
Correct minor style issues 2014-08-26 07:26:30 -07:00
xistence 63b75a0093 SSDP Amplification module changes 2014-08-26 16:03:32 +07:00
xistence a90d142140 Add UPnP SSDP Amplication Scanner 2014-08-26 12:53:14 +07:00
HD Moore 73e4ec709f Fix smb_port and require 'recog' when no DB/MDM 2014-08-25 15:42:18 -05:00
sinn3r 463815d240 Add AppleTV modules (imge, video and login) 2014-08-25 15:24:41 -05:00
Jon Hart 6a522cc105 Remove unused BATCHSIZE from SIP options_tcp, duplicate from options 2014-08-25 13:12:29 -07:00
Jon Hart bfa89bb3a5 Enforce binary encoding on non-modules, no encoding on modules 2014-08-25 13:12:29 -07:00
Jon Hart 6185721a61 Address @hmoore-r7's feedback regarding binary encoding 2014-08-25 13:11:22 -07:00
Jon Hart 9955cb5b27 Enforce proper protocol case where necessary 2014-08-25 13:11:22 -07:00
Jon Hart 637f86f37d Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner 2014-08-25 13:11:21 -07:00
Jon Hart c2e70446ed Move SIP module stuff to Msf::Exploit::Remote::SIP 2014-08-25 13:11:21 -07:00
Jon Hart 02e41c27e7 Split SIP response parsing out on its own, add unit tests.
Passes rspec but fails in framework. WIP.
2014-08-25 13:11:20 -07:00
Jon Hart d4ea3e9f29 Pass protocol down to parse_reply for report_* purposes 2014-08-25 13:09:39 -07:00
Jon Hart a2e2e37a69 Fix SIP options scanning 2014-08-25 13:09:39 -07:00
Thomas Ring e23acf8d82 fix for oracle_login not checking connection status and stopping on timeout 2014-08-25 14:57:45 -05:00
Jon Hart 2a4d73ee35 Add status message that displays delay between requests 2014-08-25 12:55:27 -07:00
Jon Hart 5c61c09c6b auxiliary/scanner/http/soap_xml cleanup
This:

* Corrects Ruby style (most) everywhere
* Uses Rex's sleep, converts to milliseconds -- seconds are too granular
* Moves begin/rescue inside nested verb+noun loop
* Prints errors even if not in verbose mode
* Corrects URI construction when PATH ends with /
2014-08-25 12:55:27 -07:00
David Maloney 152ddb2f32
refactor the ipboard-login module
now that we have the loginScanner class, we simplify the module
by using the scanner and credcollection classes to handle all
the real work for us
2014-08-25 14:32:47 -05:00
Tod Beardsley 6d9833e32b
Minor pre-release updates with descriptions 2014-08-25 13:34:45 -05:00
Tod Beardsley 03a1f4455d
No need to escape single quotes in %q{} strigns 2014-08-25 13:03:33 -05:00
Tod Beardsley 2f87c880df
Add link to blog post for NTP modules 2014-08-25 12:58:10 -05:00
Tod Beardsley c3213a73e5
Use peer when writing scanner modules
This fixes the module seen in PR rapid7#3684 to use the peer method at
the beginning of print_* messages, rather than the vhost method at the
end. Doing this tends to make reading the output much easier since it's
more consistent.

Incidentally, this module has an msftidy complaint:

````
--- Checking new and changed module syntax with tools/msftidy.rb ---
modules/auxiliary/scanner/http/ipboard_login.rb - [INFO] Please use
vars_get in send_request_cgi: send_request_cgi({ 'uri' =>
normalize_uri(target_uri.path,
"index.php?app=core&module=global&section=login&do=process"
````

This should be fixed as well, or explained why it's not being honored.
2014-08-25 12:48:32 -05:00
William Vu 1ee83ff57e
Land #3696, pile of NTP DRDoS 0days
Dr. DoS in da house?
2014-08-25 11:47:28 -05:00
William Vu 7a76efa7f7
Add reference and disclosure date 2014-08-25 11:46:47 -05:00
OJ a39f7b94ec
Land #3684 - IP Board Login Scanner 2014-08-25 11:54:42 +10:00
Christopher Truncer 302e4025ba Removed unnecessary function 2014-08-24 20:45:28 -04:00
Christopher Truncer 2b59063d6c Updated based on feedback 2014-08-24 19:53:29 -04:00
John Sawyer 0a27a18104 Committing changes from r7 comments 2014-08-23 00:08:27 -04:00
Christopher Truncer 84f4fa5c76 Updated module based on feedback 2014-08-22 21:16:53 -04:00
jvazquez-r7 0737d0dbd5 Refactor auxiliary module 2014-08-22 17:05:45 -05:00
jvazquez-r7 9ef09a7725 Pass msftidy 2014-08-22 13:24:59 -05:00
jvazquez-r7 38e6576990 Update 2014-08-22 13:22:57 -05:00
Joe Vennix 95fbb8f1b7
Land PR #3672, dmaloney-r7's login scanner credential rework. 2014-08-22 11:15:32 -05:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging"
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
2014-08-22 10:17:44 -05:00
Christopher Truncer 3918acb1e1 Changed keyword used when returning 2014-08-21 12:34:54 -04:00
Christopher Truncer a0b72bba93 Updated module based on feedback 2014-08-21 12:26:41 -04:00
Christopher Truncer 383906c26c Removed function no longer used 2014-08-20 22:51:01 -04:00
Christopher Truncer c93bfb4673 Fixed targeturi value 2014-08-20 21:23:45 -04:00
Christopher Truncer 7f90b81711 IP Board Login Scanner Module 2014-08-20 21:18:19 -04:00
Jon Hart 9f9f28cc31
If a peer is 127.0.0.1, don't try to store it because we (currently...) can't 2014-08-20 15:48:54 -07:00
Jon Hart 9db3dc7ad8
Store peer data note in the same format as originally 2014-08-20 15:10:45 -07:00
Jon Hart 758c3fa518
Only discard monlist replies that are impossibly short
This fixes the case where if a monlist reply only includes one peer
2014-08-20 15:02:21 -07:00
Jon Hart 7ad9300d37
Update ntp_monlist to use UDPScanner, NTP and DRDoS mixins 2014-08-20 14:41:00 -07:00
Jon Hart 8fd4ee87ab
Allow singular NTP version and mode 7 implementation testing 2014-08-20 12:21:39 -07:00
John Sawyer 1959f7a235 Updated shodan_search for new API 2014-08-20 00:48:13 -04:00
Tom Sellers 74920d26a4 Update to server/capture/imap.rb for new Credential system 2014-08-19 15:25:31 -05:00
Tom Sellers 3fdad4dc91
Update auxillary/scanner/ftp with Credential Gem 2014-08-19 13:13:05 -05:00
David Maloney 473b92a060
Merge branch 'master' into feature/MSP-10992/scanner-dry
Conflicts:
	Gemfile.lock
	lib/metasploit/framework/command/console.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/credential.rb
	lib/metasploit/framework/credential_collection.rb
	lib/metasploit/framework/login_scanner/afp.rb
	lib/metasploit/framework/login_scanner/axis2.rb
	lib/metasploit/framework/login_scanner/db2.rb
	lib/metasploit/framework/login_scanner/ftp.rb
	lib/metasploit/framework/login_scanner/http.rb
	lib/metasploit/framework/login_scanner/mssql.rb
	lib/metasploit/framework/login_scanner/mysql.rb
	lib/metasploit/framework/login_scanner/pop3.rb
	lib/metasploit/framework/login_scanner/postgres.rb
	lib/metasploit/framework/login_scanner/result.rb
	lib/metasploit/framework/login_scanner/smb.rb
	lib/metasploit/framework/login_scanner/snmp.rb
	lib/metasploit/framework/login_scanner/ssh.rb
	lib/metasploit/framework/login_scanner/telnet.rb
	lib/metasploit/framework/login_scanner/vnc.rb
	lib/metasploit/framework/parsed_options/console.rb
	lib/metasploit/framework/require.rb
	lib/metasploit/framework/version.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/afp/afp_login.rb
	modules/auxiliary/scanner/db2/db2_auth.rb
	modules/auxiliary/scanner/ftp/ftp_login.rb
	modules/auxiliary/scanner/http/axis_login.rb
	modules/auxiliary/scanner/http/http_login.rb
	modules/auxiliary/scanner/http/tomcat_mgr_login.rb
	modules/auxiliary/scanner/mssql/mssql_login.rb
	modules/auxiliary/scanner/mysql/mysql_login.rb
	modules/auxiliary/scanner/pop3/pop3_login.rb
	modules/auxiliary/scanner/postgres/postgres_login.rb
	modules/auxiliary/scanner/snmp/snmp_login.rb
	modules/auxiliary/scanner/ssh/ssh_login.rb
	modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
	modules/auxiliary/scanner/telnet/telnet_login.rb
	modules/auxiliary/scanner/vnc/vnc_login.rb
	modules/auxiliary/scanner/winrm/winrm_login.rb
	spec/lib/metasploit/framework/credential_spec.rb
	spec/lib/msf/core/framework_spec.rb
2014-08-19 10:30:16 -05:00
sinn3r 7330e3585f Support Glassfish 4.0 and lots of other changes 2014-08-18 19:03:26 -05:00
James Lee f169b8dff3
Fix hashes being stored as passwords 2014-08-18 15:52:13 -05:00
Tod Beardsley cad281494f
Minor caps, grammar, desc fixes 2014-08-18 13:35:34 -05:00
joev 5bfbb7654e
Add android meterpreter to browser autopwn. 2014-08-18 11:09:16 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00