Commit Graph

1894 Commits (c851722d502f09dcecefdfb1c651be76ceff4f01)

Author SHA1 Message Date
HD Moore c63c7393e3 Print status output 2012-01-28 13:52:38 -06:00
HD Moore f3eb78199b Add TCP-based PCA probe 2012-01-28 13:52:38 -06:00
HD Moore 2d7852ddef Merge PCA scans into udp_sweep/udp_probe 2012-01-28 13:05:24 -06:00
David Maloney 4cd38c5555 Adds login scanner module for VMware Server and ESX 2012-01-27 16:23:56 -06:00
HD Moore a2d20e25d3 Fix a regression in the workspace inclusion code (only affected
non-DB-connected instances). Add a PCA UDP scanner
2012-01-27 12:36:13 -06:00
Tod Beardsley fe22090a12 Correct e-mail format 2012-01-26 13:04:38 -06:00
David Maloney d0d964d8ab Adds an error message if the module couldn't conenct to the target.
Fixes #6278
2012-01-26 10:56:07 -06:00
Joshua J. Drake 31fb7e7b28 Fallback to writing a new file if resuming fails 2012-01-25 14:49:30 -06:00
Marcus J. Carey 49be9996bc Merge remote-tracking branch 'upstream/master' 2012-01-24 20:23:58 -06:00
Marcus J. Carey 35de6a593b Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:14:10 -06:00
Marcus J. Carey 2e2726c3c0 Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:06:49 -06:00
Marcus J. Carey 88b1cd6891 Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:03:33 -06:00
Marcus J. Carey 71648159a8 Update modules/auxiliary/server/html_frame_payload.rb 2012-01-24 17:00:47 -06:00
Marcus J. Carey a20bd78f75 Adding html_frame_payload.rb 2012-01-24 16:56:32 -06:00
Tod Beardsley f6a6963726 Msftidy run over the recent changed+added modules 2012-01-24 15:52:41 -06:00
Jon Hart 7ec5f98480 Adding jhart's natpimp libary and modules.
Made some minor corrections -- dropped the #vim splats, switched to msf
constants for service open etc, namely.

[See #106]
2012-01-24 10:32:30 -06:00
Tod Beardsley 2f3e976173 Actually fix ruby loop syntax on d20pass 2012-01-24 10:08:19 -06:00
sinn3r fc00398330 Yup, that's better 2012-01-23 16:02:35 -06:00
sinn3r 39a2a894ee Fix fh, trailing comma, and ruby loop syntax 2012-01-23 15:15:49 -06:00
James Lee 455bcda6e8 Print the port so we know which http service 2012-01-23 10:17:32 -07:00
David Maloney 34491970b3 Adds a new VMWare Authentication Daemon login scanner module. 2012-01-22 15:39:53 -06:00
David Maloney bcb19ab0a3 Fixes an issue with smb_login not properly dealing with abritrary guest access
on Samba.
2012-01-22 01:35:36 -06:00
David Maloney 06b1bffcea Addresses an issue with udp sweep module that recorded services
from non-specified hosts when they respond to broadcast probes.
2012-01-20 15:34:15 -06:00
sinn3r be906023dc one register_options() should be fine. 2012-01-20 13:02:54 -06:00
sinn3r d6566aa818 Add CVE-2011-4050 7-Technologies IGSS 9 IGSSdataServer.exe DoS module (Feature #6267) 2012-01-20 12:57:13 -06:00
sinn3r bbb4205683 Set default maxpage to 1, because it's faster. 2012-01-20 11:09:38 -06:00
sinn3r 5631774d92 Fix bug: NoMethodError undefined method `each' for nil:NilClass (line 155) 2012-01-20 10:58:02 -06:00
Tod Beardsley a75b373d7a Fixing e-mail format for antispam 2012-01-19 10:58:25 -06:00
Tod Beardsley ed3191bcfe Adding d20pass module 2012-01-19 10:58:16 -06:00
HD Moore bb035bfec2 Fix up API option names so they can be set globally 2012-01-18 15:05:39 -06:00
Tod Beardsley ad6f8257e1 MSFTidy fixes. 2012-01-18 15:01:32 -06:00
sinn3r 7d9ba6f5e9 Fix bug #6256: uninitialized class variable error 2012-01-17 17:58:53 -06:00
sinn3r d5443159d7 Merge pull request #110 from jhartftw/soap_xml_6249
Improvements to auxiiliary/scanner/http/soap_xml to (#6249)
2012-01-16 18:19:33 -08:00
Jon Hart fe901b3fb2 Clean up error messages when LOCALSIP isn't defined. Remove
now-duplicated code is_ipv4?, clarify SMAC error messages.
2012-01-16 14:32:15 -08:00
Jon Hart 6a057560fa Improvements to auxiiliary/scanner/http/soap_xml to:
* Detect additional SOAP faults to reduce false positives
* More obviously support SSL
* Report http/https
* Make it obvious when a SOAP endpoint falls over mid-scan
* Add a few more nouns/verbs
* Add an optional SLEEP to play nice with old/slow SOAP endpoints

https://dev.metasploit.com/redmine/issues/6249
2012-01-16 12:27:17 -08:00
Tod Beardsley 4ac6c0c3ee A great big pile of fixes to the ssh scanners
Not sure how this managed to fall out of master -- some of these fixes
are five days old, and should certianly have been merged in prior to
just now.
2012-01-13 13:49:21 -06:00
Tod Beardsley d52df50a77 Drop a spurious print_error line from smtp_version 2012-01-13 11:46:56 -06:00
David Maloney 6234d13f7c Added Schema Dump Module for Postgres 2012-01-12 15:20:46 -05:00
David Maloney 52be1c3a7a Add schemadump module for MySql 2012-01-11 12:16:22 -08:00
David Maloney 8c594798d7 Fix to the AIX jtr module title. 2012-01-11 09:11:23 -08:00
David Maloney 13069990eb Added module for dumping schema information from Microsoft SQL Server
and storing it as loot and notes.
2012-01-10 15:32:09 -08:00
Tod Beardsley 7e25f9a6cc Death to unicode
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.

Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
David Maloney ed0dbad243 Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.
Fixes #6066
2012-01-10 12:32:47 -08:00
sinn3r b76767669c Update Nenad's author name and e-mail 2012-01-09 20:14:47 -06:00
sinn3r 8eee54d1d0 Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb) 2012-01-09 14:23:37 -06:00
Tod Beardsley eeb3a442de whitespace correctly smtp_version.rb 2012-01-09 14:11:10 -06:00
Tod Beardsley 15990efd85 Removing useless (?) begin/rescue from smtp_version
Let the scanner mixin handle the exceptions.
2012-01-09 14:11:10 -06:00
David Maloney e12d5588c6 Set data on webdav scanner notes to include webdav path.
'Enabled' in the data field was useless since the note existing
already tells you webdav is enabled.
The path that webdav was running on wasn't kept anywhere though.
2012-01-09 08:33:45 -08:00
Tod Beardsley a1668f2b23 Adds SSHKey gem and some other ssh goodies
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.

Squashed commit of the following:

commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 22:23:32 2012 -0600

    Updates ssh credentials to easily find common keys

    Instead of making the modules do all the work of cross-checking keys,
    this introduces a few new methods to the Cred model to make this more
    universal.

    Also includes the long-overdue workspace() method for credentials.

    So far, nothing actually implements it, but it's nice that it's there
    now.

commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 20:10:40 2012 -0600

    Adding back cross-checking for privkeys.

    Needs to test to see if anything depends on order, but should
    be okay to mark up the privkey proof with this as well.

commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 16:49:56 2012 -0600

    Add SSHKey gem, convert PEM pubkeys to SSH pubkeys

commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 13:51:55 2012 -0600

    Store pubkeys as loot for reuse.

    Yanked cross checking for now, will drop back in before pushing.

commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Jan 8 02:10:12 2012 -0600

    Fixes up a couple typos in ssh_identify_pubkeys

commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sat Jan 7 17:18:33 2012 -0600

    Updates to ssh_identify_pubkeys and friends

    Switches reporting to cred-based rather than note-based, accurately deal
    with DSA keys, adds disable_agent option to other ssh modules, and
    reports successful ssh_login attempts pubkey fingerprints as well.

    This last thing Leads to some double accounting of creds, so I'm not
    super-thrilled, but it sure makes searching for ssh_pubkey types a lot
    easier.... maybe a better solution is to just have a special method for
    the cred model, though.
2012-01-08 22:28:37 -06:00
HD Moore b12baccc49 Quick update, added a research option 2012-01-07 01:13:23 -06:00
sinn3r 6d401b48d1 Fix typo 2012-01-07 00:02:51 -06:00
sinn3r b7e29191f5 Add Drupal 'Views' module username enumeration (Feature #6194) 2012-01-06 23:51:32 -06:00
David Maloney 40a1d8bcc8 Fixed issue with a missing nil check in ftp_login 2012-01-06 20:51:58 -08:00
David Maloney 81acfd2126 Adds hashdump and cracking modules for AIX 2012-01-06 20:31:22 -08:00
David Maloney 8e017fd4db Merge branch 'master' of github.com:rapid7/metasploit-framework 2012-01-06 20:30:25 -08:00
David Maloney bf425a6744 Fixed bug that prevented telnet sessions from opening with good creds 2012-01-06 16:59:08 -08:00
sinn3r 6ceb2f04a3 Add CVE-2011-2474 Sybase EAServer directory traversal vulnerability 2012-01-06 14:24:49 -06:00
HD Moore 7b26e33e19 Initial version 2012-01-06 00:53:50 -06:00
David Maloney ba86e8a04f Added PROPFIND support to http_login
This allows http_login to test against WebDAV.
Also added XAMPP default usernames and passwords to default wordlists
2012-01-05 12:10:53 -08:00
Tod Beardsley bc22b7de99 MSFConsole should display hostless loot, also typo fix.
Fixes the console to display loot not associated with a host, as when
the CorpWatch modules save loot. Also fixes a typo on
corpwatch_lookup_id.rb

Fixes #6177
2011-12-29 15:11:15 -06:00
sinn3r b202c29153 Correct e-mail format 2011-12-29 11:27:10 -06:00
sinn3r a330a5c63a Add e-mail for Brandon 2011-12-29 10:53:39 -06:00
Brandon Perry c88b582f97 Add CorpWatch Name lookup module by bperry 2011-12-28 15:43:21 -06:00
Brandon Perry d896f128e5 Add CorpWatch ID Lookup module by bperry 2011-12-28 15:41:28 -06:00
David Maloney 9e1e87508f Fix to boundary validation for when no db is present
Fixes #6171
2011-12-28 08:47:22 -08:00
HD Moore 2ad5c56d48 Typo in comment 2011-12-27 19:11:09 -06:00
HD Moore 617f3250cf Handle patched systems accurately (requires actually triggering the bug) 2011-12-27 19:04:34 -06:00
HD Moore f8e3119215 Add references 2011-12-27 17:50:06 -06:00
David Maloney 9b995bc0a5 Adds boundary validation to the framework
enforces boudnary checking on netbios probes
2011-12-27 11:33:52 -08:00
sinn3r ce6b1d6b8c Improve:
- Use 'Actions' to configure which OWA version to try
- Fix a bug where the USER_AS_PASS option might overwrite PASSWORD (and not restoring it) even though a password is already set.
- Increase timeout to 25
- Update description
2011-12-22 16:26:02 -06:00
Tod Beardsley a03f5e32f8 Merge branch 'master' of github_r7:rapid7/metasploit-framework 2011-12-22 11:11:29 -06:00
Tod Beardsley 2f55f08ebe Actually describe the module in the title/description 2011-12-22 11:10:24 -06:00
David Maloney 5e1efdcd73 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-22 10:49:53 -05:00
David Maloney 30141f3008 Fix typo in the oracle enum aux module
The password grace time query was not checking the right value,
spotted by user bNull in the IRC channel.
2011-12-22 10:47:57 -05:00
Tod Beardsley 743a0546f1 Don't blow up if the user doesn't set a filename
Can't actually require FILENAME or REMOTE_FILENAME because I don't know
if you're going to upload or download. However, there shouldn't be a
stacktrace when you just try to go with neither.
2011-12-21 16:26:29 -06:00
Tod Beardsley 2db697cd7a Fixup on checkpoint firewall module
get() should get get_once() (intent is to get 4 bytes,
not timeout after 4 seconds), no need to escape equals
signs in regexes, no need to newline the unexpected
responses.
2011-12-21 11:21:46 -06:00
Tod Beardsley c6297458e6 Adding ref/disclosure date to checkpoint module
Talked with patrick, this all looks correct now.
2011-12-21 10:59:02 -06:00
Tod Beardsley 1128c3ec6b Checkpoint error msg should use res.inspect
Otherwise your terminal will go all wonky.
2011-12-20 15:46:31 -06:00
Tod Beardsley a58ddcae1b Adds reporting to Patrick's Checkpoint module
Also refers to port 264/TCP as the SecuRemote service instead of the
Topology service (I believe this is correct)

Reporting is initially conservative -- if we don't get something for
fw_hostname, then don't bother reporting at all; assume we're
mis-identifying the target.
2011-12-20 15:44:05 -06:00
sinn3r d439390aa2 Fix typo 2011-12-20 12:19:34 -06:00
sinn3r c2d59f0307 Fix issue #6133 2011-12-20 11:32:33 -06:00
Tod Beardsley c83c3d5128 TFTP forgot to commit my rename.
Fixes #5291 for real.
2011-12-20 10:45:29 -06:00
Tod Beardsley 1a396ba955 Merge pull request #70 from rapid7/tftp_client
Tftp client
2011-12-20 08:42:42 -08:00
Tod Beardsley 11a27a1e61 Renaming TFTP transfer util.
See #5291. Just renaming the file.
2011-12-20 10:06:44 -06:00
Tod Beardsley 24d53efa7c Final touches on TFTP client
See #5291. Adds an option to mess with the block size in case someone
wants to write a fuzzer or exploit that leverages that. Adds a cleanup
method to the module (pretty much required, it turns out). Looking
nearly final, just need to rename the module and I think we're good to
push to master.
2011-12-20 10:03:04 -06:00
sinn3r 0200b6367a Add OKI Scanner (Feature #6125) 2011-12-20 03:09:09 -06:00
Tod Beardsley 677cb4b152 Handle empty data sends sanely for TFTP.
Don't just hang forever -- let the user know they just send empty data.
TFTP servers don't like this of course.
2011-12-19 21:56:03 -06:00
Tod Beardsley 2b3e3725ac TFTP adding comment docs, ability to send w/out a file.
Commenting the tricksy parts a little better for general usage.

Adding the ability to set FILEDATA instead of FILENAME, in case
only short bits of data are desired and the user doesn't want
to go to the trouble of creating a source file to upload.
2011-12-19 18:15:19 -06:00
Tod Beardsley 431ef826c9 TFTP client now uses constants, preserves trailing spaces/nulls in data
See #5291, just rediscovered the bug on this.
2011-12-19 16:33:25 -06:00
Tod Beardsley 5eaf2e7535 Adding download and loot functionality.
Still need to deal with the use case of not passing a block; blocks
should not be required, it should be okay to invoke and just wait for
the complete attribute to be true. You'll miss out on error messages but
eh, maybe those should be return values.
2011-12-19 15:50:50 -06:00
Tod Beardsley aecde6fea4 Updating TFTP client. Now with grown-up thread handling.
No longer blocks on successful connections.
2011-12-19 12:14:40 -06:00
Tod Beardsley 902d7f5ea7 Adding more to TFTP. Still need a read tho
Adds error checking and some helpful messaging in the event of an error.
In the event of a failed transfer the module exits immediately, but in
success, I'm still hanging around for several seconds after. Not a deal
breaker but can be annoying.

Also, need to implement a read as well as a write and store it as loot,
to be actually useful for most TFTP checking.
2011-12-18 21:05:27 -06:00
Tod Beardsley 23aadd04f7 Fixing merge conflict cruft
Dangit teach me to merge quickly. TFTP module now loads again.
2011-12-18 13:28:52 -06:00
Tod Beardsley 1201d7fbf2 Merge branch 'tftp_client' of github_r7:rapid7/metasploit-framework into tftp_client
Conflicts:
	modules/auxiliary/admin/tftp/tftp_upload_file.rb
2011-12-16 22:41:22 -06:00
Tod Beardsley 0b8914021c Switch to vprint_status, also add skeletal cleanup def. 2011-12-16 21:06:10 -06:00
Tod Beardsley 50fa10679b First draft of a TFTP client.
Could use some actual error checking and also needs to expose
more options.
2011-12-16 18:41:55 -06:00
Tod Beardsley a6867ef128 First draft of a TFTP client.
Could use some actual error checking and also needs to expose
more options.
2011-12-16 18:39:09 -06:00
Patrick Webster 205637892b Added checkpoint_hostname aux module. 2011-12-16 10:54:34 -06:00
sinn3r bb2ea62de8 Add CVE-2008-0926: Novell eDirectory eMBox Unauthenticated Access (Feature #2729) 2011-12-15 23:09:26 -06:00
sinn3r 7b2a1dc791 Repair dead milw0rm link to exploit-db 2011-12-13 16:11:33 -06:00
sinn3r a5189917da Add CVE-2005-4832: Oracle Database Server DBMS_CDC_SUBSCRIBE SUBSCRIPTION_NAME SQL Injection (Feature #6094) 2011-12-13 15:44:39 -06:00
Tod Beardsley f402b8598b Whitespace and File.open binary mode cleanups.
Fixes some recent modules: dns_fuzzer, shodan_search,
avidphoneticindexer, and win_privs.
2011-12-12 17:31:28 -06:00
Tod Beardsley b4f58ef8fd Trailing commas kill 1.8. dangit.
Fixed dns_fuzzer to knock that off.
2011-12-12 10:26:53 -06:00
HD Moore 4736cb1cbe Merge pull request #48 from swtornio/master
add osvdb ref
2011-12-11 20:37:43 -08:00
HD Moore a9db05e53b Fix regular expression 2011-12-10 13:24:58 -06:00
HD Moore cd4d7d3c47 Handle IPv6 properly (host header parsing) 2011-12-10 13:24:58 -06:00
Steve Tornio 25685c4c74 add osvdb ref 2011-12-10 08:07:21 -06:00
Tod Beardsley 8ccb68c9df Adding an add_socket() to dhcp and rftp as lauched with a survice
when succesful.

Closing the related pull reuquest for this one.
2011-12-10 03:39:25 -06:00
Tod Beardsley e52436e7ad Drop the incorrect Id keyword from h323_version 2011-12-09 14:29:55 -06:00
sinn3r d6d9ac17d2 use store_loot() instead of store_local() 2011-12-08 11:10:31 -06:00
sinn3r c366e652b9 Revert "Using store_local() to store stuff for dir traversal bugs feels much better than store_loot()"
This reverts commit d37daa4934.
2011-12-08 10:11:09 -06:00
sinn3r d37daa4934 Using store_local() to store stuff for dir traversal bugs feels much better than store_loot() 2011-12-07 19:08:24 -06:00
sinn3r aa5c0c46b6 Fix indent level 2011-12-07 18:44:49 -06:00
sinn3r feab7f5077 Add CVE-2011-4350 2011-12-07 18:42:52 -06:00
sinn3r b7ccbcd6b5 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-07 12:23:23 -06:00
sinn3r 84682b3615 Apply patch #6072 2011-12-07 12:22:58 -06:00
HD Moore b8767d5f57 Fix typo on 1.8.7 2011-12-07 10:45:23 -06:00
Tod Beardsley f1950c2fe1 Adding back bitstruct (current upstream) and dns_fuzzer module
Fixes #3289.

This commit adds back the bit-struct library because in the end,
it is useful for some modules, especially pello's. It's small
and it has a nice license, so why not. After all, it /is/
useful for quicky application headers. Eventually, should
be replaced by StructFu, but that requires some doc work
on my part to get that transition in place.

This also adds pello's DNS fuzzer module which makes use of
BitStruct to create sometimes malformed-on-purpose DNS headers.

Tested against 3 different DNS servers, caused one to reboot,
so I'd say it works.
2011-12-06 17:03:36 -06:00
sinn3r 0bbbcd549d Add port information, and allow search in data 2011-12-05 22:22:36 -06:00
Tod Beardsley 84af4647db Merge branch 'issue_1083_oracle' 2011-12-05 17:39:46 -06:00
Tod Beardsley 4da2c32734 Minor update to xdb_side_brute, see #1083
Adds a typo fix and adds an explicit VERBOSE option.
2011-12-05 15:11:09 -06:00
HD Moore dbd00efefe Merge branch '4.3-schema' 2011-12-05 15:04:35 -06:00
sinn3r 37516134f0 FILTER shouldn't be case-sensitive 2011-12-05 13:19:04 -06:00
HD Moore 97087d88fa Mark portscan modules as v6 incompatible 2011-12-05 13:07:36 -06:00
HD Moore cf28713f9a Mark specific modules as incompatible due to use of quad-dot code 2011-12-05 13:07:36 -06:00
sinn3r fd2eb200fb Add Shodan Search Module (Feature #5451) 2011-12-05 12:50:21 -06:00
sinn3r 3cd2caca1a Fix #6052 2011-12-04 13:49:13 -06:00
Steve Tornio f63a616739 add osvdb ref 2011-12-04 07:48:48 -06:00
sinn3r 2720572a37 Add IPSwitch Whatsup Gold TFTP directory traversal module 2011-12-03 18:46:34 -06:00
HD Moore dbe7e6aecf Remove a leftover debugging statement 2011-12-02 00:06:04 -06:00
HD Moore 9f99cfc757 Convert the h323 module to MSF_LICENSE (backport from Pro) 2011-12-01 16:01:01 -06:00
HD Moore 3e5e9a910e Add h323 scanner 2011-12-01 16:01:01 -06:00
David Maloney 40ab37fa10 Merge branch 'iss5979' 2011-11-30 12:16:33 -08:00
sinn3r 897731f3a5 Check creds (feature #6025). Also bringing the 'Inbox' regex back 2011-11-29 11:01:39 -06:00
Tod Beardsley f503bd9488 Fixes #5749 by converting to unix-style linefeeds and forcing jtr modules to read files as binary, and updating msftidy to allow for r+b as a ghetto append. 2011-11-28 17:52:34 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
sinn3r 3a84c31326 Using a better regex for a successful login. Thanks Borys. 2011-11-28 14:29:42 -06:00
sinn3r bc541c118d Apply patch #6020 2011-11-28 14:16:24 -06:00
sinn3r 5165865560 Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-28 14:07:19 -06:00
sinn3r 59ab0c3a18 Fix bug #6021, Thanks Borys 2011-11-28 14:06:56 -06:00
Tod Beardsley 44a47f9913 Fixing up OWA bruteforce module to conform with the usual print_status
messages.
2011-11-28 13:31:54 -06:00
sinn3r a578db7f56 Apply fix for #6019 2011-11-28 01:12:18 -06:00
sinn3r ebfe269698 Apply patch for #5824 2011-11-26 16:52:12 -06:00
sinn3r 5e08c93ac9 Apply patch #5580 2011-11-26 15:32:43 -06:00
sinn3r b7950a752e Add feature #4929 (MS09-053) 2011-11-26 13:30:35 -06:00
David Maloney c61d02686a HTTP login scanners need to set duplicate_ok to true
or different web applications on the same server
may wipe eachother's creds out.
2011-11-22 13:04:10 -08:00
David Maloney 9d7f7b1f0e Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-22 11:53:14 -08:00
David Maloney 9e40fac8b1 Added a check to the Axis login scanner to ensure
that the supplied url is valid.
Need this because we don't currently have a way to fingerprint
for Axis2 so we are relying on Tomcat fingerpinting.
2011-11-22 11:52:06 -08:00
sinn3r 25f4b45bd1 Apply patch #6004 2011-11-22 13:07:46 -06:00
David Maloney f81567fb6f Fix to typo in the tables being pushed. 2011-11-21 15:49:57 -08:00
James Lee 67120d4263 msftidy on aux modules, see #5749 2011-11-20 13:12:07 +11:00
David Maloney ff22246119 Attempt to fix #5979 2011-11-18 12:53:35 -08:00
David Maloney c8142043e9 Fixes to credential handling to downcase usernames whenever they are not case sensitive.
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
2011-11-14 22:50:52 -08:00
Tod Beardsley 96d2209ca2 Minor fixups for trace report_note patch 2011-11-14 10:40:11 -06:00
andurin 5d5c9464cc Do some report_note while TRACE detection 2011-11-14 12:10:53 +01:00
Andurin 71599f5ef9 Fix sqlmap aux to work with actual sqlmap.py
Commit relates to IssueID #5807
2011-11-13 09:18:33 +01:00
sinn3r e4ebb890d8 Apply patch for bug #5963 2011-11-12 13:17:26 -06:00
sinn3r 62fdbd549c no need to register VERBOSE, because it's already a standard option in all modules. Thanks egyp7 for the reminder. 2011-11-11 15:37:47 -06:00
sinn3r 2d940e2c91 Apply patch #5952 2011-11-11 14:58:17 -06:00
sinn3r 35f84f5e42 yo, ruby 1.8 fix 2011-11-11 11:38:28 -06:00
sinn3r fdef66f2bf yo, ruby 1.8 fix 2011-11-11 11:38:08 -06:00
sinn3r e972234629 yo, owa bruteforce utility in the house (Feature #4725) 2011-11-11 11:23:35 -06:00
David Maloney c30d98093f Merge branch 'iss5426' 2011-11-10 20:39:48 -08:00
David Maloney c984ea41d1 Quick fix to cred sourcing to eliminate spaces in the source type 2011-11-10 20:39:13 -08:00
HD Moore 43fa2c3d1b Add a gitignore and delete the broken file_autopwn code. Fixes #4964 2011-11-10 20:11:53 -06:00
wchen-r7 3a328e1a1c Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-10 16:09:35 -06:00
wchen-r7 b761c6a9cc Add feature #5933 2011-11-10 16:09:03 -06:00
HD Moore d75e4aead3 Cosmetic changes 2011-11-10 15:45:02 -06:00
Steve Tornio 0c36915dae add osvdb ref 2011-11-10 13:24:26 -06:00
wchen-r7 453082678f Add CVE-2010-1871 (Feature #5922) 2011-11-10 10:21:17 -06:00
Matt Buck 16f45fc894 Add empty directories from svn repo. 2011-11-09 18:41:40 -06:00
Wei Chen 9ff5eabb4b Fix #4915
git-svn-id: file:///home/svn/framework3/trunk@14201 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 08:51:47 +00:00
David Maloney a88f954640 More Cred Sourcing
git-svn-id: file:///home/svn/framework3/trunk@14197 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-09 01:49:57 +00:00
David Maloney aa4f6c1cae More cred sourcing fixes
git-svn-id: file:///home/svn/framework3/trunk@14193 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 18:45:47 +00:00
David Maloney cdbe7bc587 Multiple fixes to cred reporting on this module
git-svn-id: file:///home/svn/framework3/trunk@14192 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 17:25:39 +00:00
Wei Chen 16fc275853 whitespace cleanup
git-svn-id: file:///home/svn/framework3/trunk@14191 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 16:09:31 +00:00
Patrick Webster 77a3edbb4f Added squiz_matrix_user_enum aux module.
git-svn-id: file:///home/svn/framework3/trunk@14185 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 03:14:39 +00:00
Wei Chen ad94bae78f Fix bug #5923
git-svn-id: file:///home/svn/framework3/trunk@14182 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 17:52:02 +00:00
Wei Chen 7ffcf62a2e Add #5364
git-svn-id: file:///home/svn/framework3/trunk@14181 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 17:34:42 +00:00
Wei Chen 12378b45d6 Fix #5502
git-svn-id: file:///home/svn/framework3/trunk@14180 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 07:44:02 +00:00
Matt Weeks e4d540e031 Seplling
git-svn-id: file:///home/svn/framework3/trunk@14166 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 15:43:28 +00:00
HD Moore f6cc9eade7 Replace my crufty old ASN.1 parser with OpenSSL::ASN1
git-svn-id: file:///home/svn/framework3/trunk@14165 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 05:12:28 +00:00
David Maloney 585a7cc4a2 Adding the HTTP Trace scanner from CG
Fixes #3390


git-svn-id: file:///home/svn/framework3/trunk@14150 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-03 20:09:11 +00:00
Mario Ceballos f25dc59371 spelling.
git-svn-id: file:///home/svn/framework3/trunk@14146 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 21:56:38 +00:00
Mario Ceballos 2b00ace437 spelling.
git-svn-id: file:///home/svn/framework3/trunk@14145 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 21:47:27 +00:00
Wei Chen ae9e8b7821 Syntax fix for ruby 1.8
git-svn-id: file:///home/svn/framework3/trunk@14139 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-01 21:48:24 +00:00
Wei Chen d5cee2dedf Apply patch #5411 to allow user-specified path
git-svn-id: file:///home/svn/framework3/trunk@14137 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-01 17:57:11 +00:00
Wei Chen 8750c3aac5 Add feature #4849 (Redis module)
git-svn-id: file:///home/svn/framework3/trunk@14133 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 21:47:15 +00:00
Mario Ceballos d55dc551b6 syntax issue
git-svn-id: file:///home/svn/framework3/trunk@14131 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 20:22:02 +00:00
Tod Beardsley e1ffdfdb18 Fixes #3199, jduck caught the funky behavior of seek and ruby's "ab" and "wb" file mode. See also http://pastie.org/2789573
git-svn-id: file:///home/svn/framework3/trunk@14128 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 19:06:09 +00:00
Wei Chen e14668ece9 Add ColdFusion version scanner - feature #4079
git-svn-id: file:///home/svn/framework3/trunk@14127 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 18:18:11 +00:00
Wei Chen fb56e23197 Apply fix for bug #5516 to correct a possible false positive on Apache Tomcat
(yup, tomcats are tricky like that)


git-svn-id: file:///home/svn/framework3/trunk@14124 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 16:39:03 +00:00
HD Moore 55e6672e6b Revert a well-intentioned but design-violating change
git-svn-id: file:///home/svn/framework3/trunk@14116 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-29 18:40:49 +00:00
Wei Chen 27c41e41f7 spaces/tabs cleanup
git-svn-id: file:///home/svn/framework3/trunk@14115 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-29 17:41:38 +00:00
David Maloney 47cb10c70b Added John the Ripper Linux module
Fixes #5513


git-svn-id: file:///home/svn/framework3/trunk@14114 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-29 17:27:21 +00:00
Tod Beardsley 45d8c91929 Fixes #3199. Note that hex notation (0x41) is okay for OptInt. Ruby integers can be 0x41, 0101, 0b01000001, which are all 65, so dropped that chunk and clarified the option instead of forcing a string and a conversion.
git-svn-id: file:///home/svn/framework3/trunk@14102 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-28 20:58:46 +00:00
Tod Beardsley 467df77a50 Fixes #5170. Enforces a max width, avoids negative widths. Thanks Oliver!
Related to r13769



git-svn-id: file:///home/svn/framework3/trunk@14093 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-27 22:07:41 +00:00
Wei Chen 63a926a6ee Do a report_host() on OS default name. Request #5865
git-svn-id: file:///home/svn/framework3/trunk@14090 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-27 04:50:01 +00:00
Wei Chen c0cca836c1 Ok, last svn propset, I swear
git-svn-id: file:///home/svn/framework3/trunk@14086 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 23:41:24 +00:00
Wei Chen baf9a816d5 damn it, I missed one
git-svn-id: file:///home/svn/framework3/trunk@14085 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 23:40:32 +00:00
Wei Chen 7db499e71e The svn propset police joins the party
git-svn-id: file:///home/svn/framework3/trunk@14084 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 23:38:18 +00:00
Wei Chen 5d8c3e956e Watch out, the style police is in da house
git-svn-id: file:///home/svn/framework3/trunk@14083 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 23:31:12 +00:00
David Maloney 6ba153c9f5 Fix to a typo, thanks Jabra
git-svn-id: file:///home/svn/framework3/trunk@14082 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:44:17 +00:00
David Maloney abf37d7caf Added John the Ripper Unshadow module. See #5437
git-svn-id: file:///home/svn/framework3/trunk@14081 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:40:38 +00:00
David Maloney 1f8e455eaa Added Postgres MD5 Hashcrack module. See #5423
git-svn-id: file:///home/svn/framework3/trunk@14080 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:34:33 +00:00
David Maloney 23e50bf2b4 Added Oracle John the Ripper Module. See #5406
git-svn-id: file:///home/svn/framework3/trunk@14079 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:33:44 +00:00
David Maloney afec4fd928 Added MySQL John the Ripper module. See #5408
git-svn-id: file:///home/svn/framework3/trunk@14078 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:33:12 +00:00
David Maloney 5c565d12fc Added the MS SQL John the Ripper Module see #5407
git-svn-id: file:///home/svn/framework3/trunk@14077 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:32:08 +00:00
Wei Chen dd72e1ce9d Longer timeout. #5851
git-svn-id: file:///home/svn/framework3/trunk@14074 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 19:35:03 +00:00
Wei Chen d98ab06464 This fixes the nil problem with arg. See bug #5848
git-svn-id: file:///home/svn/framework3/trunk@14070 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 20:48:17 +00:00
Wei Chen ab4f9d65c7 Add PATH option. Feature #5412
git-svn-id: file:///home/svn/framework3/trunk@14067 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 18:32:02 +00:00
Wei Chen 82e1b87a21 #5541
git-svn-id: file:///home/svn/framework3/trunk@14064 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 16:43:58 +00:00
Tod Beardsley a5ef33305f Fixes #5609, thanks David!
git-svn-id: file:///home/svn/framework3/trunk@14052 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 21:57:42 +00:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
Wei Chen 14cf0deb29 Add feature #5398
git-svn-id: file:///home/svn/framework3/trunk@14032 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-22 22:20:55 +00:00
Wei Chen 17f518897f Moved from auxiliary/scanner/sap
git-svn-id: file:///home/svn/framework3/trunk@14030 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-22 21:33:53 +00:00
Wei Chen 1e7c197d8e git-svn-id: file:///home/svn/framework3/trunk@14029 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-22 21:32:36 +00:00
Wei Chen a62a236ad0 Add feature #5541
git-svn-id: file:///home/svn/framework3/trunk@14027 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-22 20:03:25 +00:00
Wei Chen 2a3f430c8e SAP ICM URLscan module (Feature #5620) by Chris
git-svn-id: file:///home/svn/framework3/trunk@14026 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-22 08:41:54 +00:00
Wei Chen 389be65dff Attempt number 2 to fix #5579
git-svn-id: file:///home/svn/framework3/trunk@14014 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-20 16:29:15 +00:00
Wei Chen dd2623dba9 For bug #5579
git-svn-id: file:///home/svn/framework3/trunk@14012 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-20 01:07:08 +00:00
Steve Tornio 1f698e09c9 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@14004 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 11:19:59 +00:00
David Rude 4209431355 Follow a consistent naming convention
git-svn-id: file:///home/svn/framework3/trunk@13996 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 20:42:59 +00:00
Wei Chen 973227933b Add CVE-2011-1290 as an aux module
git-svn-id: file:///home/svn/framework3/trunk@13994 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 16:30:28 +00:00
HD Moore 63d3fe2e9c Cosmetic
git-svn-id: file:///home/svn/framework3/trunk@13992 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:57:12 +00:00
Wei Chen 0a661ec227 Add CVE-2011-3305 (#5673)
git-svn-id: file:///home/svn/framework3/trunk@13985 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 04:40:21 +00:00
Wei Chen 975cc52bac Fix spelling errors
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
Tod Beardsley c336d063da Mostly file format (unix linefeeds) and File.open() calls using binary. Fixed ranking for mozilla_nstreerange and disclosure and BID # for tugzip.
git-svn-id: file:///home/svn/framework3/trunk@13971 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 04:20:53 +00:00
Tod Beardsley 30ac88694f More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
Tod Beardsley e9461c766e Msftidy run against a bunch of whitespace violations, a few line too longs.
git-svn-id: file:///home/svn/framework3/trunk@13962 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:42:01 +00:00
Tod Beardsley ea2c9d1a46 Adding missing Id and Rev SVN keywords.
git-svn-id: file:///home/svn/framework3/trunk@13961 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 01:27:28 +00:00
HD Moore cf8524b1b4 Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:53:53 +00:00
Tod Beardsley f0ee05eece Moving dos modules to manual ranking.
git-svn-id: file:///home/svn/framework3/trunk@13940 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:20:04 +00:00
Tod Beardsley c45add4199 Moving an old unnamed Microsoft exploit to the proper named exploit.
git-svn-id: file:///home/svn/framework3/trunk@13939 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:16:13 +00:00
HD Moore 3c73c3c2f8 Pile of small bug fixes for the FTP server and mixin
git-svn-id: file:///home/svn/framework3/trunk@13924 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 23:07:09 +00:00
HD Moore 0ff7f17cba Cosmetic module and service name fixes
git-svn-id: file:///home/svn/framework3/trunk@13917 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 00:52:15 +00:00
Carlos Perez 7ae1bbbb3f typo
git-svn-id: file:///home/svn/framework3/trunk@13904 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 01:49:36 +00:00
Carlos Perez a0c34d1c73 Sets a session platform when using ssh_login
git-svn-id: file:///home/svn/framework3/trunk@13903 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 01:48:42 +00:00
HD Moore cce4aafd9b Tweak the snmp_login code to actually only poll response packets every 10 sent and break out of infinite loop in the case of a target going crazy and continuously replying
git-svn-id: file:///home/svn/framework3/trunk@13891 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 20:14:58 +00:00
Chao Mu 53b807abee Adding the "this file is part of" comment to the top of the module and proper comment formatting
git-svn-id: file:///home/svn/framework3/trunk@13886 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 00:36:55 +00:00
Chao Mu df56110dd9 Fixing $Id so that it is prefaced by a comment.
git-svn-id: file:///home/svn/framework3/trunk@13885 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 00:32:14 +00:00
Chao Mu 667c00161d Remembering to Propset and include $Id: $ this time. Also, switching from BSD_LICENSE to MSF_LICENSE.
git-svn-id: file:///home/svn/framework3/trunk@13884 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 00:30:25 +00:00
HD Moore 558894e100 Test cases don't live in the module directory
git-svn-id: file:///home/svn/framework3/trunk@13871 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-11 15:51:22 +00:00
Chao Mu 9414747945 jruby was barfing on super(a, b, c,), so I changed the syntax and wrote a very simple unit test for rewrite_proxy_bypass.
git-svn-id: file:///home/svn/framework3/trunk@13870 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-11 13:52:39 +00:00
Wei Chen 8f2c87fb5e Add Beckhoff TwinCAT SCADA PLC dos module (Feature #5524)
git-svn-id: file:///home/svn/framework3/trunk@13865 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 23:41:15 +00:00
Chao Mu dcb6de2b58 Fixes #5667 this module scans for reverse proxy servers that exhibit a misconfiguration like the one detailed in www.contextis.com/research/blog/reverseproxybypass/. By default it requests a URI of @... and checks for a 502
git-svn-id: file:///home/svn/framework3/trunk@13864 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 22:34:50 +00:00
Tod Beardsley 568bde7aa4 Fixes #5404
See #5350
See #5246
See #5241
See #5173

Adds password hash dumping as loot for Postgres, MSSQL, MySQL, and several Oracle flavors of RDBMS. Thanks TheLightCosine!



git-svn-id: file:///home/svn/framework3/trunk@13854 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 17:05:01 +00:00
Wei Chen 6ffa61b314 Apply patch for bug #5212
git-svn-id: file:///home/svn/framework3/trunk@13815 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-04 19:10:33 +00:00
Wei Chen 612cdc8c73 No need to check if version is 'unknown' if nothing else (other than default) is assigned to it
git-svn-id: file:///home/svn/framework3/trunk@13799 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-27 19:12:31 +00:00
Wei Chen 8d1763484d Fix metadata format
git-svn-id: file:///home/svn/framework3/trunk@13792 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-26 03:21:37 +00:00