f048463ed6
Do minor fixupts
...
* Delete peer method
* Make verifications more strict
2014-11-12 09:33:49 -06:00
a5c87db65e
Do minor cleanup
...
* Beautify description
* Use double quotes for interpolation
2014-11-12 09:29:53 -06:00
e1164d3e14
Use snake_case on filename
2014-11-12 09:26:47 -06:00
7e05f88399
Reapply PR #4113 (removed via #4175 )
2014-11-11 15:06:43 -06:00
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
017a44c0ae
Revert errored merge of deea30d
...
Revert "Merge branch 'master' of https://github.com/farias-r7/metasploit-framework into upstream-master"
This reverts commit deea30ddb414514d7b8b
2014-11-11 14:38:47 -06:00
9238d80a24
Use correct source port for NBNS spoofer
...
137 is only correct for systems that use this as their source port.
Systems running Samba, for example, don't use this. So use the port
taken from the original request, not 137 or 1337
2014-11-11 10:33:27 -08:00
96ba6da697
Add the UDP scanner template, lands #4113 .
...
There is some additional work to do regarding CHOST/CPORT, but this is not tied to the udp template changes.
2014-11-11 11:59:30 -06:00
01fda27264
Fix title
2014-11-11 11:15:53 -06:00
a588bfd31a
Use single quotes
2014-11-11 09:56:46 -06:00
77c8dc2b64
Dont return nil from 'run'
2014-11-11 09:39:08 -06:00
fb309aae11
Use a Fixnum as FuzzInt default value
2014-11-11 09:36:53 -06:00
f6762b41b6
Use random fake db name
2014-11-11 09:35:51 -06:00
94c353222d
Do small cosmetic changes
2014-11-11 09:31:57 -06:00
e9e5869951
update from master
2014-11-11 09:24:33 -06:00
c0285067c9
Add new module to test TNS poison
...
msf auxiliary(tnspoison_checker) > show options
Module options (auxiliary/scanner/oracle/tnspoison_checker1):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 172.16.2.100, 172.16.2.24, 172.16.2.101 yes The target address range or CIDR identifier
RPORT 1521 yes The target port
THREADS 1 yes The number of concurrent threads
msf auxiliary(tnspoison_checker) > exploit
[+] 172.16.2.100:1521 is vulnerable
[*] Scanned 1 of 3 hosts (033% complete)
[-] 172.16.2.24:1521 is not vulnerable
[*] Scanned 2 of 3 hosts (066% complete)
[-] 172.16.2.101:1521 unable to connect to the server
[*] Scanned 3 of 3 hosts (100% complete)
[*] Auxiliary module execution completed
2014-11-11 17:29:27 +03:00
091da05a86
update from master
2014-11-10 22:59:44 -06:00
cac6494427
Use snake_case in filename
2014-11-10 16:58:46 -06:00
2c33642de8
Do minor cleanup
2014-11-10 16:57:57 -06:00
12ae8b3ec6
update from master
2014-11-10 16:19:26 -06:00
493b81d874
cleanup
2014-11-10 15:22:21 -06:00
31fa57fcb2
mssql_enum_sql_logins
2014-11-10 15:19:55 -06:00
d543b16cc1
Added mssql_enum_sql_logins.rb
2014-11-10 15:02:46 -06:00
ea226f7482
Update mssql_enum_sql_logins.rb
2014-11-10 15:02:14 -06:00
74344e9295
added mssql_enum_sql_logins
2014-11-10 13:42:52 -06:00
4b701700c1
Fix banner
2014-11-10 12:40:53 -06:00
7ed11ffd52
Check for INTERFACE or SMAC in dtp setup
2014-11-10 10:14:47 -08:00
65dbb1a83f
Do print_status
2014-11-10 11:26:53 -06:00
7aed1e9581
Create loot_passwords method
2014-11-10 11:21:44 -06:00
92df11baa7
Create report_super_admin_creds method
2014-11-10 11:16:25 -06:00
8f17011909
do run clean up
...
* Reduce code complexity
* Don't report not valid administrator credentials
2014-11-10 11:12:04 -06:00
635df2f233
Fail with NoAccess
2014-11-10 09:50:26 -06:00
9c033492d2
Fix indentation
2014-11-10 09:48:22 -06:00
2236518694
Check res.body before accessing #to_s
2014-11-10 09:47:05 -06:00
8b8ab61e3d
Favor && over and
2014-11-10 09:45:12 -06:00
ee4924582a
Use target_uri
2014-11-10 09:43:44 -06:00
8ddd6a4655
Redefine RPORT having into account it is builtin
2014-11-10 09:42:30 -06:00
eb36a36272
Change title
2014-11-10 09:40:22 -06:00
b3c27452cd
Add full disclosure URL
2014-11-09 10:40:41 +00:00
f680b666c7
Add github adv URL
2014-11-08 11:29:36 +00:00
143033f657
Rename manageengine_pmp_sadmin.rb to manageengine_pmp_privesc.rb
2014-11-08 11:28:04 +00:00
2843437ca9
Create exploit for CVE-2014-8499
2014-11-08 11:24:50 +00:00
e7b448537f
Add OSVDB ids
2014-11-08 11:05:34 +00:00
9d6e0664a4
Guess service name and port
2014-11-07 20:56:01 -06:00
a44640c9fc
Use single quotes
2014-11-07 20:48:04 -06:00
7c1c08fc19
Use single quotes without interpolation
2014-11-07 20:46:47 -06:00
0373156cce
Use unless over if not
2014-11-07 20:42:08 -06:00
f5a920da99
Use || operator
2014-11-07 20:41:44 -06:00
64754a5609
Delete unnecessary begin..end block
2014-11-07 20:38:36 -06:00
0919f74a3d
Delete unused variable
2014-11-07 20:37:57 -06:00
22b875d0f3
Reduce code complexity
2014-11-07 20:37:40 -06:00
b1517e6ace
Delete unnecessary nil comparision
2014-11-07 20:34:13 -06:00
aa1fec7f02
Use fail_with
2014-11-07 20:33:33 -06:00
d630eac272
Reduce code complexity
2014-11-07 20:32:15 -06:00
cea30b5427
Use built-in format for RPORT
2014-11-07 20:30:32 -06:00
e99cc00a57
No more than 100 columns on description
2014-11-07 20:29:38 -06:00
c00a3ac9cd
Add full disclosure URL
2014-11-07 08:06:21 +00:00
8a0249cdbf
Address Juan's points
2014-11-06 21:02:28 +00:00
e71ba1ad4a
Push exploit for CVE-2014-6038/39
2014-11-05 20:12:03 +00:00
cca30b536f
Land #4094 , fixes for OWA brute forcer
...
Fixes #4083
Thanks TONS to @jhart-r7 for doing most of the work on this!
2014-11-05 14:00:26 -06:00
ff8d481eec
Update description to remove comments about defaults. Default to 2013
2014-11-04 21:21:19 -08:00
2c028ca7a6
Move redirect check before body check -- a redirect won't have a body
2014-11-04 14:19:21 -08:00
7855ede2de
Move userpass emptiness checking into setup
2014-11-04 14:07:39 -08:00
ebb8b70472
Land #4015 , another Android < 4.4 UXSS module
2014-11-04 15:52:29 -06:00
f8593ca1b5
Land #4109 , tnftp savefile exploit from @wvu-r7
2014-11-04 15:44:13 -06:00
5fb268bbdf
Updates to better OWA fix
2014-11-04 14:32:54 -06:00
56a02fdb4a
added mssql_escalate_executeas_sqli.rb
2014-11-04 13:38:13 -06:00
b0e388f4c3
Land #3516 , @midnitesnake's snmp_enumusers fix for Solaris, OS X
2014-11-04 08:23:16 -08:00
15119d2a0f
comment fix-sorry
2014-11-04 09:07:08 -06:00
f108d7b20a
fixed code comment
2014-11-04 08:51:27 -06:00
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
fbe3adcb4c
added mssql_escalate_executeas module
2014-11-03 11:29:15 -06:00
8f197d4918
Move to build_probe
2014-11-03 08:41:51 -08:00
6f013cdcaf
Missed these
2014-10-31 18:48:48 -05:00
d6a830eb6e
Rescue the correct exception: Rex::HostUnreachable
2014-10-31 16:43:33 -05:00
121ebdfef6
update_info
2014-10-31 13:17:50 -07:00
b99e71dcdd
Example UDPScanner style cleanup, move most to UDPScanner
2014-10-31 12:14:04 -07:00
ff0b52cffb
Example per-batch vprint, a useful default
2014-10-31 10:31:31 -07:00
94d4388af9
Improvements to example UDPScanner
2014-10-31 09:53:10 -07:00
1e9f9ce425
Handle invalid JSON errors and fix typo.
2014-10-31 11:01:49 -05:00
d9f0a10737
Add new example template for scanning UDP services
2014-10-31 08:06:31 -07:00
953a642b0e
Finally write a decent description
2014-10-30 22:51:42 -05:00
e3ed7905f1
Add tnftp_savefile exploit
...
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor
2014-10-30 13:52:07 -05:00
470a067384
Final changes
2014-10-30 13:51:44 -05:00
912f6c8eee
Land #4085 - Xerox Administrator Console Password Extract
2014-10-30 13:37:32 -05:00
02b1c5c4bc
Final changes
2014-10-30 13:37:02 -05:00
127d1640da
Print password
2014-10-30 13:27:40 -05:00
6dc13f90cd
Update descriptions to mention Webview bugginess.
2014-10-30 10:55:56 -05:00
0ad9f95806
Remove stray alert() for debugging.
2014-10-30 10:52:06 -05:00
88040fbce0
Add another Android < 4.4 UXSS exploit.
2014-10-30 10:34:14 -05:00
15e1c253fa
Numerous cleanups for snmp_enumusers
...
* Bring in line with Ruby standards
* More sane format for adding new OSs
* Better logging for use on larger networks
* Better error handling
2014-10-29 23:54:32 -07:00
9d56f0298a
Changed upper XXX to lower XXX.
2014-10-29 20:09:02 -05:00
b35a8935db
Updated get_once for get_once undefined method and EOFError
2014-10-29 13:47:07 -05:00
2bc8767751
Updated rescue to catch other errors from the socket API
2014-10-29 08:03:28 -05:00
ba5035c7ef
Prevent calling match when there is no WWW-auth header
2014-10-28 17:13:57 -07:00
a5d883563d
Abort if 2013 desired but redirect didn't happen
2014-10-28 15:59:22 -07:00
7ca4ba26b0
Show more helpful vprint messages when login fails
2014-10-28 15:48:04 -07:00
bce8f34a71
Set proper Cookie header from built cookie string
2014-10-28 15:41:36 -07:00
a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response
2014-10-28 15:40:15 -07:00
jvazquez-r7
Tod Beardsley
HD Moore
Jon Hart
Nikita
nullbind
Pedro Ribeiro
William Vu
sinn3r
Joe Vennix
Peter Arzamendi