3c7fc49788
Added module auxiliary/admin/cisco/cisco_asa_extrabacon
...
This module patches the authentication functions of a Cisco ASA
to allow uncredentialed logins. Uses improved shellcode for payload.
2016-09-22 18:06:03 +00:00
3f5ed75198
Relocate Rex::Platform:Windows content (fixes MS-1714)
2016-09-19 14:34:44 -05:00
e4e6f5daac
Fix indentation
2016-09-13 23:15:37 -05:00
d73531c0d3
added disclosure dates
2016-09-13 20:37:04 -04:00
4d49f7140c
update links and CVE on webnms_file_download
2016-09-13 18:50:53 +01:00
8b90df8b67
update links and CVE on webnms_cred_disclosure
2016-09-13 18:49:58 +01:00
226ded8d7e
Land #6921 , Support basic and form auth at the same time
2016-08-25 16:31:26 -05:00
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
de16a6d536
Land #7182 , Nuuo / Netgear Surveillance admin password reset module
2016-08-08 16:10:30 -05:00
7ca7682d17
Fix whitespace error from msftidy
2016-08-08 17:57:03 +01:00
106f26587e
Add bugtraq reference
2016-08-05 21:52:46 +01:00
036d0502db
Add github link
2016-08-04 17:38:45 +01:00
ec67db03f1
add exploit for CVE 2016-5676
2016-08-04 16:56:16 +01:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
9862a2fc25
Land #7080 , Updated docs and made enhancements for Netgear soap password extractor
2016-07-13 14:30:46 -07:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
963437d5e7
Land #7063 , Add module for WebNMS 5.2 Arbitrary File Download
2016-07-11 10:05:21 -07:00
c2a5da08af
Land #7064 , Add moule to steal creds from WebNMS 5.2
2016-07-11 06:38:50 -07:00
fdce5bc30c
add disclosure date
2016-07-09 09:30:00 -04:00
bbe4162320
Added error checking and some suggested style changes
2016-07-08 08:27:56 -07:00
09dcd1dade
Added version check and error handling, changed regex to ruby syntax.
...
Also made a few syntax changes to placate rubocop.
2016-07-07 10:35:18 -07:00
892f354ece
give me some credit
2016-07-06 21:39:45 -04:00
47cf6d5edf
better docs, extract more data
2016-07-06 21:28:57 -04:00
54dfcee665
Land #7055 , add netgear_soap_password_extractor docs
2016-07-04 23:59:10 -05:00
ec4769fade
Create exploit for WebNMS credential disclosure
2016-07-04 21:15:15 +01:00
05ef5316df
Create exploit for WebNMS arbitrary file download
2016-07-04 21:10:14 +01:00
844c13dc17
added new vuln device to netgear list, plus docs
2016-07-01 18:32:30 -04:00
4e63591ce8
Use the proper Author key, not Authors
2016-06-28 15:21:19 -05:00
9f280d714e
Land #6994 , NetBIOS Name Brute Force Spoofing modules
2016-06-23 17:54:51 -05:00
a84614f2c0
Whitespace only
2016-06-19 18:44:32 -05:00
ce7c6496dd
Rework to clarify that this a brute force spoof, unrelated to BadTunnel
2016-06-19 13:36:39 -05:00
6507e520c7
Cleanups, addition of a 'direct' module
2016-06-18 15:37:54 -05:00
ba40d0e06f
handle the lpath not being specified
2016-06-09 16:22:47 -05:00
52bcade72c
Fix #6948 , Modules using the SMB client are printing peer twice
...
Fix #6948
2016-06-08 12:16:50 -05:00
2afcda9d49
Did some more rubocopy work and
...
added module documentation
2016-05-28 15:32:18 +02:00
14adcce8bf
Missed the HTTPUSERNAME fix
2016-05-27 18:37:04 -05:00
61f9cc360b
Correct casing - should be HttpUsername and HttpPassword
2016-05-27 18:31:54 -05:00
4dcddb2399
Fix #4885 , Support basic and form auth at the same time
...
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.
Fix #4885
2016-05-27 16:25:42 -05:00
266d29ca4a
handle garbage better during probe
2016-05-23 22:28:31 -05:00
a6020ca010
style fixes
2016-05-23 22:14:57 -05:00
36a9ef83ab
Added phoenix_command.rb
2016-05-17 15:45:45 +02:00
2edd6869fc
rm references key
2016-04-24 03:09:59 -05:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
c21bad78e8
Fix some more String defaults
2016-03-16 14:13:18 -05:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
2016-03-07 13:19:55 -06:00
44990e9721
Revert "change Metasploit4 class names"
...
This reverts commit 3da9535e22
2016-03-07 13:19:48 -06:00
3da9535e22
change Metasploit4 class names
2016-03-07 09:57:22 +01:00
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
c7c0e12bb3
remove various module hacks for the datastore defaults not preserving types
2016-03-05 23:11:39 -06:00
53ff3051e1
Land #6531 , NETGEAR ProSafe Network Management System 300 auth'd File Download
2016-02-26 10:53:16 -06:00
bc050410a6
Allow max traversal depth as an option, and report cred
2016-02-26 10:52:30 -06:00
5710c85a9e
Style changes
2016-02-23 15:15:57 +07:00
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
b64294abc9
Create file for CERT VU 777024 (auth download)
2016-02-04 07:57:48 +08:00
47c0a3b4a7
Get some stragglers that had a different format
2016-02-01 16:21:10 -06:00
8094eb631b
Do the same for aux modules
2016-02-01 16:06:34 -06:00
484d57614a
remove re-registered ssl options
2016-01-22 09:54:52 +01:00
283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
...
Fix the affected modules
2015-12-24 09:12:24 -08:00
27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL
2015-12-24 09:05:02 -08:00
3535cf3d18
Remove peer; included via HttpClient in lib/msf/core/exploit/mssql_sqli.rb
2015-12-24 07:51:12 -08:00
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
080ec26afb
Land #4489 , Update SMB admin modules to use Scanner & fixes
2015-12-08 14:49:26 -06:00
7378e7b128
Do elog() when print_error()
2015-12-08 11:06:59 -06:00
93a4fd0ee4
Minor edits
2015-12-02 15:43:11 -06:00
581ea89f7f
fix nil error
2015-12-02 11:19:08 +01:00
f06e4f3dbd
make this module work with other languages too
2015-12-02 11:14:10 +01:00
1a4b91e33e
unzip backup file
2015-12-02 11:01:56 +01:00
217374d1c0
add limesurvey file download
2015-12-02 00:06:13 +01:00
e107ec2d17
Change fail to fail_with, fix typo
2015-11-17 13:30:46 -06:00
74f6ff7752
Rename to atg_client to match conventions
2015-11-17 12:59:37 -06:00
c914c7b22c
Completely remove SET_TIME
2015-11-13 12:28:23 -08:00
ab3ae675ff
Hide TIME option since SET_TIME is not implemented
2015-11-13 12:26:42 -08:00
ad22eb8444
More cleanup
2015-11-13 12:24:28 -08:00
045bab052e
Add configurable timeout
2015-11-13 12:18:40 -08:00
6e9afc38ee
print_good when we get something
2015-11-13 12:12:37 -08:00
196a88c39a
Style nit
2015-11-13 12:06:00 -08:00
0cfa67f58f
Stub out more of the set time, but disable it
2015-11-10 22:00:02 -08:00
c98ab1dad4
update SET_TANK_NAME opt to mention necessary opts
2015-11-10 21:49:40 -08:00
de570a1550
Improve output when setting tank names
2015-11-10 21:41:05 -08:00
0762b9fa9b
Fix option formatting
2015-11-10 21:24:58 -08:00
637e570b28
Add TLS-250 reference
2015-11-10 21:21:55 -08:00
e67057a5c9
Add great TLS-350 resource
2015-11-10 21:19:37 -08:00
8dd6003cc2
Add several untested but likely OK TLS-350 commands
2015-11-10 21:18:27 -08:00
d00eba23f9
Update references
2015-11-10 21:02:37 -08:00
143ac47484
Minor style cleanup
2015-11-10 14:47:12 -08:00
dac7738f29
Clean up description; add more refs
2015-11-10 14:43:06 -08:00
4f4e4c734a
Handle ATGs w/ > 10 tanks, more strict
2015-11-10 14:36:59 -08:00
7c9b85551b
Support for setting ATG tank names
2015-11-10 14:24:11 -08:00
9def67831c
Better printing
2015-11-10 13:20:45 -08:00
97caf1d084
Add preliminary module for interacting with Veeder-Root ATGs
2015-11-10 13:15:08 -08:00
15eb135295
Resolve merge conflicts
2015-11-09 18:15:40 -08:00
a71d7ae2ae
Land #6089 , @jvazquez-r7 Fix HTTP mixins namespaces
2015-11-05 16:56:41 -06:00
f8a39ecc21
Land #6145 , better RPC exception handling
2015-10-30 13:25:52 -05:00
1805774b16
Resolve #6020 , Better RPC exception handling
...
Resolve #6020 . Avoid trying to rescue RuntimeError.
2015-10-28 11:16:44 -05:00
e7d6493311
Replace links
2015-10-28 10:45:02 -05:00
154fb585f4
Remove bad references (dead links)
...
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
28ca34c40a
Fix conflicts
2015-10-16 15:38:59 -05:00
4517270627
Fix modules using Msf::HTTP::JBoss
2015-10-15 11:49:15 -05:00
cf9ddbb701
Update moduels using Msf::HTTP::Wordpress
2015-10-15 11:47:13 -05:00
db5d83a40a
Move namespaces
2015-10-15 09:17:06 -05:00
dea0142da1
catch network exceptions
2015-10-02 18:26:37 -05:00
55895c6305
Fix nil bug in mssql_idf
2015-10-02 18:20:06 -05:00
1f26ec1252
Land #6018 , @pedrib's module for Kaseya VSA ZDI-15-448
2015-10-02 08:58:43 -05:00
d334dc237f
Update kaseya_master_admin.rb
2015-10-02 13:21:28 +01:00
1b21cd9481
Do code cleanup
2015-10-01 13:37:18 -05:00
2e2d27d53a
Land #5935 , final creds refactor
2015-10-01 00:25:14 -05:00
8af5a8e310
Create exploit for Kaseya privilege escalation
2015-09-29 11:51:21 +01:00
c85913fd12
Land #5983 , @jhart-r7's SOAP PortMapping UPnP auxiliary module
2015-09-26 15:47:04 -05:00
f6f3efea75
print the body as verbose
2015-09-25 13:51:18 -05:00
80c9cd4e6f
Restore required option
2015-09-25 13:41:27 -05:00
e4e9609bc2
Use single quotes
2015-09-25 13:35:38 -05:00
a5698ebce0
Fix metadata
2015-09-25 13:34:16 -05:00
0113cbd353
Nokogiri::XML::Builder instead
2015-09-16 19:53:33 -07:00
cf6d5fac2a
Use the latest cred API, no more report_auth_info
2015-09-04 13:43:15 -05:00
d55757350d
Use the latest credential API, no more report_auth_info
2015-09-04 03:04:14 -05:00
9a2696aed4
Add Reference
2015-08-31 12:03:17 -07:00
c14cae1425
Make INTERNAL_PORT optional, allowing DELETE to work
2015-08-31 11:30:18 -07:00
44813370d5
Better name, description and author
2015-08-31 10:42:50 -07:00
8665134691
Add add/delete action. update logging. rename module again
2015-08-31 10:22:36 -07:00
436910b25f
Clean up map description
2015-08-28 15:49:29 -07:00
e6e05814d0
Use an OptAddress instead, revert back to client name
2015-08-28 15:43:04 -07:00
66616eeb95
Remove unused
2015-08-28 15:38:23 -07:00
35555f5f24
Make most everything configurable and provide useful output
2015-08-28 15:36:49 -07:00
13dd8222ec
Expose lease duration as an option
2015-08-28 15:22:19 -07:00
d57041136f
Use random port mapping description
2015-08-28 15:09:58 -07:00
840be71683
Add support for specifying protocol
...
UDP is fun too. Are there others?
2015-08-28 14:53:41 -07:00
45fde928fc
More minor style cleanup
2015-08-28 14:49:57 -07:00
ba95a7d2ac
Convert to using HttpClient
2015-08-28 14:47:13 -07:00
a0aaf93f27
Relocate module to more correct location
2015-08-28 14:20:33 -07:00
91fc213ddf
More metasploit-credential update
2015-07-23 15:50:50 -05:00
4561850055
Use metasploit-credential API instead of report_auth_info
2015-07-22 01:11:43 -05:00
4cacbcc4f7
Minor fixups on sysaid modules
...
Edited modules/auxiliary/admin/http/sysaid_file_download.rb first landed
in #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
Edited modules/auxiliary/admin/http/sysaid_sql_creds.rb first landed in
2015-07-20 16:19:21 -05:00
29718ce4e1
Land #5474 , @pedrib's module for sysaid CVE-2015-2996 and CVE-2015-2998
...
* sysaid SQL database cred disclosure
2015-07-17 12:36:48 -05:00
a54b58fc24
Fix port parsing and cleanup
2015-07-17 12:34:46 -05:00
869ac87b64
Land #5472 , @pedrib's module for SysAid CVE-2015-2996 and CVE-2015-2997
...
* SysAid arbitrary file download
2015-07-17 11:46:00 -05:00
9ac1688eb1
Do code cleanup
2015-07-17 11:45:28 -05:00
ca38fc5518
Update description
2015-07-17 11:08:28 -05:00
50a3a32bfd
Update sysaid_sql_creds.rb
2015-06-20 16:58:42 +01:00
78c2f8a3a3
Update sysaid_sql_creds.rb
2015-06-20 16:57:34 +01:00
11aca8b27a
Update sysaid_file_download.rb
2015-06-20 16:54:33 +01:00
cf8008ed38
Update sysaid_admin_acct.rb
2015-06-20 16:52:13 +01:00
7f35c3b4f5
Update sysaid_sql_creds.rb
2015-06-03 22:00:08 +01:00
54bfe29527
Update and rename sysaid_file_ to sysaid_file_download.rb
2015-06-03 21:59:45 +01:00
42e84cd7d5
Update sysaid_admin_acct.rb
2015-06-03 21:59:04 +01:00
6683b86822
Create sysaid_sql_creds.rb
2015-06-03 21:46:48 +01:00
72b7982e7a
Create sysaid_file_
2015-06-03 21:46:13 +01:00
765077d741
Create sysaid_admin_acct.rb
2015-06-03 21:38:43 +01:00
818dbf58f0
Adding an OSVDB number to the Netgear module
2015-05-28 14:37:39 -05:00
95b5ff6bea
Minor fixups on recent modules.
...
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301 , @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces
Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in
Edited modules/auxiliary/scanner/http/title.rb first landed in #5333 ,
HTML Title Grabber
Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401 , multi-platform CVE-2015-0311 - Flash uncompress()
UAF
Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290 , Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
04fa626eab
Save credentials as UNTRIED
2015-05-15 14:58:55 -05:00
16c3bf91a1
Do code cleanup
2015-05-15 14:46:34 -05:00
0a4554a204
reporting included, extract device details
2015-04-28 13:01:51 +02:00
ce697ee44c
netgear soap password extractor
2015-04-27 17:56:30 +02:00
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
b2b7da2dc5
Fix spelling of Microsoft in module name
2015-04-10 11:09:16 +01:00
831a59b10b
Fix whitespace
2015-04-08 16:09:28 -05:00
52f1b95222
Add disclosure link
2015-04-08 16:07:33 -05:00
7ed1655976
Adding module for R7-2015-01
...
Disclosure coming soon, will update this module with a pointer to the
correct reference.
2015-04-08 12:34:31 -05:00
e729185804
Land #5051 , @nullbind's new options for mssql_enum_domain_accounts_sqli
2015-04-03 14:44:20 -05:00
fe9fbfd157
Make calculations easier
2015-04-03 14:43:01 -05:00
4bd40fed7f
yard doc and comment corrections for auxiliary
2015-04-03 16:12:23 +05:00
91aeef0a8a
added startrid and endrid
2015-04-01 10:09:13 -05:00
d1318d1b48
Fixups for release
2015-03-31 11:02:12 -05:00
7a0fe05803
Add CVE-ID to module references
2015-03-24 22:30:43 +00:00
7bf00f8f47
Land #4789 , @rastating WPLMS wordpress module
2015-03-24 20:46:38 +01:00
8c3e39acf0
Land #4847 @rastating's module for WordPress WP EasyCart privilege escalation
2015-03-20 18:23:05 -05:00
349d7cb9ee
Do minor cleanup
2015-03-20 18:20:45 -05:00
00dbcc12ca
Removed imp_user var from escalate_privs func
2015-03-15 22:02:12 -07:00
5bebabb005
fixed hardcoded username
2015-03-15 19:45:02 -05:00
3b21de3906
Add WPVDB reference
2015-02-26 13:37:23 +00:00
e2dfdd60c0
Update version range
2015-02-25 19:11:15 +00:00
242d3b8680
Add WP EasyCart privilege escalation module
2015-02-24 21:11:22 +00:00
61bdd58fbe
Fix required flag on options
2015-02-22 16:20:47 +00:00
37a55cce74
Abstracted version comparison code
2015-02-22 16:20:46 +00:00
31cdd757f6
Add WordPress WPLMS privilege escalation module
2015-02-22 16:20:46 +00:00
71c5f622ca
Land #4775 , Kindle Fire TV Stick controller
2015-02-17 12:59:54 -06:00
45b16c92b7
Prefer sleep
...
It's all the same, anyway.
2015-02-17 12:43:14 -06:00
e08206d192
Land #4768 , jvazquez-r7 reorganizes the SMB mixins
2015-02-17 10:36:19 -06:00
b4e2a50a6a
Really fix the bug
...
App is so slow. :(
2015-02-17 06:10:32 -06:00
09239b37aa
Fix touchy YouTube app
...
It likes the previous video stopped before playing a new one.
2015-02-17 06:07:58 -06:00
76e3539434
Add Amazon Fire TV YouTube remote control
2015-02-17 05:44:04 -06:00
b3d301e960
Fix annoying double quotes
...
As much as I love them, the use here is inconsistent.
2015-02-17 05:12:28 -06:00
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
1e8f98c285
Updated description, credit, and URL
2015-02-10 11:25:13 -06:00
1b89242a75
Add module for R7-2015-02
2015-02-10 11:03:46 -06:00
036cb77dd0
Land #4709 , fixed up some datastore mangling
2015-02-05 21:22:38 -06:00
c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM
2015-02-05 12:36:47 -06:00
c22865fb71
Fix nexpose_xxe_file_read datastore
2015-02-05 02:53:00 -06:00
c0e1440572
Land #4685 , @FireFart's module for Wordpress Platform Theme RCE
2015-02-03 17:35:59 -06:00
d0cf316758
Land #4659 , @pedrib's ManageEngine directory listing module
2015-02-01 14:19:46 -06:00
128ca47aa7
Fix banner
2015-02-01 14:19:03 -06:00
361aaa7551
Fix banner
2015-02-01 14:16:09 -06:00
39a25fc549
Update manageengine_file_download.rb
2015-02-01 10:49:48 +00:00
e9b5aa94c3
Add OSVDB id and full disclosure URL
2015-02-01 10:49:11 +00:00
2c956c0a0f
add wordpress platform theme rce
2015-01-31 22:02:44 +01:00
11502bad39
Clean code
2015-01-30 15:26:25 -06:00
1916c92e3a
Clean metadata
2015-01-30 15:21:17 -06:00
c9ac56442d
No modify datastore option
2015-01-30 15:05:46 -06:00
zerosum0x0
Pearce Barry
William Vu
h00die
Pedro Ribeiro
David Maloney
wchen-r7
Brent Cook
thao doan
Brendan
h00die
James Lee
HD Moore
Tijl Deneut
Tijl Deneut
Christian Mehlmauer
Jon Hart
HD Moore
dmohanty-r7
jvazquez-r7
Tod Beardsley
m-1-k-3
Jon Cave
root
nullbind
rastating