cea30b5427
Use built-in format for RPORT
2014-11-07 20:30:32 -06:00
e99cc00a57
No more than 100 columns on description
2014-11-07 20:29:38 -06:00
2b7d25950b
Land #4148 , @wchen-r7 fixed #4133
2014-11-07 08:26:29 -08:00
0dbfecba36
Better method name
...
Should be srvhost, not lhost
2014-11-07 02:23:34 -06:00
c00a3ac9cd
Add full disclosure URL
2014-11-07 08:06:21 +00:00
7b25e3be75
Land #4139 , Visual Mining NetCharts
...
landed after some touch up
2014-11-06 22:52:41 -06:00
7510fb40aa
touch up visual_mining_netcharts_upload
2014-11-06 22:50:20 -06:00
8a0249cdbf
Address Juan's points
2014-11-06 21:02:28 +00:00
579481e5f8
Explain why I did this
...
Also tagging Fix #4133
2014-11-06 14:25:11 -06:00
f210ade253
Use SRVHOST for msvidctl_mpeg2
2014-11-06 14:23:21 -06:00
f7e308cae8
Land #4110 - Citrix Netscaler BoF
2014-11-06 00:04:17 -06:00
54c1e13a98
Land #4140 , @wchen-r7's default template for adobe_pdf_embedded_exe
...
* Fixes #4134
* Adds a default PDF template
2014-11-05 20:21:14 -06:00
adefb2326e
Land #4124 , @wchen-r7 fixes #4115 adding HTTP auth support to iis_webdav_upload_asp
2014-11-05 18:14:33 -06:00
1b2554bc0d
Add a default template for CVE-2010-1240 PDF exploit
2014-11-05 17:08:38 -06:00
79cabc6d68
Fix clean up
2014-11-05 15:46:33 -06:00
c08993a9c0
Add module for ZDI-14-372
2014-11-05 15:31:20 -06:00
e71ba1ad4a
Push exploit for CVE-2014-6038/39
2014-11-05 20:12:03 +00:00
cca30b536f
Land #4094 , fixes for OWA brute forcer
...
Fixes #4083
Thanks TONS to @jhart-r7 for doing most of the work on this!
2014-11-05 14:00:26 -06:00
ff8d481eec
Update description to remove comments about defaults. Default to 2013
2014-11-04 21:21:19 -08:00
2c028ca7a6
Move redirect check before body check -- a redirect won't have a body
2014-11-04 14:19:21 -08:00
7855ede2de
Move userpass emptiness checking into setup
2014-11-04 14:07:39 -08:00
ebb8b70472
Land #4015 , another Android < 4.4 UXSS module
2014-11-04 15:52:29 -06:00
f8593ca1b5
Land #4109 , tnftp savefile exploit from @wvu-r7
2014-11-04 15:44:13 -06:00
5fb268bbdf
Updates to better OWA fix
2014-11-04 14:32:54 -06:00
56a02fdb4a
added mssql_escalate_executeas_sqli.rb
2014-11-04 13:38:13 -06:00
b0e388f4c3
Land #3516 , @midnitesnake's snmp_enumusers fix for Solaris, OS X
2014-11-04 08:23:16 -08:00
15119d2a0f
comment fix-sorry
2014-11-04 09:07:08 -06:00
f108d7b20a
fixed code comment
2014-11-04 08:51:27 -06:00
400ef51897
Land #4076 , exploit for x7chat PHP application
2014-11-03 18:22:04 -06:00
3bf7473ac2
Add github pull request as reference
2014-11-03 18:18:42 -06:00
44a2f366cf
Switch ranking
2014-11-03 18:06:09 -06:00
039d3cf9ae
Do minor cleanup
2014-11-03 18:04:30 -06:00
277fd5c7a1
Land #4123 , release fixes
2014-11-03 16:20:00 -06:00
7e4248b601
Added compatibility with older versions, Updated descriptions and fixed issue with Ubuntu 12.04
2014-11-03 16:42:50 -05:00
0199e4d658
Land #3770 , resolve random stager bugs
2014-11-03 14:15:14 -06:00
9a27984ac1
switch from error to switch
2014-11-03 13:56:41 -06:00
a823ca6b2f
Add support for HTTP authentication. And more informative.
2014-11-03 13:46:53 -06:00
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
fbe3adcb4c
added mssql_escalate_executeas module
2014-11-03 11:29:15 -06:00
8f197d4918
Move to build_probe
2014-11-03 08:41:51 -08:00
6f013cdcaf
Missed these
2014-10-31 18:48:48 -05:00
d6a830eb6e
Rescue the correct exception: Rex::HostUnreachable
2014-10-31 16:43:33 -05:00
121ebdfef6
update_info
2014-10-31 13:17:50 -07:00
b99e71dcdd
Example UDPScanner style cleanup, move most to UDPScanner
2014-10-31 12:14:04 -07:00
ff0b52cffb
Example per-batch vprint, a useful default
2014-10-31 10:31:31 -07:00
94d4388af9
Improvements to example UDPScanner
2014-10-31 09:53:10 -07:00
1e9f9ce425
Handle invalid JSON errors and fix typo.
2014-10-31 11:01:49 -05:00
d9f0a10737
Add new example template for scanning UDP services
2014-10-31 08:06:31 -07:00
40bf44bd05
Don't allow 127.0.0.1 as SRVHOST
2014-10-31 08:19:15 -05:00
7d2fa9ee94
Delete unnecessary to_s
2014-10-30 22:59:22 -05:00
953a642b0e
Finally write a decent description
2014-10-30 22:51:42 -05:00
64f4777407
Land #4091 - Xerox DLM injection
2014-10-30 22:15:16 -05:00
b7a1722b46
Pass msftidy, more descriptive name and description
2014-10-30 22:14:18 -05:00
e3ed7905f1
Add tnftp_savefile exploit
...
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
8fdea5f74c
Change module filename
2014-10-30 20:34:24 -05:00
9404e24b24
Update module information
2014-10-30 20:33:38 -05:00
1a37a6638c
Fix splunk_upload_app_exec to work on new installs. Style
2014-10-30 18:28:56 -07:00
55f245f20f
Merge #3507 into local, recently updated branch of master for landing
2014-10-30 17:28:20 -07:00
cc7f7c9986
Land #4108 - Avoid local offsets in CVE-2014-4113
2014-10-31 09:08:51 +10:00
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor
2014-10-30 13:52:07 -05:00
470a067384
Final changes
2014-10-30 13:51:44 -05:00
912f6c8eee
Land #4085 - Xerox Administrator Console Password Extract
2014-10-30 13:37:32 -05:00
02b1c5c4bc
Final changes
2014-10-30 13:37:02 -05:00
127d1640da
Print password
2014-10-30 13:27:40 -05:00
6dc13f90cd
Update descriptions to mention Webview bugginess.
2014-10-30 10:55:56 -05:00
0ad9f95806
Remove stray alert() for debugging.
2014-10-30 10:52:06 -05:00
88040fbce0
Add another Android < 4.4 UXSS exploit.
2014-10-30 10:34:14 -05:00
15e1c253fa
Numerous cleanups for snmp_enumusers
...
* Bring in line with Ruby standards
* More sane format for adding new OSs
* Better logging for use on larger networks
* Better error handling
2014-10-29 23:54:32 -07:00
ac939325ce
Add module first version
2014-10-29 21:11:57 -05:00
9d56f0298a
Changed upper XXX to lower XXX.
2014-10-29 20:09:02 -05:00
b35a8935db
Updated get_once for get_once undefined method and EOFError
2014-10-29 13:47:07 -05:00
64a59e805c
Fix a simple typo
2014-10-29 12:40:24 -04:00
1bf1be0e46
Updated to module based feedback from wchen-r7
2014-10-29 11:42:07 -04:00
2e53027bb6
Fix value of X7C2P cookie and typo
2014-10-29 08:32:36 -05:00
2bc8767751
Updated rescue to catch other errors from the socket API
2014-10-29 08:03:28 -05:00
9f21ac8ba2
Fix issues reported by wchen-r7
2014-10-28 21:31:33 -05:00
ba5035c7ef
Prevent calling match when there is no WWW-auth header
2014-10-28 17:13:57 -07:00
a5d883563d
Abort if 2013 desired but redirect didn't happen
2014-10-28 15:59:22 -07:00
7ca4ba26b0
Show more helpful vprint messages when login fails
2014-10-28 15:48:04 -07:00
bce8f34a71
Set proper Cookie header from built cookie string
2014-10-28 15:41:36 -07:00
a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response
2014-10-28 15:40:15 -07:00
604cad9fbb
Updated timeout to default to 45 seconds to wait for the print job to finish.
2014-10-28 15:45:28 -05:00
b17d6a661d
Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds.
2014-10-28 15:23:47 -05:00
0e42cf25d1
Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri
2014-10-28 15:13:16 -05:00
9c028c1435
Fixes #4083 , make the split nil-safe
...
In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.
This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.
2014-10-28 14:59:20 -05:00
71a6ec8b12
Land #4093 , cups_bash_env_exec CVE-2014-6278
2014-10-28 12:47:51 -05:00
57baf0f393
Add support for CVE-2014-6278
2014-10-28 17:10:19 +00:00
3de5c43cf4
Land #4050 , CUPS Shellshock
...
Bashbleeded!!!!!!!!!!!
2014-10-28 11:59:31 -05:00
1012cd8d6b
Updated based on wchen-r7 feedback.
2014-10-28 11:38:50 -05:00
78b199fe72
Remove CVE-2014-6278
2014-10-28 16:18:24 +00:00
c6bbc5bccf
Merge branch 'landing-4055' into upstream-master
2014-10-28 11:18:20 -05:00
9021e4dae6
Xerox Workcentre firmware injection exploit
2014-10-28 11:15:43 -04:00
5e0993d756
Add OJ as author
2014-10-28 09:58:34 -05:00
dade6b97ba
Land #4088 , wget exploit
...
Fixes #4077 as well.
2014-10-28 09:03:07 -05:00
a060fec760
Detect version in check()
2014-10-28 12:28:18 +00:00
e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner
2014-10-28 01:45:57 -05:00
64c206fa62
Add module for CVE-2014-4877 (Wget)
2014-10-27 23:37:41 -05:00
0b225d94b1
Xerox Admin password extractor.
2014-10-27 19:26:40 -05:00
2ba2388889
Fix issues reported by jvasquez
2014-10-27 19:15:39 -05:00
b990b14a65
Land #3771 , @us3r777's deletion of jboss_bshdeployer STAGERNAME option
2014-10-27 18:09:35 -05:00
f7f6cff327
Update xerox_workcentre_5XXX_ldap.rb
2014-10-27 17:23:47 -05:00
f119abbf8c
Xerox workcentre 5735 LDAP credential extractor
2014-10-27 15:52:12 -05:00
373ce8d340
Use perl encoding
2014-10-27 15:30:02 -05:00
216360d664
Add missing require
...
MSP-11145
2014-10-27 15:19:59 -05:00
9da83b6782
Update master changes
2014-10-27 14:35:30 -05:00
04a99f09bb
Land #4064 , Win32k.sys NULL Pointer Dereference
2014-10-27 14:01:07 -04:00
090d9b95d1
Land #4078 , pureftpd_bash_env_exec desc. update
2014-10-27 12:12:09 -05:00
950fc46e4b
Normalize description
2014-10-27 12:09:39 -05:00
b8c9ef96ca
Land #4003 , @nstarke's Login Scanner for WD MyBook Live NAS
2014-10-27 09:57:43 -07:00
830f631da4
Make the check routine less strict
2014-10-27 12:51:20 -04:00
aa5dc0a354
100 columns per line
2014-10-27 10:24:11 -05:00
7e56948191
Update description about pureftpd_bash_env_exec
...
Make exploitable requirements more obvious
2014-10-27 10:23:06 -05:00
46b1abac4a
More robust check routine for cve-2014-4113
2014-10-27 11:19:12 -04:00
4406972b46
Do version checking minor cleanup
2014-10-27 09:32:42 -05:00
848f24a68c
update module description
2014-10-27 02:07:16 -05:00
d66dc88924
Add PHP Code Execution for X7 Chat 2.0.5
2014-10-27 01:01:31 -05:00
c319ea91b3
Delete verbose print
2014-10-26 17:31:19 -05:00
34697a2240
Delete 'callback3' also from 32 bits version
2014-10-26 17:28:35 -05:00
7416c00416
Initial addition of x64 target for cve-2014-4113
2014-10-26 16:54:42 -04:00
554935e60b
Add check() and support CVE-2014-6278
2014-10-26 18:11:36 +00:00
4dfbce425a
use vprintf...
2014-10-26 09:20:32 -05:00
c31fb0633d
Merge branch 'wp-psexeccmd' of github.com:webstersprodigy/metasploit-framework into webstersprodigy-wp-psexeccmd
2014-10-26 09:05:25 -05:00
a75186d770
Add module for CVE-2014-4113
2014-10-23 18:51:30 -05:00
7cb4320a76
Land #3561 - unix cmd generic_sh encoder
2014-10-23 15:48:00 -05:00
13fd6a3374
Land #4046 - Centreon SQL and Command Injection
2014-10-23 13:17:00 -05:00
ce841e57e2
Rephrase about centreon.session
2014-10-23 13:15:55 -05:00
889045d1b6
Change failure message
2014-10-23 12:55:27 -05:00
83df08aaa7
Properly encode body and catch invalid configs
2014-10-22 22:43:06 -07:00
c765100efd
Land #4004 , @martinvigo's LastPass master password extraction module
2014-10-22 16:34:54 -07:00
29b61984c5
Update to use correctly joined path
2014-10-22 16:34:17 -07:00
42cd288bc0
Land #4057 - Bring back TCP::max_send_size and TCP::send_delay options
...
Fix #3967
2014-10-22 16:23:15 -05:00
0ea03c00a5
Use print_brute instead of print_good for format consistency
2014-10-22 16:14:45 -05:00
b8c3fadb9e
python 3 is supported now too :)
2014-10-22 20:10:48 +01:00
8c3c73a72d
inline the error message
2014-10-22 20:08:14 +01:00
2ab73688dc
use framework.threads to launch cleanup thread
2014-10-22 19:40:29 +01:00
22fc6496ac
Merge branch 'pr/3401' into landing-3401
2014-10-22 19:23:01 +01:00
ce8a9941ea
Cleanup. Sanity check in setup. vprint
2014-10-22 10:36:24 -07:00
46acf08e2d
Merge remote-tracking branch 'upstream/master' into bug/msp-11497/loginscanner-tcp-evasions
2014-10-22 09:09:34 -05:00
ee3dd3a2ac
More Fixes for WD MyBook Live Scanner
...
Fixes include removing deregistered options
from credentials collection object and adding proof
when there is no response
2014-10-22 03:06:21 +00:00
0fcd1ac4f6
Restore tcp evasions to smb_login
2014-10-21 18:59:11 -05:00
e1a7e902d6
Re-enable tcp evasions for more LoginScanners
...
Untested since I don't have targets for these.
2014-10-21 18:58:28 -05:00
6d11ec8477
These mods support Proxies, so make the option visible for the user
2014-10-21 15:39:24 -05:00
db7c420d8d
Merge the latest changes
2014-10-21 13:49:42 -05:00
f9f8c413a8
Derp, ssh modules don't include Tcp for #proxies
2014-10-21 13:28:13 -05:00
79d393c5aa
Resolve merge conflicts
...
Conflicts:
lib/msf/core/exploit/smb.rb
lib/msf/core/exploit/tcp.rb
modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
4705aeb762
Restore tcp evasions to ftp, pop3, vnc
2014-10-21 11:06:55 -05:00
7d150ce0dd
Add tcp evasions to mysql
2014-10-21 10:05:18 -05:00
e76ee294a1
Restore tcp evasions to telnet
2014-10-21 09:44:55 -05:00
82b74d5f3c
Fixes to MyBook Live Module
...
This commit contains three fixes as requested on PR
#4003 . Those include:
+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
70b13819d9
Adding Login Scanner for MyBook Live
...
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
d6f4c02c2a
Land #3979 , @wchen-r7 fixes #3976 , http_login not using TARGETURI, neither uri normalization
2014-10-20 18:10:57 -05:00
f886ab6f97
Land #4020 , Jenkins-CI CSRF token support
2014-10-20 19:03:24 -04:00
74ac16081f
Land #3981 , @wchen-r7 Fixes #3974 , axis_login.rb does not normalize URI
2014-10-20 17:51:13 -05:00
00f137cdcf
Land #4040 , @nullbind's MS SQL privilege escalation through SQLi
2014-10-20 16:23:50 -05:00
acc590b59c
Modify metadata
2014-10-20 16:22:10 -05:00
1381c7fb37
Modify title
2014-10-20 16:17:47 -05:00
323680c31a
Clean code
2014-10-20 16:17:06 -05:00
c77a0984bd
Land #3989 , @us3r777's exploit for CVE-2014-7228, Joomla Update unserialize
...
the commit.
empty message aborts
2014-10-20 13:39:08 -05:00
4e6f61766d
Change module filename
2014-10-20 13:31:22 -05:00
e202bc10f0
Fix title
2014-10-20 13:30:44 -05:00
f07c5de711
Do code cleanup
2014-10-20 13:27:48 -05:00
dbaf9c5857
Land #4001 - HP Data Protector EXEC_INTEGUTIL Remote Code Execution
2014-10-20 11:44:21 -05:00
935a23296d
Updates to NAT-PMP, lands #4041
2014-10-20 11:26:26 -05:00
6b9742b444
Land #3966 - Add exploit for CVE-2014-4872 BMC / Numara Track-It!
2014-10-20 11:23:23 -05:00
6812b8fa82
Typo and grammar
2014-10-20 11:02:09 -05:00
052a9fec86
Delete return
2014-10-20 10:52:33 -05:00
199f6eba76
Fix check method
2014-10-20 10:46:40 -05:00
3051b6c5ba
Clean up exceptions
...
Of particular note is mysql, who was rescuing Rex::ConnectionTimeout
*after* Rex::ConnectionError, which never would have fired anyway.
2014-10-20 10:27:02 -05:00
16101612a4
Some changes to use primer
...
Follow wiki How-to-write-a-module-using-HttpServer-and-HttpClient
2014-10-20 17:26:16 +02:00
b7d69bec83
Restore proxies to ssh scanners
2014-10-20 10:19:06 -05:00
1e143fa300
Removed unused variables
2014-10-20 16:58:41 +02:00
57fe829f96
Switch generic_sh's rank to ManualRanking
2014-10-20 09:34:19 -05:00
c991c5e377
Readd generic_sh encoder
2014-10-20 09:33:34 -05:00
036d43ba37
fixed logic bug
2014-10-19 20:56:29 -05:00
2985b39267
Land #3980 , @wchen-r7 fixed #3975
2014-10-19 17:11:06 -07:00
88c1647c80
Loot the passwords, obviously
2014-10-19 13:11:10 -07:00
0971d7c3ac
Remove ... from prints, only map a browser if we found something
2014-10-19 13:05:11 -07:00
967800eed0
Track account name for more useful table and prints
2014-10-19 12:59:51 -07:00
5a05246682
Consistent case in *print_*
2014-10-19 12:30:50 -07:00
005baa7f7e
Retry the script page request to get the token
...
After logging in to Jenkins the script console page
needs to be requested again to get the CSRF token.
2014-10-19 14:04:16 -04:00
0ede70e7f6
Add exploit module for CUPS shellshock
2014-10-19 17:58:49 +00:00
c2174c7910
return if no version response received
2014-10-19 00:29:36 +02:00
1e2f1eaee0
cleaning up
2014-10-18 12:00:11 -05:00
d1523c59a9
Land #3965 - BMC Track-It! Arbitrary File Upload
2014-10-17 19:47:42 -05:00
a30663e412
Fix multiuser LastPass extraction, print/vprint cleanup
2014-10-17 17:40:19 -07:00
329a600b84
Add tcp evasion options to mssql_login
2014-10-17 17:40:21 -05:00
8b5a33c23f
Land #4044 - MS14-060 "Sandworm"
2014-10-17 16:46:32 -05:00
d5b698bf2d
Land #3944 , pkexec exploit
2014-10-17 16:30:55 -05:00
70f8e8d306
Update description
2014-10-17 16:17:00 -05:00
e52241bfe3
Update target info
2014-10-17 16:14:54 -05:00
7652b580cd
Beautify description
2014-10-17 15:31:37 -05:00
d831a20629
Add references and fix typos
2014-10-17 15:29:28 -05:00
d2a00b208e
Minor style cleanup to appease Rubocop
2014-10-17 12:50:18 -07:00
ef1556eb62
Another update
2014-10-17 13:56:37 -05:00
8fa648744c
Add @wchen-r7's unc regex
2014-10-17 13:46:13 -05:00
10f3969079
Land #4043 , s/http/http:/ splat
...
What is a splat?
2014-10-17 13:41:07 -05:00
d97fe548b9
Store the browser name in LastPass loot
2014-10-17 11:33:31 -07:00
43238c7324
Simplify LastPass extraction. Track what browser that puked creds
2014-10-17 11:19:36 -07:00
dbfe398e35
Land #4037 , Drupageddon exploit
2014-10-17 12:39:59 -05:00
jvazquez-r7
Jon Hart
sinn3r
Pedro Ribeiro
Joshua Smith
Tod Beardsley
William Vu
nullbind
Juan Escobar
Joe Vennix
OJ
Peter Arzamendi
Deral Heiland
Brendan Coles
HD Moore
Luke Imhoff
Spencer McIntyre
root
scriptjunkie
Tim Wright
James Lee
nstarke
us3r777
ikkini