Commit Graph

24378 Commits (bb4e9e2d4d8a4bba6bfb34171dbdc4ed64d5681c)

Author SHA1 Message Date
Tod Beardsley af19efbd71
Use the new bcrypt gem, not bcrypt-ruby
See the change upstream at:

273946f2ba

Reported by @ZeroChaos
2014-04-18 15:02:42 -05:00
kenkeiras b8e0187647 Use OptPath for file path options 2014-04-18 21:56:17 +02:00
kenkeiras fb0af8a799 Remove unnecesary ssh_socket variable 2014-04-18 21:50:54 +02:00
kenkeiras c875bdadf5 Change THRESHOLD into a datastore option 2014-04-18 21:18:48 +02:00
kenkeiras 8a3329c891 Password made pseudo-random instead of a bunnch of A's 2014-04-18 21:10:34 +02:00
kenkeiras 47ff820a83 Remove unnecesary 'RHOST' deregister 2014-04-18 21:06:46 +02:00
kenkeiras cc2d4f9ed7 Remove unnecesary @good_credentials 2014-04-18 21:03:22 +02:00
JoseMi feea4c1fa6 ROP chain changed 2014-04-18 19:05:53 +01:00
William Vu 7d801e3acc
Land #3200, goodbye LORCON modules :( 2014-04-18 12:32:22 -05:00
sinn3r 32293dfdab
Land #3277 - Be very clear about Redmine's existence 2014-04-18 10:31:16 -05:00
Tod Beardsley fe86886c29
Be very clear about Redmine's existence. 2014-04-18 10:01:54 -05:00
jvazquez-r7 c4d4af031c
Land #3276, @todb-r7's "make msftidy happy"'s fix 2014-04-18 09:54:52 -05:00
jvazquez-r7 5083143971
Land #3238, @Zinterax's timeout addition in openssl_heartbleed 2014-04-18 09:28:04 -05:00
Tod Beardsley 2a729c84f6
Fix disclosure date 2014-04-18 09:27:41 -05:00
jvazquez-r7 8a011ec9f6
Land #3197, @0x3fcoma's module for CVE-2013-5795 and CVE-2013-5880 2014-04-18 08:58:54 -05:00
jvazquez-r7 f3299e3ced Do minor code cleanup 2014-04-18 08:58:11 -05:00
Zinterax c68b7aa18f Merge pull request #1 from jvazquez-r7/review_3238
Clean timeout handling code
2014-04-18 09:50:33 -04:00
jvazquez-r7 2366f77226 Clean timeout handling code 2014-04-18 08:16:28 -05:00
Zinterax e38f4cbfa0 Apply response_timeout to get_once, code cleanup
Add response_timeout to get_once

Change timeout output in establish_connect()

Add disconnect ater timeout output

Made establish_connect timeout check more readable
2014-04-18 07:57:33 -04:00
Zinterax fab091ca88 Fix Action => DUMP
Fix for when Action is set to DUMP. Modifed the check to use action.name.

Console output:

msf auxiliary(openssl_heartbleed) > set action DUMP
action => DUMP
msf auxiliary(openssl_heartbleed) > run

[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Heartbeat data stored in /root/.msf4/loot/20140418070745_default_192.168.1.3_openssl.heartble_135938.bin
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:08:12 -04:00
Zinterax 1cf1616341 Rebase. Add timeout option support
Rebase to account for the KEYS merge.

Modify bleed() to work with timeout option.

Modify establish_connect() to work with timeout option.

Modify loot_and_report() to work with timeout option.

---Test Console Output---

Client Hello Timeout:

msf auxiliary(openssl_heartbleed) > run

[*] 127.0.0.1:443 - Sending Client Hello...
[-] 127.0.0.1:443 - No Client Hello response after 10 seconds...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Patched Apache:

msf auxiliary(openssl_heartbleed) > run

[*] 127.0.0.1:443 - Sending Client Hello...
[*] 127.0.0.1:443 - Sending Heartbeat...
[-] 127.0.0.1:443 - No Heartbeat response...
[-] 127.0.0.1:443 - Looks like there isn't leaked information...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Vulnerable Server:

msf auxiliary(openssl_heartbleed) > run

[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:04:05 -04:00
Zinterax 021ac53911 remove me 2014-04-18 07:03:36 -04:00
Christian Mehlmauer bbed9f4c66
Land #3274, @jjarmoc heartbleed private key extraction 2014-04-18 06:59:10 +02:00
jvazquez-r7 b0e4648d66
Land #2895, @dukebarman's exploit for Flash CVE-2013-0634 2014-04-17 23:35:05 -05:00
jvazquez-r7 acb12a8bef Beautify and fix both ruby an AS 2014-04-17 23:32:29 -05:00
Jeff Jarmoc 94618455b7 Merge pull request #1 from todb-r7/land-3274-rsa-keydump
Deconflict after #3252
2014-04-17 18:53:42 -05:00
Tod Beardsley 845108acf6
Looks like an autocorrect ran wild on TLS_CALLBACK
Whoops.
2014-04-17 17:47:47 -05:00
Tod Beardsley 2aa2cb17f3
Reimplement a check. 2014-04-17 17:10:54 -05:00
Tod Beardsley d40ab039e4
Clean up whitespace. Protip: use commit hooks 2014-04-17 16:28:07 -05:00
Tod Beardsley c34d548e50
First, undo #3252. Sorry about that.
undo #3252 completely. This means a reimplementation of @dchan's work,
but his intent was simply to implement a check_host() that doesn't
actually pull memory, so that should be pretty straight forward with the
new structure of the module.
2014-04-17 16:25:15 -05:00
Jeff Jarmoc e3daf6daf7 Singular 'TLS_CALLBACK' option 2014-04-17 15:51:37 -05:00
Jeff Jarmoc 6c832e22d6 rename scan to loot_and_report 2014-04-17 15:47:57 -05:00
Jeff Jarmoc c12eae66b3 Error and return if public key wasn't retrieved. 2014-04-17 15:44:40 -05:00
Jeff Jarmoc 578002e016 KEYS action gets it's own function 2014-04-17 15:39:05 -05:00
Tod Beardsley 5b0b5d9476
Land #3252, check() functionality for Heartbleed 2014-04-17 15:34:35 -05:00
Tod Beardsley a2d6c58374
Changing << to + per @jlee-r7 2014-04-17 15:34:13 -05:00
jvazquez-r7 91d9f9ea7f Update from master 2014-04-17 15:32:49 -05:00
jvazquez-r7 749e141fc8 Do first clean up 2014-04-17 15:31:56 -05:00
Jeff Jarmoc 9f30976b83 Heartbleed RSA Keydump
Flattened, merge conflicts resolved, etc.
2014-04-17 14:30:47 -05:00
Christian Mehlmauer 71a650fe6e
Land #3259, XMPP Hostname autodetect by @TomSellers 2014-04-17 08:54:15 +02:00
Tom Sellers 1f452aab48 Code cleanup
Changes requested by wvu-R7
2014-04-17 12:46:25 -05:00
Tom Sellers 9e2285619e Additional cleanup
Whitespace cleanup
2014-04-17 10:46:33 -05:00
Tom Sellers ee0d30a1f3 Whitespace fix
Removing extra line feeds
2014-04-16 17:27:39 -05:00
Tom Sellers 92eab6c54b Attribution addition
Per comment from Firefart
2014-04-16 17:26:09 -05:00
Samuel Huckins 2ed7a739c3
New reports in new exports can now import
MSP-9783

* Extracted import_report from monstrous import_msf_collateral;
simplified and clarified approach
* Updated report_report: includes all attrs provided vs subset, provides
more helpful error message
* Added report_artifact: adds child artifact for reports, handles
various troublesome cases
* Tested on all report types with a legion of option variants
2014-04-16 15:15:47 -05:00
Tom Sellers 1f3ec46b8a Heartbleed - Add autodetection of XMPP hostname (round 2)
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.

This version addresses issues that FireFart (Thanks!) brought up about code quality and connection reliability.
2014-04-16 08:49:45 -05:00
sinn3r 54346f3f92
Land #3265 - Windows Post Manage Change Password 2014-04-15 18:45:48 -05:00
sinn3r d7a63003a3
Land #3266 - MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free 2014-04-15 18:35:18 -05:00
sinn3r 23c2a071cd Small name change 2014-04-15 18:35:00 -05:00
sinn3r 7a4e12976c
First little bit at Bug 8498
[FixRM #8489] rhost/rport modification
2014-04-15 18:20:16 -05:00