infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
41,014 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

7519 Commits (c1f9b724cf1388dd207b81def039e5c0f2d353b2)

Author SHA1 Message Date
jinq102030 378d8aea36 Merge pull request #7697 from h00die/fix_colorado 
Fix ftp traversal error conditions
 2016-12-16 13:51:15 -06:00
h00die b5beb2eb93 throw errors 2016-12-12 21:48:08 -05:00
h00die 2dca7c871b applying #7582 to all ftp aux traversals 2016-12-10 16:05:09 -05:00
William Vu f0dca7abbf
Land #7692, print_error for error_sql_injection 2016-12-09 17:09:52 -06:00
William Vu 2b0bce6459
Land #7690, drupal_views_user_enum user count fix 2016-12-09 16:55:01 -06:00
William Vu 4e235be484 Ensure a trailing slash for base_uri 
Technically, the GET parameters should be in vars_get, but we don't want
to refactor the entire module right now.
 2016-12-09 16:53:58 -06:00
Jin Qian 8780c325a7 Fixed issues #7691, silent exit. 
Add a print statement to alert user what is missing, user could be confused that "show missing" is empty yet something is missing.
 2016-12-09 16:20:44 -06:00
dmohanty-r7 77dd952370
Land #7592, check nil return value when using redis_command 2016-12-09 16:07:12 -06:00
Jin Qian 17c12a78f5 Fixed issue #7689, count of found users not accurate 
In module drupal_views_user_enum, the count of found users is not accurate.
Fixed it by doing flatten before doing counting.
 2016-12-09 15:19:43 -06:00
wchen-r7 7e0b224eb2 Make ABORT_ON_LOCKOUT non default 2016-12-08 15:07:53 -06:00
wchen-r7 0110b97fa2 Fix #7671, support LOCKED_OUT and DISABLED login status 
This allows login scanner modules to skip a user if it is
locked out, or disabled.

Fix #7671
 2016-12-07 16:49:16 -06:00
Rich Whitcroft d3a8409a49 prevent further lockouts in smb_login 2016-12-06 21:53:08 -05:00
Jin Qian 4a35f8449a Fixed issue #7650 by matching Server header using regex as Wei suggested 
The suggestion by Wei is simpler than the one I checked in which checks for presence of Server header before calling include method.
 2016-12-02 20:26:38 -06:00
Jin Qian 35fdf1473b Fixed issue #7650 where etherpad_duo_login module may crash 
Add check for presence of Server header.
 2016-12-02 18:07:18 -06:00
Jin Qian 11906eb540 Fix issue #7645 where dolibarr_login module crashed 
Add "res" (http response) when trying to retrieve the cookie
 2016-12-01 15:38:26 -06:00
wchen-r7 9325ef8d8f
Land #7573, Add WP Symposium Plugin SQLI aux mod to steal credentials 2016-12-01 14:56:30 -06:00
wchen-r7 6b5dba72d4 Update description 2016-12-01 14:55:16 -06:00
wchen-r7 64bc029106 Fix Ruby style 2016-12-01 14:53:55 -06:00
wchen-r7 90ec367a99 Add method to save creds to database 2016-12-01 14:52:51 -06:00
William Vu 54684d31bd
Land #7641, check_conn? fix for cisco_ssl_vpn 2016-11-30 21:14:19 -06:00
William Vu 032312d40b Properly check res 2016-11-30 21:03:29 -06:00
Jin Qian ec83a861c8 Fix issue #7640 where cisco SSL VPN not move despite server responded 
Add the "return true" statement that was missing.
 2016-11-30 16:25:13 -06:00
wchen-r7 56505d2cc1 Resolve merge conflict 2016-11-30 14:33:23 -06:00
wchen-r7 c70c3701c5 Fix #7628, concrete5_member_list HTML parser 
Fix #7628
 2016-11-30 14:20:36 -06:00
wchen-r7 530e9a9bc6
Land #7633, fix dell_idrac to stop trying on a user after a valid login 2016-11-30 11:46:31 -06:00
Jin Qian afed1f465e Fix issue 7632 where MSF keeps trying after success. 
Thanks to Wei who suggested adding "return :next_user" after success.
 2016-11-29 14:57:15 -06:00
Jin Qian 1beeb99d44 Fix issue 7628, username extracted became garbled 
Make the regular expression less aggressive.
 2016-11-29 12:52:57 -06:00
William Vu c39c53b102 Prefer DefaultOptions to reregistering SSL option 2016-11-28 14:29:02 -06:00
Pearce Barry 8c54b0e5f4
Land #7622, Fix check_conn? method in cisco_ironport_enum 2016-11-28 14:19:02 -06:00
William Vu 777d5c1820 Fix check_conn? method in cisco_ironport_enum 2016-11-28 14:02:39 -06:00
Cantoni Matteo f0b5b5a153 call store_loot once at the end 2016-11-28 20:28:36 +01:00
wchen-r7 4eb109b22f
Land #7609, set SSL to true by default for cisco_nac_manager_traversal 2016-11-28 11:30:41 -06:00
Brent Cook 60210f57e9
Land #7505, fixed some targets for cisco_asa_extrabacon 2016-11-27 22:19:45 -06:00
jjarmoc 8824cc990a Use Auxilliary Actions for different behaviors. 2016-11-26 13:04:04 -06:00
John Q. Public 0935d31de1 Changed print_status to print_good 
Changed line 315 print type to good instead of the general status indication, so that the result output is easier to see.
 2016-11-25 16:54:58 -06:00
John Q. Public c286c708d9 Print file contents 
Added a print_good statement at line 63 in order to print to contents of the newly discovered robots.txt file.
 2016-11-25 15:57:37 -06:00
h00die efa191dd10 fixed some spacing 2016-11-25 11:50:56 -05:00
h00die 00d9e69a98 potential double fix for #7582 2016-11-24 12:14:09 -05:00
Pearce Barry ec020e3d07
Land #7611, cisco_ironport_enum falsely claimed connection failed 
Fixes #7610
 2016-11-24 09:54:09 -06:00
Cantoni Matteo fd11e7c4df modified it as recommended (@brandonprry) and added Module Documentation 2016-11-24 10:36:32 +01:00
Jin Qian 65b858ac06 Fix issue 7610, cisco_ironport_enum falsely claimed connection failed. 
Make sure we return 1 in check_conn method.
 2016-11-23 14:59:07 -06:00
Jin Qian b7ae7a47be Fix issue #7608 where the SSL option was not turned on by default 
Set the SSL option to be on by default.
 2016-11-23 14:45:42 -06:00
Jin Qian 0df3e17e0c Fix the issue in MS2132 where OWA_LOGIN doesn't continue on connection error. 
The possibility of temporary connnection disruption means this module should keep trying other user/pass pairs upon error.
 2016-11-23 09:56:27 -06:00
wchen-r7 83a3a4e348 Fix #7463, check nil return value when using redis_command 
Fix #7463
 2016-11-21 15:52:12 -06:00
William Vu 6f8660f345
Land #7586, NameError fix for brute_dirs 2016-11-21 14:46:19 -06:00
William Vu c8320d661f
Land #7590, mixin order fix for buffalo_login 2016-11-21 13:57:27 -06:00
Jin Qian 90d360a592 Fix the issue 7589, both RHOST and RHOSTS options are quired 
Thanks to Will who found it's due to the order of mixin.
 2016-11-21 11:06:32 -06:00
Jin Qian 18b873be47 Fix the exception issue reported in issue #7585 
Fix the exception by initialize a key variable that caused the exception.
 2016-11-21 10:00:23 -06:00
Brent Cook 0504cae21f
Land #7536, fix get_ipv4_addr(@interface) usage 2016-11-21 01:09:05 -06:00
David Maloney 6a35b366bc
Land #7577, URPORT fix 2016-11-18 14:41:10 -06:00
wchen-r7 00e4a8881f
Land #7574, Update open_proxy aux module 2016-11-18 11:41:43 -06:00
wchen-r7 d3adfff663 Change syntax 2016-11-18 11:41:04 -06:00
wchen-r7 f894b9a4c5 Fix typo 2016-11-18 11:39:26 -06:00
David Maloney 8d1c718873
Land #7572, wireshark dos typos 
Lands mcantoni's pr for fixing typos in the
wireshark dos modules
 2016-11-18 11:01:32 -06:00
wchen-r7 22d70ddd09 Fix #7455, handle the URIPORT option properly in is_uxss_injection 
Fix #7455
 2016-11-17 15:50:35 -06:00
Brian Patterson abddeb5cd2 Land 7473, add censys search module 2016-11-17 13:44:00 -06:00
Brendan f2b9498643
Land #7576, Fix RHOSTS use in auxiliary/scanner/ftp/titanftp_xcrc_traversal 2016-11-17 13:06:29 -06:00
Jin Qian c03f35ef13 Fix the hanging of module auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb 
Thanks for Wei who pointed out the error: in store_loop call, it used "rhosts", should have been ip.
 2016-11-17 10:08:59 -06:00
Cantoni Matteo c9b9be9328 Update open_proxy aux module 2016-11-17 15:44:03 +01:00
Cantoni Matteo b3b89a57b5 Add WordPress Symposium Plugin SQL Injection module 2016-11-17 15:04:53 +01:00
Cantoni Matteo 30f7006b5b Fixed typos of an old commit 2016-11-17 14:39:33 +01:00
wchen-r7 f50e609d12
Land #7556, Prevent psexec_command from dying when one host errors 2016-11-15 12:17:01 -06:00
wchen-r7 e5d3289c18 Fix name for exception 2016-11-15 12:14:58 -06:00
Dylan Davis a8a09261e1 Use files for rescue error, because left is not available 2016-11-11 21:49:06 -07:00
Jenna Magius db32c5fdcc msftidy whitespace fixes 2016-11-11 10:28:37 -07:00
Dylan Davis fddc2c221f Catch the specific exception. Include the error code in the error message. 2016-11-11 10:24:05 -07:00
Dylan Davis 69a4a327b8 Add begin-rescue blocks that prevent individual hosts from bailing out a threaded multi-host execution 2016-11-11 10:15:36 -07:00
William Vu 4eb42a9171
Fix broken ternary in phoenix_command 2016-11-07 00:12:04 -06:00
Tijl Deneut 92964c1f95 Update phoenix_command.rb 2016-11-06 21:22:54 +01:00
Tijl Deneut 2c2729f0b2 Update phoenix_command.rb 
Coded was messed up by MS Edge, don't use it :)
 2016-11-06 21:21:20 +01:00
Tijl Deneut 1b4409f950 Update phoenix_command.rb 
Style fix: replace "ractionport == nil ?" with "ractionport.nil?"

Is it OK? Did not find time to install and run rubocop ...
 2016-11-06 21:15:31 +01:00
Tijl Deneut 4ea9214466 Fixed a small bug 2016-11-06 16:20:55 +01:00
朱雄宇 e9d85750c2 fix get_ipv4_addr(@interface) usage 
get_ipv4_addr(@interface) returns a string not list, so get_ipv4_addr(@interface)[0] only got the first character of IP, which raises an error.
 2016-11-06 19:04:57 +08:00
Jon Hart 5b810fae41
Update atg_client to identify responses that indicate the command was not understood 2016-11-04 10:12:02 -07:00
William Vu a651985b4f
Land #7498, Joomla account creation and privesc 2016-11-01 22:46:36 -05:00
William Vu f414db5d6d Clean up module 2016-11-01 22:46:28 -05:00
h00die a924981369
Landing #7516, X11 print fixes 2016-11-01 19:50:05 -04:00
Brendan 05e2aad837
Land #7497, Add Kerberos domain user enumeration module 2016-11-01 14:34:47 -05:00
attackdebris 1b4cef10d1 Change creds_name to Kerberos 2016-11-01 17:59:51 +00:00
William Vu 5c065459ae print_{good,error} more specifically in open_x11 2016-10-31 11:29:00 -05:00
Pearce Barry 991a3fe448
Markdown docs added. 2016-10-28 17:38:00 -05:00
Jan Rude 971c8207bd Update telpho10_credential_dump.rb 
Code improvements suggested by @h00die
 2016-10-28 16:45:14 -05:00
Jan Rude c9574a4707 Update telpho10_credential_dump.rb 
output correction
 2016-10-28 16:44:52 -05:00
Jan Rude 05ee51a832 Update telpho10_credential_dump.rb 
do not write to stdout
 2016-10-28 16:44:40 -05:00
Jan Rude fb534a9e85 add telpho10_exploit 
telpho10 credential dump exploit
 2016-10-28 16:44:27 -05:00
Jeff 5eca6866f2 Fix failing versions, specify version explicitly 2016-10-28 16:24:06 -05:00
Filipe Reis 88a2a770a3 Update to have checks in place 
Add: added checks to the code
 2016-10-28 11:24:39 +01:00
Brendan 9eaaba1dea Added user logging into the db and humored rubocop 2016-10-27 15:50:17 -05:00
attackdebris c2af2ab214 Move kerberos_enumusers module to aux/gather & add documentation 2016-10-27 19:11:22 +01:00
Filipe Reis 88beea0c56 updating code 
Fix: changing to seggested fixes
 2016-10-27 14:30:59 +01:00
Filipe Reis 2851faefe8 Update module info 
Fix: removed info that didn't belong
 2016-10-27 03:11:38 +01:00
Filipe Reis e522d7f5a4 Fixing issues regarding travis checks 
Fix: EOL spaces;
 2016-10-27 02:50:20 +01:00
Filipe Reis 8ad1c66bd3 Code update and file rename 
Fix: clean up and improving code using all the comments.
Fix: rename file to a more meaning and more easy to search
 2016-10-27 02:46:40 +01:00
Filipe Reis 0af47ef411 Fixing warning from travis checks 
Fixing: Auxiliary modules have no 'Rank': Rank = ExcellentRanking
Fixing: Spaces at EOL
 2016-10-26 23:29:17 +01:00
Filipe Reis 5a127886bb Fixing issues regarding travis checks 
Fixing unicode issues;
Fixing CVE format;
Fixing EOL spaces;
Fixing the way cookies are read.
 2016-10-26 23:24:09 +01:00
Filipe Reis 94b05d7943 Joomla Account Creation and Privilege Escalation 
This module allows to create an arbitrary account with administrative privileges in Joomla versions 3.4.4 through 3.6.3.
 2016-10-26 23:11:38 +01:00
William Webb 9672759be8
Land #7462, Add support for Unicode domains 2016-10-26 16:47:09 -05:00
attackdebris 18c3d42aca This commit adds the kerberos_enumusers module 2016-10-26 20:56:41 +01:00
Jon Hart 342bfd628a Dont' set default PORTS or PROBE options. Require user configuration. 2016-10-25 15:58:46 -05:00
Jon Hart 2a18ea0e33 Initial commit of generic module for detecting UDP amplification vulnerabilities 2016-10-25 15:58:46 -05:00