christopher lee
964be3b5f0
Fix problem with stale module cache
2018-02-28 08:41:14 -06:00
xistence
ff6c601517
Merge pull request #1 from jhart-r7/pr/fixup-9643
...
Use drdos mixin for memcached amp module
2018-02-28 14:15:26 +07:00
Jon Hart
9e1a7c869c
Use drdos mixin for memcached amp module
2018-02-27 22:51:27 -08:00
xistence
05c99ffb5c
Add Memcached amplification scanner
2018-02-28 11:24:17 +07:00
UserExistsError
35b66d0e60
added payload tests
2018-02-27 19:24:51 -07:00
h00die
dfcbbfea83
Land #9641 spelling fix for wmap rc
2018-02-27 20:29:05 -05:00
Biswajit Roy
a25ce0f259
Fixed Typos
...
Simply removed some typing mistakes.
2018-02-28 03:37:14 +05:30
Brent Cook
9597e5294d
treat MUST_CHANGE + PASSWORD_EXPIRED as valid
2018-02-27 15:21:21 -06:00
Brent Cook
325ad7256e
if multi/handler is disabled, exit
2018-02-27 04:30:09 -06:00
Jon Hart
f09c5eafc7
Appease hound
2018-02-27 04:12:58 -06:00
Jon Hart
46299dff00
The DRDOS mixin operates on strings, so make the bindata'd NTP classes cooperate
2018-02-27 04:12:57 -06:00
Jon Hart
d7853aaf60
Revert "update NTP drdos lib to use correct method on bindata objects"
...
This reverts commit 166070e9c37a4130f976f806116881c70a8401c6.
2018-02-27 04:12:57 -06:00
Brent Cook
bcf5918fb6
update NTP drdos lib to use correct method on bindata objects
2018-02-27 04:12:57 -06:00
Brent Cook
66e3ac4c76
treat 'password must change' as a successful login
2018-02-26 17:57:31 -06:00
William Vu
0e4fc48df4
Fix #9602 , a little defensive programming
...
Check for a nil message and unnecessary auth failures while looping.
2018-02-26 16:52:25 -06:00
James Barnett
847b9ba0d0
Add option to delay between runthroughs
2018-02-26 16:27:03 -06:00
Brent Cook
95a019675f
Land #9629 , decouple hosts and targets for tests
2018-02-26 12:19:03 -06:00
Jeffrey Martin
bb0d5ba8da
decouple hosts and targets for tests
2018-02-25 17:10:22 -06:00
Wei Chen
55a045eb76
Land #9623 , Support Win 2008/7+ for enum_ms_product_keys
...
Land #9623
2018-02-25 14:56:39 -06:00
Rob Fuller
0c82b0a922
Support Windows 2008/7 and above
...
Probably about time that we supported versions less than 10 years old :)
2018-02-24 16:06:55 -05:00
h00die
023bf79097
Land #9310 docs for many aux scanners
2018-02-24 14:32:33 -05:00
h00die
c56d7967e7
finished cleanup
2018-02-24 14:31:52 -05:00
h00die
15a29a1994
finished up comments
2018-02-24 13:39:14 -05:00
James Barnett
133b34827f
Fix false+ login in a few more places
2018-02-23 13:16:41 -06:00
James Barnett
1c9c1dc1fc
Add password spray option to brute force
2018-02-23 12:30:11 -06:00
Brent Cook
2e568aa660
Land #9607 , upgrade osx shells to osx meterpreter
2018-02-23 11:11:44 -06:00
Brent Cook
4365bd3af5
bump rex-exploitation
2018-02-23 11:10:49 -06:00
Brent Cook
cd728defed
Merge branch 'master' into land-9607-
2018-02-23 11:09:20 -06:00
h00die
c7bbc6eca4
juniper post enum module
2018-02-22 21:08:21 -05:00
UserExistsError
e19a071910
add bind_named_pipe x86
2018-02-22 19:03:37 -07:00
William Vu
7663e5c1f6
Land #9601 , ms17_010_eternalblue reliability fixes
2018-02-22 15:30:45 -06:00
James Barnett
9cad71f003
Merge branch 'master' into owa_login_improvements
2018-02-22 15:02:52 -06:00
James Barnett
5815b626d9
Dont save email addresses as valid
...
Also add module doc for owa_login module
2018-02-22 14:58:11 -06:00
Brent Cook
65b0d9555f
Land #9611 , Fix bug causing all OWA logins to appear valid
2018-02-22 11:55:36 -06:00
James Barnett
e531dbc976
Fix bug causing all logins to appear valid
...
The headers we were looking for were a little too loose
and were incorrectly identifying all responses as successful
login attempts
2018-02-22 11:25:35 -06:00
dmohanty-r7
0f0270b144
Land #9610 , lock ruby_smb to '0.0.18'
2018-02-22 11:03:40 -06:00
Brent Cook
d737f77b84
bump gems, lock ruby_smb for now
2018-02-22 10:45:49 -06:00
bwatters-r7
4b8a8fa2b1
Land #9441 , Create exploit for AsusWRT LAN RCE
...
Merge branch 'land-9441' into upstream-master
2018-02-22 10:40:45 -06:00
Jacob Robles
738d6ab33a
Land #9604 , Fix logged errors when running without Python 3.6 / gmpy2
2018-02-22 08:11:30 -06:00
Brent Cook
99e278fa29
Land #9584 , Fix reverse_php_ssl infinite loop
2018-02-22 07:03:52 -06:00
Brent Cook
855fbc1689
Land #9602 , Create sessions with the Fortinet SSH backdoor scanner
2018-02-22 06:04:18 -06:00
Tim W
bfec2e8293
add more cmd_exec tests
2018-02-22 17:14:56 +08:00
Trevor Sibanda
77b3673e38
Fix reverse_php_ssl infinite loop
2018-02-22 08:42:54 +00:00
Tim W
78309f30cd
add test for cmd_exec
2018-02-22 16:41:37 +08:00
Brent Cook
7e665ab287
check for extra libraries explicitly, fail gracefully
2018-02-21 21:54:58 -06:00
Brent Cook
3f88e59516
handle Python 3.5/3.6 differences so we always have a UTF-8 string
2018-02-21 21:54:27 -06:00
William Vu
a9d6845f25
Add module doc
2018-02-21 21:50:08 -06:00
William Vu
3880f6a65e
Finally fix "Unknown admin user ''" after 2yrs
...
The failed password auth was necessary after all. I misread the PoC. :'(
Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
2018-02-21 20:44:35 -06:00
William Vu
cc2495dd9c
Explain fortinet-backdoor -> FortinetBackdoor
2018-02-21 17:05:30 -06:00
William Vu
a5d78b82d4
Add require for Net::SSH::CommandStream
2018-02-21 15:51:53 -06:00