acb4446e45
Fix #6407 by treating redirects as successful authentication
2012-02-21 16:02:21 -06:00
bce1c08623
Update modules/auxiliary/server/capture/http_javascript_keylogger.rb
2012-02-21 04:46:56 -06:00
7c1d48d6aa
Merge in MJC's javascript keylogger
2012-02-21 04:25:15 -06:00
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
89e0842b1e
Add vim_soap to the mixins list.
...
Fixes an issue where a different module load order would result in one
of the vmware modules failing to load be cause vim_soap hadn't been
required yet. Thanks d0rm0us3 for having a weird system and spotting
stuff like this.
2012-02-20 13:17:45 -07:00
a8d56afda6
Use store_loot() to save data to local disk
2012-02-20 01:30:11 -06:00
fccb338e29
Merge branch 'master' of github-r7:rapid7/metasploit-framework
2012-02-19 23:01:14 -06:00
e0a75c1b2c
Merge branch 'release/4.2-stable'
...
Conflicts:
lib/msf/core/model/host.rb
2012-02-19 22:57:22 -06:00
ea698864bd
Add aux module to disclose IIS internal IP (Feature #6405 )
2012-02-19 22:44:30 -06:00
95fa97cbd7
This module should be using store_loot() to save downloaded data
2012-02-19 20:48:00 -06:00
6037a2fc7a
Correct type and name for store_loot
2012-02-19 20:20:44 -06:00
f92ddb2475
Revert "Cleanup to the module output for vmware_http_login.rb"
...
This reverts commit 08d91aebdb
2012-02-19 18:55:49 -06:00
a25475fac0
Revert "Add a new vmauthd_version scanner (also pulls in the SSL cert if"
...
This reverts commit c4ea27d32b
2012-02-19 18:53:03 -06:00
d761265b93
Revert "Cosmetic cleanup to the module output for vmauthd_login"
...
This reverts commit 87e7bf4934
2012-02-19 18:52:39 -06:00
648686002b
Cosmetic cleanup of the vmware_http_login module
2012-02-19 18:51:16 -06:00
2521bd7b59
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:34:35 -06:00
00d2497a42
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:32:36 -06:00
c4ea27d32b
Add a new vmauthd_version scanner (also pulls in the SSL cert if
...
available)
2012-02-19 18:28:06 -06:00
87e7bf4934
Cosmetic cleanup to the module output for vmauthd_login
2012-02-19 18:16:54 -06:00
08d91aebdb
Cleanup to the module output for vmware_http_login.rb
2012-02-19 18:16:05 -06:00
825ea01f79
Correct report_web_vuln
2012-02-19 16:37:42 -06:00
199e9c518b
Add Generic HTTP Directory Traversal Utility (Feature #6338 )
2012-02-19 00:30:18 -06:00
6ced540e0b
Merge branch 'vmware-api' into vmware-stable
2012-02-18 18:38:20 -06:00
36dc0fee50
Better dynamic soap generation for all the vmware stuff
2012-02-18 18:29:46 -06:00
ebd5438984
Add POST to method
2012-02-17 22:36:33 -06:00
bb5e4a1600
Modules don't need to register VERBOSE, because it's already there
2012-02-17 21:07:44 -06:00
79ce43e3fe
This condition should never trigger, because OptEnum should automatically take care of it
2012-02-17 19:16:07 -06:00
e23f17cac2
Again, validate using OptEnum
2012-02-17 19:14:38 -06:00
d58b8c7b69
Use OptEnum to validate enumeration method
2012-02-17 19:12:47 -06:00
3390bdf312
Validate METHOD with OptEnum
2012-02-17 18:54:53 -06:00
974aea3521
Validate 'METHOD' using OptEnum
2012-02-17 18:46:56 -06:00
36bc31d677
Damn, the indent level is nuts in this thing
2012-02-17 18:43:47 -06:00
ec58b4669e
This module only handles GET, so that's the only option we'll allow
2012-02-17 18:20:16 -06:00
9e17b09632
This module is only meant to handle GET and PUT, so let's be strict on that
2012-02-17 18:17:28 -06:00
7ae58bfd9d
Make sure the HTTP method is always upper-case to make Apache happy
2012-02-17 18:15:23 -06:00
ddb43774c9
Some metadata fixes
2012-02-17 12:21:38 -06:00
ae57a8d9fd
Make sure the HTTP method is always uppercase so we don't get a 501
2012-02-17 03:34:39 -06:00
a0dac593bc
Merge branch 'vmware-api' of github.com:rapid7/metasploit-framework into vmware-api
2012-02-16 02:22:31 -06:00
e9b2e060d6
Permissions scanner for vmware
...
Fixed the way loot was getting stored to set a propper type
2012-02-16 02:19:33 -06:00
8d7ddab2af
Some minor bug fixes
...
Added vm_tag module for 'flag planting'
2012-02-16 00:45:48 -06:00
c5ae56a147
Adding User Enumeration Scanner for vmware
2012-02-15 22:55:11 -06:00
95f54413d8
Create a stable branch of vmware-api
...
Just to pick up the soap library and the esx_fingerprint stuff.
2012-02-15 21:25:56 -06:00
bf9ed96155
Fixes up esx_fingerprint and the host model to ID vmware correctly
...
Uses the proper host.normalize_os methods to fix up the normalization of
ESX servers.
2012-02-15 20:31:51 -06:00
a2778ea297
minor fixes to multi-session terminate
2012-02-15 16:50:12 -06:00
082b4acca8
Changed terminate session module to handle multiple sessions per run
2012-02-15 16:47:02 -06:00
c9cf47bd4c
Add Terminate Session module and some extra goodness to enum sessions
2012-02-15 16:39:13 -06:00
67ba39cc3e
Adds a scanner to pull active login sessions off servers
2012-02-15 02:27:25 -06:00
e0f11992af
Gah screwed up that commit, accidentally chunked out the rescues.
2012-02-15 02:12:06 -06:00
6b539036c9
Fix fingerprinting in the vmware_http_login module
2012-02-15 01:54:34 -06:00
e67e9ab34f
Adds a power off vm aux module
2012-02-14 20:52:45 -06:00
a256a6fb0b
Adds a power on vm module
2012-02-14 20:44:11 -06:00
bbca09458f
Workaround for report_host/service issue
...
See #6370
2012-02-14 11:19:38 -06:00
03884ddb46
Fix to title from copy pasted init section.
2012-02-14 10:36:15 -06:00
ad0594ee5f
Cleanup and add debug for fingerprint_vmware
2012-02-13 19:07:26 -06:00
8c1581567c
Cleanup on the vmware fingerprinting.
...
Add in some new OS constants and seperate out the fingerprinting
function from the connection function in order to avoid having errors
swallowed by a rescue.
2012-02-13 16:40:44 -06:00
727cde00c6
Taking David's version of vmware_http_login over mine
2012-02-13 14:54:47 -06:00
d036da627a
Clear lots of whitespace
2012-02-13 14:13:43 -06:00
31f001ed54
Improved vmware enumerate vm modules
...
now with screenshots!
2012-02-13 12:07:28 -06:00
8c305e1a28
VMWare Web service finerprinting and OS detection.
...
VMWare Screenshot stealer
Improvemenets to the mixin
fix to check method for the login scanner
2012-02-13 12:05:32 -06:00
a758462a32
Remove some whitespace
2012-02-13 11:01:26 -06:00
abb1548d9a
Fix extraneous print_status
2012-02-11 20:09:43 -06:00
676a0c53a0
Working Screenshot capability!
2012-02-11 03:51:18 -06:00
fe69a27bf1
Fix indent level and type
2012-02-10 03:22:51 -06:00
4b47a9e66f
Be gone, whitespace.
2012-02-10 03:16:37 -06:00
52e7743b41
Merge branch 'ipv6_logging' of https://github.com/m-1-k-3/metasploit-framework into m-1-k-3-ipv6_logging
2012-02-10 03:13:18 -06:00
29b99aa7b4
Fix up titles/add boundary check for reporting external host
2012-02-08 12:23:46 -06:00
705c436ede
added more multicast addresses from wikipedia
2012-02-07 11:45:20 +01:00
e8aa624a16
Added todb's validator over to this working branch
2012-02-06 10:15:05 -06:00
8ad9beef75
Removing javascript_keylogger from master.
2012-02-06 09:37:16 -06:00
91820ad1c3
logging to notes
2012-02-06 08:56:35 +01:00
b2ae8a24dc
Fix go cow art (tabs are bad to align chars)
2012-02-05 02:20:31 -06:00
0dd3ad0efb
Remove naughty trailing commas
2012-02-05 02:03:49 -06:00
26f89f65bd
Fix the bug that causes store_loot() to run twice. Also, other minor format changes.
2012-02-05 02:00:03 -06:00
c2d1f64472
Merge branch 'master' of https://github.com/threatagent/metasploit-framework
2012-02-05 01:44:53 -06:00
db1e400dff
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-02-05 01:27:21 -06:00
df401f4c94
more fixes to backend stuff, plus updated vmware http login module to use
...
the correct mixin method now.
2012-02-03 15:44:41 -06:00
af506240cf
http_fingerprint reports service info
...
Service info once again is reported when http_fingerprint is run against
a target, along with http status codes.
2012-02-03 12:15:11 -06:00
786d75493c
Fix up VMWware webscan to not false positive
...
Checks to see if a target is actually vmware based on the provided
cookie, using the http_fingerprint() function from HttpClient.
[Fixes #6340 ]
2012-02-02 22:19:57 -06:00
c06b0f7e72
cleaning up an editor glitch.
2012-02-02 17:59:51 -06:00
1a278c55b5
a bit more cleanup
2012-02-02 16:19:21 -06:00
45b58bea06
got rid of bmp generation
2012-02-02 16:07:27 -06:00
e96eceb145
Editing Javascript keylogger
2012-02-02 15:01:22 -06:00
7b3262958d
Merge branch 'master' of github.com:threatagent/metasploit-framework
...
Conflicts:
modules/auxiliary/server/capture/javascript_keylogger.rb
2012-02-02 14:58:23 -06:00
59a44f75ec
Updated Javascript Keylogger
2012-02-02 14:42:13 -06:00
f45528ec68
Update modules/auxiliary/server/capture/javascript_keylogger.rb
2012-02-02 10:33:33 -06:00
3bfb8b3c9d
Adding Javascript Keylogger
2012-02-02 10:30:55 -06:00
e70f9151e5
Merge remote-tracking branch 'upstream/master'
2012-02-02 07:13:03 -06:00
3f48e626a2
Adding a bunch of new VIM API auxiliary stuff
...
Work in progress.
2012-02-01 12:05:20 -06:00
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
0b8987f2af
Merge results initialization fix
2012-01-31 01:29:44 -06:00
1dec4c0c45
These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE']
2012-01-30 13:08:35 -06:00
a0ac4125cd
Add aux module CMS400 default pass scanner (feature #6301 )
2012-01-30 10:40:59 -06:00
ce7f93f5d9
Merge pull request #138 from claudijd/master
...
Added Sequence Filters and MSF Exploit Capture to BNAT Scan
2012-01-29 22:07:25 -08:00
dda3453ac7
Correct a typo
2012-01-28 23:33:26 -06:00
774862508e
Handle another common error type
2012-01-28 23:31:20 -06:00
88298cf847
Added Sequence Filters and MSF Exploit Capture
...
-Sequence Filters (No More False Positives)
-Msf::Exploit::Capture (Use built-in MSF libs over manual threading)
-Immediate Feedback (Don't need to wait until complete to print results)
-Timeout (Includes user configurable timeout)
2012-01-28 22:44:12 -06:00
54ffb01080
This module should use the default list of tomcat users
2012-01-28 18:13:34 -06:00
ca7aa21202
Removed schema features from database hashdump modules
...
now that there are dedicated schemadump modules.
2012-01-28 16:55:39 -06:00
5a095e8ef5
Fixes for PCA modules
2012-01-28 14:35:07 -06:00
c63c7393e3
Print status output
2012-01-28 13:52:38 -06:00
f3eb78199b
Add TCP-based PCA probe
2012-01-28 13:52:38 -06:00
2d7852ddef
Merge PCA scans into udp_sweep/udp_probe
2012-01-28 13:05:24 -06:00
4cd38c5555
Adds login scanner module for VMware Server and ESX
2012-01-27 16:23:56 -06:00
a2d20e25d3
Fix a regression in the workspace inclusion code (only affected
...
non-DB-connected instances). Add a PCA UDP scanner
2012-01-27 12:36:13 -06:00
fe22090a12
Correct e-mail format
2012-01-26 13:04:38 -06:00
d0d964d8ab
Adds an error message if the module couldn't conenct to the target.
...
Fixes #6278
2012-01-26 10:56:07 -06:00
31fb7e7b28
Fallback to writing a new file if resuming fails
2012-01-25 14:49:30 -06:00
49be9996bc
Merge remote-tracking branch 'upstream/master'
2012-01-24 20:23:58 -06:00
35de6a593b
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:14:10 -06:00
2e2726c3c0
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:06:49 -06:00
88b1cd6891
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:03:33 -06:00
71648159a8
Update modules/auxiliary/server/html_frame_payload.rb
2012-01-24 17:00:47 -06:00
a20bd78f75
Adding html_frame_payload.rb
2012-01-24 16:56:32 -06:00
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00
7ec5f98480
Adding jhart's natpimp libary and modules.
...
Made some minor corrections -- dropped the #vim splats, switched to msf
constants for service open etc, namely.
[See #106 ]
2012-01-24 10:32:30 -06:00
2f3e976173
Actually fix ruby loop syntax on d20pass
2012-01-24 10:08:19 -06:00
fc00398330
Yup, that's better
2012-01-23 16:02:35 -06:00
39a2a894ee
Fix fh, trailing comma, and ruby loop syntax
2012-01-23 15:15:49 -06:00
455bcda6e8
Print the port so we know which http service
2012-01-23 10:17:32 -07:00
34491970b3
Adds a new VMWare Authentication Daemon login scanner module.
2012-01-22 15:39:53 -06:00
bcb19ab0a3
Fixes an issue with smb_login not properly dealing with abritrary guest access
...
on Samba.
2012-01-22 01:35:36 -06:00
06b1bffcea
Addresses an issue with udp sweep module that recorded services
...
from non-specified hosts when they respond to broadcast probes.
2012-01-20 15:34:15 -06:00
be906023dc
one register_options() should be fine.
2012-01-20 13:02:54 -06:00
d6566aa818
Add CVE-2011-4050 7-Technologies IGSS 9 IGSSdataServer.exe DoS module (Feature #6267 )
2012-01-20 12:57:13 -06:00
bbb4205683
Set default maxpage to 1, because it's faster.
2012-01-20 11:09:38 -06:00
5631774d92
Fix bug: NoMethodError undefined method `each' for nil:NilClass (line 155)
2012-01-20 10:58:02 -06:00
a75b373d7a
Fixing e-mail format for antispam
2012-01-19 10:58:25 -06:00
ed3191bcfe
Adding d20pass module
2012-01-19 10:58:16 -06:00
bb035bfec2
Fix up API option names so they can be set globally
2012-01-18 15:05:39 -06:00
ad6f8257e1
MSFTidy fixes.
2012-01-18 15:01:32 -06:00
7d9ba6f5e9
Fix bug #6256 : uninitialized class variable error
2012-01-17 17:58:53 -06:00
d5443159d7
Merge pull request #110 from jhartftw/soap_xml_6249
...
Improvements to auxiiliary/scanner/http/soap_xml to (#6249 )
2012-01-16 18:19:33 -08:00
fe901b3fb2
Clean up error messages when LOCALSIP isn't defined. Remove
...
now-duplicated code is_ipv4?, clarify SMAC error messages.
2012-01-16 14:32:15 -08:00
6a057560fa
Improvements to auxiiliary/scanner/http/soap_xml to:
...
* Detect additional SOAP faults to reduce false positives
* More obviously support SSL
* Report http/https
* Make it obvious when a SOAP endpoint falls over mid-scan
* Add a few more nouns/verbs
* Add an optional SLEEP to play nice with old/slow SOAP endpoints
https://dev.metasploit.com/redmine/issues/6249
2012-01-16 12:27:17 -08:00
4ac6c0c3ee
A great big pile of fixes to the ssh scanners
...
Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have been merged in prior to
just now.
2012-01-13 13:49:21 -06:00
d52df50a77
Drop a spurious print_error line from smtp_version
2012-01-13 11:46:56 -06:00
6234d13f7c
Added Schema Dump Module for Postgres
2012-01-12 15:20:46 -05:00
52be1c3a7a
Add schemadump module for MySql
2012-01-11 12:16:22 -08:00
8c594798d7
Fix to the AIX jtr module title.
2012-01-11 09:11:23 -08:00
13069990eb
Added module for dumping schema information from Microsoft SQL Server
...
and storing it as loot and notes.
2012-01-10 15:32:09 -08:00
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
ed0dbad243
Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.
...
Fixes #6066
2012-01-10 12:32:47 -08:00
b76767669c
Update Nenad's author name and e-mail
2012-01-09 20:14:47 -06:00
8eee54d1d0
Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb)
2012-01-09 14:23:37 -06:00
eeb3a442de
whitespace correctly smtp_version.rb
2012-01-09 14:11:10 -06:00
15990efd85
Removing useless (?) begin/rescue from smtp_version
...
Let the scanner mixin handle the exceptions.
2012-01-09 14:11:10 -06:00
e12d5588c6
Set data on webdav scanner notes to include webdav path.
...
'Enabled' in the data field was useless since the note existing
already tells you webdav is enabled.
The path that webdav was running on wasn't kept anywhere though.
2012-01-09 08:33:45 -08:00
a1668f2b23
Adds SSHKey gem and some other ssh goodies
...
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.
Squashed commit of the following:
commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 22:23:32 2012 -0600
Updates ssh credentials to easily find common keys
Instead of making the modules do all the work of cross-checking keys,
this introduces a few new methods to the Cred model to make this more
universal.
Also includes the long-overdue workspace() method for credentials.
So far, nothing actually implements it, but it's nice that it's there
now.
commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 20:10:40 2012 -0600
Adding back cross-checking for privkeys.
Needs to test to see if anything depends on order, but should
be okay to mark up the privkey proof with this as well.
commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 16:49:56 2012 -0600
Add SSHKey gem, convert PEM pubkeys to SSH pubkeys
commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 13:51:55 2012 -0600
Store pubkeys as loot for reuse.
Yanked cross checking for now, will drop back in before pushing.
commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 02:10:12 2012 -0600
Fixes up a couple typos in ssh_identify_pubkeys
commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date: Sat Jan 7 17:18:33 2012 -0600
Updates to ssh_identify_pubkeys and friends
Switches reporting to cred-based rather than note-based, accurately deal
with DSA keys, adds disable_agent option to other ssh modules, and
reports successful ssh_login attempts pubkey fingerprints as well.
This last thing Leads to some double accounting of creds, so I'm not
super-thrilled, but it sure makes searching for ssh_pubkey types a lot
easier.... maybe a better solution is to just have a special method for
the cred model, though.
2012-01-08 22:28:37 -06:00
b12baccc49
Quick update, added a research option
2012-01-07 01:13:23 -06:00
HD Moore
James Lee
sinn3r
Matt Buck
David Maloney
Tod Beardsley
bperry-r7
HD Moore
m-1-k-3
Marcus J. Carey
Marcus J. Carey
sinn3r
Jonathan Claudius
Jonathan Cran
Joshua J. Drake
Jon Hart