c4b85603d2
Fix encoding, oops.
2015-02-25 22:56:33 -06:00
d486d17302
Add reference to 2014 fix.
2015-02-25 21:04:01 -06:00
a410d2ec25
Add android 4.3 stock browser cookie/password theft.
2015-02-25 21:02:15 -06:00
f24da1b178
Add file checking to printer_delete_file
2015-02-25 18:14:13 -06:00
dc3ba40e5d
Add file checking to printer_upload_file
2015-02-25 18:13:36 -06:00
513d11ce93
Complete replacement of "pathname" with "path"
...
See e8c2c3687d
2015-02-25 15:52:26 -06:00
b3d4fc798f
Add printer_delete_file module
2015-02-25 15:47:53 -06:00
90d179e56f
Add printer_upload_file module
2015-02-25 15:01:01 -06:00
3cf94740e6
Land #4817 , CHECK_TCP option for Lantronix module
2015-02-25 13:16:14 -06:00
d301752a88
Fix whitespace
2015-02-25 13:16:03 -06:00
e2dfdd60c0
Update version range
2015-02-25 19:11:15 +00:00
242d3b8680
Add WP EasyCart privilege escalation module
2015-02-24 21:11:22 +00:00
6feae9524b
Fix up funny indent on description
...
[See #4770 ]
2015-02-24 12:25:48 -06:00
1134b0a6fa
fix dataastore to datastore
2015-02-24 10:34:33 -06:00
f3cad229d3
Fix duplicate hash key "References"
...
In modules/auxiliary/scanner/http/http_login.rb.
2015-02-24 05:19:58 -06:00
8c5ff858d0
Land #4812 , hp_sys_mgmt_login configurable URIs
2015-02-23 19:04:14 -06:00
c9439addf8
fix url
2015-02-23 16:50:58 -06:00
bf103def9e
Add the /ews/ path to enable easy OWA brute force
2015-02-23 14:03:39 -06:00
bcfbcb7eea
Clean up whitespace
2015-02-23 13:15:21 -06:00
c39d6e152e
Land #4819 , Normalize HTTP LoginScanner modules
2015-02-23 11:43:42 -06:00
1b1716bcf6
Fix a handful of bugs that broke this modules. Fixes #4799
2015-02-22 22:01:01 -06:00
9730a1655e
Small cleanups to the LLMR responder module
2015-02-22 22:00:42 -06:00
615d71de6e
Remove extraneous calls to GC.start()
2015-02-22 21:51:33 -06:00
3d82c7755b
add solarwinds module
2015-02-22 15:35:42 -06:00
61bdd58fbe
Fix required flag on options
2015-02-22 16:20:47 +00:00
37a55cce74
Abstracted version comparison code
2015-02-22 16:20:46 +00:00
31cdd757f6
Add WordPress WPLMS privilege escalation module
2015-02-22 16:20:46 +00:00
ea54696d99
Remove redundant params now provided by the mixin helper
2015-02-22 02:32:28 -06:00
8e8a366889
Pass Http::Client parameters into LoginScanner::Http (see #4803 )
2015-02-22 02:26:15 -06:00
c820431879
Land #4770 , Wordpress Ultimate CSV Importer user extract module
2015-02-22 08:52:45 +01:00
2e58a3d1dd
Update credential reporting mechanism
...
Replace :report_auth_info deprecated method with hooks into the
Metasploit Credential based system.
2015-02-22 02:49:54 -05:00
8ace041a23
TCP option for Lantronix Telnet Password Recovery
...
This commit adds a CHECK_TCP option to the Lantronix password
disclosure module. If set to true, a TCP port will be used to
check for the disclosure instead of the default UDP configuration.
2015-02-21 20:22:18 -05:00
f9dbff8a6c
Add store path output
2015-02-21 23:41:26 +00:00
f4e512e0ff
Should be an array
2015-02-20 21:56:49 -06:00
40c237f507
Fix #3982 , allow URIs to be user configurable
...
Fix #3982
2015-02-20 21:54:03 -06:00
c9ddd0dac9
Land #4795 , f5_bigip_cookie_disclosure update
2015-02-20 13:11:42 -06:00
b676f5a07e
Clean up #4795
2015-02-20 13:10:31 -06:00
f6c871a8e5
Deleted spaces at EOL
2015-02-19 05:06:00 -05:00
caabb82975
Fixed indentation errors
2015-02-19 05:02:10 -05:00
2a584da6d9
Added cookie value in print function
2015-02-19 00:43:57 -05:00
ffa6550aec
Land #4787 , HD's new Zabbix and Chef LoginScanners
...
Lands the new LoginScanners HD wrote for Zabbix
and the Chef WebUI
2015-02-18 14:51:16 -06:00
804db0ff0c
add leixcal sorting to methods
...
lexical sort the new methods except for
msf module entrypoint methods which should always be at
the top
2015-02-18 14:50:33 -06:00
35511636cc
Land #4788 , splunk_web_login new version support
2015-02-18 11:54:54 -06:00
cc6899d783
Fix a stack trace on null response, thanks @jlee-r7
2015-02-18 00:38:55 -06:00
f4d8a25981
Add support for newer Splunk versions
2015-02-18 00:30:47 -06:00
2847507f03
Add a chef brute force module
2015-02-17 23:49:57 -06:00
27d5ab45b4
Add a zabbix brute force module
2015-02-17 22:56:08 -06:00
f0e69cb526
Fix two cosmetic typos in the axis/glassfish modules
2015-02-17 21:01:35 -06:00
e0d87a8886
Update to use store_loot for CSV export
2015-02-17 19:21:31 +00:00
fb06cb13cc
Land #4774 , Chromecast HTTP scanner
2015-02-17 13:11:25 -06:00
a8108cfc17
Be less stupid in the description
...
[See #4774 ]
2015-02-17 13:04:26 -06:00
71c5f622ca
Land #4775 , Kindle Fire TV Stick controller
2015-02-17 12:59:54 -06:00
14e764ff5a
Move to http subdirectory
...
After all, the wordpress scanners are all HTTP as well, and not under
some platform specific "wordpress" directory. Lots of other HTTP-ish
devices in there as well.
2015-02-17 12:53:18 -06:00
5e07b01a1f
Fix up description a tiny bit
2015-02-17 12:51:55 -06:00
45b16c92b7
Prefer sleep
...
It's all the same, anyway.
2015-02-17 12:43:14 -06:00
787deb4b23
Change service name to something more appropriate
...
Technically, it's part of DIAL, but we don't want to confuse the user
even more.
2015-02-17 12:41:31 -06:00
e08206d192
Land #4768 , jvazquez-r7 reorganizes the SMB mixins
2015-02-17 10:36:19 -06:00
0597d2defb
Land #4560 , Massive Java RMI update
2015-02-17 10:07:07 -06:00
b4e2a50a6a
Really fix the bug
...
App is so slow. :(
2015-02-17 06:10:32 -06:00
09239b37aa
Fix touchy YouTube app
...
It likes the previous video stopped before playing a new one.
2015-02-17 06:07:58 -06:00
76e3539434
Add Amazon Fire TV YouTube remote control
2015-02-17 05:44:04 -06:00
b3d301e960
Fix annoying double quotes
...
As much as I love them, the use here is inconsistent.
2015-02-17 05:12:28 -06:00
e16614abb9
Program a bit more defensively
...
Even though /setup/eureka_info should always be JSON...
2015-02-17 05:04:26 -06:00
ea4dd023ae
Add SSID to report_service info
2015-02-17 04:46:11 -06:00
e5d6af6b23
Gather info from /setup/eureka_info
...
Looks better with SSID.
2015-02-17 04:37:16 -06:00
b6f83937ef
Add chromecast_webserver scanner
2015-02-17 03:27:48 -06:00
22664e63ca
Increase default timeout
2015-02-16 19:07:55 +00:00
5fba54db99
Add addtional timing options
2015-02-16 19:07:55 +00:00
19cd00e6d5
Fix cookit name split
2015-02-16 23:53:32 +07:00
a44e858bd7
Fixed minor errors in F5 BigIP cookie disclosure module
2015-02-16 01:31:52 -05:00
73bac94fa8
Add Ultimate CSV Importer extract module
2015-02-15 15:27:27 +00:00
0158e94a18
Fix mixin usage
2015-02-13 17:18:51 -06:00
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
fd441d2c5e
Fix #4764 , NameError unitialized constant Net::DNS in shodan_search
2015-02-13 14:40:23 -06:00
19144e143a
Fixed some errors in F5 BigIP cookie disclosure module
2015-02-13 03:29:23 -05:00
29163db7fc
Add CVE reference for ie_uxss_injection
2015-02-12 17:16:59 -06:00
3ae3d56caa
Land #4745 , fixes #4711 , BrowserAutoPwn failing due to getpeername
2015-02-12 16:51:09 -06:00
05d2703a98
Explain why obfuscation is disabled
2015-02-12 14:00:01 -06:00
50c72125a4
::Errno::EINVAL, disable obfuscation, revoke ms14-064
2015-02-12 11:54:01 -06:00
02fe57e2a1
Bump out to April, 60ish days
2015-02-11 12:56:37 -06:00
58b6b7519a
Deprecate server/pxexploit
...
modules/auxiliary/server/pxeexploit.rb
2015-02-11 12:38:38 -06:00
9e717084af
Fix server/pxexploit datastore
2015-02-11 12:19:39 -06:00
b07ef333e9
Fix java_rmi_server include
2015-02-10 12:52:19 -06:00
1e8f98c285
Updated description, credit, and URL
2015-02-10 11:25:13 -06:00
1b89242a75
Add module for R7-2015-02
2015-02-10 11:03:46 -06:00
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
0a42ac947a
Land #4737 , fix Socket Context usages
2015-02-09 17:34:03 -06:00
7ee5fd9b32
Fix lotus_domino to use get_cookies correctly.
2015-02-09 17:29:44 -06:00
b1726fd609
Missing comma
2015-02-07 11:56:22 -06:00
8d982e3286
Pass the framework/module down into LoginScanner
2015-02-07 11:50:30 -06:00
036cb77dd0
Land #4709 , fixed up some datastore mangling
2015-02-05 21:22:38 -06:00
7e649a919c
This version will actually work.
2015-02-05 21:00:54 -06:00
3e0ce4a955
Fix datastore mangling with instance variables
...
See rapid7/metasploit-framework #4709
2015-02-05 20:37:18 -06:00
f8c81e601c
Land #4710 for real.
...
This isn't a proper merge commit. Will need to figure out what I did to
wang up the last landing -- I'm guessing I didn't fetch enough first.
This should fix #4710 .
2015-02-05 17:18:51 -06:00
0a587c9f5a
Land #4710 , really
...
Looks like my publish script ended up rebasing wchen-r7/aux_ie_uxss and
didn't catch the file rename correctly.
Conflicts:
modules/auxiliary/gather/ie_uxss_injection.rb
2015-02-05 17:13:53 -06:00
79e0ddadf6
Rename file again
2015-02-05 17:09:11 -06:00
97aa9f9dd2
Credit @joevennix
2015-02-05 17:09:11 -06:00
7585c625fa
Another update
...
Thanks @joevennix
2015-02-05 17:09:11 -06:00
12aadb3132
Another update
2015-02-05 17:09:10 -06:00
17f2d8048d
Another update
2015-02-05 17:09:10 -06:00
01252078ea
Use store_loot to store coookie
2015-02-05 17:09:10 -06:00
6fd38307e7
An update
2015-02-05 17:09:10 -06:00
727fc51c0b
Don't need this line
2015-02-05 17:09:10 -06:00
4924749b96
Try to make the filename more self explanatory
2015-02-05 17:09:09 -06:00
26af10c3b6
Change public ip option name and store cookie to db
2015-02-05 17:09:09 -06:00
bfa7b61663
Final
2015-02-05 17:09:09 -06:00
b90515ae5d
IE UXSS
2015-02-05 17:09:09 -06:00
d16cc843b2
Correct disclosure date
2015-02-05 15:00:13 -06:00
0955e14dad
Final, really, I think
2015-02-05 14:59:24 -06:00
578423501a
Another update
2015-02-05 13:08:33 -06:00
c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM
2015-02-05 12:36:47 -06:00
562063c4d5
Rename file again
2015-02-05 12:26:17 -06:00
80ebde4fe1
Credit @joevennix
2015-02-05 12:25:38 -06:00
27b8d1057f
Another update
...
Thanks @joevennix
2015-02-05 12:23:32 -06:00
988b54f594
Another update
2015-02-05 12:01:19 -06:00
53134aeb17
Another update
2015-02-05 11:46:38 -06:00
871c8aa8d0
Use store_loot to store coookie
2015-02-05 11:36:35 -06:00
dbe99014f2
An update
2015-02-05 11:29:52 -06:00
08d796c5e3
Don't need this line
2015-02-05 10:53:29 -06:00
d6fe077f79
Try to make the filename more self explanatory
2015-02-05 09:53:38 -06:00
ed6ee27896
Change public ip option name and store cookie to db
2015-02-05 09:48:45 -06:00
75c697c4dc
Final
2015-02-05 04:36:44 -06:00
1ccfb6cb43
IE UXSS
2015-02-05 03:03:28 -06:00
9c1487c944
Fix dns_fuzzer datastore
2015-02-05 02:53:14 -06:00
c22865fb71
Fix nexpose_xxe_file_read datastore
2015-02-05 02:53:00 -06:00
434bca0b27
Land #4613 , auxiliary/server/capture/smb credential creation
2015-02-04 22:45:36 -06:00
c0e1440572
Land #4685 , @FireFart's module for Wordpress Platform Theme RCE
2015-02-03 17:35:59 -06:00
54a5dd69a9
Land #4698 , WP GHOST scanner dead code removal
2015-02-02 16:54:09 -06:00
c8864c93d7
remove unused code
2015-02-02 20:04:10 +01:00
d0cf316758
Land #4659 , @pedrib's ManageEngine directory listing module
2015-02-01 14:19:46 -06:00
128ca47aa7
Fix banner
2015-02-01 14:19:03 -06:00
41232c0f91
Land #4758 , @pedrib's ManageEngine arbitrary file download module
2015-02-01 14:17:04 -06:00
361aaa7551
Fix banner
2015-02-01 14:16:09 -06:00
39a25fc549
Update manageengine_file_download.rb
2015-02-01 10:49:48 +00:00
e9b5aa94c3
Add OSVDB id and full disclosure URL
2015-02-01 10:49:11 +00:00
8740fd9015
Convert #find_all_by_X to #where
2015-01-31 21:07:50 -06:00
2c956c0a0f
add wordpress platform theme rce
2015-01-31 22:02:44 +01:00
11502bad39
Clean code
2015-01-30 15:26:25 -06:00
1916c92e3a
Clean metadata
2015-01-30 15:21:17 -06:00
c9ac56442d
No modify datastore option
2015-01-30 15:05:46 -06:00
bb640b90ef
Refactor login_it360
2015-01-30 15:02:23 -06:00
d4359c4f1c
Rework login_it360 code
2015-01-30 15:00:34 -06:00
efd7a8c962
Land #4670 , dns_amp RA flag fix
2015-01-30 14:46:15 -06:00
c5db13fba9
Do minor style fixes
2015-01-30 14:13:11 -06:00
89f760c94e
Clean metadata
2015-01-30 14:08:55 -06:00
7504358db3
code style and typos
2015-01-30 15:57:32 +01:00
9ce2dd9815
msftidy
2015-01-30 15:41:11 +01:00
a0eaf2f626
add wordpress ghost scanner module
2015-01-30 15:29:51 +01:00
42ef5716e8
Don't test ra flag to get upward referrals/additional RRs
2015-01-30 02:20:24 +01:00
2c05b1ee50
Use QUERYTYPE instead of hardcode ANY type
2015-01-29 22:54:06 +01:00
a806cb401a
Create manageengine_dir_listing.rb
2015-01-28 19:44:48 +00:00
62ac536b7d
Create manageengine_file_download.rb
2015-01-28 19:42:17 +00:00
46210a4963
Fix punctuation
2015-01-26 12:05:54 -06:00
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
c6901caf39
Change module location
2015-01-24 10:14:46 -06:00
23c9d4f0fb
Do final cleanup
2015-01-23 17:54:58 -06:00
05e803f85b
Rewrite get_wifi_info
2015-01-23 17:50:52 -06:00
fe61b274bd
Rewrite get_router_ssid
2015-01-23 17:38:55 -06:00
abe9c85ad6
Rewrite get_router_dhcp_info
2015-01-23 17:37:20 -06:00
70b6f94f14
Rewrite get_router_wan_info
2015-01-23 17:32:20 -06:00
aeed72f726
Rewrite get_router_info
2015-01-23 17:29:12 -06:00
26b17d5556
Clean get_router_mac_filter_info
2015-01-23 17:18:07 -06:00
a63625ab51
Refactor response parsing
2015-01-23 17:09:01 -06:00
c9a13bda2f
Do a first easy clean up
2015-01-23 16:37:55 -06:00
dcf0d7f596
Make msftidy happy
2015-01-23 16:23:21 -06:00
f83b87f611
Rebase #3019
2015-01-23 16:14:01 -06:00
f3a2d6663f
Fix #4616 and Fix #3798 - Correctly use OptRegexp
...
This patch fixes a problem with OptRegexp. The OptRegexp class is
always forcing the value to be converted to a string first, which
causes the EXCLUDE option in browser_autopwn to kick in and match
every found autopwn module, so it ignores all of them and you load
nothing (#4616 ).
It is important to understand that nil actually represents an option
not being set, which is a completely different behavior than having
an empty value (technically "" is still a value, and if there's a
value, it means the option is set). We need to watcher for these
scenarios.
I am restoring the #default method to avoid forcing a to_s, which should
fix the browser autopwn loading problem. And then I changed scraper.rb's
default value for datastore option PATTERN to a string, because still
fixes #3798 . The way I see it, #3798 is actually a module-specific issue.
Fix #4616
Fix #3798
2015-01-23 02:38:26 -06:00
980a010e15
Land #4627 , explicit rubygems require fix
...
And a couple extraneous comma fixes.
2015-01-22 13:49:31 -06:00
bd06b48b30
Extra commas.
2015-01-22 13:45:08 -06:00
2e606cd097
Don't require rubygems
2015-01-22 13:44:58 -06:00
e46395f592
Land #4596 , @pdeardorff-r7's memcached extractor
2015-01-22 08:00:19 -08:00
1cdcd3ccfa
Use a more consistent format in Rex table and loot for memcache
2015-01-22 07:59:48 -08:00
a5e14d5869
Use checkcode status text when not obviously vulnerable, more consistent text
2015-01-20 13:55:48 -08:00
14fc8d4cd0
Only allow 401/403/404
2015-01-20 13:36:06 -08:00
0d4d06fb83
Print table for all scans, add preview size option
2015-01-20 11:12:47 -08:00
f1bf607386
Minor Ruby style cleanup
2015-01-20 08:47:47 -08:00
ef89a3d323
Add protocol reference
2015-01-20 08:34:08 -08:00
9c97824d5c
Move MAXKEYS to advanced
2015-01-20 08:28:49 -08:00
9d430eb1d5
Use the simpler 'version' command to get the version
2015-01-20 08:16:22 -08:00
6588f92206
Move rex connection errors to vprint since this is a Scanner
2015-01-20 08:11:09 -08:00
10100df054
report_service
2015-01-20 08:09:35 -08:00
b0bbce1190
Include peer in most prints
2015-01-20 08:00:02 -08:00
354e952841
fix msftidy warnings
2015-01-18 23:55:57 +01:00
5b964bba6a
Land #4518 , Wordpress long password DoS
2015-01-18 23:55:06 +01:00
6014ff8a31
fix msftidy warnings
2015-01-18 23:54:16 +01:00
84ecde30d1
Land #4586 , mcafee_epo_xxe aux module
2015-01-18 00:50:10 -06:00
57ca285f8a
Fix msftidy warnings
2015-01-18 00:49:52 -06:00
db3185231a
add maxkeys option, dont store loot if localhost and improve streaming
2015-01-17 09:25:32 -08:00
f1bcbb7d78
Merge remote-tracking branch 'live/master' into feature/memcached-module
2015-01-16 09:57:17 -08:00
6a68888712
Land #4590 , jvennix-r7's fix for same-scheme URLs
...
made a trivial string formatting tweak
2015-01-16 09:10:56 -06:00
7ef721bdd6
Might as well format the url all at once.
2015-01-16 09:01:25 -06:00
488847cecc
Split smb_cmd_session_setup into with/without esn
...
Extended Security Negotiation
2015-01-16 07:05:10 -06:00
6b6a7e81c9
Style fixes
2015-01-16 06:39:21 -06:00
273ba54a21
Fix server/capture/smb to use create_credential
2015-01-15 22:39:11 -06:00
1929f36050
Update mcafee_epo_xxe.rb
2015-01-15 16:50:14 -06:00
8c3d4c8d07
Spelling tweak.
2015-01-15 15:19:46 -06:00
d68b62cf21
Make canary value (URI) configurable
2015-01-15 13:12:32 -08:00
35c9a13199
Handle the usage of // (same-scheme) URLs.
2015-01-15 15:09:50 -06:00
2dca18265e
Track and vprint canary value and code
2015-01-15 12:34:53 -08:00
3489ea540e
Make status code checking configurable
2015-01-15 12:22:16 -08:00
4641b02646
Base canary path from TARGET_URI
2015-01-15 12:05:10 -08:00
507050b316
rescue from down memcached server or timeout
2015-01-15 09:51:42 -08:00
0e893cd772
Merge remote-tracking branch 'live/master' into feature/memcached-module
2015-01-15 09:40:21 -08:00
4d2ad8865f
remove debug line
2015-01-15 09:37:51 -08:00
154eb7956c
fix storing of loot and support localhost session
2015-01-15 09:36:15 -08:00
4e4ca15422
Update mcafee_epo_xxe.rb
2015-01-15 11:02:11 -06:00
e53522b64b
Update mcafee_epo_xxe.rb
2015-01-15 10:28:52 -06:00
86d5358299
Update mcafee_epo_xxe.rb
2015-01-15 09:56:02 -06:00
53e1304afb
Update mcafee_epo_xxe.rb
2015-01-14 18:19:27 -06:00
621cada2ac
Undo build_gc_call_data refactoring
2015-01-14 16:47:28 -06:00
1f6defda73
Use more correct check codes
2015-01-14 13:10:35 -08:00
1ed07bac32
Update mcafee_epo_xxe.rb
2015-01-14 11:01:14 -06:00
794bb65817
Create mcafee_epo_xxe.rb
2015-01-14 10:54:58 -06:00
b7eb4d24aa
Squash another rogue 5009
2015-01-13 10:36:43 -08:00
69f03f5c5d
Move ACPP default port into Rex
2015-01-12 19:43:57 -08:00
01a9fb1483
Spelling
2015-01-12 19:29:41 -08:00
a076a9ab89
report_vuln
2015-01-12 19:23:08 -08:00
d5cdfe73ed
Big style cleanup
2015-01-12 19:11:14 -08:00
9721993b8f
Allow blank password, remote more unused opts, print private
2015-01-12 18:43:54 -08:00
99cf668441
add memcached extractor module
2015-01-12 16:40:06 -08:00
44059a6e34
Disable more unused options
2015-01-12 14:15:40 -08:00
ec506af8ea
Make ACPP login work
2015-01-12 14:01:23 -08:00
e9557ffe58
Simplify module in prep for some authbrute cleanups
2015-01-12 13:08:12 -08:00
97f5cbdf08
Add initial Airport ACPP login scanner
2015-01-12 13:08:12 -08:00
9e76e0b0d8
Simplify. Document. Handle edge cases
...
Simplify detection logic.
Document testing method better
Ensure that body doesn't include canary cookie name too
Use full_uri in prints when possible
2015-01-12 11:40:17 -08:00
d4843f46ed
Make auth checking optional and off by default
2015-01-11 12:15:57 -08:00
9491e4c977
Use send_request_raw; set realistic (and often necessary) Referer
2015-01-11 12:10:40 -08:00
05d364180b
Beautify descriptions
2015-01-10 01:10:08 -06:00
a2d479a894
Refactor run method
2015-01-10 01:06:56 -06:00
cf9d7d583e
Do first code cleanup
2015-01-10 00:51:31 -06:00
000d7dd1eb
Minor beautification
2015-01-10 00:32:10 -06:00
1d0e9a2dca
Use snake_case filename
2015-01-10 00:29:28 -06:00
070e833d46
Use snake_case filename
2015-01-10 00:28:01 -06:00
59d602f37d
Refactor cisco_cucdm_callforward
2015-01-10 00:27:31 -06:00
511a7f8cca
send_request_cgi already URI encodes
2015-01-10 00:06:26 -06:00
5d8167dca6
Beautify description
2015-01-10 00:02:42 -06:00
9fb4cfb442
Do First callforward cleanup
2015-01-10 00:00:27 -06:00
f7af0d9cf0
Test landing #4065 into up to date branch
2015-01-09 23:40:16 -06:00
bedbffa377
Land #3700 , @ringt fix for oracle_login
...
* Avoid retrying logins when connection cannot be stablished
2015-01-09 22:59:32 -06:00
38c36b49fb
Report when nothing is rescued
2015-01-09 22:58:19 -06:00
b1ca1cc110
Add back TARGETURI because Exploit::Remote::HttpClient doesn't define one (...)
2015-01-09 13:20:18 -08:00
831ba8b470
Improve (mis)Fortune Cookie (CVE-2014-9222) scanner
2015-01-09 12:58:35 -08:00
ca765e2cc5
Refactor client mixin
2015-01-08 15:46:24 -06:00
3debcef00b
Fix call from aux module
2015-01-08 14:24:27 -06:00
c205ef28d4
Refactor build_gc_call
2015-01-08 14:01:04 -06:00
73e3cd19c3
Convert java_rmi_server aux mod to use new mixin
2015-01-08 00:29:50 -06:00
d59805568e
Do first module refactoring try
2015-01-07 19:06:09 -06:00
da2e088118
Land #4536 , Ruby 2.2 compat fixes
...
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
2015-01-07 15:33:23 -06:00
df70678762
tell suer KoreLogic rules have been applied
...
make sure to rpovide console feedback that we are
actually applying the KoreLogic rules to wordlist mode
2015-01-07 12:36:07 -06:00
4ad7021336
give user option to turn on KoreLogic rules
...
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
a5f48b23df
Add use of Msf::ThreadManager
2015-01-07 17:27:06 +00:00
e90e98547b
Add configurable timeout to WordPress login
2015-01-07 17:06:31 +00:00
8c23e8c2e8
ruby 2.2 compatibility
...
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
0bece137c1
Land #4494 , Object.class.to_s fix
2015-01-06 02:27:35 -06:00
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module
2015-01-05 10:31:28 -06:00
e7affb9048
Land #4493 , @pedrib's module for ManageEngine Central Desktop create admin
2015-01-04 23:46:31 -06:00
c5e72fb324
Change module filename
2015-01-04 23:14:12 -06:00
4798f2328d
Change module filename
2015-01-04 23:13:17 -06:00
6bb3171328
Do minor cleanup
2015-01-04 23:12:42 -06:00
711b97ecc5
Beautify metadata
2015-01-04 23:08:46 -06:00
92015ac124
Replace custom login with wordpress_login mixin
2015-01-04 23:07:07 +00:00
39412c4a48
Add WordPress long password DoS module
2015-01-04 18:50:23 +00:00
32d4bf03c3
Add OSVDB id and full disclosure URL
2015-01-04 12:36:51 +00:00
264d3f9faa
Minor grammar fixes on modules
2014-12-31 11:45:14 -06:00
4f11dc009a
fixes #4490 , class.to_s should not be used for checks
2014-12-31 10:46:24 +01:00
e81e68bdaf
Create me_dc9_admin.rb
2014-12-31 02:02:52 +00:00
555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support)
2014-12-29 16:09:28 -06:00
f2130311fa
Add the MSF blog reference
2014-12-29 16:08:35 -06:00
1dd9d60e34
Land #4461 , Android cookie database theft
...
`
Thanks @jvennix-r7!
2014-12-29 08:15:21 -06:00
d10222365b
Add Rafay's blog as a reference
2014-12-29 08:12:19 -06:00
1236684954
Use get_uri instead, note lack of Rex::Text method
...
See rapid7#4461
2014-12-28 15:06:34 -06:00
788e315fd4
Fix msftidy warnings
2014-12-28 14:53:29 -06:00
85ab11cf52
Use print_warning consistently
2014-12-26 09:54:38 -06:00
f31a2e070e
Use print_warning to print the Kerberos error
2014-12-26 09:22:09 -06:00
d148848d31
Support Kerberos error codes
2014-12-24 18:05:48 -06:00
89d0a0de8d
Delete unnecessary connect
2014-12-23 19:35:59 -06:00
265e0a7744
Upper case domain
2014-12-23 19:16:50 -06:00
ed2d0cd07b
Use USER_SID instead of DOMAIN_SID and USER_RID
2014-12-23 19:11:05 -06:00
8d73794cc8
Add hint for exploit on old devices.
2014-12-23 12:29:08 -06:00
708cbd7b65
Allow to provide USER SID
2014-12-22 18:24:50 -06:00
56eadc0d55
Delete default values from options
2014-12-22 18:11:43 -06:00
787dab998d
Fix description
2014-12-22 17:51:44 -06:00
a7faf798bf
Use explicit encryption algorithms
2014-12-22 15:51:17 -06:00
f37cf555bb
Use random subkey
2014-12-22 15:39:08 -06:00
b0a178e0a3
Delete blank line
2014-12-22 14:40:32 -06:00
5a6c915123
Clean options
2014-12-22 14:37:37 -06:00
20ab14d7a3
Clean module code
2014-12-22 14:29:02 -06:00
dabc890b2f
Change module filename again
2014-12-22 12:35:15 -06:00
2b46bdd929
Add references and authors
2014-12-22 12:34:31 -06:00
4319dbaaef
Change module filename
2014-12-22 12:29:28 -06:00
60d4525632
Add specs for Msf::Kerberos::Client::Pac
2014-12-21 17:49:36 -06:00
9f1403a63e
Add initial specs for Msf::Kerberos::Client::TgsResponse
2014-12-20 20:29:00 -06:00
b0ac68fbc3
Create build_subkey method
2014-12-19 19:46:57 -06:00
4a106089b9
Move options to build_tgs_request_body
2014-12-19 19:12:17 -06:00
e6781fcbea
Build AuthorizationData from the module
2014-12-19 18:59:39 -06:00
9bd454d288
Build PAC extensions from the module
2014-12-19 18:47:41 -06:00
def1695e80
Use options by call
2014-12-19 18:23:11 -06:00
f332860c19
Clean creation of client and server principal names
2014-12-19 18:16:22 -06:00
bd85723a9d
Build pre auth array out of the mixin
2014-12-19 18:10:14 -06:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
d058bd5259
Refact extraction of kerberos cache credentials
2014-12-19 15:53:24 -06:00
fffa8cfdd1
Lands #4426 by cleaning up the module description
2014-12-19 14:54:17 -06:00
fad08d7fca
Add specs for Rex Kerberos client
2014-12-19 12:14:33 -06:00
e45af903d9
Add patch discovery date.
2014-12-19 12:04:41 -06:00
25313b1712
Use the hash to pass the script.
2014-12-19 02:30:37 -06:00
8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222
2014-12-18 17:21:26 -08:00
f325d2f60e
Add support for cache credentials in the mixin
2014-12-18 16:31:46 -06:00
c15bad44a6
Be clearer on backslash usage.
...
See #4282
2014-12-18 16:16:02 -06:00
9a58617387
Add dummy test module
2014-12-17 19:57:10 -06:00
6b0a98b69c
Resolve #4408 - bad uncaught nil get_once
2014-12-17 14:02:42 -06:00
84ea628284
Add Android cookie theft attack.
2014-12-16 19:12:01 -06:00
f6af86a06d
Land #4402 , ms12_020_check NilClass fix
2014-12-16 15:34:25 -06:00
2604746fb7
Land #4361 , Kippo detector
2014-12-15 14:54:48 -06:00
8394cc13a8
Perform final cleanup of detect_kippo
2014-12-15 14:38:38 -06:00
c611249723
Take full advantage of the check command
2014-12-15 12:50:59 -06:00
9edb2b4fab
Fix #4378 - Do exception handling
...
Fix #4378
2014-12-15 12:37:36 -06:00
eb47ca593e
update desc to include domain admin information
2014-12-13 13:01:41 -06:00
2e94280cba
mv bmc to scanner/http
2014-12-13 12:58:16 -06:00
8c6b95c39c
Merge branch 'landing-4359' of https://github.com/jhart-r7/metasploit-framework into bmc_trackit
2014-12-13 11:37:57 -06:00
cd1e61a201
Merge branch 'master' into bmc_trackit
2014-12-13 11:36:30 -06:00
8dd5da9d64
added blog post reference
2014-12-12 18:53:26 -08:00
f676b72767
Add Kademlia scanner, lands #4210
2014-12-12 16:40:58 -06:00
338cce02c9
Downcase the service name for consistency
2014-12-12 16:40:42 -06:00
f5374d1552
Added report_service method for database support, added port number in the print_status output, removed arbitrary comments, fixed some spacing. Ready for another review from msf devs
2014-12-12 11:57:35 -08:00
c683e7bc67
Fix banner
2014-12-12 13:01:51 -06:00
b1f7682713
Make msftidy happy
2014-12-12 12:59:00 -06:00
493034ad10
Land #3305 , @claudijd Cisco SSL VPN Privilege Escalation exploit
2014-12-12 12:57:00 -06:00
047bc3d752
Make msftidi happy
2014-12-12 12:49:12 -06:00
a1876ce6fc
Land #4282 , @pedrib's module for CVE-2014-5445, NetFlow Analyzer arbitrary download
2014-12-12 12:47:50 -06:00
a0b181b698
Land #4335 , @us3r777 JBoss DeploymentFileRepository aux module
2014-12-12 10:40:03 -06:00
3059cafbcb
Do minor cleanup
2014-12-12 10:37:50 -06:00
751bc7a366
Revert "Move to a more appropriate location"
...
This reverts commit 6c82529266
2014-12-12 07:42:22 -08:00
6c82529266
Move to a more appropriate location
2014-12-12 07:40:37 -08:00
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
65b316cd8c
Land #4372
2014-12-11 18:48:16 -08:00
3c2a33a316
Allow new password to be specified as an option
2014-12-11 17:26:42 -08:00
a013dbf536
Correct and add more prints
2014-12-11 17:16:43 -08:00
48dcfd9809
Use random security Q/A
2014-12-11 17:10:33 -08:00
f208f31a33
Use correct username/domain in report_vuln
...
It would be nice if 'vulns' showed this
2014-12-11 16:59:21 -08:00
70fce0bb33
Report the changed password
2014-12-11 16:56:22 -08:00
f64a3be742
Avoid death by a thousand functions
2014-12-11 16:53:36 -08:00
0627f708a2
Better handling of failed requests
2014-12-11 16:51:41 -08:00
f2bda05d42
Correct last of the print_
2014-12-11 16:28:08 -08:00
9486f67fbc
report_vuln upon exploitation with more specific details
2014-12-11 16:28:08 -08:00
37d0959fd6
Include info in report_vuln. More style
2014-12-11 16:28:08 -08:00
cfb02fe909
Add check support
2014-12-11 16:28:07 -08:00
44818ba623
Minor style and usage updates as a result of Scanner
2014-12-11 16:28:07 -08:00
0a29326ce7
Mixin Scanner. Yay speed!
2014-12-11 16:28:07 -08:00
c9acd7a233
Remove unnecessary RPORT, which comes from HttpClient
2014-12-11 16:28:07 -08:00
joev
William Vu
rastating
Tod Beardsley
Brandon Perry
HD Moore
sinn3r
Christian Mehlmauer
RageLtMan
dnkolegov
David Maloney
Brent Cook
Meatballs
Nikita Oleksov
jvazquez-r7
Pedro Ribeiro
Christian Catalan
Guillaume Delacour
Jon Hart
pdeardorff-r7
James Lee
Joe Vennix
dmooray
Andrew Morris