sinn3r
4b06334455
Minor title change for mssql_enum_domain_accounts_sqli
...
We don't really do "-" for naming
Kind of stands up on a list
2014-12-05 11:42:08 -06:00
Pedro Ribeiro
e5bdf225a9
Update netflow_file_download.rb
2014-12-04 21:32:19 +00:00
Tod Beardsley
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
jvazquez-r7
ff30a272f3
Windows paths need 2 backslashes
2014-11-30 18:54:41 -06:00
jvazquez-r7
223bc340e4
Prepend peer
2014-11-30 18:46:15 -06:00
jvazquez-r7
5ad3cc6296
Make FILEPATH mandatory
2014-11-30 18:45:23 -06:00
jvazquez-r7
b1b10cf4e5
Use Rex::ConnectionError
2014-11-30 18:44:25 -06:00
jvazquez-r7
a549cbbef8
Beautify metadata
2014-11-30 18:44:03 -06:00
Pedro Ribeiro
26d9ef4edd
Explain about Windows back slashes on option
2014-11-30 00:15:44 +00:00
Pedro Ribeiro
2fb38ec7bb
Create exploit for CVE-2014-5445
2014-11-30 00:12:37 +00:00
jvazquez-r7
5f4760c58e
Print final results in a table
2014-11-25 14:01:29 -06:00
jvazquez-r7
d998d97aaa
Refactor build_user_sid
2014-11-25 13:58:47 -06:00
jvazquez-r7
aad860a310
Make conditional easier
2014-11-25 13:54:08 -06:00
jvazquez-r7
ba57bc55b0
Don't report service
2014-11-25 13:52:22 -06:00
jvazquez-r7
059b0e91da
Don't report service
...
* The mssql could be in a third host, not rhost
2014-11-25 13:50:42 -06:00
jvazquez-r7
b467bda2d6
Reuse local variable
2014-11-25 13:49:24 -06:00
jvazquez-r7
31a84ef6ff
Make ternary operator more readable
2014-11-25 13:44:50 -06:00
jvazquez-r7
be566e5ad3
Use a lower fuzz number by default
2014-11-25 13:42:47 -06:00
jvazquez-r7
cd43f83cd7
Delete unnecessary comments
...
* No need to comment every step, just relevant
comments to undrestad code.
2014-11-25 13:40:57 -06:00
jvazquez-r7
f93dbc6deb
Use the target domain name
2014-11-25 13:36:48 -06:00
jvazquez-r7
7c87603b0e
Add progress information
2014-11-25 13:23:36 -06:00
jvazquez-r7
8e5b37ea6e
Fix reporting
2014-11-25 13:20:31 -06:00
jvazquez-r7
93539ae4c6
Use shorter variable name
2014-11-25 13:04:31 -06:00
jvazquez-r7
271f982f34
Use peer
2014-11-25 13:03:48 -06:00
jvazquez-r7
c549508abb
Use vprint
2014-11-25 13:03:18 -06:00
jvazquez-r7
249fb79a21
Fix print_* calls
2014-11-25 13:02:53 -06:00
jvazquez-r7
87cfd7c321
Dont use disconnect
2014-11-25 13:00:53 -06:00
jvazquez-r7
fb8372f505
Fix metadata
2014-11-25 12:59:11 -06:00
jvazquez-r7
71f35f5cd6
Update from upstream master
2014-11-25 12:46:44 -06:00
nullbind
4bd579bc1c
added mssql_enum_domain_accounts_sqli
2014-11-25 09:57:20 -06:00
jvazquez-r7
343a0d78bc
Delete admin check
2014-11-24 12:28:19 -06:00
jvazquez-r7
7164c4e038
Use shorter filename
2014-11-24 12:10:08 -06:00
jvazquez-r7
021b27dd83
Clean reporting
2014-11-24 12:01:09 -06:00
jvazquez-r7
f74ab34881
Delente unnecessary check
2014-11-24 11:50:41 -06:00
jvazquez-r7
3c858c793a
Use vprint
2014-11-24 11:49:36 -06:00
jvazquez-r7
4a169210ab
Use vprint
2014-11-24 11:48:16 -06:00
jvazquez-r7
ecb74c543a
Beautify description
2014-11-24 11:27:32 -06:00
jvazquez-r7
c52104e91d
Beautify metadata
2014-11-24 11:24:41 -06:00
jvazquez-r7
fcb4bea3c1
Fix code comments
2014-11-24 11:23:27 -06:00
jvazquez-r7
10d0305cb2
Update from upstream master
2014-11-24 09:48:43 -06:00
jvazquez-r7
fb4b6543e2
Handle other rex exceptions
2014-11-18 15:57:41 -06:00
nullbind
8c34f35ca9
added mssql_enum_windows_domain_accounts.rb
2014-11-17 13:03:43 -06:00
Jon Hart
9e2513d4de
Update solaris_kcms_readfile to gracefully handle RPC errors
2014-11-17 10:41:17 -08:00
Tod Beardsley
e2dc862121
Fix newly introduced typo.
2014-11-13 14:53:57 -06:00
Tod Beardsley
dd1920edd6
Minor typos and grammar fixes
2014-11-13 14:48:23 -06:00
jvazquez-r7
f081ede2aa
Land #4155 , @pedrib's module for CVE-2014-8499
...
* Password Manager Pro privesc + password disclosure
2014-11-12 23:56:26 -06:00
Pedro Ribeiro
9df31e950f
Add OSVDB id
2014-11-12 21:32:33 +00:00
jvazquez-r7
70589668c2
Really land the #4130 module
2014-11-12 09:39:01 -06:00
jvazquez-r7
ece8013d7a
Use #empty?
2014-11-12 09:35:06 -06:00
jvazquez-r7
f048463ed6
Do minor fixupts
...
* Delete peer method
* Make verifications more strict
2014-11-12 09:33:49 -06:00
jvazquez-r7
a5c87db65e
Do minor cleanup
...
* Beautify description
* Use double quotes for interpolation
2014-11-12 09:29:53 -06:00
jvazquez-r7
e1164d3e14
Use snake_case on filename
2014-11-12 09:26:47 -06:00
jvazquez-r7
01fda27264
Fix title
2014-11-11 11:15:53 -06:00
jvazquez-r7
a588bfd31a
Use single quotes
2014-11-11 09:56:46 -06:00
jvazquez-r7
77c8dc2b64
Dont return nil from 'run'
2014-11-11 09:39:08 -06:00
jvazquez-r7
fb309aae11
Use a Fixnum as FuzzInt default value
2014-11-11 09:36:53 -06:00
jvazquez-r7
f6762b41b6
Use random fake db name
2014-11-11 09:35:51 -06:00
jvazquez-r7
94c353222d
Do small cosmetic changes
2014-11-11 09:31:57 -06:00
jvazquez-r7
e9e5869951
update from master
2014-11-11 09:24:33 -06:00
jvazquez-r7
091da05a86
update from master
2014-11-10 22:59:44 -06:00
jvazquez-r7
cac6494427
Use snake_case in filename
2014-11-10 16:58:46 -06:00
jvazquez-r7
2c33642de8
Do minor cleanup
2014-11-10 16:57:57 -06:00
jvazquez-r7
12ae8b3ec6
update from master
2014-11-10 16:19:26 -06:00
nullbind
493b81d874
cleanup
2014-11-10 15:22:21 -06:00
nullbind
31fa57fcb2
mssql_enum_sql_logins
2014-11-10 15:19:55 -06:00
Scott Sutherland
d543b16cc1
Added mssql_enum_sql_logins.rb
2014-11-10 15:02:46 -06:00
Scott Sutherland
ea226f7482
Update mssql_enum_sql_logins.rb
2014-11-10 15:02:14 -06:00
nullbind
74344e9295
added mssql_enum_sql_logins
2014-11-10 13:42:52 -06:00
jvazquez-r7
4b701700c1
Fix banner
2014-11-10 12:40:53 -06:00
jvazquez-r7
65dbb1a83f
Do print_status
2014-11-10 11:26:53 -06:00
jvazquez-r7
7aed1e9581
Create loot_passwords method
2014-11-10 11:21:44 -06:00
jvazquez-r7
92df11baa7
Create report_super_admin_creds method
2014-11-10 11:16:25 -06:00
jvazquez-r7
8f17011909
do run clean up
...
* Reduce code complexity
* Don't report not valid administrator credentials
2014-11-10 11:12:04 -06:00
jvazquez-r7
635df2f233
Fail with NoAccess
2014-11-10 09:50:26 -06:00
jvazquez-r7
9c033492d2
Fix indentation
2014-11-10 09:48:22 -06:00
jvazquez-r7
2236518694
Check res.body before accessing #to_s
2014-11-10 09:47:05 -06:00
jvazquez-r7
8b8ab61e3d
Favor && over and
2014-11-10 09:45:12 -06:00
jvazquez-r7
ee4924582a
Use target_uri
2014-11-10 09:43:44 -06:00
jvazquez-r7
8ddd6a4655
Redefine RPORT having into account it is builtin
2014-11-10 09:42:30 -06:00
jvazquez-r7
eb36a36272
Change title
2014-11-10 09:40:22 -06:00
Pedro Ribeiro
b3c27452cd
Add full disclosure URL
2014-11-09 10:40:41 +00:00
Pedro Ribeiro
f680b666c7
Add github adv URL
2014-11-08 11:29:36 +00:00
Pedro Ribeiro
143033f657
Rename manageengine_pmp_sadmin.rb to manageengine_pmp_privesc.rb
2014-11-08 11:28:04 +00:00
Pedro Ribeiro
2843437ca9
Create exploit for CVE-2014-8499
2014-11-08 11:24:50 +00:00
nullbind
56a02fdb4a
added mssql_escalate_executeas_sqli.rb
2014-11-04 13:38:13 -06:00
nullbind
15119d2a0f
comment fix-sorry
2014-11-04 09:07:08 -06:00
nullbind
f108d7b20a
fixed code comment
2014-11-04 08:51:27 -06:00
nullbind
fbe3adcb4c
added mssql_escalate_executeas module
2014-11-03 11:29:15 -06:00
jvazquez-r7
b990b14a65
Land #3771 , @us3r777's deletion of jboss_bshdeployer STAGERNAME option
2014-10-27 18:09:35 -05:00
scriptjunkie
4dfbce425a
use vprintf...
2014-10-26 09:20:32 -05:00
scriptjunkie
c31fb0633d
Merge branch 'wp-psexeccmd' of github.com:webstersprodigy/metasploit-framework into webstersprodigy-wp-psexeccmd
2014-10-26 09:05:25 -05:00
jvazquez-r7
00f137cdcf
Land #4040 , @nullbind's MS SQL privilege escalation through SQLi
2014-10-20 16:23:50 -05:00
jvazquez-r7
acc590b59c
Modify metadata
2014-10-20 16:22:10 -05:00
jvazquez-r7
1381c7fb37
Modify title
2014-10-20 16:17:47 -05:00
jvazquez-r7
323680c31a
Clean code
2014-10-20 16:17:06 -05:00
HD Moore
935a23296d
Updates to NAT-PMP, lands #4041
2014-10-20 11:26:26 -05:00
nullbind
036d43ba37
fixed logic bug
2014-10-19 20:56:29 -05:00
nullbind
1e2f1eaee0
cleaning up
2014-10-18 12:00:11 -05:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
nullbind
bf92769ba2
added mssql_escalate_dbowner_sqli
2014-10-17 10:25:20 -05:00
Jon Hart
8fdae8fbfb
Move protocol and lifetime to mixin, use correct map_target if CHOST
2014-10-16 13:24:17 -07:00
Jon Hart
07f2d4dafe
Further improvements to NAT-PMP. Faster, more useful, less not useful
2014-10-15 06:39:38 -07:00
Jon Hart
ea6824c46f
WIP of NAT-PMP rework
2014-10-14 14:20:24 -07:00
jvazquez-r7
3305b1e9c3
Land #3984 , @nullbind's MSSQL privilege escalation module
2014-10-09 11:39:15 -05:00
jvazquez-r7
10b160bedd
Do final cleanup
2014-10-09 11:38:45 -05:00
jvazquez-r7
bbe435f5c9
Don't rescue everything
2014-10-09 11:25:13 -05:00
jvazquez-r7
0cd7454a64
Use default value for doprint
2014-10-09 11:04:42 -05:00
jvazquez-r7
db6f6d4559
Reduce code complexity
2014-10-09 10:59:14 -05:00
jvazquez-r7
615b8e5f4a
Make easy method comments
2014-10-09 10:48:00 -05:00
jvazquez-r7
dd03e5fd7d
Make just one connection
2014-10-09 10:46:51 -05:00
nullbind
168f1e559c
fixed status
2014-10-08 21:19:50 -05:00
nullbind
3ebcaa16a1
removed scanner
2014-10-08 21:18:56 -05:00
nullbind
031fb19153
requested updates
2014-10-06 23:52:30 -05:00
Christian Mehlmauer
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
Christian Mehlmauer
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
Tod Beardsley
4fbab43f27
Release fixes, all titles and descs
2014-10-01 14:26:09 -05:00
Christian Mehlmauer
b266233e95
fix bug
2014-09-30 00:21:52 +02:00
Christian Mehlmauer
c51c19ca88
bugfix
2014-09-27 14:56:34 +02:00
Christian Mehlmauer
9a424a81bc
fixed bug
2014-09-27 13:46:55 +02:00
Christian Mehlmauer
1c30c35717
Added WordPress custom_contact_forms module
2014-09-27 13:42:49 +02:00
nullbind
ebf4e5452e
Added mssql_escalate_dbowner module
2014-09-26 10:29:35 -05:00
Thomas Ring
81406defed
hopefully what you are looking for this time
2014-09-23 11:36:13 -05:00
sinn3r
2a714a7c4d
Fix a typo
...
Downloading and deleting are two very different things. Thanks Dan.
2014-09-21 18:35:26 -05:00
us3r777
2ae23bbe99
Remove STAGERNAME option
...
This option wasn't really required, the stager can be removed as
soon as the WAR is deployed. This commit does the modifications needed
to remove the stager right after the WAR deployment.
2014-09-09 21:44:08 +02:00
Tod Beardsley
4abee39ab2
Fixup for release
...
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
jvazquez-r7
c86d01a667
Fix win.ini signature
2014-09-07 01:46:38 -05:00
sinn3r
44b9dc9b28
Update tmlisten_traversal
2014-09-06 01:18:11 -05:00
sinn3r
cb490fc00e
[SeeRM #8836 ] Change boot.ini to win.ini
2014-09-04 17:03:21 -05:00
jvazquez-r7
185ce36859
Land #3701 , @wchen-ru's AppleTV modules
2014-09-03 12:30:50 -05:00
jvazquez-r7
10dee28fbd
Add http socket to the module sockets and allow the framework to cleanup
2014-09-03 12:01:48 -05:00
sinn3r
5acbcc80e2
no threading
2014-09-03 11:37:30 -05:00
Thomas Ring
fbae68870c
cleanup one stray comment
2014-08-29 10:57:51 -05:00
Thomas Ring
4c93cbc62c
changes based on feedback, added timeout error message
2014-08-29 10:57:20 -05:00
sinn3r
f7091d854e
Add a timeout
2014-08-28 22:26:38 -05:00
Thomas Ring
67efa76fc4
changes based on feedback
2014-08-27 09:08:18 -05:00
Jon Hart
5c57f9b4eb
Don't overload RPORT/LPORT for mapping external -> internal ports
2014-08-26 10:49:53 -07:00
Jon Hart
162508f532
Update NAT-PMP modules to use new/updated mixins
2014-08-26 10:49:53 -07:00
Jon Hart
816404bb88
Move common NAT-PMP functionality into a central place
2014-08-26 10:49:53 -07:00
sinn3r
463815d240
Add AppleTV modules (imge, video and login)
2014-08-25 15:24:41 -05:00
Thomas Ring
e23acf8d82
fix for oracle_login not checking connection status and stopping on timeout
2014-08-25 14:57:45 -05:00
Tod Beardsley
6d9833e32b
Minor pre-release updates with descriptions
2014-08-25 13:34:45 -05:00
Tod Beardsley
03a1f4455d
No need to escape single quotes in %q{} strigns
2014-08-25 13:03:33 -05:00
jvazquez-r7
0737d0dbd5
Refactor auxiliary module
2014-08-22 17:05:45 -05:00
jvazquez-r7
9ef09a7725
Pass msftidy
2014-08-22 13:24:59 -05:00
jvazquez-r7
38e6576990
Update
2014-08-22 13:22:57 -05:00
Tod Beardsley
08bb815bd8
Add Yokogawa unauth admin module
2014-08-09 13:30:10 -05:00
jvazquez-r7
ed97751ead
Land #2999 , @j0hnf's modifiction to check_dir_file to handle file:
2014-08-04 11:55:18 -05:00
jvazquez-r7
cd45ed0e0a
Handle exceptions when connecting the SMBHSARE
2014-08-04 11:54:30 -05:00
jvazquez-r7
85b5c5a691
Refactor check_path
2014-08-04 11:48:13 -05:00
jvazquez-r7
1e29bef51b
Fix msftidy warnings
2014-08-04 11:46:27 -05:00
jvazquez-r7
04bf0b4ab6
Fix forgotten comma
2014-08-04 11:34:12 -05:00
us3r777
cd2e225359
Refactored auxilliary jboss_bshdeployer
...
Switch modules/auxiliary/admin/http/jboss_bshdeployer.rb to use the
changes.
2014-08-02 11:10:49 +02:00
us3r777
9e9244830a
Added spec for lib/msf/http/jboss
...
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
us3r777
cd2ec0a863
Refactored jboss mixin and modules
...
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
2014-07-24 22:58:58 +02:00
us3r777
b526fc50f8
Refactored jboss mixin and modules
...
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
2014-07-22 23:08:42 +02:00
us3r777
ae2cd63391
Refactored Jboss mixin
...
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
us3r777
088f208c7c
Added auxiliary module jboss_bshdeployer
...
The module allows to deploy a WAR (a webshell for instance) using the
BSHDeployer.
Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to
use the new Mixin (lib/msf/http/jboss).
2014-07-18 11:51:46 +02:00
William Vu
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
William Vu
b6ded9813a
Remove EOL whitespace
2014-07-16 14:56:34 -05:00
jvazquez-r7
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
HD Moore
90eccefcc8
Fix sock.get use and some minor bugs
2014-06-28 16:17:15 -05:00
HD Moore
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
HD Moore
3868348045
Fix incorrect use of sock.get that leads to indefinite hang
2014-06-28 15:48:58 -05:00
Tod Beardsley
0219c4974a
Release fixups, word choice, refs, etc.
2014-06-23 11:17:00 -05:00
Spencer McIntyre
61f4c769eb
Land #3461 , Chromecast factory reset module
2014-06-21 17:43:31 -04:00
William Vu
79bf80e6bf
Add generic error handling
...
Just in case a factory reset happens to fail.
2014-06-21 15:35:03 -05:00
William Vu
075eec39e1
Add Chromecast factory reset module
2014-06-18 10:04:17 -05:00
j0hnf
1a82a20c09
re-added incorrectly removed SMBSHARE option
2014-06-16 20:10:11 +01:00
William Vu
cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key)
2014-06-12 13:41:44 -05:00
Tod Beardsley
1aa029dbed
Avoid double quotes in the initialize/elewhere
...
There is no need to have double quotes there for uninterpolated strings,
and every other module uses single quotes.
2014-06-12 13:20:59 -05:00
William Vu
6ca5cf6c26
Add Chromecast YouTube remote control
2014-06-11 00:08:08 -05:00
jvazquez-r7
8a9c005f13
Add URL
2014-05-20 17:43:07 -05:00
Tod Beardsley
0ef2e07012
Minor desc and status updates, cosmetic
2014-05-19 08:59:54 -05:00
jvazquez-r7
2012d41b3d
Add origin of the user, and mark web users
2014-05-16 13:51:42 -05:00
jvazquez-r7
4143474da9
Add support for web databases
2014-05-16 11:47:01 -05:00
jvazquez-r7
883d2f14b5
delete debug print_status
2014-05-16 11:13:03 -05:00
jvazquez-r7
ea38a2c6e5
Handle ISO-8859-1 special chars
2014-05-16 11:11:58 -05:00
jvazquez-r7
c9465a8922
Rescue when the recovered info is in a format we can't understand
2014-05-16 08:57:59 -05:00
jvazquez-r7
7ec85c9d3a
Delete blank lines
2014-05-16 01:03:04 -05:00
jvazquez-r7
9091ce443a
Add suport to decode passwords
2014-05-16 00:59:27 -05:00
jvazquez-r7
5b3bb8fb3b
Fix @FireFart's review
2014-05-14 09:00:52 -05:00
jvazquez-r7
a7075c7e08
Add module for ZDI-14-077
2014-05-13 14:17:59 -05:00
Christian Mehlmauer
3f3283ba06
Resolved some msftidy warnings (Set-Cookie)
2014-05-12 21:23:30 +02:00
nodeofgithub
b80d366bb7
Add filter to output WPA-PSK password on Netgear DG834GT
2014-04-26 15:52:31 +02:00
Tod Beardsley
9035d1523d
Update wol.rb to specify rhost/rport directly
...
- [ ] Fire up tcpdump on the listening interface
- [ ] Run the module and see the pcap:
listening on vmnet8, link-type EN10MB (Ethernet), capture size 65535
bytes
20:56:02.592331 IP 192.168.145.1.41547 > 255.255.255.255.9: UDP, length
102
2014-04-14 20:57:20 -05:00
jvazquez-r7
d83f665466
Delete commas
2014-03-25 13:34:02 -05:00
Ramon de C Valle
e27adf6366
Fix msftidy warnings
2014-03-25 10:39:40 -03:00
Ramon de C Valle
473f745c3c
Add katello_satellite_priv_esc.rb
...
This module exploits a missing authorization vulnerability in the
"update_roles" action of "users" controller of Katello and Red Hat
Satellite (Katello 1.5.0-14 and earlier) by changing the specified
account to an administrator account.
2014-03-24 23:44:44 -03:00
David Maloney
da0c37cee2
Land #2684 , Meatballs PSExec refactor
2014-03-14 13:01:20 -05:00
William Vu
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
Tod Beardsley
de6be50d64
Minor cleanup and finger-wagging about a for loop
2014-03-03 14:12:22 -06:00
jvazquez-r7
bfdefdb338
Land #3023 , @m-1-k-3's module for Linksys WRT120N bof reset password
2014-02-26 09:36:14 -06:00
jvazquez-r7
6ba26bf743
Use normalize_uri
2014-02-26 09:35:42 -06:00
jvazquez-r7
582372ec3e
Do minor cleanup
2014-02-26 09:32:11 -06:00
Michael Messner
b79197b8ab
feedback included, cleanup, login check
2014-02-26 13:44:36 +01:00
James Lee
d2945b55c1
Fix typo
...
inside_workspace_boundary() -> inside_workspace_boundary?()
2014-02-24 14:46:08 -06:00
Michael Messner
ec8e1e3d6f
small fixes
2014-02-21 21:59:45 +01:00
Michael Messner
1384150b7a
make msftidy happy
2014-02-21 21:56:46 +01:00
Michael Messner
c77fc034da
linksys wrt120 admin reset exploit
2014-02-21 21:53:56 +01:00
j0hnf
c62fa83a70
msf recommended changes + tweaked exception handling
2014-02-19 22:20:24 +00:00
j0hnf
4b247e2b9f
altered check_dir_file.rb so that it can check for the presence of a list of files/directories supplied using file:/ format rather than being limited to just the one file, handy for checking for indicators of compromise
2014-02-16 03:22:11 +00:00
sinn3r
89e1bcc0ca
Deprecate modules with date 2013-something
...
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
sinn3r
7faa41dac0
Change Unknown to Safe because it's just a banner check
2014-01-23 15:36:19 -06:00
sinn3r
81a3b2934e
Fix prints
2014-01-23 15:33:24 -06:00
sinn3r
5025736d87
Fix check for modicon_password_recovery
2014-01-19 17:20:20 -06:00
jvazquez-r7
0b1671f1b8
Undo debugging comment
2014-01-14 17:02:30 -06:00
jvazquez-r7
6372ae6121
Save some parsing
2014-01-14 17:00:00 -06:00
Matt Andreko
2d40f936e3
Added some additional creds that were useful
2014-01-13 23:15:51 -05:00
Matt Andreko
42fb8c48d1
Fixed the credential parsing and made output consistent
...
So in the previous refactor, we made the dedicated method to parse
usernames and passwords from the split up config values. However, that
didn't work, because on a single iteration of the loop, you only have
access to a possible username OR password. The other matching key will
be another iteration of the loop. Because of this, no credential pairs
were being reported.
The only way I can see around this (maybe because I'm a ruby newb) would
be to iterate over configs, and if the user or password regex matches,
add the matching value to a hash, which is identified by a key for both
user & pass. Then upon completion of the loop, it'd iterate over the
hash, finding keys that had both user & pass values.
2014-01-13 22:57:25 -05:00
Tod Beardsley
207e9c413d
Add the test info for sercomm_dump_config
2014-01-13 14:27:03 -06:00
Tod Beardsley
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
jvazquez-r7
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
jvazquez-r7
410302d6d1
Fix indentation
2014-01-09 15:14:52 -06:00
Matt Andreko
b1073b3dbb
Code Review Feedback
...
Removed the parameters from get() since it works without them
2014-01-09 15:54:23 -05:00
Matt Andreko
2a0f2acea4
Made fixes from the PR from jvazquez-r7
...
The get_once would *only* return "MMcS", and stop. I
modified it to be a get(3, 3). Additionally, the command
length was set to 0x01 when it needed to be 0x00.
2014-01-09 15:33:04 -05:00
jvazquez-r7
be6958c965
Clean sercomm_dump_config
2014-01-09 13:42:11 -06:00
Matt Andreko
01c5585d44
Moved auxiliary module to a more appropriate folder
2014-01-09 10:17:26 -05:00
Matt Andreko
d9e737c3ab
Code Review Feedback
...
Refactored the configuration settings so that creds could be reported to
the database more easily, while still being able to print general
configuration settings separately.
2014-01-09 10:14:34 -05:00
Matt Andreko
81adff2bff
Code Review Feedback
...
Changed datastore['rhost'] to rhost
Made the array storing configuration values into a class const
Moved superfluous array look-over to not be executed unless in verbose
mode
2014-01-09 09:19:13 -05:00
Niel Nielsen
1479ef3903
Update typo3_winstaller_default_enc_keys.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:08:10 +01:00
Matt Andreko
c5a3a0b5b7
Cleanup
2014-01-02 20:44:18 -05:00
Matt Andreko
6effdd42fa
Added module to enumerate certain Sercomm devices through backdoor
...
See more: https://github.com/elvanderb/TCP-32764
2014-01-02 20:42:42 -05:00
jvazquez-r7
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
jvazquez-r7
0eac17083a
Clean cfme_manageiq_evm_pass_reset
2013-12-18 16:16:32 -06:00
Ramon de C Valle
b9a9b90088
Update module to use added bcrypt gem
2013-12-18 16:15:35 -02:00
Ramon de C Valle
e20569181b
Remove EzCrypto-related code as per review
2013-12-18 16:15:22 -02:00
Ramon de C Valle
ef081cec49
Add missing disclosure date as per review
2013-12-18 15:47:23 -02:00
Ramon de C Valle
37826688ce
Add cfme_manageiq_evm_pass_reset.rb
...
This module exploits a SQL injection vulnerability in the "explorer"
action of "miq_policy" controller of the Red Hat CloudForms Management
Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier)
by changing the password of the target account to the specified
password.
2013-12-09 16:49:07 -02:00
sinn3r
230db6451b
Remove @peer for modules that use HttpClient
...
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
Tod Beardsley
55847ce074
Fixup for release
...
Notably, adds a description for the module landed in #2709 .
2013-12-02 16:19:05 -06:00
sinn3r
20e0a7dcfb
Land #2709 - ZyXEL GS1510-16 Password Extractor
2013-12-02 13:13:01 -06:00
Sven Vetsch / Disenchant
39fbb59ba9
re-added the reference I accidentally deleted
2013-12-02 19:06:19 +01:00
Sven Vetsch / Disenchant
cb98d68e47
added @wchen-r7's code to store the password into the database
2013-12-02 18:35:59 +01:00
Sven Vetsch / Disenchant
8e73023baa
and now in the correct data structure
2013-12-01 17:38:35 +01:00
Sven Vetsch / Disenchant
ef77b7fbbf
added reference as requested at https://github.com/rapid7/metasploit-framework/pull/2709
2013-12-01 17:36:15 +01:00
Sven Vetsch / Disenchant
aa62800184
added ZyXEL GS1510-16 Password Extractor
2013-11-29 10:42:17 +01:00
Jeff Jarmoc
03838aaa79
Update rails_devise_pass_reset.rb
...
Fixed erroneous status if FLUSHTOKENS is false.
2013-11-27 22:27:45 -06:00
Jeff Jarmoc
7f8baf979d
Adds the ability to configure object name in URI and XML. This allows exploiting other platforms that include devise.
...
For example, activeadmin is exploitable if running a vulnerable devise and rails version with the following settings;
msf > use auxiliary/admin/http/rails_devise_pass_reset
msf auxiliary(rails_devise_pass_reset) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf auxiliary(rails_devise_pass_reset) > set RPORT 3000
RPORT => 3000
msf auxiliary(rails_devise_pass_reset) > set TARGETEMAIL admin@example.com
TARGETEMAIL => admin@example.com
msf auxiliary(rails_devise_pass_reset) > set TARGETURI /admin/password
TARGETURI => /admin/password
msf auxiliary(rails_devise_pass_reset) > set PASSWORD msf_pwnd
PASSWORD => msf_pwnd
msf auxiliary(rails_devise_pass_reset) > set OBJECTNAME admin_user
OBJECTNAME => admin_user
msf auxiliary(rails_devise_pass_reset) > exploit
[*] Clearing existing tokens...
[*] Generating reset token for admin@example.com...
[+] Reset token generated successfully
[*] Resetting password to "msf_pwnd"...
[+] Password reset worked successfully
[*] Auxiliary module execution completed
msf auxiliary(rails_devise_pass_reset) >
2013-11-27 15:35:43 -06:00
Meatballs
dd9bb459bf
PSEXEC Refactor
...
Move peer into mixin
PSEXEC should use the psexec mixin
2013-11-24 16:24:05 +00:00
Tod Beardsley
84572c58a8
Minor fixup for release
...
* Adds some new refs.
* Fixes a typo in a module desc.
* Fixes a weird slash continuation for string building (See #2589 )
2013-11-04 12:10:38 -06:00
Rich Lundeen
c3113f796e
Incorporating a few more cleanup items from jvazquez
2013-10-31 21:32:58 -07:00
Rich Lundeen
cbfef6ec7a
incoporating jvazquez feedback
2013-10-31 00:17:50 -07:00
Tod Beardsley
344413b74d
Reorder refs for some reason.
2013-10-30 12:25:55 -05:00
Tod Beardsley
32794f9d37
Move OpenBravo to aux module land
2013-10-30 12:20:04 -05:00
Tod Beardsley
9bb9f8b27b
Update descriptions on SMB file utils.
2013-10-28 13:48:25 -05:00
Tod Beardsley
0f63420e9f
Be specific about the type of hash
...
See #2583 . Since there are several types of hashes, we need to be more
specific about this -- see modules/exploits/windows/smb/psexec.rb which
uses an "smb_hash" as a password type.
Also, the fixes in #2583 do not appear to address anything else reported
on the Redmine issue, namely, operating system and architecture
identification discovered with this module (assuming good credentials).
Therefore, the Redmine issue should not be considered resolved.
[SeeRM #4398 ]
2013-10-28 13:40:07 -05:00
jvazquez-r7
9276a839d4
[FixRM #4398 ] Report credentials to database
2013-10-25 16:19:47 -05:00
sinn3r
7ee615223d
Land #2570 - HP Intelligent Management SOM Account Creation
2013-10-24 14:14:06 -05:00
jvazquez-r7
69da39ad52
Add module for ZDI-13-240
2013-10-23 16:01:01 -05:00
sinn3r
d1e1968cb9
Land #2566 - Download and delete a file via SMB
2013-10-23 12:28:57 -05:00
sinn3r
9a51dd5fc4
Do exception handling and stuff
2013-10-23 12:28:25 -05:00
sinn3r
0500842625
Do some exception handling
2013-10-23 12:22:49 -05:00
sinn3r
83a4ac17e8
Make sure fd is closed to avoid a possible resource leak
2013-10-23 12:16:18 -05:00
sinn3r
af02fd0355
Use store_loot, sorry mubix
2013-10-23 12:13:05 -05:00
Rob Fuller
8f3228d191
chage author but basic copied from hdms upload_file
2013-10-22 21:13:30 -04:00
Rob Fuller
b2b8824e2e
add delete and download modules for smb
2013-10-22 16:31:56 -04:00
William Vu
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
sinn3r
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
sinn3r
6430fa3354
Land #2539 - Support Windows CMD generic payload
...
This also upgrades auxiliary/admin/scada/igss_exec_17 to an exploit
2013-10-21 11:26:13 -05:00
jvazquez-r7
be1d6ee0d3
Support Windows CMD generic payload
2013-10-17 14:07:27 -05:00
Tod Beardsley
07ab53ab39
Merge from master to clear conflict
...
Conflicts:
modules/exploits/windows/brightstor/tape_engine_8A.rb
modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
Tod Beardsley
2833d58387
Add OSVDB for vbulletin exploit
2013-10-16 15:01:28 -05:00
Tod Beardsley
3c2dddd7aa
Update reference with a non-plagarised source
2013-10-16 14:44:18 -05:00
Tod Beardsley
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
Tod Beardsley
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
Tod Beardsley
cad7329f2d
Minor updates to vbulletin admin exploit
2013-10-10 22:09:38 -05:00
jvazquez-r7
4f3bbaffd1
Clean module and add reporting
2013-10-09 13:54:28 -05:00
jvazquez-r7
5c36533742
Add module for the vbulletin exploit in the wild
2013-10-09 13:12:57 -05:00
Meatballs
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
Meatballs
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
FireFart
09fa7b7692
remove rport methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:50:34 +02:00
sinn3r
d006ee52b1
Land #2344 - Sophos Web Protection Appliance patience.cgi Directory Traversal
2013-09-12 14:13:32 -05:00
jvazquez-r7
02a073a8fe
Change module filename
2013-09-09 23:30:37 -05:00
jvazquez-r7
64348dc020
Update information
2013-09-09 23:29:48 -05:00
jvazquez-r7
2252aee398
Fix ltype on store_loot
2013-09-09 14:02:28 -05:00
jvazquez-r7
ce769b0c78
Add module for CVE-2013-2641
2013-09-09 13:56:45 -05:00
jvazquez-r7
3d48ba5cda
Escape dot on regex
2013-09-08 20:26:20 -05:00
jvazquez-r7
be9b0da595
Update print message
2013-09-06 16:09:38 -05:00
jvazquez-r7
830bc2ae64
Update OSVDB reference
2013-09-06 13:01:39 -05:00
jvazquez-r7
4e3d4994c3
Update description
2013-09-06 12:58:54 -05:00
jvazquez-r7
45821a505b
Add module for CVE-2013-0653
2013-09-06 12:42:34 -05:00
Tab Assassin
6b330ad39f
Retab changes for PR #2134
2013-09-05 14:24:37 -05:00
Tab Assassin
52ce6afd99
Merge for retab
2013-09-05 14:24:31 -05:00
Tab Assassin
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
jvazquez-r7
b9360b9de6
Land #2286 , @wchen-r7's patch for undefined method errors
2013-08-26 20:46:05 -05:00
sinn3r
7fad26968c
More fix to jboss_seam_exec
2013-08-26 17:16:15 -05:00
Tod Beardsley
5b4890f5b9
Fix caps on typo3_winstaller module
2013-08-26 14:47:42 -05:00
sinn3r
37eaa62096
Fix undefined method error
...
[FixRM #8346 ]
2013-08-21 00:42:33 -05:00
sinn3r
9ca7a727e1
Fix undefined method error
...
[FixRM #8347 ]
2013-08-21 00:41:49 -05:00
sinn3r
5993cbe3a8
Fix undefined method error
...
[FixRM #8348 ]
2013-08-21 00:40:38 -05:00
sinn3r
9f98d4afe6
Fix undefined method error
...
[FixRM #8349 ]
2013-08-21 00:38:35 -05:00
sinn3r
ea78e8309d
Fix undefined method error
...
[FixRM #8350 ]
2013-08-21 00:35:36 -05:00
jvazquez-r7
586ae8ded3
Land #2249 , @wchen-r7's patch for [SeeRM #8314 ]
2013-08-20 10:32:47 -05:00
jvazquez-r7
4790d8de50
Land #2256 , @wchen-r7's patch for [FixRM #8316 ]
2013-08-19 23:23:57 -05:00
sinn3r
5366453031
[FixRM #8316 ] - Escape characters correctly
...
dots need to be escaped
2013-08-19 16:51:19 -05:00
sinn3r
7fc37231e0
Fix email format
...
Correct email format
2013-08-19 16:34:14 -05:00
sinn3r
17b5e57280
Typo
2013-08-19 15:32:19 -05:00
sinn3r
fb5ded1472
[FixRM #8314 ] - Use OptPath instead of OptString
...
These modules need to use OptPath to make sure the path is validated.
2013-08-19 15:30:33 -05:00
jvazquez-r7
f42797fc5c
Fix indentation
2013-08-16 14:19:37 -05:00
Tod Beardsley
f7339f4f77
Cleanup various style issues
...
* Unset default username and password
* Register SSL as a DefaultOption instead of redefining it
* Use the HttpClient mixin `ssl` instead of datastore.
* Unless is better than if !
* Try to store loot even if you can't cleanup the site ID.
2013-08-16 14:03:59 -05:00